## PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME (2004)

Venue: | AIMED AT MATH. COMP. |

Citations: | 18 - 0 self |

### BibTeX

@MISC{Bernstein04provingprimality,

author = {Daniel J. Bernstein},

title = { PROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME},

year = {2004}

}

### OpenURL

### Abstract

This paper presents an algorithm that, given a prime n, finds and verifies a proof of the primality of n in random time (lg n) 4+o(1). Several practical speedups are incorporated into the algorithm and discussed in detail.

### Citations

107 | On distinguishing prime numbers from composite numbers - Adleman, Pomerance, et al. - 1983 |

69 | Almost all primes can be quickly certified - Goldwasser, Kilian - 1986 |

45 |
Primality testing and abelian varieties over finite fields
- Adleman, Huang
- 1992
(Show Context)
Citation Context ...rameters. See Sections 3 and 7 of this paper. Competition. Another way to prove the primality of n is to exhibit a factor of the Jacobian group of a hyperelliptic curve over Z/n. Adleman and Huang in =-=[2]-=- proved that every prime n has a certificate of this type that can be found in random time (lg n) O(1) and verified in time at most (lg n) 3+o(1) . The O(1) here is large. A previous algorithm of Atki... |

41 | Detecting perfect powers in essentially linear time
- Bernstein
- 1998
(Show Context)
Citation Context ... time (lg n) 2+o(1) . • Section 6 presents an algorithm to verify a reasonably small certificate in time (lg n) 4+o(1) . Onecanprovethatnis not a perfect power in time (lg n) 1+o(1) , as explained in =-=[6]-=- and [10], so prime-power proving is tantamount to prime proving. Section 7 discusses verification speed in more detail. Some of the complications in the certificate definition are irrelevant to the 4... |

30 | Finding suitable curves for the elliptic curve method of factorization - Atkin, Morain - 1993 |

28 | Leeuwen (editor), Handbook of theoretical computer science, volume - van - 1990 |

22 | Primality testing using elliptic curves - Goldwasser, Kilian - 1999 |

20 |
Self-Witnessing Polynomial-Time Complexity and Prime Factorization, in
- Fellows, Koblitz
- 1992
(Show Context)
Citation Context ...ses an idea that one might call “proving primality with combinatorics.” This idea was introduced by Agrawal, Kayal, and Saxena in [4]. (Primitive forms of the idea were used by Fellows and Koblitz in =-=[15]-=-, and by Konyagin and Pomerance in [20].) The Agrawal-Kayal-Saxena algorithm proves primality in polynomial time, using combinatorics in cyclotomic extensions of Z/n. The algorithm in this paper repla... |

17 | On the list and bounded distance decodability of the ReedSolomon codes - Cheng, Wan |

17 |
On primes recognizable in deterministic polynomial time, in [15
- Konyagin, Pomerance
- 1997
(Show Context)
Citation Context ...g primality with combinatorics.” This idea was introduced by Agrawal, Kayal, and Saxena in [4]. (Primitive forms of the idea were used by Fellows and Koblitz in [15], and by Konyagin and Pomerance in =-=[20]-=-.) The Agrawal-Kayal-Saxena algorithm proves primality in polynomial time, using combinatorics in cyclotomic extensions of Z/n. The algorithm in this paper replaces cyclotomic extensions with random K... |

11 | Detecting perfect powers by factoring into coprimes
- Bernstein, Lenstra, et al.
(Show Context)
Citation Context ...g n) 2+o(1) . • Section 6 presents an algorithm to verify a reasonably small certificate in time (lg n) 4+o(1) . Onecanprovethatnis not a perfect power in time (lg n) 1+o(1) , as explained in [6] and =-=[10]-=-, so prime-power proving is tantamount to prime proving. Section 7 discusses verification speed in more detail. Some of the complications in the certificate definition are irrelevant to the 4+o(1) res... |

9 | Sharpening ’primes in p’ for a large family of numbers
- Berrizbeitia
- 2005
(Show Context)
Citation Context ...is paper replaces cyclotomic extensions with random Kummer extensions, so that it can twist x − 1intoζx − 1, ζ 2 x − 1, etc.; see the proof of Theorem 2.1. This idea was introduced by Berrizbeitia in =-=[11]-=-, in the special case of Kummer extensions whose degrees are powers of 2. Berrizbeitia’s algorithm proves primality in random time (lg n) 4+o(1) for a sparse set of primes n, namelythosefor which n 2 ... |

9 |
On some subgroups of the multiplicative group of finite rings
- Voloch
(Show Context)
Citation Context ... one can further reduce thesPROVING PRIMALITY IN ESSENTIALLY QUARTIC RANDOM TIME 401 lower bound on e by using unit-group factors to quickly increase the lower bound on primes p dividing n. Voloch in =-=[27]-=- suggested considering products in Fp[x] of degree somewhat larger than e, and applying the ABC theorem. I showed in [7] that, if #S = 1 and n does not have any tiny factors, then four distinct produc... |

8 |
Efficient quasi-deterministic primality test improving AKS
- Avanzi, Mihăilescu
(Show Context)
Citation Context ...anuary 2003. Mihăilescu and Avanzi realized, independently of my work, that Berrizbeitia’s idea could be generalized to arbitrary positive integers e. They eventually posted their generalization; see =-=[24]-=-. See Section 8 for a simplified proof of a similar generalization, and a discussion of how this generalization differs from mine. Most papers in this field have been written with a casual disregard f... |

