The document summarizes the Agrawal-Kayal-Saxena (AKS) primality test, which can determine if a number n is prime in polynomial time. It discusses different categories of primality tests, including tests where n being prime implies the test holds, tests where the test holding implies n is prime, and the AKS test where the test holding if and only if n is prime. The AKS algorithm is described along with proof of correctness and runtime analysis showing it runs in polynomial time. An example application of the AKS test to the number 1993 is provided to demonstrate it.

1. The AKS Primality Test
Pranshu Bhatnagar
Chennai Mathematical Institute
Indraprastha Institute of Information Technology
11
th
June 2015

2. Introduction to Primality Testing
•Goal: given an integer n > 1, determine whether n is prime
•Most people know the smallest primes
•2, 3, 5, 7, 11, 13, 17, 19, 23, …
•What about:
•38,476? No, because it is even
•4,359? No, because the sum of the digits is 21, a multiple of 3
•127? Yes, because it does not have any factors < √127 ≈ 11.27
•257,885,161 − 1?
•This has over 17 million digits. We need better tests…
2

3. 3 Categories
For some arithmetic statement S which is easy to check:
1.n is prime ⇒ S(n)
•pseudoprimes
•strong pseudoprimes
1.S(n) ⇒ n is prime
•n-1 test (Lucas Theorem)
•n+1 test (Lucas-Lehmer)
1.S(n) ⇔ n is prime
•AKS test
3

4. n is prime ⇒ S(n)
•S(n): n = 2 or n is odd
•S(n): n = 3 or sum of digits of n is not divisible by 3
•¬ S(n) ⇒ n is composite
•S(n) ⇒ ?
5

5. Pseudoprimes
•n prime ⇒ S(n)
•S-pseudoprime: n is composite but S(n) holds
•S(n): n = 2 or n is odd
•n = 15 is a pseudoprime
7

6. Intro to Modular Arithmetic
•a ≡ b (mod n)
•Formally n|(a-b)
•a/n leaves remainder b
•Clocks keep time (mod 12)
•16:30 (military time) ≡ 4:30 pm
•8:00 am + 7 hours = 15:00 ≡ 3 pm
•Subtract the modulus until the result is small enough
•11 ≡ 4 (mod 7)
•35 ≡ 0 (mod 5)
•23 = 8 ≡ 2 (mod 3)
11

7. Fermat Pseudoprimes
•n prime ⇒ S(n)
•S is based on Fermat’s Little Theorem:
If n is prime then an ≡ a (mod n), ∀a∈ℤ
•S(n): an ≡ a (mod n)
•Fermat pseudoprime: n is composite but an ≡ a (mod n)
for some a
13

8. Examples
n prime ⇒ an ≡ a (mod n)
•Let n = 91
•Composite: 91 = 7 * 13
•391 ≡ 3 (mod 91)
•91 is a Fermat pseudoprime base 3
•291 ≠ 2 (mod 91)
•91 is not a Fermat pseudoprime base 2 (91 is composite)
•Note: Most probably, ∃ infinite Carmichael numbers,
composites with
an ≡ a (mod n) for every a
17

9. S(n) ⇒ n is prime
•n is composite ⇒ ¬ S(n)
•¬ S(n) ⇒ ?
19

10. The n-1 Test
•S is based on the Lucas Theorem:
If an-1 ≡ 1 (mod n) but a(n-1)/q ≠ 1 (mod n) ∀ prime q|n-1,
then n is prime (for some a∈ℤ)
•S(n): an-1 ≡ 1 (mod n) but a(n-1)/q ≠ 1 (mod n)
23

11. Example
[an-1 ≡ 1 (mod n) but a(n-1)/q ≠ 1 (mod n)] ⇒ n
prime
•Let n = 19
•n-1 = 18 = 2 * 32
•Let a = 2
218 ≡ 1 (mod 19)
29 ≡ 18 (mod 19)
26 ≡ 7 (mod 19)
• So 19 is prime
29

12. Another Example
[an-1 ≡ 1 (mod n) but a(n-1)/q ≠ 1 (mod n)] ⇒ n
prime
•S(n) ⇒ n is prime
•¬ S(n) ⇒ ?
•Let n = 13, a = 5
•n-1 = 12 = 22 * 3
512 ≡ 1 (mod 13)
56 ≡ 12 (mod 13)
But 54 ≡ 1 (mod 13)
•S(n) is false, but n = 13 is prime
31

