PRI MES is in P Manindra Agrawal Neeraj Kayal Nit in Saxena Dept - PowerPoint PPT Presentation

PRI MES is in P Manindra Agrawal Neeraj Kayal Nit in Saxena Dept of CSE, I I T Kanpur

The Problem • Given number n, t est if it is prime ef f icient ly. Ef f icient ly = in t ime a polynomial in number of digit s = (log n ) c f or some const ant c PRI MES = set of all prime numbers

The Trial Division Met hod Try dividing by all numbers up t o n 1/ 2 . – Already known since ~230 BC (Sieve of Erat ost henes) – t akes exponent ial t ime: Ω (n 1/ 2 ). – Also produces a f act or of n when it is composit e.

Fermat ’s Lit t le Theorem if n is prime t hen f or any a: a n = a (mod n). • I t is easy t o check: – Comput e a 2 , squar e it t o a 4 , square it t o a 8 , … – Needs only O(log n) mult iplicat ions.

A Pot ent ial Test • For a “f ew” a’s t est if a n = a (mod n); • if yes, out put PRI ME else out put COMPOSI TE. – This f ails! – For n = 561 = 3 * 11 * 17, all a’s sat isf y t he equat ion!!

PRI MES in NP ∩ coNP • A t rivial algorit hm shows t hat t he problem is in coNP: guess a f act or of n and verif y it . • I n 1974, Vaughan Prat t designed an NP algorit hm f or t est ing primalit y.

PRI MES in P (condit ionally) • I n 1973, Miller designed a t est based on Fermat ’s Lit t le Theorem: – I t was ef f icient : O(log 4 n) st eps – I t was correct assuming Ext ended Riemann Hypot hesis.

PRI MES in coRP • Soon af t er, Rabin modif ied Miller’s algorit hm t o obt ain an uncondit ional but randomized polynomial t ime algorit hm. – This algorit hm might give a wrong answer wit h a small probabilit y when n is composit e. • Solovay-St rassen gave anot her algorit hm wit h similar propert ies.

PRI MES in P (almost ) • I n 1983, Adleman, Pomerance, and Rumely gave a det erminist ic algorit hm running in t ime (log n) c log log log n .

PRI MES in RP • I n 1986, Goldwasser and Kilian gave a randomized algorit hm t hat – works almost always in polynomial t ime – errs only on primes. • I n 1992, Adleman and Huang improved t his t o an algorit hm t hat is always polynomial t ime.

Our Cont ribut ion We provide t he f irst det erminist ic and uncondit ional polynomial-t ime algorit hm f or primalit y t est ing.

Main I dea • Generalize Fermat ’s Lit t le Theorem: – Ring Z n do not seem t o have nice st ruct ure t o exploit . – So ext end t he ring t o a larger ring in t he hope f or more st ruct ure. • Consider polynomials modulo n and X r – 1, or t he ring Z n [X]/ (X r -1).

Generalized FLT I f n is prime t hen f or any a: (X + a) n = X n + a (mod n, X r -1). • Pot ent ial t est : f or a “small” r and a “f ew” a’s, t est t he above equat ion.

I t Works (Almost )! • We prove: I f (X + a) n = X n + a (mod n, X r -1) a <2 √ r log n f or every 0 < and f or suit ably chosen “small” r t hen n is a prime power

The Algorit hm • I nput n. 1. Out put COMPOSI TE if n = m k , k > 1. 2. Find t he smallest number r such t hat 4 (log n) 2 . O r (n) > O r (n) = order of n modulo r. 3. I f any number < r divides n, out put PRI ME/ COMPOSI TE appropriat ely. 4. For ever y a ≤ 2 √ r log n: I f (X+a) n ≠ X n + a (mod n, X r – 1) t hen out put – COMPOSI TE. 5. Out put PRI ME.

Correct ness • I f t he algorit hm out put s COMPOSI TE, n must be composit e: – COMPOSI TE in st ep 1 ⇒ n = m k , k > 1. – COMPOSI TE in st ep 3 ⇒ a number < r divides n. – COMPOSI TE in st ep 4 ⇒ (X+a) n ≠ X n + a (mod n, X r -1) f or some a. • I f t he algorit hm out put s PRI ME in st ep 3, n is a prime number < r.

When Algorit hm Out put s PRI ME in St ep 5 • Then (X+a) n = X n + a (mod n, X r -1) f or a ≤ 2 √ r log n. 0 < • Let prime p | n. • Clearly, (X+a) n = X n + a (mod p, X r -1) a ≤ 2 √ r log n. t oo f or 0 < • And of course, (X+a) p = X p + a (mod p, X r -1) (according t o generalized FLT)

I nt rospect ive Numbers • We call any number m such t hat g(X) m = g(X m ) (mod p, X r -1) an int rospect ive number f or g(X). • So, 1, p and n are int rospect ive a ≤ 2 √ r log n. numbers f or X+a f or 0 <

I nt rospect ive Numbers Are Closed Under * Lemma: I f s and t are int rospect ive f or g(X), so is s * t . Proof : g(X) st = g(X s ) t (mod p, X r – 1), and g (X s ) t = g (X st ) (mod p, X sr – 1) = g(X st ) (mod p, X r – 1).

