Introduction
Basic tools
Primality testing: classical algorithms
Factoring and primality testing I
Pierre Arnoux
Dhulikel, July 26, 2010
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
References
Neal Koblitz: A course in number theory and cryptography
Handbook of Applied Cryptography, A.J. Menezes, ed. P.C. van
Oorschot et S.A. Vanstone , Available online.
Wikipedia : many pages available on these subjects.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
Any number is a product of prime numbers in a unique way.
I
known for more than 2000 years .
I
Factoring problem: given n, give its decomposition in prime
numbers.
I
Primality problem: given p, decide if it is prime.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
Any number is a product of prime numbers in a unique way.
I
known for more than 2000 years .
I
Factoring problem: given n, give its decomposition in prime
numbers.
I
Primality problem: given p, decide if it is prime.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
Any number is a product of prime numbers in a unique way.
I
known for more than 2000 years .
I
Factoring problem: given n, give its decomposition in prime
numbers.
I
Primality problem: given p, decide if it is prime.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
Any number is a product of prime numbers in a unique way.
I
known for more than 2000 years .
I
Factoring problem: given n, give its decomposition in prime
numbers.
I
Primality problem: given p, decide if it is prime.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
These are very old problems.
I
For centuries, the only had theoretical importance.
I
Computers and cryptography changed this:
I
These problems now have great practical importance.
We would like fast algorithms for primality and factoring
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
These are very old problems.
I
For centuries, the only had theoretical importance.
I
Computers and cryptography changed this:
I
These problems now have great practical importance.
We would like fast algorithms for primality and factoring
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
These are very old problems.
I
For centuries, the only had theoretical importance.
I
Computers and cryptography changed this:
I
These problems now have great practical importance.
We would like fast algorithms for primality and factoring
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
The problems
I
These are very old problems.
I
For centuries, the only had theoretical importance.
I
Computers and cryptography changed this:
I
These problems now have great practical importance.
We would like fast algorithms for primality and factoring
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 1
What is the size of an integer?
I
The number of digits
I
Essentially independant from the base
I
We will use base 2
I
Size of n=binary logarithm of n
denoted by log n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 2
Speed of the algorithms= number of elementary operations for an
input less than n
I
We look for an upper bound
I
Good algorithms are polynomials in log n
I
Algorithms polynomial in n are useless for practical purposes
in cryptography (and elsewhere!)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 2
Speed of the algorithms= number of elementary operations for an
input less than n
I
We look for an upper bound
I
Good algorithms are polynomials in log n
I
Algorithms polynomial in n are useless for practical purposes
in cryptography (and elsewhere!)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 2
Speed of the algorithms= number of elementary operations for an
input less than n
I
We look for an upper bound
I
Good algorithms are polynomials in log n
I
Algorithms polynomial in n are useless for practical purposes
in cryptography (and elsewhere!)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 2
Speed of the algorithms= number of elementary operations for an
input less than n
I
We look for an upper bound
I
Good algorithms are polynomials in log n
I
Algorithms polynomial in n are useless for practical purposes
in cryptography (and elsewhere!)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Measuring the speed of an algorithm 3
A basic example
Exercize: searching in a list
I
Looking for a phone number in a phone directory of size n:
I
Average time log n − 1, worst case log n
I
Looking for a name given a phone number in a phone
directory of size n:
I
Average time n/2, worst case n
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
Erase the multiples of 2, 3, 5...
1
11
21
31
41
51
61
71
81
91
2
12
22
32
42
52
62
72
82
92
3
13
23
33
43
53
63
73
83
93
4
14
24
34
44
54
64
74
84
94
5
15
25
35
45
55
65
75
85
95
6
16
26
36
46
56
66
76
86
96
7
17
27
37
47
57
67
77
87
97
8
18
28
38
48
58
68
78
88
98
9 10
19 20
29 30
39 40
49 50
59 60
69 70
79 80
89 90
99 100
The remaining numbers are prime
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
A basic algorithm: the sieve of Erathostenes
I
This is a primality and factoring algorithm.
√
Its running time is n.
I
It is not practical.
I
Primality is difficult to check in this way.
I
4 171
I
29 999
I
31 313
I
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Primality versus factoring
I
Factoring implies primality testing.
I
The converse is false.
I
Let n = 267519364725913141
I
Then 2n ≡ 206202581251030580 mod n (easy!)
I
Hence n is not prime, by Fermat’s theorem.
Proving that a number is composite does not give a factorization:
these are two different problems.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Plan of the course
I
1. Recall some basic tools:
I
GCD, Jacobi symbol and quadratic reciprocity.
I
2. The classical primality algorithms:
I
Fermat, Rabin-Miller, Solovay-Strassen.
I
AKS: a polynomial solution to the primality problem
I
3. The classical factoring algoprithms:
I
Fermat, Continued fraction, Pollard’s rho method
I
Ending with the quadratic sieve.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Running time
I
We consider an algorithm whose input is an integer.
I
How long does it take For an input less than n?
I
Two possibilities :
I
Worst case
I
Average
I
We will consider the first (upper bound for the running time)
I
We obtain a function f (n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Equivalents
I
We are not interested in the exact time,
I
Only in equivalents.
I
Notation O ∼
I
g is in O ∼ (f ) if g is in O(fP(log f )) for some polynomial P
I
n log2 n is in O ∼ (n)
I
n2 log n is in O ∼ (n2 )
I
log2 n log log n is in O ∼ (log2 n)
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Determinism
I
Consider an algorithm wich gives a yes/no answer
I
It is deterministic in time O ∼ (f (n)) if it always gives an
answer in time O ∼ (f (n)).
I
It is probabilistic in time O ∼ (f (n)) if it gives an answer in
time O ∼ (f (n)) with probability 1 − .
I
Probabilistic algorithms are useful in practice.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Determinism
I
Consider an algorithm wich gives a yes/no answer
I
It is deterministic in time O ∼ (f (n)) if it always gives an
answer in time O ∼ (f (n)).
I
It is probabilistic in time O ∼ (f (n)) if it gives an answer in
time O ∼ (f (n)) with probability 1 − .
I
Probabilistic algorithms are useful in practice.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Determinism
I
Consider an algorithm wich gives a yes/no answer
I
It is deterministic in time O ∼ (f (n)) if it always gives an
answer in time O ∼ (f (n)).
I
It is probabilistic in time O ∼ (f (n)) if it gives an answer in
time O ∼ (f (n)) with probability 1 − .
I
Probabilistic algorithms are useful in practice.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Algorithms: Determinism
I
Consider an algorithm wich gives a yes/no answer
I
It is deterministic in time O ∼ (f (n)) if it always gives an
answer in time O ∼ (f (n)).
I
It is probabilistic in time O ∼ (f (n)) if it gives an answer in
time O ∼ (f (n)) with probability 1 − .
I
Probabilistic algorithms are useful in practice.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers
I
N = {0, 1, 2, . . .} monoid of positive integers
I
Z = {−2, −1, 0, 1, 2, . . .} ring of integers
I
To any number n ∈ Z associate the ideal nZ.
I
Statements are simpler in terms of ideal (no difference
between n and −n).
I
We will not really need this distinction here.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers
I
N = {0, 1, 2, . . .} monoid of positive integers
I
Z = {−2, −1, 0, 1, 2, . . .} ring of integers
I
To any number n ∈ Z associate the ideal nZ.
I
Statements are simpler in terms of ideal (no difference
between n and −n).
I
We will not really need this distinction here.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers
I
N = {0, 1, 2, . . .} monoid of positive integers
I
Z = {−2, −1, 0, 1, 2, . . .} ring of integers
I
To any number n ∈ Z associate the ideal nZ.
I
Statements are simpler in terms of ideal (no difference
between n and −n).
I
We will not really need this distinction here.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers
I
N = {0, 1, 2, . . .} monoid of positive integers
I
Z = {−2, −1, 0, 1, 2, . . .} ring of integers
I
To any number n ∈ Z associate the ideal nZ.
I
Statements are simpler in terms of ideal (no difference
between n and −n).
I
We will not really need this distinction here.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers
I
N = {0, 1, 2, . . .} monoid of positive integers
I
Z = {−2, −1, 0, 1, 2, . . .} ring of integers
I
To any number n ∈ Z associate the ideal nZ.
I
Statements are simpler in terms of ideal (no difference
between n and −n).
I
We will not really need this distinction here.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Numbers and Primes
I
Z is euclidian :
I
For any a ∈ Z and any b ∈ Z with b > 0, we can write in a
unique way a = bq + r , with q, r ∈ Z and 0 ≤ r < b.
I
Hence Z is a principal ring: every ideal is generated by a
unique element.
I
p ∈ N is prime if it has exactly two divisors.
I
1 is not prime.
I
Any integer can be written in a unique way (up to
permutation) as a product of prime numbers.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Operations
I
Addition : needs log n bit operations.
I
Multiplication : needs log(n)2 bit operations by the trivial
algorithm, log n log log n by fast Fourier transform.
I
Euclidian division.
I
These 3 operations can be done in time O ∼ (log n).
I
Exponentiation to the power n can be done in log n
multiplication (but of increasing size).
I
Exponentiation to the power n mod r can be done in log n
multiplication of constant size.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
GCD
I
Any two numbers a, b have a greatest common divisor.
I
It is clear that GCD(a, b)= GCD(a − bq, b)
I
Euclidian division: a = bq + r
I
GCD(a,b)=GCD(b,r)
I
This gives the very fast Euclid algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
GCD
I
Any two numbers a, b have a greatest common divisor.
I
It is clear that GCD(a, b)= GCD(a − bq, b)
I
Euclidian division: a = bq + r
I
GCD(a,b)=GCD(b,r)
I
This gives the very fast Euclid algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
GCD
I
Any two numbers a, b have a greatest common divisor.
I
It is clear that GCD(a, b)= GCD(a − bq, b)
I
Euclidian division: a = bq + r
I
GCD(a,b)=GCD(b,r)
I
This gives the very fast Euclid algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
GCD
I
Any two numbers a, b have a greatest common divisor.
I
It is clear that GCD(a, b)= GCD(a − bq, b)
I
Euclidian division: a = bq + r
I
GCD(a,b)=GCD(b,r)
I
This gives the very fast Euclid algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
GCD
I
Any two numbers a, b have a greatest common divisor.
I
It is clear that GCD(a, b)= GCD(a − bq, b)
I
Euclidian division: a = bq + r
I
GCD(a,b)=GCD(b,r)
I
This gives the very fast Euclid algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Euclid Algorithm
GCD(a,b):
While b>0 r:=a mod b a:=b b:=r
Output(a)
The worst case is th Fibonacci sequence
Running time in O(log n) divisions
Hence O ∼ (log2 n) bit operations
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Euclid Algorithm
GCD(a,b):
While b>0 r:=a mod b a:=b b:=r
Output(a)
The worst case is th Fibonacci sequence
Running time in O(log n) divisions
Hence O ∼ (log2 n) bit operations
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Euclid Algorithm
GCD(a,b):
While b>0 r:=a mod b a:=b b:=r
Output(a)
The worst case is th Fibonacci sequence
Running time in O(log n) divisions
Hence O ∼ (log2 n) bit operations
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Euclid Algorithm
GCD(a,b):
While b>0 r:=a mod b a:=b b:=r
Output(a)
The worst case is th Fibonacci sequence
Running time in O(log n) divisions
Hence O ∼ (log2 n) bit operations
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Quadratic residues
I
Let p be an odd prime; is n a square mod. p?
I
In Z/7Z , we have 12 = 1 = 62 , 22 = 4 = 52 , 32 = 2 = 42 .
I
Hence 3 and 5 are not squares mod. 7.
I
For large p, it is a difficult question.
I
If n is a square mod. p, we say that it is a quadratic residue
mod. P
I
Otherwise, it is a non residue
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 1: definition
I
Given an odd prime p, we define the Legendre symbol ( pn ) by
I
( pn ) = 0 if n is a multiple of p
I
( pn ) = 1 if n is a quadratic residue mod. p
I
( pn ) = −1 if n is a quadratic nonresidue mod. p
I
How can we compute ( pn )?
