Comments on: Computer Scientists find method to quickly discover primes?
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes/
Comments on MetaFilter post Computer Scientists find method to quickly discover primes?Thu, 08 Aug 2002 05:17:00 -0800Thu, 08 Aug 2002 05:17:00 -0800en-ushttp://blogs.law.harvard.edu/tech/rss60Computer Scientists find method to quickly discover primes?
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes
<a href="http://www.nytimes.com/2002/08/08/science/08MATH.html">Computer Scientists find method to quickly discover primes? </a> If the claims outlined in this article are correct, an age-long problem of number theory maybe solved. I wonder about the implications for cryptography; any cypherpunks care to comment?post:www.metafilter.com,2002:site.19008Thu, 08 Aug 2002 04:52:40 -0800costassciencetechprimesBy: Dan Brilliant
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317607
<i>Computer Scientists find method to quickly discover primes?</i>
Er, no - read it again. Computer scientists find method to establish whether a particular number is prime or not prime. Different.comment:www.metafilter.com,2002:site.19008-317607Thu, 08 Aug 2002 05:17:00 -0800Dan BrilliantBy: Ryvar
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317617
Practical implications for symmetric ciphers or RSA-based cryptography (SSL, SSH, AES, Blowfish - pretty much everything you and your sysadmin are encountering day to day) as I understand it: extremely little to none.
Implications for those people offering hundreds of thousands of dollars for finding the Nth prime where N is some stupidly large number: possibly bad, but this is more a test than an algorithm to find primes - you still have to iterate through a stupidly large number of them.
Stuff in crypto you actually should be worried about because the NSA probably had it decades ago: DJ Bernstein's <a href="http://www.mail-archive.com/cryptography%40wasabisystems.com/msg01830.html">latest</a> <a href="http://cr.yp.to/papers.html#nfscircuit">finds</a> (first link courtesy of slashdot).comment:www.metafilter.com,2002:site.19008-317617Thu, 08 Aug 2002 05:39:40 -0800RyvarBy: yerfatma
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317631
<a href="http://www.cse.iitk.ac.in/news/primality.html" title="PDF or PostScript, your choice">Full paper here</a>comment:www.metafilter.com,2002:site.19008-317631Thu, 08 Aug 2002 06:14:45 -0800yerfatmaBy: ptermit
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317632
Implications for cryptography: none. There are already fast prime-testing algorithms out there. Their only drawback is that they are probabilistic; the more confident you want to be that the number is prime, the more times you have to run the algorithm. But these algorithms are more than good enough for CS purposes, and they're probably considerably faster than an implementation of this deterministic algorithm.
The real interest is that this proves that prime-testing is a P class algorithm, which nobody could prove before.comment:www.metafilter.com,2002:site.19008-317632Thu, 08 Aug 2002 06:15:58 -0800ptermitBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317634
the <a href="http://slashdot.org/article.pl?sid=02/08/07/0151216&mode=thread&tid=172">comments</a> on slashdot are pretty good.
basically, there was already a probabilistic algorithm that was practically useful. so the practical implications of this work are minimal.
but maybe it will lead to more useful work via further developments (i don't know enough to judge whether this is likely or not)
in more detail: the probabilistic algorithm can tell you (very quickly) whether a number is likely to be a prime. also, critically (for it to be useful), it can be repeated (there are some details that make this less odd than it sounds) and each time it says "yes, this is probably a prime", you are more sure. if you run this (fast) algorithm enough times, you end up being more confident that the number is a prime than you are that your computer has malfunctioned. in other words, for all practical work, it´s a certainty.
this new work, on the other hand, gets you the answer without any uncertainty. and it's polynomial, which means that the running time doesn't "explode" as numbers get bigger. however, it´s n^3, which means that it is still very slow for big numbers.comment:www.metafilter.com,2002:site.19008-317634Thu, 08 Aug 2002 06:17:27 -0800andrew cookeBy: Songdog
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317636
You beat me to it, costas! I've been staring at the paper. They claim that it's an "unconditional deterministic polynomial-time algorithm," and if so, it seems like it could be a pretty big deal for computer scientists and number theorists, at least.comment:www.metafilter.com,2002:site.19008-317636Thu, 08 Aug 2002 06:18:22 -0800SongdogBy: Songdog
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317637
I don't think it's O(n^3), andrew. The authors say that it's O((log n)^12), which is a lot better. They also say that if a particular unproven conjecture is correct then it will actually perform at O((log n)^6). And if another particular unproven conjecture is correct then they'll be able to modify it to be O((log n)^3).comment:www.metafilter.com,2002:site.19008-317637Thu, 08 Aug 2002 06:21:58 -0800SongdogBy: joemaller
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317654
I read a little of the paper up until I realized that my actual comprehension was something like "words words words, letters, numbers, numbers." Anyone want to take a stab at explaining the basic ideas here in non-formula English for those of us who are very curious but whose education failed them? It would be appreciated.
