Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Remarks The Rabin-Miller test The AKS test Factoring and primality testing II Pierre Arnoux Dhulikel, July 29, 2010 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 5 2 2 3 5 ) ( 117 ) = ( 117 ) = ( 117 Factor 2 again: −( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Effective computation of the Jacobi symbol I The Jacobi symbol ( na ) is defined using a factorisation of n. I But effective computation does not need this factorization! I Example: compute ( 7411 9283 ) I Both numbers are congruent to 3 mod 4, hence 9283 1872 ( 7411 9283 ) = −( 7411 ) = −( 7411 ) I We factor out 2: since 1872 = 16 × 117 we obtain 2 4 117 117 40 −( 7411 ) ( 7411 ) = −( 7411 ) = −( 7411 117 ) = −( 117 ) I 2 3 5 5 2 Factor 2 again: −( 117 ) ( 117 ) = ( 117 ) = ( 117 5 ) = ( 5 ) = −1. I 9283 is a prime number; hence 7411 is not a square modulo 9283. We see that, like Euclid’s algorithm, this does not need a factorization. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic 2 I Let Fq be a field of characteristic 2 (hence q = 2n ) I Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2 I The map a 7→ a2 is an automorphism. I Hence every number has exactly one square root (and the unique root of 1 is 1 = −1) Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic 2 I Let Fq be a field of characteristic 2 (hence q = 2n ) I Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2 I The map a 7→ a2 is an automorphism. I Hence every number has exactly one square root (and the unique root of 1 is 1 = −1) Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic 2 I Let Fq be a field of characteristic 2 (hence q = 2n ) I Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2 I The map a 7→ a2 is an automorphism. I Hence every number has exactly one square root (and the unique root of 1 is 1 = −1) Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic 2 I Let Fq be a field of characteristic 2 (hence q = 2n ) I Then we have: (a + b)2 = a2 + 2ab + b 2 = a2 + b 2 I The map a 7→ a2 is an automorphism. I Hence every number has exactly one square root (and the unique root of 1 is 1 = −1) Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 I F4 has 4 elements: {0, 1, a, b} I One easily checks that 1 + a =?? I And that a2 =?? I Can you work out the answer? Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 I F4 has 4 elements: {0, 1, a, b} I One easily checks that 1 + a =?? I And that a2 =?? I Can you work out the answer? Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 I F4 has 4 elements: {0, 1, a, b} I One easily checks that 1 + a =?? I And that a2 =?? I Can you work out the answer? Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 I F4 has 4 elements: {0, 1, a, b} I One easily checks that 1 + a =?? I And that a2 =?? I Can you work out the answer? Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : addition + 0 1 a b 0 1 a b 0 1 a b 1 0 a 0 b 0 + 0 1 a b 0 0 1 a b Pierre Arnoux 1 1 0 b a a a b 0 1 b b a 1 0 Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : addition + 0 1 a b 0 1 a b 0 1 a b 1 0 a 0 b 0 + 0 1 a b 0 0 1 a b Pierre Arnoux 1 1 0 b a a a b 0 1 b b a 1 0 Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : multiplication x 1 a b 1 a b 1 a b a b x 1 a b 1 1 a b Pierre Arnoux a a b 1 b b 1 a Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : multiplication x 1 a b 1 a b 1 a b a b x 1 a b 1 1 a b Pierre Arnoux a a b 1 b b 1 a Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : tables + 0 1 a b 0 0 1 a b x 1 a b 1 1 0 b a 1 1 a b Pierre Arnoux a a b 0 1 a a b 1 b b a 1 0 b b 1 a Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots An example: F4 : tables + 0 1 a b 0 0 1 a b x 1 a b 1 1 0 b a 1 1 a b Pierre Arnoux a a b 0 1 a a b 1 b b a 1 0 b b 1 a Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots A model for F4 I Consider the ring Z/2Z[X ] I Look for a polynomial of degree 2: I X 2 , X 2 + 1, X 2 + X , X 2 + X + 1 I The first 3 have roots, hence they are reducible. I X 2 + X + 1 is irreducible. I Define K = Z/2Z[X ]/ < X 2 + X + 1 > I It has 4 elements: 0, 1, X , X + 1; this is F4 ! We have X 2 = X + 1 mod X 2 + X + 1 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Another model for F4 √ −1+i 3 2 ∈C I Define j = I Consider the ring Z[j] I The set 2Z[j] is a maximum ideal. I The quotient Z[j]/2Z[j] is a field. I It has four elements : {0, 1, j, j 2 } I Remark that 1 + j + j 2 = 0, hence j 2 = −j − 1 ≡ j + 1 mod 2Z[j] I This is again F4 We can see here the multiplicative group as {1, j, j 2 }, and understand the Frobenius map x 7→ x 2 Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Computation of the Jacobi symbol Finite fields and square roots Finite fields of characteristic> 2 I In Characteristic > 2, we have x 6= −x except if x = 0. I Hence we have 3 cases for square roots: I 0 has one square root (itself) I Every other number has 0 (for half the cases) or 2 (for the other half) square roots. I Square roots have unusual behaviour in characteristic 2: we must always make a special case for 2 in the Jacobi symbol. I In particular, in characteristic > 2, 1 has exactly two square roots: 1, −1. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Strong Pseudoprimes √ 1 = ±1 in Z/nZ. I If n is prime> 2, I 2k t, Let n − 1 = and b prime with n, such that b t is not congruent to 1. I If n is prime, there exists j < k such that b 2 t ≡ −1 mod n I Definition: if b t ≡ 1 mod n or there exists j < k such that j b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to the base b. I If n is a strong pseudoprime to the base b, it is an Euler pseudoprime to the base b I One can prove that, if n is composite, it is a strong pseudoprime to at most at most 25% of bases. j This gives a primality test Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I Let n > 2; Compute n − 1 = 2k t I Chose bases b1 , . . . br < n I Check that bi is prime with n I Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base bi : Stop. I Compute the successive squares of ai ; if one of these is −1, n is pseudoprime to base bi : Stop. I If no aik−1 is congruent to −1, n is composite if n passes the test, it is prime with probability 1 − 4−r Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I We would like a deterministic test. I If we knew that for any composite n there is a small b such that n is not strong pseudoprime to base b, Rabin-Miller would be deterministic. I This is true if the GRH holds. I Remark: there is only one composite n < 1010 which is strong pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very efficient. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I We would like a deterministic test. I If we knew that for any composite n there is a small b such that n is not strong pseudoprime to base b, Rabin-Miller would be deterministic. I This is true if the GRH holds. I Remark: there is only one composite n < 1010 which is strong pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very efficient. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I We would like a deterministic test. I If we knew that for any composite n there is a small b such that n is not strong pseudoprime to base b, Rabin-Miller would be deterministic. I This is true if the GRH holds. I Remark: there is only one composite n < 1010 which is strong pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very efficient. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Rabin-Miller primality test I We would like a deterministic test. I If we knew that for any composite n there is a small b such that n is not strong pseudoprime to base b, Rabin-Miller would be deterministic. I This is true if the GRH holds. I Remark: there is only one composite n < 1010 which is strong pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very efficient. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The Agrawal Kayal Saxena (AKS) test I There is now a deterministic test in polynomial time. I Created in 2002 by 3 indian computer scientists I at the Institute of Technology of Kanpur: I Manindra Agrawal I Neeraj Kayal I Nitin Saxena I This solves a long standing problem. Their paper is easy to find on Internet, and very readable. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time A basic remark I Let a be prime with n. I Lemma n is prime if and only if (X + a)n ≡ X n + a mod n I If n is prime, this is an exercise. I If n is composite, take a prime factor q and write n = tq k , with t coprime to q. Then q k does not divide qn and is comprime to a, so the coefficient of X q is not zero mod n. I I This gives a primality test I But it is very inefficient (n coefficients to compute). Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (1) I We replace the congruence mod X r − 1, n. I for a well chosen r I And we check the equality for the first values of a I We will show that this implies that n is a power of a prime number. Pierre Arnoux mod n by a congruence Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (1) I We replace the congruence mod X r − 1, n. I for a well chosen r I And we check the equality for the first values of a I We will show that this implies that n is a power of a prime number. Pierre Arnoux mod n by a congruence Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (1) I We replace the congruence mod X r − 1, n. I for a well chosen r I And we check