Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Lecture 2
Document related concepts
Transcript
Remarks
The Rabin-Miller test
The AKS test
Factoring and primality testing II
Pierre Arnoux
Dhulikel, July 29, 2010
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
5
2
2 3 5
) ( 117 ) = ( 117
) = ( 117
Factor 2 again: −( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Effective computation of the Jacobi symbol
I
The Jacobi symbol ( na ) is defined using a factorisation of n.
I
But effective computation does not need this factorization!
I
Example: compute ( 7411
9283 )
I
Both numbers are congruent to 3 mod 4, hence
9283
1872
( 7411
9283 ) = −( 7411 ) = −( 7411 )
I
We factor out 2: since 1872 = 16 × 117 we obtain
2 4 117
117
40
−( 7411
) ( 7411 ) = −( 7411
) = −( 7411
117 ) = −( 117 )
I
2 3 5
5
2
Factor 2 again: −( 117
) ( 117 ) = ( 117
) = ( 117
5 ) = ( 5 ) = −1.
I
9283 is a prime number; hence 7411 is not a square modulo
9283.
We see that, like Euclid’s algorithm, this does not need a
factorization.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic 2
I
Let Fq be a field of characteristic 2 (hence q = 2n )
I
Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2
I
The map a 7→ a2 is an automorphism.
I
Hence every number has exactly one square root (and the
unique root of 1 is 1 = −1)
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic 2
I
Let Fq be a field of characteristic 2 (hence q = 2n )
I
Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2
I
The map a 7→ a2 is an automorphism.
I
Hence every number has exactly one square root (and the
unique root of 1 is 1 = −1)
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic 2
I
Let Fq be a field of characteristic 2 (hence q = 2n )
I
Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2
I
The map a 7→ a2 is an automorphism.
I
Hence every number has exactly one square root (and the
unique root of 1 is 1 = −1)
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic 2
I
Let Fq be a field of characteristic 2 (hence q = 2n )
I
Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2
I
The map a 7→ a2 is an automorphism.
I
Hence every number has exactly one square root (and the
unique root of 1 is 1 = −1)
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4
I
F4 has 4 elements: {0, 1, a, b}
I
One easily checks that 1 + a =??
I
And that a2 =??
I
Can you work out the answer?
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4
I
F4 has 4 elements: {0, 1, a, b}
I
One easily checks that 1 + a =??
I
And that a2 =??
I
Can you work out the answer?
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4
I
F4 has 4 elements: {0, 1, a, b}
I
One easily checks that 1 + a =??
I
And that a2 =??
I
Can you work out the answer?
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4
I
F4 has 4 elements: {0, 1, a, b}
I
One easily checks that 1 + a =??
I
And that a2 =??
I
Can you work out the answer?
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : addition
+
0
1
a
b
0 1 a b
0 1 a b
1 0
a
0
b
0
+
0
1
a
b
0
0
1
a
b
Pierre Arnoux
1
1
0
b
a
a
a
b
0
1
b
b
a
1
0
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : addition
+
0
1
a
b
0 1 a b
0 1 a b
1 0
a
0
b
0
+
0
1
a
b
0
0
1
a
b
Pierre Arnoux
1
1
0
b
a
a
a
b
0
1
b
b
a
1
0
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : multiplication
x
1
a
b
1 a b
1 a b
a
b
x
1
a
b
1
1
a
b
Pierre Arnoux
a
a
b
1
b
b
1
a
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : multiplication
x
1
a
b
1 a b
1 a b
a
b
x
1
a
b
1
1
a
b
Pierre Arnoux
a
a
b
1
b
b
1
a
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : tables
+
0
1
a
b
0
0
1
a
b
x
1
a
b
1
1
0
b
a
1
1
a
b
Pierre Arnoux
a
a
b
0
1
a
a
b
1
b
b
a
1
0
b
b
1
a
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
An example: F4 : tables
+
0
1
a
b
0
0
1
a
b
x
1
a
b
1
1
0
b
a
1
1
a
b
Pierre Arnoux
a
a
b
0
1
a
a
b
1
b
b
a
1
0
b
b
1
a
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
A model for F4
I
Consider the ring Z/2Z[X ]
I
Look for a polynomial of degree 2:
I
X 2 , X 2 + 1, X 2 + X , X 2 + X + 1
I
The first 3 have roots, hence they are reducible.
