Prime Numbers

192 Chapter 4 PRIMALITY PROVING
j =0, 1,...,I−1. Each of these functions fixes an expression that is symmetric
in g, gn ,...,gnI−1, so such an expression must be in the fixed field Zn. This
is the assertion of (3).
It is not true that every choice for g with g ≡ 0(modf) satisfies (2). But
the group K∗ is cyclic, and any cyclic generator satisfies (2). Moreover, there
are quite a few cyclic generators, so a random search for g should not take long
to find one. In particular, if g is chosen randomly as a nonzero polynomial in
Zn[x] of degree less than I, then the probability that g satisfies (2) is at least
ϕ(nI − 1)/(nI − 1) (given that n is prime and f is irreducible of degree I), so
the expected number of choices before a valid g is found is O(ln ln(nI )).
Butwhatoff? Are there irreducible polynomials in Zn[x] ofdegreeI, can
we quickly recognize one when we have it, and can we find one quickly? Yes,
yes, yes. In fact (2.5) shows that not only are there irreducible polynomials
of degree I, but that there are plenty of them, so that a random degree I
polynomial has about a 1 in I chance of being irreducible. See Exercise 2.12
in this regard. Further, Algorithm 2.2.9 or 2.2.10 provides an efficient way to
test whether a polynomial is irreducible.
We now embody the above thoughts in the following explicit algorithm:
Algorithm 4.3.4 (Finite field primality test). We are given positive integers
n, I, F with F |n I − 1, F ≥ n 1/2 and we are given the complete prime
factorization of F . This probabilistic algorithm decides whether n is prime or
composite, returning “n is prime” in the former case and “n is composite” in the
latter case.
1. [Find irreducible polynomial of degree I]
Via Algorithm 2.2.9 or 2.2.10, and using Algorithm 4.3.2 for the gcd steps,
attempt to find a random monic polynomial f in Zn[x] of degree I that
is irreducible if n is prime. That is, continue testing random polynomials
until the irreducibility test used either returns YES, or its gcd step finds a
nontrivial factorization of n. In the latter case, return “n is composite”;
// The polynomial f is irreducible if n is prime.
2. [Find primitive element]
Choose g ∈ Zn[x] at random with g monic, deg g