Scribd
Upload
17 views28 pages

206124033 Primality Testing and Factorization

The document discusses the significance of primality testing and factorization in mathematics and cryptography, highlighting their roles in secure key generation and digital signatures. It outlines various algorithms for primality testing, such as the Miller-Rabin and AKS tests, and factorization methods, including Pollard's rho and the General Number Field Sieve. The conclusion emphasizes the importance of these concepts in cryptographic security and the challenges posed by quantum computing.

Uploaded by

deepujohre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
17 views28 pages

206124033 Primality Testing and Factorization

The document discusses the significance of primality testing and factorization in mathematics and cryptography, highlighting their roles in secure key generation and digital signatures. It outlines various algorithms for primality testing, such as the Miller-Rabin and AKS tests, and factorization methods, including Pollard's rho and the General Number Field Sieve. The conclusion emphasizes the importance of these concepts in cryptographic security and the challenges posed by quantum computing.

Uploaded by

deepujohre
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 28

PRIMALITY

TESTING AND
FACTORIZATION
Presented By:- Tarun Bhati
(206124033)
AGENDA
 Introduction & Definitions
 Importance in Mathematics & Cryptography
 Primality Testing: Methods & Examples
 Factorization: Algorithms and Complexity
 Cryptographic Applications (e.g., RSA)
 Future Considerations and Conclusion
 Q&A

Tarun Bhati (206124033)


WHY ARE PRIMES
IMPORTANT?
 Building blocks of the integers
 Central to number theory
 Critical for cryptography: underpin secure key generation (RSA)
 Applications in hashing, random number generation, and digital signatures

Tarun Bhati (206124033)


WHAT IS PRIMALITY
TESTING?
 Goal: Decide if a number is prime (yes/no) without necessarily finding
factors
 Contrast: Primality testing is “comparatively easy” (polynomial time)
versus factorization
 Brief mention:
 “It’s like checking membership vs. breaking an object into pieces.”

Tarun Bhati (206124033)


WHAT IS FACTORIZATION?
 Goal: Express a composite number as a product of primes

 Example: 91 = 71 × 131
 Challenges: For large numbers (hundreds of digits), factorization is
computationally very hard
 Underpins cryptographic security since multiplication is easy but reversing
(factoring) is hard

Tarun Bhati (206124033)


PRIMALITY TESTING
ALGORITHMS

Tarun Bhati (206124033)


PRIMALITY TESTING
ALGORITHMS
 Deterministic Tests:
 Trial Division: Check divisibility up to
 Sieve of Eratosthenes: Efficient for generating all primes up to a limit
 AKS Primality Test

 Probabilistic Tests:
 Fermat’s Test: Based on Fermat’s Little Theorem; simple but can be
fooled
 Miller-Rabin Test: Probabilistic, very efficient, small error probability

Tarun Bhati (206124033)


TRIAL DIVISION
AND
THE SIEVE OF ERATOSTHENES

 Trial Division: Simple but only practical for small numbers


 Example: Testing 29 by checking divisors up to
 The bit-operation complexity of this algorithm is . This means that for 200
bits the algorithm needs bit operations. On a computer capable of doing
bit operations per second, the algorithm needs seconds to do the testing
(forever).
 Sieve of Eratosthenes: Efficiently “sieves out” non-prime numbers from a
list
 Great for generating a list of small primes to use in other tests

 EXAMPLE??
Tarun Bhati (206124033)
AKS PRIMALITY TEST
 In 2002, Agrawal, Kayal, and Saxen announced that they had found an
algorithm for primality testing with polynomial bit-operation time complexity
of .
 The algorithm uses the fact that .
 First unconditional polynomial-time algorithm (2012 proof)
 Elegant but not used in practice due to higher constants.
 Assume n has 200 bits. What is the number of bit operations needed to run
the AKS algorithm?
 The bit-operation complexity of this algorithm is . This means that the
algorithm needs only (log 2200)12 = 39,547,615,483-bit operations. On a
computer capable of doing 1-billion-bit operations per second, the
algorithm needs only 40 seconds.
Tarun Bhati (206124033)
PROBABILISTIC PRIMALITY
TESTING
 Probabilistic algorithms do not guarantee correctness but have an extremely low
error probability.
 Used before the AKS algorithm became known.