Amusing that a paper with such potentially important implications on computer science looks like it was faxed in. Would HTML or even PDF text have been that difficult?comment:www.metafilter.com,2002:site.19008-317654Thu, 08 Aug 2002 07:02:22 -0800joemallerBy: walrus
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317660
joemaller: let's try.
A P class problem means that if the input is of a given size, the algorithm takes a number of steps that is a polynomial (rather than exponential) function of the input size.
What this means is that the rate of increase in time to solve, as the inputs get bigger, is a straight line on a graph rather than an upward curve.
What that boils down to, is that a class of problems which were previously thought to be very hard for large inputs, are now considered to be manageable.
Hope that helped (still sounds a bit mathsy to me).comment:www.metafilter.com,2002:site.19008-317660Thu, 08 Aug 2002 07:15:55 -0800walrusBy: Songdog
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317675
joemaller - Here's a <a href="http://www.cse.iitk.ac.in/news/primality.pdf">PDF</a>. It is an unpublished paper, though, and there's at least one typo.comment:www.metafilter.com,2002:site.19008-317675Thu, 08 Aug 2002 07:53:56 -0800SongdogBy: alicila
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317682
there already exists a reliable method for getting prime numbers, the <a href="http://members.surfeu.fi/kklaine/primebear.html">prime number *#^! bear</a>.comment:www.metafilter.com,2002:site.19008-317682Thu, 08 Aug 2002 08:03:01 -0800alicilaBy: moz
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317696
modern-day encryption is in much more danger from <a href="http://www.qubit.org/">quantum computing</a>, but with QC is also the promise of proposedly-unbreakable encryption. there is already a <a href="http://tph.tuwien.ac.at/~oemer/qcl.html">programming language</a> proposed for a quantum computer platform.comment:www.metafilter.com,2002:site.19008-317696Thu, 08 Aug 2002 08:24:11 -0800mozBy: delfuego
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317856
alicilia, that's frickin' brilliant. I love it. How'd you come across that?comment:www.metafilter.com,2002:site.19008-317856Thu, 08 Aug 2002 11:13:36 -0800delfuegoBy: alicila
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317916
i don't know. i've just known about it for a long time and this article made me think about it again. it's pretty old, i thought everyone knew about it. this morning when i posted it i also opened up a window and left it open. right now my bear is at the prime number 135173 and has been up for 4 hours.comment:www.metafilter.com,2002:site.19008-317916Thu, 08 Aug 2002 12:07:41 -0800alicilaBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317930
SongDog - sorry, that was from memory. perhaps it was from someone talking data size (bit count) while you're talking number value...? (for n) (i'm due to go to a meeting so haven't checked with the paper to see if that makes sense).comment:www.metafilter.com,2002:site.19008-317930Thu, 08 Aug 2002 12:18:59 -0800andrew cookeBy: Songdog
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#317975
NP, Andrew, I'm not positive anyway. They use two different notations interchangeably in the paper: O(log^12 n) and O((log n)^12). I was assuming that this was an accident, given the other little editorial issues, and in any event these two notations <i>should</i> refer to the same thing, but you never know. I didn't read the paper terribly closely anyway. I know a lot more about CS than I do about number theory, so this is only partly within my ken.
By the way though, I just <i>love</i> their style:<blockquote>The ultimate goal of this line of research is, of course, to obtain an unconditional deterministic polynomial-time algorithm for primality testing. Despite the impressive progress made in primality testing so far, this goal has remained elusive. <i>In this paper, we achieve this</i>.</blockquote> (emphasis mine)comment:www.metafilter.com,2002:site.19008-317975Thu, 08 Aug 2002 13:13:25 -0800SongdogBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318004
i'm no expert either. out of curiousity i started reading koblitz's <a href="http://www.amazon.com/exec/obidos/ISBN%3D0387942939/r/104-2811823-6006339">course</a> in number theory + crypto (springer verlag) a while back. it's very nicely written and although i've still not finished the exercises in the first chapter, i'd recommend it to anyone looking for a good start to number theory (largely because people whose taste i trust recommended it to me).
