WXML Final Report: AKS Primality Test

Similar documents
Lecture 31: Miller Rabin Test. Miller Rabin Test

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Primality Testing. 1 Introduction. 2 Brief Chronology of Primality Testing. CS265/CME309, Fall Instructor: Gregory Valiant

1. Algebra 1.7. Prime numbers

Applied Cryptography and Computer Security CSE 664 Spring 2018

Factorization & Primality Testing

Slides by Christopher M. Bourke Instructor: Berthe Y. Choueiry. Spring 2006

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

WXML Final Report: Primality of Polynomials

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

The running time of Euclid s algorithm

Correctness, Security and Efficiency of RSA

Introduction to Cryptology. Lecture 19

Lecture 6: Deterministic Primality Testing

Chapter 6 Randomization Algorithm Theory WS 2012/13 Fabian Kuhn

FERMAT S TEST KEITH CONRAD

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

CPSC 467b: Cryptography and Computer Security

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

Primality testing: then and now

Advanced Algorithms and Complexity Course Project Report

Numbers. Çetin Kaya Koç Winter / 18

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Pseudoprimes and Carmichael Numbers

Primes and Factorization

Lecture 7: Fingerprinting. David Woodruff Carnegie Mellon University

Aspect of Prime Numbers in Public Key Cryptosystem

Lecture 6: Cryptanalysis of public-key algorithms.,

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

6.045: Automata, Computability, and Complexity (GITCS) Class 17 Nancy Lynch

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

Primality Testing- Is Randomization worth Practicing?

Lecture 1: Introduction to Public key cryptography

CPSC 467b: Cryptography and Computer Security

Number Theory. Modular Arithmetic

NOTES ON SOME NEW KINDS OF PSEUDOPRIMES

Elementary Number Theory

Elliptic curves: Theory and Applications. Day 3: Counting points.

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

4 Number Theory and Cryptography

Primality testing: then and now

EFFICIENTLY CERTIFYING NON-INTEGER POWERS

Chapter 7 Randomization Algorithm Theory WS 2017/18 Fabian Kuhn

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

CSC 373: Algorithm Design and Analysis Lecture 30

Wilson s Theorem and Fermat s Little Theorem

Wednesday, February 21. Today we will begin Course Notes Chapter 5 (Number Theory).

3 The fundamentals: Algorithms, the integers, and matrices

A Local-Global Principle for Diophantine Equations

Postmodern Primality Proving

Factoring. Number Theory # 2

Cryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1

1 The Fundamental Theorem of Arithmetic. A positive integer N has a unique prime power decomposition. Primality Testing. and. Integer Factorisation

Elliptic Curves Spring 2015 Problem Set #2 Due: 02/20/2015

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Mathematical Foundations of Public-Key Cryptography

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Basic elements of number theory

Basic elements of number theory

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Carmen s Core Concepts (Math 135)

ANALYZING THE QUADRATIC SIEVE ALGORITHM

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

Shor s Algorithm. Elisa Bäumer, Jan-Grimo Sobez, Stefan Tessarini May 15, 2015

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Mathematics of Public Key Cryptography

Some Facts from Number Theory

Theoretical Cryptography, Lecture 13

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

Part II. Number Theory. Year

THE SOLOVAY STRASSEN TEST

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Algorithms (II) Yu Yu. Shanghai Jiaotong University

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

10 Concrete candidates for public key crypto

Clock Arithmetic. 1. If it is 9 o clock and you get out of school in 4 hours, when do you get out of school?

Basic Algorithms in Number Theory

Elliptic Curves I. The first three sections introduce and explain the properties of elliptic curves.

Improving the Accuracy of Primality Tests by Enhancing the Miller-Rabin Theorem

Topics in Cryptography. Lecture 5: Basic Number Theory

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Mathematics of Cryptography

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

Continuing discussion of CRC s, especially looking at two-bit errors

9 Modular Exponentiation and Square-Roots

Dixon s Factorization method

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Introduction to Cryptography. Lecture 6

Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

About complexity. Number theoretical algorithms

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Shor s Algorithm. Polynomial-time Prime Factorization with Quantum Computing. Sourabh Kulkarni October 13th, 2017

Fields in Cryptography. Çetin Kaya Koç Winter / 30

Transcription:

WXML Final Report: AKS Primality Test Amos Turchet, Travis Scholl, Rohan Hiatt, Daria Mićović, Blanca Viña Patiño, Bryan Tun Pey Quah Winter 2017 1 Introduction Prime numbers are fascinating objects in mathematics, fundamental to number theory and cryptography. A primality test takes an integer as input and outputs whether that number is prime or composite. Most practical applications require primality tests to be efficient. Today, the largest known prime number has over twenty million digits so proving that a number of this size is prime can be computationally expensive. In 2002, Agrawal, Kayal, and Saxena published the first deterministic primality test that also runs in polynomial time relative to the binary representation of the input. Although their algorithm represents an important breakthrough in the field of computational number theory, it is seldom used in practice. Our objective was to determine why this idealized algorithm is not practical enough compared to other primality tests. We have re-created the algorithm and optimized our initial naïve implementation by studying each step to achieve optimal complexity using Fermat s Little Theorem, modular arithmetic, and the Fast Fourier Transform for multiplicative efficiency. To confirm that probabilistic methods are still preferred, we compared execution times and accuracy of other tests to our own results. 1.1 The initial problem Agrawal, Kayal, and Saxena published the first deterministic primality algorithm that runs in polynomial time. Prior to their discovery, most tests used are probabilistic and do not guarantee that any given prime number is in fact 1