 Key Properties:
 If n is prime, the algorithm always returns 'prime'.
 If n is composite, the algorithm correctly returns 'composite' with probability (1 -
ε), but may incorrectly return 'prime' with probability ε.
 Reducing Error Probability:
 Running the test multiple times reduces the error probability.
 If the algorithm runs ‘m’ times, the error probability decreases to εm.

 Significance:
 Efficient for large numbers.
 Example: Miller-Rabin Test
Tarun Bhati (206124033)
FERMAT’S PRIMALITY TEST
• Basis: If p is prime, then for any a with 1 < a < p,

≡ 1 (mod p)
• Example: Testing 341 (which is composite: 11×31) may pass for some
bases like 2
• Limitations: Existence of pseudoprimes and especially Carmichael
numbers

Tarun Bhati (206124033)


SQUARE ROOT TEST
 In modular arithmetic, if n is prime, the only square roots of (1 mod n) are ±1.

 If n is composite, there may be additional square roots.

 Test Conditions:
 If x² ≡ 1 (mod n), then x must be ±1 for prime n.
 If there exists x ≠ ±1 such that x² ≡ 1 (mod n), then n is composite.
 Example (Composite: n = 15):
 - 1² ≡ 1 (mod 15), (-1)² ≡ 1 (mod 15)
 - 4² ≡ 1 (mod 15) (Extra Root!) → 15 is composite.

 Conclusion:
 If extra roots exist, n is composite.
 Although this test can tell us if a number is composite, it is difficult to do the testing.
 All numbers less than n (except 1 and n - 1) must be squared to be sure that none of them
is 1.
 Used in primality testing algorithms like Miller-Rabin.
Tarun Bhati (206124033)
THE MILLER-RABIN
PRIMALITY TEST
 Type: Probabilistic test with low error
probability.
 The Miller-Rabin primality test combines the
Fermat test and the square root test in a very
elegant way to find a strong pseudoprime (a prime
with a very high probability).
 Method:
 Write n – 1 = m * (with m odd)
 Check mod n and subsequent squaring’s

 Reliability: With multiple rounds, error


probability becomes negligible

Tarun Bhati (206124033)


THE MILLER-RABIN
PRIMALITY TEST
 In other words, instead of calculating a(n-1) mod n in one step, we can do it
in k + 1 steps.
 What is the benefit of using k + 1 steps instead of just one?
 The benefit is that, in each step, the square root test can be performed.
 If the square root test fails, we stop and declare ‘n’ a composite number.

 In each step, we assure ourself that the Fermat test is passed, and the
square root test is satisfied between all pairs of adjacent steps, if
applicable (if the result is 1).
 There exists a proof that each time a number passes a Miller-Rabin test, the
probability that it is not a prime is 1/4. If the number passes m tests (with
m different bases), the probability that it is not a prime is (1/4)m

Tarun Bhati (206124033)


PSEUDOCODE FOR MILLER-
RABIN TEST

Tarun Bhati (206124033)


FACTORIZATION
ALGORITHMS

Tarun Bhati (206124033)


FACTORIZATION
ALGORITHMS
 Trial division (basic but impractical for large n)
 Fermat factorization : works subexponentially
 Pollard p-1
 Pollard rho
 Quadratic Sieve
 The General Number Field Sieve (GNFS)

Tarun Bhati (206124033)


PSEUDOCODE
FOR TRIAL-
DIVISION
FACTORIZATION
 Complexity :-
 The trial-division method is
normally good if n < 210, but
it is very inefficient and
infeasible for factoring large
integers. The complexity of
the algorithm is exponential.

