Deciding Primality is in P

1
Deciding Primality is in P

• M. Agrawal, N. Kayal, N. SaxenaPresentation by
  Adi Akavia

2
Background

• Sieve of Eratosthenes 240BC -??(n)
• Fermats Little Theorem (17th century)
• p is prime, a?0 (mod p) ? ap-1?1 (mod p)
• (The converse does not hold Carmichael numbers)
• Polynomial-time algorithms
• Miller 76 deterministic, assuming Extended
  Riemann Hypothesis.
• Solovay, Strassen 77 Rabin 80 unconditional,
  but randomized.
• Goldwasser, Kilian 86 randomized produces
  certificate for primality! (for almost all
  numbers)
• Atkin 86 Adelman Huang 92 primality
  certificate for all numbers.
• Adelman, Pomerance, Rumely 83 deterministic
  (log n)O(log log log n)-time.

3
This Paper

• unconditional, deterministic, polynomial
• Def (Sophie-Germain primes) primes (p-1)/2 s.t.
  p is also prime.
• Def r is special with respect to n if
• r is prime,
• r-1 has a large prime factor q ?(r2/3) , and
• qOr(n).
• Tools
• simple algebra
• High density conjecture for primes p s.t.
  (p-1)/2 is Sophie-Germain

Def order n mod r, denoted Or(n), is the
smallest power t s.t. nt?? 1 (mod r).

• High density Thm for primes p s.t. p-1 has a
  large (?(r2/3)) prime factor. Fou85, BH96

4
This Paper

• unconditional, deterministic, polynomial
• Def (Sophie-Germain primes) primes (p-1)/2 s.t.
  p is also prime.
• Def r is almost Sophie-Germain (ASG) if
• r is prime,
• r-1 has a large prime factor q ?(r2/3)
• Tools
• simple algebra
• High density conjecture for primes p s.t.
  (p-1)/2 is Sophie-Germain

• High density Thm for primes p that are almost
  Sophie-Germain. Fou85, BH96

5
Basic Idea

• Fact For any a s.t (a,n)?1
• n is prime ? (x-a)n?xn-a (mod n)
• n is composite ? (x-a)n?xn-a (mod n)
• Naive algo Pick an arbitrary a, check if
  (x-a)n?xn-a (mod n)
• Problem time complexity - ?(n).

6
Basic Idea

• Idea Pick an arbitrary a, and some polynomial
  xr-1, with r poly log n, check if (x-a)n?xn-a
  (mod xr-1, n)
• time complexity poly(r)
• n is prime ? (x-a)n?xn-a (mod xr-1, n)
• n is composite ????? (x-a)n?xn-a (mod xr-1, n)

Not true for some (few) values of a,r !
7
Improved Idea

• Improved Idea Pick many (poly log n) as, check
  for all of them if (x-a)n?xn-a (mod xr-1,
  n)Accept if equality holds for all as

8
Algebraic Background Extension Field

• Def Consider fields F, E. E is an extension of
  F, if F is a subfield of E.
• Def Galois field GF(pk) (p prime) is the unique
  (up to isomorphism) finite field containing pk
  elements. (The cardinality of any finite fields
  is a prime-power.)
• Def A polynomial f(x) is called irreducible in
  GF(p) if it does not factor over GF(p)

9
Multiplicative Group

• Def GF(pk) is the multiplicative group of the
  Galois Field GF(pk), that is, GF(pk)
  GF(pk)\0.
• Thm GF(pk) is cyclic, thus it has a generator
  g

10
Constructing Galois Fields

• Def Fp denotes a finite field of p elements (p
  is prime).
• Def Let f(x) be a k-degree polynomial.
• Def Let Fpx/f(x) be the set of k-1-degree
  polynomials over Fp, with addition and
  multiplication modulo f(x).
• Thm If f(x) is irreducible over GF(p), then
  GF(pk)??Fpx/f(x).

