Prime Numbers

More documents

Recommendations

Info

3.5 Probable primes and witnesses 137 an odd composite number n, a witness is a base for which n is not a strong pseudoprime. A witness for n is thus the key to a short proof that n is composite. Theorem 3.5.4 implies that at least 3/4 of all integers in [1,n − 1] are witnesses for n, whenn is an odd composite number. Since one can perform a strong pseudoprime test very rapidly, it is easy to decide whether a particular number a is a witness for n. All said, it would seem that it is quite an easy task to produce witnesses for odd composite numbers. Indeed, it is, if one uses a probabilistic algorithm. The following is often referred to as “the Miller–Rabin test,”, though as one can readily see, it is Algorithm 3.5.2 done with a random choice of the base a. (The original test in [Miller 1976] was somewhat more complicated and was a deterministic, ERH-based test. It was M. Rabin, see [Rabin 1976, 1980], who suggested a probabilistic algorithm as below.) Algorithm 3.5.6 (Random compositeness test). We are given an odd number n>3. This probabilistic algorithm attempts to find a witness for n and thus prove that n is composite. If a is a witness, (a, YES) is returned; otherwise, (a, NO) is returned. 1. [Choose possible witness] Choose random integer a ∈ [2,n− 2]; Via Algorithm 3.5.2 decide whether n is a strong probable prime base a; 2. [Declaration] if(n is a strong probable prime base a) return (a, NO); return (a, YES); One can see from Theorem 3.5.4 that if n>9 is an odd composite, then the probability that Algorithm 3.5.6 fails to produce a witness for n is < 1/4. No one is stopping us from using Algorithm 3.5.6 repeatedly. The probability that we fail to find a witness for an odd composite number n with k (independent) iterations of Algorithm 3.5.6 is < 1/4 k . So clearly we can make this probability vanishingly small by choosing k large. Algorithm 3.5.6 is a very effective method for recognizing composite numbers. But what does it do if we try it on an odd prime? Of course it will fail to produce a witness, since Theorem 3.5.1 asserts that primes have no witnesses. Suppose n is a large odd number and we don’t know whether n is prime or composite. Say we try 20 iterations of Algorithm 3.5.6 and fail each time to produce a witness. What should be concluded? Actually, nothing at all can be concluded concerning whether n is prime or composite. Of course, it is reasonable to strongly conjecture that n is prime. The probability that 20 iterations of Algorithm 3.5.6 fail to produce a witness for a given odd composite is less than 4 −20 , which is less than one chance in a trillion. So yes, n is most likely prime. But it has not been proved prime and in fact might not be.
138 Chapter 3 RECOGNIZING PRIMES AND COMPOSITES The reader should consult Chapter 4 for strategies on proving prime those numbers we strongly suspect to be prime. However, for practical applications, one may be perfectly happy to use a number that is almost certainly prime, but has not actually been proved to be prime. It is with this mindset that people refer to Algorithm 3.5.6 as a “primality test.” It is perhaps more accurate to refer to a number produced by such a test as an “industrial-grade prime,” to use a phrase of H. Cohen. The following algorithm may be used for the generation of random numbers that are likely to be prime. Algorithm 3.5.7 (“Industrial-grade prime” generation). We are given an integer k ≥ 3 andanintegerT ≥ 1. This probabilistic algorithm produces a random k-bit number (that is, a number in the interval 2 k−1 , 2 k ) that has not been recognized as composite by T iterations of Algorithm 3.5.6. 1. [Choose candidate] Choose a random odd integer n in the interval 2 k−1 , 2 k ; 2. [Perform strong probable prime tests] for(1 ≤ i ≤ T ) { // i is a dummy counter. Via Algorithm 3.5.6 attempt to find a witness for n; if(a witness is found for n) goto [Choose candidate]; } return n; // n is an “industrial-grade prime.” An interesting question is this: What is the probability that a number produced by Algorithm 3.5.7 is composite? Let this probability be denoted by P (k, T). One might think that Theorem 3.5.4 immediately speaks to this question, and that we have P (k, T) ≤ 4 −T . However, the reasoning is fallacious. Suppose k = 500,T = 1. We know from the prime number theorem (Theorem 1.1.4) that the probability that a random odd 500-bit number is prime is about 1 chance in 173. Since it is evidently more likely that one will witness an event with probability 1/4 occurring before an event with probability 1/173, it may seem that there are much better than even odds that Algorithm 3.5.7 will produce composites. In fact, though, Theorem 3.5.4 is a worst-case estimate, and for most odd composite numbers the fraction of witnesses is much larger than 3/4. It is shown in [Burthe 1996] that indeed we do have P (k, T) ≤ 4 −T . If k is large, one gets good results even with T = 1 in Algorithm 3.5.7. It isshownin[Damg˚ard et al. 1993] that P (k, 1)
Page 2 and 3:
Prime Numbers
Page 4 and 5:
Richard Crandall Center for Advance
Page 6 and 7:
Preface In this volume we have ende
Page 8 and 9:
Preface ix Examples of computationa
Page 10 and 11:
Contents Preface vii 1 PRIMES! 1 1.
Page 12 and 13:
CONTENTS xiii 4.2.2 An improved n +
Page 14 and 15:
CONTENTS xv 8.5.2 The Shor quantum
Page 16 and 17:
2 Chapter 1 PRIMES! where exponents
Page 18 and 19:
4 Chapter 1 PRIMES! of the most rec
Page 20 and 21:
6 Chapter 1 PRIMES! decision bit) o
Page 22 and 23:
8 Chapter 1 PRIMES! 1.1.4 Asymptoti
Page 24 and 25:
10 Chapter 1 PRIMES! naive subrouti
Page 26 and 27:
12 Chapter 1 PRIMES! x π(x) 10 2 1
Page 28 and 29:
14 Chapter 1 PRIMES! Erdős-Turán
Page 30 and 31:
16 Chapter 1 PRIMES! Let’s hear i
Page 32 and 33:
18 Chapter 1 PRIMES! Conjecture 1.2
Page 34 and 35:
20 Chapter 1 PRIMES! It is not hard
Page 36 and 37:
22 Chapter 1 PRIMES! 1.3 Primes of
Page 38 and 39:
24 Chapter 1 PRIMES! 9.5.18 and Alg
Page 40 and 41:
26 Chapter 1 PRIMES! Mersenne conje
Page 42 and 43:
28 Chapter 1 PRIMES! Again, as with
Page 44 and 45:
30 Chapter 1 PRIMES! then taken aga
Page 46 and 47:
32 Chapter 1 PRIMES! McIntosh has p
Page 48 and 49:
34 Chapter 1 PRIMES! have identitie
Page 50 and 51:
36 Chapter 1 PRIMES! This theorem i
Page 52 and 53:
38 Chapter 1 PRIMES! conjectured. T
Page 54 and 55:
40 Chapter 1 PRIMES! Definition 1.4
Page 56 and 57:
42 Chapter 1 PRIMES! on the left co
Page 58 and 59:
44 Chapter 1 PRIMES! sums. These su
Page 60 and 61:
46 Chapter 1 PRIMES! Vinogradov’s
Page 62 and 63:
48 Chapter 1 PRIMES! been beyond re
Page 64 and 65:
50 Chapter 1 PRIMES! prime? What is
Page 66 and 67:
52 Chapter 1 PRIMES! This kind of c
Page 68 and 69:
54 Chapter 1 PRIMES! where p runs o
Page 70 and 71:
56 Chapter 1 PRIMES! While the prim
Page 72 and 73:
58 Chapter 1 PRIMES! Exercise 1.35.
Page 74 and 75:
60 Chapter 1 PRIMES! this recreatio
Page 76 and 77:
62 Chapter 1 PRIMES! so that A3(x)
Page 78 and 79:
64 Chapter 1 PRIMES! Conclude that
Page 80 and 81:
66 Chapter 1 PRIMES! implies that
Page 82 and 83:
68 Chapter 1 PRIMES! the Riemann-Si
Page 84 and 85:
70 Chapter 1 PRIMES! such sums can
Page 86 and 87:
72 Chapter 1 PRIMES! Cast this sing
Page 88 and 89:
74 Chapter 1 PRIMES! 10 10 . The me
Page 90 and 91:
76 Chapter 1 PRIMES! These numbers
Page 92 and 93:
78 Chapter 1 PRIMES! Next, as for q
Page 94 and 95:
80 Chapter 1 PRIMES! (see [Bach 199
Page 96 and 97:
82 Chapter 1 PRIMES! If one invokes
Page 98 and 99:
84 Chapter 2 NUMBER-THEORETICAL TOO
Page 100 and 101: 86 Chapter 2 NUMBER-THEORETICAL TOO
Page 114 and 115: 100 Chapter 2 NUMBER-THEORETICAL TO
Page 130 and 131: Chapter 3 RECOGNIZING PRIMES AND CO
Page 132 and 133: 3.1 Trial division 119 d =3; while(
Page 134 and 135: 3.2 Sieving 121 3.2 Sieving Sieving
Page 136 and 137: 3.2 Sieving 123 this number’s ent
Page 138 and 139: 3.2 Sieving 125 noticed that it was
Page 140 and 141: 3.2 Sieving 127 } S = S \ (pS ∩ [
Page 142 and 143: 3.3 Recognizing smooth numbers 129
Page 144 and 145: 3.4 Pseudoprimes 131 } g =gcd(s, x)
Page 146 and 147: 3.4 Pseudoprimes 133 Theorem 3.4.4.
