Is n a prime number? Nitin Saxena. Turku, May Centrum voor Wiskunde en Informatica Amsterdam

Similar documents
Is n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur

Primality - Factorization

On Generalized Fermat Numbers 3 2n +1

PRIMES is in P. Manindra Agrawal Neeraj Kayal Nitin Saxena

Factoring & Primality

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

Recent Breakthrough in Primality Testing

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

Faster deterministic integer factorisation

An Overview of Integer Factoring Algorithms. The Problem

Integer Factorization using the Quadratic Sieve

Integer factoring and modular square roots

Lecture 13 - Basic Number Theory.

Revised Version of Chapter 23. We learned long ago how to solve linear congruences. ax c (mod m)

minimal polyonomial Example

Winter Camp 2011 Polynomials Alexander Remorov. Polynomials. Alexander Remorov

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

Factoring integers, Producing primes and the RSA cryptosystem Harish-Chandra Research Institute

2 Primality and Compositeness Tests

8 Primes and Modular Arithmetic

FACTORING SPARSE POLYNOMIALS

Module MA3411: Abstract Algebra Galois Theory Appendix Michaelmas Term 2013

Applications of Fermat s Little Theorem and Congruences

CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

RSA and Primality Testing

Today s Topics. Primes & Greatest Common Divisors

3. Computational Complexity.

Cryptography and Network Security Number Theory

MOP 2007 Black Group Integer Polynomials Yufei Zhao. Integer Polynomials. June 29, 2007 Yufei Zhao

On the largest prime factor of x 2 1

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

2.1 Complexity Classes

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

How To Factoring

Quotient Rings and Field Extensions

a 1 x + a 0 =0. (3) ax 2 + bx + c =0. (4)

Cryptography and Network Security Chapter 8

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

it is easy to see that α = a

Computer and Network Security

Factoring integers and Producing primes

ELLIPTIC CURVES AND LENSTRA S FACTORIZATION ALGORITHM

Lecture 13: Factoring Integers

Prime numbers and prime polynomials. Paul Pollack Dartmouth College

Elementary Number Theory

An Introductory Course in Elementary Number Theory. Wissam Raji

CRC Press has granted the following specific permissions for the electronic version of this book:

Notes on Factoring. MA 206 Kurt Bryan

Introduction to Finite Fields (cont.)

H/wk 13, Solutions to selected problems

Homework until Test #2

15 Prime and Composite Numbers

Public Key Cryptography: RSA and Lots of Number Theory

The cyclotomic polynomials

Number Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures

Study of algorithms for factoring integers and computing discrete logarithms

3 1. Note that all cubes solve it; therefore, there are no more

QUADRATIC RECIPROCITY IN CHARACTERISTIC 2

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

Smooth numbers and the quadratic sieve

Elements of Applied Cryptography Public key encryption

EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION

I. Introduction. MPRI Cours Lecture IV: Integer factorization. What is the factorization of a random number? II. Smoothness testing. F.

The last three chapters introduced three major proof techniques: direct,

ALGEBRAIC APPROACH TO COMPOSITE INTEGER FACTORIZATION

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.

calculating the result modulo 3, as follows: p(0) = = 1 0,

How To Factor In Prime Numbers

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include

8 Divisibility and prime numbers

SUBGROUPS OF CYCLIC GROUPS. 1. Introduction In a group G, we denote the (cyclic) group of powers of some g G by

Factoring Polynomials

Math 319 Problem Set #3 Solution 21 February 2002

Computational Number Theory

FACTORING. n = fall in the arithmetic sequence

ABSTRACT EQUATIONS OVER FINITE FIELDS AND SOME RELATED PROBLEMS. Department of Mathematics

11 Ideals Revisiting Z

Modern Algebra Lecture Notes: Rings and fields set 4 (Revision 2)

SOLVING POLYNOMIAL EQUATIONS

FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z

Factoring Algorithms

Continued Fractions. Darren C. Collins

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Handout NUMBER THEORY

7. Some irreducible polynomials

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

Alex, I will take congruent numbers for one million dollars please

1 Lecture: Integration of rational functions by decomposition

SUM OF TWO SQUARES JAHNAVI BHASKAR

Factoring. Factoring 1

Die ganzen zahlen hat Gott gemacht

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Doug Ravenel. October 15, 2008

How To Prove The Dirichlet Unit Theorem

Handout #1: Mathematical Reasoning

The Mean Value Theorem

RSA Question 2. Bob thinks that p and q are primes but p isn t. Then, Bob thinks Φ Bob :=(p-1)(q-1) = φ(n). Is this true?