11
Fpx/f(x) - Example

• Let the irreducible polynomial f(x) be
• Represent polynomials as vectors (k-1 degree
  polynomial ? vector of k coefficient)
• Addition

12
Fpx/f(x) - Example

• Multiplication
• First, multiply mod p
• Next, apply mod f(x)

13
The Algorithm

• Def r is special if
• r is Almost Sophie-Germain, and
• qOr(n) (where q is the large prime factor of
  r-1).

• Input integer n
• Find r ? O(log6n), s.t. r is special,
• Let l 2r1/2log n.
• For t2,,l, if tn output COMPOSITE
• If n is (prime) power -- npk, for kgt1 output
  COMPOSITE .
• For a 1,,l, if (x-a)n ? xn-a (mod xr-1, n),
  output COMPOSITE .
• Otherwise output PRIME.

14
Proofs Structure

1. Find r ? O(log6n), s.t. r is special,
2. Let l 2r1/2log n.
3. For t2,,l, if tn output COMPOSITE
4. If n is a prime power, i.e. npk, for some prime
   p, output COMPOSITE .
5. For a 1,,l, if (x-a)n ? xn-a (mod xr-1, n),
   output COMPOSITE .
6. Otherwise output PRIME.

• Saw primality test.
• We next show
• Special r ? O(log6n) exists.
• For such r if n is composite s.t. n passes
  steps (3) and (4), then ?a?1..l s.t. (x-a)n ?
  xn-a (mod xr-1, n)(hence, returns COMPOSITE at
  step (5))

15
Finding Suitable r

1. Find r ? O(log6n), s.t. r is special,
2. Let l 2r1/2log n.
3. For t2,,l, if tn output COMPOSITE
4. If n is a prime power, i.e. npk, for some prime
   p, output COMPOSITE .
5. For a 1,,l, if (x-a)n ? xn-a (mod xr-1, n),
   output COMPOSITE .
6. Otherwise output PRIME.

• Elaborating on step (1)
• while r lt c log6n
• if r is prime
• let q be the largest prime factor of r-1
• if (q?4r1/2log n) and (n(r-1)/q ? 1 (mod
  r)) break
• r?r1
• Complexity O(log6n) iterations, each taking
  O(r1/2 poly log r), hence total poly log n.

• when break is reached r is prime, q is
  large, and qOr(n)

16
Lemma Special r ? O(log6n) s.t. qOr(n) exists.

• Proof
• let ?,?O(log6n), consider the interval ?..?.
• special numbers are dense in ?..?
• there are only few primes r??..? s.t Or(n) lt
  ?1/3.
• Hence, by counting argument, exists a special
  r??..? s.t. Or(n) gt ?1/3.
• Moreover, Or(n) gt ?1/3 ?? q Or(n).
• Therefore, exists a special r??..? s.t. qOr(n).

special??..? ? special?1..? -
primes?1..? ??(log6n / loglog n) (using
density of special numbers, and lower bound on
density of primes)
Or(n) lt ?1/3 ? r ?(n-1)(n2-1)...(n?1/3-1).Ho
wever, ? has no more than ?2/3log n prime divisors
assume q doesnt divide Or(n), then n(r-1)/q ?
1, therefore Or(n)?(r-1)/q. However (r-1)/q lt
?1/3 -- a contradiction.
17
Lemma Special r ? O(log6n) exists.

• Proof
• let ?,?O(log6n), consider the interval ?..?.
• ASG numbers are dense in ?..?
• there are only few primes r??..? s.t Or(n) lt
  ?1/3.
• Hence, by counting argument, exists a ASG
  r??..? s.t. Or(n) gt ?1/3.
• Moreover, Or(n) gt ?1/3 ?? q Or(n).
• Therefore, exists a special r??..?.

