Prime Numbers

4.5 The primality test of Agrawal, Kayal, and Saxena (AKS test) 203
Proof. We may assume that n has a prime factor p> ϕ(r)lgn. Let
G = {g(x) ∈ Zp[x] : g(x) n ≡ g(x n )(modx r − 1)}.
It follows from (4.26) that, for each integer a with 0 ≤ a ≤ ϕ(r)lgn,
the polynomial x + a is in G. SinceGis closed under multiplication, every
monomial expression
(x + a) ɛa ,
0≤a≤ √ ϕ(r)lgn
where each ɛa is a nonnegative integer, is in G. Note too that since p >
ϕ(r)lgn, these polynomials are all distinct and nonzero in Zp[x], so that G
has many members. We shall make good use of this observation shortly.
We now show that G is a union of residue classes modulo x r − 1. That is,
if g1(x) ∈ G, g2(x) ∈ Zp[x], and g2(x) ≡ g1(x) (modx r − 1), then g2(x) ∈ G.
Indeed, by replacing each x with x n ,wehaveg1(x n ) ≡ g2(x n )(modx nr − 1),
and since x r − 1 divides x nr − 1, this congruence holds modulo x r − 1 as well.
Thus,
g2(x) n ≡ g1(x) n ≡ g1(x n ) ≡ g2(x n )(modx r − 1),
so that g2(x) ∈ G as claimed. Summarizing:
• The set G is closed under multiplication, each monomial x + a is in G for
0 ≤ a ≤ ϕ(r)lgn, andG is a union of residue classes modulo x r − 1.
Let
J = {j ∈ Z : j>0, g(x) j ≡ g(x j )(modx r − 1) for each g(x) ∈ G}.
By the definition of G, wehaven ∈ J, and trivially 1 ∈ J. Wealsohavep ∈ J.
Indeed, for every polynomial g(x) ∈ Zp[x] wehaveg(x) p = g(x p ), so certainly
this relation holds modulo x r − 1 for every g ∈ G. It is easy to see that J
is closed under multiplication. Indeed, let j1,j2 ∈ J and g(x) ∈ G. Wehave
g(x) j1 ∈ G, sinceG is closed under multiplication, and since g(x) j1 ≡ g(x j1 )
(mod x r − 1), it follows by the preceding paragraph that g(x j1 ) ∈ G. So, since
j2 ∈ J,
g(x) j1j2 ≡ g(x j1 ) j2 ≡ g((x j2 ) j1 )=g(x j1j2 )(modx r − 1),
and so j1j2 ∈ J. ThusJ also has many members. Summarizing:
• The set J contains 1,n,p and is closed under multiplication.
Let K be the splitting field for x r − 1 over the finite field Fp. Thus,K
is a finite field of characteristic p and is the smallest one that contains all of
the r-th roots of unity. In particular, let ζ ∈ K be a primitive r-th root of
1, and let h(x) ∈ Fp[x] be the minimum polynomial for ζ, sothath(x) isan
irreducible factor of x r − 1. Thus, K = Fp(ζ) ∼ = Fp[x]/(h(x)). The degree k
of h(x) is the multiplicative order of p in Z ∗ r, but we will not be needing this