Primality test

Last updated

A primality test is an algorithm for determining whether an input number is prime. Among other fields of mathematics, it is used for cryptography. Unlike integer factorization, primality tests do not generally give prime factors, only stating whether the input number is prime or not. Factorization is thought to be a computationally difficult problem, whereas primality testing is comparatively easy (its running time is polynomial in the size of the input). Some primality tests prove that a number is prime, while others like Miller–Rabin prove that a number is composite. Therefore, the latter might more accurately be called compositeness tests instead of primality tests.

Contents

Simple methods

The simplest primality test is trial division : given an input number, , check whether it is divisible by any prime number between 2 and (i.e., whether the division leaves no remainder). If so, then is composite. Otherwise, it is prime. [1] For any divisor , there must be another divisor , and a prime divisor of , and therefore looking for prime divisors at most is sufficient.

For example, consider the number 100, whose divisors are these numbers:

1, 2, 4, 5, 10, 20, 25, 50, 100.

When all possible divisors up to are tested, some divisors will be discovered twice. To observe this, consider the list of divisor pairs of 100:

.

Products past are the reverse of products that appeared earlier. For example, and are the reverse of each other. Further, that of the two divisors, and . This observation generalizes to all : all divisor pairs of contain a divisor less than or equal to , so the algorithm need only search for divisors less than or equal to to guarantee detection of all divisor pairs. [1]

Also, 2 is a prime dividing 100, which immediately proves that 100 is not prime. Every positive integer except 1 is divisible by at least one prime number by the Fundamental Theorem of Arithmetic. Therefore the algorithm need only search for prime divisors less than or equal to .

For another example, consider how this algorithm determines the primality of 17. One has , and the only primes are 2 and 3. Neither divides 17, proving that 17 is prime. For a last example, consider 221. One has , and the primes are 2, 3, 5, 7, 11, and 13. Upon checking each, one discovers that , proving that 221 is not prime.

In cases where it is not feasible to compute the list of primes , it is also possible to simply (and slowly) check all numbers between and for divisors. A rather simple optimization is to test divisibility by 2 and by just the odd numbers between 3 and , since divisibility by an even number implies divisibility by 2.

This method can be improved further. Observe that all primes greater than 3 are of the form for a nonnegative integer and . Indeed, every integer is of the form for a positive integer and . Since 2 divides , and , and 3 divides and , the only possible remainders mod 6 for a prime greater than 3 are 1 and 5. So, a more efficient primality test for is to test whether is divisible by 2 or 3, then to check through all numbers of the form and which are . This is almost three times as fast as testing all numbers up to .

Generalizing further, all primes greater than (c primorial) are of the form for positive integers, , and coprime to . For example, consider . All integers are of the form for integers with . Now, 2 divides , 3 divides , and 5 divides . Thus all prime numbers greater than 30 are of the form for . Of course, not all numbers of the form with coprime to are prime. For example, is not prime, even though 17 is coprime to .

As grows, the fraction of coprime remainders to remainders decreases, and so the time to test decreases (though it still necessary to check for divisibility by all primes that are less than ). Observations analogous to the preceding can be applied recursively, giving the Sieve of Eratosthenes.

One way to speed up these methods (and all the others mentioned below) is to pre-compute and store a list of all primes up to a certain bound, such as all primes up to 200. (Such a list can be computed with the Sieve of Eratosthenes or by an algorithm that tests each incremental against all known primes ). Then, before testing for primality with a large-scale method, can first be checked for divisibility by any prime from the list. If it is divisible by any of those numbers then it is composite, and any further tests can be skipped.

A simple but very inefficient primality test uses Wilson's theorem, which states that is prime if and only if:

Although this method requires about modular multiplications, rendering it impractical, theorems about primes and modular residues form the basis of many more practical methods.

Heuristic tests

These are tests that seem to work well in practice, but are unproven and therefore are not, technically speaking, algorithms at all. The Fermat test and the Fibonacci test are simple examples, and they are very effective when combined. John Selfridge has conjectured that if p is an odd number, and p ≡ ±2 (mod 5), then p will be prime if both of the following hold:

where fk is the k-th Fibonacci number. The first condition is the Fermat primality test using base 2.

