P. 1
ALGORITHMS DESIGN TECHNIQUES AND ANALYSIS

# ALGORITHMS DESIGN TECHNIQUES AND ANALYSIS

|Views: 9,685|Likes:

### Availability:

See more
See less

05/05/2013

pdf

text

original

In this section, we study a well-known Monte Carlo algorithm for testing
whether a given positive integer n is prime. The obvious method of repeat-
edly dividing by the numbers from 2 to √n is extremely ineﬃcient, as it
leads to exponential time complexity in the input size (see Example 1.16).
This method is appropriate only for small numbers, and its only advantage
is that it outputs a divisor of n if it is composite. It turns out that factoring
an integer is a much harder problem than merely testing whether it is prime
or composite.

In primality tests, we use the idea of ﬁnding a “witness”, which is a
proof that a number is composite. Obviously, ﬁnding a divisor of n is a
proof that it is composite. However, such witnesses are very rare. Indeed,
if we take a number n that is fairly large, the number of its prime divisors
is very small compared to the number of integers between 1 and n. It is
well-known that if n < 2k

, then, except when k is very small, the number
of distinct primes that divide n is less than π(k) ≈ k/lnk.
This motivates the search for another type of witness. Before discussing
the alternate witness, we will dispose of an algorithm for an operation that
will be used throughout this section. Let a,m and n be positive integers

Primality Testing

385

withm ≤ n. We need the operation of raisingato themth power and reduc-
ing the result modulo n. Algorithm expmod below computes am

(mod n).
It is similar to the exponentiation algorithm presented in Sec. 5.4. Notice
that we reduce modulo n after each squaring or multiplication rather than
ﬁrst computing am

and reducing modulo n once at the end. A call to this

algorithm is of the form expmod(a,m,n).

Algorithm 14.6 expmod

Input: Positive integers a,m and n with m ≤ n.

Output: am

(mod n).

1. Let the binary digits of m be bk,bk−1,...,b0.
2. c←1
3. for j←k downto 0
4. c←c2

(mod n)
5. if bj = 1 then c←ac (mod n)
6. end for
7. return c

It is easy to see that the running time of Algorithm expmod is
Θ(logm) = O(logn), if we want to charge one unit of time per one multipli-
cation. However, since we are dealing here with arbitrarily large integers,
we will count the exact number of bit multiplications performed by the al-
gorithm. If we use the obvious way of multiplying two integers, then each
multiplication costs O(log2

n). Thus, the overall running time of Algorithm

expmod is O(log3

n).
Now, we present a series of primality tests all of which are based on

Fermat’s theorem:

Theorem 14.2 If n is prime, then for all a ≡ 0 (mod n) we have

an−1

≡ 1 (mod n).

Consider Algorithm ptest1. By Fermat’s theorem, if Algorithm

ptest1 returns composite, then we are sure that n is composite. The
ancient Chinese conjectured that a natural number n must be prime if it
satisﬁes the congruence 2n

≡ 2 (mod n). The question remained open until

1819, when Sarrus showed that 2340

≡ 1 (mod 341), and yet 341 = 11×31
is composite. Some other composite numbers that satisfy the congruence

386

Randomized Algorithms

2n−1

≡ 1 (mod n) are 561, 645, 1105, 1387, 1729 and 1905. Thus, if Algo-
rithm ptest1 returns prime, then n may or may not be prime.

Algorithm 14.7 ptest1

Input: A positive odd integer n ≥ 5.

Output: prime if n is prime; otherwise composite.

1. if expmod(2,n−1,n) ≡ 1 (mod n) then return prime {probably}
2. else return composite {deﬁnitely}

Surprisingly, this simple test gives an erroneous result very rarely. For
example, for all composite numbers between 4 and 2000, the algorithm
returns prime only for the numbers 341, 561, 645, 1105, 1387, 1729 and
1905. Moreover, there are only 78 values of n less than 100,000 for which
the test errs, the largest of which is 93961 = 7×31×433.

It turns out, however, that for many composite numbers n, there exist
integers a for which an−1

≡ 1 (mod n). In other words, the converse of
Fermat’s theorem is not true (we have already proven this for a = 2).
Indeed, there are composite integers n known as Carmichael numbers that
satisfy Fermat’s theorem for all positive integers a that are relatively prime
to n. The smallest Carmichael numbers are 561 = 3 × 11 × 17, 1105 =
5 × 13 × 17, 1729 = 7 × 13 × 19 and 2465 = 5 × 17 × 29. Carmichael
numbers are very rare; there are, for example, only 255 of them less than
108

. When a composite number n satisﬁes Fermat’s theorem relative to
base a, n is called a base-a pseudoprime. Thus, Algorithm ptest1 returns

prime whenever n is prime or base-2 pseudoprime.

One way to improve on the performance of Algorithm ptest1 is to
choose the base randomly between 2 and n − 2. This yields Algorithm

ptest2.

As in Algorithm ptest1, Algorithm ptest2 errs only if n is a base-

a pseudoprime. For example, 91 = 7 × 13 is base-3 pseudoprime since
390

≡ 1 (mod 91).
Let Z∗n be the set of positive integers less than n that are relatively
prime to n. It is well-known that Z∗n forms a group under the operation of
multiplication modulo n. Deﬁne

Fn = {a ∈ Z∗

n | an−1

≡ 1 (mod n)}.

Primality Testing

387

Algorithm 14.8 ptest2

Input: A positive odd integer n ≥ 5.

Output: prime if n is prime; otherwise composite.

