AKS primality test: Difference between revisions

The AKS primality test (also known as Agrawal–Kayal–Saxena primality test and cyclotomic AKS test) is a deterministic primality-proving algorithm created and published by three Indian Institute of Technology Kanpur computer scientists, Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, on August 6 2002, in a paper titled PRIMES is in P.^[1] The authors received many accolades, including the 2006 Gödel Prize and the 2006 Fulkerson Prize, for this work.

The algorithm determines whether a number is prime or composite within polynomial time.

Importance

The key significance of AKS is that it was the first published primality-proving algorithm to be simultaneously general, polynomial, deterministic, and unconditional. Previous algorithms had achieved three of these properties at most, but not all four.

• The AKS algorithm can be used to verify the primality of any general number given. Many fast primality tests are known that work only for numbers with certain properties. For example, the Lucas–Lehmer test for Mersenne numbers works only for Mersenne numbers, while Pépin's test can be applied to Fermat numbers only.
• The maximum running time of the algorithm can be expressed as a polynomial over the number of digits in the target number. ECPP and APR conclusively prove or disprove that a given number is prime, but are not known to have polynomial time bounds for all inputs.
• The algorithm is guaranteed to distinguish deterministically whether the target number is prime or composite. Randomized tests, such as Miller–Rabin and Baillie–PSW, can test any given number for primality in polynomial time, but are known to produce only a probabilistic result.
• The correctness of AKS is not conditional on any subsidiary unproven hypothesis. In contrast, the Miller test is fully deterministic and runs in polynomial time over all inputs, but its correctness depends on the truth of the yet-unproven generalized Riemann hypothesis.

Concepts

The AKS primality test is based upon the following theorem: An integer n (≥ 2) is prime if and only if the polynomial congruence relation

${\displaystyle (x-a)^{n}\equiv (x^{n}-a){\pmod {n}}\qquad (1)}$

holds for all integers a coprime to n (or even just for some such integer a, in particular for a = 1). This theorem is a generalization to polynomials of Fermat's little theorem, and can easily be proven using the binomial theorem together with the following property of the binomial coefficient:

${\displaystyle {n \choose k}\equiv 0{\pmod {n}}}$ for all ${\displaystyle 0<k<n}$ if and only if n is prime.

While the relation (1) constitutes a primality test in itself, verifying it takes exponential time. Therefore, to reduce the computational complexity, AKS makes use of the related congruence

${\displaystyle (x-a)^{n}\equiv (x^{n}-a){\pmod {n,x^{r}-1}}\qquad (2)}$

which is the same as:

${\displaystyle (x-a)^{n}-(x^{n}-a)=nf+(x^{r}-1)g\qquad (3)}$

for some polynomials f and g. This congruence can be checked in polynomial time. Note that all primes satisfy this relation (choosing g = 0 in (3) gives (1), which holds for n prime). However, some composite numbers also satisfy the relation. The proof of correctness for AKS consists of showing that there exists a suitably small r and suitably small set of integers A such that, if the congruence holds for all such a in A, then n must be prime.

History and running time

In the first version of the above-cited paper, the authors proved the asymptotic time complexity of the algorithm to be Õ${\displaystyle (\log ^{12}(n))}$. In other words, the algorithm takes less time than the twelfth power of the number of digits in n times a polylogarithmic (in the number of digits) factor. However, the upper bound proved in the paper was rather loose; indeed, a widely held conjecture about the distribution of the Sophie Germain primes would, if true, immediately cut the worst case down to Õ${\displaystyle (\log ^{6}(n))}$.

In the months following the discovery, new variants appeared (Lenstra 2002, Pomerance 2002, Berrizbeitia 2003, Cheng 2003, Bernstein 2003a/b, Lenstra and Pomerance 2003), which improved the speed of computation by orders of magnitude. Due to the existence of the many variants, Crandall and Papadopoulos refer to the "AKS-class" of algorithms in their scientific paper "On the implementation of AKS-class primality tests", published in March 2003.

In response to some of these variants, and to other feedback, the paper "PRIMES is in P" was updated with a new formulation of the AKS algorithm and of its proof of correctness. (This version was eventually published in Annals of Mathematics.) While the basic idea remained the same, r was chosen in a new manner, and the proof of correctness was more coherently organized. While the previous proof had relied on many different methods, the new version relied almost exclusively on the behavior of cyclotomic polynomials over finite fields. The new version also allowed for an improved bound on the time complexity, which can now be shown by simple methods to be Õ${\displaystyle (\log ^{10.5}(n))}$. Using additional results from sieve theory, this can be further reduced to Õ${\displaystyle (\log ^{7.5}(n))}$.

In 2005, Carl Pomerance and H. W. Lenstra, Jr. demonstrated a variant of AKS that runs in O(log^6+ε(n)) operations, where n is the number to be tested – a marked improvement over the initial O(log^12+ε(n)) bound in the original algorithm.^[2]

Algorithm

The algorithm is as follows:^[1]

Input: integer n > 1.

1. If n = a^b for integers a > 0 and b > 1, output composite then terminate.
2. Find the smallest r such that o_r(n) > log²(n).
3. If 1 < gcd(a,n) < n for some a ≤ r, output composite then terminate.
4. If n ≤ r, output prime then terminate.
5. For a = 1 to ${\displaystyle \scriptstyle \lfloor \scriptstyle {\sqrt {\varphi (r)}}\log(n)\scriptstyle \rfloor }$ do

   if (X+a)ⁿ≠ Xⁿ+a (mod X^r − 1,n), output composite then terminate;

6. Output prime.

Here o_r(n) is the multiplicative order of n modulo r. Furthermore, log means the binary logarithm, and ${\displaystyle \scriptstyle \varphi (r)}$ is Euler's totient function of r.

If n is a prime number, the algorithm will always return prime: since n is prime, steps 1 and 3 will never return composite. Step 5 will also never return composite, because (2) is true for all prime numbers n. Therefore, the algorithm will return prime either in step 4 or in step 6.

Conversely, if n is composite, the algorithm will always return composite: if the algorithm returns prime, then this will occur in either step 4 or step 6. In the first case, since n ≤ r, n has a factor a ≤ r such that 1 < gcd(a,n) < n, which will return composite. The remaining possibility is that the algorithm returns prime in step 6. In the article,^[1] it is proved that this will not happen, because the multiple equalities tested in step 5 are sufficient to guarantee that the output is composite.

References

1. Manindra Agrawal, Neeraj Kayal, Nitin Saxena, "PRIMES is in P", Annals of Mathematics 160 (2004), no. 2, pp. 781–793.
2. H. W. Lenstra, Jr. and Carl Pomerance, "Primality Testing with Gaussian Periods", preliminary version July 20, 2005.

External links

• Weisstein, Eric W. "AKS Primality Test". MathWorld.
• R. Crandall, Apple ACG, and J. Papadopoulos (March 18, 2003): On the implementation of AKS-class primality tests (PDF)
• Article by Borneman, containing photos and information about the three Indian scientists (PDF)
• Andrew Granville: It is easy to determine whether a given integer is prime
• The Prime Facts: From Euclid to AKS, by Scott Aaronson (PDF)
• The PRIMES is in P little FAQ by Anton Stiglic
• 2006 Gödel Prize Citation
• 2006 Fulkerson Prize Citation
• The AKS "PRIMES in P" Algorithm Resource