In general, if p ≡ a (mod x2+4), where a is a quadratic non-residue (mod x2+4) then p should be prime if the following conditions hold:

f(x)k is the k-th Fibonacci polynomial at x.

Selfridge, Carl Pomerance and Samuel Wagstaff together offer $620 for a counterexample. [2]

Probabilistic tests

Probabilistic tests are more rigorous than heuristics in that they provide provable bounds on the probability of being fooled by a composite number. Many popular primality tests are probabilistic tests. These tests use, apart from the tested number n, some other numbers a which are chosen at random from some sample space; the usual randomized primality tests never report a prime number as composite, but it is possible for a composite number to be reported as prime. The probability of error can be reduced by repeating the test with several independently chosen values of a; for two commonly used tests, for any composite n at least half the a's detect n's compositeness, so k repetitions reduce the error probability to at most 2k, which can be made arbitrarily small by increasing k.

The basic structure of randomized primality tests is as follows:

  1. Randomly pick a number a.
  2. Check equality (corresponding to the chosen test) involving a and the given number n. If the equality fails to hold true, then n is a composite number and a is a witness for the compositeness, and the test stops.
  3. Get back to the step one until the required accuracy is reached.

After one or more iterations, if n is not found to be a composite number, then it can be declared probably prime.

Fermat primality test

The simplest probabilistic primality test is the Fermat primality test (actually a compositeness test). It works as follows:

Given an integer n, choose some integer a coprime to n and calculate an − 1 modulo n. If the result is different from 1, then n is composite. If it is 1, then n may be prime.

If an−1 (modulo n) is 1 but n is not prime, then n is called a pseudoprime to base a. In practice, if an−1 (modulo n) is 1, then n is usually prime. But here is a counterexample: if n = 341 and a = 2, then

even though 341 = 11·31 is composite. In fact, 341 is the smallest pseudoprime base 2 (see Figure 1 of [3] ).

There are only 21853 pseudoprimes base 2 that are less than 2.5×1010 (see page 1005 of [3] ). This means that, for n up to 2.5×1010, if 2n−1 (modulo n) equals 1, then n is prime, unless n is one of these 21853 pseudoprimes.

Some composite numbers (Carmichael numbers) have the property that an − 1 is 1 (modulo n) for every a that is coprime to n. The smallest example is n = 561 = 3·11·17, for which a560 is 1 (modulo 561) for all a coprime to 561. Nevertheless, the Fermat test is often used if a rapid screening of numbers is needed, for instance in the key generation phase of the RSA public key cryptographic algorithm.

Miller–Rabin and Solovay–Strassen primality test

The Miller–Rabin primality test and Solovay–Strassen primality test are more sophisticated variants, which detect all composites (once again, this means: for every composite number n, at least 3/4 (Miller–Rabin) or 1/2 (Solovay–Strassen) of numbers a are witnesses of compositeness of n). These are also compositeness tests.

The Miller–Rabin primality test works as follows: Given an integer n, choose some positive integer a < n. Let 2sd = n  1, where d is odd. If

and

for all

then n is composite and a is a witness for the compositeness. Otherwise, n may or may not be prime. The Miller–Rabin test is a strong probable prime test (see PSW [3] page 1004).

The Solovay–Strassen primality test uses another equality: Given an odd number n, choose some integer a < n, if

, where is the Jacobi symbol,

then n is composite and a is a witness for the compositeness. Otherwise, n may or may not be prime. The Solovay–Strassen test is an Euler probable prime test (see PSW [3] page 1003).

For each individual value of a, the Solovay–Strassen test is weaker than the Miller–Rabin test. For example, if n = 1905 and a = 2, then the Miller-Rabin test shows that n is composite, but the Solovay–Strassen test does not. This is because 1905 is an Euler pseudoprime base 2 but not a strong pseudoprime base 2 (this is illustrated in Figure 1 of PSW [3] ).

Frobenius primality test

The Miller–Rabin and the Solovay–Strassen primality tests are simple and are much faster than other general primality tests. One method of improving efficiency further in some cases is the Frobenius pseudoprimality test; a round of this test takes about three times as long as a round of Miller–Rabin, but achieves a probability bound comparable to seven rounds of Miller–Rabin.

