PRIMES Is in P: A Breakthrough for “Everyman” Folkmar Bornemann “New Method Said to Solve Key Problem in Math” The remarks … are unfounded and/or was the headline of a story in the New York Times inconsequential. … The proofs in the on August 8, 2002, meaning the proof of the state- paper do NOT have too many additional ment primes ∈P, hitherto a big open problem in problems to mention. The only true algorithmic number theory and theoretical com- mistake is …, but that is quite easy to puter science. Manindra Agrawal, Neeraj Kayal, fix. Other mistakes … are too minor to and Nitin Saxena of the Indian Institute of Tech- mention. The paper is in substance nology accomplished the proof through a surpris- completely correct. ingly elegant and brilliantly simple algorithm. And already on Friday, Dan Bernstein posted on the Convinced of its validity after only a few days, the Web an improved proof of the main result, short- experts raved about it: “This algorithm is beauti- ened to one page. ful” (Carl Pomerance); “It’s the best result I’ve heard This unusually brief—for mathematics—period in over ten years” (Shafi Goldwasser). of checking reflects both the brevity and elegance Four days before the headline in the New York of the argument and its technical simplicity, “suited Times, on a Sunday, the three authors had sent a for undergraduates”. Two of the authors, Kayal nine-page preprint titled “PRIMES is in P” to fifteen and Saxena, had themselves just earned their experts. The same evening Jaikumar Radhakrish- bachelor’s degrees in computer science in the nan and Vikraman Arvind sent congratulations. spring. Is it then an exception for a breakthrough Early on Monday one of the deans of the subject, to be accessible to “Everyman”? Carl Pomerance, verified the result, and in his en- In his speech at the 1998 Berlin International thusiasm he organized an impromptu seminar for Congress of Mathematicians, Hans-Magnus that afternoon and informed Sara Robinson of the Enzensberger took the position that mathematics New York Times. On Tuesday the preprint became is both “a cultural anathema” and at the same time freely available on the Internet. On Thursday a in the midst of a golden age due to successes of a further authority, Hendrik Lenstra Jr., put an end quality that he saw neither in theater nor in sports. to some brief carping in the NMBRTHRY email list To be sure, some of those successes have many with the pronouncement: mathematicians themselves pondering the gulf between the priesthood and the laity within math- Folkmar Bornemann is a professor at the Zentrum Math- ematics. A nonspecialist—cross your heart: how ematik, Technische Universität München and editor of the Mitteilungen der Deutschen Mathematiker-Vereinigung. many of us are not such “Everymen”?—can neither His email address is [email protected]. truly comprehend nor fully appreciate the proof of This article is a translation by the editor of the Notices of Fermat’s Last Theorem by Andrew Wiles, although an article by the author that appeared in German in the popularization efforts like the book of Simon Singh Mitteilungen der Deutschen Mathematiker-Vereinigung help one get an inkling of the connections. Probably 4-2002, 14–21. no author could be found to help “Everyman” MAY 2003 NOTICES OF THE AMS 545 comprehend all the ramifications and the signifi- important and useful in arithmetic. It cance of the successes of last year’s recipients of has engaged the industry and wisdom the Fields Medals. of ancient and modern geometers to So it is that each one adds bricks to his parapet such an extent that it would be super- in the Tower of Babel named Mathematics and fluous to discuss the problem at length. deems his constructions there to be fundamental. … Further, the dignity of the science Rarely is there such a success as at the beginning itself seems to require that every of August: a foundation stone for the tower that possible means be explored for the “Everyman” can understand. solution of a problem so elegant and Paul Leyland expressed a view that has been in so celebrated. many minds: “Everyone is now wondering what else has been similarly overlooked.” Can this explain In school one becomes familiar with the sieve Agrawal’s great astonishment (“I never imagined of Eratosthenes; unfortunately using it to prove that that our result will be of much interest to traditional n is prime requires computation time essentially 1 mathematicians”): namely, why within the first ten proportional to n itself. The input length of a days the dedicated website had over two million number, on the other hand, is proportional to hits and three hundred thousand downloads of the number of binary digits, thus about log2 n, so the preprint? we have