DOCSLIB.ORG

Efficient Algorithms for Computing the Jacobi Symbol

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Efficient Algorithms for Computing the Jacobi Symbol J. Symbolic Computation (1998) 26, 509–523 Article No. sy980226 Efficient Algorithms for Computing the Jacobi Symbol† SHAWNA MEYER EIKENBERRY‡ AND JONATHAN P. SORENSON§ Department of Mathematics and Computer Science, Butler University, U.S.A. We present two new algorithms for computing the Jacobi Symbol: the right-shift and left-shift k-ary algorithms. For inputs of at most n bits in length, both algorithms take O(n2/ log n) time and O(n) space. This is asymptotically faster than the traditional algorithm, which is based in Euclid’s algorithm for computing greatest common divisors. In practice, we found our new algorithms to be about twice as fast for inputs of 100 to 1000 decimal digits in length. We also present parallel versions of both algorithms for 1+ the CRCW PRAM. One version takes O(n/ log log n) time using O(n ) processors, giving the first sublinear parallel algorithms for this problem. The other version takes polylog time using a subexponential number of processors. c 1998 Academic Press 1. Introduction In this paper, we present two new algorithms for computing the Jacobi symbol (see Section 2 for a definition). After a brief discussion of some applications, we review the previous work on Jacobi symbol algorithms, including both sequential and parallel com- putation models, and then we summarize our results. Solovay and Strassen (1977) observed that one may use the Jacobi symbol to proba- bilistically test for primality. Specifically, to test the integer m for primality, choose an (m 1)/2 integer a [2,m 1] uniformly at random, and compare (a/m)toa − mod m.If these do not∈ match− (modulo m), then m is composite. Otherwise, m might be prime; the probability of a composite number passing as a prime is at most 1/2. This test can be repeated to reduce the chance of error. Perhaps the most important application for the Jacobi symbol is in finding quadratic nonresidues. Nonresidues are used in computing square roots modulo a prime (see Bach (1990b, 1991) and Peralta (1986)), in writing a prime as a sum of two squares (Shallit and Rabin, 1986), and in several cryptography schemes that are based on the difficulty of computing square roots modulo a composite number (see, for example, McCurley (1990), Williams (1980, 1986), and Menezes et al. (1997)). †Computing equipment provided through a grant from the Holcomb Research Institute. A preliminary version of this paper was presented on November 3, 1995 at the AMS meeting at Kent State University, Kent, Ohio. An extended abstract appeared as Meyer and Sorenson (1996). ‡Supported by the Butler Summer Institute. §Supported by a Butler University Faculty Research Fellowship. E-mail: [email protected], URL: http://www.butler.edu/ sorenson/ ∼ 0747–7171/98/100509 + 15 $30.00/0 c 1998 Academic Press 510 S. M. Eikenberry and J. P. Sorenson As there are (p 1)/2 quadratic nonresidues modulo any odd prime p, to find a non- residue one simply− chooses integers a at random until (a/p)= 1. Under the assumption of the Extended Riemann Hypothesis (ERH), the Ankeny–Bach− theorem states that there exists a nonresidue a satisfying a 2 log2 p (Ankeny, 1952; Bach, 1990a). Thus, one may eliminate randomness by assuming≤ the validity of the unproven ERH. There are several algorithms for computing the Jacobi symbol, including the ordinary algorithm (based on Euclid’s GCD algorithm), Eisenstein’s algorithm, and Lebesgue’s algorithm (based on the least-remainder GCD algorithm); see Shallit (1990) for detailed analyses of these. The ordinary algorithm and Lebesgue’s algorithm take O(log x log y) bit operations to compute (x/y). Eisenstein’s algorithm has an exponential worst-case running time. The more recent binary algorithm (Shallit and Sorenson, 1993) takes O(log2(xy)) bit operations; this algorithm is probably the most efficient in practice. The asymptotically fastest Jacobi symbol algorithm involves computing the continued fraction expansion of x/y using Sch¨onhage’sGCD algorithm (Sch¨onhage,1971) and ex- tracting the Jacobi symbol from this information (see Gauss (1870), Bach (1990b)). This method takes only O(n log2 n log log n) bit operations, but is not considered practical. For algorithms that compute cubic and higher residuosity, see Scheidler and Williams (1995). Work on parallel Jacobi symbol algorithms is not as advanced. A straight-forward par- allelization of the binary