Math 453: Elementary Number Theory Definitions and Theorems

Transcription:

Is n a prime number? Nitin Saxena Centrum voor Wiskunde en Informatica Amsterdam Turku, May 2007 Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 1 / 36

Outline 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 2 / 36

Outline The Problem 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 3 / 36

The Problem The Problem Given an integer n, test whether it is prime. Easy Solution: Divide n by all numbers between 2 and (n 1). What is the hoo-ha about primality testing then?? Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 4 / 36

The Problem The Problem Given an integer n, test whether it is prime. Easy Solution: Divide n by all numbers between 2 and (n 1). What is the hoo-ha about primality testing then?? Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 4 / 36

The Problem The Problem Given an integer n, test whether it is prime. Easy Solution: Divide n by all numbers between 2 and (n 1). What is the hoo-ha about primality testing then?? Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 4 / 36

The Problem Efficiently Solving a Problem Given n we want a polynomial time primality test, one that runs in atmost (log n) c steps. Note that practically (log n) log log log n steps is efficient enough for the prime numbers we encounter in real life! Nevertheless, the notion of polynomial time elegantly captures the theoretical complexity of a problem. Notation: log is logarithm base 2. O (log c n) denotes log c n log log O(1) n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 5 / 36

The Problem Efficiently Solving a Problem Given n we want a polynomial time primality test, one that runs in atmost (log n) c steps. Note that practically (log n) log log log n steps is efficient enough for the prime numbers we encounter in real life! Nevertheless, the notion of polynomial time elegantly captures the theoretical complexity of a problem. Notation: log is logarithm base 2. O (log c n) denotes log c n log log O(1) n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 5 / 36

The Problem Efficiently Solving a Problem Given n we want a polynomial time primality test, one that runs in atmost (log n) c steps. Note that practically (log n) log log log n steps is efficient enough for the prime numbers we encounter in real life! Nevertheless, the notion of polynomial time elegantly captures the theoretical complexity of a problem. Notation: log is logarithm base 2. O (log c n) denotes log c n log log O(1) n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 5 / 36

The Problem Efficiently Solving a Problem Given n we want a polynomial time primality test, one that runs in atmost (log n) c steps. Note that practically (log n) log log log n steps is efficient enough for the prime numbers we encounter in real life! Nevertheless, the notion of polynomial time elegantly captures the theoretical complexity of a problem. Notation: log is logarithm base 2. O (log c n) denotes log c n log log O(1) n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 5 / 36

The Problem Efficiently Solving a Problem Given n we want a polynomial time primality test, one that runs in atmost (log n) c steps. Note that practically (log n) log log log n steps is efficient enough for the prime numbers we encounter in real life! Nevertheless, the notion of polynomial time elegantly captures the theoretical complexity of a problem. Notation: log is logarithm base 2. O (log c n) denotes log c n log log O(1) n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 5 / 36

Outline The High School Method 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 6 / 36

The High School Method Eratosthenes Sieve Proposed by Eratosthenes (ca. 300 BC). 1 List all numbers from 2 to n in a sequence. 2 Take the smallest uncrossed number and cross out all its multiples (except itself). 3 At the end all the uncrossed numbers are primes. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 7 / 36

The High School Method Eratosthenes Sieve Proposed by Eratosthenes (ca. 300 BC). 1 List all numbers from 2 to n in a sequence. 2 Take the smallest uncrossed number and cross out all its multiples (except itself). 3 At the end all the uncrossed numbers are primes. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 7 / 36

The High School Method Eratosthenes Sieve Proposed by Eratosthenes (ca. 300 BC). 1 List all numbers from 2 to n in a sequence. 2 Take the smallest uncrossed number and cross out all its multiples (except itself). 3 At the end all the uncrossed numbers are primes. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 7 / 36

The High School Method Eratosthenes Sieve Proposed by Eratosthenes (ca. 300 BC). 1 List all numbers from 2 to n in a sequence. 2 Take the smallest uncrossed number and cross out all its multiples (except itself). 3 At the end all the uncrossed numbers are primes. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 7 / 36

The High School Method Time Complexity To test primality n many steps would be enough. Not efficient by our standards! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 8 / 36

The High School Method Time Complexity To test primality n many steps would be enough. Not efficient by our standards! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 8 / 36

Outline Advanced Methods 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 9 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Rings Advanced Methods All the advanced methods associate a ring R to n and study its properties. The favorite rings are: 1 Z n Integers modulo n. 2 Z n [ 3] Quadratic extensions. 3 Z n [x, y]/(y 2 x 3 ax b) Elliptic curves. 4 Z n [x]/(x r 1) Cyclotomic rings. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 10 / 36

Outline Studying Integers modulo n 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 11 / 36

Studying Integers modulo n Fermat s Little Theorem (FLT) Theorem (Fermat, 1660s) If n is prime then for every a, a n = a (mod n). Basically, for all a Z n, a n 1 = 1. This property is not sufficient for primality (Carmichael, 1910). But it is the starting point! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 12 / 36

Studying Integers modulo n Fermat s Little Theorem (FLT) Theorem (Fermat, 1660s) If n is prime then for every a, a n = a (mod n). Basically, for all a Z n, a n 1 = 1. This property is not sufficient for primality (Carmichael, 1910). But it is the starting point! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 12 / 36

Studying Integers modulo n Fermat s Little Theorem (FLT) Theorem (Fermat, 1660s) If n is prime then for every a, a n = a (mod n). Basically, for all a Z n, a n 1 = 1. This property is not sufficient for primality (Carmichael, 1910). But it is the starting point! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 12 / 36

Studying Integers modulo n Fermat s Little Theorem (FLT) Theorem (Fermat, 1660s) If n is prime then for every a, a n = a (mod n). Basically, for all a Z n, a n 1 = 1. This property is not sufficient for primality (Carmichael, 1910). But it is the starting point! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 12 / 36

Lucas Test Studying Integers modulo n Theorem (Lucas, 1876) n is prime iff a Z n such that a n 1 = 1 and a n 1 p p (n 1). 1 for all primes Suppose (n 1) is smooth and we know its prime factors. Do the above test for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 13 / 36

Lucas Test Studying Integers modulo n Theorem (Lucas, 1876) n is prime iff a Z n such that a n 1 = 1 and a n 1 p p (n 1). 1 for all primes Suppose (n 1) is smooth and we know its prime factors. Do the above test for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 13 / 36

Lucas Test Studying Integers modulo n Theorem (Lucas, 1876) n is prime iff a Z n such that a n 1 = 1 and a n 1 p p (n 1). 1 for all primes Suppose (n 1) is smooth and we know its prime factors. Do the above test for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 13 / 36

Lucas Test Studying Integers modulo n Theorem (Lucas, 1876) n is prime iff a Z n such that a n 1 = 1 and a n 1 p p (n 1). 1 for all primes Suppose (n 1) is smooth and we know its prime factors. Do the above test for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 13 / 36

Lucas Test Studying Integers modulo n Theorem (Lucas, 1876) n is prime iff a Z n such that a n 1 = 1 and a n 1 p p (n 1). 1 for all primes Suppose (n 1) is smooth and we know its prime factors. Do the above test for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 13 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Pocklington-Lehmer Test Theorem (Pocklington, 1914) If a Z n such that a n 1 = 1 and gcd(a n 1 p i 1, n) = 1 for any distinct primes p 1,..., p t (n 1). Then any divisor of n is of the form 1 + kp 1 p t. Suppose t i=1 p t n and we have them. The above test is done for a random a. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 14 / 36