The Frobenius test is a generalization of the Lucas probable prime test.

Baillie–PSW primality test

The Baillie–PSW primality test is a probabilistic primality test that combines a Fermat or Miller–Rabin test with a Lucas probable prime test to get a primality test that has no known counterexamples. That is, there are no known composite n for which this test reports that n is probably prime. [4] [5] It has been shown that there are no counterexamples for n.

Other tests

Leonard Adleman and Ming-Deh Huang presented an errorless (but expected polynomial-time) variant of the elliptic curve primality test. Unlike the other probabilistic tests, this algorithm produces a primality certificate, and thus can be used to prove that a number is prime. [6] The algorithm is prohibitively slow in practice.

If quantum computers were available, primality could be tested asymptotically faster than by using classical computers. A combination of Shor's algorithm, an integer factorization method, with the Pocklington primality test could solve the problem in . [7]

Fast deterministic tests

Near the beginning of the 20th century, it was shown that a corollary of Fermat's little theorem could be used to test for primality. [8] This resulted in the Pocklington primality test. [9] However, as this test requires a partial factorization of n  1 the running time was still quite slow in the worst case. The first deterministic primality test significantly faster than the naive methods was the cyclotomy test; its runtime can be proven to be O((log n)c log log log n), where n is the number to test for primality and c is a constant independent of n. Many further improvements were made, but none could be proven to have polynomial running time. (Running time is measured in terms of the size of the input, which in this case is ~ log n, that being the number of bits needed to represent the number n.) The elliptic curve primality test can be proven to run in O((log n)6), if some conjectures on analytic number theory are true.[ which? ] Similarly, under the extended Riemann hypothesis, the deterministic Miller's test, which forms the basis of the probabilistic Miller–Rabin test, can be proved to run in Õ((log n)4). [10] In practice, this algorithm is slower than the other two for sizes of numbers that can be dealt with at all. Because the implementation of these two methods is rather difficult and creates a risk of programming errors, slower but simpler tests are often preferred.

In 2002, the first provably unconditional deterministic polynomial time test for primality was invented by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena. The AKS primality test runs in Õ((log n)12) (improved to Õ((log n)7.5) [11] in the published revision of their paper), which can be further reduced to Õ((log n)6) if the Sophie Germain conjecture is true. [12] Subsequently, Lenstra and Pomerance presented a version of the test which runs in time Õ((log n)6) unconditionally. [13]

Agrawal, Kayal and Saxena suggest a variant of their algorithm which would run in Õ((log n)3) if Agrawal's conjecture is true; however, a heuristic argument by Hendrik Lenstra and Carl Pomerance suggests that it is probably false. [11] A modified version of the Agrawal's conjecture, the Agrawal–Popovych conjecture, [14] may still be true.

Complexity

In computational complexity theory, the formal language corresponding to the prime numbers is denoted as PRIMES. It is easy to show that PRIMES is in Co-NP : its complement COMPOSITES is in NP because one can decide compositeness by nondeterministically guessing a factor.

In 1975, Vaughan Pratt showed that there existed a certificate for primality that was checkable in polynomial time, and thus that PRIMES was in NP, and therefore in . See primality certificate for details.

The subsequent discovery of the Solovay–Strassen and Miller–Rabin algorithms put PRIMES in coRP. In 1992, the Adleman–Huang algorithm [6] reduced the complexity to , which superseded Pratt's result.

The Adleman–Pomerance–Rumely primality test from 1983 put PRIMES in QP (quasi-polynomial time), which is not known to be comparable with the classes mentioned above.

Because of its tractability in practice, polynomial-time algorithms assuming the Riemann hypothesis, and other similar evidence, it was long suspected but not proven that primality could be solved in polynomial time. The existence of the AKS primality test finally settled this long-standing question and placed PRIMES in P . However, PRIMES is not known to be P-complete, and it is not known whether it lies in classes lying inside P such as NC or L. It is known that PRIMES is not in AC0. [15]

Number-theoretic methods

Certain number-theoretic methods exist for testing whether a number is prime, such as the Lucas test and Proth's test. These tests typically require factorization of n + 1, n − 1, or a similar quantity, which means that they are not useful for general-purpose primality testing, but they are often quite powerful when the tested number n is known to have a special form.