algorithm yields an O(n) time parallel algorithm for the EREW PRAM. The only known algorithm for evaluating quadratic residuosity (Fich and Tompa, 1988) works onlyNC in finite fields, with the additional restriction that the char- acteristic be bounded by a polynomial in the input size. No algorithm is known for computing the Jacobi symbol, or even for computing GCDs;NC the question of the existence of an algorithm for GCDs is a well-known open problem in parallel com- plexity (GreenlawNCet al., 1995). See Adleman and Kompella (1988), Chor and Goldre- ich (1990), Kannan et al. (1987), and Sorenson (1994) for sublinear time and polylog time/subexponential processor parallel GCD algorithms. In this paper, we present the right-shift and left-shift k-ary Jacobi symbol algorithms, which are based on the k-ary GCD algorithms (Jebelean, 1993; Sorenson, 1994). We obtain the following results: (1) Both algorithms use at most O(log(xy)/ log k) iterations of their main loop to com- pute (x/y). See Sections 3 and 4. (2) Sequentially, both algorithms take at most O(log2(xy)/ log k) bit operations and at 2 1/2 most O(log(xy)+k log k) space when k (log(xy)) − . By setting n = log(xy) 0.4 log n 2 ≤ and k =2b c, we obtain an O(n / log n) running time using O(n) space. See Section 5. (3) In practice, we found our new algorithms to be approximately two to three times as fast as previous algorithms, including the binary algorithm, on inputs of 100–1000 decimal digits in length. See Section 6. log n 1+ (4) By choosing k =2b c, both algorithms take O(n/ log log n) time using n processors under the Common CRCW PRAM model of parallel computation. This gives the first sublinear parallel algorithms for computing the Jacobi symbol. We also obtain polylog time, subexponential processor algorithms. See Section 7. Both of our new algorithms can be readily modified to compute the Kronecker symbol. Algorithms for the Jacobi Symbol 511 2. Notation and Background We begin by reviewing the definition of the Jacobi symbol. 2.1. definitions Let a be a positive integer and let p be an odd prime. Then a is a quadratic residue (or simply residue) modulo p if gcd(a, p) = 1 and there exists an integer x such that x2 a (mod p). If a is not a quadratic residue and gcd(a, p) = 1, then we say that a is a quadratic≡ nonresidue (or nonresidue). The Legendre symbol (a/p) has the value 1 if a is a residue, 1ifa is a nonresidue, and 0 if p a. The Legendre symbol can be computed − (p 1)/2 | using (a/p) a − (mod p). Let m be≡ an odd, composite integer with prime factorization m = p p p . The Ja- 1 2 ··· l cobi symbol, a generalization of the Legendre symbol, is defined by (a/m)=(a/p1)(a/p2) (a/pl); it matches the Legendre symbol whenever m is prime. If (a/m)= 1, then a ···is a nonresidue modulo m, and if gcd(a, m) = 1 then (a/m) = 0. However, if (−a/m)=1, a may be either a residue or a nonresidue. 6 2.2. Jacobi symbol identities The Jacobi symbol satisfies the following identities which we will utilize (see Hardy and Wright (1979), Ireland and Rosen (1990) for proofs). Assume a, b are integers and n, m are odd, positive integers throughout. ab a b = ; (2.1) n n n a a a = ; (2.2) nm n m 1 (n 1)/2 − =( 1) − ; (2.3) n − 2 (n2 1)/8 =( 1) − ; (2.4) n − a a bn = ± ; (2.5) n n m n (m 1)/2 (n 1)/2 = ( 1) − · − . (2.6) n m − For simplicity, we define (0/1) = 1, but (0/n) = 0 for any integer n>1. Note that (2.5) implies that (a/n)=(a mod n/n). 2.3. Jacobi symbol algorithm outline Assume u, v are integers, with v odd and u v>0. Most Jacobi symbol algorithms compute (u/v) by doing the following: | |≥ (1) Initialize a variable t := 1; this keeps track of the value of the Jacobi symbol as the algorithm progresses. (2) If u<0, apply (2.3) above; that is, set u := u and if v mod4=3,sett := t. (3) Remove all factors of 2 from u and adjust t appropriately− using (2.1) and (2.4).− 512 S. M. Eikenberry and J. P. Sorenson (4) If u<v, then apply (2.6), thereby interchanging u and v; adjust t as required. (5) Apply (2.5) in some form to make u smaller. (6) If u = 0, then stop. The answer is t if v = 1, and the answer is 0 otherwise. If u = 0, then go back to Step 2. 6 Steps 2–6 are repeated until u = 0, which must eventually occur because one of u, v must decrease in absolute value every iteration. The difference between the ordinary, Eisenstein, Lebesgue, and binary algorithms lies in how Step 5 is performed. In the ordinary algorithm, (u/v)=(u mod v/v) is used. In Eisenstein’s algorithm, (u/v)=(u bv/v) is used, where b is the even integer nearest to u/v.