Page 148 and 149: 3.5 Probable primes and witnesses 1
Page 156 and 157: 3.6 Lucas pseudoprimes 143 The Fibo
Page 158 and 159: 3.6 Lucas pseudoprimes 145 Because
Page 160 and 161: 3.6 Lucas pseudoprimes 147 use (3.1
Page 162 and 163: 3.6 Lucas pseudoprimes 149 gcd(n, 2
Page 164 and 165: 3.6 Lucas pseudoprimes 151 Theorem
Page 166 and 167: 3.7 Counting primes 153 Label the c
Page 168 and 169: 3.7 Counting primes 155 for b ≥ 2
Page 170 and 171: 3.7 Counting primes 157 The heart o
Page 172 and 173: 3.7 Counting primes 159 t =Im(s) ra
Page 174 and 175: 3.7 Counting primes 161 Indeed, the
Page 176 and 177: 3.8 Exercises 163 3.3. Prove that i
Page 178 and 179: 3.8 Exercises 165 3.12. Show that a
Page 180 and 181: 3.8 Exercises 167 3.28. Show that t
Page 182 and 183: 3.9 Research problems 169 with W (n
Page 184 and 185: 3.9 Research problems 171 3.50. The
Page 186 and 187: 174 Chapter 4 PRIMALITY PROVING Rem
Page 188 and 189: 176 Chapter 4 PRIMALITY PROVING sma
Page 190 and 191: 178 Chapter 4 PRIMALITY PROVING Sin
Page 192 and 193: 180 Chapter 4 PRIMALITY PROVING Let
Page 194 and 195: 182 Chapter 4 PRIMALITY PROVING Rec
Page 196 and 197: 184 Chapter 4 PRIMALITY PROVING (mo
Page 198 and 199: 186 Chapter 4 PRIMALITY PROVING pol
Page 200 and 201:
188 Chapter 4 PRIMALITY PROVING if
Page 202 and 203:
190 Chapter 4 PRIMALITY PROVING 4.3
Page 204 and 205:
192 Chapter 4 PRIMALITY PROVING j =
Page 206 and 207:
194 Chapter 4 PRIMALITY PROVING The
Page 208 and 209:
Page 210 and 211:
198 Chapter 4 PRIMALITY PROVING Rem
Page 212 and 213:
200 Chapter 4 PRIMALITY PROVING pos
Page 214 and 215:
202 Chapter 4 PRIMALITY PROVING Alg
Page 216 and 217:
204 Chapter 4 PRIMALITY PROVING fac
Page 218 and 219:
206 Chapter 4 PRIMALITY PROVING 196
Page 220 and 221:
Page 222 and 223:
210 Chapter 4 PRIMALITY PROVING Say
Page 224 and 225:
212 Chapter 4 PRIMALITY PROVING But
Page 226 and 227:
214 Chapter 4 PRIMALITY PROVING for
Page 228 and 229:
216 Chapter 4 PRIMALITY PROVING so
Page 230 and 231:
218 Chapter 4 PRIMALITY PROVING (2)
Page 232 and 233:
220 Chapter 4 PRIMALITY PROVING hav
Page 234 and 235:
222 Chapter 4 PRIMALITY PROVING sho
Page 236 and 237:
Chapter 5 EXPONENTIAL FACTORING ALG
Page 238 and 239:
5.1 Squares 227 5.1.2 Lehman method
Page 240 and 241:
5.2 Monte Carlo methods 229 That is
Page 242 and 243:
5.2 Monte Carlo methods 231 It is c
Page 244 and 245:
5.2 Monte Carlo methods 233 computi
Page 246 and 247:
5.3 Baby-steps, giant-steps 235 cal
Page 248 and 249:
5.4 Pollard p − 1 method 237 can
Page 250 and 251:
5.6 Binary quadratic forms 239 f(jB
Page 252 and 253:
5.6 Binary quadratic forms 241 so o
Page 254 and 255:
5.6 Binary quadratic forms 243 equi
Page 256 and 257:
5.6 Binary quadratic forms 245 is a
Page 258 and 259:
5.6 Binary quadratic forms 247 In t
Page 260 and 261:
5.6 Binary quadratic forms 249 of D
Page 262 and 263:
5.7 Exercises 251 is completely rig
Page 264 and 265:
5.7 Exercises 253 of each of these
Page 266 and 267:
5.8 Research problems 255 5.17. Sho
Page 268 and 269:
5.8 Research problems 257 modulo th
Page 270 and 271:
5.8 Research problems 259 In judgin
Page 272 and 273:
262 Chapter 6 SUBEXPONENTIAL FACTOR
Page 274 and 275:
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
Page 298 and 299:
Page 300 and 301:
Page 302 and 303:
Page 304 and 305:
Page 306 and 307:
Page 308 and 309:
Page 310 and 311:
Page 312 and 313:
Page 314 and 315:
Page 316 and 317:
Page 318 and 319:
Page 320 and 321:
Page 322 and 323:
Page 324 and 325:
Page 326 and 327:
Page 328 and 329:
Chapter 7 ELLIPTIC CURVE ARITHMETIC
Page 330 and 331:
7.1 Elliptic curve fundamentals 321
Page 332 and 333:
7.2 Elliptic arithmetic 323 the poi
Page 334 and 335:
7.2 Elliptic arithmetic 325 with EC
Page 336 and 337:
7.2 Elliptic arithmetic 327 Algorit
Page 338 and 339:
7.2 Elliptic arithmetic 329 Before
Page 340 and 341:
7.2 Elliptic arithmetic 331 the “
Page 342 and 343:
7.3 The theorems of Hasse, Deuring,
Page 344 and 345:
7.4 Elliptic curve method 335 a ran
Page 346 and 347:
7.4 Elliptic curve method 337 B1 =
Page 348 and 349:
7.4 Elliptic curve method 339 facto
Page 350 and 351:
7.4 Elliptic curve method 341 propa
Page 352 and 353:
7.4 Elliptic curve method 343 As fo
Page 354 and 355:
7.4 Elliptic curve method 345 if(1
Page 356 and 357:
7.5 Counting points on elliptic cur
Page 358 and 359:
Page 360 and 361:
Page 362 and 363:
Page 364 and 365:
Page 366 and 367:
Page 368 and 369:
Page 370 and 371:
Page 372 and 373:
Page 374 and 375:
Page 376 and 377:
Page 378 and 379:
7.6 Elliptic curve primality provin
Page 380 and 381:
Page 382 and 383:
Page 384 and 385:
7.7 Exercises 375 7.4. As in Exerci
Page 386 and 387:
7.7 Exercises 377 (some Bj equals A
Page 388 and 389:
7.7 Exercises 379 This reduction ig
Page 390 and 391:
7.8 Research problems 381 multiply-
Page 392 and 393:
7.8 Research problems 383 highly ef
Page 394 and 395:
7.8 Research problems 385 is prime.
Page 396 and 397:
Chapter 8 THE UBIQUITY OF PRIME NUM
Page 398 and 399:
8.1 Cryptography 389 is, if an orac
Page 400 and 401:
8.1 Cryptography 391 Algorithm 8.1.
Page 402 and 403:
8.1 Cryptography 393 just to genera
Page 404 and 405:
8.1 Cryptography 395 where in the l
Page 406 and 407:
8.2 Random-number generation 397 ar
Page 408 and 409:
8.2 Random-number generation 399 Al
Page 410 and 411:
8.2 Random-number generation 401 }
Page 412 and 413:
8.2 Random-number generation 403 is
Page 414 and 415:
8.3 Quasi-Monte Carlo (qMC) methods
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
8.4 Diophantine analysis 415 [Tezuk
Page 426 and 427:
8.4 Diophantine analysis 417 9262 3
Page 428 and 429:
8.5 Quantum computation 419 We spea
Page 430 and 431:
8.5 Quantum computation 421 three H
Page 432 and 433:
8.5 Quantum computation 423 for a n
Page 434 and 435:
8.6 Curious, anecdotal, and interdi
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
8.7 Exercises 431 universal Golden
Page 442 and 443:
8.7 Exercises 433 standards insist
Page 444 and 445:
8.7 Exercises 435 of positive compo
Page 446 and 447:
8.8 Research problems 437 element o
Page 448 and 449:
8.8 Research problems 439 the Leveq
Page 450 and 451:
8.8 Research problems 441 for every
Page 452 and 453:
Chapter 9 FAST ALGORITHMS FOR LARGE
Page 454 and 455:
9.1 Tour of “grammar-school” me
Page 456 and 457:
9.2 Enhancements to modular arithme
Page 458 and 459:
Page 460 and 461:
Page 462 and 463:
Page 464 and 465:
Page 466 and 467:
9.3 Exponentiation 457 Algorithm 9.
Page 468 and 469:
9.3 Exponentiation 459 But there is
Page 470 and 471:
9.3 Exponentiation 461 the benefit
Page 472 and 473:
9.4 Enhancements for gcd and invers
Page 474 and 475:
Page 476 and 477:
Page 478 and 479:
Page 480 and 481:
Page 482 and 483:
9.5 Large-integer multiplication 47
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Page 514 and 515:
Page 516 and 517:
Page 518 and 519:
9.6 Polynomial arithmetic 509 can i
Page 520 and 521:
9.6 Polynomial arithmetic 511 Incid
Page 522 and 523:
9.6 Polynomial arithmetic 513 where
Page 524 and 525:
9.6 Polynomial arithmetic 515 such
Page 526 and 527:
9.6 Polynomial arithmetic 517 Note
Page 528 and 529:
9.7 Exercises 519 (3) Write out com
Page 530 and 531:
9.7 Exercises 521 where “do” si
Page 532 and 533:
9.7 Exercises 523 9.23. How general
Page 534 and 535:
9.7 Exercises 525 two (and thus, me
Page 536 and 537:
9.7 Exercises 527 0 2 +3 2 +0 2 is
Page 538 and 539:
9.7 Exercises 529 9.49. In the FFT
Page 540 and 541:
9.7 Exercises 531 adjustment step.
Page 542 and 543:
9.7 Exercises 533 9.69. Implement A
Page 544 and 545:
9.8 Research problems 535 less than
Page 546 and 547:
9.8 Research problems 537 1.66), na
Page 548 and 549:
9.8 Research problems 539 9.82. A c
Page 550 and 551:
542 Appendix BOOK PSEUDOCODE Becaus
Page 552 and 553:
544 Appendix BOOK PSEUDOCODE } ...;
Page 554 and 555:
546 Appendix BOOK PSEUDOCODE Functi
Page 556 and 557:
548 REFERENCES [Apostol 1986] T. Ap
Page 558 and 559:
550 REFERENCES [Bernstein 2004b] D.
Page 560 and 561:
552 REFERENCES [Buchmann et al. 199
Page 562 and 563:
554 REFERENCES [Crandall 1997b] R.
Page 564 and 565:
556 REFERENCES [Dudon 1987] J. Dudo
Page 566 and 567:
558 REFERENCES [Goldwasser and Kili
Page 568 and 569:
560 REFERENCES [Joe 1999] S. Joe. A
Page 570 and 571:
562 REFERENCES [Lenstra 1981] H. Le
Page 572 and 573:
564 REFERENCES [Montgomery 1987] P.
Page 574 and 575:
566 REFERENCES [Oesterlé 1985] J.
Page 576 and 577:
568 REFERENCES [Pomerance et al. 19
Page 578 and 579:
570 REFERENCES [Schönhage and Stra
Page 580 and 581:
572 REFERENCES [Sun and Sun 1992] Z
Page 582 and 583:
574 REFERENCES [Weisstein 2005] E.
Page 584 and 585:
Index ABC conjecture, 417, 434 abel
Page 586 and 587:
INDEX 579 Catalan problem, ix, 415,
Page 588 and 589:
INDEX 581 discrete arithmetic-geome
Page 590 and 591:
INDEX 583 complex-field, 477 Cooley
Page 592 and 593:
INDEX 585 Hajratwala, N., 23 Halber
Page 594 and 595:
INDEX 587 Lehmer, D., 149, 152, 155
Page 596 and 597:
INDEX 589 432, 447-450, 453, 458, 5
Page 598 and 599:
INDEX 591 Preneel, B. (with De Win
Page 600 and 601:
INDEX 593 Salomaa, A. (with Paun et
Page 602 and 603:
INDEX 595 te Riele, H. (with van de
Page 604:
INDEX 597 Yagle, A., 259, 499, 539
show all

Prime Numbers

Create successful ePaper yourself

Delete template?

Save as template?