A Deterministic Polynomialtime Primality Test

1
A DeterministicPolynomial-time Primality Test

• Manindra Agrawal
• Neeraj Kayal
• Nitin Saxena
• Brought to you by Amit Chakrabarti

2

• Turns out, Primes are in P
• -- Slashdot post, Aug 7, 0008
• ?
• If this is true, they could have easily taken
  over the infrastructure of a modernized
  computer-bent, encryption-shielded society such
  as the US or Japan. If that is indeed the case,
  these guys deserve a Nobel Peace Prize for giving
  this powerful tool to all and not using it as a
  weapon of war.
• -- Slashdot comment, Aug 7, 0020
• ?
• If this turns out to be true, then you can bet
  the NSA has had this algorithm for decades.
• -- Slashdot comment, Aug 7, 0026

3

• Turns out, Primes are in P
• -- Slashdot post, Aug 7, 0008
• ?
• If this is true, they could have easily taken
  over the infrastructure of a modernized
  computer-bent, encryption-shielded society such
  as the US or Japan. If that is indeed the case,
  these guys deserve a Nobel Peace Prize for giving
  this powerful tool to all and not using it as a
  weapon of war.
• -- Slashdot comment, Aug 7, 0020
• ?
• If this turns out to be true, then you can bet
  the NSA has had this algorithm for decades.
• -- Slashdot comment, Aug 7, 0026

4
The Problem

• Given integer n, decide whether or not n is prime
  in time poly(log n).
• Previously
• Randomized poly(log n)-time test
• Deterministic poly((log n)log log log n)-time
  test
• Deterministic poly-time test assuming ERH

5
The Test

• Easy the identity
• (x - a)n xn a (mod n)
• holds for all a iff n is prime.
• Concern identity takes Q(n) time to verify even
  for a single a. And there are Q(n) as.
• Key new result if
• (x a)n xn a (mod n, xr-1)
• for a small r and all small a, then n is
  prime.

6
Notation

• Pmin(n) smallest prime factor of n
• Pmax(n) largest prime factor of n
• or(n) order of n mod r
• min t gt 0 nt 1 (mod r)

7
The Test in More Detail

• Let t 2r1/2 log n
• Suppose r is prime r lt Pmin(n)
• Suppose q Pmax(r-1) satisfies
• q gt 2t
• q or(n)
• Suppose (x a)n xn a (mod n, xr-1)
  for all a in 1,2,,t
• Then n is a prime power.

8
In Full Detail

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r-1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

9
In Full Detail

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r-1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

Loop 1
10
In Full Detail

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r- 1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

Loop 2
11
What We Must Prove

• THE HARD PARTS
• Lemma 1 The first loop finishes with a small
  value for r . . . r O(log6n).
• Theorem 1 If n is composite, the algorithm
  outputs COMPOSITE.

12
What We Must Prove

• THE EASY PARTS
• Theorem 2 If n is prime, the algorithm outputs
  PRIME.
• Theorem 3 The algorithm runs in poly(log n)
  time.

13
Proof of Lemma 1

• Enough to show
• ? c1,c2 and prime r ? c1log6n, c2log6n s.t.
• q Pmax(r-1) satisfies q gt 2t and q or(n).
• There are W(x/log x) primes p lt x s.t.
• Pmax(p-1) gt x2/3.
  Fouvry85
• Thus, W(log6n/log log n) primes r satisfy the
• first condition . . . use r2/3 gt 4r1/2log n 2t.

14
Proof of Lemma 1

• Enough to show
• ? c1,c2 and prime r ? c1log6n, c2log6n s.t.
• q Pmax(r-1) satisfies q gt 2t and q or(n).
• There are W(x/log x) primes p lt x s.t.
• Pmax(p-1) gt p2/3.
  Fouvry85
• Thus, W(log6n/log log n) primes r satisfy the
• first condition . . . use r2/3 gt 4r1/2log n 2t.

