The Complexity Of Primality Testing

THE COMPLEXITY OF

PRIMALITY TESTINGPresented By:

Mohammad Elsheikh Salim Elsheikh

lecturer - Shendi University (Sudan)

[email protected]

Supervision of:

DR.Mohammed El-Hafiz

بسم هللا الرحمن الرحيمSUDAN UNIVERSITY OF SCIENCE AND

TECHNOLOGY

COLLEGE OF COMPUTER SCIENCE AND

INFORMATION TECHNOLOGY

PHD 4

mailto:[email protected]

SEMINAR OBJECTIVES2

SEMINAR OBJECTIVES

Explaining Primality Testing Problem.

Why Primality Testing is important .

Which Field required it.

Algorithm that can solve this problem and it

complexity classes.

Introduction

Prime numbers have attracted much attention

from mathematicians for many centuries.

However, the first actual use of prime numbers

in an important area outside of the theory of

numbers was discovered only in the mid to

late 1900s.

This was in the establishment of a technical

system to be used in maintaining the secrecy

of electronic communications.

Definition

Factor: when two or more numbers are multiplied,

each number is called a factor of the product. 6 =

2 * 3

Prime number: is a whole number greater than 1

that has exactly two positive factors, 1 and itself.

Example :

2, 3, 5, 7, 11, 13, and 17.

Composite number: is a whole number that has

more than two positive factors. Example: 4, 6,

8….

504 is composite, and its prime factorization is

23 x 32 x 7.

0 and 1 > Neither prime nor composite.

The Importance of Testing

Primality5

Primality testing are essential ingredients in

computer-security systems.

There are a number of techniques that

enhance computer security, rely on the

assumption that it is hard to factor

numbers, that is, given a composite

number, to find its prime factors.

The Importance of Testing

Primality6

In particular, these schemes, based on what

are called RSA codes, use integers of, say,

128 bits that are the product of two primes,

each of about 64 bits.

Two scenarios to explain it:

Public-Key Cryptography

Public-Key Signatures

Co. The Importance of Testing

Primality7

Public-Key Cryptography

y

f()> steps is …

etc.

What about k


Primality8

Public-Key Signatures


Primality9

Both scenarios above are believed to work

and to be secure, in the sense that it really

does take exponential time to factor the

product of two large primes:

1. The construction of public keys requires that

we be able to find large primes quickly.

2. The security depends on there being no

polynomial way to factor in general.

Introduction to Modular

Arithmetic10

First we explain what is the Remainders.

Given two integers a and b, as long as b ≠ 0, we

can find q (quotient) and r (remainder), such that

a =q*b + r.

Let’s let b = 5.• 0 = 0*5 + 0

• 1 = 0*5 + 1

• 2 = 0*5 + 2

• 3 = 0*5 + 3

• 4 = 0*5 + 4

• 5 = 1*5 + 0

• 6 = 1*5 + 1

• 7 = 1*5 + 2

• 8 = 1*5 + 3

• 9 = 1*5 + 4

• 10 = 2*5 + 0

.

.

.

.

.

What is modular arithmetic?

Arithmetic with the remainders upon division

by a fixed number n.

It is based upon the idea that the remainder of

the sum / difference / product of two numbers

is the remainder of the sum / difference /

product of the remainders.

For example, if n=5,

(31+7)%5 = 38%5 = 3, and

(31%5+7%5)%5 = (1+2 )%5 =3


Arithmetic12

Example: Suppose p = 13 Then

3 + 5 ≡13 8 <=> (3 + 5) modulo 13 = 8

7 + 10 ≡13 4.

o 7 + 10 = 17 => 17 > 13 => 17-13 = 4

-5 ≡13 8.

o 13 – 5 = 8 => 8 < 13

11- 4 ≡13 7

4 - 11 ≡13 6.

o 4 - 11 = -7 => no negative so we must add 13 to get 6.


Arithmetic

i j modulo 7 i j modulo 6

13

* 1 2 3 4 5 6

1 1 2 3 4 5 6

2 2 4 6 1 3 5

3 3 6 2 5 1 4

4 4 1 5 2 6 3

5 5 3 1 6 4 2

6 6 5 4 3 2 1

* 1 2 3 4 5

1 1 2 3 4 5

2 2 4 0 2 4

3 3 0 3 0 3

4 4 2 0 4 2

5 5 3 3 2 1


Arithmetic14

Some useful facts, which we shall not prove

here are:

If p is a prime, then ap-1 = 1 modulo p. This

statement is called Fermat’s theorem.

The degree of a modulo a prime p is always a

divisor of p - 1.

If p is a prime, there is always some a that has

degree p - 1 modulo p.

The Complexity of Modular-

Arithmetic Computations15

Compute modulo some prime p, and the binary

representation of p is n-bits long; i.e., p itself is

around 2n.

The running time of a computation is stated in

terms of n, the input length, rather than p, the

“value” of the input. For Instance, counting up

to p takes time O(2n),

Will not be polynomial-time, as a function of n.



Add two numbers modulo p in O(n) time on a

typical computer or multitape TM.

Recall that we simply add the binary numbers,

and if the result is p or greater, then subtract p.

Likewise, we can multiply two numbers in

O(n2) time, either on a computer or a Turing

machine.

After multiplying the numbers in the ordinary

way, and getting a result of at most 2n-bits, we

divide by p and take the remainder.



Raising a number x to an exponent is trickier,

since that exponent may itself be exponential

in n.

Since p - 1 is around 2n , if we were to multiply

x by itself p - 2 times, we would need O(2n)

multiplications, and even though each

multiplication involved only n-bit numbers and

could be carried out in O(n2) time,

The total time would be O(n22n), which is not

polynomial in n.



Fortunately, there is a “recursive-doubling” trick that lets us compute xp-1 in time that is polynomial in n:

1. Compute the at most n exponents x,x2,x4,x8,... , until the exponent exceeds p - 1. Each value is an n-bit number that is computed in O(n2) time by squaring the previous value in the sequence, so the total work is O(n3).

2. Find the binary representation of p - 1, sayp - 1 = an-1 … a1a0. We can write:



where each aj is either 0 or 1. Therefore,

which is the product of those values for

which aj=1. Since we computed each of those

s in step (1), and each is an n-bit number,

we can compute the product of these n or

fewer numbers in O(n3) time.

Thus, the entire computation of xp-1 takes

O(n3) time.

Random-Polynomial Primality

Testing20

The method actually used to generate n-bitprimes is to pick an n-bit number at randomand apply the Monte-Carlo algorithm torecognize composite numbers some largenumber of times, say 50.

If any test says that the number is composite,then we know it is not a prime. If all 50 fail tosay that it is composite, there is no more than250 probability that it really is composite.

Thus, we can fairly safely say that the numberis prime and base our secure operation on thatfact.


Testing21

Monte - Carlo algorithm for the composite

numbers:

1. Pick an x at random in the range 1 to p - 1.

2. Compute xp-1 modulo p. Note that if p is an n-

bit number, then this calculation takes O(n3)

time

3. If xp-1 ≠ 1 modulo p, accept; x is composite.

Otherwise, halt without accepting.

* If p is prime, then xp-1 = 1 modulo p, so we

always halt without accepting;


Testing22

Carmichael numbers:

The smallest Carmichael number is 561, That

is, one can show x560 = 1 modulo 561 for all x

that are not divisible by 3, 11, or 17,

Even though 561 = 3 x 11 x 17 is evidently

composite.

Thus, we shall claim, but without a complete

proof, that:

Theorem : The set of composite numbers is in

RP.


Testing23

Can We Factor in Random Polynomial Time?

The previous algorithm may tell us that a number

is composite, but does not tell us how to factor the

composite number.

It is believed that there is no way to factor

numbers, even using randomness, that takes

only polynomial time, or even expected

polynomial time.

If that assumption were incorrect, then the

applications that we discussed would be insecure

and could not be used.

Nondeterministic Primality

Tests24

That the language of primes is in NP ∩ co-NP.

Therefore the language of composite numbers,

the complement of the primes, is also in NP ∩

co-NP.

The case is that the primes or the composite

numbers are not NP-complete, for if either

were true then we would have the unexpected

equality NP = co-NP.

One part is easy:

The composite numbers are obviously in NP,

so the primes are in co-NP. We prove that fact

first.


Tests25

Theorem: The set of composite numbers is in NP.

PROOF;

The nondeterministic, polynomial-time algorithm for the composite numbers is:

Step one:

Take p as an n-bit number p,

Guess a factor f of at most n-bits.

f ≠ 1 and f ≠ p.

The time taken by any sequence of choices is O(n).

Step Two:

Divide p by f,

Check that the remainder is 0.

Accept if so.

The time taken is O(n2) on a multi tape TM.


Tests26

Recognizing the primes with a NTM is harder.

While we were able to guess a reason (a

factor) that a number is not a prime, and then

check that our guess is correct, how do we

“guess” a reason a number is a prime? The

nondeterministic polynomial-time algorithm is

based on the fact (asserted but not proved)

that if p is a prime, then there is a number x

between 1 and p – 1 that has degree p - 1


Tests27

While we could guess a number x easily, usingthe nondeterministic capability of a NTM, it isnot immediately obvious how one then checksthat x has degree p-1.

The reason is that if we apply the definition ofdegree directly, we need to check that none ofx2,x3,... ,xp-2 are 1.

To do so requires that we perform p - 3multiplications, and that requires time at least2n, if p is an n-bit number.


Tests28

A better strategy is to make use of another fact that we assert but do not prove: the degree of x modulo a prime p is a divisor of p - 1.

Thus, if we knew the prime factors of p - 1, it would be sufficient to check that x(p-1)/q =1 for each prime factor q of p - 1.

If none of these powers of x is equal to 1, then the degree of x must be p-1 . The number of these tests is O(n).

Of course we cannot factor p - 1 into primes easily.

However, non-deterministically we can guess the prime factors of p - 1, and: a) Check that their product is indeed p -1.

b) Check that each is a prime, using the nondeterministic, polynomial-time algorithm that we have been designing, recursively.


Tests29

Theorem: The set of primes is in NP.

PROOF: Given a number p of n-bits, we do the following.

First, if n is no more than 2 (i.e., p is 1, 2, or 3),directly; 2 and 3 are primes, while 1 is not. Otherwise:

1. Guess a list of factors (q1, q2,… , qk), whose binaryrepresentations total at most 2n bits, and none ofwhich has more than n - 1 bits. It is permitted for thesame prime to appear several times, since p-1 mayhave a factor that is a prime raised to a powergreater than 1;e.g. p = 13 > p - 1 = 12 > factors list is (2, 2, 3).This part is nondeterministic, but each branch takes

O(n) time.


Tests30

2. Multiply the q’s together, and verify that their product is p-1. This part takes no more than O(n2) time and is deterministic.

3. If their product is p - 1, recursively verify that each is a prime, using the algorithm being described here.

4. If the q’s are all prime, guess a value of x and check that x(p1-1)/qj≠1 for any of the qj’s. This test assures that x has degree p - 1 modulo p, since if it did not, then its degree would have to divide at least one (p-1)/qj, and we just verified that it did not.

Note in justification that any x, raised to any power of its degree, must be 1.

Thus, there are at most k exponentiations, which is surely no more than n exponentiations, and each one can be performed in O(n3) time, giving us a total time of O(n4) for this step.


Tests31


Tests32

Product of the children of any node is less than

the value of the node itself.

The work required at a node with value i,

exclusive of work done in recursive calls, is at

most a(log2 i)4 for some constant a;

Thus, The work required by any one level, we

is the maximize of the sum ∑j a (log2(ij))4,

subject to the constraint that the product i1i2…

is at most p. Because the fourth power is

convex,


Tests33

the maximum occurs when all of the value is inone of the ij’s . If i1=p, and there are no other ij’s,then the sum is a(log2p)4.

That is at most an4, since n is the number of bitsin p, and therefore log2p is at most n.

Our conclusion is that the work required at eachdepth is at most O(n4). Since there are at most nlevels, O(n5) work suffices in any branch of thenondeterministic test for whether p is prime.

Now we know that both the primes and theircomplement are in NP.

THANKS FOR YOUR

PATIENCE

34

Reference35

Agrawal, Manindra. "PRIMES is in P Manindra Agrawal, Neeraj Kayal and

Nitin Saxena* Department of Computer Science & Engineering Indian

Institute of Technology Kanpur Kanpur-208016, INDIA." (2002).

Homer, Steven, and Alan L. Selman. Computability and complexity theory.

Springer Science & Business Media, 2011.

Hopcroft, John E., Rajeev Motwani, and Jeffrey D. Ullman. "Introduction to

automata theory, languages, and computation." ACM SIGACT News 32, no.

1 (2001): 60-65.

Kozen, Dexter. Theory of computation. Springer Science & Business

Media, 2006.

Lenstra Jr, Hendrik W., and Carl Pomerance. "Primality testing with

Gaussian periods." Lecture Notes in Computer Science (2002): 1-1

Lewis, Harry R., and Christos H. Papadimitriou. Elements of the Theory of

Computation. Prentice Hall PTR, 1997.

Xavier, SP Eugene. Theory Of Automata, Formal Languages And

Computation (As Per Uptu Syllabus). New Age International, 2005.

Known Problems with Primes

1. Density

How many primes are in {1…n}?

2. Generation

List all the primes in {1…n}.

3. Testing

Given a positive integer n, is n prime?

4. Random choice

Pick a random prime number in {1...n}.

Sieve of Eratosthenes37

The Complexity Of Primality Testing

Education

Transcript of The Complexity Of Primality Testing