“Primes is in P”

M. Agrawal, N. Kayal, N. Saxena

Annals of Mathematics 160, pp. 781-793

(2004).

Presented by:Kaustav Ghoshal

Dept of Computer ScienceTexas A&M University

kg@cs.tamu.edu

April 20, 2006

1

Acknowledgement

Slides are built on the original talk by Manindra Agrawal ©Special Lecture on “Primes is in P” at Fields Institute,

University of Toronto,May 23, 2003

2

The Problem

Given a number n, test whether the number is prime efficientlyBy efficiently it is meant a polynomial in the number of digits ofthe input= (logn)c where c is a constant.

3

The Trial Division Method

Try dividing by all numbers up to n1/2

X Already known since 230 BC (Sieve of Eratosthenes)

X Takes exponential time: Ω(n1/2)

X Also produces a factor of n when it is composite

4

Fermat’s Little Theorem

If n is prime, then for any a ;an = a (mod n )

X It is easy to check:

? compute a2, square it to a4, square it to a8.

? Needs only O(log n)

5

A Potential Test

X For a few a’s test if an = a (mod n )

X if true, output PRIME else output COMPOSITE

X This fails!

X For n = 561 = 3 ∗ 11 ∗ 17, all a’s satisfy the equation!

X These are called Carmichael Numbers

6

PRIMES is in NP ∩ co-NP

X A trivial algorithm shows that the problem is in co-NP: guessa factor of n and verify it

X In 1974, Vaughan Pratt designed a NP algorithm for primal-ity testing

7

PRIMES is in P(conditionally)

In 1973 Miller designed a test based on Fermat’s Little Theorem:

X It was efficient and took O(log4n) steps.

X It was correct assuming Extended Riemann Hypothesis.

8

PRIMES is in co-RP

X Rabin modified Miller’s algorithm to an unconditional butrandomized polynomial time algorithm.

X This algorithm gives a wrong answer with a small probabilitywhen n is composite!

X Solovay-Strassen came up an algorithm with similar proper-ties.

9

PRIMES is in P(almost)

X In 1983, Adleman, Pomerance, and Rumely gave a determin-istic algorithm running in time (logn)c∗logloglogn

X Algorithm based on Generalized FLT.

X c ∗ logloglogn is very small.

10

PRIMES in RP

X In 1986, Goldwasser and Kilian gave a randomized algorithmthat

? works almost always(on most input numbers) in polyno-mial time

? errs only on primes.

X In 1992,Adleman and Huang improved this to an algorithmthat is always polynomial time.

X This can run infinitely and thus not efficient

11

The impact of this paper

This is the first work to show that Primality can be solved inPolynomial time unconditionally.

12

Main Idea

X Generalize Fermat’s Little Theorem:

? Ring Zn does not seem to have nice structure to exploit.

? So extend the ring to a larger ring in the hope for morestructure and additional properties.

X Consider polynomials modulo n and Xr - 1,or the ring Zn[X]/(Xr − 1).

X r is a small number and X is the rth root of 1.

13

Generalized FLT

X If n is prime then for any a:(X + a)n = Xn+ a (mod n, Xr − 1).

X Potential test: for a “small” r and a “few” a’s, test the aboveequation.

14

It Works (Almost)!

We prove:If (X + a)n = Xn+ a (mod n, Xr − 1)

for every 0 < a <2√

r log n

and for suitably chosen “small” r

then n is a prime power

15

The Algorithm

-n is the input

1. Output COMPOSITE if n = mk, k > 1.2. Find the smallest number r such that Or(n) > 4 (logn)2

3. If any number < r | n, output PRIME/COMPOSITE appro-priately.4. For every a 6 2

√rlog n: If (X+a)n 6= Xn+a(mod n, Xr−1)then

output COMPOSITE.5.Output PRIME.

16

Correctness of the Algorithm

X If the algorithm outputs COMPOSITE, n must be compos-ite:

? COMPOSITE in step 1 ⇒ n = mk, k > 1.

? COMPOSITE in step 3 ⇒ a number < r divides n.

? COMPOSITE in step 4 ⇒ (X + a)n 6= Xn + a(mod n, Xr

-1) for some a.

X If the algorithm outputs PRIME in step 3, n is a prime num-ber < r.

17

The Hard Part

When the algorithm outputs PRIME in Step 5:

X Then (X + a)n = Xn + a( mod n,Xr -1) for 0<a6 2√

rlogn.

X Let p be a prime divisor of n.

X Clearly (X +a)n = Xn + a( mod p,Xr -1) for 0<a6 2√

rlogn.

X Therefore (X + a)p = Xp + a( mod p,Xr -1).

18

Introspective Numbers

X Let us call any number m such thatg(X)m= g(Xm) (mod p, Xr-1) an introspective number forg(X).

X So, 1, p and n are introspective numbers forX + a for 0<a6 2

√rlog n.

19

Introspective Numbers Are Closed Under *

Lemma :If s and t are introspective for g(X),so is s ∗ t.Proof :

g(X)st = g(Xs)t(mod p, Xr − 1), and

g(X)t = g(Xt)(mod p, Xr − 1), and

g(Xs)t = g(Xst)(mod p, Xrs − 1)

= g(Xst)(mod p, Xr − 1)

20

There are lots of Introspective Numbers

X Let I = ni ∗ pj : i, j > 0 .

