ebook img

An Efficient Implementation of the AKS Polynomial-Time Primality PDF

36 Pages·2005·0.53 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview An Efficient Implementation of the AKS Polynomial-Time Primality

An Efficient Implementation of the AKS Polynomial-Time Primality Proving Algorithm Chris Rotella May 6, 2005 Contents 1 History of Primality Testing 3 1.1 Description of the problem. . . . . . . . . . . . . . . . . . . . . . 3 1.2 Previous prime testing algorithms. . . . . . . . . . . . . . . . . . 3 2 The AKS Algorithm 5 2.1 The motivating idea . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Presentation of the algorithm . . . . . . . . . . . . . . . . . . . . 6 3 Running Time Analysis 9 3.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 The main theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 9 4 The Implementation 12 4.1 Description of implementation details . . . . . . . . . . . . . . . 12 4.2 Bignum library . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2.1 Why GMP? . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2.2 Description of GMP features used . . . . . . . . . . . . . 12 4.3 Polynomial library . . . . . . . . . . . . . . . . . . . . . . . . . . 13 4.3.1 Header file . . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.3.2 Constructors . . . . . . . . . . . . . . . . . . . . . . . . . 14 4.3.3 getCoef . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.3.4 isEqual . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3.5 setCoef . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3.6 compact . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 4.3.7 clear . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.8 Destructor. . . . . . . . . . . . . . . . . . . . . . . . . . . 17 4.3.9 mpz pX mod mult . . . . . . . . . . . . . . . . . . . . . . 18 4.3.10 mpz pX mod power . . . . . . . . . . . . . . . . . . . . . 19 4.4 Sieve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.4.1 Header file . . . . . . . . . . . . . . . . . . . . . . . . . . 20 4.4.2 Constructor . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.4.3 isPrime . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 4.4.4 Destructor. . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.4.5 Implementation notes . . . . . . . . . . . . . . . . . . . . 22 1 4.5 The completed implementation . . . . . . . . . . . . . . . . . . . 22 4.6 Overall implementation notes . . . . . . . . . . . . . . . . . . . . 24 5 Empirical Results 25 5.1 Description of testing environment . . . . . . . . . . . . . . . . . 25 5.2 Density of the polynomials. . . . . . . . . . . . . . . . . . . . . . 25 5.3 Timing results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 5.3.1 Breakdown . . . . . . . . . . . . . . . . . . . . . . . . . . 27 5.3.2 Lower bound on maximal a? . . . . . . . . . . . . . . . . 27 5.3.3 Comparisons . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.4 Profiler results . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.4.1 GMP polynomials . . . . . . . . . . . . . . . . . . . . . . 28 5.4.2 unsigned int polynomials . . . . . . . . . . . . . . . . . 28 6 Conclusions 32 6.1 Improvements to AKS and future work. . . . . . . . . . . . . . . 32 6.2 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 A Acknowledgments 34 2 Chapter 1 History of Primality Testing 1.1 Description of the problem A prime number is a natural number n that is divisible only by 1 and itself. Primenumbersarethebuildingblocksofthenaturalnumberssinceanynatural can be uniquely expressed as a product of prime numbers. Numbers that are not prime are called composite. Itisnaturaltoask,givenapositiveintegern,isnprimeorcomposite? This question may be formalized in the definition of PRIMES: the decision problem of determining whether or not a given integer n is prime. Thus, an algorithm that tests integers for primality solves PRIMES. 1.2 Previous prime testing algorithms Since primes are central to number theory, they have been the subject of much attention throughout history. TheSieveofEratostheneswasoneofthefirstexplicitalgorithms. Itproduces a table of numbers that indicates whether each number in the table is prime or composite. Pratt [9] proved that PRIMES is in NP, meaning that given n and some certificate c, n’s primality can be verified in polynomial time using c. Miller [7] showed that PRIMES in P if the Extended Riemann Hypothesis (ERH) is true. In short, PRIMES’s membership in P requires that finding a certificate for a number’s primality can be done in polynomial time. However, Miller’s argument assumed the Extended Riemann Hypothesis, which is one of the major outstanding problems in mathematics. The Hypothesis is concerned the the zeroes of the Riemann zeta function, and has deep theoretical connec- tions to the density of the primes. Rabin [10] randomized Miller’s approach, thereby eliminating the depen- dency on ERH, to create an efficient primality test now called Rabin-Miller [2]. While it has a chance of returning positively for a composite, the probability of 3 error can be made arbitrarily small. Rabin-Miller is very efficient and is used in many applications, including GMP [3]. In2003,Agarwal,Kayal,andSaxena[1]madetheir“PRIMESisinP”paper available. They provided a deterministic, polynomial-time primality proving algorithm. They received world-wide press coverage for their finding. 