- AKS primality test
-
The AKS primality test (also known as Agrawal–Kayal–Saxena primality test and cyclotomic AKS test) is a deterministic primality-proving algorithm created and published by three Indian Institute of Technology Kanpur computer scientists, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, on August 6, 2002, in a paper titled "PRIMES is in P".[1] The authors received many accolades, including the 2006 Gödel Prize and the 2006 Fulkerson Prize, for this work.
The algorithm determines whether a number is prime or composite within polynomial time.
Contents
Importance
The key significance of AKS is that it was the first published primality-proving algorithm to be simultaneously general, polynomial, deterministic, and unconditional. Previous algorithms had achieved three of these properties at most, but not all four.
- The AKS algorithm can be used to verify the primality of any general number given. Many fast primality tests are known that work only for numbers with certain properties. For example, the Lucas–Lehmer test for Mersenne numbers works only for Mersenne numbers, while Pépin's test can be applied to Fermat numbers only.
- The maximum running time of the algorithm can be expressed as a polynomial over the number of digits in the target number. ECPP and APR conclusively prove or disprove that a given number is prime, but are not known to have polynomial time bounds for all inputs.
- The algorithm is guaranteed to distinguish deterministically whether the target number is prime or composite. Randomized tests, such as Miller–Rabin and Baillie–PSW, can test any given number for primality in polynomial time, but are known to produce only a probabilistic result.
- The correctness of AKS is not conditional on any subsidiary unproven hypothesis. In contrast, the Miller test is fully deterministic and runs in polynomial time over all inputs, but its correctness depends on the truth of the yet-unproven generalized Riemann hypothesis.
Concepts
The AKS primality test is based upon the following theorem: An integer n (≥ 2) is prime if and only if the polynomial congruence relation
holds for all integers a coprime to n (or even just for some such integer a, in particular for a = 1). Note that x is an open variable. It is never substituted by a number; instead you have to expand (x − a)n and compare the coefficients of the x powers.
This theorem is a generalization to polynomials of Fermat's little theorem, and can easily be proven using the binomial theorem together with the following property of the binomial coefficient:
- for all 0 < k < n if and only if n is prime.
While the relation (1) constitutes a primality test in itself, verifying it takes exponential time. Therefore, to reduce the computational complexity, AKS makes use of the related congruence
which is the same as:
for some polynomials f and g. This congruence can be checked in polynomial time.[further explanation needed] Note that all primes satisfy this relation (choosing g = 0 in (3) gives (1), which holds for n prime). However, some composite numbers also satisfy the relation. The proof of correctness for AKS consists of showing that there exists a suitably small r and suitably small set of integers A such that, if the congruence holds for all such a in A, then n must be prime.
History and running time
In the first version of the above-cited paper, the authors proved the asymptotic time complexity of the algorithm to be Õ(log 12(n)). In other words, the algorithm takes less time than the twelfth power of the number of digits in n times a polylogarithmic (in the number of digits) factor. However, the upper bound proved in the paper was rather loose; indeed, a widely held conjecture about the distribution of the Sophie Germain primes would, if true, immediately cut the worst case down to Õ(log 6(n)).
In the months following the discovery, new variants appeared (Lenstra 2002, Pomerance 2002, Berrizbeitia 2003, Cheng 2003, Bernstein 2003a/b, Lenstra and Pomerance 2003), which improved the speed of computation by orders of magnitude. Due to the existence of the many variants, Crandall and Papadopoulos refer to the "AKS-class" of algorithms in their scientific paper "On the implementation of AKS-class primality tests", published in March 2003.
In response to some of these variants, and to other feedback, the paper "PRIMES is in P" was updated with a new formulation of the AKS algorithm and of its proof of correctness. (This version was eventually published in Annals of Mathematics.) While the basic idea remained the same, r was chosen in a new manner, and the proof of correctness was more coherently organized. While the previous proof had relied on many different methods, the new version relied almost exclusively on the behavior of cyclotomic polynomials over finite fields. The new version also allowed for an improved bound on the time complexity, which can now be shown by simple methods to be Õ(log 10.5(n)). Using additional results from sieve theory, this can be further reduced to Õ(log 7.5(n)).
