Primes in P l Deterministic polynomialtime algorithm of

Primes in P l Deterministic polynomial-time algorithm of Agrawal, Kayal and Saxena l Presented by Vladimir Braverman

History l Sieve of Eratosthenes 240 BC l Randomized, polynomial-time algorithm of Miller-Rabin, 1980 (practically used) l Adleman, Pomerance and Rumeley (APR) a deterministic algorithm, an almost polynomial time Nloglog. N , 1983 l Agrawal, Kayal and Saxena, deterministic, polinomial-time algorithm 2002

Impact l Data security l Number Theory l Theory of algorithms l Doesn’t have a practical value yet

The Heroes Neeraj Kayal and Nitin Saxena are Ph. D students (22 years old). l Indian Institute of Technology, Kanpur l Agrawal was recently awarded the Clay Research Award, one of the coveted honors in mathematical research. l

Group Theory Number Theory Finite Fields Primes in P Polynomial identity idea Algorithms in Number Theory

Content l Background – Algorithms in number theory – Rings – Number Theory Basic idea: Polynomial identity l Algorithm l – Pseudo code – Correctness – Running time

Algorithms in number theory l Lemma 1 – 0 < a, b < n – ab can be calculated in O( log 3 (n)) – Maximal integer less than b/a can be calculated in O(log 2 (n)) – a mod b can be calculated in O(log 2 (n)) – Gcd(a, b) can be calculated in O(log 3 (n))

Algebra l A ring is a set together with addition and multiplication l l l l 1. Additive associativity: 2. Additive commutativity: 3. Additive identity. 4. Additive inverse 5. Multiplicative associativity: 6. Left and right distributivity: A ring is therefore an Abelian group under addition and a semigroup under multiplication.

Algebra (cont) l A polynomial f is defined to be a formal expression of the form where the coefficients a 0, . . . , an are elements of some ring R and X is considered to be a formal symbol. l Two polynomials are considered to be equal if and only if the sequences of their coefficients are equal. l

Algebra (end) l Polynomials with coefficients in R can be added by simply adding corresponding coefficients and multiplied using the distributive low and the rules X a = a X for all elements a of the ring R l Xk Xl = Xk+l for all natural numbers k and l. l l The set of all polynomials with coefficients in the ring R forms itself a ring, the ring of polynomials over R, which is denoted by R[X].

Algorithms in number theory (cont) l Lemma 2 Let 1 < a, b, r and n = max(a, r). Than ab mod r can be calculated in O( log 2 (n) + log(b) log 2(r)) l Lemma 3 Let 1< a, r < n. The r coefficients of (x-a)n mod (xr-1) in Zn[x] can be computed in O(r 2 log 3 (n)) time.

Algorithms in number theory (cont) l Lemma 4 Let n > 2 be an integer. There is an algorithm that decides in O(√n log 2 (n)) whether n is prime. Algorithm: – r: =2; s: =4 (s = r 2) – While s <= n – Do If n mod r = 0 return NO l l Else r: =r+1; s: =2 r-1 Endif – End. While – Return Yes

Algorithms in number theory (cont) l Lemma 4 (cont) – The correctness follows from the fact that n is not prime iff there is an integer r <= √n that divides n. – The while-loop makes at most √n iterations each one taking (log 2 n) time.

Algorithms in number theory (end) l Lemma 5 Let n > 2 be an integer. There is an algorithm that computes the largest prime factor of n in O(√n log 2 (n)). l Lemma 6 Let n > 2 be an integer. There is an algorithm that decides in O(log 4 (n) log (n)) ) whethere exist integers a, b such that n = ab.

Number theory l Lemma 7 If p is prime number than for any i < p (pi) = 0 mod p Proof (pi) = p(p-1)…(p-i+1) / i! Since gcd(p, i!) = 1 the lemma is proved

Number theory(cont) l Lemma 8 If p is prime number than for any a, ap = a mod p Proof (induction) la =1 l a -> a+1 (a+1)p = (pi) ai (a+1)p = ap+1 = a+1 mod p

Polynomial identity l Theorem 1 Let a, n be integers – If n is a prime number, then (x-a)n = xn-a in the ring Zn[x] – If gcd(a, n) =1 and n is not a prime number, then (x-a)n <> xn-a in the ring Zn[x]

