Test of primality of Miller-Rabin

The test of primality of Miller-Rabin is a probabilistic Test of primality: i.e. a algorithm which determines if a given number is probably first, in a way similar to the Test of primality of Fermat and the Test of primality of Solovay-Strassen. Its original version, due to G.L. Miller, is deterministic, but it is connected to the not shown Hypothèse of Riemann generalized; Mr. O. Rabin modified it to obtain a probabilistic Algorithme unconditional.

Concepts

As for the Tests of primality of Fermat or Solovay-Strassen, that of Miller-Rabin consists in benefitting from a equation or a system of equations which are true for values first, and looking at if they are always true or not for a number of which we want to test the primality.

That is to say N a prime number odd, then we can write N − 1 like 2 ^S × D , where S is a whole and D is odd -- this is the same thing if we factorize 2 starting from N - 1 in a repeated way. Then, for all $a\; \backslash \; in\; \backslash \; left\; (\backslash \; mathbb\; \{Z\}\; /n\; \backslash \; mathbb\; \{Z\}\; \backslash \; right)\; ^*$ such as has is first has N , one of the following conditions must be checked:

$$

a^ {D} \ equiv 1 \ pmod {N} or

$$

a^ {2^r \ cdot D} \ equiv -1 \ pmod {N} for some $0\; \backslash \; the\; R\; \backslash \; the\; s-1$

To show that one of them must be true, let us use the Petit theorem of Fermat:

$$

a^ {n-1} \ equiv 1 \ pmod {N}

Therefore, if we take the square roots of has ^{N − 1}, we will obtain is 1 or −1. If we obtain −1 then the second equation is true and we finished.

If we extracted each power from 2 and that the second equation is never true, we end then (by successive divisions by 2) to the first equation which must also be equal to 1 or −1, since it is itself a square root. Nevertheless, if the second condition is never checked, then it is not it either for R = 0, which wants to say that

$$

a^ {2^0 \ cdot D} = a^d \ equiv 1 \ pmod {N}

What completes the demonstration.

The test of primality of Miller-Rabin is based on the preceding equations. We want to test N to see whether it is first, then if

$$

a^ {D} \ not \ equiv 1 \ pmod {N} and

$$

a^ {2^rd} \ not \ equiv -1 \ pmod {N} for all the $0\; \backslash \; the\; R\; \backslash \; the\; s-1$

then has is called a Témoin of pilot Miller or extremely for the composition of N . Otherwise, if these two last inequalities are not checked (I.e. that one has equality for one or the other of the two equations) N is called: strongly probably first in base has . When N is not first but made up, has is known as lying extremely .

Execution algorithm and time

The algorithm can be written in the following way:

Entered : N : a value to be tested for its primality; K : a parameter which determines the number of times that it is necessary to test for the primality.

Left : composé if one has at least a Witness of Miller has for N , which ensures that N is made up, otherwise it is fortement probably premier

to write N − 1 like 2 ^S × D by factorizing the powers of 2 starting from N − 1

to repeat K time:

to take has by chance in the interval '' N '' − 1

if has ^D MOD N ≠ 1 and $a^\; \{2^\; \{R\}\; D\}$ MOD N ≠ −1 for all the R in the interval '' S '' − 1 then to turn over composé

to turn over premier

probablement

By using the modular Exponentiation by repeated square, the execution time of this algorithm is O ( K × log³  N ), where K is the number of the various values of has that we test. While further going, fast multiplication FFT can lower the execution time with Õ ( K × log²  N ), thus this algorithm is polynomial and efficient time.

Extra informations

Like all the probabilistic tests of primality, there exist values of N which will produce in a way repeated of the lying , which will indicate that N is first whereas it is made up -- these values are called pseudopremières.

More one tests values of has , better is the precision of the test. It can be shown that there exists always a pilot extremely for any odd compound N , and that at least 3/4 of these values for has are strong witnesses for the composition of N . Thus, the whole of the lying forts is smaller than the whole of the lying of Euler (used in the test of primality of Solovay-Strassen).

In the general use, the current number of witnesses is larger than the lower limit. For example, if we test a whole odd of 1024 bits N , by using the lower limit, should need to us to test 44 values different of has to ensure us that the chance that a number N given either declared first whereas it is currently made up, is lower than 2^-80, which wants to say that the value of N can be used in a sure way in the cryptological applications. Nevertheless, in practice, we generally need to test only 6 values different of has to guarantee this probability. To compare this with the 90 iterations for the test of primality of Solovay-Strassen.

By supposing the veracity of the Assumption of Riemann generalized, one can prove that, if all the values of has ranging between 1 and 2 (log  N ) ² was tested and that N is still “probably first”, then it is in fact assured to be first. This leads to a test of deterministic primality which has an execution time of Õ ((log  N ) ⁴).

External bonds

• MathWorld - Rabin-Miller Strong Pseudoprime Test
• Source code of the principal test of number of Miller-Rabin, C++

Random links:

Prime Ministers of Romania | Vergere | The Community of communes of the Country of Pompadour | Michel Giliberti | Gallery of pinks | Monroe,_la_Géorgie