Prime Numbers

4.5 The primality test of Agrawal, Kayal, and Saxena (AKS test) 205
If j ≡ j0 (mod p k − 1) with j0 ∈ J, and g(x) ∈ G, then g(ζ) j =
g(ζ) j0 = g(ζ j0 ) = g(ζ j ). Also, since J is closed under multiplication, so
is J ′ . Additionally, since np k−1 ≡ n/p (mod p k − 1), we have n/p ∈ J ′ .
Summarizing:
• The set J ′ is closed under multiplication, it contains 1,p,n/p, and for each
j ∈ J ′ ,g(x) ∈ G, wehaveg(ζ) j = g(ζ j ).
Consider the integers p a (n/p) b ,wherea, b are integers in [0, √ d]. Since
p, n/p are in the order-d subgroup of Z ∗ r generated by p and n, and since
there are more than d choices for the ordered pair (a, b), there must be two
different choices (a1,b1), (a2,b2) withj1 := p a1 (n/p) b1 and j2 := p a2 (n/p) b2
congruent modulo r. Thus,ζ j1 = ζ j2 , and since j1,j2 ∈ J ′ ,wehave
g(ζ) j1 = g(ζ j1 )=g(ζ j2 )=g(ζ) j2 for all g(x) ∈ G.
That is, γ j1 = γ j2 for all elements γ ∈ G. But we have seen that G has more
than n √ d elements, and since j1,j2 ≤ p √ d (n/p) √ d = n √ d, the polynomial
x j1 − x j2 has too many roots in K for it not to be the 0-polynomial. Thus, we
must have j1 = j2; thatis,p a1 (n/p) b1 = p a2 (n/p) b2 . Hence,
n b1−b2 = p b1−b2−a1+a2 ,
and since the pairs (a1,b1), (a2,b2) are distinct, we have b1 = b2. Byunique
factorization in Z we thus have that n is a power of p. ✷
The preceding proof uses some ideas in the lecture notes [Agrawal 2003].
The correctness of Algorithm 4.5.1 follows immediately from Theorem
4.5.2; see Exercise 4.26.
4.5.2 The complexity of Algorithm 4.5.1
The time to check one of the congruences
(x + a) n ≡ x n + a (mod x r − 1,n)
in Step [Binomial congruences] of Algorithm 4.5.1 is polynomial in r and ln n.
It is thus crucial to show that r itself is polynomial in ln n. That this is so
follows from the following theorem.
Theorem 4.5.3. Given an integer n ≥ 3, letr be the least integer with the
order of n in Z ∗ r exceeding lg 2 n. Then r ≤ lg 5 n.
Proof. Let r0 be the least prime number that does not divide
N := n(n − 1)(n 2
− 1) ··· n ⌊lg2
n⌋
− 1 .
Then r0 is the least prime number such that order of n in Z ∗ r0 exceeds lg2 n,
so that r ≤ r0. It follows from inequality (3.16) in [Rosser and Schoenfeld