Primality test and Factorization - The Millard
advertisement
Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Primality test and Factorization The Millard-Rabin primality test and the Rho-Pollard factorization heuristic Alpar Sadr Carleton University March 31, 2015 Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Definitions Basics Primality Properties of primes Fermat’s Theorem Pseudoprimes Distribution of numbers Millard-Rabin Primality Test Millard-Rabin Algorithm The Composite Function Pollard’s Rho Heuristic Integer Factorization Algorithm References Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Basics Primality Definitions Let a, b and c be integers ( a, b, c ∈ Z ). I a divides b if there is an integer k such that b = ak. I a is a divisor of b if a > 0. The trivial divisors of a are 1 and a. I a is a common divisor of b and c if a is a divisor of b and a is a divisor of c. I The greatest common divisor of a and b, denoted by GCD(a, b), is the maximum of the set of common divisors of a and b. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Basics Primality Definitions Let a, b ∈ Z. I a is a prime if its only divisors are the trivial ones. I a is a composite if it has other divisors. I a and b are coprime if GCD(a, b) = 1. Note that there are numbers that are neither prime nor composite, such as 0 or 1. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Fermat’s Little Theorem Theorem If p is prime, then for any integer a, p divides ap − a Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Implications of Fermat’s Little Theorem Theorem: p divides ap − a for every integer a I Theorem can be rewritten as ap ≡ a mod p. I If a and p are coprime then ap−1 ≡ 1 mod p. I If for some integer a, p does not divide ap − a, then p is not prime. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Implications of Fermat’s Little Theorem Theorem: p divides ap − a for every integer a I Theorem can be rewritten as ap ≡ a mod p. I If a and p are coprime then ap−1 ≡ 1 mod p. I If for some integer a, p does not divide ap − a, then p is not prime. I Can we use this fact to find prime numbers? Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Pseudoprimes and Charmichael numbers Strong Theorem: If a and p are coprime then ap−1 ≡ 1 mod p. I There are composite numbers that satisfy ap−1 ≡ 1 mod p for some integer a. Those are base-a pseudoprimes. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Pseudoprimes and Charmichael numbers Strong Theorem: If a and p are coprime then ap−1 ≡ 1 mod p. I There are composite numbers that satisfy ap−1 ≡ 1 mod p for some integer a. Those are base-a pseudoprimes. I What about trying different bases? Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Pseudoprimes and Charmichael numbers Strong Theorem: If a and p are coprime then ap−1 ≡ 1 mod p. I There are composite numbers that satisfy ap−1 ≡ 1 mod p for some integer a. Those are base-a pseudoprimes. I What about trying different bases? I There are composite numbers that satisfy ap−1 ≡ 1 mod p for every integer a. Those are the Charmichael numbers or Fermat pseudoprimes. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Distribution of primes Theorem The prime number theorem: lim π(n) n→∞ n ln(n) =1 where π(n) is the number of primes up to n. I This gives a fair approximation of the distribution of prime numbers over an interval. I The difference in the ratio between numerator and denominator is of 6% for n = 109 . Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Fermat’s Theorem Pseudoprimes Distribution of numbers Distribution of Charmichael numbers I Lower bound on the number of Charmichael numbers up to √ some large integer n is of 3 n. Note that 1021 is considered small as the lower bound is not satisfied yet. I The known upper bound is ugly but grows very slowly. We know how many times we should sample numbers to get a possible prime and since Charmichael numbers are rare, trying different bases should increase our confidence. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Millard-Rabin Algorithm The Composite Function Algorithm Given an odd number n > 2 and a positive integer s, MILLER-RABIN(n, s) for j ← 1 to s a ← random(1, n − 1) if ISCOMPOSITE(a, n) then return COMPOSITE return PRIME The error rate of the Miller-Rabin Algorithm for any s > 0 and odd integer n > 2 is at most of 2−s . Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Millard-Rabin Algorithm The Composite Function The ISCOMPOSITE method The ISCOMPOSITE(a, n) has two main components. 1. Checks if n is composite using Fermat’s Little Theorem 2. Checks if n is composite using the following Lemma Lemma If there exists an integer a such that a2 ≡ 1 mod n then n is composite. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Millard-Rabin Algorithm The Composite Function Modular Exponentiation Given two integers a and b, there is a simple way to find the result of ai mod b for any i. Example Let a = 3 and b = 11, i 0 1 2 3 4 5 6 7 3i 1 3 9 27 81 243 729 2187 3i mod 11 1 3 9 5 4 1 3 9 Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Integer Factorization Algorithm References Quick Introduction I Factoring an integer n into prime factors can be done with √ trial division by all integers up to n. Alternatively, factoring an integer n2 would be achieved with trial division by all integers up to n. I Pollard devised a heuristic that is expected to factor any number up to n4 for the same amount of work. Alpar Sadr Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Integer Factorization Algorithm References Pollard’s Rho Heureistic’s Algorithm POLLARD-RHO(n) i←1 x ← random(0, n − 1) y[i] ← x k←2 while TRUE x ← (x2 − 1) mod n d ← GCD(y[i] − x, n) i←i+1 if d 6= 1 and d 6= n print d if i = k y[i] ← x k ← 2k Alpar Sadr for j ← 1 to s Primality test and Factorization Outline Definitions Properties of primes Millard-Rabin Primality Test Pollard’s Rho Heuristic Integer Factorization Algorithm References References I Thomas H. Cormen et al.. Introduction to Algorithms, Second edition. Chapters 31.1,31.6,31.8 and 31.9. I Wikipedia for Charmichael numbers and Fermat’s Little Theorem. I PCTeX’s introductory TeX sample to Beamer found at http://pctex.com/UsingBeamer.html Alpar Sadr Primality test and Factorization
