Prime Numbers

4.5 The primality test of Agrawal, Kayal, and Saxena (AKS test) 209
so every other member of J, in particular p, is congruent modulo r to some
power of n. (The reader might note the similarity of this argument to Theorem
4.3.3.)
In the proof of Theorem 4.5.2 we have x + a ∈ G for each integer a with
0 ≤ a ≤ ϕ(r)lgn, but all that we used is that this condition holds for
0 ≤ a ≤ √ d lg n. We certainly have this latter condition currently. So now
everything matches up, and the proof may be concluded in exactly the same
way as in Theorem 4.5.2. ✷
The preceding proof used some ideas in the nice survey paper [Granville
2004a].
With Theorem 4.5.2 we were constrained by the fact that while we
conjectured that there are suitable values of r that are fairly close to lg 2 n,all
that we could prove was that r ≤ lg 5 n (Theorem 4.5.3), though by ineffective
methods this upper bound for r could be brought down to O(ln 3 n). But with
Theorem 4.5.4 we are liberated from just looking at polynomials of the form
x r − 1. We now have the complete freedom of looking at any and all monic
polynomials f(x), as long as the degree exceeds lg 2 n and (4.27) and (4.28) are
satisfied. Note that if n is prime, then by Theorem 2.2.8, a polynomial f(x)
satisfies (4.27) and (4.28) if and only if f(x) is irreducible in Zn[x]. And it
is easy to show that there are plenty of monic irreducible polynomials of any
given degree (see (2.5) and Exercise 2.12). So why not just let d = ⌊lg 2 n⌋ +1,
choose a polynomial of degree d that would be irreducible if n were prime,
and be done with it?
Unfortunately, things are not so easy. Irreducible polynomial construction
over Fp, wherep is prime, can be done in expected polynomial time by the
random algorithm of just choosing arbitrary polynomials of the desired degree
and testing them. This is exactly the approach of Algorithm 4.3.4. But what
if one wants a deterministic algorithm? Already in the case of degree 2 we
have a known hard problem, since finding an irreducible quadratic in Fp[x] is
equivalent to finding a quadratic nonresidue modulo p. Assuming the ERH,
we know how to do this in deterministic polynomial time (using Theorem
1.4.5), but we know no unconditional polynomial-time method. In [Adleman
and Lenstra 1986] it is shown how to deterministically find an irreducible
polynomial of any given degree in time polynomial in ln p and the degree,
again assuming the ERH. They also consider an unconditional version of
their theorem in which they allow a small “error.” That is, if the target
degree is d, they find unconditionally and in time polynomial in ln p and d an
irreducible polynomial modulo p of degree D, whered ≤ D = O(d ln p). In the
paper [Lenstra and Pomerance 2005] this last result is improved to finding an
irreducible polynomial modulo p with degree in [d, 4d], once p is sufficiently
large (the bound is computable in principle), and assuming d>(ln p) 1.84 .
(If one does not insist on effectivity, the lower bound for d may be relaxed
somewhat.) Further, the number of bit operations to find such a polynomial
is bounded by Õ(d8/5 ln n) (the notation Õ being introduced in the preceding
subsection).