7 |
Fast multiplication and its applications, to appear in Buhler-Stevenhagen Algorithmic number theory book. URL:http://cr.yp.to/papers.html#multapps
- Bernstein
(Show Context)
Citation Context ...ertificates (d, e, 0, 0,f,r,{1}) constructed in Section 4, with d ∈ (lg n) o(1) and e ∈ (lg n) 2+o(1) , are reasonably small. The reader is assumed to be familiar with fast multiplication. See, e.g., =-=[8]-=-. The basic conditions. Computing n d − 1, and checking that it is divisible by e, takes time (lg n) 1+o(1) . Checking that e>c≥ c− ≥ 0 takes time (lg n) o(1) . Multiplying in Z/n takes time (lg n) 1+... |

5 |
Primality proving via one round
- Cheng
- 2003
(Show Context)
Citation Context ...braries at the Mathematical Sciences Research Institute, the University of California at Berkeley, and the American Institute of Mathematics. 389 c○2006 by the authors390 DANIEL J. BERNSTEIN Cheng in =-=[12]-=- adapted Berrizbeitia’s idea to prime degrees. Cheng’s algorithm proves primality in random time (lg n) 4+o(1) for a larger set of primes n, namely those for which n − 1 is divisible by a prime e ≈ (l... |

4 | On the bounded sum-of-digits discrete logarithm problem in finite fields
- Cheng
(Show Context)
Citation Context ... time for the new algorithm smaller than the (lg n) 4+o(1) time to find elliptic-curve certificates? My current impression is that the answer is no, but that further results along the lines of [7] or =-=[13]-=- could change the answer. See the end of Section 7 for further discussion of [7] and [13]. The literature contains many more methods to distinguish prime numbers from composite numbers. See my survey ... |

4 | Jaroslav Neˇsetˇril (editors), The mathematics of Paul Erdős - Graham - 1997 |

4 | Fast multiplication and its applications. Available from http://cr.yp. to/papers.html - Bernstein |

3 | Almost all primes can be quickly certified, in [1 - Goldwasser, Kilian - 1986 |

2 |
Distinguishing prime numbers from composite numbers: the state of the art in 2004. Available from http://cr.yp.to/papers.html
- Bernstein
(Show Context)
Citation Context ... change the answer. See the end of Section 7 for further discussion of [7] and [13]. The literature contains many more methods to distinguish prime numbers from composite numbers. See my survey paper =-=[9]-=- for a comparison of the speed and effectiveness of these methods. For example, there are randomized compositenessproving algorithms that reliably detect (but do not prove) primality and that take tim... |

2 |
Neal Koblitz, Self-witnessing polynomial-time complexity and prime factorization
- Fellows
- 1992
(Show Context)
Citation Context ...ses an idea that one might call “proving primality with combinatorics.” This idea was introduced by Agrawal, Kayal, and Saxena in [4]. (Primitive forms of the idea were used by Fellows and Koblitz in =-=[15]-=-, and by Konyagin and Pomerance in [20].) The Agrawal-Kayal-Saxena algorithm proves primality in polynomial time, using combinatorics in cyclotomic extensions of Z/n. The algorithm in this paper repla... |

2 |
Some remarks and questions about the AKS algorithm and related conjecture
- Macaj
- 2002
(Show Context)
Citation Context ...ition. This is the simplest approach. • Used in Theorem 3.2: The available equations for x − s imply that G is always isomorphic to its image in (k[x]/h) ∗ . This idea was first published by Macaj in =-=[23]-=-; it was discovered independently by Agrawal. The original approach of Agrawal, Kayal, and Saxena in [4] was to work instead with the cyclic image of G in (k[x]/h) ∗ and to force the degree of h to be... |

2 | Sharpening PRIMES is in P for a large family of numbers (2002). Available from http://arxiv.org/abs/math.NT/0211334 - Berrizbeitia |

1 |
ABC-based bounds for congruent polynomials, to appear, Journal de Théorie des Nombres de Bordeaux
- Bernstein, Sharper
(Show Context)
Citation Context ... 4+o(1) time for the new algorithm smaller than the (lg n) 4+o(1) time to find elliptic-curve certificates? My current impression is that the answer is no, but that further results along the lines of =-=[7]-=- or [13] could change the answer. See the end of Section 7 for further discussion of [7] and [13]. The literature contains many more methods to distinguish prime numbers from composite numbers. See my... |

1 | Jaroslav Neˇsetˇril, The mathematics of Paul Erdős - Graham - 1997 |

1 |
GMP 4.1.3 :GNU multiple precision arithmetic library
- Granlund
- 2004
(Show Context)
Citation Context ...ple, one can represent an element of (Z/n)[x]/(x e − r) as an array of e integers in {0, 1,...,n− 1}, each integer being represented in turn as an mpz_t variable using Granlund’s GMP 4.1.3 library in =-=[19]-=-. Specifically, the mpz_t variables poly[0], poly[1], ...,poly[e−1] represent the polynomial poly[0] + poly[1]x + ···+ poly[e − 1]x e−1 in (Z/n)[x]/(x e − r). The following function then replaces poly... |

1 | Galois theory and primality testing, in [25 - Lenstra - 1985 |

1 | Roggenkamp (editors), Orders and their applications: proceedings of the conference held - Reiner, W - 1985 |

1 | of the 18th annual ACM symposium on theory of computing, Association for Computing Machinery - Proceedings - 1986 |

1 | Galois theory and primality testing, in [21 - Lenstra - 1985 |