Load more

Recommended publications
  • Lecture 9: Arithmetics II 1 Greatest Common Divisor
    DD2458, Problem Solving and Programming Under Pressure Lecture 9: Arithmetics II Date: 2008-11-10 Scribe(s): Marcus Forsell Stahre and David Schlyter Lecturer: Douglas Wikström This lecture is a continuation of the previous one, and covers modular arithmetic and topics from a branch of number theory known as elementary number theory. Also, some abstract algebra will be discussed. 1 Greatest Common Divisor Definition 1.1 If an integer d divides another integer n with no remainder, d is said to be a divisor of n. That is, there exists an integer a such that a · d = n. The notation for this is d | n. Definition 1.2 A common divisor of two non-zero integers m and n is a positive integer d, such that d | m and d | n. Definition 1.3 The Greatest Common Divisor (GCD) of two positive integers m and n is a common divisor d such that every other common divisor d0 | d. The notation for this is GCD(m, n) = d. That is, the GCD of two numbers is the greatest number that is a divisor of both of them. To get an intuition of what GCD is, let’s have a look at this example. Example Calculate GCD(9, 6). Say we have 9 black and 6 white blocks. We want to put the blocks in boxes, but every box has to be the same size, and can only hold blocks of the same color. Also, all the boxes must be full and as large as possible . Let’s for example say we choose a box of size 2: As we can see, the last box of black bricks is not full.
    [Show full text]
  • A FEW FACTS REGARDING NUMBER THEORY Contents 1
    A FEW FACTS REGARDING NUMBER THEORY LARRY SUSANKA Contents 1. Notation 2 2. Well Ordering and Induction 3 3. Intervals of Integers 4 4. Greatest Common Divisor and Least Common Multiple 5 5. A Theorem of Lam´e 8 6. Linear Diophantine Equations 9 7. Prime Factorization 10 8. Intn, mod n Arithmetic and Fermat's Little Theorem 11 9. The Chinese Remainder Theorem 13 10. RelP rimen, Euler's Theorem and Gauss' Theorem 14 11. Lagrange's Theorem and Primitive Roots 17 12. Wilson's Theorem 19 13. Polynomial Congruencies: Reduction to Simpler Form 20 14. Polynomial Congruencies: Solutions 23 15. The Quadratic Formula 27 16. Square Roots for Prime Power Moduli 28 17. Euler's Criterion and the Legendre Symbol 31 18. A Lemma of Gauss 33 −1 2 19. p and p 36 20. The Law of Quadratic Reciprocity 37 21. The Jacobi Symbol and its Reciprocity Law 39 22. The Tonelli-Shanks Algorithm for Producing Square Roots 42 23. Public Key Encryption 44 24. An Example of Encryption 47 References 50 Index 51 Date: October 13, 2018. 1 2 LARRY SUSANKA 1. Notation. To get started, we assume given the set of integers Z, sometimes denoted f :::; −2; −1; 0; 1; 2;::: g: We assume that the reader knows about the operations of addition and multiplication on integers and their basic properties, and also the usual order relation on these integers. In particular, the operations of addition and multiplication are commuta- tive and associative, there is the distributive property of multiplication over addition, and mn = 0 implies one (at least) of m or n is 0.
    [Show full text]
  • Ary GCD-Algorithm in Rings of Integers
    On the l-Ary GCD-Algorithm in Rings of Integers Douglas Wikstr¨om Royal Institute of Technology (KTH) KTH, Nada, S-100 44 Stockholm, Sweden Abstract. We give an l-ary greatest common divisor algorithm in the ring of integers of any number field with class number 1, i.e., factorial rings of integers. The algorithm has a quadratic running time in the bit-size of the input using naive integer arithmetic. 1 Introduction The greatest common divisor (GCD) of two integers a and b is the largest in- teger d such that d divides both a and b. The problem of finding the GCD of two integers efficiently is one of the oldest problems studied in number theory. The corresponding problem can be considered for two elements α and β in any factorial ring R. Then λ ∈ R is a GCD of α and β if it divides both elements, and whenever λ ∈ R divides both α and β it also holds that λ divides λ. A pre- cise understanding of the complexity of different GCD algorithms gives a better understanding of the arithmetic in the domain under consideration. 1.1 Previous Work The Euclidean GCD algorithm is well known. The basic idea of Euclid is that if |a|≥|b|, then |a mod b| < |b|. Since we always have gcd(a, b)=gcd(a mod b, b), this means that we can replace a with a mod b without changing the GCD. Swapping the order of a and b does not change the GCD, so we can repeatedly reduce |a| or |b| until one becomes zero, at which point the other equals the GCD of the original inputs.
    [Show full text]
  • An O (M (N) Log N) Algorithm for the Jacobi Symbol
    An O(M(n) log n) algorithm for the Jacobi symbol Richard P. Brent1 and Paul Zimmermann2 1 Australian National University, Canberra, Australia 2 INRIA Nancy - Grand Est, Villers-l`es-Nancy, France 28 January 2010 Submitted to ANTS IX Abstract. The best known algorithm to compute the Jacobi symbol of two n-bit integers runs in time O(M(n) log n), using Sch¨onhage’s fast continued fraction algorithm combined with an identity due to Gauss. We give a different O(M(n) log n) algorithm based on the binary recursive gcd algorithm of Stehl´eand Zimmermann. Our implementation — which to our knowledge is the first to run in time O(M(n) log n) — is faster than GMP’s quadratic implementation for inputs larger than about 10000 decimal digits. 1 Introduction We want to compute the Jacobi symbol3 (b a) for n-bit integers a and b, where a is odd positive. We give three| algorithms based on the 2-adic gcd from Stehl´eand Zimmermann [13]. First we give an algorithm whose worst-case time bound is O(M(n)n2) = O(n3); we call this the cubic algorithm although this is pessimistic since the e algorithm is quadratic on average as shown in [5], and probably also in the worst case. We then show how to reduce the worst-case to 2 arXiv:1004.2091v2 [cs.DS] 2 Jun 2010 O(M(n)n) = O(n ) by combining sequences of “ugly” iterations (defined in Section 1.1) into one “harmless” iteration. Finally, we e obtain an algorithm with worst-case time O(M(n) log n).
    [Show full text]
  • A Binary Recursive Gcd Algorithm
    A Binary Recursive Gcd Algorithm Damien Stehle´ and Paul Zimmermann LORIA/INRIA Lorraine, 615 rue du jardin botanique, BP 101, F-54602 Villers-l`es-Nancy, France, fstehle,[email protected] Abstract. The binary algorithm is a variant of the Euclidean algorithm that performs well in practice. We present a quasi-linear time recursive algorithm that computes the greatest common divisor of two integers by simulating a slightly modified version of the binary algorithm. The structure of our algorithm is very close to the one of the well-known Knuth-Sch¨onhage fast gcd algorithm; although it does not improve on its O(M(n) log n) complexity, the description and the proof of correctness are significantly simpler in our case. This leads to a simplification of the implementation and to better running times. 1 Introduction Gcd computation is a central task in computer algebra, in particular when com- puting over rational numbers or over modular integers. The well-known Eu- clidean algorithm solves this problem in time quadratic in the size n of the inputs. This algorithm has been extensively studied and analyzed over the past decades. We refer to the very complete average complexity analysis of Vall´ee for a large family of gcd algorithms, see [10]. The first quasi-linear algorithm for the integer gcd was proposed by Knuth in 1970, see [4]: he showed how to calculate the gcd of two n-bit integers in time O(n log5 n log log n). The complexity of this algorithm was improved by Sch¨onhage [6] to O(n log2 n log log n).
