\documentclass[11pt]{article}

\usepackage{fullpage}
\usepackage{epic}
\usepackage{eepic}
\usepackage{psfig}
\usepackage{amsfonts}

%\newcommand{\proof}[1]{
%{\noindent {\it Proof.} {#1} \rule{2mm}{2mm} \vskip \belowdisplayskip}
%}


%\newtheorem{lemma}{Lemma}[section]
%\newtheorem{theorem}[lemma]{Theorem}
%\newtheorem{claim}[lemma]{Claim}
%\newtheorem{definition}[lemma]{Definition}
%\newtheorem{corollary}[lemma]{Corollary}

%Theorems and likes 
\newtheorem{assumption}{Assumption}[section]
\newtheorem{theorem}{Theorem}[section]
\newtheorem{fact}{Fact}[section]
\newtheorem{claim}{Claim}[section]
\newtheorem{lemma}{Lemma}[section]
\newtheorem{definition}{Definition}[section]
\newtheorem{corollary}{Corollary}[section]


\newcommand{\bproof}{\noindent{\it Proof}}
%\newcommand{\eproof}{\hspace*{\fill}$\Box$~~~~~\bigskip}
\newcommand{\eproof}{\hspace*{\fill}\rule{2mm}{2mm}~~~~~\bigskip}
\newenvironment{proof}{\bproof: }{\eproof}

% symbols and notation
\newcommand{\defeq}{\stackrel{\rm def}{=}}


\setlength{\oddsidemargin}{0in}
\setlength{\topmargin}{0in}
\setlength{\textwidth}{6in}
\setlength{\textheight}{8in}

\begin{document}

\setlength{\fboxrule}{.5mm}\setlength{\fboxsep}{1.2mm}
\newlength{\boxlength}\setlength{\boxlength}{\textwidth}
\addtolength{\boxlength}{-4mm}
\begin{center}\framebox{\parbox{\boxlength}{\bf
CS 681: Computational Number Theory and Algebra \hfill 
Lecture 12: Primality testing
\\
Lecturer: Manindra Agrawal
\hfill
Notes by: Shashi Mittal
%\\
\begin{flushright}
%date
August 12, 2005.
\end{flushright}
}}\end{center}
\vspace{5mm}

\section{Introduction}
The primality testing problem is : Given a number $n \in \mathbb{Z}$, is $n$ a prime number ? We want to perform this operation as efficiently as possible.
\\ \\
In this lecture, we will discuss a few algorithms and ideas for solving this problem using the properties of finite fields.

\section{Using properties of $\mathbb{Z}_n$ for primality testing}
For any number $n$, consider the ring $R=\mathbb{Z}_n$. Recall the following two facts related to $\mathbb{Z}_n$.
\begin{fact}
\label{fact1}
If $n$ is prime, then $\mathbb{Z}_n$ is a field. The only automorphism of this field is the trivial automorphism, and for $a \in \mathbb{Z}_n$, $a^n = a$.
\end{fact}

\begin{fact}
\label{fact2}
If $n$ is composite, square free number divisible by at least two distinct primes, then $R$ is not a field. $R$ has only one automorphism, that is the trivial automorphism.
\end{fact}
Further, in the case where $n$ is composite, $a^n$ may not be necessarily equal to $a$ (unlike the case where $n$ is a prime number). For example, if we take $n=6$, then for $2 \in \mathbb{Z}_6$, $2^6 = 4$. This gives us a clue for primality testing : Take any $a \le n$, and check if $a^n$ is $a$ in $\mathbb{Z}_n$ or not. If not, then $n$ is necessarily composite, otherwise $n$ may or may not be prime (this depends on our choice of $a$, for example, if we choose for $\mathbb{Z}_6$ $a=3$, then $3^6 = 3$, even though $6$ is not a prime number).
\\ \\
Therefore we have the following algorithm for primality testing: \\

\underline{Algorithm-1($n$)}
\\
\begin{enumerate}
\item Select a few $a \in \mathbb{Z}_n$
\item If $a^n = a$ in $\mathbb{Z}_n$ for all $a$ selected above, then print ``Prime''
\item else print ``Composite'' 
\end{enumerate} 

Note that we can perform the test that $a^n \equiv a (mod~n)$ in $O(\log n)$ time, by the method of repeated squaring. Hence the above algorithm has a running time which is polynomial in $\log n$.
\\ \\
Unfortunately, Algorithm-1 does not always work correctly, because of existence of special kind of numbers, called \emph{Carmichael numbers}.

\begin{definition}
\label{def1}
A composite number $n$ is a \emph{Carmichael number}, if $p-1 | n-1$ for all primes $p | n$.
\end{definition}

\begin{theorem}
\label{theorem1}
If $n$ is a carmichael number, then $a^n \equiv a(mod~n)$ for all $a$.
\end{theorem}

\begin{proof}
\label{proof1}
Suppose $p | n$, consider $a^n(mod~p)$. Since $p-1 | n-1$, therefore $a^{p-1} \equiv a(mod~p)$ in $\mathbb{Z}_{p}$, and hence $a^n(mod~p) = a.a^{n-1}(mod~p) = a(mod~p)$. Hence, $a^n \equiv a(mod~p)$ for all $p | n$, and hence by Chinese remaindering theorem, $a^n \equiv a(mod~n)$ for all $a$.
\end{proof}
\\
The smallest carmichael number is $561$ (since $561=3 \times 11 \times 13$, and $2 | 3601$, $10 | 560$ and $16 | 560$). It has been shown that there are infinitely many carmichael numbers \cite{agp94}.
\\ \\
Clearly our previous algorithm fails on all carmichael numbers. Therefore, we need to extend our method so that carmichael numbers can also be handled.

\section{Generalizing the previous approach}
Consider the ring
\begin{displaymath}
R = \mathbb{Z}_n[X] / (X^r - 1)
\end{displaymath}
Suppose $n$ is prime. Then, by Chinese remaindering theorem, we have
\begin{displaymath}
R = \mathbb{Z}_{n} \oplus \sum_{i=1}^{k} \mathbb{Z}_{n} / (h_i (x))
\end{displaymath}
where $h_i(x)$ is irreducible over $\mathbb{Z}_n$.
\begin{fact}
\label{fact3}
All $h_i(x)$ have the same degree, and $R$ has $(\frac{r-1}{k})^k$ automorphisms
\end{fact}
In particular, $\psi(e(X)) = e^n(X)$ for $e(X) \in R$ is an automorphism. Therefore $\psi,\psi^2,\ldots,\psi^{\frac{r-1}{k}}$ are distinct automorphisms.
\\ \\
However, if $n$ is composite, then $\psi$ may not be an automorphism. This gives us a clue for another potential algorithm for primality testing.\\

\pagebreak

\underline{Algorithm-2($n$)}
\\
\begin{enumerate}
\item Choose an appropriately small $r$.
\item Test if $\psi$ is an automorphism in $R=\mathbb{Z}_n[x]/(x^r - 1)$
\item If yes, then print ``Prime''
\item else print ``Composite'' 
\end{enumerate} 

\subsection{Testing if $\psi$ is an automorphism in $R$}

\begin{enumerate}
\item From the definition of $\psi$, it is easy to see that the property $\psi(e_1(X)e_2(X)) = \psi(e_1(X))\psi(e_2(X))$ holds for all $e_1(X),e_2(X) \in R$.
\item We need to have $\psi(e_1(X) + e_2(X)) = \psi(e_1(X)) + \psi(e_2(X))$. One possible method is to try out all possible $e_1(X)$ and $e_2(X)$ in this equation. Since there are $n^r$ elements in $R$, this will require $n^{2r}$ such equality testings. However, using the following lemma, this can be verified in $n^r$ checks only :

\begin{lemma}
$\psi(e(X)) = e(\psi(X))$ for all $e(X) \in R$ iff $\psi$ is a homomorphism under addition. 
\end{lemma} 

\item We also need to verify whether $\psi$ is a one-one mapping or not. If $\psi$ is a one-one mapping, then

\begin{eqnarray}
\psi(e_1(X)) = \psi(e_2(X)) \nonumber \\
\psi(e_1(X) - e_2(X)) = 0 \nonumber \\
\psi(e_1(X) - e_2(X))^n = 0 \nonumber
\end{eqnarray}

\textbf{Problem} : Find the exact condition when $(e_1(X) - e_2(X))^n = 0$, i.e. characterize the conditions on $n$ and $X^r - 1$ that make $e^n(X) = 0$ for non zero $e(X)$.
\end{enumerate}

\begin{thebibliography}{9}
\bibitem{agp94} Alford, W.L., Granville, A. and Pomerance, C (1994). There are infinitely many Carmichael numbers. \emph{Annals of Mathematics}
\end{thebibliography}

\end{document}