Primality Test. Rong-Jaye Chen

Similar documents
Trial division, Pollard s p 1, Pollard s ρ, and Fermat s method. Christopher Koch 1. April 8, 2014

Math 609/597: Cryptography 1

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

A Simple Derivation for the Frobenius Pseudoprime Test

SOLVED EXAMPLES

In number theory we will generally be working with integers, though occasionally fractions and irrationals will come into play.

The Structure of Z p when p is Prime

PROBLEM SET 5 SOLUTIONS. Solution. We prove that the given congruence equation has no solutions. Suppose for contradiction that. (x 2) 2 1 (mod 7).

3.2.4 Integer and Number Theoretical Functions

The structure of finite rings. The multiplicative residues. Modular exponentiation. and finite exponentiation

MATH 304: MIDTERM EXAM SOLUTIONS

International Baccalaureate LECTURE NOTES MATHEMATICS HL FURTHER MATHEMATICS HL Christos Nikolaidis TOPIC NUMBER THEORY

[ 47 ] then T ( m ) is true for all n a. 2. The greatest integer function : [ ] is defined by selling [ x]

Exam 2 CMSC 203 Fall 2009 Name SOLUTION KEY Show All Work! 1. (16 points) Circle T if the corresponding statement is True or F if it is False.

Lecture 9: Pseudo-random generators against space bounded computation,

CSE 1400 Applied Discrete Mathematics Number Theory and Proofs

Solutions to Math 347 Practice Problems for the final

The multiplicative structure of finite field and a construction of LRC

Basic Sets. Functions. MTH299 - Examples. Example 1. Let S = {1, {2, 3}, 4}. Indicate whether each statement is true or false. (a) S = 4. (e) 2 S.

Fourier Analysis, Stein and Shakarchi Chapter 8 Dirichlet s Theorem

Independence of the Miller-Rabin and Lucas Probable Prime Tests

11. FINITE FIELDS. Example 1: The following tables define addition and multiplication for a field of order 4.

1 Summary: Binary and Logic

Zeros of Polynomials

6 Integers Modulo n. integer k can be written as k = qn + r, with q,r, 0 r b. So any integer.

Lecture 14: Randomized Computation (cont.)

Factoring Algorithms and Other Attacks on the RSA 1/12

3 Gauss map and continued fractions

Quantum Computing Lecture 7. Quantum Factoring

Modern Algebra. Previous year Questions from 2017 to Ramanasri

Some p-adic congruences for p q -Catalan numbers

Bertrand s Postulate

Math 4400/6400 Homework #7 solutions

M3P14 EXAMPLE SHEET 1 SOLUTIONS

(A sequence also can be thought of as the list of function values attained for a function f :ℵ X, where f (n) = x n for n 1.) x 1 x N +k x N +4 x 3

Primality tests for specific classes ofn = k 2 m ±1

M A T H F A L L CORRECTION. Algebra I 1 4 / 1 0 / U N I V E R S I T Y O F T O R O N T O

arxiv: v1 [math.co] 3 Feb 2013

MATH 118 HW 7 KELLY DOUGAN, ANDREW KOMAR, MARIA SIMBIRSKY, BRANDEN LASKE

Chapter 2. Finite Fields (Chapter 3 in the text)

1. ARITHMETIC OPERATIONS IN OBSERVER'S MATHEMATICS

PROBLEM SET 5 SOLUTIONS 126 = , 37 = , 15 = , 7 = 7 1.

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

The picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled

Summary: Congruences. j=1. 1 Here we use the Mathematica syntax for the function. In Maple worksheets, the function

It is always the case that unions, intersections, complements, and set differences are preserved by the inverse image of a function.