15
Proof of Lemma 1

• Enough to show
• ? c1,c2 and prime r ? c1log6n, c2log6n s.t.
• q Pmax(r-1) satisfies q gt 2t and q or(n).
• There are W(x/log x) primes p lt x s.t.
• Pmax(p-1) gt p2/3.
  Fouvry85
• Thus, W(log6n/log log n) primes r in the range
• satisfy q gt r2/3 gt 4r1/2log n 2t.

16
Proof of Lemma 1, contd

• Let x c2log6n.
• Take any such r which does not divide
• N (n - 1) (n2 - 1) (nx1/3 - 1)
• Exists, because log N lt x2/3log n O(log5n).
• Then, (r-1)/q lt r1/3 lt x1/3
• So, n(r-1)/q ? 1 (mod r)
• So, q or(n).

17
Proof of Theorem 2

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r-1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

18
Proof of Theorem 3

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r-1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

Loop 1
19
Proof of Theorem 3

• if(n ab, bgt1) output COMPOSITE
• for(r 2 to n)
• if(gcd(n,r) ? 1) output COMPOSITE
• if(r is prime)
• q Pmax(r- 1)
• if(q ? 2t n(r-1)/q ? 1 (mod r)) break
• for(a 1 to t)
• if((x-a)n ? xn-a (mod n,xr-1))
• output COMPOSITE
• output PRIME

Loop 2
20
Finally Proof of Theorem 1

• To prove if n is composite, the algorithm
  outputs COMPOSITE.
• Assume that it outputs PRIME. Then
• (x a)n xn a (mod n, xr-1)
• for all a in 1,2,,t. Also, q Pmax(r-1) is
  s.t.
• q gt 2t and q or(n)
• Also,
• r lt Pmin(n)
• Our goal to prove that n is a prime power.

21
Two Key Inequalities

• Suppose n p1k1 . p2k2 . . . psks
• Then or(n) lcm or(piki) lcm
  or(pi)
• .

22
Two Key Inequalities

• Suppose n p1k1 . p2k2 . . . psks
• Then q or(n) lcm or(piki) lcm
  or(pi)
• So, n has a prime factor p s.t. q or(p)
• Let d or(p)
• Then, d gt q gt 2t.
• Also, p gt Pmin(n) gt r gt q gt 2t gt t.
• Our goal to prove that n is a power of p.

23
Algebra

• For integer m and f(x)?Zx, say (f,m) is nice if
• f(xm) f(x)m (mod p, xr-1)
• If (f,m) and (g,m) are nice, then so is (fg,m).
• If (f,m) and (f,m) are nice, then so is (f,mm).

24
Algebra

• For integer m and f(x)?Zx, say (f,m) is nice if
• f(xm) f(x)m (mod p, xr-1)
• If (f,m) and (g,m) are nice, then so is (fg,m).
• If (f,m) and (f,m) are nice, then so is (f,mm).
• Proof f(xmm) f(xm)m (mod p, xmr-1)
• ? f(xmm) f(xm)m (mod p, xr-1)
• ? f(xmm) f(x)mm (mod p, xr-1)

25
More Algebra

• In Fpx, xr-1 has an irreducible factor h(x)
  with deg(h) or(p) d.
• Fix h(x) let K Fpx/?h(x)?.

26
Constructions

• S
• S image of S in K S mod p, h(x)
• Use the key inequalities
• Since p gt t, S S gt
  (d/t)t.
• Since d gt 2t, S gt 2t 22r1/2log n n2r1/2.

27
Constructions, contd

• Let E nipj 0 lt i,j lt r1/2
• For all m?E, m lt n2r1/2 lt S
• Assume n is not a power of p
• Then, E gt (1 r1/2)2 gt r, so
• E contains m,m such that m m (mod r)
• i.e., xm xm (mod xr-1)
• i.e., xm xm in the field K.