I
X 2 + X + 1 is irreducible.
I
Define K = Z/2Z[X ]/ < X 2 + X + 1 >
I
It has 4 elements: 0, 1, X , X + 1; this is F4 !
We have X 2 = X + 1 mod X 2 + X + 1
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Another model for F4
√
−1+i 3
2
∈C
I
Define j =
I
Consider the ring Z[j]
I
The set 2Z[j] is a maximum ideal.
I
The quotient Z[j]/2Z[j] is a field.
I
It has four elements : {0, 1, j, j 2 }
I
Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1
mod 2Z[j]
I
This is again F4
We can see here the multiplicative group as {1, j, j 2 }, and
understand the Frobenius map x 7→ x 2
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Computation of the Jacobi symbol
Finite fields and square roots
Finite fields of characteristic> 2
I
In Characteristic > 2, we have x 6= −x except if x = 0.
I
Hence we have 3 cases for square roots:
I
0 has one square root (itself)
I
Every other number has 0 (for half the cases) or 2 (for the
other half) square roots.
I
Square roots have unusual behaviour in characteristic 2: we
must always make a special case for 2 in the Jacobi symbol.
I
In particular, in characteristic > 2, 1 has exactly two square
roots: 1, −1.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Strong Pseudoprimes
√
1 = ±1 in Z/nZ.
I
If n is prime> 2,
I
2k t,
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j < k such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
the base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
Let n > 2; Compute n − 1 = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If no aik−1 is congruent to −1, n is composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur:
I
Manindra Agrawal
I
Neeraj Kayal
I
Nitin Saxena
I
This solves a long standing problem.
Their paper is easy to find on Internet, and very readable.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
A basic remark
I
Let a be prime with n.
I
Lemma
n is prime if and only if (X + a)n ≡ X n + a mod n
I
If n is prime, this is an exercise.
I
If n is composite, take a prime factor q and write n = tq k ,
with t coprime to q.
Then q k does not divide qn and is comprime to a, so the
coefficient of X q is not zero mod n.
I
I
This gives a primality test
I
But it is very inefficient (n coefficients to compute).
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (1)
I
We replace the congruence
mod X r − 1, n.
I
for a well chosen r
I
And we check the equality for the first values of a
I
We will show that this implies that n is a power of a prime
number.
Pierre Arnoux
mod n by a congruence
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (1)
I
We replace the congruence
mod X r − 1, n.
I
for a well chosen r
I
And we check the equality for the first values of a
I
We will show that this implies that n is a power of a prime
number.
Pierre Arnoux
mod n by a congruence
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (1)
I
We replace the congruence
mod X r − 1, n.
I
for a well chosen r
I
And we check the equality for the first values of a
I
We will show that this implies that n is a power of a prime
number.
Pierre Arnoux
mod n by a congruence
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (1)
I
We replace the congruence
mod X r − 1, n.
I
for a well chosen r
I
And we check the equality for the first values of a
I
We will show that this implies that n is a power of a prime
number.
Pierre Arnoux
mod n by a congruence
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (2)
I
We will see that the congruence (X + a)n ≡ X n + a
mod X r − 1, n
I
implies (X + a)n ≡ X n + a mod X r − 1, n
I
But since X r ≡ 1 mod X r − 1, n
I
We want many nk to be different
relations .