ACO Comprehensive Exam 9 October 2007 Student code A. 1. Graph Theory

TEACHER CERTIFICATION STUDY GUIDE

Notations. Primary definition. Specific values. Traditional name. Traditional notation. Mathematica StandardForm notation. Specialized values

PERIODS OF FIBONACCI SEQUENCES MODULO m. 1. Preliminaries Definition 1. A generalized Fibonacci sequence is an infinite complex sequence (g n ) n Z

62. Power series Definition 16. (Power series) Given a sequence {c n }, the series. c n x n = c 0 + c 1 x + c 2 x 2 + c 3 x 3 +

Number Theory and Cryptography. Chapter 4

Wrap of Number Theory & Midterm Review. Recall: Fundamental Theorem of Arithmetic

Lecture 1. January 8, 2018

Basic Sets. MTH299 - Examples. Example 1. Let S = {1, {2, 3}, 4}. Indicate whether each statement is true or false. (a) S = 4

Properties and Tests of Zeros of Polynomial Functions

Jacobi symbols. p 1. Note: The Jacobi symbol does not necessarily distinguish between quadratic residues and nonresidues. That is, we could have ( a

4 A Survey of Congruent Results 1

3.2 Properties of Division 3.3 Zeros of Polynomials 3.4 Complex and Rational Zeros of Polynomials

ECE 308 Discrete-Time Signals and Systems

Mathematical Foundation. CSE 6331 Algorithms Steve Lai

Cardinality Homework Solutions

Recurrence Relations

Perfect Numbers 6 = Another example of a perfect number is 28; and we have 28 =

Arithmetic 1: Prime numbers and factorization (with Solutions)

A Few Primality Testing Algorithms

Different kinds of Mathematical Induction

Definition An infinite sequence of numbers is an ordered set of real numbers.

Complex Numbers Solutions

The 4-Nicol Numbers Having Five Different Prime Divisors

Infinite Sequences and Series

THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS

Math778P Homework 2 Solution

Chapter 2. Periodic points of toral. automorphisms. 2.1 General introduction

Unit 4: Polynomial and Rational Functions

Fermat s Little Theorem. mod 13 = 0, = }{{} mod 13 = 0. = a a a }{{} mod 13 = a 12 mod 13 = 1, mod 13 = a 13 mod 13 = a.

and each factor on the right is clearly greater than 1. which is a contradiction, so n must be prime.

Square-Congruence Modulo n

Unit 6: Sequences and Series

THE KENNESAW STATE UNIVERSITY HIGH SCHOOL MATHEMATICS COMPETITION PART II Calculators are NOT permitted Time allowed: 2 hours

Dirichlet s Theorem on Arithmetic Progressions

CS / MCS 401 Homework 3 grader solutions

Lecture 11 and 12: Basic estimation theory

Bertrand s Postulate. Theorem (Bertrand s Postulate): For every positive integer n, there is a prime p satisfying n < p 2n.

Congruence Modulo a. Since,

Continued Fractions and Pell s Equation

Number Theory and Algebra: A Brief Introduction

MAT1026 Calculus II Basic Convergence Tests for Series

[ 11 ] z of degree 2 as both degree 2 each. The degree of a polynomial in n variables is the maximum of the degrees of its terms.

Name of the Student:

Ma 530 Introduction to Power Series

ANSWERS SOLUTIONS iiii i. and 1. Thus, we have. i i i. i, A.

Primes in Arithmetic Progressions

UNITARY HARMONIC NUMBERS. CHARLES R. WALL Trident Technical College, Charleston, SC (Submitted October 1981) 1. INTRODUCTION

Basic elements of number theory

Basic elements of number theory

6. Uniform distribution mod 1

BINOMIAL PREDICTORS. + 2 j 1. Then n + 1 = The row of the binomial coefficients { ( n

Proc. Amer. Math. Soc. 139(2011), no. 5, BINOMIAL COEFFICIENTS AND THE RING OF p-adic INTEGERS

IP Reference guide for integer programming formulations.

Transcription:

Primality Test Rog-Jaye Che

OUTLINE [1] Modular Arithmetic Algorithms [2] Quadratic Residues [3] Primality Testig p2.

[1] Modular Arithmetic Algorithms 1. The itegers a divides b a b a{ 1, b} If b has a divisor, the a is said to be otrivial. a is prime if it has o otrivial divisors; otherwise, a is composite. The prime theorem: { a is prime a [2, x]} ( x) ~ x / log x If c a ad c b, the c is commo divisor of a ad b. If d is a great commo divisor of a ad b, the we write d=gcd(a,b). p3.

