Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Similar documents
PRIMALITY TEST FOR FERMAT NUMBERS USING QUARTIC RECURRENCE EQUATION. Predrag Terzic Podgorica, Montenegro

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Applied Cryptography and Computer Security CSE 664 Spring 2018

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

A Guide to Arithmetic

Fibonacci Pseudoprimes and their Place in Primality Testing

A Proof of the Lucas-Lehmer Test and its Variations by Using a Singular Cubic Curve

A Few Primality Testing Algorithms

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

Primes of the Form n! ± 1 and p ± 1

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Primality testing: then and now

A SURVEY OF PRIMALITY TESTS

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

On the Composite Terms in Sequence Generated from Mersenne-type Recurrence Relations

Mathematics of Cryptography

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

CPSC 467b: Cryptography and Computer Security

The New Largest Known Prime is 2 p 1 With p = Who Cares? Sam Wagstaff Computer Sciences and Mathematics.

Part II. Number Theory. Year

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

Advanced Algorithms and Complexity Course Project Report

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Lecture 11 - Basic Number Theory.

THE SOLOVAY STRASSEN TEST

Sums of Squares. Bianca Homberg and Minna Liu

Basic elements of number theory

Basic elements of number theory

SQUARE PATTERNS AND INFINITUDE OF PRIMES

A Generalization of Wilson s Theorem

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Primality testing: then and now

Algorithms (II) Yu Yu. Shanghai Jiaotong University

arxiv: v1 [math.gm] 6 Oct 2014

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

CPSC 467: Cryptography and Computer Security

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

#A11 INTEGERS 12 (2012) FIBONACCI VARIATIONS OF A CONJECTURE OF POLIGNAC

IRREDUCIBILITY TESTS IN F p [T ]

From Wikipedia, the free encyclopedia

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

1. Algebra 1.7. Prime numbers

CSE 521: Design and Analysis of Algorithms I

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

ECEN 5022 Cryptography

THE MILLER RABIN TEST

Primality Testing- Is Randomization worth Practicing?

Pseudoprimes and Carmichael Numbers

COMS W4995 Introduction to Cryptography September 29, Lecture 8: Number Theory

God may not play dice with the universe, but something strange is going on with the prime numbers.

Number Theory and Algebra: A Brief Introduction

Factorization & Primality Testing

MATH 310: Homework 7

Selected Chapters from Number Theory and Algebra

CPSC 518 Introduction to Computer Algebra Asymptotically Fast Integer Multiplication

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

Introduction to Quantum Information Processing QIC 710 / CS 768 / PH 767 / CO 681 / AM 871

Implementation of the DKSS Algorithm for Multiplication of Large Numbers

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

CRC Press has granted the following specific permissions for the electronic version of this book:

Integer multiplication with generalized Fermat primes

CPSC 467b: Cryptography and Computer Security

COMPUTER ARITHMETIC. 13/05/2010 cryptography - math background pp. 1 / 162

Three Ways to Test Irreducibility

Commutative Rings and Fields

The Impossibility of Certain Types of Carmichael Numbers

With Question/Answer Animations. Chapter 4

Frequency Domain Finite Field Arithmetic for Elliptic Curve Cryptography

Ma/CS 6a Class 4: Primality Testing

Table of Contents. 2013, Pearson Education, Inc.

ABSOLUTE VALUES AND VALUATIONS

ALG 4.0 Number Theory Algorithms:

Generalized Lucas Sequences Part II

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Theoretical Cryptography, Lecture 13

CPSC 467b: Cryptography and Computer Security

Some Facts from Number Theory

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

NOTES ON FINITE FIELDS

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

π π π points:= { seq([n*cos(pi/4*n), N*sin(Pi/4*N)], N=0..120) }:

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Euler s ϕ function. Carl Pomerance Dartmouth College

Number Theory Homework.

CSCI Honor seminar in algorithms Homework 2 Solution

CIS 551 / TCOM 401 Computer and Network Security

Three Ways to Test Irreducibility

Chapter 5. Modular arithmetic. 5.1 The modular ring

Math 229: Introduction to Analytic Number Theory Elementary approaches I: Variations on a theme of Euclid

Transcription:

Lucas Lehmer primality test From Wikipedia, the free encyclopedia In mathematics, the Lucas Lehmer test (LLT) is a primality test for Mersenne numbers. The test was originally developed by Edouard Lucas in 1856, [1] and subsequently improved by Lucas in 1878 and Derrick Henry Lehmer in the 1930s. Contents 1 The test 2 Time complexity 3 Examples 4 Proof of correctness 4.1 Sufficiency 4.2 Necessity 5 Applications 6 See also 7 References 8 External links The test The Lucas Lehmer test works as follows. Let M p = 2 p 1 be the Mersenne number to test with p an odd prime (because p is exponentially smaller than M p, we can use a simple algorithm like trial division for establishing its primality). Define a sequence {s i } for all i 0 by The first few terms of this sequence are 4, 14, 194, 37634,... (sequence A003010 (http://oeis.org/a003010) in OEIS). Then M p is prime iff The number s p 2 mod M p is called the Lucas Lehmer residue of p. (Some authors equivalently set s 1 = 4 and test s p 1 mod M p ). In pseudocode, the test might be written: // Determine if M p = 2 p 1 is prime Lucas Lehmer(p) var s = 4 var M = 2 p 1 repeat p 2 times: s = ((s s) 2) mod M 1 of 7 8/17/11 9:52 AM

if s = 0 return PRIME else return COMPOSITE By performing the mod M at each iteration, we ensure that all intermediate results are at most p bits (otherwise the number of bits would double each iteration). It is exactly the same strategy employed in modular exponentiation. Time complexity In the algorithm as written above, there are two expensive operations during each iteration: the multiplication s s, and the mod M operation. The mod M operation can be made particularly efficient on standard binary computers by observing the following simple property: In other words, if we take the least significant n bits of k, and add the remaining bits of k, and then do this repeatedly until at most n bits remain, we can compute the remainder after dividing k by the Mersenne number 2 n 1 without using division. For example: 916 = 1110010100 2 = 11100 2 + 10100 2 = 110000 2 = 1 2 + 10000 2 = 10001 2 = 10001 2 = 17. Moreover, since s s will never exceed M 2 < 2 2p, this simple technique converges in at most 2 p-bit additions, which can be done in linear time. As a small exceptional case, the above algorithm may produce 2 n 1 for a multiple of the modulus, rather than the correct value of zero; this should be accounted for. With the modulus out of the way, the asymptotic complexity of the algorithm depends only on the multiplication algorithm used to square s at each step. The simple "grade-school" algorithm for multiplication requires O(p 2 ) bit-level or word-level operations to square a p-bit number, and since we do this O(p) times, the total time complexity is O(p 3 ). A more efficient multiplication method, the Schönhage Strassen algorithm based on the Fast Fourier transform, requires O(p log p log log p) time to square a p-bit number, reducing the complexity to O(p 2 log p log log p) or Õ(p 2 ). [2]. Currently the most efficient known multiplication algorithm, Fürer's algorithm, needs time to multiply two p-bit numbers. By comparison, the most efficient randomized primality test for general integers, the Miller Rabin primality test, takes O(k p 2 log p log log p) bit operations using FFT multiplication, where k is the number of iterations and is related to the error rate. This is a constant factor difference for constant k, but in practice the cost of doing many iterations and other differences lead to worse performance for Miller Rabin. The most efficient deterministic primality test for general integers, the AKS primality test, requires Õ(p 6 ) bit 2 of 7 8/17/11 9:52 AM

operations in its best known variant and is dramatically slower in practice. Examples Suppose we wish to verify that M 3 = 7 is prime using the Lucas Lehmer test. We start out with s set to 4 and then update it 3 2 = 1 time, taking the results mod 7: s ((4 4) 2) mod 7 = 0 Because we end with s set to zero, M 3 is prime. On the other hand, M 11 = 2047 = 23 89 is not prime. To show this, we start with s set to 4 and update it 11 2 = 9 times, taking the results mod 2047: s ((4 4) 2) mod 2047 = 14 s ((14 14) 2) mod 2047 = 194 s ((194 194) 2) mod 2047 = 788 s ((788 788) 2) mod 2047 = 701 s ((701 701) 2) mod 2047 = 119 s ((119 119) 2) mod 2047 = 1877 s ((1877 1877) 2) mod 2047 = 240 s ((240 240) 2) mod 2047 = 282 s ((282 282) 2) mod 2047 = 1736 Because s is not zero, M 11 =2047 is not prime. Notice that we learn nothing about the factors of 2047, only its Lucas Lehmer residue, 1736. Proof of correctness Lehmer's original proof of the correctness of this test is complex, so we'll depend upon more recent refinements. Recall the definition: Then our theorem is that M p is prime iff We begin by noting that is a recurrence relation with a closed-form solution. Define and ; then we can verify by induction that for all i: 3 of 7 8/17/11 9:52 AM