The Lucas test relies on the fact that the multiplicative order of a number a modulo n is n − 1 for a prime n when a is a primitive root modulo n. If we can show a is primitive for n, we can show n is prime.

Related Research Articles

<span class="mw-page-title-main">Carmichael number</span> Composite number in number theory

In number theory, a Carmichael number is a composite number which in modular arithmetic satisfies the congruence relation:

<span class="mw-page-title-main">Prime number</span> Number divisible only by 1 or itself

A prime number is a natural number greater than 1 that is not a product of two smaller natural numbers. A natural number greater than 1 that is not prime is called a composite number. For example, 5 is prime because the only ways of writing it as a product, 1 × 5 or 5 × 1, involve 5 itself. However, 4 is composite because it is a product (2 × 2) in which both numbers are smaller than 4. Primes are central in number theory because of the fundamental theorem of arithmetic: every natural number greater than 1 is either a prime itself or can be factorized as a product of primes that is unique up to their order.

<span class="mw-page-title-main">Square-free integer</span> Number without repeated prime factors

In mathematics, a square-free integer (or squarefree integer) is an integer which is divisible by no square number other than 1. That is, its prime factorization has exactly one factor for each prime that appears in it. For example, 10 = 2 ⋅ 5 is square-free, but 18 = 2 ⋅ 3 ⋅ 3 is not, because 18 is divisible by 9 = 32. The smallest positive square-free numbers are

In number theory, the Fermat pseudoprimes make up the most important class of pseudoprimes that come from Fermat's little theorem.

In number theory, Fermat's little theorem states that if p is a prime number, then for any integer a, the number apa is an integer multiple of p. In the notation of modular arithmetic, this is expressed as

In mathematics, a Fermat number, named after Pierre de Fermat (1607–1665), the first known to have studied them, is a positive integer of the form: where n is a non-negative integer. The first few Fermat numbers are: 3, 5, 17, 257, 65537, 4294967297, 18446744073709551617, ....

In number theory, an odd integer n is called an Euler–Jacobi probable prime to base a, if a and n are coprime, and

The Fermat primality test is a probabilistic test to determine whether a number is a probable prime.

In number theory, a probable prime (PRP) is an integer that satisfies a specific condition that is satisfied by all prime numbers, but which is not satisfied by most composite numbers. Different types of probable primes have different specific conditions. While there may be probable primes that are composite, the condition is generally chosen in order to make such exceptions rare.

The Miller–Rabin primality test or Rabin–Miller primality test is a probabilistic primality test: an algorithm which determines whether a given number is likely to be prime, similar to the Fermat primality test and the Solovay–Strassen primality test.

In mathematics, the Lucas–Lehmer test (LLT) is a primality test for Mersenne numbers. The test was originally developed by Édouard Lucas in 1878 and subsequently proved by Derrick Henry Lehmer in 1930.

The AKS primality test is a deterministic primality-proving algorithm created and published by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, computer scientists at the Indian Institute of Technology Kanpur, on August 6, 2002, in an article titled "PRIMES is in P". The algorithm was the first one which is able to determine in polynomial time, whether a given number is prime or composite without relying on mathematical conjectures such as the generalized Riemann hypothesis. The proof is also notable for not relying on the field of analysis. In 2006 the authors received both the Gödel Prize and Fulkerson Prize for their work.

The Solovay–Strassen primality test, developed by Robert M. Solovay and Volker Strassen in 1977, is a probabilistic primality test to determine if a number is composite or probably prime. The idea behind the test was discovered by M. M. Artjuhov in 1967 (see Theorem E in the paper). This test has been largely superseded by the Baillie–PSW primality test and the Miller–Rabin primality test, but has great historical importance in showing the practical feasibility of the RSA cryptosystem. The Solovay–Strassen test is essentially an Euler–Jacobi probable prime test.

Lucas pseudoprimes and Fibonacci pseudoprimes are composite integers that pass certain tests which all primes and very few composite numbers pass: in this case, criteria relative to some Lucas sequence.

A strong pseudoprime is a composite number that passes the Miller–Rabin primality test. All prime numbers pass this test, but a small fraction of composites also pass, making them "pseudoprimes".