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 1: definition
I
Given an odd prime p, we define the Legendre symbol ( pn ) by
I
( pn ) = 0 if n is a multiple of p
I
( pn ) = 1 if n is a quadratic residue mod. p
I
( pn ) = −1 if n is a quadratic nonresidue mod. p
I
How can we compute ( pn )?
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 1: definition
I
Given an odd prime p, we define the Legendre symbol ( pn ) by
I
( pn ) = 0 if n is a multiple of p
I
( pn ) = 1 if n is a quadratic residue mod. p
I
( pn ) = −1 if n is a quadratic nonresidue mod. p
I
How can we compute ( pn )?
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 1: definition
I
Given an odd prime p, we define the Legendre symbol ( pn ) by
I
( pn ) = 0 if n is a multiple of p
I
( pn ) = 1 if n is a quadratic residue mod. p
I
( pn ) = −1 if n is a quadratic nonresidue mod. p
I
How can we compute ( pn )?
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 1: definition
I
Given an odd prime p, we define the Legendre symbol ( pn ) by
I
( pn ) = 0 if n is a multiple of p
I
( pn ) = 1 if n is a quadratic residue mod. p
I
( pn ) = −1 if n is a quadratic nonresidue mod. p
I
How can we compute ( pn )?
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 2: basic properties
( pa ) ≡ a(p−1)/2 mod p
Proof:
I
Suppose a is not a multiple of p
I
Then ap−1 = 1 in Z/pZ
I
Hence a(p−1)/2 = ±1
I
If a(p−1)/2 = −1 and a = b 2 , then b p−1 = −1: impossible
I
If a(p−1)/2 = 1, write a = g j , where g is a generator of Z/PZ∗
I
Hence g j(p−1)/2 = 1, which implies j is even and a is a square.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 3: basic properties
I
( pa ) depends only on a mod p.
I
a b
( ab
p ) = ( p )( p )
I
If b is prime with p, ( abp ) = ( pa )
I
( p1 ) = 1
I
(p−1)/2
( −1
p ) = (−1)
I
( p2 ) = 1 if p ≡ ±1 mod 8, = −1 if p ≡ ±3 mod 8, or
I
( p2 ) = (−1)(p
2
2 −1)/8
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( pq ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( qp ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( qp ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( qp ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( qp ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Legendre Symbol 4: Quadratic reciprocity
I
Let p and q be two odd primes.
I
Then( qp ) = −( qp ) if p ≡ q ≡ 3 mod 4
I
( qp ) = ( qp ) otherwise
I
or
Quadratic reciprocity ( qp ) = (−1)(p−1)(q−1)/4 ( pq )
The proof is valid only for prime numbers, which is inconvenient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Jacobi symbol
I
Let n = p1α1 . . . prαr .
I
Define the Jacobi symbol by ( na ) = ( pa1 )α1 . . . ( par )αr .
I
all the basic properties also hold for the Jacobi symbols.
I
This allows a fast computation of the Jacobi symbol.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Jacobi symbol
I
Let n = p1α1 . . . prαr .
I
Define the Jacobi symbol by ( na ) = ( pa1 )α1 . . . ( par )αr .
I
all the basic properties also hold for the Jacobi symbols.
I
This allows a fast computation of the Jacobi symbol.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Jacobi symbol
I
Let n = p1α1 . . . prαr .
I
Define the Jacobi symbol by ( na ) = ( pa1 )α1 . . . ( par )αr .
I
all the basic properties also hold for the Jacobi symbols.
I
This allows a fast computation of the Jacobi symbol.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Algorithms
Numbers and operations
Tools: GCD and Jacobi symbol
Jacobi symbol
I
Let n = p1α1 . . . prαr .
I
Define the Jacobi symbol by ( na ) = ( pa1 )α1 . . . ( par )αr .
I
all the basic properties also hold for the Jacobi symbols.
I
This allows a fast computation of the Jacobi symbol.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s theorem
I
If p is prime, and a is not a multiple of p
I
then ap−1 ≡ 1 mod p.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s theorem
I
If p is prime, and a is not a multiple of p
I
then ap−1 ≡ 1 mod p.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s primality test
I
Let n be any integer.