X Every m in I is introspective for X + a for 0<a6 2√

rlog n.

21

Introspective Numbers Are Also For Products

Lemma : If m is introspective for both g(X) and h(X),then it isalso for g(X) ∗ h(X).

Proof :

(g(X) ∗ h(X))m = g(X)m ∗ h(X)m

= g(Xm) ∗ h(Xm)(mod p, Xr − 1)

22

So Introspective Numbers Are For Lots of Products!

X

Let Q =

2√

rlog n∏a=1

(X + a)ea|ea > 0

X ∀ g(X) ∈ Q, ∃ m ∈ I: m is introspective.

X So there are lots of introspective numbers for lots of poly-nomials.

23

Low Degree Polynomials in Q

X Let t = Or(n, p) > Or(n) > 4(log n)2

X Let Qlow be the set of all polynomials in Q of degree < t.

X There are more than t introspective numbers in I, with eachsuch number 6 n2

√t : Consider all numbers ni ∗ pj for 0 6

i, j 6√

(t).

X There are(t−1+2

√rlogn

2√

rlogn−1

)> n2

√t polynomials in Q of degree <

t(Since p > r and√

t > 2log n ): Consider all distinct productsof subsets of X + a and use the fact that t > 4(log n)2

24

Finite Fields Facts

X Let h(X) be an irreducible divisor of rth cyclotomic polyno-mial Qr(X) in the Fp[X]:

? Qr(X) divides Xr − 1 and h(X)|Xr − 1.

? Polynomials modulo p and h(X) form a field, say F .

? Xi 6= Xj in F for 0 6 i 6= j < r.

25

A Fundamental Property of Fields

X For any field F and any polynomial P (Y ) of degree k over F ,P (Y ) has at most k roots in F .

26

Moving to Field F

X Since h(X) divides Xr−1, equations for introspective numberscontinue to hold in F .

X We now argue over F.

X Since h(X)|Xr− 1, replace Xr− 1 with h(X) everywhere in F .

27

Qlow injects into F

X Q has more than n2√

t polynomials of degree < t.

X All these polynomials are distinct in F:

? Let f(X) and g(X) be two such polynomials.

? If f(X) = g(X) in the field F then:

? For every m in I, f(Xm) = f(X)m = g(X)m = g(Xm) in F .

? So polynomial P (Y ) = f(Y ) − g(Y ) has t roots. WhenY = X or Y = Xm, the polynomial reduces to 0 in F .- Contradiction since degree of P (Y ) is< t.

28

Impossibility Proof

X There must be i, j, k, l in I such that- i, j, k, l <

√t and (i, j) 6= (k, l) (mod r).

- ni ∗ pj(= s) = nk ∗ pl(= s′) - s,s’ < n2√

t.

X Let g(X) be any polynomial in Q.

X Then modulo (p, Xr − 1):

g(X)s = g(Xs)[since s is introspective]

= g(Xs′)[since s = s′ (mod r)]

= g(X)s′[since s′ is introspective]

29

Impossibility Proof Contd . . .

X Therefore, g(X) is a root of the polynomial P (Y ) = Y s − Y s′

in the field F .

X If Y = g(X) then P (Y ) = 0.

X Since s 6= s′, it will have at most max s, s′ 6 n2√

t roots in F .

X Contradiction since Q has more than n2√

t polynomials in thefield F .

30

That is Impossible

X We can prove that it is not possible . . .

X So either:

? There are > t introspective numbers in I, with each suchnumber 6 n2

√t.

⇒ This means that two of these numbers are equal.Or

X There are > n2√

t polynomials in Q of degree < t

⇒ Two of these polynomials are equal.

31

Impossibility contd . . .

X But two different polynomials can not be equal.

X So ni ∗ pj = nk ∗ pl for some i, h, k and l.

X This implies n = pa for some a.

32

The Choice of r

X We need r such that Or(n) > 4(log n)2.

X Any r such that Or(n) > 4(log n)2 must divide

4 log2n∏k=1

(nk − 1) 6 n16log4n = 216log5n

X LCM of first m numbers is at least 2m(for m > 7).

X Therefore, there must exist an r that we desire 6 16(log n)5+

1.

33

Remarks

X This algorithm is impractical as its running time is O˜(log10.5n)provably and O (log6n)heuristically.

X To make it practical, one needs to bring the exponent downto 4 or less.

X As of now, best known running time is O˜(log6n).

34

Future Improvements

X Apply Berrizbeitia’s idea of r = 2s in Lenstra’s improved al-gorithm to improve time complexity

X Skip the power step (Step 1) in the main algorithm by usingthe concept of least witness of n.

X Identify any possible bounds of r in the first step.

35

Questions

36

Homework Question

Let n ∈ Z and n > 2 be an arbitrary integer, and let a < n be aninteger that is relatively prime to n.

Prove that:n is a prime number ⇔ in Zn[X], we have (X + a)n = Xn + a

37