Results

**1 - 2**of**2**### 18.783 Elliptic Curves Spring 2013 Lecture #13 03/21/2013

"... In this lecture, we consider the following problem: given a positive integer N, how can we efficiently determine whether N is prime or not? This question is intimately related to the problem of factoring N. Without a method for determining primality, we have no way of knowing when we have completely ..."

Abstract
- Add to MetaCart

(Show Context)
In this lecture, we consider the following problem: given a positive integer N, how can we efficiently determine whether N is prime or not? This question is intimately related to the problem of factoring N. Without a method for determining primality, we have no way of knowing when we have completely factored N. This is a serious issue for probabilistic factorization algorithms such as ECM: if we attempt to factor a prime number N with the ECM algorithm, the algorithm will never terminate. This problem is in not unique to ECM; currently every known factorization algorithm that achieves a subexponential running time (even heuristically) is a randomized algorithm; in the absence of an explicit primality test most of these algorithms will simply fail to terminate on prime inputs. Even if we are able to ensure termination, there is still the issue of correctness. If a Monte Carlo algorithm outputs the factorization N = pq, it is easy to check whether the product of p and q is in fact equal to N. But how do we know that this is the complete factorization of N? We need a way to unequivocally prove that p and q are both prime. 13.1 Classical primality tests The most elementary approach to the problem is trial division: attempt to divide N by every integer p ≤ √ N. If no such p divides N, then N must be prime. This takes time O ( √ NM(log N)), which is exponential in log N. Remark 13.1. This complexity bound can be slightly improved. Using fast sieving techniques [6, Alg. 3.2.2], we can enumerate the primes p up to √ N in O ( √ N log N / log log N) time and then perform trial divisions by just the primes p ≤ √ N. Applying the prime number theorem and the Schönhage-Strassen bound, the sieving time dominates the cost of the divisions and the overall complexity of trial division becomes O ( √ N log N / log log N). Many early primality tests were based on Fermat’s little theorem. Theorem 13.2 (Fermat). If N is prime, then for all a ∈ Z/NZ: a N = a. This implies that if a N = a for some a ∈ Z/NZ, then N cannot be prime. This gives us a way to efficiently prove that certain integers are composite. For example, N = 91 is not prime, since: 2 91 ≡ 37 mod 91. But this does not always work. For example, 341 = 11 · 31 is not clearly not prime, but