Is n a Prime Number?

Manindra Agrawal
IIT Kanpur

March 27, 2006, Delft

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

1 / 47

Overview
1

The Problem Two Simple, and Slow, Methods Modern Methods Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes

2

3

4

5

6

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

2 / 47

Outline
1

The Problem
Two Simple, and Slow, Methods Modern Methods Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes

2

3

4

5

6

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

3 / 47

The Problem Given a number n. Delft 4 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Easy: try dividing by all numbers less than n. decide if it is prime.

Easy: try dividing by all numbers less than n. decide if it is prime. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.The Problem Given a number n. Delft 4 / 47 .

Delft 5 / 47 .The Problem Given a number n. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Not so easy: several non-obvious methods have been found. decide if it is prime efficiently.

Delft 5 / 47 . Not so easy: several non-obvious methods have been found. decide if it is prime efficiently. 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.The Problem Given a number n.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Efficiently Solving a Problem There should exist an algorithm for solving the problem taking a polynomial in input size number of steps. For our problem. this means an algorithm taking logO(1) n steps. 2006. Caveat: An algorithm taking log12 n steps would be slower than an algorithm taking loglog log log n n steps for all practical values of n! Notation: log is logarithm base 2. O˜(logc n) stands for O(logc n log logO(1) n). Delft 6 / 47 .

O˜(logc n) stands for O(logc n log logO(1) n). For our problem. Delft 6 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Caveat: An algorithm taking log12 n steps would be slower than an algorithm taking loglog log log n n steps for all practical values of n! Notation: log is logarithm base 2. 2006. this means an algorithm taking logO(1) n steps.Efficiently Solving a Problem There should exist an algorithm for solving the problem taking a polynomial in input size number of steps.

O˜(logc n) stands for O(logc n log logO(1) n). Delft 6 / 47 . Caveat: An algorithm taking log12 n steps would be slower than an algorithm taking loglog log log n n steps for all practical values of n! Notation: log is logarithm base 2. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. this means an algorithm taking logO(1) n steps.Efficiently Solving a Problem There should exist an algorithm for solving the problem taking a polynomial in input size number of steps. For our problem.

this means an algorithm taking logO(1) n steps. Delft 6 / 47 .Efficiently Solving a Problem There should exist an algorithm for solving the problem taking a polynomial in input size number of steps. For our problem. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. O˜(logc n) stands for O(logc n log logO(1) n). Caveat: An algorithm taking log12 n steps would be slower than an algorithm taking loglog log log n n steps for all practical values of n! Notation: log is logarithm base 2. 2006.

Outline 1 The Problem 2 Two Simple. Methods Modern Methods Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes 3 4 5 6 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. and Slow. Delft 7 / 47 . 2006.

1 2 List all numbers from 2 to n in a sequence. If n is uncrossed when the smallest uncrossed number is greater than √ n then n is prime otherwise composite. 2006. Delft 8 / 47 .The Sieve of Eratosthenes Proposed by Eratosthenes (ca. Take the smallest uncrossed number from the sequence and cross out all its multiples. 3 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 300 BCE).

Delft 9 / 47 . √ n numbers before Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. algorithm crosses out all the first giving the answer. √ So the number of steps needed is Ω( n). 2006.Time Complexity If n is prime.

2006. √ So the number of steps needed is Ω( n). Delft 9 / 47 . algorithm crosses out all the first giving the answer.Time Complexity If n is prime. √ n numbers before Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

2006.Wilson’s Theorem Based on Wilson’s theorem (1770). Computing (n − 1)! (mod n) na¨ ıvely requires Ω(n) steps. Theorem n is prime iff (n − 1)! = −1 (mod n). No significantly better method is known! Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 10 / 47 .

No significantly better method is known! Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Computing (n − 1)! (mod n) na¨ ıvely requires Ω(n) steps. Theorem n is prime iff (n − 1)! = −1 (mod n).Wilson’s Theorem Based on Wilson’s theorem (1770). Delft 10 / 47 .

Delft 11 / 47 .Outline 1 The Problem Two Simple. and Slow. Methods 2 3 Modern Methods Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes 4 5 6 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Identify a finite group G related to number n. 2006. Design an efficienty testable property P(·) of the elements G such that P(e) has different values depending on whether n is prime. Delft 12 / 47 .Fundamental Idea Nearly all the efficient algorithms for the problem use the following idea. The element e is either from a small set (in deterministic algorithms) or a random element of G (in randomized algorithms).

Delft 12 / 47 .Fundamental Idea Nearly all the efficient algorithms for the problem use the following idea. 2006. Identify a finite group G related to number n. The element e is either from a small set (in deterministic algorithms) or a random element of G (in randomized algorithms). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Design an efficienty testable property P(·) of the elements G such that P(e) has different values depending on whether n is prime.

Identify a finite group G related to number n. Delft 12 / 47 . Design an efficienty testable property P(·) of the elements G such that P(e) has different values depending on whether n is prime. The element e is either from a small set (in deterministic algorithms) or a random element of G (in randomized algorithms).Fundamental Idea Nearly all the efficient algorithms for the problem use the following idea. 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Identify a finite group G related to number n. The element e is either from a small set (in deterministic algorithms) or a random element of G (in randomized algorithms). 2006. Delft 12 / 47 .Fundamental Idea Nearly all the efficient algorithms for the problem use the following idea. Design an efficienty testable property P(·) of the elements G such that P(e) has different values depending on whether n is prime.

2006.Groups and Properties The group G is often: ∗ ∗ A subgroup of Zn or Zn [ζ] for an extension ring Zn [ζ]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. A subgroup of E (Zn ). The properties vary. but are from two broad themes. Delft 13 / 47 . the set of points on an elliptic curve modulo n.

the set of points on an elliptic curve modulo n. but are from two broad themes. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Delft 13 / 47 . A subgroup of E (Zn ).Groups and Properties The group G is often: ∗ ∗ A subgroup of Zn or Zn [ζ] for an extension ring Zn [ζ]. The properties vary.

2006. The properties vary.Groups and Properties The group G is often: ∗ ∗ A subgroup of Zn or Zn [ζ] for an extension ring Zn [ζ]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 13 / 47 . A subgroup of E (Zn ). but are from two broad themes. the set of points on an elliptic curve modulo n.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Use the knowledge of this factorization to design a suitable property. 2006. or partial.Theme I: Factorization of Group Size Compute a complete. Delft 14 / 47 . factorization of the size of G assuming that n is prime.

factorization of the size of G assuming that n is prime. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Use the knowledge of this factorization to design a suitable property.Theme I: Factorization of Group Size Compute a complete. or partial. Delft 14 / 47 .

So try to extend this property to a neccessary and sufficient condition. ∗ Group G = Zn and property P is P(e) ≡ e n = e in G . e n = e (mod n).Theme II: Fermat’s Little Theorem Theorem (Fermat. 1660s) If n is prime then for every e. 2006. Delft 15 / 47 . This property of Zn is not a sufficient test for primality of n. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Theme II: Fermat’s Little Theorem Theorem (Fermat. This property of Zn is not a sufficient test for primality of n. So try to extend this property to a neccessary and sufficient condition. Delft 15 / 47 . ∗ Group G = Zn and property P is P(e) ≡ e n = e in G . e n = e (mod n). 1660s) If n is prime then for every e. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.

2006. and Slow. Delft 16 / 47 . Methods Modern Methods 2 3 4 Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes 5 6 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Outline 1 The Problem Two Simple.

2006. Delft 17 / 47 . The test will be efficient only for numbers n such that n − 1 is smooth. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. n is prime iff there is = 1 and gcd(e n−1 pi an e ∈ Zn such that 1 ≤ i ≤ t. 1891) Let n − 1 = di t i=1 pi where pi ’s are distinct primes. Lucas.Lucas Theorem Theorem (E. ∗ We can choose G = Zn and P to be the property above. e n−1 − 1. n) = 1 for every The theorem also holds for a random choice of e.

Lucas Theorem Theorem (E. n is prime iff there is = 1 and gcd(e n−1 pi an e ∈ Zn such that 1 ≤ i ≤ t. The test will be efficient only for numbers n such that n − 1 is smooth. e n−1 − 1. 2006. ∗ We can choose G = Zn and P to be the property above. n) = 1 for every The theorem also holds for a random choice of e. Delft 17 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Lucas. 1891) Let n − 1 = di t i=1 pi where pi ’s are distinct primes.

n) = 1 for every The theorem also holds for a random choice of e. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. ∗ We can choose G = Zn and P to be the property above. Lucas. 1891) Let n − 1 = di t i=1 pi where pi ’s are distinct primes. Delft 17 / 47 . n is prime iff there is = 1 and gcd(e n−1 pi an e ∈ Zn such that 1 ≤ i ≤ t. 2006. The test will be efficient only for numbers n such that n − 1 is smooth.Lucas Theorem Theorem (E. e n−1 − 1.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. The property needs to be tested only for e = 2 + √ 3. Works only for special Mersenne primes of the form n = 2p − 1. p prime. √ n+1 The property P is: P(e) ≡ e 2 = −1 in Zn [ 3]. For such n’s.Lucas-Lehmer Test √ ∗ G is a subgroup of Zn [ 3] containing elements of order n + 1. Delft 18 / 47 . 2006. n + 1 = 2p .

The property needs to be tested only for e = 2 + √ 3. Delft 18 / 47 . Works only for special Mersenne primes of the form n = 2p − 1. n + 1 = 2p .Lucas-Lehmer Test √ ∗ G is a subgroup of Zn [ 3] containing elements of order n + 1. 2006. √ n+1 The property P is: P(e) ≡ e 2 = −1 in Zn [ 3]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. p prime. For such n’s.

n + 1 = 2p . Delft 18 / 47 . p prime. The property needs to be tested only for e = 2 + √ 3. √ n+1 The property P is: P(e) ≡ e 2 = −1 in Zn [ 3]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Works only for special Mersenne primes of the form n = 2p − 1. 2006. For such n’s.Lucas-Lehmer Test √ ∗ G is a subgroup of Zn [ 3] containing elements of order n + 1.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Time Complexity √ Raising 2 + 3 to operations in Zn . 2006. Delft 19 / 47 . n+1 2 th power requires O(log n) multiplication Overall time complexity is O˜(log2 n).

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. n+1 2 th power requires O(log n) multiplication Overall time complexity is O˜(log2 n). 2006. Delft 19 / 47 .Time Complexity √ Raising 2 + 3 to operations in Zn .

p2 . we need t j=1 ≥ √ n. . . The property is tested for a random e. pt dividing n − 1 then every prime factor of n has the form k · t pj + 1. n) = 1 for distinct primes p1 . .Pocklington-Lehmer Test Theorem (Pocklington. ∗ Let G = Zn and property P precisely as in the theorem. Delft 20 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. . For the test to work. j=1 Similar to Lucas’s theorem. 1914) n−1 If there exists a e such that e n−1 = 1 (mod n) and gcd(e pj − 1. 2006.

we need t j=1 ≥ √ n. 2006. . ∗ Let G = Zn and property P precisely as in the theorem. j=1 Similar to Lucas’s theorem. . pt dividing n − 1 then every prime factor of n has the form k · t pj + 1. . For the test to work. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. .Pocklington-Lehmer Test Theorem (Pocklington. Delft 20 / 47 . n) = 1 for distinct primes p1 . p2 . The property is tested for a random e. 1914) n−1 If there exists a e such that e n−1 = 1 (mod n) and gcd(e pj − 1.

2006.Pocklington-Lehmer Test Theorem (Pocklington. 1914) n−1 If there exists a e such that e n−1 = 1 (mod n) and gcd(e pj − 1. . Delft 20 / 47 . p2 . For the test to work. n) = 1 for distinct primes p1 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. ∗ Let G = Zn and property P precisely as in the theorem. . pt dividing n − 1 then every prime factor of n has the form k · t pj + 1. The property is tested for a random e. . we need t j=1 ≥ √ n. . j=1 Similar to Lucas’s theorem.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Delft 21 / 47 .Time Complexity Depends on the difficulty of finding prime factorizations of n − 1 √ whose product is at least n. Other operations can be carried out efficiently.

Time Complexity Depends on the difficulty of finding prime factorizations of n − 1 √ whose product is at least n. 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 21 / 47 . Other operations can be carried out efficiently.

This motivated primality testing based on elliptic curves.Elliptic Curves Based Tests Elliptic curves give rise to groups of different sizes associated with the given number. Delft 22 / 47 . With good probability. some of these groups have sizes that can be easily factored. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.

With good probability. some of these groups have sizes that can be easily factored. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. This motivated primality testing based on elliptic curves.Elliptic Curves Based Tests Elliptic curves give rise to groups of different sizes associated with the given number. 2006. Delft 22 / 47 .

2006. Delft 22 / 47 . This motivated primality testing based on elliptic curves. With good probability. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Elliptic Curves Based Tests Elliptic curves give rise to groups of different sizes associated with the given number. some of these groups have sizes that can be easily factored.

Goldwasser-Kilian Test This is a randomized primality proving algorithm. Under a reasonable hypothesis. Delft 23 / 47 . 2006. it is polynomial time on all but negligible fraction of numbers. Unconditionally. it is polynomial time on all inputs. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Unconditionally. it is polynomial time on all but negligible fraction of numbers.Goldwasser-Kilian Test This is a randomized primality proving algorithm. it is polynomial time on all inputs. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 23 / 47 . Under a reasonable hypothesis. 2006.

Under a reasonable hypothesis. 2006. Delft 23 / 47 .Goldwasser-Kilian Test This is a randomized primality proving algorithm. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. it is polynomial time on all but negligible fraction of numbers. it is polynomial time on all inputs. Unconditionally.

the number of points of the curve is √ √ nearly uniformly distributed in the interval [n + 1 − 2 n.Goldwasser-Kilian Test Consider a random elliptic curve over Zn . n + 1 + 2 n] for prime n. with reasonable probability. By a theorem of Lenstra (1987). for q prime. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 24 / 47 . it follows that there are curves with 2q points. 2006. Assuming a conjecture about the density of primes in small intervals.

Goldwasser-Kilian Test Consider a random elliptic curve over Zn . with reasonable probability. 2006. for q prime. Assuming a conjecture about the density of primes in small intervals. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. n + 1 + 2 n] for prime n. it follows that there are curves with 2q points. the number of points of the curve is √ √ nearly uniformly distributed in the interval [n + 1 − 2 n. By a theorem of Lenstra (1987). Delft 24 / 47 .

Goldwasser-Kilian Test Consider a random elliptic curve over Zn . it follows that there are curves with 2q points. Delft 24 / 47 . with reasonable probability. the number of points of the curve is √ √ nearly uniformly distributed in the interval [n + 1 − 2 n. 2006. Assuming a conjecture about the density of primes in small intervals. By a theorem of Lenstra (1987). n + 1 + 2 n] for prime n. for q prime. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Goldwasser-Kilian Test Theorem (Goldwasser-Kilian) Suppose E (Zn ) is an elliptic curve with 2q points. p + 1 + 2 p > n − n which is not possible. Let p be a prime factor of n with p ≤ We have q · A = O in E (Zp ) as well. since q is prime. √ n. √ √ Otherwise. Delft 25 / 47 . If q is prime and there exists A ∈ E (Zn ) = O such that q · A = O then either n is provably prime or provably composite. |E (Zp )| ≥ q. 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Otherwise. 2006. √ If 2q < n + 1 − 2 n then n must be composite. If A = O in E (Zp ) then n can be factored. Proof.

Let p be a prime factor of n with p ≤ We have q · A = O in E (Zp ) as well. since q is prime. 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. √ n. √ √ Otherwise.Goldwasser-Kilian Test Theorem (Goldwasser-Kilian) Suppose E (Zn ) is an elliptic curve with 2q points. If q is prime and there exists A ∈ E (Zn ) = O such that q · A = O then either n is provably prime or provably composite. If A = O in E (Zp ) then n can be factored. Delft 25 / 47 . √ If 2q < n + 1 − 2 n then n must be composite. Otherwise. 2006. Proof. p + 1 + 2 p > n − n which is not possible. |E (Zp )| ≥ q.

2006. Proof. 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. |E (Zp )| ≥ q. Otherwise. √ If 2q < n + 1 − 2 n then n must be composite.Goldwasser-Kilian Test Theorem (Goldwasser-Kilian) Suppose E (Zn ) is an elliptic curve with 2q points. √ n. p + 1 + 2 p > n − n which is not possible. Delft 25 / 47 . since q is prime. √ √ Otherwise. Let p be a prime factor of n with p ≤ We have q · A = O in E (Zp ) as well. If A = O in E (Zp ) then n can be factored. If q is prime and there exists A ∈ E (Zn ) = O such that q · A = O then either n is provably prime or provably composite.

Let p be a prime factor of n with p ≤ We have q · A = O in E (Zp ) as well. since q is prime. If A = O in E (Zp ) then n can be factored. Proof. Otherwise. √ √ Otherwise. √ n. 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. If q is prime and there exists A ∈ E (Zn ) = O such that q · A = O then either n is provably prime or provably composite. p + 1 + 2 p > n − n which is not possible. 2006. Delft 25 / 47 . |E (Zp )| ≥ q.Goldwasser-Kilian Test Theorem (Goldwasser-Kilian) Suppose E (Zn ) is an elliptic curve with 2q points. √ If 2q < n + 1 − 2 n then n must be composite.

Goldwasser-Kilian Test 1 2 3 4 Find a random elliptic curve over Zn with 2q points. Infer n to be prime or composite. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 26 / 47 . Prove primality of q recursively. 2006. Randomly select an A such that q · A = O.