28
The Nice Property

• For any g?S and m?E, (g,m) is nice, i.e.,
• g(xm) g(x)m (mod p, xr-1)
• Enough to consider g(x) x a.
• Enough to consider m n and m p.
• Now its trivial
• (x a)n xn a (mod xr-1).
• (x a)p xp a (mod p) .
• Corollary in the field K,
• for g?S and m?E, g(xm) g(x)m.

29
The Nice Property

• For any g?S and m?E, (g,m) is nice, i.e.,
• g(xm) g(x)m (mod p, xr-1)
• Enough to consider g(x) x a.
• Enough to consider m n and m p.
• Now its trivial
• (x a)n xn a (mod xr-1).
• (x a)p xp a (mod p) .
• Corollary in the field K,
• for g?S and m?E, g(xm) g(x)m.

30
The Nice Property

• For any g?S and m?E, (g,m) is nice, i.e.,
• g(xm) g(x)m (mod p, xr-1)
• Enough to consider g(x) x a.
• Enough to consider m n and m p.
• Now its trivial
• (x a)n xn a (mod xr-1).
• (x a)p xp a (mod p) .
• Corollary in the field K,
• for g?S and m?E, g(xm) g(x)m.

31
The Nice Property

• For any g?S and m?E, (g,m) is nice, i.e.,
• g(xm) g(x)m (mod p, xr-1)
• Enough to consider g(x) x a.
• Enough to consider m n and m p.
• Now its trivial
• (x a)n xn a (mod xr-1).
• (x a)p xp a (mod p) .
• Corollary in the field K,
• for g?S and m?E, g(xm) g(x)m.

32
The Nice Property

• For any g?S and m?E, (g,m) is nice, i.e.,
• g(xm) g(x)m (mod p, xr-1)
• Enough to consider g(x) x a.
• Enough to consider m n and m p.
• Now its trivial
• (x a)n xn a (mod xr-1).
• (x a)p xp a (mod p) .
• Corollary in the field K,
• for g?S and m?E, g(xm) g(x)m.

33
The Contradiction

• Let G ?S?, multiplicative subgroup of K.
• Since K is cyclic, G is cyclic. Suppose G
  ?g?.
• Recall ? distinct m,m?E s.t. xm xm in K.
  So,
• g(x)m g(xm) g(xm) g(x)m.
• Thus, m m (mod G).
• But G gt S gt m,m. Contradiction.

34
The Contradiction

• Let G ?S?, multiplicative subgroup of K.
• Since K is cyclic, G is cyclic. Suppose G
  ?g?.
• Recall ? distinct m,m?E s.t. xm xm in K.
  So,
• g(x)m g(xm) g(xm) g(x)m.
• Thus, m m (mod G).
• But G gt S gt m,m. Contradiction.

35
Another Way Kalai,Sahai,Sudan

• As before, ? distinct m,m?E s.t. xm xm in K.
• For any f?S,
• f(x)m f(xm) f(xm) f(x)m.
• So, f is a root of the polynomial
• Q(z) zm - zm ?Kz
• But deg(Q) max(m,m) lt S. Contradiction.

36
Another Way Kalai,Sahai,Sudan

• As before, ? distinct m,m?E s.t. xm xm in K.
• For any f?S,
• f(x)m f(xm) f(xm) f(x)m.
• So, f is a root of the polynomial
• Q(z) zm - zm ?Kz
• But deg(Q) max(m,m) lt S. Contradiction.

37
Another Way Kalai,Sahai,Sudan

• As before, ? distinct m,m?E s.t. xm xm in K.
• For any f?S,
• f(x)m f(xm) f(xm) f(x)m.
• So, f is a root of the polynomial
• Q(z) zm - zm ?Kz
• But deg(Q) max(m,m) lt S. Contradiction.

38
Thats All, Folks

• This is highly unlikely. It will only be a
  matter of time before somebody finds a flaw in
  the paper. I suppose I will give it a bash.
• -- Slashdot comment, Aug 7, 0537
• ?
• What do you think?