In number theory, a Frobenius pseudoprime is a pseudoprime, whose definition was inspired by the quadratic Frobenius test described by Jon Grantham in a 1998 preprint and published in 2000. Frobenius pseudoprimes can be defined with respect to polynomials of degree at least 2, but they have been most extensively studied in the case of quadratic polynomials.

In mathematics and computer science, a primality certificate or primality proof is a succinct, formal proof that a number is prime. Primality certificates allow the primality of a number to be rapidly checked without having to run an expensive or unreliable primality test. "Succinct" usually means that the proof should be at most polynomially larger than the number of digits in the number itself.

In mathematics, elliptic curve primality testing techniques, or elliptic curve primality proving (ECPP), are among the quickest and most widely used methods in primality proving. It is an idea put forward by Shafi Goldwasser and Joe Kilian in 1986 and turned into an algorithm by A. O. L. Atkin the same year. The algorithm was altered and improved by several collaborators subsequently, and notably by Atkin and François Morain, in 1993. The concept of using elliptic curves in factorization had been developed by H. W. Lenstra in 1985, and the implications for its use in primality testing followed quickly.

<span class="mw-page-title-main">Perrin number</span> Number sequence 3,0,2,3,2,5,5,7,10,...

In mathematics, the Perrin numbers are a doubly infinite constant-recursive integer sequence with characteristic equation x3 = x + 1. The Perrin numbers bear the same relationship to the Padovan sequence as the Lucas numbers do to the Fibonacci sequence.

References

  1. 1 2 Riesel (1994) pp.2-3
  2. John Selfridge#Selfridge's conjecture about primality testing.
  3. 1 2 3 4 5 Pomerance, Carl; Selfridge, John L.; Wagstaff, Samuel S. Jr. (July 1980). "The pseudoprimes to 25·109" (PDF). Mathematics of Computation. 35 (151): 1003–1026. doi: 10.1090/S0025-5718-1980-0572872-7 .
  4. Baillie, Robert; Wagstaff, Samuel S. Jr. (October 1980). "Lucas Pseudoprimes" (PDF). Mathematics of Computation. 35 (152): 1391–1417. doi: 10.1090/S0025-5718-1980-0583518-6 . MR   0583518.
  5. Baillie, Robert; Fiori, Andrew; Wagstaff, Samuel S. Jr. (July 2021). "Strengthening the Baillie-PSW Primality Test". Mathematics of Computation. 90 (330): 1931–1955. arXiv: 2006.14425 . doi:10.1090/mcom/3616. S2CID   220055722.
  6. 1 2 Adleman, Leonard M.; Huang, Ming-Deh (1992). Primality testing and Abelian varieties over finite field. Lecture notes in mathematics. Vol. 1512. Springer-Verlag. ISBN   3-540-55308-8.
  7. Chau, H. F.; Lo, H.-K. (1995). "Primality Test Via Quantum Factorization". arXiv: quant-ph/9508005 .
  8. Pocklington, H. C. (1914). "The determination of the prime or composite nature of large numbers by Fermat's theorem". Cambr. Phil. Soc. Proc. 18: 29–30. JFM   45.1250.02.
  9. Weisstein, Eric W. "Pocklington's Theorem". MathWorld .
  10. Gary L. Miller (1976). "Riemann's Hypothesis and Tests for Primality". Journal of Computer and System Sciences . 13 (3): 300–317. doi: 10.1016/S0022-0000(76)80043-8 .
  11. 1 2 Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004). "Primes is in P" (PDF). Annals of Mathematics. 160 (2): 781–793. doi: 10.4007/annals.2004.160.781 .
  12. Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004). "PRIMES is in P" (PDF). Annals of Mathematics. 160 (2): 781–793. doi: 10.4007/annals.2004.160.781 .
  13. Carl Pomerance & Hendrik W. Lenstra (July 20, 2005). "Primality testing with Gaussian periods" (PDF).
  14. Popovych, Roman (December 30, 2008). "A note on Agrawal conjecture" (PDF).
  15. Allender, Eric; Saks, Michael; Shparlinski, Igor (2001). "A Lower Bound for Primality". Journal of Computer and System Sciences. 62 (2): 356–366. doi:10.1006/jcss.2000.1725.

Sources