13. S(n) ⇔ n is prime
•S(n) ⇒ n is prime
•¬ S(n) ⇒ n is composite
•Theorem:
Given some a with gcd(a,n) = 1:
n is prime iff (x + a)n ≡ xn + a (mod n)
•S(n): (x + a)n ≡ xn + a (mod n)
37

14. Example
S(n): (x + a)n ≡ xn + a (mod n)
•(x+4)7
= x7 + 28x6 + 336x5 + 2240x4 + 8960x3 + 21504x2 + 28672x + 16384
≡ x7 + 4 (mod 7)
•7 is prime
•(x+3)4
= x4 + 12x3 + 54x2 + 108x + 81
≡ x4 + 2x2 + 1 (mod 4)
≠ x4 + 3
•4 is composite
41

15. Improvement: The AKS Theorem
•Agrawal-Kayal-Saxena (AKS) Theorem:
n is prime iff
•n is not a power,
•n has no small factors,
•(x + a)n ≡ xn + a (mod n, xr - 1)
for certain r and small values of a
43

16. The AKS Algorithm
47
Input: n ≥ 1
STEP 1. If ∃a, b > 1 ∈ N such that n = ab , then Output
COMPOSITE;
STEP 2. Find the minimal r ∈ N such that or(n) > log2(n);
STEP 3. For a = 1 to r do
if 1 < (a, n) < n, then Output COMPOSITE;
STEP 4. if r ≥ n, then Output PRIME ;
STEP 5. For a = 1 to do
if (x + a)n ≡ xn + a (mod xr − 1, n), then Output
COMPOSITE;
STEP 6. Output PRIME;

17. Proof Of Correctness

18. n is prime ⇒ S(n)
ln is certainly not of the form ab for any a, b > 1, so
lSTEP 1 will not output COMPOSITE.
lSince n is prime, we also know that ∀x ∈ N, (n, x) = 1 or n.
Hence STEP 3 will not output composite either.
lWe have seen that for any prime n, (x+a)n ≡ xn+a (mod n),
so STEP 5 will not output COMPOSITE.
lTherefore the algorithm will output PRIME

19. S(n) ⇒ n is prime
lIf the algorithm returns PRIME during STEP 4, then we know
that ∀m < n, (m, n) = 1 (this was checked in STEP 3),
meaning n is prime.
lThe remaining case, in which the algorithm returns PRIME
during STEP 6, will take considerably more effort and require
some extra machinery.

20. Runtime Analysis

21. Notation

22. Basic Operations
lLet n, m ∈ N. Then
lComputing m + n takes O(||n|| + ||m||) = O(log(n) + log(m))
bit operations.
lComputing m · n takes O(||n|| · ||m||) = O(log(n) · log(m)) bit
operations.
lComputing the quotient n div m and the remainder n mod m
takes O((||n|| −||m|| + 1) · ||m||) bit operations.

23. Basic Operations
lLet m, n ∈ N with at most k bits each. Then:
lm and n can be multiplied with O(k(log(k))(loglogk)) = O
~(k)
bit operations.
ln div m and n mod m can be computed using O(k(log(k))(log
logk)) = O
~(k) bit operations.
lMultiplication of two polynomials of degree d with
coefficients at most m bits in size can be done in O
~(d · m)
bit operations.

24. Euclidean Algorithm
lInput: m, n ∈ Z
l0: a, b integer;
l1: if |n| ≥ |m|
l2: then a ← |n|; b ← |m|;
l3: else b ← |m|; a ← |n|;
l4: while b > 0 repeat
l5: (a, b) ← (b, a mod b); //i.e., ai = bi−1 , bi = ai−1 mod bi−1
l6: return a;
lThis algorithm runs in O(log(n) · log(m)).