ps while i might favour british reserve, it must be nice to be in a position where you can write an abstract like that!comment:www.metafilter.com,2002:site.19008-318004Thu, 08 Aug 2002 13:45:05 -0800andrew cookeBy: delmoi
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318078
Songdog:
I think log^12 (n) and log(n)^n mean the same thing, just like sin<sup>2</sup> n means the same as sin(n)<sup>2</sup>
walrus: Well, thanks for explaining the <i>implications</i> now try explaining the actual theory... Your response is like someone asking "how does a car work" and you saying "It lets you go from place to place"
---
Looking at the "basic idea and approach" section, which basically describes what they are doing:
"Suppose that a is coprime to p, then P is prime if and only if (x-a)<sup>p</sup> <b>mod</b> p = (x<sup>p - a) <b>mod</b> P"
actually they used the triple equal sign, which means "congruent mod something" in this case, P. For those of you who don't know how modulo arithmetic works, the basic idea is you limit the numbers between zero and P, and after that they 'loop around'
So if P was 8, you would have the numbers 0,1,2,3,4,5,6 and 7. 3 + 4 <b>mod</b> 8 = 7. 4+4 <b>mod</b> 8 = 0. 6 + 7 <b>mod</b> 8 = 5. etc.
So, what "Suppose that a is coprime to p, then p is prime if and only if (x-a)<sup>p</sup> <b>mod</b> p = (x<sup>p - a) <b>mod</b> p"
<i>coprime</i> means that (IIRC) two numbers share no factors. All numbers can be composed of prime factors, for example 6 = 2*3, and 21 = 3*7. 6 and 21 are <i>coprime</i> because they don't share any numbers in the factorization.
but, unfortunately it takes a while to check that. What these guys seem to be doing is rather then modding everything by p, they mod it by (x<sup>r</sup> - 1,p) I have no idea what they mean by 'comma p' but in the text they just say (x<sup>r</sup> - 1), which means they mod everything by x to the rth power minus one.
For all prime numbers, the equation up there should hold for all numbers a and r. Unfortunately, some numbers also would show up as prime if a and r are not 'suitable'. So, they pick 'suitable' numbers.
To them, r is 'suitable' if it's prime, which should take O(log(p)<sup>6</sup>) time. (this means that as you increase p by one, the amount of time it takes to run increases by log(p)<sup>6</sup> - log(p-1)). <sup>6</sup>. And r - 1 has a prime factor at least r<sup>1/2 + q</sup> where q is greater then zero. (They used a greek character which looks kind of like an upside down q. I don't know what it's called, but for some reason I call it "wega" when I read it).
Then they check a 'small' number of possible as (in this case, either the number of as or the time it takes to check them increases at a rate of O((square root of r)*log(p)))
The rest of the paper proves all that's true. If I made any mistakes, please let me know.</sup></sup>comment:www.metafilter.com,2002:site.19008-318078Thu, 08 Aug 2002 15:42:33 -0800delmoiBy: delmoi
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318079
you miss one tag...
I'm posting this again because it did screw up the meaning:
Looking at the "basic idea and approach" section, which basically describes what they are doing:
"Suppose that a is coprime to p, then P is prime if and only if (x-a)<sup>p</sup> <b>mod</b> p = (x<sup>p</sup> - a) <b>mod</b> P"
actually they used the triple equal sign, which means "congruent mod something" in this case, P. For those of you who don't know how modulo arithmetic works, the basic idea is you limit the numbers between zero and P, and after that they 'loop around'
So if P was 8, you would have the numbers 0,1,2,3,4,5,6 and 7. 3 + 4 <b>mod</b> 8 = 7. 4+4 <b>mod</b> 8 = 0. 6 + 7 <b>mod</b> 8 = 5. etc.
So, what "Suppose that a is coprime to p, then p is prime if and only if (x-a)<sup>p</sup> <b>mod</b> p = (x<sup>p</sup> - a) <b>mod</b> p"
<i>coprime</i> means that (IIRC) two numbers share no factors. All numbers can be composed of prime factors, for example 6 = 2*3, and 21 = 3*7. 6 and 21 are <i>coprime</i> because they don't share any numbers in the factorization.
but, unfortunately it takes a while to check that. What these guys seem to be doing is rather then modding everything by p, they mod it by (x<sup>r</sup> - 1,p) I have no idea what they mean by 'comma p' but in the text they just say (x<sup>r</sup> - 1), which means they mod everything by x to the rth power minus one.
For all prime numbers, the equation up there should hold for all numbers a and r. Unfortunately, some numbers also would show up as prime if a and r are not 'suitable'. So, they pick 'suitable' numbers.
To them, r is 'suitable' if it's prime, which should take O(log(p)<sup>6</sup>) time. (this means that as you increase p by one, the amount of time it takes to run increases by log(p)<sup>6</sup> - log(p-1)). <sup>6</sup>. And r - 1 has a prime factor at least r<sup>1/2 + q</sup> where q is greater then zero. (They used a greek character which looks kind of like an upside down q. I don't know what it's called, but for some reason I call it "wega" when I read it).