    [Show full text]
  • Phatak Primality Test (PPT)
    PPT : New Low Complexity Deterministic Primality Tests Leveraging Explicit and Implicit Non-Residues A Set of Three Companion Manuscripts PART/Article 1 : Introducing Three Main New Primality Conjectures: Phatak’s Baseline Primality (PBP) Conjecture , and its extensions to Phatak’s Generalized Primality Conjecture (PGPC) , and Furthermost Generalized Primality Conjecture (FGPC) , and New Fast Primailty Testing Algorithms Based on the Conjectures and other results. PART/Article 2 : Substantial Experimental Data and Evidence1 PART/Article 3 : Analytic Proofs of Baseline Primality Conjecture for Special Cases Dhananjay Phatak ([email protected]) and Alan T. Sherman2 and Steven D. Houston and Andrew Henry (CSEE Dept. UMBC, 1000 Hilltop Circle, Baltimore, MD 21250, U.S.A.) 1 No counter example has been found 2 Phatak and Sherman are affiliated with the UMBC Cyber Defense Laboratory (CDL) directed by Prof. Alan T. Sherman Overall Document (set of 3 articles) – page 1 First identification of the Baseline Primality Conjecture @ ≈ 15th March 2018 First identification of the Generalized Primality Conjecture @ ≈ 10th June 2019 Last document revision date (time-stamp) = August 19, 2019 Color convention used in (the PDF version) of this document : All clickable hyper-links to external web-sites are brown : For example : G. E. Pinch’s excellent data-site that lists of all Carmichael numbers <10(18) . clickable hyper-links to references cited appear in magenta. Ex : G.E. Pinch’s web-site mentioned above is also accessible via reference [1] All other jumps within the document appear in darkish-green color. These include Links to : Equations by the number : For example, the expression for BCC is specified in Equation (11); Links to Tables, Figures, and Sections or other arbitrary hyper-targets.
    [Show full text]
  • Quadratic Frobenius Probable Prime Tests Costing Two Selfridges
    Quadratic Frobenius probable prime tests costing two selfridges Paul Underwood June 6, 2017 Abstract By an elementary observation about the computation of the difference of squares for large in- tegers, deterministic quadratic Frobenius probable prime tests are given with running times of approximately 2 selfridges. 1 Introduction Much has been written about Fermat probable prime (PRP) tests [1, 2, 3], Lucas PRP tests [4, 5], Frobenius PRP tests [6, 7, 8, 9, 10, 11, 12] and combinations of these [13, 14, 15]. These tests provide a probabilistic answer to the question: “Is this integer prime?” Although an affirmative answer is not 100% certain, it is answered fast and reliable enough for “industrial” use [16]. For speed, these various PRP tests are usually preceded by factoring methods such as sieving and trial division. The speed of the PRP tests depends on how quickly multiplication and modular reduction can be computed during exponentiation. Techniques such as Karatsuba’s algorithm [17, section 9.5.1], Toom-Cook multiplication, Fourier Transform algorithms [17, section 9.5.2] and Montgomery expo- nentiation [17, section 9.2.1] play their roles for different integer sizes. The sizes of the bases used are also critical. Oliver Atkin introduced the concept of a “Selfridge Unit” [18], approximately equal to the running time of a Fermat PRP test, which is called a selfridge in this paper. The Baillie-PSW test costs 1+3 selfridges, the use of which is very efficient when processing a candidate prime list. There is no known Baillie-PSW pseudoprime but Greene and Chen give a way to construct some similar counterexam- ples [19].
