Miller_rabin prime number Test

The Research on prime numbers has a long history, and the research on modern cryptography has injected new vigor into it. In the study on prime numbers, the testing of prime numbers is a very important issue.Wilson
The Theorem gives an important condition that number is a prime number.

 

Wilson
The Theorem determines N for the given positive integer n.
Is a prime number.

(N-1 )!MOD n)

Wilson
The theorem has a high theoretical value. However, the actual calculation amount required for prime number testing is too large to test the large prime number. So far, no effective deterministic algorithm for prime number testing has been found.

First, it is easy to think of the following prime number testing probability algorithm prime

Bool prime (unsigned int N)

{

// RND. Random (N)Returns 0 ~ Random integer between n-1

Randomnumber RND;

Int M = floor (SQRT (double (N )));

Unsigned int A = RND. Random (m-2) + 2;

Return (N %! = 0 );

}

When the algorithm Prime returns false, the algorithm is lucky to find an extraordinary factor of N, so it is certain that N is a sum. however, for the above algorithm Prime, even if n is a sum, the algorithm can still return true with a high probability. for example, when n = 2653 = 43*61 ~ A random integer a is selected in the range of 51. If it is set to a = 43, the algorithm returns false. In other cases, true is returned ~ The probability of selecting a = 43 in the range of 51 is about 2%, so the algorithm returns the error result true with a probability of 98%. When N increases, the situation will be worse.

The famous ferma's small theorem provides a powerful tool for prime number determination.

 

Ferma's theorem:
If P is a prime number and (0 <A <p ),

 

For example, if 67 is a prime number, 2 ^ 66 mod 67 = 1.

A prime number determination algorithm can be designed for the given integer N by using the Fermat theorem. By calculating d = 2 ^ (n-1)
MOD n is used to determine the kernel of integer n. When D is equal to 1, n is certainly not a prime number. When D is equal to 1, n is likely to be a prime number, but there is also a combination of N, making
. For example, the minimum sum that meets this condition is n = 341. to improve the accuracy of the test, we can randomly select integer 1 <A <n-1, and then use the conditions to determine the kernel of integer n. for example, for n = 341 and A = 3
It can be determined that N is not a prime number.

Ferma's TheoremAfter all, it is only a necessary condition for determining prime numbers. the integer n that satisfies the condition of the Fermat theorem is not necessarily a prime number. some of them also meet the conditions of the Fermat theorem. these are called Carmichael numbers. The first three Carmichael numbers are 561,1105, 1729.
The number of Carmichael is very small. In 1 ~ Of the integers in the range of 100000000, there are only 255 Carmichael numbers.

Use the followingQuadratic probe TheoremThe above prime number determination algorithm can be further improved to avoid the Carmichael number as a prime number.

Before introducing the quadratic probe theorem, let's take a look at it.A Fast Algorithm for modulo n's power multiplication.

 

Fast Algorithm for the power multiplication of the modulo n:

A common operation in number theory computing is to evaluate the modulo operation of a number's power a ^ B on another number's N.

A ^ B mod n (A, B, and n are positive integers)

Because the computer can only represent integers with a limit, you must pay attention to the size range of values when performing the modulo operation during programming.

To solve this problem, we will introduce an algorithm that can calculate a ^ B mod n.
A useful Algorithm for the value of--repeated flattening method.

First, we must make it clear:

This leads to an iteration.

 D =;

For (I = 2; I <= B; I ++)

{

D = | D mod n | *;

D = D mod n

}

The problem is that when B is very large, the running time will be affected. To improve the timeliness, we may convert B to binary:

 

Then, scanning is performed from the right-to-left position of B0. One of the following two equations is used for each iteration:

Bi = 0

Bi = 1 (0 <= C <= B)

Where c is the suffix of the binary number of B (bi-1, Bi-2 ,.... B0) the corresponding decimal number. When C doubles, the algorithm keeps the condition d = a ^ C mod n unchanged until C = B.

The following is a program analysis. After the modular_exp (long a, long B, long n) function inputs the base number A, power B, and modulo nRepeated flattening MethodCalculate and return the value of a ^ bmod n.

Long modular_exp (long a, long B, long n) // d then a ^ B mod n

{

Long d = 1;

Long T =;

While (B> 0)

{

If (B % 2 = 1)

D = (D * t) % N;

B = B/2;

T = (T * t) % N;

}

Return D;

}

 

Quadratic probe TheoremIf P is a prime number and 0 <x <p, then the equation x * xLimit 1 (Mod P.

In fact, x * xLimit 1 (Mod p) equivalent to x * X-1Limit 0 (Mod p). We can see from this;

(X-1) (x + 1)Limit 1 (Mod P)

Therefore, P must be divisible by X-1 or x + 1. P is a prime number and 0 <x <p, x = 1 or X = p-1.

By using the quadratic probe theorem, we can add a quadratic probe for integer N in the process of calculating a ^ (n-1) mod N using the Fermat theorem. once it finds that the condition of the secondary probe is violated, the conclusion that N is not a prime number is obtained.

The following algorithm power is used for computingA ^ P mod n, and perform a secondary test on N in the calculation process.

Void power (unsigned long a, unsigned long P, unsigned long N, unsigned long & result, bool & composite)

// Calculate a ^ P mod n and perform a secondary test on N.

{

Unsigned long X;

If (P = 0) Result = 1;

Else

{

Power (A, P/2, n, x, composite); // recursive Calculation

Result = (x * X) % N; // secondary Test

If (result = 1) & (X! = 1) & (X! = N-1 ))

Composite = true;

If (P % 2) = 1) // P is an odd number

Result = (result * A) % N;

}

}

Based on the algorithm power, the miller_rabin prime number testing algorithm can be designed as follows:

Bool miller_rabin (unsigned long N)

 

{

Randomnumber RND;

Unsigned long a, result;

Bool composite = false;

A = RND. Random (n-3) + 2;

Power (A, n-1, N, result, composite );

If (composite | (result! = 1) return false;

Else return true;

}

When the above algorithm returns false, integer n must be a combination, and when the return value is true, integer N is a prime number in the high probability sense. the number N may still exist. For the randomly selected base A, the algorithm returns true. however, the in-depth analysis of the above algorithm shows that when n is sufficiently large, such base A does not exceed (N-9)/4. the error probability of the miller_rabin algorithm can be quickly reduced by repeated calls. the miller_rabin algorithm that repeatedly calls K times can be described as follows:

 

Bool miller_rabin (unsigned long N, unsigned int K)

// Repeat K calls

{

Randomnumber RND;

Unsigned long a, result;

Bool composite = false;

For (INT I = 1; I <= K; I ++)

{

A = RND. Random (n-3) + 2;

Power (A, n-1, N, result, composite );

If (composite | (result! = 1) return false;

}

Return true;

}

The analysis shows that the error probability of the above algorithm does not exceed. This is a conservative estimate, and the actual effect is much better.

Appendix: classes in the above programRandomnumberDefinition:

Class randomnumber

{

PRIVATE: // current seed

Unsigned long randseed;

Public:

// Constructor. The default value 0 indicates that the seed is automatically generated by the system.

Randomnumber (unsigned long s = 0)

// Generate 0 ~ Random integer between n-1

Unsigned long random (unsigned long N)

}

Randomnumber: randomnumber (unsigned long s)

{

If (S = 0)

{

Randseed = (unsigned long) time (0 );

}

Else

{

Randseed = s;

}

}

 

Unsigned long randomnumber: Random (unsigned long N)

{

Randseed = multiplier * randseed + adder;

Return randseed % N;

}