Studying Integers modulo n Solovay-Strassen Test Theorem (Strengthening FLT) An odd number n is prime iff for all a Z n, a n 1 2 = ( a n). Jacobi symbol ( a n) is computable in time O (log 2 n). Solovay-Strassen (1977) check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 2. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 15 / 36

Studying Integers modulo n Solovay-Strassen Test Theorem (Strengthening FLT) An odd number n is prime iff for all a Z n, a n 1 2 = ( a n). Jacobi symbol ( a n) is computable in time O (log 2 n). Solovay-Strassen (1977) check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 2. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 15 / 36

Studying Integers modulo n Solovay-Strassen Test Theorem (Strengthening FLT) An odd number n is prime iff for all a Z n, a n 1 2 = ( a n). Jacobi symbol ( a n) is computable in time O (log 2 n). Solovay-Strassen (1977) check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 2. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 15 / 36

Studying Integers modulo n Solovay-Strassen Test Theorem (Strengthening FLT) An odd number n is prime iff for all a Z n, a n 1 2 = ( a n). Jacobi symbol ( a n) is computable in time O (log 2 n). Solovay-Strassen (1977) check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 2. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 15 / 36

Studying Integers modulo n Solovay-Strassen Test Theorem (Strengthening FLT) An odd number n is prime iff for all a Z n, a n 1 2 = ( a n). Jacobi symbol ( a n) is computable in time O (log 2 n). Solovay-Strassen (1977) check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 2. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 15 / 36

Studying Integers modulo n Pépin s Test This is a test specialized for Fermat numbers F k = 2 2k + 1. Theorem (Pépin, 1877) F k is prime iff 3 F k 1 2 = 1 (mod F k ). This yields a deterministic polynomial time primality test for Fermat numbers. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 16 / 36

Studying Integers modulo n Pépin s Test This is a test specialized for Fermat numbers F k = 2 2k + 1. Theorem (Pépin, 1877) F k is prime iff 3 F k 1 2 = 1 (mod F k ). This yields a deterministic polynomial time primality test for Fermat numbers. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 16 / 36

Studying Integers modulo n Pépin s Test This is a test specialized for Fermat numbers F k = 2 2k + 1. Theorem (Pépin, 1877) F k is prime iff 3 F k 1 2 = 1 (mod F k ). This yields a deterministic polynomial time primality test for Fermat numbers. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 16 / 36

Studying Integers modulo n Miller-Rabin Test Strengthening FLT further [Miller, 1975] An odd number n = 1 + 2 s t (odd t) is prime iff for all a Z n, the sequence a 2s 1 t, a 2s 2 t,..., a t has either a 1 or all 1 s. We check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 4. The most popular primality test! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 17 / 36

Studying Integers modulo n Miller-Rabin Test Strengthening FLT further [Miller, 1975] An odd number n = 1 + 2 s t (odd t) is prime iff for all a Z n, the sequence a 2s 1 t, a 2s 2 t,..., a t has either a 1 or all 1 s. We check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 4. The most popular primality test! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 17 / 36

Studying Integers modulo n Miller-Rabin Test Strengthening FLT further [Miller, 1975] An odd number n = 1 + 2 s t (odd t) is prime iff for all a Z n, the sequence a 2s 1 t, a 2s 2 t,..., a t has either a 1 or all 1 s. We check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 4. The most popular primality test! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 17 / 36

Studying Integers modulo n Miller-Rabin Test Strengthening FLT further [Miller, 1975] An odd number n = 1 + 2 s t (odd t) is prime iff for all a Z n, the sequence a 2s 1 t, a 2s 2 t,..., a t has either a 1 or all 1 s. We check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 4. The most popular primality test! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 17 / 36

