Dietzfelbinger M. Primality testing in polynomial time ... - tiera.ru

More documents

Recommendations

Info

84 5. The Miller-Rabin Test and (5.3.5) entails that a u·2i 0 �≡ −1 (mod n). This means that au·2i0 mod n /∈ {1,n − 1}, and hence a /∈ BA n .Further, au·2i0 +1 mod n1 =1andau·2i0 +1 mod n2 = 1, hence, by the Chinese Remainder Theorem, au·2i0 +1 mod n = 1. By Lemma 5.1.3(a) we conclude that a ∈ Z∗ n, and the proof of Lemma 5.3.1(c) is complete. ⊓⊔ Example 5.3.2. Consider the number n = 325 = 13 · 25. (For the purpose of this illustration it is not relevant that 325 is not a Carmichael number.) Going back to Table 5.3, we note that the A-liar 32 satisfies 32 162 mod 325 = 324. The unique number a with a mod 13 = 32 mod 13 = 6 and a mod 25 = 1 is a = 201. From the table, we read off that 201 162 mod 325 = 51 /∈ {1, 324}, but 201 324 mod 325 = 1. (Note that 51 ≡ 1 (mod 25) and 51 ≡−1 (mod 13).) In particular, with 201 we have an element of Z ∗ 325 not in B A 325. We have shown an error bound of 1 2 for the Miller-Rabin algorithm. In fact, it can be shown by a different, more involved analysis, see, for example, [16, p. 127], that the error probability is bounded by 1 4 .Byℓ-fold repetition, the bound on the error probability may be lowered to 4−ℓ ,inexactlythesame manner as described in Algorithm 5.1.6. We summarize: Proposition 5.3.3. Algorithm 5.2.5, when applied ℓ times to an input number n, needs O(ℓ·log n) arithmetic operations and O(ℓ·(log n) 3 ) bit operations (simple methods) resp. O ∼ (ℓ · (log n) 2 ) bit operations (best methods). Ifn is a prime number, the output is 0, ifn is composite, the probability that output 0 is given is smaller than 4 −ℓ . ⊓⊔
6. The Solovay-Strassen Test The primality test of Solovay and Strassen [39] is similar in flavor to the Miller-Rabin test. Historically, it predates the Miller-Rabin test. Like the Miller-Rabin test it is a randomized procedure; it is capable of recognizing composite numbers with a probability of at least 1 2 . To explain how the test works, we must define quadratic residues and introduce the Legendre symbol and the Jacobi symbol. For efficient evaluation of these quantities the Quadratic Reciprocity Law is central. 6.1 Quadratic Residues For reasons of convention, we introduce special notation for the squares in the multiplicative group Z ∗ m. Definition 6.1.1. For m ≥ 2 and a ∈ Z with gcd(a, m) =1we say that a is a quadratic residue modulo m if a ≡ x 2 (mod m) for some x ∈ Z. Ifa satisfies gcd(a, m) =1and is not a quadratic residue modulo m, itiscalled a (quadratic) nonresidue. It is clear that being a quadratic residue or not is a property of the congruence class of a. Often, but not always, we restrict our attention to the group Z ∗ m that contains one representative from each congruence class in question. In this context, −1 always stands for the additive inverse of 1, i.e., for m − 1. Note that numbers a with gcd(a, m) > 1 are considered neither quadratic residues nor nonresidues. Example 6.1.2. For m = 13, the squares modulo 13 of 1, 2,...,12 are 1, 4, 9, 3, 12, 10, 10, 12, 3, 9, 4, 1, i.e., the quadratic residues are 1, 3, 4, 9, 10, 12. For m = 26, the quadratic residues are 1, 3, 9, 17, 23, 25; for m = 27, they are 1, 4, 7, 10, 13, 16, 19, 22, 25. We observe that in the case m = 13 there are 6 residues and 6 nonresidues. This behavior is typical for m = p a prime number. If we square the numbers 1,...,p− 1, we obtain at most 1 2 (p − 1) distinct values, since x2 ≡ (p − x) 2 (mod p). On the other hand, the squares of 1,..., 1 2 (p − 1) are all distinct: if x2 ≡ y2 (mod p) for1≤x≤ y< 1 2p,thenpdivides y2 − x2 =(x + y)(y − x); M. Dietzfelbinger: Primality Testing in Polynomial Time, LNCS 3000, pp. 85-94, 2004. © Springer-Verlag Berlin Heidelberg 2004
Page 1 and 2:
Lecture Notes in Computer Science 3
Page 3 and 4:
Martin Dietzfelbinger Primality Tes
Page 5 and 6:
To Angelika, Lisa, Matthias, and Jo
Page 7 and 8:
VIII Preface toundingly it gets by
Page 9 and 10:
X Contents 5. The Miller-Rabin Test
Page 11 and 12:
2 1. Introduction: Efficient Primal
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
10 1. Introduction: Efficient Prima
Page 21 and 22:
12 1. Introduction: Efficient Prima
Page 23 and 24:
14 2. Algorithms for Numbers and Th
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
3. Fundamentals from Number Theory
Page 33 and 34:
3.1 Divisibility and Greatest Commo
Page 35 and 36:
3.2 The Euclidean Algorithm 27 Prop
Page 37 and 38:
3.2 The Euclidean Algorithm 29 (b)
Page 39 and 40: 3.2 The Euclidean Algorithm 31 We n
Page 41 and 42: 3.3 Modular Arithmetic 33 Lemma 3.3
Page 43 and 44: 3.4 The Chinese Remainder Theorem 3
Page 45 and 46: 3.4 The Chinese Remainder Theorem 3
Page 47 and 48: 3.5 Prime Numbers 39 3.5.1 Basic Ob
Page 49 and 50: 3.5 Prime Numbers 41 steps in the v
Page 51 and 52: 3.5 Prime Numbers 43 r ≥ 0. Clear
Page 53 and 54: ϕ(n) = � 3.6 Chebychev’s Theor
Page 55 and 56: 3.6 Chebychev’s Theorem on the De
Page 63 and 64: 56 4. Basics from Algebra: Groups,
Page 79 and 80: 5. The Miller-Rabin Test In this ch
Page 81 and 82: 5.1 The Fermat Test 75 multiples of
Page 83 and 84: 5.1 The Fermat Test 77 the set {n |
Page 85 and 86: 5.2 Nontrivial Square Roots of 1 79
Page 87 and 88: 5.2 Nontrivial Square Roots of 1 81
Page 89: Lemma 5.3.1. (a) L A n ⊆ BA n . (
Page 93 and 94: 6.2 The Jacobi Symbol 87 Definition
Page 95 and 96: a 6.3 The Law of Quadratic Reciproc
Page 97 and 98: 6.3 The Law of Quadratic Reciprocit
Page 99 and 100: 6.4 Primality Testing by Quadratic
Page 101 and 102: 7. More Algebra: Polynomials and Fi
Page 103 and 104: 7.1 Polynomials over Rings 97 Defin
Page 105 and 106: 7.1 Polynomials over Rings 99 Remar
Page 107 and 108: 7.1 Polynomials over Rings 101 (b)
Page 109 and 110: 7.2 Division with Remainder and Div
Page 111 and 112: 7.3 Quotients of Rings of Polynomia
Page 113 and 114: 7.3 Quotients of Rings of Polynomia
Page 115 and 116: 7.4 Irreducible Polynomials and Fac
Page 117 and 118: 7.5 Roots of Polynomials 111 X, has
Page 119 and 120: 7.6 Roots of the Polynomial X r −
Page 121 and 122: 8. Deterministic Primality Testing
Page 123 and 124: 8.2 The Algorithm of Agrawal, Kayal
Page 125 and 126: 8.3 The Running Time 119 Time for t
Page 127 and 128: 8.3 The Running Time 121 Lemma 8.3.
Page 129 and 130: 8.5 Proof of the Main Theorem 123 B
Page 131 and 132: 8.5 Proof of the Main Theorem 125 L
Page 133 and 134: 8.5 Proof of the Main Theorem 127 P
Page 135 and 136: 8.5 Proof of the Main Theorem 129 (
Page 137 and 138: 8.5 Proof of the Main Theorem 131 i
Page 139 and 140: 134 A. Appendix Proof. For k < 0ork
Page 141 and 142:
136 A. Appendix as an abbreviation
Page 143 and 144:
138 A. Appendix a 1 2 3 4 5 6 7 8 9
Page 145 and 146:
140 A. Appendix Lemma A.3.3. If p
Page 147 and 148:
142 A. Appendix Induction step: Ass
Page 149 and 150:
144 References 20. Gauss, C.F., Dis
Page 151 and 152:
146 Index efficient algorithm, 2 eq
show all

Dietzfelbinger M. Primality testing in polynomial time ... - tiera.ru

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?