ASG??..? ? ASG?1..? - primes?1..?
??(log6n / loglog n) (using density of ASG
numbers, and upper bound on density of primes)
Or(n) lt ?1/3 ? r ?(n-1)(n2-1)...(n?1/3-1).Ho
wever, ? has no more than ?2/3log n prime divisors
assume q doesnt divide Or(n), then n(r-1)/q ?
1, therefore Or(n)?(r-1)/q. However (r-1)/q lt
?1/3 -- a contradiction.
18
Correctness Proof

1. Find r ? O(log6n), s.t. r is special,
2. Let l 2r1/2log n.
3. For t2,,l, if tn output COMPOSITE
4. If n is a prime power, i.e. npk, for some prime
   p, output COMPOSITE .
5. For a 1,,l, if (x-a)n ? xn-a (mod xr-1, n),
   output COMPOSITE .
6. Otherwise output PRIME.

• Lemma n is composite ? step (5) returns
  composite. That is,
• If n is composite, and
• n has no factor t ? l, and
• n is not a prime-power
• then ?a?1..l s.t. (x-a)n ? xn-a (mod xr-1, n)

19
Proof

• Let p be a prime factor of n, and let h(x) be an
  irreducible factor of xr-1,
• It suffices to show inequality (mod h(x), p)
  instead of (mod xr-1, n), i.e. ?a?1..l s.t.
  (x-a)n ? xn-a (mod h(x), p)
• Choose p and h(x) s.t.
• qOr(p), and
• deg(h(x)) Or(p)

Such p exists Let np1p2pk, thenOr(n)
lcmOr(pi).Therefore qOr(n) ???i qOr(pi)
(as q is prime) Such h exists by previous claim.
20
Proof

• Assume by contradiction that n is composite, and
  passes all the tests, i.e.
• n has no small factor, and
• n is not a prime-power, and
• ? a?1..l (x-a)n ? xn-a (mod h(x), p),

21
Proof

• Consider the group generated by (x-a)a?1..l
  (mod h(x), p), i.e.
• Note ?f(x)?G, f(x)n ? f(xn)
• Let I m ?f?G, f(x)m ? f(xm) .
• Lemma I is multiplicative, i.e. u,v?I? uv?I.
• Proof xr-1xvr-1, therefore
• hence

22
Proof - n?I ? I is large

• Prop ?(i,j)?(i,j) nipj ? nipj (since n ? pk)
• Lemma ??, if ?u,v?I s.t. ?(i,j)?(i,j)
  uivj?uivj, then I?? u?v? gt ?2.
• Corollary ??, n?I ? I?? u?v? gt ?2. Proof
  p?I.
• However, Lemma
• Corollary n?I ? I?? G gt r.

(?1)2 different pairs (i,j), each give a
distinct value
23
Irreducible Factors of (xr-1)/(x-1)

• Def Let h(x) denote any irreducible factor of
  (xr-1)/(x-1), and d deg(h(x))
• Claim h(x), dOr(p)
• Proof Denote kOr(p). Note Fpx/h(x) is of size
  pd, therefore Fpx/h(x) is cyclic of order
  pd-1.
• kd xr?1 (mod h(x)), hence Oh(x)(x) is r,
  therefore rpd-1, i.e., pd ?1 (mod r), and hence
  kd (recall dOr(p)).
• dk let g be a generator, then hence pd-1
  pk-1. and therefore dk.

Recall, if r is special with respect to n, then
r-1 has a large prime factor q, s.t.
qOr(n). Choose p s.t. qOr(p) (exists). Then d
is large.
24
Proof I is small

• Lemma Let m1, m2? I, then m1 ? m2 (mod G) ?
  m1 ? m2 (mod r)
• Lemma(I is small) I ? G ? r
• Proof
• Each two elements in I ? G are different
  mod G.
• Therefore they are different mod r.
• Hence I ? G ? r.
• Contradiction!

25
The End
26
Proof - G is large, Cont.
This is the reason for seeking a large q s.t.
qOr(n)

• Hence,
• Prop d ? 2l
• Proof Recall dOr(p) and qOr(p), hence d ? q ?
  2l (recall q?4r1/2log n, l2r1/2log n)
• Hence