So Jake Says » Primality Testing http://www.jakevoytko.com/blog Ye Olde Computer Science Blogge Sun, 17 Jan 2010 15:16:00 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 Number Theory for Programmers, Part 1 http://www.jakevoytko.com/blog/2007/09/16/number-theory-for-programmers-part-1/ http://www.jakevoytko.com/blog/2007/09/16/number-theory-for-programmers-part-1/#comments Sun, 16 Sep 2007 20:19:19 +0000 Jake http://www.jakevoytko.com/blog/2007/09/16/number-theory-for-programmers-part-1/ What is Number Theory?

Number theory is the study of numbers, their properties, and what can be inferred from their properties. For programmers, it is most practical to focus on the theory of positive integers.

Who should use this guide?

Those who did not know the answer to the above question.

How do we use modulus?

First, we should bridge the gap between a Programmer’s definition of modulus and a Mathematician’s.

Programmer: a % b is the remainder of a / b. Essentially, the programmer uses the following equation:

a = b*c + r

That is, the programmer says If we were finding 23 % 5, we would have:
23 = 5*4 + 3
23 % 5 = 3.

Mathematician: Mathematicians rearrange the above equation into the following:

a – r = bc. They write this as:

a \equiv r ($mod$\ b)

All this means is that you can move from a to r just by adding and subtracting b.
23 – 5 – 5 – 5 – 5 = 3, so 23 \equiv 3 (mod\ 5)

Efficient Exponentiation (mod n)

Let’s say that you need to find a ^{x} (mod\ n). The naive way of doing this is to perform the operation just as it’s written:

unsigned int powmod(unsigned int a, unsigned int x, unsigned int n)
{
    return pow(a, x) % n;
}

and it has a few disadvantages.

  1. It has a very good chance of overflowing native data types
  2. It has an algorithmic complexity of O(n) for the size of the exponent. For large integer types, this becomes O(nm), for integers of (on average) mwords

To show a more efficient way of doing it, we will use a method called “successive squaring”. I will explain it by using an example: Find 3 ^ {17} (mod\ 5):

We know that 3 ^ {17} (mod\ 5) \equiv 3^{16} * 3^{1} (mod\ 5). We need to find 3^{16}(mod\ 5):

3 \equiv 3 (mod\ 5). This is given.

3^{2} \equiv 9 \equiv 4 (mod\ 5)

3^{4} \equiv (3^{2})^{2} \equiv 4^{2} \equiv 16 \equiv 1 (mod\ 5).

This is where the leap of logic occurs. Since 3^{2} \equiv 4 (mod\ 5), it follows that 3^{4} \equiv (3^{2})^{2}

3^{8} \equiv 1 (mod\ 5)

3^{16} \equiv 1 (mod\ 5)

3^{17} = 3^{16} * 3^{1} = 1 * 3 \equiv 3 (mod\ 5)

So 3^{17} % 5 = 3, and I was able to do it all in my head! For small numbers, this is usually the case. But it should be obvious that this is a lot easier than ordinary exponentiation, with on the order of O(logn) multiplications.

Code example

The best code example I have found is from Bruce Schneier’s “Applied Cryptography”. The C version using native unsigned integers is as follows:

unsigned int powmod(unsigned int base, unsigned int exp, unsigned int mod)
{
    unsigned int toret=1;
 
    while(exp > 0)
    {
        if(exp & 1)
            toret = (toret * base) % mod;
 
        exp >>= 1;
        base=(base*base) % mod;
    }
    return toret;
}

It’ll still overflow for the wrong values, but it is a quick and dirty example. If you have access to an infinite precision integer, it should be trivial to convert it.

Fermat’s Little Theorem

One of the many things that Fermat conjectured (and supposedly proved) is quite useful to the modern programmer. It says, for any prime number p, and for any integer a

a^{p} \equiv a (mod\ p).

Combined with the successive squaring method, this provides us a very powerful tool.

Probabilistic Primality Testing

For any number of applications, we need prime numbers. They are the crack-cocaine of modern mathematics. There are many simple ways to get prime numbers, such as the Sieve of Eratosthenes, but these methods fail when your application needs a 20-digit prime. There are newly developed (but complicated) tests that give a definite yes/no on a number in polynomial time, but they require Abstract Algebra, which is beyond the scope of this entry! For most developers, we don’t need to be 100% sure the numbers we are using are prime. We’re not using RSA in life-or-death (or multi-billion dollar banking) situations! All we want to do is tell whether or not an integer is most likely prime so that we can encrypt our Dawson’s Creek fan fiction and hide it from our father.

Fermat’s Little Theorem is always true if we know that the modulus is prime. The proof, however, doesn’t hold true in the opposite direction: if, for some number a, a^{n} \equiv a (mod\ n), we can’t say for sure that n is a prime. However, it is very frequently true, and often enough that we can form a probabilistic test, meaning that the numbers are probably prime. Mathematicians are noted for devastating understatement, so when we say “probably”, we mean “the chance is absurdly close to 100%”. According to pgp.net, PGP uses trial division for primes less than 8191, and the Fermat test for 2,3,5, and 7. I can’t find a reliable source covering the mathematics of why, but an unreliable source gives the chance that a composite is picked as less than 1 in 10^{50}. Yikes!

The Test

Ready?

For some number n, it is probably prime if:

  1. 2^{n} \equiv 2 (mod\ n)
  2. 3^{n} \equiv 3 (mod\ n)

If this makes you uncomfortable by using the first two primes, you can randomly pick two numbers (instead of 2 and 3). The test works just the same. For the ultra paranoid, try it three or four times.

The Carmichael Numbers

There are numbers that cause this test to fail for all test values. They are called Carmichael numbers, named after the first person to find an example. The first three are 561, 1105, and 1729. There are infinitely many Carmichael numbers, though they grow more scarce as the integers approach infinity. For fun, use the method of successive squaring to show that 561 is a Carmichael number.

]]> http://www.jakevoytko.com/blog/2007/09/16/number-theory-for-programmers-part-1/feed/ 14