Download Primes_revised_paper

PRIMES
K. -C. Yang and J. -L. Lin
National Tsing Hua University
OUTLINE


Definition And History of Prime
PRIMES is in P
Previous Researches
 Basic Idea and Approach
 Preliminary Notation
 The Algorithm And Verification
 Time Complexity Analysis
 Future Works

History

Definition


Let p N and p > 1, p is prime if it has no
positive divisor other than 1 and p.
History

Pythagoras (580 BC ~ 300 BC)


Integer (odd, even, prime, …), Rational and Irrational
number, Pythagorean Theorem…
Euclid (300 BC)

There are an infinite number of primes.
History (2)

pf.
Assume there are finite number of primes.
 Let p1, …, pn be all primes, and let N = p1p2…pn + 1
 N is a composite number and pi | N i 1...n
 N has a prime factor p  p1, …, pn
 Contradiction

History (3)



How to determine if a number is prime?
Sieve of Eratosthenes (240 BC)
 If n is composite, then n has a positive divisor
less than or equal to n1/2. So to determinate
whether n is prime, you can try dividing n to
every m < n1/2. This is an exponential-time
algorithm O(n1/2 log n).
PRIMES is in P - O(logk n) for k≧1.
Fermat (1)

Fermat’s Last Theorem (AD 1637)
xn + yn = zn has no integer solution for n > 2
 Proven by Wiles (AD 1995)


Fermat’s Little Theorem (AD 1640)
a  N and p is prime, then ap-1 ≡1 (mod p)
 e.g.
p-1

32
p = 2, a = 3, then ≡ 1 (mod 2)
 p = 3, a = 4, then 43 ≡ 1 (mod 3)

p|a
-1
Fermat (2)

pf. of Fermat’s little theorem (by induction)
≡1 (mod p)  ap - a ≡ 0 (mod p)  p | ap - a
 Assume p | ap - a, then examine (a + 1)p - (a + 1)
 (a  1)  a   p a   p a  ...   p a  1 (binomial theorem)
 ap-1
p
p 1
p
1
p 2
2
 p  1
 p  p 1  p  p 2
 p 




a
(a  1)  (a  1)   a   a  ...  
1
2
 p  1
 p  p( p  1)...( p  i  1)
p |   
i!
i

 p divides the right side, so it also divides the left side.
 p | (a + 1)p - (ap + 1) + (ap - a) = (a + 1)p - (a + 1)
 The hypothesis is true for any a.
p
p
Fermat (3)


Time complexity – O(lg n)
If ap-1 ≡1 (mod p) for a  N , p is prime?
It fails!
 341

341 = 11 × 31
 2340 ≡1 (mod 341)


Pseudo primes: 341, 561 , 645, 1105…
Previous Researches

1975, Miller designed a test based on Fermat Little Theorem



1980, Miller’s algorithm was modified by Rabin


randomized polynomial-time algorithm (on almost all input)
1992, G-K algorithm was modified by Adleman and Huang


deterministic in (log n)O(logloglog n)
1986, Goldwasser and Kilian


Unconditional but randomized polynomial-time
1983, Adleman, Pomerance and Rumely


deterministic polynomial-time algorithm – O(log4 n)
Assuming Extended Riemann Hypothesis
randomized polynomial-time algorithm on all inputs
2002, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena


deterministic polynomial-time O(log7.5+εn)
by using algebra
Riemann Hypothesis (1)


In 1859, proposed by Riemann
Hilbert’s problems
23 problems. The Second International Congress of
Mathematicians, 1900.
 Three of Hilbert’s problems remain unconquered.

6. Can physics be axiomized?
 8. Riemann hypothesis.
 16. Develop a topology of real algebraic curves and
surfaces.


Partial answer by Oxenhielm, Stockholm University, 2003
Riemann Hypothesis (2)

Riemann zeta function

1
1
  s , s    it
 ( s ) n 1 n
 Trivial zero point


Riemann Hypothesis


-2, -4, -6, -8, …
 non trivial zero point in Reimann zeta function,
σ= ½.
Clay Mathematics Institute

$1000000 for the solution to this problem. (2000. 5)
PRIMES is in P
Manindra Agrawal, Neeraj Kayal, and
Nitin Saxena
August 6, 2002
Basic Idea and Approach (1)

Let aZ, nN, and (a, n) = 1. Then n is prime iff
(X + a)n≡(Xn + a) (mod n)

pf.
 n  n 1
 n  n 1
n




(
X

a
)

a

a
X

...