Euclidea algorithm(a,b) (for great commo divisor) iput: a b 0 output: d gcd( a, b) (1) Set r 0 =a ad r 1 =b (2) Determie the first 0 so that r +1 =0, where r i+1 =r i-1 mod r i (3) Retur (r ) Exteded Euclidea algorithm(a,b) iput:a>0, b>0 output: (r, s, t) with r=gcd(a,b) ad sa+tb=r (Omitted) p4.

Example :gcd(299,221)=? 299 1 221 78 ( q 1, r2 2 221 2 78 65 ( q 2, r3 3 78) 65) 78 1 65 13 ( q 1, r4 4 13) 65 5 13 0 ( q 5, r5 5 0) gcd( 299,221) r4 13 78 65 78 (221 2 78) 3 78 221 3 (299 1 221) 221 3 299 4 221 p5.

If gcd(a,b)=1, the a ad b are said to be relatively prime. Phi fuctio: ( ) #{ a gcd( a, ) 1 ad 1 a } 1. ( p e ) 2. ( ab) ( p 1) p e1 for prime p ( a) ( b) for gcd( a, b) 1 p6.

2. The itegers modulo a is cogruet to b modulo, writte, if a-b. Z ={0,1,,-1} a b (mod ) Give a, if x Z s.t. ax 1 (mod ), the a is Z said to be ivertible ad its iverse x is deoted a -1. p7.

Use Exteded Euclidea Algo to calculate a -1 mod Example:a=7 ad =9 Euclidea algorithm to fid gcd(a,) 9 1 7 2 7 3 2 1 2 2 1 0 Exteded Euclidea algorithm to write gcd(a,b)=sa+t 1 7 3 2 7 3(9 1 7) 4 7 3 9 7 1 4 mod 9 p8.

Z *={a gcd(a,)=1 ad 0<a<} * ( ) is defied as Z For example, Z 12 *={1,5,7,11}, Z 15 *={1,2,4,7,8,11,13,14} (Z *, *) forms a multiplicatio group p9.

Fermat s little theorem: If a Z * p Euler s theorem: If a Z * * The order of, writte ord(a), as the least positive iteger t such that * Z ( p is prime), the a, the a Z ( ) * If a, has ord( a) Z ( ), the a is said to be a geerator of Z *; i this case, a p1 1 (mod ) a t 1(mod ). Z * 1 (mod p) { a i 0 i ( )}. p10.

Example :=15 Z 15 *={1,2,4,7,8,11,13,14} ψ(15)= ψ(3) ψ(5)=2*4=8 * a Z 15 1 2 4 7 8 11 13 14 ord (a) 1 4 2 4 2 2 4 2 p11.

3. Chiese remaider theorem If the itegers 1,, k are pairwise relatively prime, the the system of cogrueces x x a 1 (mod 1 ) a 2 (mod 2 ) x a k (mod k ) has a uique solutio modulo = 1 * 2 * * k p12.

Algorithm:Gauss algorithm (1) Iput k, i, a i, for i=1,2,,k N i j (2) Compute for i=1,2,,k j1, ji (3) Compute iverse 1 M N mod for i =1,2,,k i i i (4) Compute x k i1 a i N M i i mod p13.

Example x 1 mod 3 x 6 mod 7 x 8 mod10 Accordig to Gauss algorithm, x 1 70 (70 1 70 (1 1 1 mod 3) 6 30 (30 mod 3) 6 30 (2 1 70 1 6 30 4 8 211 958 mod 210 118 1 1 mod 7) 8 21 (21 mod 7) 8 21 (1 1 1 mod10) mod10) p14.

4. Square-ad-Multiply Algorithm: Square-ad-Multiply(x, c, ) Iput: Output: x Z x c mod z 1, c with biary represetatio c l 1 i0 c i 2 i for i l 1 dowto 0 do z z 2 mod if c i 1 the z (z x) mod retur ( z) p15.