1. a←random(2,n−2)
2. if expmod(a,n−1,n) ≡ 1 (mod n) then return prime {probably}
3. else return composite {deﬁnitely}

If n is prime or a Carmichael number, then Fn = Z∗n. So, suppose n is not a
Carmichael number or a prime number. Then, Fn = Z∗n. It is easy to verify
that Fn under the operation of multiplication modulo n forms a group that
is a proper subgroup of Z∗n. Consequently, the order of Fn divides the order
of Z∗n, that is, |Fn| divides |Z∗n|. It follows that the number of elements in

Fn is at most half the number of elements in Z∗n. This proves the following
lemma:

Lemma 14.1 If n is not a Carmichael number, then Algorithm ptest2
will detect the compositeness of n with probability at least 1/2.

Unfortunately, it has recently been shown that there are, in fact, in-
ﬁnitely many Carmichael numbers. In the remainder of this section, we
describe a more powerful randomized primality test algorithm that circum-
vents the diﬃculty that arises as a result of the existence of inﬁnitely many
Carmichael numbers. The algorithm has the property that if n is com-
posite, then the probability that this is discovered is at least 1

2. In other

words, the probability that it will err is at most 1

2. Thus, by repeating the

test k times, the probability that it will err is at most 2−k

. The algorithm,
which we will call ptest3, is based on the following reasoning. Let n ≥ 5
be an odd prime. Write n−1 = 2q

m (q ≥ 1 since n−1 is even). Then, by

Fermat’s theorem, the sequence

am

(mod n),a2m

(mod n),a4m

(mod n),...,a2q

m

(mod n)

must end with 1, and the value just preceding the ﬁrst appearance of 1 will
be n−1. This is because the only solutions to x2

≡ 1 (mod n) are x = ±1
when n is prime, since in this case Z∗n is a ﬁeld. This reasoning leads to
Algorithm ptest3.

388

Randomized Algorithms

Algorithm 14.9 ptest3

Input: A positive odd integer n ≥ 5.

Output: prime if n is prime; otherwise composite.

1. q←0; m←n−1
2. repeat {ﬁnd q and m}
3. m←m/2
4. q←q + 1
5. until m is odd
6. a←random(2,n−2)
7. x←expmod(a,m,n)
8. if x = 1 then return prime {probably}
9. for j←0 to q−1
10. if x ≡ −1 (mod n) then return prime {probably}
11. x←x2

(mod n)

12. end for
13. return composite {deﬁnitely}

Theorem 14.3 If Algorithmptest3returns “composite”, then n is com-
posite.

Proof. Suppose that Algorithm ptest3 returns “composite”, but n is an
odd prime. We claim that a2j

m

≡ 1 (mod n) for j = q,q−1,...,0. If so,

then setting j = 0 yields am

≡ 1 (mod n), which means that the algorithm
must have returned “prime” by Step 8, a contradiction to the outcome of
the algorithm. This contradiction establishes the theorem. Now, we prove
our claim. By Fermat’s theorem, since n is prime, the statement is true for

j = q. Suppose it is true for some j, 1 ≤ j ≤ q. Then it is also true for

j −1 also because

(a2j−1

m

)2

= a2j

m

≡ 1 (mod n)

implies that the quantity being squared is ±1. Indeed, the equation x2

= 1
in Z∗n has only the solution x = ±1, since in this case Z∗n is a ﬁeld. But −1
is ruled out by the outcome of the algorithm since it must have executed
Step 13. Consequently, a2j−1

m

= 1. This completes the proof of the claim.

It follows that n is composite.

Note that the contrapositive statement of the above theorem is: If n
is prime, then Algorithm ptest3 returns “prime”, which means that the
algorithm will never err if n is prime.

Primality Testing

389

Obviously, Algorithm ptest3 is as good as Algorithm ptest2 in deal-
ing with non-Carmichael numbers. It can be shown, although we will not
pursue it here, that the probability that Algorithm ptest3 errs when pre-
sented with a Carmichael number is at most 1/2. So, the probability that
it will err on any composite number is at most 1/2. Thus, by repeating
the test k times, the probability that it will err is at most 2−k

. If we set

k = logn , the probability of failure becomes 2− logn ≤ 1/n. In other
words, the algorithm will give the correct answer with probability at least
1−1/n, which is negligible when n is suﬃciently large. This results in our
ﬁnal algorithm, which we will call primalitytest.

Algorithm 14.10 primalitytest

Input: A positive odd integer n ≥ 5.

Output: prime if n is prime; otherwise composite.

1. q←0; m←n−1; k← logn
2. repeat {ﬁnd q and m}
3. m←m/2
4. q←q + 1
5. until m is odd
6. for i←1 to k
7. a←random(2,n−2)
8. x←expmod(a,m,n)
9. if x = 1 then return prime {probably}
10. for j←0 to q−1
11.

if x ≡ −1 (mod n) then return prime {probably}

12.

x←x2

(mod n)

13. end for
14. end for
15. return composite {deﬁnitely}

We compute the running time of Algorithm primalitytest as follows
(assuming that a random integer can be generated in O(1) time). The
repeat loop costs O(logn) time. We have shown before that the cost of
Step 8 is Θ(log3

n). The number of squarings in the inner for loop is

O(logn), and each costs O(log2

n) for a total of O(log3

n) time. Since
this is repeated k = logn times, the time complexity of the algorithm is

O(log4

n). The following theorem summarizes the main result.

Theorem 14.4 In time O(log4

n), Algorithm primalitytest behaves

as follows when presented with an odd integer n ≥ 5:

390

Randomized Algorithms

(1) If n is prime, then it outputs prime.
(2) If n is composite, then it outputs composite with probability at
least 1−1/n.

scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->