So There Are Lot s of Them! • Let I = { n i * p j | i, j ≥ 0}. • Every m in I is int rospect ive f or X+a a ≤ 2 √ r log n. f or 0 <

I nt rospect ive Numbers Are Also For Product s Lemma: I f m is int rospect ive f or bot h g(X) and h(X), t hen it is also f or g(X) * h(X). Proof : (g(X) * h(X)) m = g(X) m * h(X) m = g(X m ) * h(X m ) (mod p, X r -1)

So I nt rospect ive Numbers Are For Lot s of Product s! • Let Q = { ∏ a=1, 2 √ r logn (X + a) ea | e a ≥ 0}. • Every m in I is int rospect ive f or every g(X) in Q! • So t here are lot s of int rospect ive numbers f or lot s of polynomials.

More Specif ically … • Let t = O r (n,p) ≥ O r (n) > 4 (log n) 2 . • There ar e > t int rospect ive numbers in I , wit h each such number ≤ n 2 √ t : – Consider all numbers n i * p j f or 0 ≤ i,j ≤ √ t . • There ar e >n 2 √ t polynomials in Q of degree < t : – Consider all dist inct product s of subset s of X+a 4 (log n) 2 . and use t he f act t hat t >

That is I mpossible! • We can prove t hat it is not possible… • So eit her: There are > t int rospect ive numbers in I , wit h each such number ≤ n 2 √ t Two of t hese numbers are equal

• Or: There are >n 2 √ t polynomials in Q of degree < t Two of t hese polynomials are equal

• But t wo dif f erent polynomials can not be equal. • So n i * p j = n k * p l f or some i, j , k, and l. • This implies n = p a f or some a.

Finit e Fields Fact s • Let h(X) be an irreducible divisor of r t h cyclot omic polynomial Q r (X) in t he F p [X]: – Q r (X) divides X r -1. – Polynomials modulo p and h(X) f orm a f ield, say F. – X i ≠ X j in F f or 0 ≤ i ≠ j < r.

A Fundament al Propert y of Fields • For any f ield F and any polynomial P(Y) of degree k over F, P(Y) has at most k root s in F.

Moving t o Field F • Since h(X) divides X r -1, equat ions f or int rospect ive numbers cont inue t o hold in F. • We now argue over F.

Q has a large image in F • Q has more t han n 2 √ t polynomials of degree < t . • All t hese polynomials are dist inct in F: – Let f (X) and g(X) be t wo such polys. – I f f (X) = g(X) in t he f ield F t hen • For every m in I , f (X m ) = f (X) m = g(X) m = g(X m ) in F. • So polynomial P(Y) = f (Y) – g(Y) has t root s. • Cont radict ion since degree of P(Y) is < t .

I mpossibilit y Proof • There must be i, j , k, l such t hat n i * p j (= s) = n k * p l (= s’) (mod r) – Because O r (n,p) = t and t here are > t such product s. • Let g(X) be any polynomial in Q. • Then modulo (p, X r -1): g(X) s = g(X s ) [since s is int rospect ive] = g(X s’ ) [since s = s’ (mod r)] = g(X) s’ [since s’ is int rospect ive]

I mpossibilit y Proof Cont d. • Theref ore, g(X) is a root of t he polynomial P(Y) = Y s – Y s’ in t he f ield F. • Since s ≠ s’, it will have at most max{s,s’} ≤ n 2 √ t root s in F. • Cont radict ion since Q has more t han n 2 √ t polynomials in t he f ield F.

The Choice of r 4 (log n) 2 . • We need r such t hat O r (n) > • Any r such t hat O r (n) ≤ 4 (log n) 2 must divide ∏ k=1, 4 log2n (n k -1) < n 16 log4n = 2 16 log5n . • LCM of f ir st m numbers is at least 2 m (f or m > 7). • Theref ore, t here must exist an r t hat we desire ≤ 16 (log n) 5 + 1.

Remarks • Our algorit hm is impract ical – it s running t ime is O ~ (log 10.5 n) provably and O ~ (log 6 n) heurist ically. • To make it pract ical, one needs t o bring t he exponent down t o 4 or less. • As of now, best known running t ime is O ~ (log 6 n).

Furt her I mprovement ? • Conj ect ure: I f n 2 ≠ 1 (mod r) and (X- 1) n = X n –1 (mod n, X r – 1) t hen n must be a prime power. • Yields a O ~ (log 3 n) t ime algorit hm.