Tarun Bhati (206124033)


PSEUDOCODE
FOR FERMAT
FACTORIZATION
 The Fermat method is based
on the fact that if we can find
x and y such that n = x2 – y2,
then we have
 n = x2 – y2 = a*b
 with a = (x + y) and b = (x -
y)
 The method tries to find two
integers a and b close to each
other (a b). It starts from the
smallest integer greater than x
= and tries to find another
integer y such that
 the relation y2 = (x2 – n) holds.

Tarun Bhati (206124033)


POLLARD P-1
FACTORIZATION
 Developed by John M. Pollard (1974), this method finds a prime factor p of
a number based on the condition that p-1 has no large factors beyond a
predefined value B.
 Formula:
 p = gcd(2B! - 1, n)

 Algorithm Steps:
 Initialize a = 2 and e = 2.
 Perform exponentiation: a ← ae mod n, increment e until e > B.
 Compute p = gcd(a - 1, n).
 If 1 < p < n, return p; otherwise, return failure.

 Complexity:
 Needs B-1 exponentiation operations (O() complexity).

Tarun Bhati (206124033)


PSEUDOCODE
FOR POLLARD P-1
FACTORIZATION
Example
 Use the Pollard p - 1 method
to find a factor of 57247159
with the bound B = 8.
Solution
 We run a program based on
the algorithm and find that
p = 421.
 As a matter of fact,
57247159 = 421 × 135979.
Note that 421 is a prime
and p - 1 has no factor
greater than 8
 421 - 1 = 22 × 3 × 5 × 7.

Tarun Bhati (206124033)


POLLARD RHO
FACTORIZATION
 It was also developed by John M. Pollard in 1975

 Assume that there are two integers, x1 and x2, such that prime factor p divides (x1 - x2), but n
does not.
 Algorithm:
 Choose x₁, a small random integer (seed).
 Compute x₂ using a function f(x₁) = x₁² + a (where a is usually 1), ensuring that n does not
divide (x₁ - x₂).
 Compute gcd(x₁ - x₂, n):
 If gcd(x₁ - x₂, n) ≠ 1, then the result is a factor of n.
 If gcd(x₁ - x₂, n) = 1, repeat steps with x₂ as the new starting point.
 The algorithm iterates until a non-trivial factor is found.

Tarun Bhati (206124033)


The sequence of x
values follows a
cyclic pattern,
PSEUDOCODE resembling the
Greek letter rho
FOR POLLARD (ρ).

RHO

Complexity
The method requires arithmetic
operations. However, because
we
expect p to be smaller or equal
to , we expect to do n1/4
arithmetic operations. This
means that the bit-operation
complexity is O(2n/4 ),
Tarun Bhati (206124033)
exponential.
QUADRATIC THE GENERAL
NUMBER FIELD
SIEVE SIEVE (GNFS)
• Devised By: Pomerance • Devised By: Hendric Lenstra and Argin Lenstra
• Complexity: Approximately • Complexity: Approximately

• Purpose: Factorization of very large numbers (hundreds of digits)


• Impact: These are sub-exponential in terms of complexity and explains why RSA
security relies on the hardness of factorization

Tarun Bhati (206124033)


CRYPTOGRAPHIC
APPLICATIONS
• RSA Algorithm:
• Public key is the product of two large primes
• Security depends on difficulty of factorization

• Key Generation:
• Requires fast primality tests to find large primes

• Digital Signatures & Secure Communication:


• Many protocols rely on properties of primes
• For example:–
• In mathematics modulo inverse can be calculated using Fermat’s theorem if modulo is
prime
 Other Areas: Hash functions, blockchain

Tarun Bhati (206124033)


SUMMARY AND TAKEAWAYS
• Primality testing is fundamental and “easy” (polynomial time) compared
to factorization
• Factorization remains a hard problem (sub‑exponential time) essential
for cryptographic security
• Robust algorithms (Miller-Rabin, AKS) ensure we can generate large
primes efficiently
• Cryptography (RSA, signatures, secure channels) relies on these
properties
• Quantum computing poses new challenges that drive research in
post‑quantum methods

Tarun Bhati (206124033)


THANK
YOU
Tarun Bhati (206124033)
Q&A !!
Feel Free to ask questions

Tarun Bhati (206124033)

You might also like