4 Chapter 2 The AKS Algorithm 2.1 The motivating idea The AKS Algorithm was motivated by the following lemma [2]: Lemma 1. Let n≥2, and let a<n be an integer that is relatively prime to n. Then n is a prime number ⇔ (X +a)n =Xn+a (mod n). Proof. All calculations are done in Z [X]. (⇒) We have n (cid:18) (cid:19) X n (X+a)n =Xn+ aiXn−i+an (2.1) i 0<i<n bytheBinomialTheorem. For0<i<n, (cid:0)n(cid:1)≡0 (mod n). Allofthebinomial i coefficients are thus 0 in Eq. 2.1. Hence, (X+a)n =Xn+an. (2.2) By Fermat’s Little Theorem, an =a in Z . Thus, (X+a)n =Xn+a. n (⇐) Assume that n is composite. Choose p < n and s ≥ 1 such that p is a prime factor of n and pn divides n, but ps+1 doesn’t. By Eq. 2.1, the term Xn−p has the coefficient (cid:18) (cid:19) n n(n−1)(n−2)···(n−p+1) ·ap = ·ap. (2.3) p p! nisdivisiblebyps,andtheotherfactorsareallrelativelyprimetop. Therefore, the numerator is divisible by ps but not ps+1. The denominator is trivially divisible by p. Also, because a and n are relatively prime, ap is not divisible by p. Thus, we have that (cid:0)n(cid:1)·ap is not divisible by ps, and by extension, not p divisible by n. Therefore, (cid:0)n(cid:1)·ap 6≡0 (mod n). Therefore, it is not possible for p (X+a)n to be equal to Xn+a. 5 This congruence leads to the following algorithm: Algorithm 2.1 Naive AKS 1 if (in Z [X]) (X+1)n =Xn+1 then n 2 return ”prime” 3 return ”composite” Clearly,Algorithm2.1issimple,butisintractableforevenmodestn,because the number of arithmetic operations is, at best, O(n).1 Perhaps the congruence can be salvaged if the number of terms in the poly- nomial can be reduced. If we compute in Z [X], modulo Xr −1, where r is n a “useful” prime. The number of terms in the resulting polynomial will be O(nmodr). Computing modulo Xr −1 is very simple: All exponents greater than r are replaced by nmodr. The following definition is simply one of convenience. Call r is a “useful” prime if it has the following properties: 1. GCD(n,r) = 1 2. r−1 has a prime factor q such that √ • q ≤4 rlogn • n(r−1)/q 6=1modr Since the restrictions of equality was relaxed, testing with one value of a is no longer sufficient. However, there is still a polynomial bound number of values of a that must be checked. 2.2 Presentation of the algorithm Algorithm 2.2 The AKS Algorithm 1 if (n=ab for some a,b≥2) then return ”composite” 2 r=2 3 while (r<n) do 4 if ( r divides n) then return ”composite” 5 if ( r is a prime number ) then 6 if (ni modr6=1 for all i,1≤i≤4dlogne2) then 7 break 8 r=r+1 9 if (r=n) then return ”prime” √ 10 for a from 1 to 2d re·dlogne do 11 if (in Z [X]) (X+a)n mod(Xr−1)6=Xnmodr+a then n 12 return ”composite” 13 return ”prime” The algorithm is broken into two main sections, the witness search in lines 2-9, and the polynomial check in lines 10-12. Notallprimesneedtogothepolynomialsectiontobedeclaredprime. Based on empirical evididence, at line 9, r =n for all prime n, n<347. 1SeeSection3.1 6 The time spent checking the polynomials is controlled by r, since the size of the polynomials and the number of multiplications needed to compute them, is bounded by it. Figure 2.1 shows the values of r for 347≤n≤10000. A polynomial upper bound on r is needed to ensure that AKS runs in poly- nomial time. Since ρ(n) > ord (n) > (logn)2. Thus, it is not possible for ρ(n) AKS to use less than O˜((logn)4) bit operations [4]. The empirical evidence in Figure 2.1 suggests that the lower bound is higher. While a proof of this con- jecture is beyond the scope of this work, it does point to a problem of AKS. As will be discussed below, the time spent multiplying the polynomial dominates the witness search. Thus, the overall running time is controlled by r. 7 1400 1200 1000 800 rho(n) 600 400 200 0 0 10000 20000 30000 40000 50000 60000 70000 80000 90000 100000 n Figure2.1: Thevaluesofρ(n)anditslowerbound(logn)2,for347≤n≤10000. 1000 990 980 970 960 rho(n) 950 940 930 920 910 900 18000 20000 22000 24000 26000 28000 30000 32000 n Figure 2.2: The values of ρ(n) for 16384≤n≤32768. 8 Chapter 3 Running Time Analysis 3.1 Background We begin with the definition of ”Big-Oh” notation: Definition 1. f(n)∈O(g(n)) if there exists n and some constant c such that 0 for all n≥n , f(n)≤c·g(n). 0 If f(n) ∈ O(g(n)) we say that “g is Big-Oh of f.” Informally, we can view g as an upper bound for f, for sufficiently large n. Note that constants are ignored in Big-Oh notation; n and n+10000 are both O(n). Intheanalysisofalgorithms,polynomialtimemeansthatastheinputgrows, thealgorithmtakesaanumberofcomputationalstepsthatispolynomialinthe size of the input. Since the input to AKS is a binary number n, the size of it’s input is logarithmic in n, its length in bits. More formally, we must show that the AKS algorithm takes O((logn)c) computational steps for some constant c. These proofs are based on those in [2]. 3.2 The main theorem Theorem 1. Algorithm 2.2 runs in polynomial time. Proof. Allnumbersusedintheexecutionareboundedbyn2, andthushavebit length bounded by 2logn. Naively, all arithmetic operations can be completed in O((logn)2) bit operations. We will concern ourselves with the number of arithmetic operations needed. The perfect power test on line 1 requires O((logn)2loglogn) arithmetic operations, using the standard algorithm. Lines3-8formthesearchforthesmallestwitnessr. Letρ(n)bethemaximal rforwhichtheloopisexecutedforagiveninputn. Assumeρ(n)=O((logn)c), for some constant c. One division is required to test whether r divides n. This takesO(ρ(n))operationsoverall. Inline5,wemusttestr forprimality. Tothis 9

Description:
May 6, 2005 dency on ERH, to create an efficient primality test now called .. A thorough implementation of AKS needs to be able to handle very large in-.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.