25. Fast Modular Exponentiation
lLet n = 2a
1 + 2a
2 + · · · + 2a
l where a1 > a2 > · · · > al.
lDefine f0 := (x + a),
lfi+1(x) = fi(x)2 (mod xr − 1, n).
lThen faj(x) = (x + a)aj .
lIf we further define g1(x) := fa1(x) and gk(x)≡gk−1(x) fk (x) (mod
xr − 1, n), then we see that
lgl(x) ≡ (x + a)2a
1
+···+2a
l = (x + a) n (mod x r − 1, n).
lWe have therefore computed (x + a)n (mod xr − 1, n) in a1 + l
≤ 2log(n) steps, where a step consists of multiplying two
polynomials of degree less than r with coefficients in Z/nZ.
This leads to a total runtime of O
∼(r·log2 (n)).

26. Perfect power Test
lInput : n ∈ N
l0: a, b, c, m integer
l1: b ← 2
l2: while (b ≤ log(n)) do
l3: a=1;c=m;
l4: while c − a ≥ 2 do
l5: m ← (a + c) div 2;
l6: p ← min {mb , 1};
l7: if p = n then return "n is a
perfect power";
l8: if p < n then a ← m else c
← m;
l9: b ← b + 1;
l10: return "n is not a perfect
power."
lLoop 1 will run at most log(n)
times. Also, it will take at
most log(n) iterations of loop
2 before |c − a| ≤ 1. During
each iteration of loop 2, we
calculate (a + c) div 2 and mb
, which can be done in
O
~(log(n)) bit operations.
lThe complexity of the entire
algorithm is therefore
O
∼(log3(n)).

27. Overall
STEP 1 At most O∼(log3(n)) bit operations.
STEP 2 We know that there exists an r< log5(n) such that
or(n) > log2(n) .The easiest way to find such an r is simply to
calculate nk(mod r) for k = 1, 2, ..., log2(n). This involves
O(log2(n)) multiplications modulo r for each r, so STEP 2
takes O∼(log7(n)) bit operations.
STEP 3 While determining whether (a,n)> 1 for some a ≤ r,
computing each gcd takes O∼(log2(n)) bit operations using
the Euclidean Algorithm, resulting in a total of O∼(log7(n)) bit
operations

28. Overall
STEP 5 Given a ≤ , calculating (x + a)n in the
ring Z/nZ as reducing modulo xr − 1 is trivial (simply replace
xs by x(s−r)). In order to calculate (x+a)n, we must perform
O(log(n)) multiplications of polynomials of degree<r with
coefficients of size O(log(n)) (as the coefficients are written
modulo n; recall that all polynomials are reduced modulo xr −1
during Fast Modular Exponentiation).Each congruence
therefore takes O∼(log7(n)) bit operations to verify.
This step therefore takes O∼( log(n) log7(n)) =
O∼( log8(n)) = O∼(log21/2(n)) bit operations. The
complexity of STEP 5 clearly dominates the complexity of
the other steps, so the overall complexity of the algorithm is
O∼(log10.5(n)), which is indeed polynomial.

29. Example
•Is n = 1993 prime?
1.1993 is not a power ✓
53

30. Example Continued
(Is n = 1993 prime?)
1.(i) Find “certain r:”
Really finding the least integer r > log2n with order of n in ℤr
*
We find r = 5.
(ii) Check that n has no “small factors”
Really checking no factors in [2, log n * √φ(r)] = [2, log(1993)*√4]
= [2, 21.92])
2, 3, 4, 5, …, 21 are not factors ✓
Note: √1993 ≈ 44.643 – AKS checks less than half as many
numbers as possible factors
59

31. Example Continued
(Is n = 1993 prime?)
1.Check (x + a)n ≡ xn + a (mod n, xr - 1)
for a up to the same value (log n* √φ(r))
So for 1 ≤ a ≤ 21 check
(x + a)1993 ≡ x1993 + a (mod 1993, x5 - 1) ✓
Result: n = 1993 passed all 3 tests. So 1993 is prime.
61

32. Significance
•Determines whether n is prime or composite in
polynomial time
•AKS Test is an iff statement
•If pass the test then n is definitely prime
•If fail the test then n is definitely composite
67

33. Work Cited
•Linowitz, Benjamin. An Exposition of the AKS Polynomial
Time Primality Testing
•Stay, Michael, Primes is in P, slowly.
•Crandall, Richard, and Carl Pomerance. Prime Numbers:
A Computational Perspective. New York: Springer,
2005.
•Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004).
"PRIMES is in P"
71