Example : 9726 3533 mode 11413=? i c i z 11 1 1 2 x9726=9726 10 1 9726 2 x9726=2659 9 0 2659 2 =5634 8 1 5634 2 x9726=9167 7 1 9167 2 x9726=4958 6 1 4958 2 x9726=7783 5 0 7783 2 =6298 4 0 6298 2 =4629 3 1 4629 2 x9726=10185 2 1 10185 2 x9726=105 1 0 105 2 =11025 0 1 11025 2 x9726=5761 p16.

[2] Quadratic Residue 1. Quadratic residue modulo * Let a Z, the a is a quadratic residue modulo * 2 if there exists x Z with x a(mod). I this case, x is a square root of a modulo. Otherwise, a is a quadratic oresidue modulo. Q :the set of quadratic residues modulo. Q :the set of quadratic oresidues modulo. Z * Q Q p17.

2. Theorem :p > 2 is prime ad α is a geerator of Z p * a Z * p is a quadratic residue modulo p i Z s.t. a 2i (mod p) p18.

3. Corollary : p > 2 is prime ad α is a geerator of Z p * (1) (2) (3) (4) Q Qp Qp p { i mod p i eve, 0 i p 2} { i mod p i odd, 0 i p 2} Q p ( p 1)/ 2 If a Q, the 2 p x a(mod p) p1 2 1(mod p) has exactly two 4. Legedre symbol :p > 2 is prime ad a p 0 1 1 a p p a a mod p a mod p Q p Q p solutios. a Z p19.

5. Theorem :Euler s criterio a 2 p is prime ad a Z, the a p 6. E.g : 3 23? p1 (mod p) 23-1 1011 2 2 use Square-ad-Multiply 3 23 3 231 2 mod 23 1, so 3 Q 23 p20.

a 7. Jacobi symbol : > 2 is a odd iteger, p i is prime ad e p 1 1 e k p 1 a a p 1 e 1 a p k ek p21.

8. Properties of Jacobi symbol:m, > 2 are odd itegers (1) (2) a a { 1,0,1},ad 0 gcd( a,) 1 ab a b ad a m a m a (3) (4) If a b(mod) the 1 ad a 1 1 2 1 ( 1) b 1, 1, 1(mod4) 3(mod4) (5) (6) 2 1 8 ( 1) m m-1-1 m 2 1, 1, (-1) 2 2 1(mod8) 3(mod8) p22.

9. E.g :calculate Jacobi symbol without factorig a 28, 28 55 2 55 2 55 7 55 551 71 2 2 (property 2) 55 ( 1) (property 6) 7 55 6 (property 3) 7 7 7 1 71 2 ( 1) 1 (property 4) p23.

10. Jacobi symbol V.S. Quadratic residue modulo a 1 defiitio J a Q { a Z * a 1} The elemet of are called psedosquares modulo. Q ~ J,ad ~ Q J \ Q Q J i the case is prime. p24.

11. E.g :=15 a a a 15 3 5 ad a The Jacobi symbol * a Z 15 a 3 a 5 a 15 a 1, 1(mod3), 3 a 1, a 2(mod3), 1 1 1 1 2-1 -1 1 a 1, 1(mod5), 5 a 1, a 2(mod5). are calculated i the followig table: 4 1 1 1 7 8 1-1 -1-1 -1 1 11 13 ~ 15 15 Hece, J {1,2,4,8}. It ca be verfiedthat Q15 {1,4},theQ J15 \ Q15-1 1-1 1-1 -1 14-1 1-1 {2,8} p25.

12. Quadratic residuosity problem(qrp) Determie if a give a J is a quadratic residue or pseudosquare modulo p26.

[4] Primality Testig (1) Prime umbers 1. How to geerate large prime umbers? (1) Geerate as cadidate a radom odd umber of appropriate size. (2) Test for primality. (3) If is composite, retur to the first step. p27.

2. Distributio of prime umbers Prime Number Theorem Let Π(x) deote the umber of prime umbers x. Π(x) ~ x/l(x) whe. p28.

(2) Solovay-Strasse primality test 1. Trial method for testig is prime or composite a[ 2, ], if a does ot divide is prime 2. Defiitio :Euler witess Let be a odd composite iteger ad. (1) If 1 a gcd( a, ) 1 or ( 2 a a 1)/ (mod ) the a is a Euler witess (to compositeess) for. p29.