Studying Integers modulo n Miller-Rabin Test Strengthening FLT further [Miller, 1975] An odd number n = 1 + 2 s t (odd t) is prime iff for all a Z n, the sequence a 2s 1 t, a 2s 2 t,..., a t has either a 1 or all 1 s. We check the above equation for a random a. This gives a randomized test that takes time O (log 2 n). It errs with probability atmost 1 4. The most popular primality test! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 17 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Studying Integers modulo n Riemann Hypothesis and Primality Generalized Riemann Hypothesis [Piltz, 1884] Let Dirichlet L-function be the analytic continuation of L(χ, s) = χ(n) n=1 n. For every Dirichlet character χ and every complex s number s with L(χ, s) = 0: if Re(s) (0, 1] then Re(s) = 1 2. By taking χ to be the character modulo n it can be shown: the GRH implies that there exists an a 2 log 2 n such that ( a n) 1 (Ankeny 1952; Miller 1975; Bach 1980s). This magical small a would be a witness of the compositeness of n. Thus, GRH derandomizes both Solovay-Strassen and Miller-Rabin primality tests. This a also factors Carmichael numbers! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 18 / 36

Outline Studying quadratic extensions mod n 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 19 / 36

Studying quadratic extensions mod n Lucas-Lehmer Test This is a test specialized for Mersenne primes M k = 2 k 1. Theorem (Lucas-Lehmer, 1930) M k is prime iff (2 + 3) M k +1 2 = 1 in Z n [ 3]. This yields a deterministic polynomial time primality test for Mersenne primes. Generalization: Whenever (n + 1) has small prime factors one can test n for primality by working in Z n [ D] where ( D n ) = 1. More generalization: Whenever (n 2 ± n + 1) has small prime factors one can test n for primality. But then we have to go to cubic extensions (Williams 1978). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 20 / 36

Studying quadratic extensions mod n Lucas-Lehmer Test This is a test specialized for Mersenne primes M k = 2 k 1. Theorem (Lucas-Lehmer, 1930) M k is prime iff (2 + 3) M k +1 2 = 1 in Z n [ 3]. This yields a deterministic polynomial time primality test for Mersenne primes. Generalization: Whenever (n + 1) has small prime factors one can test n for primality by working in Z n [ D] where ( D n ) = 1. More generalization: Whenever (n 2 ± n + 1) has small prime factors one can test n for primality. But then we have to go to cubic extensions (Williams 1978). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 20 / 36

Studying quadratic extensions mod n Lucas-Lehmer Test This is a test specialized for Mersenne primes M k = 2 k 1. Theorem (Lucas-Lehmer, 1930) M k is prime iff (2 + 3) M k +1 2 = 1 in Z n [ 3]. This yields a deterministic polynomial time primality test for Mersenne primes. Generalization: Whenever (n + 1) has small prime factors one can test n for primality by working in Z n [ D] where ( D n ) = 1. More generalization: Whenever (n 2 ± n + 1) has small prime factors one can test n for primality. But then we have to go to cubic extensions (Williams 1978). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 20 / 36

Studying quadratic extensions mod n Lucas-Lehmer Test This is a test specialized for Mersenne primes M k = 2 k 1. Theorem (Lucas-Lehmer, 1930) M k is prime iff (2 + 3) M k +1 2 = 1 in Z n [ 3]. This yields a deterministic polynomial time primality test for Mersenne primes. Generalization: Whenever (n + 1) has small prime factors one can test n for primality by working in Z n [ D] where ( D n ) = 1. More generalization: Whenever (n 2 ± n + 1) has small prime factors one can test n for primality. But then we have to go to cubic extensions (Williams 1978). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 20 / 36

Studying quadratic extensions mod n Lucas-Lehmer Test This is a test specialized for Mersenne primes M k = 2 k 1. Theorem (Lucas-Lehmer, 1930) M k is prime iff (2 + 3) M k +1 2 = 1 in Z n [ 3]. This yields a deterministic polynomial time primality test for Mersenne primes. Generalization: Whenever (n + 1) has small prime factors one can test n for primality by working in Z n [ D] where ( D n ) = 1. More generalization: Whenever (n 2 ± n + 1) has small prime factors one can test n for primality. But then we have to go to cubic extensions (Williams 1978). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 20 / 36