    [Show full text]
  • Euclid's Algorithm
    4 Euclid’s algorithm In this chapter, we discuss Euclid’s algorithm for computing greatest common divisors, which, as we will see, has applications far beyond that of just computing greatest common divisors. 4.1 The basic Euclidean algorithm We consider the following problem: given two non-negative integers a and b, com- pute their greatest common divisor, gcd(a, b). We can do this using the well-known Euclidean algorithm, also called Euclid’s algorithm. The basic idea is the following. Without loss of generality, we may assume that a ≥ b ≥ 0. If b = 0, then there is nothing to do, since in this case, gcd(a, 0) = a. Otherwise, b > 0, and we can compute the integer quotient q := ba=bc and remain- der r := a mod b, where 0 ≤ r < b. From the equation a = bq + r, it is easy to see that if an integer d divides both b and r, then it also divides a; like- wise, if an integer d divides a and b, then it also divides r. From this observation, it follows that gcd(a, b) = gcd(b, r), and so by performing a division, we reduce the problem of computing gcd(a, b) to the “smaller” problem of computing gcd(b, r). The following theorem develops this idea further: Theorem 4.1. Let a, b be integers, with a ≥ b ≥ 0. Using the division with remainder property, define the integers r0, r1,..., rλ+1 and q1,..., qλ, where λ ≥ 0, as follows: 74 4.1 The basic Euclidean algorithm 75 a = r0, b = r1, r0 = r1q1 + r2 (0 < r2 < r1), .
    [Show full text]
  • With Animation
    Integer Arithmetic Arithmetic in Finite Fields Arithmetic of Elliptic Curves Public-key Cryptography Theory and Practice Abhijit Das Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 3: Algebraic and Number-theoretic Computations Public-key Cryptography: Theory and Practice Abhijit Das Integer Arithmetic GCD Arithmetic in Finite Fields Modular Exponentiation Arithmetic of Elliptic Curves Primality Testing Integer Arithmetic Public-key Cryptography: Theory and Practice Abhijit Das Integer Arithmetic GCD Arithmetic in Finite Fields Modular Exponentiation Arithmetic of Elliptic Curves Primality Testing Integer Arithmetic In cryptography, we deal with very large integers with full precision. Public-key Cryptography: Theory and Practice Abhijit Das Integer Arithmetic GCD Arithmetic in Finite Fields Modular Exponentiation Arithmetic of Elliptic Curves Primality Testing Integer Arithmetic In cryptography, we deal with very large integers with full precision. Standard data types in programming languages cannot handle big integers. Public-key Cryptography: Theory and Practice Abhijit Das Integer Arithmetic GCD Arithmetic in Finite Fields Modular Exponentiation Arithmetic of Elliptic Curves Primality Testing Integer Arithmetic In cryptography, we deal with very large integers with full precision. Standard data types in programming languages cannot handle big integers. Special data types (like arrays of integers) are needed. Public-key Cryptography: Theory and Practice Abhijit Das Integer Arithmetic GCD Arithmetic in Finite Fields Modular Exponentiation Arithmetic of Elliptic Curves Primality Testing Integer Arithmetic In cryptography, we deal with very large integers with full precision. Standard data types in programming languages cannot handle big integers. Special data types (like arrays of integers) are needed. The arithmetic routines on these specific data types have to be implemented.
    [Show full text]
  • Prime Numbers and Discrete Logarithms
    Lecture 11: Prime Numbers And Discrete Logarithms Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) February 25, 2021 12:20 Noon ©2021 Avinash Kak, Purdue University Goals: • Primality Testing • Fermat’s Little Theorem • The Totient of a Number • The Miller-Rabin Probabilistic Algorithm for Testing for Primality • Python and Perl Implementations for the Miller-Rabin Primal- ity Test • The AKS Deterministic Algorithm for Testing for Primality • Chinese Remainder Theorem for Modular Arithmetic with Large Com- posite Moduli • Discrete Logarithms CONTENTS Section Title Page 11.1 Prime Numbers 3 11.2 Fermat’s Little Theorem 5 11.3 Euler’s Totient Function 11 11.4 Euler’s Theorem 14 11.5 Miller-Rabin Algorithm for Primality Testing 17 11.5.1 Miller-Rabin Algorithm is Based on an Intuitive Decomposition of 19 an Even Number into Odd and Even Parts 11.5.2 Miller-Rabin Algorithm Uses the Fact that x2 =1 Has No 20 Non-Trivial Roots in Zp 11.5.3 Miller-Rabin Algorithm: Two Special Conditions That Must Be 24 Satisfied By a Prime 11.5.4 Consequences of the Success and Failure of One or Both Conditions 28 11.5.5 Python and Perl Implementations of the Miller-Rabin 30 Algorithm 11.5.6 Miller-Rabin Algorithm: Liars and Witnesses 39 11.5.7 Computational Complexity of the Miller-Rabin Algorithm 41 11.6 The Agrawal-Kayal-Saxena (AKS) Algorithm 44 for Primality Testing 11.6.1 Generalization of Fermat’s Little Theorem to Polynomial Rings 46 Over Finite Fields 11.6.2 The AKS Algorithm: The Computational Steps 51 11.6.3 Computational Complexity of the AKS Algorithm 53 11.7 The Chinese Remainder Theorem 54 11.7.1 A Demonstration of the Usefulness of CRT 58 11.8 Discrete Logarithms 61 11.9 Homework Problems 65 Computer and Network Security by Avi Kak Lecture 11 Back to TOC 11.1 PRIME NUMBERS • Prime numbers are extremely important to computer security.