Goldwasser-Kilian Test

1 2 3 4

Find a random elliptic curve over Zn with 2q points. Prove primality of q recursively. Randomly select an A such that q · A = O. Infer n to be prime or composite.

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

26 / 47

Goldwasser-Kilian Test

1 2 3 4

Find a random elliptic curve over Zn with 2q points. Prove primality of q recursively. Randomly select an A such that q · A = O. Infer n to be prime or composite.

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

26 / 47

Goldwasser-Kilian Test

1 2 3 4

Find a random elliptic curve over Zn with 2q points. Prove primality of q recursively. Randomly select an A such that q · A = O. Infer n to be prime or composite.

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

26 / 47

Delft 27 / 47 . The running time is O(log11 n). Improvements by Atkin and others result in a conjectured running time of O˜(log4 n). 2006.Analysis The algorithm never incorrectly classifies a composite number. With high probability it correctly classifies prime numbers. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 27 / 47 . Improvements by Atkin and others result in a conjectured running time of O˜(log4 n).Analysis The algorithm never incorrectly classifies a composite number. The running time is O(log11 n). With high probability it correctly classifies prime numbers. 2006.

The running time is O(log11 n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Improvements by Atkin and others result in a conjectured running time of O˜(log4 n).Analysis The algorithm never incorrectly classifies a composite number. Delft 27 / 47 . With high probability it correctly classifies prime numbers.

With high probability it correctly classifies prime numbers. Delft 27 / 47 . 2006.Analysis The algorithm never incorrectly classifies a composite number. The running time is O(log11 n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Improvements by Atkin and others result in a conjectured running time of O˜(log4 n).

They first used hyperelliptic curves to reduce the problem of testing for n to that of a nearly random integer of similar size. Then the previous test works with high probability. 2006. Delft 28 / 47 .Adleman-Huang Test The previous test is not unconditionally polynomial time on a small fraction of numbers. The time complexity becomes O(logc n) for c > 30! Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Adleman-Huang (1992) removed this drawback.

They first used hyperelliptic curves to reduce the problem of testing for n to that of a nearly random integer of similar size. The time complexity becomes O(logc n) for c > 30! Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Then the previous test works with high probability. 2006. Delft 28 / 47 . Adleman-Huang (1992) removed this drawback.Adleman-Huang Test The previous test is not unconditionally polynomial time on a small fraction of numbers.

Delft 28 / 47 . They first used hyperelliptic curves to reduce the problem of testing for n to that of a nearly random integer of similar size.Adleman-Huang Test The previous test is not unconditionally polynomial time on a small fraction of numbers. Adleman-Huang (1992) removed this drawback. Then the previous test works with high probability. The time complexity becomes O(logc n) for c > 30! Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.

Methods Modern Methods Algorithms Based on Factorization of Group Size 2 3 4 5 Algorithms Based on Fermat’s Little Theorem An Algorithm Outside the Two Themes 6 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Outline 1 The Problem Two Simple. 2006. Delft 29 / 47 . and Slow.

Solovay-Strassen Test A Restatement of FLT If n is odd prime then for every e. e is a quadratic residue in Zn iff e Therefore. 1 ≤ e < n. e n−1 2 = ±1 (mod n). n−1 2 When n is prime. 2006. (mod n). Delft 30 / 47 . if n is prime then e n =e n−1 2 = 1 (mod n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

n−1 2 When n is prime. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Solovay-Strassen Test A Restatement of FLT If n is odd prime then for every e. Delft 30 / 47 . 1 ≤ e < n. e n−1 2 = ±1 (mod n). 2006. if n is prime then e n =e n−1 2 = 1 (mod n). e is a quadratic residue in Zn iff e Therefore. (mod n).

e is a quadratic residue in Zn iff e Therefore. 2006. (mod n). 1 ≤ e < n.Solovay-Strassen Test A Restatement of FLT If n is odd prime then for every e. Delft 30 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. e n−1 2 = ±1 (mod n). n−1 2 When n is prime. if n is prime then e n =e n−1 2 = 1 (mod n).

Never incorrectly classifies primes and correctly classifies composites with probability at least 1 . Delft 31 / 47 . 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Solovay-Strassen Test Proposed by Solovay and Strassen (1973). 2006. A randomized algorithm based on above property.

Delft 31 / 47 . Never incorrectly classifies primes and correctly classifies composites with probability at least 1 . 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006.Solovay-Strassen Test Proposed by Solovay and Strassen (1973). A randomized algorithm based on above property.

Delft 31 / 47 . 2 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Never incorrectly classifies primes and correctly classifies composites with probability at least 1 . A randomized algorithm based on above property.Solovay-Strassen Test Proposed by Solovay and Strassen (1973). 2006.

test if e n =e n−1 2 (mod n). 2006. it is composite. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 3 If yes. Delft 32 / 47 .Solovay-Strassen Test 1 2 If n is an exact power. classify n as prime otherwise it is proven composite. The time complexity is O˜(log2 n). For a random e in Zn .

test if e n =e n−1 2 (mod n). classify n as prime otherwise it is proven composite. it is composite. Delft 32 / 47 . For a random e in Zn .Solovay-Strassen Test 1 2 If n is an exact power. 3 If yes. The time complexity is O˜(log2 n). 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Solovay-Strassen Test

1 2

If n is an exact power, it is composite. For a random e in Zn , test if e n =e
n−1 2

(mod n).

3

If yes, classify n as prime otherwise it is proven composite. The time complexity is O˜(log2 n).

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

32 / 47

Solovay-Strassen Test

1 2

If n is an exact power, it is composite. For a random e in Zn , test if e n =e
n−1 2

(mod n).

3

If yes, classify n as prime otherwise it is proven composite. The time complexity is O˜(log2 n).

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

32 / 47

Analysis
Consider the case when n is a product of two primes p and q. Let a, b ∈ Zp , c ∈ Zq with a residue and b non-residue in Zp . Clearly, < a, c >
n−1 2 n−1 2

=< b, c >
n−1 2

n−1 2

(mod q).