aX

X

1
 n  1
 


 If n is prime  n | (X + a)n – (Xn +
n
 n  n(n  1)...(n  i  1)
  
i!
i
n
a) a
– a = a(an-1 – 1)
∵n | an-1 -1 (Fermat’s little thm)
 n | an - a
n
 (X - a)n≡(Xn - a) (mod n)
 If n is composite, let q be prime, qk | n, but qk+1 | n
n
q
|
   q a X  n | (X + a)n – (Xn + a)
 
 n  n(n  1)...(n  q  1)
  
 q 
 (X - a)n≡(Xn - a) (mod n)
q(q  1)!
q
k
nq
q
k 1
(n, a) = 1  (qk, an-q) = 1
Basic Idea and Approach (2)




To evaluate n coefficients, it costs time Ω(n).
To shorten the number of coefficients, we use
(x + a)n ≡ (xn + a) (mod xr – 1, n)
If p is prime, the above congruence holds.
However, some composite numbers still satisfy this
congruence.

For appropriate r, n must be a prime power.

e.g. 33, 75, 2×3×5
Basic Algorithm
Input n > 1
1. If ( n = ab for some a  N and b > 1), output
COMPOSITE.
2. Find the smallest r such that or(n) > 4log2n.
3. If (gcd(n, a) > 1 for some a ≦ r) , output
COMPOSITE.
4. If (n ≦ r), output PRIME.
5. For a = 1 to 2  (r) log n do
if (( x  a)n  x n  a (mod x r 1, n)) , output COMPOSITE.
6. Output PRIME.
Notation: or(n) = d denotes the smallest positive integer d s.t. nd ≡ 1 (mod r)
Notation2: ψ(r) = |k|, where k < r and (k, r) = 1
Preliminary Notation (1)


Fn denotes the finite field, where n is a prime.
Let n and r be prime numbers, n ≠ r.
1. The multiplicative group of any field Fn, denoted by Fn* is
cyclic.
2. Let f(x) be a polynomial with integral coefficients. Then
f(x)n≡ f(xn) (mod n)
3. Let h(x) be any factor of xr - 1. Let m≡mr (mod r). Then
xm ≡ xmr (mod h(x))
x 1
4. In Fn, x  1 factorizes into irreducible polynomial each of
degree or(n).
r
Preliminary Notation (2)


Let f(x) be a polynomial with integral coefficients. Then
f(x)n≡ f(xn) (mod n)
pf.
Let f(x) = a0 + … + adxd. The coefficient ci of xi in f(x)n is
ci 

i0 ... id  n
i1 2 i2 ...  did i
i
i
i
a0 0 ...a j j ...ad d
n!
i0!...id !
xi1 × x2i2 × … × xdid = xi1+2i2…+did
n | ci unless some ij is n. In this exception case, im = 0 for all m ≠ j.
i = j × ij = nj. And cnj = ajn (mod n). Therefore, cnj ≡ aj (mod n)
(Fermat’s Little Theorem)
cnj = ajn + n ×Δ
f(x)n ≡ c0 + cnxn + c2nx2n + … + cndxnd (mod n)
≡ a0 + a1xn + a2x2n + … + adxnd (mod n)
≡ f(xn) (mod n)
Preliminary Notation (3)


Let h(x) be any factor of xr – 1. Let m≡mr (mod r). Then
xm ≡ xmr (mod h(x))
pf.
Let m = kr + mr. Now
xr ≡ 1 (mod xr - 1)
 xkr ≡ 1 (mod xr - 1)
 xkr+mr ≡ xmr (mod xr - 1)

xm ≡ xmr (mod xr - 1)

xm ≡ xmr (mod h(x))
xr-1 | xm-xmr
 h(x) ×Δ | xm-xmr
 h(x) | xm-xmr
Preliminary Notation (4)
xr 1
factorizes
x 1
In Fn,
into irreducible polynomial each of degree
or(n).
xr 1
Let d = or(n) and h(x) be a irreducible factor of x  1 with degree k.
Fn[x]/h(x) forms a field of size nk and the multiplicative
subgroup of Fn[x]/h(x) is cyclic with a generator g(x) (by fact 1).
We have
g(xn) ≡ g(xn)
n
n
g(x) ≡ g(x ) (fact 2) g(xn)n ≡ g(xn2)
pn ≡ 1 (mod r)
d
d
n2)n ≡ g(xn3)
n
n
g(x
 g(x) ≡ g(x )
xnd ≡ x1 (mod h(x)) (by fact 3)
…
d
n
g(xnd) ≡ g(x)
d
d
 g(x) ≡ g(x)
n
n
g(x) ≡ g(x )
d
 g(x)n -1 ≡ 1
∵ Order of g(x) = (nk - 1), ∴(nk - 1)|(nd - 1)  k | d.
∵ h(x) | (xr – 1), we also have xr ≡ 1 in Fn[x]/h(x)  order of x
in this field must be r (∵ r is prime). Therefore, r | (nk - 1), i.e. nk
≡ 1 (mod r)
Hence, d | k. Therefore, k = d.

Algorithm
Input n > 1
1. If (  a  N and b > 1 s.t. n = ab ), output COMPOSITE.
2. Find the smallest r such that or(n) > 4log2n.
3. If (  a ≦ r s.t. 1 < gcd(n, a) < n ) , output COMPOSITE.
4. If (n ≦ r), output PRIME.
5. For a = 1 to 2  (r) log n do
if (( x  a)n  x n  a (mod x r 1, n)) , output COMPOSITE.
6. Output PRIME.
Notation: (n, r) = 1, or(n) = d denotes the smallest positive integer d s.t. nd ≡ 1 (mod r)
Notation2: ψ(r) = |k|, where k < r and (k, r) = 1
Correctness (1)


Lemma. If n is prime, the algorithm returns PRIME.
pf.
1. Step 1 and Step 3 can never return COMPOSITE.


n≠ab
(a, n) = 1 or n  a ≦ r
2. Step 5 also can not return COMPOSITE.

If p is prime, (x + a)n ≡ (xn + a) (mod xr – 1, n) holds
 It returns PRIME either in Step 4 or Step 6.
Correctness (1)

Lemma. If the algorithm returns PRIME, n is prime.

If it returns PRIME in Step 4 then n must be prime.
 ∵n ≦ r , and (n, a) = 1 or n  a ≦ r

The remaining case: It returns PRIME in Step 6.
(n, 1) = 1
(n, 2) = 1
…
(n, n -1) = 1
(n, n) = n
Correctness (2)
r1



r2
rt
123
16lg n
Find an appropriate r in Step 2.
Lemma. There exist an r ≦ 16lg5n s.t. or(n) > 4lg2n
5
pf.
Let r1, r2, …, rt be all numbers s.t. ori(n) ≦ 4lg2n, note that t
≦ 16lg5n

4 lg2 n 
ri |
 (n
i
 1)  n
16 lg4 n
2
16 lg5 n
i 1
Let ori(n) = k
 nk≡1 (mod ri)
 ri | nk - 1
∵n ≦ 2lgn
< n1n2…n4lg2n = n8lg4n+2lg2n < n16lg4n
Correctness (3)
 lcm (r1, …, rt) |Π (ni - 1) < 216lg5n
5n
5
16lg
However, lcm (1, …, 16lg n) > 2
5n
16lg
Therefore, t < 2
 r {ri | 0 ≦ i ≦ t}, but r < 16lg5n, and or(n) > 4lg2n
Lemma. lcm (1, 2, …, m) ≧ 2m for m>6
Correctness (4)

Assume n is composite. Let p be prime and p | n
p>r
 We fix p and r in the remainder sections.
 Set l = 2  (r ) lg n
 (X + a)n ≡ Xn + a (mod Xr - 1, n) for 1≦ a ≦ l
(X + a)n ≡ Xn + a (mod Xr - 1, p) for 1≦ a ≦ l
 (X + a)p ≡ Xp + a (mod Xr - 1, p) for 1≦ a ≦ l


∵p is prime and (a, p) = 1
Correctness (5)

Definition. For polynomial f(X) and number m N, we
say that m is introspective for f(X) if
[f(X)]m ≡ f(Xm) (mod Xr – 1, p)

n, p are introspective for f(X) = X + a

Lemma. If m and m’ are introspective numbers for f(X) then so
is m × m’

pf.
[f(X)]mm’ ≡ [f(Xm)]m’ (mod Xr - 1, p)
Let Y = Xm, [f(Y)]m’, [f(Y)]m’ ≡ f(Ym’) (mod Yr - 1, p)
 [f(Xm)]m’ ≡ f(Xmm’) (mod Xr - 1, p)
Yr - 1 = Xmr - 1
Xr - 1 | Xmr – 1
 [f(X)]mm’ ≡ f(Xmm’) (mod Xr - 1, p)
Correctness (6)
Lemma. If m is introspective for f(X) and g(X) then so
is f(X)g(X)
 pf.
claim: [f(X)g(X)]m ≡ f(Xm)g(Xm) (mod Xr – 1, p)
[f(X)]m ≡ f(Xm) (mod Xr – 1, p)
[g(X)]m ≡ g(Xm) (mod Xr – 1, p)
 [f(X)]m[g(X)]m ≡ f(Xm)g(Xm) (mod Xr – 1, p)


Lemma 4.5. If m and m are introspective
numbers for f(x) then so is m m.