(2) Otherwise, if gcd( ( 2 a a, ) 1 ad a 1)/ (mod ) the is said to be a Euler pseudoprime to the base a. The iteger a is called a Euler liar (to primality) for. p30.

3. Example (Euler pseudoprime) Cosider = 91 (= 7x13) Sice 9 45 =1 mod 91, ad 9 91 1 so 91 is a Euler pseudoprime to the base 9. 4. Fact At most Φ()/2 of all the umbers a, are Euler liars for. p31.

5. Algorithm :Solovay-Strasse(, t) INPUT: is odd, 3, t 1 OUTPUT: prime or composite 1. for i = 1 to t do : 1.1 choose a radom iteger a, 2 a -2 if gcd(a,) 1 the retur ( composite ) 1.2 compute r=a (-1)/2 mod (use square-admultiply) if r 1 ad r -1 the retur ( composite ) 1.3 compute Jacobi symbol s= if r s the retur ( composite ) 2. retur ( prime ) a p32.

6. Solovay-Strasse error-probability boud For ay odd composite iteger, the probability that Solovay-Strasse (, t) declares to be prime is less tha (1/2) t p33.

(3) Miller-Rabi primality test 1. Fact P : odd prime p-1 = 2 s r, where r is odd an, gcd (a, p) = 1 the a r = 1 (mod ) or a 2j r = -1 (mod ) for some j, 0 j s-1 Why? (1) Fermat s little theorem, a p-1 = 1 mod p (2) 1, -1 are the oly two square roots of 1 i Z p * p34.

2. Defiitio : odd composite iteger -1 = 2 s r, where r is odd 1 a -1 a is a strog witess to compositeess for if a r 1 (mod ), ad a 2j r -1 (mod ) for all j, 0 j s-1 is a strog pseudoprime to the base a if a r = 1 (mod ) or a 2j r = -1 (mod ) for some j, 0 j s-1 (a is called a strog liar to primality for ) p35.

3. Algorithm: Miller-Rabi (, t) INPUT: is odd, 3, t 1 OUTPUT: prime or composite 1. write -1 = 2 s r such that r is odd. 2. for i = 1 to t do : 2.1 choose a radom iteger a, 2 a -2 2.2 compute y=a r mod (use square-ad-multiply) 2.3 if y 1 ad y -1 do : j 1 while j s-1 ad y -1 do : y y 2 mod if y = 1 the retur ( composite ) j j+1 3. retur ( prime ) if y -1 the retur ( composite ) p36.

4. Example (strog pseudoprime) Cosider = 91 (= 7x13) 91-1 = 2*45, s=1, r=45 Sice 9 r = 9 45 =1 mod 91, 91 is a strog pseudoprime to the base 9. The set of all strog liars for 91 is {1, 9, 10, 12, 16, 17, 22, 29, 38, 53, 62, 69, 74, 75, 79, 81, 82, 90} The umber of strog liars of for 91 is 18 = Φ(91)/4 p37.

5. Fact If is a odd composite iteger, the at most ¼ of all the umbers a, 1 a -1 are strog liars for. I fact if =!9, the umber of strog liars for is at most Φ()/4. p38.

6. Miller-Rabi error-probability boud For ay odd composite iteger, the probability that Miller-Rabi (, t) declares to be prime is less tha (1/4) t 7. Remark For most composite itegers, the umber of strog liars for is actually much smaller tha the upper boud of Φ()/4. Miller-Rabi error-probability boud is much smaller tha (1/4) t. p39.

(4) A determiistic primality algorithm: AKS Prior to 2002, there was o kow method of efficietly provig the primality of very large umbers. All the algorithms i use, icludig Solovay-Strasse ad Miller-Rabi, produced a probabilistic result. I 2002, Agrawal, Kayal, ad Saxea developed a relatively simple determistic algorithm, kow as AKS algorithm. But AKS does ot appear to be as efficiet as SS or MR. p40.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback