Movatterモバイル変換

Primality test

From Wikipedia, the free encyclopedia

Algorithm for determining whether a number is prime

Aprimality test is analgorithm for determining whether an input number isprime. Among other fields ofmathematics, it is used forcryptography. Unlikeinteger factorization, primality tests do not generally giveprime factors, only stating whether the input number is prime or not. Factorization is thought to be a computationally difficult problem, whereas primality testing is comparatively easy (itsrunning time ispolynomial in the size of the input). Some primality tests prove that a number is prime, while others likeMiller–Rabin prove that a number iscomposite. Therefore, the latter might more accurately be calledcompositeness tests instead of primality tests.

Simple methods

[edit]

The simplest primality test istrial division: given an input number, $n {\displaystyle n}$ , check whether it isdivisible by anyprime number between 2 and ${\sqrt {n}}$ (i.e., whether the division leaves noremainder). If so, then $n {\displaystyle n}$ iscomposite. Otherwise, it is prime.^[1] For any divisor $p\geq {\sqrt {n}}$ , there must be another divisor $n/p\leq {\sqrt {n}}$ , and a prime divisor $q {\displaystyle q}$ of $n/p$ , and therefore looking for prime divisors at most ${\sqrt {n}}$ is sufficient.

For example, consider the number 100, whose divisors are these numbers:

1, 2, 4, 5, 10, 20, 25, 50, 100.

When all possible divisors up to $n {\displaystyle n}$ are tested, some divisors will be discoveredtwice. To observe this, consider the list of divisor pairs of 100:

1\times 100,\;2\times 50,\;4\times 25,\;5\times 20,\;10\times 10,\;20\times 5,\;25\times 4,\;50\times 2,\;100\times 1

Products past $10\times 10$ are the reverse of products that appeared earlier. For example, $5\times 20$ and $20\times 5$ are the reverse of each other. Further, that of the two divisors, $5\leq {\sqrt {100}}=10$ and $20\geq {\sqrt {100}}=10$ . This observation generalizes to all $n {\displaystyle n}$ : all divisor pairs of $n {\displaystyle n}$ contain a divisor less than or equal to ${\sqrt {n}}$ , so the algorithm need only search for divisors less than or equal to ${\sqrt {n}}$ to guarantee detection of all divisor pairs.^[1]

Also, 2 is a prime dividing 100, which immediately proves that 100 is not prime. Every positive integer except 1 is divisible by at least one prime number by theFundamental Theorem of Arithmetic. Therefore the algorithm need only search forprime divisors less than or equal to ${\sqrt {n}}$ .

For another example, consider how this algorithm determines the primality of 17. One has $4<{\sqrt {17}}<5$ , and the only primes $\leq {\sqrt {17}}$ are 2 and 3. Neither divides 17, proving that 17 is prime. For a last example, consider 221. One has $14<{\sqrt {221}}<15$ , and the primes $\leq {\sqrt {221}}$ are 2, 3, 5, 7, 11, and 13. Upon checking each, one discovers that $221/13=17$ , proving that 221 is not prime.

In cases where it is not feasible to compute the list of primes $\leq {\sqrt {n}}$ , it is also possible to simply (and slowly) check all numbers between $2 {\displaystyle 2}$ and ${\sqrt {n}}$ for divisors. A simple improvement is to test divisibility by 2 and by just the odd numbers between 3 and ${\sqrt {n}}$ , since divisibility by an even number implies divisibility by 2.

This method can be improved further. Observe that all primes greater than 5 are of the form $6k+i$ for a nonnegative integer $k {\displaystyle k}$ and $i\in \{1,5\}$ . Indeed, every integer is of the form $6k+i$ for a positive integer $k {\displaystyle k}$ and $i\in \{0,1,2,3,4,5\}$ . Since 2 divides $6k,6k+2$ , and $6k+4$ , and 3 divides $6k$ and $6k+3$ , the only possible remainders mod 6 for a prime greater than 3 are 1 and 5. So, a more efficient primality test for $n {\displaystyle n}$ is to test whether $n {\displaystyle n}$ is divisible by 2 or 3, then to check through all numbers of the form $6k+1$ and $6k+5$ which are $\leq {\sqrt {n}}$ . This is almost three times as fast as testing all numbers up to ${\sqrt {n}}$ .

Generalizing further, all primes greater than $c\#$ (c primorial) are of the form $c\#\cdot k+i$ for $i, k {\displaystyle i,k}$ positive integers, $0\leq i<c\#$ , and $i {\displaystyle i}$ coprime to $c\#$ . For example, consider $6\#=2\cdot 3\cdot 5=30$ . All integers are of the form $30k+i$ for $i, k {\displaystyle i,k}$ integers with $0\leq i<30$ . Now, 2 divides $0,2,4,\dots ,28$ , 3 divides $0,3,6,\dots ,27$ , and 5 divides $0,5,10,\dots ,25$ . Thus all prime numbers greater than 30 are of the form $30k+i$ for $i\in \{1,7,11,13,17,19,23,29\}$ . Of course, not all numbers of the form $c\#\cdot k+i$ with $i {\displaystyle i}$ coprime to $c\#$ are prime. For example, $19\cdot 23=437=210\cdot 2+17=2\cdot 7\#+17$ is not prime, even though 17 is coprime to $7\#=2\cdot 3\cdot 5\cdot 7$ .

As $c {\displaystyle c}$ grows, the fraction of coprime remainders to remainders decreases, and so the time to test $n {\displaystyle n}$ decreases (though it still necessary to check for divisibility by all primes that are less than $c {\displaystyle c}$ ). Observations analogous to the preceding can be appliedrecursively, giving theSieve of Eratosthenes.

One way to speed up these methods (and all the others mentioned below) is to pre-compute and store a list of all primes up to a certain bound, such as all primes up to 200. (Such a list can be computed with the Sieve of Eratosthenes or by an algorithm that tests each incremental $m {\displaystyle m}$ against all known primes $\leq {\sqrt {m}}$ ). Then, before testing $n {\displaystyle n}$ for primality with a large-scale method, $n {\displaystyle n}$ can first be checked for divisibility by any prime from the list. If it is divisible by any of those numbers then it is composite, and any further tests can be skipped.

A simple but inefficient primality test usesWilson's theorem, which states that $p {\displaystyle p}$ is prime if and only if:

(p-1)!\equiv -1{\pmod {p}}

Although this method requires about $p {\displaystyle p}$ modular multiplications,^[2] rendering it impractical, theorems about primes and modular residues form the basis of many more practical methods.

Heuristic tests

[edit]

This sectionneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources in this section. Unsourced material may be challenged and removed.(August 2025) (Learn how and when to remove this message)

These are tests that seem to work well in practice, but are unproven and therefore are not, technically speaking, algorithms at all.TheFermat primality test and the Fibonacci test are simple examples, and they are effective when combined.John Selfridge has conjectured that ifp is an odd number, andp ≡ ±2 (mod 5), thenp will be prime if both of the following hold:

2^p−1 ≡ 1 (modp),
f_p+1 ≡ 0 (modp),

wheref_k is thek-thFibonacci number. The first condition is the Fermat primality test using base 2.

In general, ifp ≡ a (modx²+4), wherea is a quadratic non-residue (modx²+4) thenp should be prime if the following conditions hold:

2^p−1 ≡ 1 (modp),
f(x)_p+1 ≡ 0 (modp),

f(x)_k is thek-thFibonacci polynomial atx.

Selfridge,Pomerance andWagstaff together offered $620 for a counterexample or proof that there is none,^[3] with the prize now due from theNumber Theory Foundation.^{[citation needed]}

Probabilistic tests

[edit]

Probabilistic tests are more rigorous than heuristics in that they provide provable bounds on the probability of being fooled by a composite number.Multiple popular primality tests are probabilistic tests. These tests use, apart from the tested numbern, some other numbersa which are chosen at random from somesample space; the usual randomized primality tests never report a prime number as composite, but it is possible for a composite number to be reported as prime. The probability of error can be reduced by repeating the test with several independently chosen values ofa; for two commonly used tests, forany compositen at least half thea's detectn's compositeness, sok repetitions reduce the error probability to at most 2^−k, which can be made arbitrarily small by increasingk.

The basic structure of randomized primality tests is as follows:

Randomly pick a numbera.
Check equality (corresponding to the chosen test) involvinga and the given numbern. If the equality fails to hold true, thenn is a composite number anda is awitness for the compositeness, and the test stops.
Get back to the step one until the required accuracy is reached.

After one or more iterations, ifn is not found to be a composite number, then it can be declaredprobably prime.

Fermat primality test

[edit]

The simplest probabilistic primality test is theFermat primality test (actually a compositeness test). It works as follows:

Given an integern, choose some integera coprime ton and calculateaⁿ^{− 1}modulon. If the result is different from 1, thenn is composite. If it is 1, thenn may be prime.

Ifaⁿ⁻¹ (modulon) is 1 butn is not prime, thenn is called apseudoprime to basea. In practice, ifaⁿ⁻¹ (modulon)is 1, thenn is usually prime. But here is a counterexample:ifn = 341 anda = 2, then

2^{340}\equiv 1{\pmod {341}}

even though 341 = 11·31 is composite. In fact, 341 is the smallest pseudoprime base 2 (see Figure 1 of^[4]).

There are only 21853 pseudoprimes base 2 that are less than 2.5×10¹⁰ (see page 1005 of^[4]). This means that, forn up to 2.5×10¹⁰, if2ⁿ⁻¹ (modulon) equals 1, thenn is prime, unlessn is one of these 21853 pseudoprimes.

Some composite numbers (Carmichael numbers) have the property thataⁿ^{− 1} is 1 (modulon) for everya that is coprime ton. The smallest example isn = 561 = 3·11·17, for whicha⁵⁶⁰ is 1 (modulo 561) for alla coprime to 561. Nevertheless, the Fermat test is often used if a rapid screening of numbers is needed, for instance in the key generation phase of theRSA public key cryptographic algorithm.

Miller–Rabin and Solovay–Strassen primality test

[edit]

TheMiller–Rabin primality test andSolovay–Strassen primality test are more sophisticated variants, which detect all composites (once again, this means: forevery composite numbern, at least 3/4 (Miller–Rabin) or 1/2 (Solovay–Strassen) of numbersa are witnesses of compositeness ofn). These are also compositeness tests.

The Miller–Rabin primality test works as follows:Given an integern, choose some positive integera < n. Let 2^sd =n − 1, whered is odd. If

a^{d}\not \equiv \pm 1{\pmod {n}}

and

a^{2^{r}d}\not \equiv -1{\pmod {n}}

for all

0\leq r\leq s-1,

thenn is composite anda is a witness for the compositeness. Otherwise,n may or may not be prime.The Miller–Rabin test is astrong probable prime test (see PSW^[4] page 1004).

The Solovay–Strassen primality test uses another equality: Given an odd numbern, choose some integera < n, if

a^{(n-1)/2}\not \equiv \left({\frac {a}{n}}\right){\pmod {n}}

, where

\left({\frac {a}{n}}\right)

is theJacobi symbol,

thenn is composite anda is a witness for the compositeness. Otherwise,n may or may not be prime.The Solovay–Strassen test is anEuler probable prime test (see PSW^[4] page 1003).

For each individual value ofa, the Solovay–Strassen test is weaker than the Miller–Rabin test. For example, ifn = 1905 anda = 2, then the Miller-Rabin test shows thatn is composite, but the Solovay–Strassen test does not. This is because 1905 is an Eulerpseudoprime base 2 but not a strong pseudoprime base 2 (this is illustrated in Figure 1 of PSW^[4]).

Frobenius primality test

[edit]

The Miller–Rabin and the Solovay–Strassen primality tests are simple and are much faster than other general primality tests. One method of improving efficiency further in some cases is theFrobenius pseudoprimality test; a round of this test takes about three times as long as a round of Miller–Rabin, but achieves a probability bound comparable to seven rounds of Miller–Rabin.

The Frobenius test is a generalization of theLucas probable prime test.

Baillie–PSW primality test

[edit]

TheBaillie–PSW primality test is a probabilistic primality test that combines a Fermat or Miller–Rabin test with aLucas probable prime test to get a primality test that has no known counterexamples. That is, there are no known compositen for which this test reports thatn is probably prime.^[5]^[6] It has been shown that there are no counterexamples forn $<2^{64}$ .

Other tests

[edit]

Leonard Adleman and Ming-Deh Huang presented an errorless (but expected polynomial-time) variant of theelliptic curve primality test. Unlike the other probabilistic tests, this algorithm produces aprimality certificate, and thus can be used to prove that a number is prime.^[7] The algorithm is prohibitively slow in practice.

Ifquantum computers were available, primality could be testedasymptotically faster than by using classical computers. A combination ofShor's algorithm, an integer factorization method, with thePocklington primality test could solve the problem in $O((\log n)^{3}(\log \log n)^{2}\log \log \log n)$ .^[8]

Fast deterministic tests

[edit]

Near the beginning of the 20th century, it was shown that a corollary ofFermat's little theorem could be used to test for primality.^[9] This resulted in thePocklington primality test.^[10] However, as this test requires a partialfactorization ofn − 1 the running time was still quite slow in the worst case. The firstdeterministic primality test significantly faster than the naive methods was thecyclotomy test; its runtime can be proven to beO((log n)^{c log log log n}), wheren is the number to test for primality andc is a constant independent ofn. A number of further improvements were made, but none could be proven to have polynomial running time. (Running time is measured in terms of the size of the input, which in this case is ~ log n, that being the number of bits needed to represent the numbern.) Theelliptic curve primality test can be proven to run in O((log n)⁶), if some conjectures onanalytic number theory are true.^[which?] Similarly, under thegeneralized Riemann hypothesis (which Miller, confusingly, calls the "extended Riemann hypothesis"), the deterministicMiller's test, which forms the basis of the probabilistic Miller–Rabin test, can be proved to run inÕ((log n)⁴).^[11] In practice, this algorithm is slower than the other two for sizes of numbers that can be dealt with at all. Because the implementation of these two methods is rather difficult and creates a risk of programming errors, slower but simpler tests are often preferred.

In 2002, the first provably unconditional deterministic polynomial time test for primality was invented byManindra Agrawal,Neeraj Kayal, andNitin Saxena. TheAKS primality test runs in Õ((log n)¹²) (improved to Õ((log n)^7.5)^[12] in the published revision of their paper), which can be further reduced to Õ((log n)⁶) if theSophie Germain conjecture is true.^[13] Subsequently, Lenstra and Pomerance presented a version of the test which runs in time Õ((log n)⁶) unconditionally.^[14]

Agrawal, Kayal and Saxena suggest a variant of their algorithm which would run in Õ((log n)³) ifAgrawal's conjecture is true; however, a heuristic argument by Hendrik Lenstra and Carl Pomerance suggests that it is probably false.^[12] A modified version of the Agrawal's conjecture, the Agrawal–Popovych conjecture,^[15] may still be true.

Complexity

[edit]

Incomputational complexity theory, the formal language corresponding to the prime numbers is denoted as PRIMES. It is easy to show that PRIMES is inCo-NP: its complement COMPOSITES is inNP because one can decide compositeness by nondeterministically guessing a factor.

In 1975,Vaughan Pratt showed that there existed a certificate for primality that was checkable in polynomial time, and thus that PRIMES was inNP, and therefore in⁠ ${\mathsf {NP\cap coNP}}$ ⁠. Seeprimality certificate for details.

The subsequent discovery of the Solovay–Strassen and Miller–Rabin algorithms put PRIMES incoRP. In 1992, the Adleman–Huang algorithm^[7] reduced the complexity to⁠ ${\mathsf {{\color {Blue}ZPP}=RP\cap coRP}}$ ⁠, which superseded Pratt's result.

TheAdleman–Pomerance–Rumely primality test from 1983 put PRIMES inQP (quasi-polynomial time), which is not known to be comparable with the classes mentioned above.

Because of its tractability in practice, polynomial-time algorithms assuming the Riemann hypothesis, and other similar evidence, it was long suspected but not proven that primality could be solved in polynomial time. The existence of theAKS primality test finally settled this long-standing question and placed PRIMES inP. However, PRIMES is not known to beP-complete, and it is not known whether it lies in classes lying insideP such asNC orL. It is known that PRIMES is not inAC⁰.^[16]

Number-theoretic methods

[edit]

Certain number-theoretic methods exist for testing whether a number is prime, such as theLucas test andProth's test. These tests typically require factorization ofn + 1,n − 1, or a similar quantity, which means that they are not useful for general-purpose primality testing, but they are often quite powerful when the tested numbern is known to have a special form.

The Lucas test relies on the fact that themultiplicative order of a numbera modulon isn − 1 for a primen whena is aprimitive root modulo n. If we can showa is primitive forn, we can shown is prime.

References

[edit]

^^a ^bRiesel (1994) pp.2-3
^Barrus, Mike; Clark, W. Edwin (2021-09-05)."Primality Tests".Elementary Number Theory. Mathematics LibreTexts. Retrieved2025-03-14.
^Guy, Richard (1994).Unsolved problems in number theory. Springer-Verlag: New York. p. 28.ISBN 0387942890.
^^a ^b ^c ^d ^ePomerance, Carl;Selfridge, John L.;Wagstaff, Samuel S. Jr. (July 1980)."The pseudoprimes to 25·10⁹"(PDF).Mathematics of Computation.35 (151):1003–1026.doi:10.1090/S0025-5718-1980-0572872-7.
^Baillie, Robert;Wagstaff, Samuel S. Jr. (October 1980)."Lucas Pseudoprimes"(PDF).Mathematics of Computation.35 (152):1391–1417.doi:10.1090/S0025-5718-1980-0583518-6.MR 0583518.
^Baillie, Robert; Fiori, Andrew;Wagstaff, Samuel S. Jr. (July 2021). "Strengthening the Baillie-PSW Primality Test".Mathematics of Computation.90 (330):1931–1955.arXiv:2006.14425.doi:10.1090/mcom/3616.S2CID 220055722.
^^a ^bAdleman, Leonard M.; Huang, Ming-Deh (1992).Primality testing and Abelian varieties over finite field. Lecture notes in mathematics. Vol. 1512.Springer-Verlag.ISBN 3-540-55308-8.
^Chau, H. F.; Lo, H.-K. (1995). "Primality Test Via Quantum Factorization".arXiv:quant-ph/9508005.
^Pocklington, H. C. (1914). "The determination of the prime or composite nature of large numbers by Fermat's theorem".Cambr. Phil. Soc. Proc.18:29–30.JFM 45.1250.02.
^Weisstein, Eric W."Pocklington's Theorem".MathWorld.
^Gary L. Miller (1976)."Riemann's Hypothesis and Tests for Primality".Journal of Computer and System Sciences.13 (3):300–317.doi:10.1016/S0022-0000(76)80043-8.
^^a ^bAgrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004)."Primes is in P"(PDF).Annals of Mathematics.160 (2):781–793.doi:10.4007/annals.2004.160.781.
^Agrawal, Manindra; Kayal, Neeraj; Saxena, Nitin (2004)."PRIMES is in P"(PDF).Annals of Mathematics.160 (2):781–793.doi:10.4007/annals.2004.160.781.
^Carl Pomerance & Hendrik W. Lenstra (July 20, 2005)."Primality testing with Gaussian periods"(PDF).
^Popovych, Roman (December 30, 2008)."A note on Agrawal conjecture"(PDF).
^Allender, Eric; Saks, Michael; Shparlinski, Igor (2001)."A Lower Bound for Primality".Journal of Computer and System Sciences.62 (2):356–366.doi:10.1006/jcss.2000.1725.

Sources

[edit]

Crandall, Richard;Pomerance, Carl (2005).Prime Numbers: A Computational Perspective (2nd ed.). Springer.ISBN 0-387-25282-7. Chapter 3: Recognizing Primes and Composites, pp. 109–158. Chapter 4: Primality Proving, pp. 159–190. Section 7.6: Elliptic curve primality proving (ECPP), pp. 334–340.
Knuth, Donald (1997). "section 4.5.4".The Art of Computer Programming. Vol. 2:Seminumerical Algorithms (3rd ed.). Addison–Wesley. pp. 391–396.ISBN 0-201-89684-2.
Cormen, Thomas H.;Leiserson, Charles E.;Rivest, Ronald L.;Stein, Clifford (2001). "Section 31.8: Primality testing".Introduction to Algorithms (Second ed.). MIT Press, McGraw–Hill. pp. 887–896.ISBN 0-262-03293-7.
Papadimitriou, Christos H. (1993). "Section 10.2: Primality".Computational Complexity (1st ed.). Addison Wesley. pp. 222–227.ISBN 0-201-53082-1.Zbl 0833.68049.
Riesel, Hans (1994).Prime Numbers and Computer Methods for Factorization. Progress in Mathematics. Vol. 126 (second ed.). Boston, Massachusetts: Birkhäuser.ISBN 0-8176-3743-5.Zbl 0821.11001.

External links

[edit]

Wikifunctions hasa function related to this topic.

Solovay-Strassen (computacion.cs.cinvestav.mx) atarchive.today (archived 2012-12-20) – Implementation of the Solovay-Strassen primality test in Maple
Distinguishing prime numbers from composite numbers, by D.J. Bernstein (cr.yp.to)
The Prime Pages (primes.utm.edu)
Lucas Primality Test with FactoredN − 1 (MathPages.com) at theLibrary of Congress Web Archives (archived 2010-08-06)
PRIMABOINCA is a research project that uses Internet-connected computers to search for acounterexample to some conjectures. The first conjecture (Agrawal's conjecture) was the basis for the formulation of the first deterministic prime test algorithm in polynomial time (AKS algorithm).

v t e Number-theoretic algorithms
Primality tests	AKS APR Baillie–PSW Elliptic curve Pocklington Fermat Lucas Lucas–Lehmer Lucas–Lehmer–Riesel Proth's theorem Pépin's Quadratic Frobenius Solovay–Strassen Miller–Rabin
Prime-generating	Sieve of Atkin Sieve of Eratosthenes Sieve of Pritchard Sieve of Sundaram Wheel factorization
Integer factorization	Continued fraction (CFRAC) Dixon's Lenstra elliptic curve (ECM) Euler's Pollard's rho p − 1 p + 1 Quadratic sieve (QS) General number field sieve (GNFS) Special number field sieve (SNFS) Rational sieve Fermat's Shanks's square forms Trial division Shor's
Multiplication	Ancient Egyptian Long Karatsuba Toom–Cook Schönhage–Strassen Fürer's
Euclidean division	Binary Chunking Fourier Goldschmidt Newton-Raphson Long Short SRT
Discrete logarithm	Baby-step giant-step Pollard rho Pollard kangaroo Pohlig–Hellman Index calculus Function field sieve
Greatest common divisor	Binary Euclidean Extended Euclidean Lehmer's
Modular square root	Cipolla Pocklington's Tonelli–Shanks Berlekamp
Other algorithms	Chakravala Cornacchia Exponentiation by squaring Integer square root Integer relation (LLL;KZ) Modular exponentiation Montgomery reduction Schoof Trachtenberg system
Italics indicate that algorithm is for numbers of special forms

Retrieved from "https://en.wikipedia.org/w/index.php?title=Primality_test&oldid=1321400226"

Categories:

Hidden categories:

[8]ページ先頭