the equality for the first values of a I We will show that this implies that n is a power of a prime number. Pierre Arnoux mod n by a congruence Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (1) I We replace the congruence mod X r − 1, n. I for a well chosen r I And we check the equality for the first values of a I We will show that this implies that n is a power of a prime number. Pierre Arnoux mod n by a congruence Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (2) I We will see that the congruence (X + a)n ≡ X n + a mod X r − 1, n I implies (X + a)n ≡ X n + a mod X r − 1, n I But since X r ≡ 1 mod X r − 1, n I We want many nk to be different relations . I This implies that n has a high (multiplicative) order k k Pierre Arnoux mod r , to obtain many Factoring and primality testing II mod r Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (2) I We will see that the congruence (X + a)n ≡ X n + a mod X r − 1, n I implies (X + a)n ≡ X n + a mod X r − 1, n I But since X r ≡ 1 mod X r − 1, n I We want many nk to be different relations . I This implies that n has a high (multiplicative) order k k Pierre Arnoux mod r , to obtain many Factoring and primality testing II mod r Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (2) I We will see that the congruence (X + a)n ≡ X n + a mod X r − 1, n I implies (X + a)n ≡ X n + a mod X r − 1, n I But since X r ≡ 1 mod X r − 1, n I We want many nk to be different relations . I This implies that n has a high (multiplicative) order k k Pierre Arnoux mod r , to obtain many Factoring and primality testing II mod r Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (2) I We will see that the congruence (X + a)n ≡ X n + a mod X r − 1, n I implies (X + a)n ≡ X n + a mod X r − 1, n I But since X r ≡ 1 mod X r − 1, n I We want many nk to be different relations . I This implies that n has a high (multiplicative) order k k Pierre Arnoux mod r , to obtain many Factoring and primality testing II mod r Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The idea (2) I We will see that the congruence (X + a)n ≡ X n + a mod X r − 1, n I implies (X + a)n ≡ X n + a mod X r − 1, n I But since X r ≡ 1 mod X r − 1, n I We want many nk to be different relations . I This implies that n has a high (multiplicative) order k k Pierre Arnoux mod r , to obtain many Factoring and primality testing II mod r Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. This gives a deterministic algorithm for primality. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I One first proves that there exists r < log5 n such that the order of n mod r is at least log2 n. I I To do this, define B = dlog5 ne Qblog2 nc Set A = nblog Bc i=1 (ni − 1) I Consider the smallest integer r which does not divide A. I r must be prime with n. I r does not divide ni − 1 for i < log2 n, hence the order of n mod r is at least log2 n I A (rather) simple computation proves that r ≤ B. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time Principle of the proof I I We have found r . Suppose now that n is composite. p Let p be a prime factor of n, and let l = [ φ(r ) log n]. I Consider the set G of elements k such that (X + a)k ≡ X k + a mod X r − 1, p for all a < l. I This is a group of cardinal at least log2 n. I Consider the set of product of X + a, with a < l, modulo p and a well-chosen irreducible factor of X r − 1. This is also a group. I One can give at the same time upper and lower bounds on the size of this group, which are inconsistent unless n is a power of p I But this is ruled out by the algorithm. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Remarks The Rabin-Miller test The AKS test Polynomials The algorithm Idea of the proof Running time The algorithm I If n is a perfect power, then it is composite. I Find the smallest r such that the order of n mod r is at least log2 n. I If there exists some a ≤ r such that 1 < (a, n) < n, then n is composite I I If n ≤ r , n is prime. p Define l = [ φ(r ) log n]; if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l, then n is composite. I Otherwise, n is prime. Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II Polynomials The algorithm Idea of the proof Running time Remarks The Rabin-Miller test The AKS test The running time I The longest part of the algorithm is to check if (X + a)n 6= X n + a mod X r − 1, n for some a ≤ l I This gives the running time. I A basic analysis shows that this is at most O ∼ (log 2 n) I It can be refined to O ∼ (log 2 n) I and, with a change in the algorithm, to O ∼ (log6 n) I This is still much slower than Rabin-Miller; the main interest is theoretical. 21 15 Pierre Arnoux Factoring and primality testing II