Primality Testing

1
Primality Testing
Is a given odd integer prime or composite ? No
known algorithm can solve this problem with
certainty in a reasonable time when the number
has more than a few hundred decimal digits.
2
1640 Fermats Little theorem Let n be prime then
a n-1 mod n 1
Is n prime?
Contrapositive if n and a are integers if
an-1 mod n ! 1 then n is NOT prime. Fermat
hypothesises that
is prime for all n. F03, F15, F217, . . .
F465537, F54,294,967,297
3
About one century later Euler factored F5 641 x
6,700,417 can be proof easily by
By expo squaring 32 times F5-1 232
4
Fermat(n) a uniform(1..n-1) if expomod(a, n-1,
n) 1 then return true else return
false
If FALSE n is definitely composite but no clue to
how to factor it. Factorization is much harder
than primality testing.
5
P-correct
The algorithm return a correct answer with
probability at least p on every instance. Error
probability when k successive calls each return
the wrong answer is at most (1- p)k
6
What if Fermat() return TRUE ? Need the converse
of Fermat theorem an-1 mod n ! 1 when n is
composite a 1.. n-1 This is not the case 1n-1
mod n 1 for all n gt 2 and (n-1)n-1 mod n
1 for all odd n gt 3
7
False witness
414 mod 15 1 15 is composite This is called
false witness. Fermat() a2..n-2, fails on
false witness False witness is few. Fermat test
on odd composite number smaller than 1000 is less
than 3.3 (even smaller for larger number)
8
BUT There are composite numbers that admit a
significant proportion of false witness. 561
admits 318 false witness! For any del gt 0 there
are infinitely many composites for which Fermat
test discovers with probability less than del. In
other words, Fermat test is not p-correct for any
p gt 0. Cannot reduce error probability by
repeating call to Fermat().
9
Modified Fermat test n is odd integer gt 4 s, t
integer which n-1 2s t t is odd note
s gt 0 since n-1 is even. Let B(n) a set of
integers define by
iff a 2.. n-2 at mod n 1 or i0..s such
that mod n n-1
10
Given n is odd a2..n-2 call on Btest(a,n)
return TRUE for a in B(n).
11
Btest(a,n) s 0 t n-1 repeat s s1 t t
div 2 until t mod 2 1 x expomod(a, t, n) if x
1 or x n-1 then return TRUE for i 1 to s-1
do x x2 mod n if x n-1 then return
TRUE return FALSE
12
Example 158 in B(289) set s 5, t 9, n-1
288 25 x 9 at mod n 1589 mod 289
131 successive square x mod n up to s-1 times a2t
mod n 1312 mod 289 110 a4t mod n 1102 mod
289 251 a8t mod n 2512 mod 289 288
13
Extension to Fermat test a in B(n) a 2.. n-2
when n is prime Strong false witness n is a
strong pseudo prime to the base a. a is strong
false witness of primality test for n , n gt 4,
when n is odd composite and a in B(n) 158 is
a strong false witness of 289. 289172 Strong
false witness is much rarer than false witness.
14
Every odd composite integer 5 .. 1013 fails to be
a strong pseudo prime to at least on of the bases
2, 3, 5, 7, 61. Five calls on Btest() are
sufficient to decide deterministically on the
primality of any integer up to 1013
MillerRabin(n) // n gt 4 is odd a
uniform(2.. n-2) return Btest(a,n)
15
Btest() always return true when n is prime, n gt 4
, a 2.. n-2, and return false with prob. gt 3/4
when n is a composite odd. MillerRabin() is Monte
Carlo algorithm 3/4-correct for primality
testing. MillerRabin() has at most prob 1/4 of
hitting a strong false witness. Call k times
the prob of hitting strong false witness
consecutively for k times is 4-k . k 10, the
error will be less than one in a million.
16
Analysis of running time of MillerRabin()
4-k lt e 22k gt 1/e k ceil(1/2 lg 1/e)
Btest(a,n) s 0 t n-1 repeat s s1 t t
div 2 until t mod 2 1 x expomod(a, t, n) if x
1 or x n-1 then return TRUE for i 1 to s-1
do x x2 mod n if x n-1 then return
TRUE return FALSE
O(log t)
Squaring O(log n) times each takes O(log3 n ) Tn
in O(log3 n lg 1/e)