Professional Documents
Culture Documents
ps2m
s lg p +
ps2m
lg p 2m p
k
2 m p
k
( )
k=2
log
p
2m
ps 2m
s lg p +
ps2m
lg p
lg2m
lg p
1
|
\
|
.
|
ps 2m
s lg p +
ps2m
lg2m1 ( )
ps 2m
s lg p +
ps2m
1
2
2m lg2m1 ( ) (for 2m > 8, i.e. m > 32)
The inequalities for m 32 imply
QED
p
ps2m
[
> 2
2m
1
2
lg4m
1
2
2m(lg2m1)
> 2
2m
1
2
2mlg2m
> 2
m
Find the least prime r that does not divide the earlier product
and check that r and smaller primes dont divide n.
We conclude that, unless we have found a prime factor
of n that is r, we can find a prime r2m with ord
r
n x if 2m x
2
lgn.
(With x 4 lg
2
n, well have 2m ~ 16 lg
5
n.)
2m > lg4m> lg2
Step 3. Verify that
(x+a)
n
x
n
+a mod (n, x
r
-1)
for a=1 to r
We now show that if n passes all these steps, that n is prime.
Let p be a prime factor of n. Note p>r.
Let h(x) e F
p
[x] be an irreducible factor of
of degree d. We examine the implications of Step 3 on the
finite field F = F
p
[x] / (h(x)) , which has p
d
elements. Recall that the
multiplicative group F
*
is cyclic of order p
d
-1.
Note that f(x)g(x) mod(n, x
r
-1) implies f(x)g(x) mod(p, h(x)),
i.e. f(x)=g(x) in F.
x
r
1
x 1
Lemma. d=ord
r
p
Proof. Since x
r
=1 in F, x=1 in F, and r is prime, the order of x is r.
By Lagranges theorem r divides p
d
-1. Thus ord
r
p divides d.
To show d divides ord
r
p, let g(x) generate F
*
. We have
g(x)
p
= g(x
p
)
and, iterating
Thus, the order of g(x), p
d
-1, divides
hence d divides ord
r
p .
Remark. Every choice of h(x) has the same degree.
g(x)
p
ord
r
p
= g(x
p
ord
r
p
) = g(x)
p
ord
r
p
1
We have (x+a)
n
x
n
+a mod(n, x
r
-1),
hence (x+a)
n
x
n
+a mod(p, x
r
-1), for a=0 to r.
We also have (x+a)
p
x
p
+a mod(p, x
r
-1) for a= 0 to r.
The idea is that these two sets of congruences impose too much
structure, allowing us to find u, v for which g
u
=g
v
has too many
solutions in F. Such an equation has at most |u-v| nonzero
solutions unless u=v.
Let w=|F
r
*
/<n,p>|. Let K denote a set of w coset representatives,
denoting a typical representative by k. Observe that
w =
r 1
|< n, p >|
r 1
ord
r
n
s
r 1
x
Now consider
n
i
p
j
: i, j e 0,
r 1
w
(
(
(
(
`
)
The order of this set is
1+
r 1
w
(
(
|
\
|
.
2
>
r 1
w
Thus n
i
1
p
j
1
n
i
2
p
j
2
mod r for some (i
1
, j
1
) = (i
2
, j
2
)
n
i
1
p
j
1
n
i
2
p
j
2
s n
2
r1
w
= 2
2
r1
w
lgn
g
n
i
1
p
j
1
= g
n
i
2
p
j
2
The equation (EQ)
has at most
nonzero solutions in F unless .
n
i
1
p
j
1
= n
i
2
p
j
2
Beginning with (x+a)
n
x
n
+a mod(p, x
r
-1), we have
x
n
i
+ a
|
\
|
.
n
x
n
i +1
+ a mod(n, x
n
i
r
1)
x
n
i
+ a
|
\
|
.
n
x
n
i+1
+ a mod( p, x
r
1)
x + a ( )
n
i
x
n
i
+ a mod( p, x
r
1) by induction
Next, we see that
x + a ( )
n
i
p
j
x
n
i
p
j
+ a mod( p, x
r
1) by induction
and finally that
x
k
+ a
( )
n
i
p
j
x
kn
i
p
j
+ a mod(p, x
kr
1)
x
k
+ a
( )
n
i
p
j
x
kn
i
p
j
+ a mod( p, x
r
1)
Any element of the subgroup G of F
*
generated by
x
k
+a, k in K, 0ar is a solution of (EQ).
AKS restricted to k=1 and showed the order of G is too big
if n is not prime.
Lenstras idea was to introduce the set K and to consider G
w
instead of G. The argument is more complicated, but is
self-contained instead of depending on a VERY hard theorem.
We will let s:{0,1,,r} :{0,1,} describe the exponents for
an element of G
w
of the following form:
g(s) = x
k
+ a
( )
s(a)
0sasr
[
|
\
|
.
|
keK
= x
k
1
+ a
( )
s(a)
0sasr
[ , ..., x
k
w
+ a
( )
s(a)
0sasr
[
|
\
|
.
|
eG
w
Claim: If s
1
=s
2
with Es
1
(a)r-2 and Es
2
(a)r-2, then g(s
1
) = g(s
2
).
Proof of claim. Suppose g(s
1
) = g(s
2
).
x
kn
i
p
j
+ a
|
\
|
.
s
1
(a)
0sasr
[
|
\
|
.
|
keK
= x
k
+ a
( )
n
i
p
j
s
1
(a)
0sasr
[
|
\
|
.
|
keK
= g(s
1
)
n
i
p
j
= g(s
2
)
n
i
p
j
= x
kn
i
p
j
+ a
|
\
|
.
s
2
(a)
0sasr
[
|
\
|
.
|
keK
Now, kn
i
p
j
runs over a complete set of representatives for F
r
*
Therefore, the degree at most r-2 polynomial over F,
X + a ( )
s
1
(a)
0sasr
[ X + a ( )
s
2
(a)
,
0sasr
[
has roots x, x
2
, , x
r-1
, so is identically 0, i.e. s
1
=s
2
.
The number of such s is the number of r+1-tuples of nonnegative
integers whose sum is at most r-2. This equals the number of
r+2-tuples of nonnegative integers whose sum equals r-2. This,
in turn, is the number of arrangements of r+2 identical balls in
r-2 boxes. Therefore,
| G|
w
>
2r 1
r +1
|
\
|
.
|
> 2
r1
for r3 by induction.
However, iff
n
i
1
p
j
1
= n
i
2
p
j
2
,
2
2
r1
w
lgn
> 2
r1
w
4 lg
2
n >
r 1
w
> x > 4 lg
2
n
Finally,
so n is a power of p, which by Step 1 means n=p.