before us an algorithm with exponential running time O(2log2 n). To quote Gauss again from When a long outstanding problem is article 329 of his Disquisitiones: finally solved, every mathematician Nevertheless we must confess that all would like to share in the pleasure of methods that have been proposed thus discovery by following for himself far are either restricted to very special what has been done. But too often he cases or are so laborious and prolix that is stymied by the abstruseness of so … these methods do not apply at all to much of contemporary mathemat- larger numbers. ics. The recent negative solution to ... is a happy counterexample. In this ar- Can the primality of very large numbers be ticle, a complete account of this so- decided efficiently in principle? This question is lution is given; the only knowledge a rendered mathematical in the framework of mod- reader needs to follow the argument ern complexity theory by demanding a polynomial is a little number theory: specifically running time. Is there a deterministic2 algorithm basic information about divisibility of that, with a fixed exponent κ, decides for every positive integers and linear congru- natural number n in O(logκ n) steps whether this ences. number is prime or not; in short, the hitherto open question: is primes ∈P? Martin Davis, Hilbert’s tenth problem is unsolvable, American Mathemati- The State of Things before August 2002 cal Monthly 80 (1973), 233–69, first Ever since the time of Gauss, deciding the primal- paragraph of the introduction. ity of a number has been divorced from finding a (partial) factorization in the composite case. In Article 334 of the Disquisitiones he wrote: As a specialist in numerical analysis and not in algorithmic number theory, I wanted to test my The second [observation] is superior in mettle as “Everyman”, outside of my parapet. that it permits faster calculation, but … it does not produce the factors of The Problem composite numbers. It does however Happily the three motivated their work not by the distinguish them from prime numbers. significance of prime numbers for cryptography The starting point for many such methods is and e-commerce, but instead at the outset followed Fermat’s Little Theorem. It says that for every prime the historically aware Don Knuth in reproducing a quotation from the great Carl Friedrich Gauss from 1The difference between the size of a number and its article 329 of the Disquisitiones Arithmeticae (1801), length is seen most clearly for such unmistakable giants given here in the 1966 translation by Arthur A. as the number of atoms in the universe (about 1079 ) or the Clarke: totality of all arithmetical operations ever carried out by man and machine (about 1024 ): 80 (respectively 25) The problem of distinguishing prime decimal digits can be written out relatively quickly. numbers from composite numbers and 2That is, an algorithm that does not require random of resolving the latter into their prime numbers as opposed to a probabilistic algorithm, which factors is known to be one of the most does require such numbers. 546 NOTICES OF THE AMS VOLUME 50, NUMBER 5 number n and every number a coprime to n one Enter Manindra Agrawal has the relation The computer scientist and an ≡ a mod n. complexity theorist Manindra Agrawal received his doctorate Unfortunately the converse is false: the prime num- in 1991 from the Department bers cannot be characterized this way. On the other of Computer Science and hand, “using the Fermat congruence is so simple Engineering of the Indian that it seems a shame to give up on it just because Institute of Technology in there are a few counterexamples” (Carl Pomer- Kanpur (IITK). After a stay as ance). It is no wonder, then, that refinements of this a Humboldt fellow at the criterion are the basis of important algorithms. University of Ulm in 1995–96 An elementary probabilistic algorithm of Miller (“I really enjoyed the stay in and Rabin from 1976 makes use of a random num- Ulm. It helped me in my re- ber generator and shows after k runs either that the search and career in many number is certainly composite or that the number is ways”), he returned to Kanpur prime with high probability, where the probability of as a professor. Two years ago error is less than 4−k. The time complexity is order he gained recognition when Manindra Agrawal O(k log2 n), where the big-O involves a relatively small he proved a weak form of the constant. In practice the algorithm is very fast, and isomorphism conjecture in 4 it finds application in cryptography and e-commerce complexity theory. Around 1999 he worked with his doctoral su- for the production of “industrial-grade primes” (Henri pervisor, Somenath Biswas, on the question of de- Cohen).