If < a, c > =< b, c > (mod n) then one of them is not in {1, −1} and so compositeness of n is proven. Otherwise, either
n−1 < a, c > =< a, c > 2 (mod n), n

or

< b, c > n

=< b, c >

n−1 2

(mod n).

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

33 / 47

n or < b.Analysis Consider the case when n is a product of two primes p and q. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. c > 2 (mod n). −1} and so compositeness of n is proven. Delft 33 / 47 . b ∈ Zp . c > (mod n) then one of them is not in {1. If < a. either n−1 < a. c > n−1 2 n−1 2 (mod q). c > n−1 2 n−1 2 =< b. Let a. Otherwise. c > =< b. c ∈ Zq with a residue and b non-residue in Zp . c > n =< b. c > n−1 2 (mod n). < a. c > =< a. Clearly. 2006.

−1} and so compositeness of n is proven. c > n =< b. c > n−1 2 n−1 2 =< b. Otherwise. c > 2 (mod n). b ∈ Zp . c > n−1 2 n−1 2 (mod q). n or < b.Analysis Consider the case when n is a product of two primes p and q. c ∈ Zq with a residue and b non-residue in Zp . c > =< b. Let a. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 33 / 47 . < a. c > n−1 2 (mod n). 2006. either n−1 < a. Clearly. If < a. c > (mod n) then one of them is not in {1. c > =< a.

either n−1 < a.Analysis Consider the case when n is a product of two primes p and q. c ∈ Zq with a residue and b non-residue in Zp . Clearly. c > n =< b. < a. Delft 33 / 47 . Let a. If < a. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. c > n−1 2 (mod n). c > =< b. b ∈ Zp . c > 2 (mod n). c > n−1 2 n−1 2 =< b. −1} and so compositeness of n is proven. c > =< a. n or < b. 2006. c > n−1 2 n−1 2 (mod q). Otherwise. c > (mod n) then one of them is not in {1.

..Miller’s Test Theorem (Another Restatement of FLT) If n is odd prime and n = 1 + 2s · t. then for every e. . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. e 2 ·t (mod n). e t (mod n) has either all 1’s or a −1 somewhere. s−1 s−2 the sequence e 2 ·t (mod n). Delft 34 / 47 . 1 ≤ e < n. . 2006. t odd.

It is a deterministic polynomial time test. 2006. It is correct under Extended Riemann Hypothesis. Delft 35 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Miller’s Test This theorem is the basis for Miller’s test (1973).

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 35 / 47 . 2006. It is correct under Extended Riemann Hypothesis. It is a deterministic polynomial time test.Miller’s Test This theorem is the basis for Miller’s test (1973).

Delft 35 / 47 .Miller’s Test This theorem is the basis for Miller’s test (1973). It is correct under Extended Riemann Hypothesis. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. It is a deterministic polynomial time test.

check if the sequence e 2 ·t (mod n).Miller’s Test 1 2 If n is an exact power. . s−1 3 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. For each e. . it is composite. Delft 36 / 47 . The time complexity of the test is O˜(log4 n).. e t (mod n) has either all 1’s or a −1 somewhere. . s−2 e 2 ·t (mod n). If yes. 1 < e ≤ 4 log2 n. 2006. classify n as prime otherwise composite.

Delft 36 / 47 . s−1 3 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. check if the sequence e 2 ·t (mod n). . classify n as prime otherwise composite.. The time complexity of the test is O˜(log4 n).Miller’s Test 1 2 If n is an exact power. it is composite. . If yes. 2006. e t (mod n) has either all 1’s or a −1 somewhere. s−2 e 2 ·t (mod n). For each e. . 1 < e ≤ 4 log2 n.

1 < e ≤ 4 log2 n. it is composite.. s−2 e 2 ·t (mod n). classify n as prime otherwise composite. check if the sequence e 2 ·t (mod n). The time complexity of the test is O˜(log4 n). . If yes. Delft 36 / 47 . .Miller’s Test 1 2 If n is an exact power. . 2006. e t (mod n) has either all 1’s or a −1 somewhere. s−1 3 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. For each e.

check if the sequence e 2 ·t (mod n). 1 < e ≤ 4 log2 n. . For each e. The time complexity of the test is O˜(log4 n). e t (mod n) has either all 1’s or a −1 somewhere. s−2 e 2 ·t (mod n). classify n as prime otherwise composite.. it is composite. 2006. Delft 36 / 47 . If yes.Miller’s Test 1 2 If n is an exact power. . s−1 3 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. .

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. 4 Time complexity is O˜(log2 n). Randomized algorithm that never classfies primes incorrectly and correctly classifies composites with probabilty at least 3 . Delft 37 / 47 .Rabin’s Test A modification of Miller’s algorithm proposed soon after (1974). Selects e randomly instead of trying all e in the range [2. The most popular primality testing algorithm. 4 log2 n].

The most popular primality testing algorithm. 2006. 4 Time complexity is O˜(log2 n). Delft 37 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Selects e randomly instead of trying all e in the range [2. Randomized algorithm that never classfies primes incorrectly and correctly classifies composites with probabilty at least 3 .Rabin’s Test A modification of Miller’s algorithm proposed soon after (1974). 4 log2 n].

4 log2 n]. Selects e randomly instead of trying all e in the range [2. Randomized algorithm that never classfies primes incorrectly and correctly classifies composites with probabilty at least 3 . The most popular primality testing algorithm.Rabin’s Test A modification of Miller’s algorithm proposed soon after (1974). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. 4 Time complexity is O˜(log2 n). Delft 37 / 47 .

2006. Randomized algorithm that never classfies primes incorrectly and correctly classifies composites with probabilty at least 3 . Selects e randomly instead of trying all e in the range [2. 4 Time complexity is O˜(log2 n). Delft 37 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 4 log2 n]. The most popular primality testing algorithm.Rabin’s Test A modification of Miller’s algorithm proposed soon after (1974).

ζ r = 1. A test proposed in 2002 based on this generalization. 1 ≤ e < n. Delft 38 / 47 . polynomial time algorithm. The only known deterministic. unconditionally correct. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.AKS Test Theorem (A Generalization of FLT) If n is prime then for every e. 2006. (ζ + e)n = ζ n + e in Zn [ζ].

Delft 38 / 47 . 1 ≤ e < n. The only known deterministic. (ζ + e)n = ζ n + e in Zn [ζ]. unconditionally correct. A test proposed in 2002 based on this generalization. ζ r = 1. polynomial time algorithm. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.AKS Test Theorem (A Generalization of FLT) If n is prime then for every e. 2006.

AKS Test Theorem (A Generalization of FLT) If n is prime then for every e. (ζ + e)n = ζ n + e in Zn [ζ]. ζ r = 1. 1 ≤ e < n. polynomial time algorithm. The only known deterministic. 2006. unconditionally correct. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. A test proposed in 2002 based on this generalization. Delft 38 / 47 .

2006. 1 ≤ e ≤ 2 r log n. it is composite. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Select a small number r carefully. check if (ζ + e)n = ζ n + e in Zn [ζ]. let ζ r = 1 and consider Zn [ζ]. n is prime otherwise composite. Delft 39 / 47 . √ For each e. If yes.AKS Test 1 2 3 4 If n is an exact power or has a small divisor.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.AKS Test 1 2 3 4 If n is an exact power or has a small divisor. it is composite. check if (ζ + e)n = ζ n + e in Zn [ζ]. 1 ≤ e ≤ 2 r log n. If yes. let ζ r = 1 and consider Zn [ζ]. √ For each e. n is prime otherwise composite. Delft 39 / 47 . 2006. Select a small number r carefully.

n is prime otherwise composite.AKS Test 1 2 3 4 If n is an exact power or has a small divisor. 1 ≤ e ≤ 2 r log n. check if (ζ + e)n = ζ n + e in Zn [ζ]. Select a small number r carefully. √ For each e. it is composite. If yes. let ζ r = 1 and consider Zn [ζ]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 39 / 47 . 2006.

Delft 39 / 47 . let ζ r = 1 and consider Zn [ζ]. √ For each e. If yes. it is composite. 2006. Select a small number r carefully.AKS Test 1 2 3 4 If n is an exact power or has a small divisor. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 1 ≤ e ≤ 2 r log n. check if (ζ + e)n = ζ n + e in Zn [ζ]. n is prime otherwise composite.

f ζ)n = f (ζ n ) in Zp [ζ]. Since n is not a power of p. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. √ If ζ + e ∈ S for every 1 ≤ e ≤ 2 r log n. This makes the size of S bigger than the upper bound above. this places an upper bound on the size of S. It follows that for every f (ζ) ∈ S. Delft 40 / 47 . Let S ⊆ Zp [ζ] such that for every element f (ζ) ∈ S. f (ζ)m = f (ζ m ) for any m of the form ni · p j .Analysis Suppose n has at least two prime factors and let p be one of them. 2006. then all their products are also in S.

Delft 40 / 47 . 2006. This makes the size of S bigger than the upper bound above. √ If ζ + e ∈ S for every 1 ≤ e ≤ 2 r log n. Since n is not a power of p. It follows that for every f (ζ) ∈ S. f (ζ)m = f (ζ m ) for any m of the form ni · p j . then all their products are also in S. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. f ζ)n = f (ζ n ) in Zp [ζ]. this places an upper bound on the size of S. Let S ⊆ Zp [ζ] such that for every element f (ζ) ∈ S.Analysis Suppose n has at least two prime factors and let p be one of them.

Let S ⊆ Zp [ζ] such that for every element f (ζ) ∈ S. f (ζ)m = f (ζ m ) for any m of the form ni · p j . then all their products are also in S. This makes the size of S bigger than the upper bound above. It follows that for every f (ζ) ∈ S. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Analysis Suppose n has at least two prime factors and let p be one of them. Since n is not a power of p. 2006. √ If ζ + e ∈ S for every 1 ≤ e ≤ 2 r log n. f ζ)n = f (ζ n ) in Zp [ζ]. this places an upper bound on the size of S. Delft 40 / 47 .

Since n is not a power of p. This makes the size of S bigger than the upper bound above. 2006. It follows that for every f (ζ) ∈ S. f ζ)n = f (ζ n ) in Zp [ζ]. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. then all their products are also in S. √ If ζ + e ∈ S for every 1 ≤ e ≤ 2 r log n. Let S ⊆ Zp [ζ] such that for every element f (ζ) ∈ S. Delft 40 / 47 .Analysis Suppose n has at least two prime factors and let p be one of them. this places an upper bound on the size of S. f (ζ)m = f (ζ m ) for any m of the form ni · p j .

Delft 40 / 47 . 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. f ζ)n = f (ζ n ) in Zp [ζ]. Let S ⊆ Zp [ζ] such that for every element f (ζ) ∈ S. √ If ζ + e ∈ S for every 1 ≤ e ≤ 2 r log n. This makes the size of S bigger than the upper bound above.Analysis Suppose n has at least two prime factors and let p be one of them. this places an upper bound on the size of S. f (ζ)m = f (ζ m ) for any m of the form ni · p j . then all their products are also in S. It follows that for every f (ζ) ∈ S. Since n is not a power of p.

Time Complexity Number r is O(log5 n). 2006. Lenstra and Pomerance (2003) further reduce the time complexity to O˜(log6 n). An improvement by Hendrik Lenstra (2002) reduces the time complexity to O˜(log15/2 n). Delft 41 / 47 . Bernstein (2003) reduced the time complexity to O˜(log4 n) at the cost of making it randomized. Time complexity of the algorithm is O˜(log12 n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Bernstein (2003) reduced the time complexity to O˜(log4 n) at the cost of making it randomized.Time Complexity Number r is O(log5 n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. An improvement by Hendrik Lenstra (2002) reduces the time complexity to O˜(log15/2 n). 2006. Delft 41 / 47 . Time complexity of the algorithm is O˜(log12 n). Lenstra and Pomerance (2003) further reduce the time complexity to O˜(log6 n).