In 2005, Carl Pomerance and H. W. Lenstra, Jr. demonstrated a variant of AKS that runs in Õ(log6(n)) operations, where n is the number to be tested – a marked improvement over the initial Õ(log12(n)) bound in the original algorithm.[2] An updated version of the paper is also available.[3]
Agrawal, Kayal and Saxena suggest a variant of their algorithm which would run in Õ(log 3(n)) if a certain conjecture made by Bhattacharjee and Pandey in 2001 is true; however this conjecture has been shown to be heuristically false.[1]
Algorithm
The algorithm is as follows:[1]
- Input: integer n > 1.
- If n = ab for integers a > 0 and b > 1, output composite.
- Find the smallest r such that or(n) > log2(n).
- If 1 < gcd(a,n) < n for some a ≤ r, output composite.
- If n ≤ r, output prime.
- For a = 1 to do
- if (X+a)n≠ Xn+a (mod Xr − 1,n), output composite;
- Output prime.
Here or(n) is the multiplicative order of n modulo r, log is the binary logarithm, and is Euler's totient function of r.
If n is a prime number, the algorithm will always return prime: since n is prime, steps 1 and 3 will never return composite. Step 5 will also never return composite, because (2) is true for all prime numbers n. Therefore, the algorithm will return prime either in step 4 or in step 6.
Conversely, if n is composite, the algorithm will always return composite: if the algorithm returns prime, then this will occur in either step 4 or step 6. In the first case, since n ≤ r, n has a factor a ≤ r such that 1 < gcd(a,n) < n, which will return composite. The remaining possibility is that the algorithm returns prime in step 6. The authors' article[1] proves that this will not happen because the multiple equalities tested in step 5 are sufficient to guarantee that the output is composite.
References
- ^ a b c d Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004). "PRIMES is in P". Annals of Mathematics 160 (2): 781–793. doi:10.4007/annals.2004.160.781. JSTOR 3597229. http://www.cse.iitk.ac.in/users/manindra/algebra/primality_v6.pdf.
- ^ H. W. Lenstra jr. and Carl Pomerance, "Primality testing with Gaussian periods", preliminary version July 20, 2005.
- ^ H. W. Lenstra jr. and Carl Pomerance, "Primality testing with Gaussian periods", version of April 12, 2011.
External links
- Weisstein, Eric W., "AKS Primality Test" from MathWorld.
- R. Crandall, Apple ACG, and J. Papadopoulos (March 18, 2003): On the implementation of AKS-class primality tests (PDF)
- Article by Borneman, containing photos and information about the three Indian scientists (PDF)
- Andrew Granville: It is easy to determine whether a given integer is prime
- JAVA implementation of the AKS Primality Test algorithm.
- The Prime Facts: From Euclid to AKS, by Scott Aaronson (PDF)
- The PRIMES is in P little FAQ by Anton Stiglic
- 2006 Gödel Prize Citation
- 2006 Fulkerson Prize Citation
- The AKS "PRIMES in P" Algorithm Resource
Primality tests AKS · APR · Baillie–PSW · ECPP · Elliptic curve · Pocklington · Fermat · Lucas · Lucas–Lehmer · Lucas–Lehmer–Riesel · Proth's theorem · Pépin's · Solovay–Strassen · Miller–Rabin · Trial divisionSieving algorithms Integer factorization algorithms CFRAC · Dixon's · ECM · Euler's · Pollard's rho · p − 1 · p + 1 · QS · GNFS · SNFS · rational sieve · Fermat's · Shanks' square forms · Trial division · Shor'sMultiplication algorithms Ancient Egyptian multiplication · Karatsuba algorithm · Toom–Cook multiplication · Schönhage–Strassen algorithm · Fürer's algorithmDiscrete logarithm algorithms Baby-step giant-step · Pollard rho · Pollard kangaroo · Pohlig–Hellman · Index calculus · Function field sieveGCD algorithms Modular square root algorithms Cipolla · Pocklington's · Tonelli–ShanksOther algorithms Italics indicate that algorithm is for numbers of special forms; bold indicates deterministic algorithm for primality tests (current article is always in bold).Categories:- Primality tests
- Finite fields
Wikimedia Foundation. 2010.