Outline Studying Elliptic Curves mod n 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 21 / 36

Studying Elliptic Curves mod n Elliptic Curve Based Tests An elliptic curve over Z n is the set of points: E a,b (Z n ) = { (x, y) Z 2 n y 2 = x 3 + ax + b } When n is prime: E a,b (Z n ) is an abelian group. #E a,b (Z n ) can be computed in deterministic polynomial time (Schoof 1985). When n is prime: number of points on a random elliptic curve is uniformly distributed in the interval [( n 1) 2, ( n + 1) 2 ] (Lenstra 1987). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 22 / 36

Studying Elliptic Curves mod n Elliptic Curve Based Tests An elliptic curve over Z n is the set of points: E a,b (Z n ) = { (x, y) Z 2 n y 2 = x 3 + ax + b } When n is prime: E a,b (Z n ) is an abelian group. #E a,b (Z n ) can be computed in deterministic polynomial time (Schoof 1985). When n is prime: number of points on a random elliptic curve is uniformly distributed in the interval [( n 1) 2, ( n + 1) 2 ] (Lenstra 1987). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 22 / 36

Studying Elliptic Curves mod n Elliptic Curve Based Tests An elliptic curve over Z n is the set of points: E a,b (Z n ) = { (x, y) Z 2 n y 2 = x 3 + ax + b } When n is prime: E a,b (Z n ) is an abelian group. #E a,b (Z n ) can be computed in deterministic polynomial time (Schoof 1985). When n is prime: number of points on a random elliptic curve is uniformly distributed in the interval [( n 1) 2, ( n + 1) 2 ] (Lenstra 1987). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 22 / 36

Studying Elliptic Curves mod n Elliptic Curve Based Tests An elliptic curve over Z n is the set of points: E a,b (Z n ) = { (x, y) Z 2 n y 2 = x 3 + ax + b } When n is prime: E a,b (Z n ) is an abelian group. #E a,b (Z n ) can be computed in deterministic polynomial time (Schoof 1985). When n is prime: number of points on a random elliptic curve is uniformly distributed in the interval [( n 1) 2, ( n + 1) 2 ] (Lenstra 1987). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 22 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test 1 Pick a random elliptic curve E over Z n and a random point A E. 2 Compute #E(Z n ). If #E(Z n ) is odd then output COMPOSITE. 3 Let #E(Z n ) =: 2q. Prove the primality of q recursively. 4 If q is prime and q A = O then output PRIME else output COMPOSITE. Proof of Correctness: Firstly, note that conjecturally there are many numbers between [( n 1) 2, ( n + 1) 2 ] that are twice a prime and for a random E, #E(Z n ) will hit such numbers whp when n is prime. Suppose n is composite with a prime factor p n but the Step 4 condition holds. Since #E(Z p ) (p + 1 + 2 p) < n+1 2 n 2 q we get that: q is prime and q A = O A = O in E(Z p ) Thus, A will factor n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 23 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test This is the first randomized test that never errs when n is composite (1986). Time complexity (Atkin-Morain 1993): O (log 4 n). But its proof [ assumed a conjecture about the density of primes in the ] interval n+1 2 n 2, n+1+2 n 2. Currently, it is not even known if there is always a prime between m 2 and (m + 1) 2 (Legendre s conjecture). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 24 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test This is the first randomized test that never errs when n is composite (1986). Time complexity (Atkin-Morain 1993): O (log 4 n). But its proof [ assumed a conjecture about the density of primes in the ] interval n+1 2 n 2, n+1+2 n 2. Currently, it is not even known if there is always a prime between m 2 and (m + 1) 2 (Legendre s conjecture). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 24 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test This is the first randomized test that never errs when n is composite (1986). Time complexity (Atkin-Morain 1993): O (log 4 n). But its proof [ assumed a conjecture about the density of primes in the ] interval n+1 2 n 2, n+1+2 n 2. Currently, it is not even known if there is always a prime between m 2 and (m + 1) 2 (Legendre s conjecture). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 24 / 36