Time Complexity Number r is O(log5 n). An improvement by Hendrik Lenstra (2002) reduces the time complexity to O˜(log15/2 n). Bernstein (2003) reduced the time complexity to O˜(log4 n) at the cost of making it randomized. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. Delft 41 / 47 . 2006. Lenstra and Pomerance (2003) further reduce the time complexity to O˜(log6 n). Time complexity of the algorithm is O˜(log12 n).

Lenstra and Pomerance (2003) further reduce the time complexity to O˜(log6 n). An improvement by Hendrik Lenstra (2002) reduces the time complexity to O˜(log15/2 n). Delft 41 / 47 . Time complexity of the algorithm is O˜(log12 n). 2006.Time Complexity Number r is O(log5 n). Bernstein (2003) reduced the time complexity to O˜(log4 n) at the cost of making it randomized. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

Time Complexity Number r is O(log5 n). Time complexity of the algorithm is O˜(log12 n). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. 2006. Lenstra and Pomerance (2003) further reduce the time complexity to O˜(log6 n). Delft 41 / 47 . An improvement by Hendrik Lenstra (2002) reduces the time complexity to O˜(log15/2 n). Bernstein (2003) reduced the time complexity to O˜(log4 n) at the cost of making it randomized.

Delft 42 / 47 . Methods Modern Methods Algorithms Based on Factorization of Group Size Algorithms Based on Fermat’s Little Theorem 2 3 4 5 6 An Algorithm Outside the Two Themes Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Outline 1 The Problem Two Simple. 2006. and Slow.

Is conceptually the most complex algorithm of them all. ideas derived from both themes. plus new ones! It is a deterministic algorithm with time complexity logO(log log log n) n. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Adleman-Pomerance-Rumeli Test Proposed in 1980. Delft 43 / 47 . Was speeded up by Cohen and Lenstra (1981). Uses multiple groups. 2006.

2006. ideas derived from both themes. Is conceptually the most complex algorithm of them all. plus new ones! It is a deterministic algorithm with time complexity logO(log log log n) n. Was speeded up by Cohen and Lenstra (1981). Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Adleman-Pomerance-Rumeli Test Proposed in 1980. Uses multiple groups. Delft 43 / 47 .

ideas derived from both themes. 2006. Delft 43 / 47 . Is conceptually the most complex algorithm of them all. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. plus new ones! It is a deterministic algorithm with time complexity logO(log log log n) n. Was speeded up by Cohen and Lenstra (1981).Adleman-Pomerance-Rumeli Test Proposed in 1980. Uses multiple groups.

ideas derived from both themes. plus new ones! It is a deterministic algorithm with time complexity logO(log log log n) n. Delft 43 / 47 . Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Adleman-Pomerance-Rumeli Test Proposed in 1980. Is conceptually the most complex algorithm of them all. Was speeded up by Cohen and Lenstra (1981). 2006. Uses multiple groups.

Delft 44 / 47 . .Overview of the Algorithm Tries to compute a factor of n. √ Let p be a factor of n. qt } and {r1 . . . . j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. r2 . ≤ u rj > n. . ru } satisfying: qi = logO(log log log n) n. Find two sets of primes {q1 . q2 . rj − 1 is square-free and has only qi ’s as prime divisors. . 2006. For each j √ u. . . p ≤ n.

≤ u rj > n. q2 . . . Delft 44 / 47 . j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. rj − 1 is square-free and has only qi ’s as prime divisors. qt } and {r1 . √ Let p be a factor of n. . . r2 . Find two sets of primes {q1 .Overview of the Algorithm Tries to compute a factor of n. p ≤ n. . 2006. . ru } satisfying: qi = logO(log log log n) n. For each j √ u. . .

. 2006. r2 . q2 . √ Let p be a factor of n. . rj − 1 is square-free and has only qi ’s as prime divisors. Delft 44 / 47 . ru } satisfying: qi = logO(log log log n) n. qt } and {r1 . . j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. . . For each j √ u. . Find two sets of primes {q1 . ≤ u rj > n.Overview of the Algorithm Tries to compute a factor of n. . . p ≤ n.

. q2 . Delft 44 / 47 . √ Let p be a factor of n. j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. For each j √ u. p ≤ n. 2006. r2 . qt } and {r1 . rj − 1 is square-free and has only qi ’s as prime divisors. . ≤ u rj > n. . .Overview of the Algorithm Tries to compute a factor of n. . . ru } satisfying: qi = logO(log log log n) n. . Find two sets of primes {q1 . .

2006. Find two sets of primes {q1 . . qt } and {r1 . r2 . rj − 1 is square-free and has only qi ’s as prime divisors. . . . j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. For each j √ u. . . Delft 44 / 47 . √ Let p be a factor of n. . ≤ u rj > n. . ru } satisfying: qi = logO(log log log n) n. q2 .Overview of the Algorithm Tries to compute a factor of n. p ≤ n.

. For each j √ u. j=1 t i=1 Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.Overview of the Algorithm Tries to compute a factor of n. . . 2006. . Find two sets of primes {q1 . ≤ u rj > n. . qt } and {r1 . r2 . √ Let p be a factor of n. p ≤ n. . Delft 44 / 47 . q2 . . rj − 1 is square-free and has only qi ’s as prime divisors. ru } satisfying: qi = logO(log log log n) n. .