prime. For example, Fermat s Little Theorem shows that for any integer a, a given number n, will satisfy the following congruence if n is prime: a n a (mod n) However, this fails to filter pseudo-primes, called Carmichael Numbers, which satisfy the congruence even though they are composite integers. Some of the first Carmichael numbers include 561, 1105, 1729. However, this was a property that was thought only prime numbers could satisfy, so Fermat s Little Theorem is not the most accurate method for identifying primes. Furthermore, deterministic primality tests such as trial by division simply take too long. Trial by division takes O(2 n ) in the worst case relative to the binary representation of the input. This time complexity is exponential, so trial by division is not an efficient primality test. After studying these two algorithms, we began looking at AKS. Even though AKS is deterministic, meaning that it correctly identifies all integers as either prime or composite, and runs in polynomial time, it is still rarely used in industry. 1.2 New directions When testing huge crypto-size primes, polynomial time is still too slow. Mathematicians and cryptographers prefer other methods that may not be as accurate as AKS to save time when testing large numbers. The main reason we studied the AKS primality test was to understand every step of the algorithm to figure out where it takes a long time and why. The overall runtime of our algorithm is O (log 21 2 (n)) where most of the toll is taken at the step where we use polynomials with modular arithmetic (polynom mod() in Figure 1). 2 Progress 2.1 Computational The first step is to check if the number is a perfect power. This filters out Carmichael numbers that would pass the polynomial mod step that implements Fermat s. Then we find the smallest r that satisfies the conditions explained in the theoretical section. Then we test as and return composite if a and n are not coprime. If n r then we return prime. Once all of these 2

steps have been completed we go into the polynomial mod function which will be explained in the theoretical section. Figure 1: Sage code implementation of AKS algorithm To study how well our version of the AKS algorithm performs, we wrote another primality test which utilizes Fermat s Little Theorem to test for primes (see Figure 2). Figure 2: Implementation of algorithm using Fermat s Little Theorem (FLT) 3

In Figure 3 the blue dots are primes identified by AKS, the black dots are primes identified by FLT, the green dots are composites found by FLT, and the red dots are composites found by AKS. We can see that AKS takes longer to identify a prime number but less time to identify a composite number. Figure 4 shows Carmichael Numbers being identified as primes by FLT and as composites by AKS. 140 120 100 80 60 40 20 2e5 4e5 6e5 8e5 1e6 Figure 3: Graph of Number vs Time Taken for Primality Test 4

140 120 100 80 60 40 20 2e5 4e5 6e5 8e5 1e6 Figure 4: Graph of Number vs Time Taken for Primality Test 2.2 Theoretical The main theorem that the AKS algorithm implements is a generalization of Fermat s Little Theorem. This generalization says that for a Z, n N, n 2, where a and n are coprime then n is prime if and only if (X + a) n X n + a(mod n) This reduces the coefficients of the polynomials, however, the computation is still long. If we reduce the polynomial (X + a) n to a smaller degree then less computation on the coefficients is required. Thus the algorithm uses (X + a) n X n + a(mod X r 1, n) In order to efficiently use this as a test for primality, we need to set sufficient bounds on r to both reduce the complexity and to correctly categorize n. The original AKS paper sets a bound with a lemma that states that there exists an r max(3, log 5 (n) ) such that the o r (n) > log 2 (n) and where r and n are coprime. Here, o r (n) is the order of n modulo r. This is the final step of the algorithm. The numbers that pass this test but are not prime are filtered out in earlier steps of the algorithm. We implement this for our polinomial mod function. 5

3 Future directions Initial investigations into the AKS primality algorithm opened up many interesting avenues for future pursuit of research. Our team identified multiple areas in which we could move forward and potentially inherently improve our implementation, or understand more about the algorithm and its functionality. One of the key next steps we outline involves taking our implementation out of Sage, and using proprietary Python to code the algorithm independently. Currently, Sage has multiple functions and methods which have nebulous time complexities and operations. Coding our algorithm completely from scratch would allow for maximum control over runtime, as well as precise knowledge as to which operations utilize the most resources. More rigorous scrutiny of time complexity would be a boon for any future investigations of AKS. Our analysis would then be significantly more robust and controlled, leading into our next potential direction. As we have noted throughout our investigations, AKS is currently not an industry standard. Our attempts to understand why this is the case have been functionally trivial at best. Thus, having complete control over runtime analysis would allow our team to proceed with more rigorous tests which compare AKS to the current industry standard primality algorithms. Having the ability to closely examine which specific aspects of AKS run better or worse than similar aspects of other algorithms could even provide insight into potential systemic improvements. References [1] M. Agrawal, N. Kayal, and N. Saxena. PRIMES is in P. Ann. of Math. (2), 160(2):781 793, 2004. [2] A. Granville. It is easy to determine whether a given integer is prime. Bull. Amer. Math. Soc. (N.S.), 42(1):3 38, 2005. [3] L. Rempe-Gillen and R. Waldecker. Primality testing for beginners, volume 70 of Student Mathematical Library. American Mathematical Society, Providence, RI, 2014. 6

[4] The Sage Developers. SageMath, the Sage Mathematics Software System (Version 6.10), 2016. http://www.sagemath.org. 7

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback