Prime Numbers

4.3 The finite field primality test 191
Attempt to find c ∗ ≡ c −1 (mod n) by Algorithm 2.1.4, but if this attempt
produces a nontrivial factorization of n, then return this factorization;
f = c ∗ f; // Multiplication is modulo n; the polynomial f is now monic.
r = g mod f; // Divide with remainder is possible since f is monic.
(f,g) =(r, f);
goto [Zero polynomial check];
The next theorem is the basis of the finite field primality test.
Theorem 4.3.3 (Lenstra). Suppose that n, I, F are positive integers with
n>1 and F |n I − 1. Suppose f,g ∈ Zn[x] are such that
(1) g nI −1 − 1 is a multiple of f in Zn[x],
(2) g (nI −1)/q − 1 and f are coprime in Zn[x] for all primes q|F ,
(3) each of the I elementary symmetric polynomials in g, gn ,...,gnI−1 congruent (mod f) to an element of Zn.
is
Then for each prime factor p of n there is some integer j ∈ [0,I − 1] with
p ≡ n j (mod F ).
We remark that if we show that the hypotheses of Theorem 4.3.3 hold and if
we also show that n has no proper divisors in the residue classes n j (mod F )
for j =0, 1,...,I− 1, then we have proved that n is prime. This idea will be
developed shortly.
Proof. Let p be a prime factor of n. Thinking of f now in Zp[x], let f1 ∈ Zp[x]
be an irreducible factor, so that Zp[x]/(f1) =K is a finite field extension of
Zp.Let¯g be the image of g in K. The hypotheses (1), (2) imply that ¯g nI −1 =1
and ¯g (nI −1)/q = 1 for all primes q|F . So the order of ¯g in K ∗ (the multiplicative
group of the finite field K) is a multiple of F . Hypothesis (3) implies that the
polynomial h(T )=(T−¯g)(T − ¯g n ) ···(T − ¯g nI−1)
∈ K[T ] is actually in Zp[T ].
Now, for any polynomial in Zp[T ], if α is a root, so is α p .Thush(¯g p )=0.
But we have the factorization of h(T ), and we see that the only roots are
¯g, ¯g n ,...,¯g nI−1,
so that we must have ¯g p ≡ ¯g nj for some j =0, 1,...,I − 1.
Since the order of ¯g is a multiple of F ,wehavep≡nj (mod F ). ✷
A number of questions naturally present themselves: If n is prime, will f,g
as described in Theorem 4.3.3 exist? If f,g exist, is it easy to find examples?
Can (1), (2), (3) in Theorem 4.3.3 be verified quickly?
Thefirstquestioniseasy.Ifn is prime, then any polynomial f ∈ Zn[x]
that is irreducible with deg f = I, and any polynomial g ∈ Zn[x] thatisnot
a multiple of f will together satisfy (1) and (3). Indeed, if f is irreducible of
degree I, thenK = Zn[x]/(f) will be a finite field of order nI , and so (1)
just expresses the Lagrange theorem (a group element raised to the order of
the group is the group identity) for the multiplicative group K∗ . To see (3)
note that the Galois group of K is generated by the Frobenius automorphism:
raising to the n-th power. That is, the Galois group consists of the I functions
from K to K, where the j-th function takes α ∈ K and sends it to αnj for