Overview of the Algorithm

Let gj be a generator for the group Fr∗ . j Let p = gj j (mod rj ) and γj = δi,j (mod qi ) for every qi | rj − 1. Compute ‘associated’ primes rji ∈ {r1 , r2 , . . . , ru } for each qi . Cycle through all tuples (α1 , α2 , . . . , αt ) with 0 ≤ αi < qi . From a given tuple (α1 , α2 , . . . , αt ), derive numbers βi,j for 1 ≤ j ≤ u, 1 ≤ i ≤ t and qi | rj − 1 such that
If p = gjαi (mod rj ) for every j then δi,j = βi,j for every j and for every i i with qi | rj − 1.
γ

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

45 / 47

Overview of the Algorithm

Let gj be a generator for the group Fr∗ . j Let p = gj j (mod rj ) and γj = δi,j (mod qi ) for every qi | rj − 1. Compute ‘associated’ primes rji ∈ {r1 , r2 , . . . , ru } for each qi . Cycle through all tuples (α1 , α2 , . . . , αt ) with 0 ≤ αi < qi . From a given tuple (α1 , α2 , . . . , αt ), derive numbers βi,j for 1 ≤ j ≤ u, 1 ≤ i ≤ t and qi | rj − 1 such that
If p = gjαi (mod rj ) for every j then δi,j = βi,j for every j and for every i i with qi | rj − 1.
γ

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

45 / 47

Overview of the Algorithm

Let gj be a generator for the group Fr∗ . j Let p = gj j (mod rj ) and γj = δi,j (mod qi ) for every qi | rj − 1. Compute ‘associated’ primes rji ∈ {r1 , r2 , . . . , ru } for each qi . Cycle through all tuples (α1 , α2 , . . . , αt ) with 0 ≤ αi < qi . From a given tuple (α1 , α2 , . . . , αt ), derive numbers βi,j for 1 ≤ j ≤ u, 1 ≤ i ≤ t and qi | rj − 1 such that
If p = gjαi (mod rj ) for every j then δi,j = βi,j for every j and for every i i with qi | rj − 1.
γ

Manindra Agrawal (IIT Kanpur)

Is n a Prime Number?

March 27, 2006, Delft

45 / 47

2006.j for every j and for every i i with qi | rj − 1. .j (mod qi ) for every qi | rj − 1. derive numbers βi. . j Let p = gj j (mod rj ) and γj = δi. αt ) with 0 ≤ αi < qi . . From a given tuple (α1 .j for 1 ≤ j ≤ u. . Delft 45 / 47 . Cycle through all tuples (α1 . α2 . α2 . r2 . Compute ‘associated’ primes rji ∈ {r1 . 1 ≤ i ≤ t and qi | rj − 1 such that If p = gjαi (mod rj ) for every j then δi. . . ru } for each qi . . . . . . αt ).Overview of the Algorithm Let gj be a generator for the group Fr∗ .j = βi. γ Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. .

j Let p = gj j (mod rj ) and γj = δi. . . . . αt ) with 0 ≤ αi < qi . Compute ‘associated’ primes rji ∈ {r1 .Overview of the Algorithm Let gj be a generator for the group Fr∗ . .j (mod qi ) for every qi | rj − 1. derive numbers βi. . . α2 .j = βi. . αt ). . Cycle through all tuples (α1 . r2 . γ Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. . 2006. ru } for each qi .j for 1 ≤ j ≤ u.j for every j and for every i i with qi | rj − 1. 1 ≤ i ≤ t and qi | rj − 1 such that If p = gjαi (mod rj ) for every j then δi. α2 . From a given tuple (α1 . Delft 45 / 47 . . .

j ’s.j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ].j ’s. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi. ζiqi = 1.Overview of the Algorithm From δi. βi. Delft 46 / 47 . the residue equals p. √ u Since j=1 rj > n ≥ p. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s.j ’s. 2006. For most of the composite numbers. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. the algorithm will fail during computation of βi.

j ’s. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s. √ u Since j=1 rj > n ≥ p. Delft 46 / 47 . the residue equals p. βi.Overview of the Algorithm From δi. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ]. 2006. ζiqi = 1. For most of the composite numbers.j ’s.j ’s. the algorithm will fail during computation of βi.

Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. ζiqi = 1.j ’s. For most of the composite numbers. 2006. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi.Overview of the Algorithm From δi. √ u Since j=1 rj > n ≥ p. the residue equals p. Delft 46 / 47 .j ’s.j ’s. the algorithm will fail during computation of βi. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s. βi.j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ].

Delft 46 / 47 .j ’s. the residue equals p. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s. ζiqi = 1. βi. For most of the composite numbers.Overview of the Algorithm From δi. 2006.j ’s. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. the algorithm will fail during computation of βi.j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ].j ’s. √ u Since j=1 rj > n ≥ p.

For most of the composite numbers.j ’s. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi. 2006. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. ζiqi = 1. βi. the algorithm will fail during computation of βi.j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ]. √ u Since j=1 rj > n ≥ p. the residue equals p.Overview of the Algorithm From δi.j ’s. Delft 46 / 47 .j ’s. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s.

2006.j ’s. ζiqi = 1. For most of the composite numbers. p can be constructed easily: Use Chinese remaindering to compute γj ’s from δi. γ u Use Chinese remaindering to compute p (mod j=1 rj ) from gj j ’s. √ u Since j=1 rj > n ≥ p.Overview of the Algorithm From δi. the residue equals p. the algorithm will fail during computation of βi. Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.j ’s.j ’s. Delft 46 / 47 .j ’s are computed using higher reciprocity laws in extension rings Zn [ζi ]. βi.

polynomial time deterministic primality test? Is there a ‘practical’. Delft 47 / 47 . 2006. provably polynomial time.Outstanding Questions Is there a ‘practical’. primality proving test? Are there radically different ways of testing primality efficiently? Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27.

primality proving test? Are there radically different ways of testing primality efficiently? Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. polynomial time deterministic primality test? Is there a ‘practical’. 2006.Outstanding Questions Is there a ‘practical’. Delft 47 / 47 . provably polynomial time.

2006.Outstanding Questions Is there a ‘practical’. polynomial time deterministic primality test? Is there a ‘practical’. Delft 47 / 47 . primality proving test? Are there radically different ways of testing primality efficiently? Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27. provably polynomial time.

Sign up to vote on this title
UsefulNot useful