Proof of Theorem 1 (x-a)n = (ni) xi(-a)n-I. 1. Prime case – – 2. If n is prime, (ni) = 0 mod n, according to Lemma 7 Therefore (x-a)n = xn – a mod n, according to Lemma 8 n is not a prime and gcd(n, a) = 1 q – prime factor of n, qk | n, k – maximal gcd (a, q) = 1 and gcd (an-q, qk) = 1

Proof of Theorem 1(Cont) Lemma: qk doesn’t divide (nq) Proof: (by contradiction) l Suppose, (nq) = b qk. Than, n(n-1)…(n-q+1)/q! = b qk. n = (q-1)! b qk+1 /(n-1)…(n-q+1). l For each 0 < j < q , q doesn’t divide (n-j). Indeed, since q | n and (n-j) = 0 mod q we have j = 0 mod q. l Therefore, (q-1)! b /(n-1)…(n-q+1) is an integer and qk+1 | n that contradicts with maximal property of k

Proof of Theorem 1(Cont) l l l (x-a)p The coefficient of xp is (nq)(-1)n-qan-q If it is divisible by n, than (nq)an-q = bn Hence, (nq)an-q/qk = bn / qk Right-hand side is integer and gcd(an-q, qk) = 1 Therefore qk | (nq) that contradicts Lemma We proved that (x-a)n <> xn-a in the ring Zn[x]

Improved polynomial identity l Theorem 2 Let n be an integer and let q, r be prime numbers and 1. gcd (m, n) = 1 for all m < r 2. q divides r-1 3. q ≥ 2√r log(n) + 2 4. n(r-1)/q ≠ 1 mod r 5. (x-a)a = (xn-a) mod (xr-1) in Zn[x] for a < 2√r log(n) + 1 Then n is a power of prime number.

l Lemma 9 There exist constants 0 < c 1 < c 2 such that for any large n, there exists a prime number r 1. c 1 log 6(n) < r < c 2 log 6(n) 2. r-1 has a prime factor q, q ≥ 2√r log(n) + 2 3. n(r-1)/q ≠ 1 mod r

Algorithm Prime(n) l l l r : = 2; found : = false; While r < n and found = false Do if gcd(r, n) ≠ 1 then return NO – – If r is a prime and r > 2 Then q : = largest prime factor of r-1 l l l – – l If q ≥ 2√r log(n) + 2 and n(r-1)/q ≠ 1 mod r Then found = true Endif If found = false then r++ endif Endwhile

Algorithm Prime(n) (Cont) For a: = 1 to 2√r log(n) + 1 l Do if (x-a)a ≠ (xn-a) mod (xr-1) in Zn[x] l – – l l l Then return NO Endif Endfor If n = ab for some integers a, b ≥ 2 Then return NO Else return YES Endif

Correctness of the algorithm (Sketch of the proof ) l If n is prime, l l Algorithm doesn’t return NO during While loop, since gcd(n, r) = 1 By Theorem 1, (x-a)a ≠ (xn-a) mod (xr-1) in Zn[x] Thus, the algorithm doesn’t return NO during For loop N is not in the form ab, therefore YES is returned If n is not a prime, then, according to Theorem 2, the algorithm returns NO

Running time (Sketch of the proof ) l While loop Action Time Reason gcd O(log 3(n)) r is prime O(√r log 2(r)) Lemma 4 largest prime factor of r-1 O(√r log 2(r)) Lemma 5 n(r-1)/q mod r O(log 2(n) + log 3(r)) Lemma 2 One while-loop iteration O(log 2(n) + (√r log 2(r)) Number of while iterations O(log 6(n)) Lemma 9 While-loop O( log 9(n) log 2(log(n)) ) r=O(log 6(n)) Lemma 1

Running time(Cont) l For loop Action Time Coefficient of (x-a)n mod (xr-1) in Zn[x] Note that the same time for (xn -a) O(r 2 log 3 (n)) For-loop O(log 19(n)) l Testing if n is perfect power – O(log 4(n) log(n))) , by Lemma 6 Reason Lemma 3 r=O(log 6(n)), Lemma 9

References l Agrawal, Kayal and Saxena. Primes in P l M. Smid. Primality testing in polynomial time l F. Bornemann. PRIMES Is in P: A breakthrough for “Everyman”

END