Studying Elliptic Curves mod n Goldwasser-Kilian Test This is the first randomized test that never errs when n is composite (1986). Time complexity (Atkin-Morain 1993): O (log 4 n). But its proof [ assumed a conjecture about the density of primes in the ] interval n+1 2 n 2, n+1+2 n 2. Currently, it is not even known if there is always a prime between m 2 and (m + 1) 2 (Legendre s conjecture). Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 24 / 36

Studying Elliptic Curves mod n Adleman-Huang Test Using hyperelliptic curves they made Goldwasser-Kilian test unconditional (1992). Time complexity: O(log c n) where c > 30! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 25 / 36

Studying Elliptic Curves mod n Adleman-Huang Test Using hyperelliptic curves they made Goldwasser-Kilian test unconditional (1992). Time complexity: O(log c n) where c > 30! Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 25 / 36

Outline Studying Cyclotomic Extensions mod n 1 The Problem 2 The High School Method 3 Advanced Methods 4 Studying Integers modulo n 5 Studying quadratic extensions mod n 6 Studying Elliptic Curves mod n 7 Studying Cyclotomic Extensions mod n 8 Questions Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 26 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Adleman-Pomerance-Rumeli Test Recall how Lucas-Lehmer-Williams tested n for primality when (n 1), (n + 1), (n 2 n + 1) or (n 2 + n + 1) was smooth. What can we do when (n m 1) is smooth? Maybe go to some m-th extension of Z n? This question inspired the APR test (1980). Speeded up by Cohen and Lenstra (1981). Deterministic algorithm with time complexity log O(log log log n) n. Is conceptually the most complex algorithm of all. Attempts to find a prime factor of n using higher reciprocity laws in cyclotomic extensions of Z n. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 27 / 36

Studying Cyclotomic Extensions mod n Agrawal-Kayal-S (AKS) Test Theorem (A Generalization of FLT) If n is a prime then for all a Z n, (x + a) n = (x n + a) (mod n, x r 1). This was the basis of the AKS test proposed in 2002. It was the first unconditional, deterministic and polynomial time primality test. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 28 / 36

Studying Cyclotomic Extensions mod n Agrawal-Kayal-S (AKS) Test Theorem (A Generalization of FLT) If n is a prime then for all a Z n, (x + a) n = (x n + a) (mod n, x r 1). This was the basis of the AKS test proposed in 2002. It was the first unconditional, deterministic and polynomial time primality test. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 28 / 36

Studying Cyclotomic Extensions mod n Agrawal-Kayal-S (AKS) Test Theorem (A Generalization of FLT) If n is a prime then for all a Z n, (x + a) n = (x n + a) (mod n, x r 1). This was the basis of the AKS test proposed in 2002. It was the first unconditional, deterministic and polynomial time primality test. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 28 / 36

Studying Cyclotomic Extensions mod n AKS Test 1 If n is a prime power, it is composite. 2 Select an r such that ord r (n) > 4 log 2 n and work in the ring R := Z n [x]/(x r 1). 3 For each a, 1 a l := 2 r log n, check if (x + a) n = (x n + a). 4 If yes then n is prime else composite. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 29 / 36

Studying Cyclotomic Extensions mod n AKS Test 1 If n is a prime power, it is composite. 2 Select an r such that ord r (n) > 4 log 2 n and work in the ring R := Z n [x]/(x r 1). 3 For each a, 1 a l := 2 r log n, check if (x + a) n = (x n + a). 4 If yes then n is prime else composite. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 29 / 36

Studying Cyclotomic Extensions mod n AKS Test 1 If n is a prime power, it is composite. 2 Select an r such that ord r (n) > 4 log 2 n and work in the ring R := Z n [x]/(x r 1). 3 For each a, 1 a l := 2 r log n, check if (x + a) n = (x n + a). 4 If yes then n is prime else composite. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 29 / 36

Studying Cyclotomic Extensions mod n AKS Test 1 If n is a prime power, it is composite. 2 Select an r such that ord r (n) > 4 log 2 n and work in the ring R := Z n [x]/(x r 1). 3 For each a, 1 a l := 2 r log n, check if (x + a) n = (x n + a). 4 If yes then n is prime else composite. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 29 / 36