Lemma 4.6. If m is introspective for f(x) and g(x)
then it is also introspective for
f(x)  g(x).

Set
I   n i  p j | i, j  0 ,
P


e


x

a
a 1
l

| e  0

Lemma 4.5 and 4.6 implies that every number in
the set I is instropective for every polynomials in
the set P.
i,e, Let m  I , f ( x)  P 
f ( x) m  f ( x m )
 pf  1. close  (n i  p j )( n s  p t )  (n i  s  p j t )  I
2.  a  G, claim a -1  G
 (n, r )  ( p, r )  1 , so (a, r )  1
u , v s.t au  rv  1 , au  1  r (v)
[a ][u ]  1 (mod r )  u  a 1  G

Define G be the set of all residues of numbers in I
modulo r , then G is a subgroup of
Z r*   [a]  Z r | (a, r )  1 

Let |G| = t , and since or(n) > 4log2n,
t > 4log2n.
Let n  I and b  G s.t n  b (mod r )
 nt  bt (mod r ), so o(n) | t

Let  be the set of all non - zero residues of polynomial s
in P modulo h( x) and p.
 l

ti
   a 1 ( x  a) |  ti  or ( p), ti  0, 1  a  l 
1 a l



Lemma 4.7.
t  l  2

|  | 
 t 1 
 pf 
Claim : any two distinct polynomial of degree less than t in P
will map to different elements in  .
Assume f ( x) , g ( x)  P and f ( x)  g ( x) in F.
Let m  I  [ f ( x)]m  [ g ( x)]m  f ( x m )  g ( x m ) (mod x r  1,p )
 x m is a root of the polynomial Q (x)  f ( x) - g ( x) , m  G
G has | G | distinct roots of Q ( x) in F, however, the degree of Q ( x)
is less than t . ( constradic tion)
Thus, f ( x)  g ( x) in F.
 t  l- 2 
 distinct polynomail s of
Therefore, there exist at least 
 t-1 
degree  t in  . (the combinatio ns of ( x  1) t1 ( x  2) t 2 ...( x  l ) tl )

Lemma 4.8. If n is not a power of p,
then |  | 1 / 2  n2

Define I  n i  p j | 0  i, j 
t
 t 


If n is not a power of p then the set I has ( t  1 ) 2  t distinct numbers.
Since | G |  t , at least two numbers m1 , m2  I must be equal modulo r. (m1  m2 )
 x m1  x m 2 (mod x r  1, p )
Let f ( x)  P, then
[ f ( x)]m1  f ( x m1 ) (mod x r  1, p )
 f ( x m 2 ) (mod x r  1, p )
 [ f ( x)]m2 (mod x r  1, p )
Let Q(Y)  Y m1  Y m2 , then f ( x)   is a root of Q(Y) in F
So, Q(Y) has at least |  | distinct roots in F.
1
The degree of Q(Y) is m1  (np)  t   n 2 t ( p  n / 2)
2

Lemma 4.9. If the algorithm returns PRIME then n is
prime.
 pf 
Suppose that the algorithm returns PRIME. Lemma 4.7. implies

that for t  | G | and l  2  (r ) log n

t  l - 2
 2n  1 (2n  1)( 2n  2)....n 2n  1 n

|  |  


(
)( )  2  2 (if 2n  1  4 )
n 
n(n  1)....1
n
1
1
t



 l - 1  2 t log n 
 since t  2 t log n
 


2 t log n


 2  2 t log n  1
 (since l  2  (r) log n  2 t log n )



2 t log n


n2




 2 2

t log n
1 2
n
2
t




 

 




 since 2 t log n  2 t log n  1

n
1 2 t
n if n is not a power of p.
2
Therefore, n  p k for some k  0. If k  1 then the algorithm
will return COMPOSITE in step 1. Therefore, n  p.
 By lemma 4.8, |  | 
O(log3n)
O(log7n)
(log5n r’s)
O(rlogn)= O(log6n)
Each equation : O(rlog2n)
Total : O(log10.5n)