Then they check a 'small' number of possible as (in this case, either the number of as or the time it takes to check them increases at a rate of O((square root of r)*log(p)))
The rest of the paper proves all that's true. If I made any mistakes, please let me know.comment:www.metafilter.com,2002:site.19008-318079Thu, 08 Aug 2002 15:44:13 -0800delmoiBy: tallpaul
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318102
<i>walrus:
A P class problem means that if the input is of a given size, the algorithm takes a number of steps that is a polynomial (rather than exponential) function of the input size.
What this means is that the rate of increase in time to solve, as the inputs get bigger, is a straight line on a graph rather than an upward curve. </i>
Not to be picky, but a polynomial function is a not a straight line (unless your plotting on a logrithmic graph or the exponent is equal to one). A polynomial function will still curve up if the exponent of the polynomial is greater than one.
For example n^^2 (n squared) is a polynomial function
2*2=4
3*3=9
4*4=16
In this case n has been incremented by 1 in each step, but the increase in y for each increment in n is not a constant factor and thus nonlinear (and curves up).comment:www.metafilter.com,2002:site.19008-318102Thu, 08 Aug 2002 16:21:10 -0800tallpaulBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318111
delmoi: fyi: (in the pdf version at least) that thing you're calling "wega" is a lower case delta (and i'm impressed that you can not know that and still make sense (at least at the level i understand things) of the contents!) (this is not intended to be condescending, but i know it reads odd on preview...)comment:www.metafilter.com,2002:site.19008-318111Thu, 08 Aug 2002 16:30:29 -0800andrew cookeBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318120
in case it's not obvious from the above (it wasn't for me), the reason the they use the extra (x^r-1) is to "fold down" the expansion of (x-a)^p to powers of x which are smaller than r (i guess maybe it is obvious now i've written it down). that saves them from evaluating a polynomial in all the powers of x up to x^p, but means that their identity is no longer true - it can produce false positives. hence the checking.
ps so when they say mod(x^r-1,p) they mean modulo both x^r-1 and p. at least, that's my current best guess.comment:www.metafilter.com,2002:site.19008-318120Thu, 08 Aug 2002 16:42:54 -0800andrew cookeBy: delmoi
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318123
andrew cooke: I don't know why I would know what it's called. I think I might have heard the name once or twice before in my math classes, but I didn't I really cared. The way I saw it, it was just another variable. There is probably some kind of connotation to it, like a, b, and especially c are usually 'constants' whereas x,y and z are variables, t is a parametric variable, etc.
Actually, the symbol was used in my calc book in the description of the method used to determine if a limit in a multidimensional function existed. Since I was working through the examples last night to try to understand I had to 'internally vocalize' it and I just called it 'wega' for some reason. If I had understood the process right away I probably would have just used some other letter. It was a pretty strange coincidence to see it again today.
As far as being able to understand the text, it's all discrete math which is required for CS majors at my <a href="www.iastate.edu">university</a>. And I've taken the class twice :P. I've always enjoyed math, but I'm hardly a math geek.
Ultimately, I can <i>draw</i> the character if I need to, which is all that's really needed for homework :)comment:www.metafilter.com,2002:site.19008-318123Thu, 08 Aug 2002 16:48:50 -0800delmoiBy: Songdog
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318126
delmoi - yes, (log x)^n and log^n (x) mean the same thing. I just meant that this inconsistency could represent a typo, especially since there are other typos in the paper. But I believe that you are correct and that the authors mean the same thing in each instance.
I am, however, confused about coprimes: 6 and 21 <i>do</i> share a common prime factor. They are both divisible by 3. Maybe I'm misunderstanding you, but would you mind clarifying this?comment:www.metafilter.com,2002:site.19008-318126Thu, 08 Aug 2002 16:58:16 -0800SongdogBy: andrew cooke
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#318133
delmoi: ok. i come from a physics/maths background (at a very traditional uk university) so didn't realise you could have gone through a maths course without having lectures where maybe half the time the lecture is reading out greek characters...
<a href="http://mathworld.wolfram.com/RelativelyPrime.html">coprime</a> - 6 & 21 are not coprime (8 and 21 would be).comment:www.metafilter.com,2002:site.19008-318133Thu, 08 Aug 2002 17:17:52 -0800andrew cookeBy: metaforth
http://www.metafilter.com/19008/Computer-Scientists-find-method-to-quickly-discover-primes#319466
Incidentally, the reason (log n)^12 is polynomial is because to input a number n requires log n bits. So this is polynomial in the size of the input.comment:www.metafilter.com,2002:site.19008-319466Sun, 11 Aug 2002 12:12:29 -0800metaforth