I
Let a be coprime to n
I
If an−1 is not congruent to 1 mod n, n is not prime.
I
Definition: n is pseudoprime to the base a if an−1 ≡ 1
mod n .
I
Any prime number p is pseudoprime to any base a < p.
This is a very simple algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s primality test
I
Let n be any integer.
I
Let a be coprime to n
I
If an−1 is not congruent to 1 mod n, n is not prime.
I
Definition: n is pseudoprime to the base a if an−1 ≡ 1
mod n .
I
Any prime number p is pseudoprime to any base a < p.
This is a very simple algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s primality test
I
Let n be any integer.
I
Let a be coprime to n
I
If an−1 is not congruent to 1 mod n, n is not prime.
I
Definition: n is pseudoprime to the base a if an−1 ≡ 1
mod n .
I
Any prime number p is pseudoprime to any base a < p.
This is a very simple algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s primality test
I
Let n be any integer.
I
Let a be coprime to n
I
If an−1 is not congruent to 1 mod n, n is not prime.
I
Definition: n is pseudoprime to the base a if an−1 ≡ 1
mod n .
I
Any prime number p is pseudoprime to any base a < p.
This is a very simple algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Fermat’s primality test
I
Let n be any integer.
I
Let a be coprime to n
I
If an−1 is not congruent to 1 mod n, n is not prime.
I
Definition: n is pseudoprime to the base a if an−1 ≡ 1
mod n .
I
Any prime number p is pseudoprime to any base a < p.
This is a very simple algorithm
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
BUT
I
there are composite integers n which are pseudoprime to any
base coprime to n:
I
Carmichael numbers
I
The smallest one is 561
The Fermat test is not good to prove primality.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
BUT
I
there are composite integers n which are pseudoprime to any
base coprime to n:
I
Carmichael numbers
I
The smallest one is 561
The Fermat test is not good to prove primality.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
BUT
I
there are composite integers n which are pseudoprime to any
base coprime to n:
I
Carmichael numbers
I
The smallest one is 561
The Fermat test is not good to prove primality.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
BUT
I
there are composite integers n which are pseudoprime to any
base coprime to n:
I
Carmichael numbers
I
The smallest one is 561
The Fermat test is not good to prove primality.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
BUT
I
there are composite integers n which are pseudoprime to any
base coprime to n:
I
Carmichael numbers
I
The smallest one is 561
The Fermat test is not good to prove primality.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
A Carmichael number n is product of distinct primes.
I
It is a product of at least 3 primes p1 , . . . , pr
I
pk − 1 must divide n − 1
I
Example: 561 = 3 × 11 × 17
I
There are infinitely many Carmichael numbers
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
A Carmichael number n is product of distinct primes.
I
It is a product of at least 3 primes p1 , . . . , pr
I
pk − 1 must divide n − 1
I
Example: 561 = 3 × 11 × 17
I
There are infinitely many Carmichael numbers
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
A Carmichael number n is product of distinct primes.
I
It is a product of at least 3 primes p1 , . . . , pr
I
pk − 1 must divide n − 1
I
Example: 561 = 3 × 11 × 17
I
There are infinitely many Carmichael numbers
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
A Carmichael number n is product of distinct primes.
I
It is a product of at least 3 primes p1 , . . . , pr
I
pk − 1 must divide n − 1
I
Example: 561 = 3 × 11 × 17
I
There are infinitely many Carmichael numbers
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Carmichael numbers
I
A Carmichael number n is product of distinct primes.
I
It is a product of at least 3 primes p1 , . . . , pr
I
pk − 1 must divide n − 1
I
Example: 561 = 3 × 11 × 17
I
There are infinitely many Carmichael numbers
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is prime, then for any b < n, ( bn ) ≡ b (n−1)/2 mod n
I
Definition: n is Euler pseudoprime to base b < n if the
previous equation holds.
I
Remark: if n is a Euler pseudoprime to base b, it is
pseudoprime to base b.
I
The converse is false: 390 ≡ 1 mod 91, but 345 ≡ 27 mod 91
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is prime, then for any b < n, ( bn ) ≡ b (n−1)/2 mod n
I
Definition: n is Euler pseudoprime to base b < n if the
previous equation holds.