I
This implies that n has a high (multiplicative) order
k
k
Pierre Arnoux
mod r , to obtain many
Factoring and primality testing II
mod r
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (2)
I
We will see that the congruence (X + a)n ≡ X n + a
mod X r − 1, n
I
implies (X + a)n ≡ X n + a mod X r − 1, n
I
But since X r ≡ 1 mod X r − 1, n
I
We want many nk to be different
relations .
I
This implies that n has a high (multiplicative) order
k
k
Pierre Arnoux
mod r , to obtain many
Factoring and primality testing II
mod r
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (2)
I
We will see that the congruence (X + a)n ≡ X n + a
mod X r − 1, n
I
implies (X + a)n ≡ X n + a mod X r − 1, n
I
But since X r ≡ 1 mod X r − 1, n
I
We want many nk to be different
relations .
I
This implies that n has a high (multiplicative) order
k
k
Pierre Arnoux
mod r , to obtain many
Factoring and primality testing II
mod r
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (2)
I
We will see that the congruence (X + a)n ≡ X n + a
mod X r − 1, n
I
implies (X + a)n ≡ X n + a mod X r − 1, n
I
But since X r ≡ 1 mod X r − 1, n
I
We want many nk to be different
relations .
I
This implies that n has a high (multiplicative) order
k
k
Pierre Arnoux
mod r , to obtain many
Factoring and primality testing II
mod r
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The idea (2)
I
We will see that the congruence (X + a)n ≡ X n + a
mod X r − 1, n
I
implies (X + a)n ≡ X n + a mod X r − 1, n
I
But since X r ≡ 1 mod X r − 1, n
I
We want many nk to be different
relations .
I
This implies that n has a high (multiplicative) order
k
k
Pierre Arnoux
mod r , to obtain many
Factoring and primality testing II
mod r
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
This gives a deterministic algorithm for primality.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof I
I
One first proves that there exists r < log5 n such that the
order of n mod r is at least log2 n.
I
I
To do this, define B = dlog5 ne
Qblog2 nc
Set A = nblog Bc i=1 (ni − 1)
I
Consider the smallest integer r which does not divide A.
I
r must be prime with n.
I
r does not divide ni − 1 for i < log2 n, hence the order of n
mod r is at least log2 n
I
A (rather) simple computation proves that r ≤ B.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
Principle of the proof
I
I
We have found r . Suppose now that n is composite.
p
Let p be a prime factor of n, and let l = [ φ(r ) log n].
I
Consider the set G of elements k such that
(X + a)k ≡ X k + a mod X r − 1, p for all a < l.
I
This is a group of cardinal at least log2 n.
I
Consider the set of product of X + a, with a < l, modulo p
and a well-chosen irreducible factor of X r − 1. This is also a
group.
I
One can give at the same time upper and lower bounds on the
size of this group, which are inconsistent unless n is a power
of p
I
But this is ruled out by the algorithm.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Remarks
The Rabin-Miller test
The AKS test
Polynomials
The algorithm
Idea of the proof
Running time
The algorithm
I
If n is a perfect power, then it is composite.
I
Find the smallest r such that the order of n mod r is at least
log2 n.
I
If there exists some a ≤ r such that 1 < (a, n) < n, then n is
composite
I
I
If n ≤ r , n is prime.
p
Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a
mod X r − 1, n for some a ≤ l, then n is composite.
I
Otherwise, n is prime.
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
Polynomials
The algorithm
Idea of the proof
Running time
Remarks
The Rabin-Miller test
The AKS test
The running time
I
The longest part of the algorithm is to check if
(X + a)n 6= X n + a mod X r − 1, n for some a ≤ l
I
This gives the running time.
I
A basic analysis shows that this is at most O ∼ (log 2 n)
I
It can be refined to O ∼ (log 2 n)
I
and, with a change in the algorithm, to O ∼ (log6 n)
I
This is still much slower than Rabin-Miller; the main interest
is theoretical.
21
15
Pierre Arnoux
Factoring and primality testing II
