1.
PRIMES is in P: A Breakthrough for Everyman
F. Bornemann (based on Agarwal ’04)
Dhruv Gairola
Computational Complexity, Michael Soltys
gairold@mcmaster.ca ; dhruvgairola.blogspot.ca
October 22, 2013
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
1 / 10
2.
Overview
1
Primality Testing
Introduction
Existing Methods
2
Contribution
Intuition
AKS Algorithm
Time Complexity
3
Reception
4
Conclusion
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
2 / 10
3.
Primality Testing : Introduction
Primes are greater than 1 and have no positive divisors other than 1
and itself. Non primes are composite numbers.
PRIMES is the decisional problem of determining whether or not a
given integer n is prime.
Important in cryptography (e.g., RSA)
Finding large ”random” primes.
Number of primes less than x is about x / ln x.
Test O(k) random k-bit numbers you will probably ﬁnd a prime.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
3 / 10
4.
Primality Testing : Existing Methods
Sieve of Eratosthenes
Ancient, iterative method to generate primes between 1 and n.
Simple but exponential, esp. in crypto where we are interested in large
numbers.
Fermats Little Theorem
If p is prime, for every a coprime to p, ap−1 ≡ 1 (mod p)
Try lots of a’s, if always holds p is probably prime.
Carmichael numbers (rare).
Rabin Miller Test
Randomized, fast.
Deﬁnitely composites; ﬁnds primes with high probability .
PRIMES ∈ co-RP (i.e., false positives exist but no false negatives).
ECPP (Elliptic curve primality proving)
Result is error free but expected polynomial running time.
No deterministic, polynomial time algorithm! (Miller 1976?)
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
4 / 10
5.
Contribution : Intuition
AKS algorithm : deterministic and polynomial time. Based on
generalization of Fermat’s Little Theorem.
Theorem : Suppose a and p are coprime with p > 1. p is prime iﬀ
(X + a)p ≡ X p + a (mod p)
X is an indeterminate variable.
Formally, we have the identity (X + a)p = X p + a in the ring Z[X] of
polynomials of one variable X over the ﬁnite ﬁeld Z of p elements.
Check diﬀerent values of a, but there are p possible choices of a.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
5 / 10
6.
Contribution : Intuition (2)
Don’t look at (X + a)p , look at remainder after division by (X r − 1)
where r is coprime to a.
Fewer coeﬃcients to compare with :
(X + a)p ≡ X p + a (mod X r − 1, p)
i.e., mod by X r − 1 ﬁrst and then mod by n.
True for certain composites. Impose certain conditions, arrive at key
AKS theorem.
Proof is rather long, but ”simple” enough.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
6 / 10
7.
Contribution : AKS Algorithm
AKS Algorithm (pseudocode of AKS Theorem)
1
Decide if p is a power of a natural number. If so, go to step 5.
2
Choose variables satisfying the hypotheses of the AKS theorem.
3
For a = 1, . . . , (s − 1) do the following:
(i) If a is a divisor of p, go to step 5.
(ii) If (X − a)p ≡ X p − a (mod X r − 1, p), go to step 5.
4
p is prime. Done.
5
p is composite. Done.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
7 / 10
8.
Contribution : Time Complexity
˜
Original paper : O(log 10.5 n)
10.5 n · poly (loglogn)).
i.e., O(log
i.e., O(log 10.5 n · (loglogn)O(1) ).
˜
Assuming Sophie Germain conjecture : O(log 6 n).
A Sophie-Germain prime is a prime q such that r = 2q + 1 is also
prime. Conjectured that inﬁnitely many Sophie-Germain primes.
Computation of variables in the AKS theorem becomes faster.
Other improvements are no longer ”simple” to understand.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
8 / 10
9.
Reception
Media
Misleading portrayal.
e.g., NYT ”quick and deﬁnitively”; WSJ ”One beautiful mind from
India is putting the Internet on alert”.
Scientiﬁc Community
Godel Prize, Fulkerson Prize.
Proposed extensions.
Industry
Not utilized. Variations of Rabin Miller used instead.
Randomized algorithms faster with extremely low probability of error.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
9 / 10
10.
Conclusion
Deterministic, polynomial
algorithm for primality
testing.
Important result in
complexity theory but
eﬃcient algorithms still
preferred practically.
Million dollar prize :
Riemann hypothesis.
Dhruv Gairola (McMaster Univ.)
PRIMES is in P
October 22, 2013
10 / 10
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.
Be the first to comment