Prime Numbers

210 Chapter 4 PRIMALITY PROVING
Say we take d = ⌊lg 2 n⌋ + 1 and run this last algorithm on a large number
n. Ifn is prime, then the algorithm will produce an irreducible polynomial
with degree in [d, 4d]. If n is composite, either the algorithm will produce a
polynomial with degree in [d, 4d] and for which (4.27) and (4.28) both hold,
or the algorithm will crash. In this latter case, the number n will have been
proved composite. Finally, if the algorithm succeeds in finding a polynomial
for which (4.27) and (4.28) hold, then one can proceed to check (4.29) for the
requisite values of a, taking time Õ(d3/2 ln 3 n)= Õ(ln6 n), and so deciding
within this time bound whether n is prime or composite.
So the polynomial construction from [Lenstra and Pomerance 2005] plus
Theorem 4.5.4 gives a deterministic primality test for n with bit operation
count bounded by Õ(ln6 n). This polynomial construction method is too
complicated to be completely described in this book, but we would like to
present some of the essential elements. As with many ideas in our subject, the
story begins with Gauss.
While still a teenager, Gauss described a set of natural numbers n for
which a regular n-gon is constructible with a Euclidean straight-edge and
compass, and conjectured that his set was exhaustive (and he was right, as
proved by P. Wantzel in 1836). The set of Gauss is precisely the integers n ≥ 3
for which ϕ(n) is a power of 2 (also see the discussion in Section 1.3.2). We
are interested here not so much in this beautiful theorem itself, but rather
its proof. Key to the argument are what are now called Gaussian periods.
Suppose r is a prime number, and let ζr = e 2πi/r ,sothatζr is a primitive
r-throotof1.Letd be a positive divisor of r − 1andlet
S = {1 ≤ j ≤ r : j (r−1)/d ≡ 1(modr)}
be the subgroup of d-th powers modulo r. We define the Gaussian period
ηr,d =
ζ j r.
Thus, ηr,d is a sum of some of the r-th roots of 1. It has the property
that Q(ηr,d) is the (unique) subfield of Q(ζr) ofdegreed over Q. In fact,
ηr,d is the trace of ζr to this subfield. We are especially interested in the
minimal polynomial fr,d for ηr,d over Q. This polynomial is monic with integer
coefficients, it has degree d, and it is irreducible over Q. We may explicitly
exhibit the polynomial fr,d as follows. Let w be a residue modulo r such that
the order of w (r−1)/d is d. For example, any primitive root w modulo r has
this property, but there are many other examples as well. Then the cosets
S,wS,...,w d−1 S are disjoint and cover Z ∗ r. The conjugates of ηr,d over Q are
the various sums
j∈w i S ζj r, and we have
j∈S
d−1
fr,d(x) = x −
i=0
j∈w i S
As a monic polynomial of degree d in Z[x], when reduced modulo a prime
p, fr,d remains a polynomial of degree d. But is it irreducible in Zp[x]? Not
ζ j r
.