Prime Numbers

190 Chapter 4 PRIMALITY PROVING
4.3 The finite field primality test
This section is primarily theoretical and is not intended to supply a practical
primality test. The algorithm described has a favorable complexity estimate,
but there are other, more complicated algorithms that majorize it in practice.
Some of these algorithms are discussed in the next section.
The preceding sections, and in particular Theorem 4.2.10 and Algorithm
4.2.11, show that if we have a completely factored divisor F of n 2 − 1with
F ≥ n 1/3 , then we can efficiently decide, with a rigorous proof, whether n is
prime or composite. As an aside: If F1 =gcd(F, n−1) and F2 =gcd(F, n+1),
then lcm (F1,F2) ≥ 1
1
2F , so that the “F ” of Theorem 4.2.10 is at least 2n1/3 .
In this section we shall discuss a method in [Lenstra 1985] that works if we
have a fully factored divisor F of nI − 1 for some positive integer I and that
is efficient if F ≥ n1/3 and I is not too large.
Before we describe the algorithm, we discuss a subroutine that will be
used. If n>1 is an integer, consider the ring Zn[x] of polynomials in the
variable x with coefficients being integer residues modulo n. An ideal of Zn[x]
is a nonempty subset closed under addition and closed under multiplication
by all elements of Zn[x]. For example, if f,g ∈ Zn[x], the set of all af with
a ∈ Zn[x] is an ideal, and so is the set of all af +bg with a, b ∈ Zn[x]. The first
exampleisofaprincipal ideal (with generator f). The second example may or
may not be principal. For example, say n =15,f(x) =3x +1,g(x) =x2 +4x.
Then the ideal generated by f and g is all of Z15[x], and so is principally
generated by 1. (To see that 1 is in the ideal, note that f 2 − 9g =1.)
Definition 4.3.1. We shall say that f,g ∈ Zn[x] arecoprime if the ideal
they generate is all of Zn[x]; that is, there are a, b ∈ Zn[x] withaf + bg =1.
It is not so hard to prove that every ideal in Zn[x] is principally generated
if and only if n is prime (see Exercise 4.19). The following algorithm, which is
merely a dressed-up version of the Euclid algorithm (Algorithm 2.2.1), either
finds a monic principal generator for the ideal generated by two members
f,g ∈ Zn[x], or gives a nontrivial factorization of n. If the principal ideal
generated by h ∈ Zn[x] is the same ideal as that generated by f and g and if
h is monic, we write h =gcd(f,g). Thus f,g are coprime in Zn[x] ifandonly
if gcd(f,g) =1.
Algorithm 4.3.2 (Finding principal generator). We are given an integer
n>1 and f,g ∈ Zn[x], with g monic. This algorithm produces either a nontrivial
factorization of n, or a monic element h ∈ Zn[x] such that h =gcd(f,g); thatis,
the ideal generated by f and g is equal to the ideal generated by h. We assume
that either f =0or deg f ≤ deg g.
1. [Zero polynomial check]
if(f == 0) return g;
2. [Euclid step]
Set c equal the leading coefficient of f;