I
Remark: if n is a Euler pseudoprime to base b, it is
pseudoprime to base b.
I
The converse is false: 390 ≡ 1 mod 91, but 345 ≡ 27 mod 91
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is prime, then for any b < n, ( bn ) ≡ b (n−1)/2 mod n
I
Definition: n is Euler pseudoprime to base b < n if the
previous equation holds.
I
Remark: if n is a Euler pseudoprime to base b, it is
pseudoprime to base b.
I
The converse is false: 390 ≡ 1 mod 91, but 345 ≡ 27 mod 91
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is prime, then for any b < n, ( bn ) ≡ b (n−1)/2 mod n
I
Definition: n is Euler pseudoprime to base b < n if the
previous equation holds.
I
Remark: if n is a Euler pseudoprime to base b, it is
pseudoprime to base b.
I
The converse is false: 390 ≡ 1 mod 91, but 345 ≡ 27 mod 91
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
If n is Euler pseudoprime to base b1 , but not to base b2 , then
it is not pseudoprime to base b1 b2 .
I
If n is not Euler pseudoprime to one base, it is not pseudo
prime to at least 50% of the possible bases.
I
BUT
I
If n is composite, it is not Euler pseudoprime to at least one
base.
I
There is no equivalent of Carmichael numbers for Euler
pseudoprimes.
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Solovay-Strassen primality test
I
For a given integer n
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ( bni ) and bi (n−1)/2 mod n
I
in time O(log3 n)
I
If they are different, n is composite.
I
If they are equal, n is prime with probability 1 −
Pierre Arnoux
1
2r
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Strong Pseudoprimes
I
If n is prime,
√
1 = ±1 in Z/pZ.
2k t,
I
Let n − 1 =
and b prime with n, such that b t is not
congruent to 1.
I
If n is prime, there exists j < k such that b 2 t ≡ −1 mod n
I
Definition: if b t ≡ 1 mod n or there exists j such that
j
b 2 t ≡ −1 mod n, we say that n is strong pseudoprime to
base b.
I
If n is a strong pseudoprime to the base b, it is an Euler
pseudoprime to the base b
I
One can prove that, if n is composite, it is a strong
pseudoprime to at most at most 25% of bases.
j
This gives a primality test
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
Compute n = 2k t
I
Chose bases b1 , . . . br < n
I
Check that bi is prime with n
I
Compute ai = bit ; if ai ≡ 1 mod n, n is pseudoprime to base
bi : Stop.
I
Compute the successive squares of ai ; if one of these is −1, n
is pseudoprime to base bi : Stop.
I
If aik ≡ 1 mod n and ajk−1 is not congruent to ±1, n is
composite
if n passes the test, it is prime with probability 1 − 4−r
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
Rabin-Miller primality test
I
We would like a deterministic test.
I
If we knew that for any composite n there is a small b such
that n is not strong pseudoprime to base b, Rabin-Miller
would be deterministic.
I
This is true if the GRH holds.
I
Remark: there is only one composite n < 1010 which is strong
pseudoprime to bases 2, 3, 5, 7. The Rabin-Miller test is very
efficient.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur.
I
This solves a long standing problem.
We will discuss this algorithm in the next lecture.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur.
I
This solves a long standing problem.
We will discuss this algorithm in the next lecture.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur.
I
This solves a long standing problem.
We will discuss this algorithm in the next lecture.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur.
I
This solves a long standing problem.
We will discuss this algorithm in the next lecture.
Pierre Arnoux
Factoring and primality testing I
Introduction
Basic tools
Primality testing: classical algorithms
Fermat’s test and Carmichael numbers
Solovay-Strassen
Rabin-Miller
AKS
The Agrawal Kayal Saxena (AKS) test
I
There is now a deterministic test in polynomial time.
I
Created in 2002 by 3 indian computer scientists
I
at the Institute of Technology of Kanpur.
I
This solves a long standing problem.
We will discuss this algorithm in the next lecture.
Pierre Arnoux
Factoring and primality testing I