Studying Cyclotomic Extensions mod n AKS Test: The Proof Suppose all the congruences hold and p is a prime factor of n. The group I := n, p (mod r). t := #I ord r (n) 4 log 2 n. The group J := (x + 1),..., (x + l) (mod p, h(x)) where h(x) is an irreducible factor of xr 1 x 1 modulo p. #J 2 min{t,l} > 2 2 t log n n 2 t. Proof: Let f (x), g(x) be two different products of (x + a) s, having degree < t. Suppose f (x) = g(x) (mod p, h(x)). The test tells us that f (x ni p j ) = g(x ni p j ) (mod p, h(x)). But this means that f (z) g(z) has atleast t roots in the field F p [x]/(h(x)), which is a contradiction. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 30 / 36

Studying Cyclotomic Extensions mod n AKS Test: The Proof Suppose all the congruences hold and p is a prime factor of n. The group I := n, p (mod r). t := #I ord r (n) 4 log 2 n. The group J := (x + 1),..., (x + l) (mod p, h(x)) where h(x) is an irreducible factor of xr 1 x 1 modulo p. #J 2 min{t,l} > 2 2 t log n n 2 t. Proof: Let f (x), g(x) be two different products of (x + a) s, having degree < t. Suppose f (x) = g(x) (mod p, h(x)). The test tells us that f (x ni p j ) = g(x ni p j ) (mod p, h(x)). But this means that f (z) g(z) has atleast t roots in the field F p [x]/(h(x)), which is a contradiction. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 30 / 36

Studying Cyclotomic Extensions mod n AKS Test: The Proof Suppose all the congruences hold and p is a prime factor of n. The group I := n, p (mod r). t := #I ord r (n) 4 log 2 n. The group J := (x + 1),..., (x + l) (mod p, h(x)) where h(x) is an irreducible factor of xr 1 x 1 modulo p. #J 2 min{t,l} > 2 2 t log n n 2 t. Proof: Let f (x), g(x) be two different products of (x + a) s, having degree < t. Suppose f (x) = g(x) (mod p, h(x)). The test tells us that f (x ni p j ) = g(x ni p j ) (mod p, h(x)). But this means that f (z) g(z) has atleast t roots in the field F p [x]/(h(x)), which is a contradiction. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 30 / 36

Studying Cyclotomic Extensions mod n AKS Test: The Proof Suppose all the congruences hold and p is a prime factor of n. The group I := n, p (mod r). t := #I ord r (n) 4 log 2 n. The group J := (x + 1),..., (x + l) (mod p, h(x)) where h(x) is an irreducible factor of xr 1 x 1 modulo p. #J 2 min{t,l} > 2 2 t log n n 2 t. Proof: Let f (x), g(x) be two different products of (x + a) s, having degree < t. Suppose f (x) = g(x) (mod p, h(x)). The test tells us that f (x ni p j ) = g(x ni p j ) (mod p, h(x)). But this means that f (z) g(z) has atleast t roots in the field F p [x]/(h(x)), which is a contradiction. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 30 / 36

Studying Cyclotomic Extensions mod n AKS Test: The Proof Suppose all the congruences hold and p is a prime factor of n. The group I := n, p (mod r). t := #I ord r (n) 4 log 2 n. The group J := (x + 1),..., (x + l) (mod p, h(x)) where h(x) is an irreducible factor of xr 1 x 1 modulo p. #J 2 min{t,l} > 2 2 t log n n 2 t. Proof: Let f (x), g(x) be two different products of (x + a) s, having degree < t. Suppose f (x) = g(x) (mod p, h(x)). The test tells us that f (x ni p j ) = g(x ni p j ) (mod p, h(x)). But this means that f (z) g(z) has atleast t roots in the field F p [x]/(h(x)), which is a contradiction. Nitin Saxena (CWI, Amsterdam) Is n a prime number? Turku, May 2007 30 / 36

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information