    [Show full text]
  • Frobenius Pseudoprimes and a Cubic Primality Test
    Notes on Number Theory and Discrete Mathematics ISSN 1310–5132 Vol. 20, 2014, No. 4, 11–20 Frobenius pseudoprimes and a cubic primality test Catherine A. Buell1 and Eric W. Kimball2 1 Department of Mathematics, Fitchburg State University 160 Pearl Street, Fitchburg, MA, 01420, USA e-mail: [email protected] 2 Department of Mathematics, Bates College 3 Andrews Rd., Lewiston, ME, 04240, USA e-mail: [email protected] Abstract: An integer, n, is called a Frobenius probable prime with respect to a polynomial when it passes the Frobenius probable prime test. Composite integers that are Frobenius probable primes are called Frobenius pseudoprimes. Jon Grantham developed and analyzed a Frobenius probable prime test with quadratic polynomials. Using the Chinese Remainder Theorem and Frobenius automorphisms, we were able to extend Grantham’s results to some cubic polynomials. This case is computationally similar but more efficient than the quadratic case. Keywords: Frobenius, Pseudoprimes, Cubic, Number fields, Primality. AMS Classification: 11Y11. 1 Introduction Fermat’s Little Theorem is a beloved theorem found in numerous abstract algebra and number theory textbooks. It states, for p an odd prime and (a; p)= 1, ap−1 ≡ 1 mod p. Fermat’s Little Theorem holds for all primes; however, there are some composites that pass this test with a particular base, a. These are called Fermat pseudoprimes. Definition 1.1. A Fermat pseudoprime is a composite n for which an−1 ≡ 1 mod n for some base a and (a; n) = 1. The term pseudoprime is typically used to refer to Fermat pseudoprime. Example 1.2. Consider n = 341 and a = 2.
    [Show full text]
  • Further Analysis of the Binary Euclidean Algorithm
    Further analysis of the Binary Euclidean algorithm Richard P. Brent1 Oxford University Technical Report PRG TR-7-99 4 November 1999 Abstract The binary Euclidean algorithm is a variant of the classical Euclidean algorithm. It avoids multiplications and divisions, except by powers of two, so is potentially faster than the classical algorithm on a binary machine. We describe the binary algorithm and consider its average case behaviour. In particular, we correct some errors in the literature, discuss some recent results of Vall´ee, and describe a numerical computation which supports a conjecture of Vall´ee. 1 Introduction In 2 we define the binary Euclidean algorithm and mention some of its properties, history and § generalisations. Then, in 3 we outline the heuristic model which was first presented in 1976 [4]. § Some of the results of that paper are mentioned (and simplified) in 4. § Average case analysis of the binary Euclidean algorithm lay dormant from 1976 until Brigitte Vall´ee’s recent analysis [29, 30]. In 5–6 we discuss Vall´ee’s results and conjectures. In 8 we §§ § give some numerical evidence for one of her conjectures. Some connections between Vall´ee’s results and our earlier results are given in 7. § Finally, in 9 we take the opportunity to point out an error in the 1976 paper [4]. Although § the error is theoretically significant and (when pointed out) rather obvious, it appears that no one noticed it for about twenty years. The manner of its discovery is discussed in 9. Some open § problems are mentioned in 10. § 1.1 Notation lg(x) denotes log2(x).
    [Show full text]