Feb 8 Primality Testing Simple algorithms Pseudoprimes when

Feb 8: Primality Testing • Simple algorithms • Pseudoprimes, when they work: cyclic structure of mod n • Strong pseudoprime test

Problem • Given n, check if n is prime • Try every divisor: • O(n) time if we try everything • Note that n = xy, one of x, or y is at most n 1/2: Õ(n 1/2) total complexity • Easier version of factoring, but we’ll try to do better than that • We try to get to poly time • Note that poly time does not mean poly(n) • It’s actually poly(logn), because n has O(logn) digits in binary rep. • Easiest way to think of this issue: L (for length) = # of digits of n

Property of prime numbers •

Fermat test for n = pq works… •

aq-1 == 1 (mod p) and ap-1 == 1 (mod q) •

Fermat test for non-square-free n works • Suppose n = pe t where p not| t • Let x be a generator mod pe, consider some (x, y) mod n • We need to have xn-1 == 1 mod pe • Order(x, pe) = (p – 1) pe-1 • We cannot have (p – 1) pe-1 | pet – 1 because LHS is divisible by p, RHS is not divisible by p (because e > 1)

What is even left to solve • Carmichael number: n s. t. for all 0 < a < n & (a, n) = 1, an-1 == 1 mod n • Case that needs fixing: 561 = 3 * 11 * 17 • 2 | 560, 10 | 560, 16 | 560 • Therefore any (x, y, z) w. 0 < x < 3, 0 < y < 11, 0 < z < 17 doesn’t work • On the other hand, 561 is really easy to factorize: get something good mod 3 very easily • In this type of case of n = p 1 * p 2 * … * pk , can run in time f(min pi), which is how some of these n 1/6 / n 1/8 time algorithms go (these algorithms actually were faster than polytime ones for a while, and are probably competitive w. the deterministic ones…. )

The strong pseudoprime test •

Proving the product of k primes case • n = p 1 * p 2 * … * p k • Intuition: we need a s. t. ar == -1 mod n, and a 2 r == 1 mod n • What this means is ar = (-1, -1, …, -1) • But we are just as likely to have (1, -1, 1, … 1), and any 1 just `breaks’ the condition • So we just do another bijection

First Case to Check: xt == 1 mod n • Claim: this is rare. • Consider mod p 1 first, aka. x 1 mod p 1 • t is odd, and x 1 t == 1 mod p 1 • p 1 – 1 is even • So [t mod (p 1 – 1)] | (p 1 – 1) • Therefore [t mod (p 1 – 1)] <= (p 1 – 1) / 2, and the number of such x 1 mod p 1 is at most (p 1 -1)/2 • Apply independence, probability of (x 1…xk)t == (1… 1) <= 2 -k

$First Case to Check: x 2^{y + 1}t == 1 mod n • Claim:$

First Case to Check: x 2^{y + 1}t == 1 mod n • Claim: this is rare. • We have x 12^{y + 1} t == 1 mod p 1 • If this happens, then 2 y + 1 t | (p 1 – 1) • Note that everything have 2 different square roots. x 1 = g(p-1) / 2^{y + 1} t * k • x 12^{y} t is equally likely to be +1 or -1 From above, show that at least half the ks give x 12^yt = -1 mod p 1 • Once again, conclude that at most 2 -k fraction of things are bad • So overall a random a is going to give `not prime’ at least ¾ of the time. (in practice, just trying a = 2, 3, 5, 7 rules out < 10 40)