Prime Numbers

4.6 Exercises 217
the ring Zn[t]/(f(t)) is a finite field, and the search for b(t) will be successful
as soon as a primitive generator for the multiplicative group of this finite field
is found, and perhaps even sooner. Again, if n is composite, Algorithm 4.3.2
may discover this fact.
If n is prime, the expected running time for each item in Step [Setup] is
dominated by the single computation in Step [Binomial congruence], with time
bound estimated as Õ(rd2 ln 2 n). With d bounded by (ln ln n) O(ln ln ln ln n) ,the
total expected complexity is (ln n) 4 (ln ln n) O(ln ln ln ln n) . This expression is not
quite Õ(ln4 n), but it is of the form (ln n) 4+o(1) . For this reason, Bernstein
refers to the algorithm as running in “essentially” quartic time.
If one is interested in the practical use of the Agrawal–Kayal–Saxena circle
of ideas for primality testing, at present one should start with Algorithm 4.5.9.
And since the most favorable case of this algorithm is the case d =1,itmight
be best to concentrate first on this case to see whether competitive numbers
canbeprovedprime.
The reader contemplating an AKS implementation might find the
following remarks useful. Whether one attempts an implementation of the
original AKS Algorithm 4.5.1 or one of the more recent variants, various of
our book algorithms may be of interest. For example, binary-segmentation
multiply, Algorithm 9.6.1, is a good candidate for computing products of
polynomials with modulus, in transforming such a product to a single, largeinteger
multiply. There is also the possibility of entirely parallel evaluations of
the key polynomial powers for some variants of AKS. The reference [Crandall
and Papadopoulos 2003] gives an implementor’s perspective, with most of the
notions therein applicable to all AKS variants. In that treatment an empirical
rule of thumb is established for the straightforward Algorithm 4.5.1: One
may—using the right fast algorithms—prove primality of a prime p in roughly
T (p) ≈ 1000 ln 6 p
CPU operations, over the range of resolvable p. This is a real-world empirical
result that concurs with complexity estimates of the text. Thus for example,
the Mersenne prime p =2 31 −1 requires about 10 11 operations (and so perhaps
a minute on a modern PC) with this simplest AKS approach. Note that
the operation complexity T rises nearly two orders of magnitude when the
bits in p are doubled. Beyond this benchmark for the easiest AKS variant,
implementation considerations appear in [Bernstein 2003], whereby one gets
down to the aforementioned “essentially” quartic time, and this allows primes
of several hundred decimal digits to be resolvable in a day or so.
4.6 Exercises
4.1. Show that for n prime, n>200560490131, the number of primitive
roots modulo n is greater than (n − 1)/(2 ln ln n). The following plan may be
helpful:
(1) The number of primitive roots modulo n is ϕ(n − 1).