where the last step follows from. We will use this in both parts. Sufficiency In this direction we wish to show that implies that M p is prime. We relate a straightforward proof exploiting elementary group theory given by J. W. Bruce [3] as related by Jason Wojciechowski. [4] Suppose. Then for some integer k, and: Now suppose M p is composite, and let q be the smallest prime factor of M p. Since Mersenne numbers are odd, we have q > 2. Define the set with q 2 elements, where is the integers mod q, a finite field (in the language of ring theory X is the quotient of the univariate polynomial ring by the ideal generated by (T 2 3)). The multiplication operation in X is defined by: Since q > 2, and are in X (in fact are in X, but by abuse of language we identify and with their images in X under the natural ring homomorphism from to X which sends the square root of 3 to T). Any product of two numbers in X is in X, but it's not a group under multiplication because not every element x has an inverse y such that xy = 1 (in fact X is a ring and the set of non-zero elements of X is a group if and only if does not contain a square root of 3). If we consider only the elements that have inverses, we get a group X* of size at most q 2 1 (since 0 has no inverse). Now, since, and, we have in X, which by equation (1) gives. Squaring both sides gives, showing that ω is invertible with inverse and so lies in X*, and moreover has an order dividing 2 p. In fact the order must equal 2 p, since and so the order does not divide 2 p 1. Since the order of an element is at most the order (size) of the group, we conclude that. But since q is the smallest prime factor of the composite M p, we must have, yielding the contradiction 2 p < 2 p 1. So M p is prime. 4 of 7 8/17/11 9:52 AM

Necessity In the other direction, we suppose M p is prime and show. We rely on a simplification of a proof by Öystein J. R. Ödseth. [5] First, notice that 3 is a quadratic non-residue mod M p, since 2 p 1 for odd p > 1 only takes on the value 7 mod 12, and so the Legendre symbol properties tell us (3 M p ) is 1. Euler's criterion then gives us: On the other hand, 2 is a quadratic residue mod M p, since. Euler's criterion again gives: and so Next, define, and define X* similarly as before as the multiplicative group of. We will use the following lemmas: (from Proofs of Fermat's little theorem#proof_using_the_binomial_theorem) for every integer a (Fermat's little theorem) Then, in the group X* we have: We chose σ such that ω = (6 + σ) 2 / 24. Consequently, we can use this to compute group X*: in the where we use the fact that 5 of 7 8/17/11 9:52 AM

Since, all that remains is to multiply both sides of this equation by and use : Since s p 2 is an integer and is zero in X*, it is also zero mod M p. Applications The Lucas Lehmer test is the primality test used by the Great Internet Mersenne Prime Search to locate large primes, and has been successful in locating many of the largest primes known to date. [6] The test is considered valuable because it can provably test a very large number for primality within affordable time and, in contrast to the equivalently fast Pépin's test for any Fermat number, can be tried on a large search space of numbers with the required form before reaching computational limits. See also References Mersenne's conjecture Lucas Lehmer Riesel test GIMPS 1. ^ The Largest Known Prime by Year: A Brief History (http://primes.utm.edu/notes/by_year.html) 2. ^ Colquitt, W. N.; Welsh, L., Jr. (1991), "A New Mersenne Prime", Mathematics of Computation 56 (194): 867 870, "The use of the FFT speeds up the asymptotic time for the Lucas Lehmer test for M p from O(p 3 ) to O(p 2 log p log log p) bit operations." 3. ^ J. W. Bruce (1993). "A Really Trivial Proof of the Lucas Lehmer Test". The American Mathematical Monthly 100 (4): 370 371. 4. ^ Jason Wojciechowski. Mersenne Primes, An Introduction and Overview (http://wonka.hampshire.edu/~jason /math/smithnum/project.ps). 2003. 5. ^ Öystein J. R. Ödseth. A note on primality tests for N = h 2 n 1 (http://www.uib.no/people/nmaoy /papers/luc.pdf). Department of Mathematics, University of Bergen. 6. ^ What are Mersenne primes? How are they useful? (http://www.mersenne.org/faq.htm#what) Frequently Asked Questions. GIMPS Home Page. Crandall, Richard; Pomerance, Carl (2001), "Section 4.2.1: The Lucas Lehmer test", Prime Numbers: A Computational Perspective (1st ed.), Berlin: Springer, p. 167 170, ISBN 0387947779 External links Weisstein, Eric W., "Lucas Lehmer test (http://mathworld.wolfram.com/lucas-lehmertest.html) 6 of 7 8/17/11 9:52 AM

" from MathWorld. GIMPS (The Great Internet Mersenne Prime Search) (http://www.mersenne.org) A proof of Lucas Lehmer Reix test (for Fermat numbers) (http://arxiv.org/abs/0705.3664) Lucas Lehmer test (http://www.mersennewiki.org/index.php/lucas-lehmer_test) at MersenneWiki Retrieved from "http://en.wikipedia.org/wiki/lucas%e2%80%93lehmer_primality_test" Categories: Primality tests This page was last modified on 28 July 2011 at 16:33. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. See Terms of use for details. Wikipedia is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. 7 of 7 8/17/11 9:52 AM

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback