U.S. patent application number 09/559142 was filed with the patent office on 2002-07-25 for t-sequence apparatus and method for general deterministic polynomial-time primality testing and composite factoring.
Invention is credited to Backal, Shaul O., Tie, Teck Sing.
Application Number | 20020099746 09/559142 |
Document ID | / |
Family ID | 22513747 |
Filed Date | 2002-07-25 |
United States Patent
Application |
20020099746 |
Kind Code |
A1 |
Tie, Teck Sing ; et
al. |
July 25, 2002 |
T-sequence apparatus and method for general deterministic
polynomial-time primality testing and composite factoring
Abstract
Using a new mathematical technique called the T-sequence, the
inventor has discovered a powerful primality testing method that
meets all four conditions above. A similar approach can be applied
to perform fast factoring for numerous special cases, a method that
can, in all liklihood, be extended to the general case, making
possible a general and fast factoring algorithm. (Researchers
heretofore have been able to factor only in sub-exponential time,
never in polynomial time.) The same T-sequence can be used to
construct a prime number formula (long sought after but never
achieved) and a good random number generator. The former can be
used to generate infinitely many prime numbers of any size
efficiently, and the latter can generate non-periodic and
absolutely chaotic random numbers. These aft numbers are widely
used in all areas of industrial and scientific simulations. In
general, the T-sequence can be used to handle efficiently the
fundamental problems concerning prime numbers (which include
primality testing, factoring, prime number formula,
infinite-pattern prime problem, etc.).
Inventors: |
Tie, Teck Sing; (Sibu,
MY) ; Backal, Shaul O.; (Tarzana, CA) |
Correspondence
Address: |
Joseph P. O'Malley
Burns, Doane, Swecker & Mathis, LLP
P.O. Box 1404
Alexandria
VA
22313-1404
US
|
Family ID: |
22513747 |
Appl. No.: |
09/559142 |
Filed: |
April 27, 2000 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
60145585 |
Jul 26, 1999 |
|
|
|
Current U.S.
Class: |
708/254 |
Current CPC
Class: |
G06F 7/586 20130101;
H04L 9/3033 20130101; G06F 7/72 20130101; H04L 9/0662 20130101;
G06F 2207/7204 20130101 |
Class at
Publication: |
708/254 |
International
Class: |
G06F 007/58 |
Claims
what is claimed is:
1. A computer-implemented method, comprising: determining at least
one element of a non-montonic sequence, the non-montonic sequence
being one of a family of related non-montonic sequences; using at
least said element, determining at least one property of a number;
and depending on said property, taking an action the effect of
which is to enhance or degrade data security within a computer
system or network.
2. The method of claim 1, wherein said property is primality.
3. The method of claim 1, wherein said number is a composite
number, and said property is a factor of said number.
4. The method of claim 1, wherein said family of related
non-montonic sequences is defined as follows: 73 T 0 l = 2 , T 1 l
= l and T n + 1 l = l T n l - T n - 1 l ,where the subscript
denotes the nth term while the superscript denotes the order l.
5. A prime number generator, comprising: means for generating
candidate numbers by forming at least one of sums and differences
of a given number and a series of prime numbers; and means for
deterministically evaluating primality of each of the candidate
numbers in polynomial time.
6. The apparatus of claim 5, wherein said means for
deterministically evaluating primality comprises means for
determining at least one element of a non-montonic sequence, the
non-montonic sequence being one of a family of related non-montonic
sequences.
7. The apparatus of claim 6, wherein said family of related
non-montonic sequences is defined as follows: 74 T 0 l = 2 , T 1 l
= l and T n + 1 l = l T n l - T n - 1 l ,where the subscript
denotes the nth term while the superscript denotes the order l.
8. A random number generator, comprising: means for determining a
seed number; means for forming at least one of sums and differences
of the seed number and a series of prime numbers; and means for
outputting last digits of the series of prime numbers to produce a
set of random digits.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates to prime and composite number
computing and applications of the same, e.g., in the area of data
security.
[0003] 2. State of the Art
[0004] Prime numbers (2, 3, 5, 7, 11, 13, . . ., those positive
integers divisible only by themselves or 1) are the most
fundamental building blocks of math, and with the invention of the
public key ciphers (RSA, El Gamal and the like), they now form the
backbone of computer security. Basically there are two problems
related to the use of prime numbers in these fields, namely
primality testing and factoring. The primality testing problem is
about testing and determining whether a given arbitrary positive
integer is a prime number or a composite (non-prime) number. For a
composite number, the factoring problem requires determining the
composite number's prime factors. Practicality demands that these
two problems have to be solved in polynomial time (computations
being proportional to the number of digits and therefore fast), not
exponential time (computations being proportional to the size of
the numbers themselves and therefore too slow).
[0005] Traditionally, to decide whether a small integer is prime or
composite, one can try to factor it with the smaller primes, but
this trial division is too tedious for numbers greater than, say,
40 digits. Previously, experts have only been able to test for
general primality up to about 2000 digits with certainty in a week
of standard PC computational time. Several other faster methods
have been devised to test larger integers, but they too fall short
of expectations.
[0006] Presently over the Internet, record-size prime numbers over
10,000 or 100,000 digits are frequently found and published by
researchers, but they are confined to special forms only (e.g., the
most famous being the Lucas-Lehmer test for Mersenne numbers of the
form 2.sup.M-1). If given an arbitrary number, however, these
researchers cannot test it in polynomial time. The stringent
demands of several important ciphers require testing and generating
large prime number of arbitrary forms and sizes.
[0007] There are four conditions in solving these problems:
[0008] 1. Polynomial-time algorithm: the algorithm's speed needs to
be proportional to a small power of the number of digits of that
integer, e.g. d.sup.3, instead of sub-exponential or exponential
time, e.g., 2.sup.d.
[0009] 2. 100% generality, i.e., the primality or factors of any
arbitrary number can be determined.
[0010] 3. Provability, i.e., it can be shown to work in all cases
mathematically and no counterexamples can be found.
[0011] 4. Deterministic in nature, i.e., the algorithm can
determine the primality of a number with certainty and not with
statistical probability.
[0012] Present techniques are unable to satisfy all four of these
conditions simultaneously.
SUMMARY OF THE INVENTION
[0013] Using a new mathematical technique called the T-sequence,
the inventor has discovered a powerful primality testing method
that meets all four conditions above. A similar approach can be
applied to perform fast factoring for numerous special cases, a
method that can, in all liklihood, be extended to the general case,
making possible a general and fast factoring algorithm.
(Researchers heretofore have been able to factor only in
sub-exponential time, never in polynomial time.) The same
T-sequence can be used to construct a prime number formula (long
sought after but never achieved) and a good random number
generator. The former can be used to generate infinitely many prime
numbers of any size efficiently, and the latter can generate
non-periodic and absolutely chaotic random numbers. These numbers
are widely used in all areas of industrial and scientific
simulations. In general, the T-sequence can be used to handle
efficiently the fundamental problems concerning prime numbers
(which include primality testing, factoring, prime number formula,
infinite-pattern prime problem, etc.).
[0014] Whereas previously experts have only been able to test for
general primality up to about 2000 digits with certainty in a week
of standard PC computational time, now with this new approach it
takes only eight seconds, by comparison. On a fast computer,
numbers up to a million or more digits can also be tested for
primality. All other techniques become impracticable beyond 2000 or
so digits for general primality testing. This new approach enables
mathematicians and computer scientists to test as well as generate
prime numbers of any size or form to be used in mathematical
research and computer cryptography.
BRIEF DESCRIPTION OF THE DRAWING
[0015] The present invention may be further understood from the
following description in conjunction with the appended drawing. In
the drawing:
[0016] FIG. 1 is a block diagram of a prime number computing
system; and
[0017] FIG. 2 is a flowchart illustrating a primality testing
algorithm.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0018] T-Sequences: Definition.
[0019] Let n be a positive integer and l>3 be the order. Then
the general T-sequences are defined as follows: 1 T 0 l = 2 , T 1 l
= l and T n + 1 l = l T n l - T n - 1 l ,
[0020] where the subscript denotes the nth term while the
superscript denotes the order l. Therefore the zeroth term is
always 2 and the first term is always l; i.e., l=3 is the first
T-sequence, the successive terms of which are given by 2 T 0 3 = 2
, T 1 3 = 3 , T 2 3 = 7 , T 3 3 = 18 , , T n + 1 3 = 3 T n 3 - T n
- 1 3 . 3 T n 4
[0021] is the second T-sequence with the following terms: 4 T 0 4 =
2 , T 1 4 = 4 , T 2 4 = 14 , T 3 4 = 52 , , T n + 1 4 = 4 T n 4 - T
n - 1 4 , etc .
[0022] There is a general and fundamental identify relating all T
terms, as expressed by: 5 T n 1 + n 2 l = T n 1 l T n 1 - n 2 l
[0023] where n.sub.1.gtoreq.n.sub.2 and n =n.sub.1+n.sub.2. From
this can be derived the following convenient identities: 6 T 2 n +
1 l = T n l T n + 1 l - T 1 l = T n l T n + 1 l - l ( odd nth terms
) ( 1 ) T 2 n l = T n l T n l - T 0 l = ( T n l ) 2 - 2 ( even nth
terms ) ( 2 )
[0024] The T terms can grow exponentially large, but with the above
identities as well as modulo arithmetic and a type of binary
decomposition method described below, testing a given integer for
primality is straightforward.
[0025] A numerical example serves to illustrate this approach.
E.g., for n=31 and l=3, binary decomposition is first performed
(other forms of decomposition are feasible but are less practical):
7 T 31 3 = T 16 3 T 15 3 - 3 T 16 3 = ( T 8 3 ) 2 - 2 T 15 3 = T 8
3 T 7 3 - 3 T 8 3 = ( T 4 3 ) 2 - 2 T 7 3 = T 4 3 T 3 3 - 3 T 4 3 =
( T 2 3 ) 2 - 2 T 3 3 = T 2 3 T 1 3 - 3 T 2 3 = ( T 1 3 ) 2 - 2
[0026] For decomposition of odd terms D the quantity 8 D - 1 2
[0027] is computed. If the result is an odd number as in 9 31 - 1 2
= 15 ,
[0028] is added to 15 to give 16 so that 31=16+15. If the result is
an even number such as 10 37 - 1 2 = 18 ,
[0029] again 1 is added to 18 to give 19 so that 37=18+19. The
successive terms can then be computed by using the above-mentioned
identities. For odd nth terms such as 11 T 31 3 ,
[0030] the quantity 12 T 1 l ,
[0031] or l, is always subtracted, which is 3 in this example. For
even nth terms such as 13 T 16 3 ,
[0032] the quantity 14 T 0 l ,
[0033] or 2, is always subtracted. The fundamental identify allows
all these decompositions to be performed. Modulo arithmetic with
respect to n and recursive substitutions are then carried out using
the fact that, always, 15 T 0 l = 2 and T 1 l = l ;
[0034] that is, 16 T 0 3 = 2 , T 1 3 = 3
[0035] in this example.
[0036] Computations are then started from the smallest term, that
is 17 T 2 3 = ( T 1 3 ) 2 - 2 = 3 2 - 2 = 7 , T 3 3 = T 2 3 T 1 3 -
3 = 7 3 - 3 = 18 ,
[0037] and so on, with the residues always modulo 31:
1 18 T 31 3 = T 16 3 T 15 3 - 3 = 3 2 - 3 = 3 T 16 3 = ( T 8 3 ) 2
- 2 = 6 2 - 2 = 3 T 15 3 = T 8 3 T 7 3 - 3 = 6 6 - 3 = 2 T 8 3 = (
T 4 3 ) 2 - 2 = 16 2 - 2 = 6 T 7 3 = T 4 3 T 3 3 - 3 = 16 18 - 3 =
6 T 4 3 = ( T 2 3 ) 2 - 2 = 7 2 - 2 = 16 T 3 3 = T 2 3 T 1 3 - 3 =
7 3 - 3 = 18 T 2 3 = ( T 1 3 ) 2 - 2 = 3 2 - 2 = 7
[0038] Therefore it can be determined that in this example the 31st
term of T.sup.3 (mod 31) gives a residue of 3. Of course the
residue of any term of T.sup.l (mod n) can be readily computed
whenever needed.
[0039] There are numerous intriguing properties of T-sequences, one
of which is expressed as 19 T n l = ( l + l 2 - 4 2 ) n + ( l + l 2
- 4 2 ) n , or equivalently T n l = k = 0 [ n 2 ] ( - 1 ) k n ( n -
k - 1 ) ! k ! ( n - 2 k ) ! ( l ) n - 2 k .
[0040] From this expression one can prove that all primes p will
have to satisfy the relations 20 T p l = l
[0041] (mod p) and 21 T p l - 1
[0042] =2 or l.sup.2=2 (mod p), as in the numerical example above
for the prime p =31: 22 T 31 3 = 3
[0043] (mod 31) and 23 T 30 3 = 2
[0044] (mod 30).
[0045] By using these T-sequences in connection with the primes p,
another important and useful property in primality testing and
factoring can be derived, the so-called periods k(p) consisting of
two types, p+1 and p-1. The former is called the +l type and the
latter the -l type. What is meant by this terminology can be
illustrated by the following numerical examples:
[0046] Take l=3 and p=7. Compute every term of T.sup.3 successively
modulo 7; that is, every T.sup.3 term is divided by 7 to give the
respective residues, until the residues repeat themselves. Thus
using R as the residue and l always equal to 3, one obtains for the
modulo of prime p =7: R.sub.0=2, R.sub.1=3, R.sub.2=0, R.sub.3=4,
R.sub.4=5, R.sub.5 =4, R.sub.6=0, R.sub.7=3, R.sub.8=2, . . . The
next residue with 2 appears at the eighth term R.sub.8 =2, thus the
period k(7)=8. Note that this period divides exactly into p +1,
that is, k(p).vertline.p+1.fwdarw.k(7) =8. Thus the prime 7 is said
to be of the +l type in T.sup.3 sequence.
[0047] Again take l=4 and p=11. The residues of each T.sup.4 term,
modulo 11, are: R.sub.0=2, R.sub.1=4, R.sub.2=3, R.sub.3=8,
R.sub.4=7, R.sub.5=9, R.sub.6=7, R.sub.7=8, R.sub.8=3, R.sub.9=4,
R.sub.10=2, . . . The next residue of 2 appears at the 10th term
R.sub.10=2, hence the period k(11)=10. This period of 10 divides
exactly into p-1, that is,
k(p).vertline.(p-1).fwdarw.10.vertline.11-1. Thus the prime 11 is
said to be of -l type in T.sup.4 sequence.
[0048] There are no other possible patterns for prime modulo. (The
l type for composites will be shown in the following section
describing the primality testing algorithm.) In essence, this
unique characteristic of the T-sequences enables the primality of
any positive integer to be determined, since only those numbers
that are genuine primes can satisfy for appropriate l values
both
T.sub.p-l.sup.30 l.ident.l.sup.2-2, T.sup.+l.ident.l and
T.sub.p-1.sup.-l.ident.2, T.sub.p.sup.-l.ident.l (all mod p) .
[0049] Furthermore, this characteristic can also be used to do
general polynomial time factoring of composites.
[0050] Computing Using T-Sequences
[0051] Referring now to FIG. 1, a block diagram is shown of a
computing system, e.g., a prime number computing system, in which
T-sequences are used. The computing system includes one or more
processors, random-access memory, read-only (non-volative) memory,
and an I/O subsystem. The computing system is intended to be
representative of all classes of computing systems, large and
small, local or distributed. Within memory is stored a routine for
generating T-sequence terms. The results of this routine are used
by one or more other routines, e.g., a routine for primality
testing, a routine for factoring, a prime number generator, a
random number generator, etc. These routines find wide application,
especially in data security, e.g., securely encrypting data or, by
the opposite token, breaking a given encryption. The operation of
various ones of these routines will now be described.
[0052] Primality Testing
[0053] Given any positive integer n, the T.sup.3 sequence may be
used to perform primality testing (any other T.sup.l sequence will
do but T.sup.3 is convenient for use here). Using binary
decomposition and the above-mentioned methods, the residues are
computed 24 R n - 1 3 = T n - 1 3 ( mod n ) and R n 3 = T n 3 ( mod
n ) .
[0054] For n to be an eligible candidate for prime, the residues
have to be 25 R n - 1 3 = 2 or l 2 - 2 and R n 3 = 3.
[0055] Any n which does not give such residues can immediately be
declared composite.
[0056] As will be explained below, it can be seen readily that any
n with the last digit 1 or 9 will be of the -l type in T.sup.3,
whereas any n with the last digit 3 or 7 will be of the +l type in
T.sup.3.
[0057] A fast and general method to determine the l type of n in
T.sup.l (to be used in proving and determining the genuine
primality of n) is as follows. Given the values of any n and l,
divide n by the determinant 2l.sup.2-8 and obtain the small residue
r, that is n.ident.r (mod 2l.sup.231 8). It can be shown that the l
type of n is the same as that of r. Since r is so small, direct
computation of its residues in T.sup.l will readily give the l
type, knowing that by definition the l type is + when 26 R r - 1 l
= l 2 - 1 and R r l = l
[0058] (both mod r), and is - when 27 R r - 1 l = 2 and R r l =
l
[0059] (both mod r).
[0060] Note a few facts about the relationships between r and
l:
[0061] 1. The l type is always - whenever r=l.
[0062] 2. The small residue r must be coprime to the determinant,
that is (r, 2l.sup.2-8)=1. This means that whenever r is not
coprime to 2l.sup.2-8, that particular l value is not used.
[0063] 3. Besides r being coprime to the determinant, r needs to be
greater than the value of l. Otherwise that particular l value is
not used.
[0064] 4. The period k(r) must be greater than 2. When the period
is 1 or 2, that l value is not to be used.
[0065] 5. Applying the above identities and binary decomposition
methods to r will give 28 R r - 1 l and R r l .
[0066] Whenever 29 R r - 1 l 2 or l 2 - 2 and / or R r l l ,
[0067] that particular l value will not be used. When 30 R r - 1 l
= 2 or l 2 - 2 and R r l = l ,
[0068] that particular l value will be used.
[0069] 6. The +l type and the -l type occur in equal proportion
among all n and T.sup.l. It can be shown that one l with +l type
and another l with -l type can readily be found for any n.
[0070] For example, when n=31, l=3 observe that r=1 since 31 =1
(mod 2.multidot.3.sup.2-8=10). It is then known from the facts
above that 31 is of -l type in T.sup.3. On the other hand, when
n=37, l=3 observe that r=7 since 37=7 (mod
2.multidot.3.sup.2-8=10). The quantities 31 R 7 - 1 3 = 7 and R 7 3
= 3
[0071] (both mod 7) are then computed, from which it appears that 7
is of +l type in T.sup.3. Hence 37 is also of +l type in
T.sup.3.
[0072] To take another example, when n=31, l=4 observe that r=7
since 31=7 (mod 2.multidot.4.sup.2-8=24). Direct computations like
those mentioned above give 32 R 7 - 1 4 = 7 and R 7 4 = 4
[0073] (both mod 7). This shows that 7 is of +l type in T.sup.4 and
thus 31 must also be of +l type in T.sup.4. On the other hand, when
n=37, l=4 observe that r=13 since 37=13 (mod). Similar direct
computations give 33 R 13 - 1 4 = 2 and R 13 4 = 4
[0074] (both mod 13). This shows that 13 is -l of type in T.sup.4
and thus 37 must also be of -l type in T.sup.4. It is seen then
that 31 and 37 are of opposite l type in T.sup.3 and T.sup.4.
[0075] Note that these small r residue computations can be skipped
and the n residues computed directly for primality testing and
l-type decisions whenever r is indeterminate. The whole algorithm
will still be in polynomial time owing to binary decomposition,
which ensures that it is in polynomial time. The complexity is of
the order of (log.sub.2n).sup.3.
[0076] Referring now to FIG. 2, a fast primality testing routine
consists of the following three steps:
[0077] STEP A: For any given positive integer n, first use l=3.
From the above, determine the l type of n in T.sup.3, -l type for
last digit 1 or 9, +l type for last digit 3 or 7. Then compute the
two residues 34 R n - 1 3 = T n - 1 3 ( mod n ) and R n 3 = T n 3 (
mod n ) .
[0078] If either R.sub.n-1.sup.3.noteq.2 or 7 (=l.sup.2-2) and/or
R.sub.n.sup.3.noteq.3, then n can be declared to be composite and
the routine stops here.
[0079] Note that all composites which are not genuine primes or
pseudoprimes or proper cofactors of T.sup.3 will be detected and
sieved away in this STEP A.
[0080] If 35 R n - 1 3 = 2 or 7 ( = l 2 - 2 ) ( mod n ) and R n 3 =
3
[0081] (mod n)then proceed to STEP B below.
[0082] STEP B: This step performs a "greatest common factor
sieving" to sieve away certain pseudoprimes. For example, take a
composite n=1729=7 .times.13 .times.19 and l=4. The number 1729 is
a pseudoprime of T.sup.4 since 36 T 1729 4 = T 865 4 T 864 4 - T 1
4 = 914 821 - 4 = 4 ( mod 1729 ) T 865 4 = T 433 4 T 432 4 - T 1 4
= 641 1458 - 4 = 914 ( mod 1729 )
[0083] Take the odd term right below 37 T 1729 4 ,
[0084] that is 38 T 865 4 .
[0085] Since the residue is 914 (mod 1729), subtract from this
residue 39 T 0 4
[0086] giving 912. Using the Euclidean algorithm for the greatest
common factor (gcd), compute gcd (912, 1729)=19. This shows that
1729 is composite since 19 is one of its factors. (Computing gcd by
the Euclidean algorithm is useful in factoring.) In other words,
for n to be a candidate for prime, the odd term residue 40 R d
3
[0087] right under 41 R n 3
[0088] when 2 is subtracted must at least be coprime to n: gcd 42 (
R d l - 2 , n ) = 1.
[0089] STEP B still misses some pseudoprimes or cofactor composites
but when followed by STEP C, all possible exceptions in the form of
proper cofactors or pseudoprimes will be sieved away, leaving only
the genuine primes.
[0090] STEP C: Find an l which is of opposite l type to that in
STEP A in T.sup.3. If in STEP A the l type of n in T.sup.3 is-,
then in this STEP C, find an l for which the l type of n is + in
T.sup.l and vice versa. This can be determined readily through the
above-mentioned computations of small residue r or direct
computations of 43 T n - 1 l 2 or l 2 - 2 ( mod n ) and T n l l (
mod n )
[0091] If in STEP A T.sub.n-1.sup.3.ident.2 (mod n) and
T.sub.n.sup.3.ident.3 (mod n), that is, -l type, then if for
another l in which the l type of n in T.sup.l is opposite to that
in T.sup.3 it holds that T.sub.n-1.sup.l.ident.l.sup.2-2 (mod n)
and T.sub.n.sup.l=l (mod n), that is, +l type, it follows that n
must be a genuine prime. If the residues are not as just stated,
that n is declared to be composite. It is assured that, when n
satisfies these conditions, n must be a genuine prime, because for
any composite number, n=P.sub.1P.sub.2 say, it is impossible to
satisfy all + and - divisibility conditions:
P.sub.1-1l .vertline.n-1, P.sub.2-1.vertline.n-1,
P.sub.1+1.vertline.n+1, P.sub.2+1.vertline.n+1.
[0092] Only a genuine prime p can always satisfy these conditions
when n=p. This completes STEP C.
[0093] A variation of the foregoing algorithm uses the Jacobi to
avoid blind trials seeking for opposite l types. In particular,
taking JACOBI(l.sup.2 -4, n) gives the l type. One strategy is to
calculate the l types beginning with l=3 until the lowest values of
l having opposite types have been found.
[0094] Primality Testing--Summary. Following the above method of
computation ensures that this primality testing algorithm is 100%
general, deterministic, provable and polynomial-time. It runs as
follows:
[0095] The integer n is a genuine prime whenever n satisfies the
conditions in these three steps:
[0096] STEP A: 44 T n - 1 3 2 or 7 ( mod n ) and T n 3 3 ( mod n
)
[0097] STEP B: 45 gcd ( R d 3 - 2 , n ) = 1
[0098] STEP C: T.sub.n-1.sup.l.ident.2 or l.sup.2-2 (mod n) and
T.sub.n.sup.l.ident.l (mod n) where the l type of n in T.sup.l is
opposite to that in T.sup.3 as in STEP A.
[0099] Failing to satisfy any one or more of these conditions will
render n to be composite.
[0100] As may be seen from Table 1, the time and memory
requirements required to test the primality of integers is very
small compared to existing methods, and remains comparatively quite
small even when testing primality of integers of unprecedented
size.
2TABLE 1 450 Mhz PC Time Needed Memory Bits Digits Seconds Minutes
Hours Days MB 1,000 300 0.11 4.01 1,260 378 0.22 4.01 1,587 477
0.44 4.01 2,000 601 0.87 4.02 2,520 757 1.74 4.02 3,175 953 3.49
4.03 4,000 1,201 6.98 4.03 5,040 1,513 13.95 4.04 6,350 1,907 27.90
4.05 8,000 2,402 55.81 4.06 10,079 3,027 1.86 4.08 12,699 3,814
3.72 4.10 16,000 4,805 7.44 4.13 20,159 6,054 14.88 4.16 25,398
7,627 29.76 4.20 32,000 9,610 59.53 4.26 40,317 12,107 1.98 4.32
50,797 15,254 3.97 4.41 64,000 19,219 7.94 4.51 80,653 24,215 15.87
4.65 101,594 30,509 1.32 4.81 128,000 38,438 2.65 5.02
[0101] Polynomial-Time Factoring Routine
[0102] A promising and viable factoring method is also based on the
T-sequences. This method is unlike any previous method.
[0103] The T-sequences allow all forms of composites to be
factored, without exception, in polynomial time, simply because
binary decomposition modulo C is fundamentally polynomial time. So
far, mathematicians have only found exponential or sub-exponential
time factoring algorithms for composites less than 200 digits, in
general, and no polynomial-time factoring exists for even special
forms of composites like the Mersenne numbers 2.sup.M-1, etc. A
simple extension of the T sequences, however, immediately provides
just such a polynomial-time factoring algorithm PTFA) for numerous
special form composites with infinite membership.
[0104] The gist of this PTFA lies in the natural mathematical
interrelationships between the composite C=P.sub.1P.sub.2, periods
of its prime factors k(p.sub.1) and k(p.sub.2), residue r and order
l.
[0105] The periods of the prime factors with respect to l can only
take on the patterns p.sub.1-1, P.sub.1+1 and P.sub.2-1,P.sub.2+1.
Note that one can always flip the l type to change p-1 to p+1 and
vice versa by trying several pairs of l values.
[0106] The first important thing to take advantage of in PTFA is
that whenever the period residue r.sub.p lies close to p, it can
readily be factored. One numerical example will illustrate
this:
[0107] Take C=91(=7.times.13). The possible periods k(p.sub.1,2) of
7 and 13 are, for 7, 7-1=6, 7+1=8, and for 13, 13-1=12, 13+1=14.
When C=91 is divided respectively by each of these four
k(p.sub.1,2) the following period residue r.sub.p are obtained: 1,
3, 7, 7, obtained from 91=1 (mod 6), 91=3 (mod 8), 91 =7 (mod 12),
91=7 (mod 14). Note how small the period residue r.sub.p for the
prime factor 7 with the -l type is, namely only 1. This implies
that the factor 7 can be sieved out by taking the greatest common
factor this way: gcd(R.sub.91-1.sup.-l -2, 91) =7. When l=6, 7
takes on a -l type. So 46 T 91 6
[0108] mod 91 is first computed, which gives 76 as residue. Now 47
T 1 6 = 6 ,
[0109] =6, and 1 is the r.sub.p for 7 -1 in 48 T 91 6 .
[0110] Thus one is able to factor by taking gcd(76-6, 91)=7.
Likewise T.sub.90.sup.6=72 (mod 91), therefore one can again factor
by taking gcd(72-2, 91)=7 as shown above.
[0111] Whenever the periods p+1 or p-1 [match?] the composite C in
either the above straightforward way or a simple function like the
cubic polynomial below, factoring can always be performed by taking
gcd 49 ( R f ( C ) l 2 , C ) = one factor , here ,
[0112] -2 is used when the periods p+1 or p-1 divides exactly into
f(C) and +2 is used whenever f(C) divided by p+1 or p-1 gives a
residue of 50 p 1 2 ,
[0113] as is quite often the case. The expression 51 R m l
[0114] stands for 52 T m l
[0115] (mod C), where m can be any arbitrary term or a function of
the composite f(C) to be computed.
[0116] Again, to illustrate the this point, when +2 is added to 76
(the residue of T.sub.91 .sup.6 mod 91), factorization can be
performed by taking 53 gcd ( R 91 6 + 2 , 91 ) = gcd ( 76 + 2 , 91
) = 13 since 13 + 1 91 - 13 + 1 2 , i . e .14 91 - 7
[0117] There are numerous sets of composites that can be factored
readily because their factors' periods bear such a simple
relationship to C. For example, composites of the form
C=p[1+(p+1)(p+2)] can always be factored readily in this way:
[0118] gcd(R.sub.c+1.sup.+l-2, C)=p. For example, take p=11,
C=11(1+12.times.13)=11.times.157 =1727. By trials, quickly select a
particular l for which 11 is of the +l type. When l=5, 11 is indeed
of +l type. Thus one can compute (mod 1727)=R.sub.1728.sup.5=167
and can factor in this way: gcd(167-2, 1727)=I 11.
[0119] For C of the form p[1+(p-1)(p-2)] there results gcd 54 ( R C
- 1 - l - 2 , C ) = p ,
[0120] e.g., C=23(1+22.times.21)=23.times.43=10649, enabling the
following factorization: gcd 55 ( R 10649 - 1 - l - 2 , 10649 ) =
23.
[0121] Obviously, one can easily construct or find infinitely many
such composites to factor. In general for C=p[1+m(p+1)] where m is
any prime or composite, C can always be factored as follows:
gcd(R.sub.C+1.sup.+l-2, C)=p. For C=p[1+m(p -1)], simply take
gcd(R.sub.C-1.sup.-l-2, C)=p.
[0122] Furthermore, often the period of one prime factor of a
composite happens to divide into the other prime factor or factors
with a small enough residue, e.g., C=147149=37.times.41.times.94.
In this example, factoring begins by finding by trial that when C
has subtracted from it a small number 2, i.e., 147149-2, it gives
56 147147 = 41 + 1 2 ( mod 41 + 1 ) and also 147147 = 97 + 1 2 (
mod 97 + 1 ) .
[0123] Factorization then proceeds by taking
gcd(R.sub.C-2.sup.+l+2, C)=gcd 57 ( R 147147 + l + 2 , 147149 ) =
41 .times. 97.
[0124] Again it is obvious that there are infinitely many such
composites. Quite often too, when C is multiplied by a small
integer, the period of a certain factor can divide exactly into
this product of C by a small integer, allowing for ready
factorization, e.g., C=41.times.67=2747. Multiplying C by the small
integer 3 gives 2747.times.3=82441. Originally, 2747=27 (mod 41-1),
and 27 is too large a residue period to readily factor. However,
8241=1 (mod 41-1), and 1 is definitely small enough, leading to gcd
58 ( R 3 C - 1 - l - 2 , C ) = gcd ( R 8240 - l - 2 , 2747 ) =
41.
[0125] This constitutes another infinite set of composites that can
be factored in polynomial time through PTFA by a few trials.
[0126] A powerful and very general PTFA method results from taking
the cubic polynomial function of C to factor. It works as
follows:
[0127] f(C)=aC.sup.3.+-.bC.sup.2.+-.cC.sup.1.+-.d where 0
.ltoreq.a, b, c, d <4. The method tests all the possible
combinations; actually, there are basically just 497 combinations
that need to be computed for their respective T.sub.f(C).sup.+l
(mod c), because the foregoing expression can be rewritten as
f(C)=C(aC.sup.2.+-.bC.+-.c).+-.d, and since c and d will just be
integers taken consecutively, the computation lends itself to use
of the identity in T-sequences: 59 T n + 1 l = l T n l - T n - 1 l
.
[0128] Since 0 .ltoreq.a, b .ltoreq.4, and since when a=0, also b=0
and c=0 in some cases, the results is only
5.times.2.times.2.times.2.times.5-- 3=497 combinations basically.
Factorization is performed by taking gcd 60 ( R fC l 2 , C ) = one
factor ,
[0129] where f(C) stays positive. Two arbitrary examples will
illustrate. Take C=641.times.3469=2223629. Note
3 mod 640 mod 642 mod 3468 mod 3470 C.sup.1 269 383 641 2829
C.sup.2 41 313 1657 1421 C.sup.3 149 467 929 1749
[0130] Taking a=1, b=+3, c=-1 and d=-3, 641 can be factored out by
selecting one l for which 641 is of -l type such as l=3: since
22233629=269 (mod) there results
149+3.times.41-269-3=(269).sup.3+3(269).- sup.2-3
=(2223629).sup.3+3(2223629).sup.2-2223629 -3=f(C). Thus 641 can be
factored out as follows: gcd (R.sub.f(C).sup.3-2, C)=641.
[0131] As another arbitrary example, take
C=4567.times.0837=49492579. Note the fixed relationship between the
period residues of each prime factors, particularly when they are
the RSA form of two prime composites, e.g., when C=p.sub.1(mod
p.sub.2+1), where p.sub.2 is the larger prime and p.sub.1 is the
smaller prime factor. This is only one of the relationships that
have been found. Others abound, such as the 641 residue under mod
3468 above and also the 4567 residue under mod 10836 here.
4 mod 4566 mod 4568 mod 10836 mod 10838 49492579.sup.1 1705 2867
4567 6271 49492579.sup.2 3049 1857 9025 5177 49492579.sup.3 2437
2299 7867 5157
[0132] Again trials show that when a=3, b=-4, c=-3, d=-4,
4568.vertline.3C.sup.3-4C2 -3C-4=f(C). Thus a sieve action is
achieved by selecting one l for which 4567 carries +l type, e.g.,
l=3. Factorization is performed by taking gcd
(R.sub.3C.sub..sup.3.sub.-4C.sub..sup.2.sub.3C-
.sub..sup.2.sub.-3C-4.sup.3-2, C)=4567.
[0133] This formula can be linked to the fundamental Diophantine
Equation (p.+-.1).times.-R.sub.py=.+-.d where p and R.sub.p are
related by C=R.sub.p(mod p.+-.1). This kind of Diophantine Equation
is always solvable, e.g., in the previous example
640.times.3075-269.times.73167=+3- , giving much theoretical
strength to this formula. Also, this method bears a strikingly
close relationship to the elliptic curve method. It is general and
always polynomial time. No counterexamples have so far been found.
Also very effective are the above-mentioned small residue factoring
sieve as well as a quadratic polynomial factoring sieve not
described here. Composites of an arbitrary number of prime factors
can be handled and factored too. A 100% complete and efficient PTFA
should be based upon such a formula or similar one.
[0134] In addition to the above methods, other factoring methods
have been programmed and tested such as:
[0135] (A). 61 R n l = T n l
[0136] (mod n) is factored by taking a 62 ( R n l ) 2 bR n l c
[0137] (mod n). Taking the gcd of this relation minus 2 allows for
factoring. Here 1.ltoreq.a.ltoreq.4, -4.ltoreq.b, c.ltoreq.+4and
a.noteq.0. E.g., take 63 n = 3 17 - 1 2 = 64570081
[0138] (=1871.times.34511). Take 851=R, which comes from
64570081=851 (mod 1871-1) and 1870.vertline.2(851).sup.2+851-3
(=1870.times.775).Thus factorization can be performed by taking gcd
64 ( R 2 n 2 + n - 3 3 - 2 , n ) = 1871.
[0139] (B). Compute the four possible residues: (a) 65 R n l
[0140] (mod n), (b) 66 R n l
[0141] (mod 1-n), (c) 67 R l n l
[0142] (mod n) (d) 68 R l n l
[0143] (mod 1-n). Use the residues as "inputs" for one or more
layers of T-sequence modulo computation. Then factor by taking gcd
69 ( R l n R 1 4 R 1 4 f l 2 , n ) = one prime factor
[0144] E.g., take the composite n=2077.ident.31.times.67. Let
l.ident.3, l n .ident.3.times.2077.ident.6231. There result the
four Rs: 70 R 2077 3 719 ( mod 2077 ) ( a ) R 2077 3 2796 ( mod
6231 ) ( b ) R 6231 3 1190 ( mod 2077 ) ( c ) R 6231 3 3267 ( mod
6231 ) ( d )
[0145] When e=1, f=-1, l=+for 67, e.g., l=3 there results
1.times.2077+(3267-719)-1=4624=68.times.68.
[0146] Factor by taking gcd(R.sub.4624.sup.3-2, 2077) (2682-2,
2077)=67.
[0147] (C) Another method makes use of the recursive period pattern
of certain primes, e.g., n=2701=37.times.73. First compute
T.sub.2701.sup.3.ident.1239 (mod 2701), T.sub.2702.sup.3.ident.1749
(mod 2701). Square the larger, even term such as 2702 then subtract
2 (=T.sub.0), always (mod n), to compute the next even term. For
the odd term such as 2701, to compute the next odd term, multiply
the odd term by the larger even term and then subtract l, e.g., (1)
1239 (odd), 1749 (even)=(2) 806 (odd), 1467 (even), where
1239.times.1749-3=806 (mod 2701) and (1749).sup.2-2=1467 (mod
2701). Carry on these computations recursively until there emerges
a repetitive pattern. Then often factoring can be performed by
taking the gcd, e.g., gcd(806-3, 270)=73, also gcd(1467-7,
2701)=73.
[0148] (D) Whenever the ratio between the two factors of the
composite n is less than 2, one can always factor by adding or
subtracting from n by the nearest integer [{square root}{square
root over (4n-4)}], whereupon the residue (mod p.+-.1) is zero or
just 1 away from p+1 or p-1, e.g., 37.times.43=1591 and 71 43 39 =
1.1621 < 2.
[0149] Compute [{square root}{square root over
(4.multidot.1591-4)}]=80 and 1591-80=1511. By finding l such as l=4
where 37 is -l type but not 43, factorization is made possible by
taking 1511+1=0 (mod 37-1), i.e., gcd (R.sub.1591 -[{square
root}{square root over (4.multidot.1591-4)}]+1-- 2,1591)=37. There
are again infinite number of composites with this convenient
property, or the factors can be made to lie close in size to one
another by simply multiplying the composite by a suitable small
integer.
[0150] Factoring--Summary. T-sequences are closely tied in to
factoring. There have been described several very promising
polynomial-time factoring methods. The cubic polynomial PTFA seems
to work the best, but other lines of attack are feasible too.
[0151] Prime Number Formula. Traditionally, a prime number formula
(which has never been found) has always had these requirements:
[0152] 1) It always gives a prime number for each integer input
n=1, 2, 3, 4, . . .
[0153] 2) It is constructive, i.e., the formula can always be
computed to give prime numbers. For example, Mills' formula p=[hd
A.sup.3.sup..sup.n] gives no clue how to compute a precise value
for A and is therefore not constructive.
[0154] 3) It is forthright, i.e., it takes little time to readily
compute the prime number. For example, for the polynomial equation
ax.sup.2+bx+c=0, the formula 72 x = - b b 2 - 4 a c 2 a
[0155] is forthright in that it gives the roots readily.
[0156] On the face of it, these requirements seem natural enough.
Seekers of prime number formula have always exerted their best
efforts to find a prime number formula that satisfies these three
requirements. The continuing failure to find such a prime number
formula has caused many researchers to conclude no such formula
exists.
[0157] While it appears doubtful that a prime number formula of
this type can be constructed, upon reflection, it may be seen that
the third requirement is inconsistent with the very definition of
prime numbers, namely that they cannot be divided exactly by any
other numbers other than themselves and 1. The implication is that
the primality of a positive integer n needs to be determined by a
legitimate polynomial-time primality testing algorithm. Whether n
is prime or composite cannot be ascertained right away. Rather, n
must be tested for primality. A prime number formula which is
supposed to generate primes and not composites also needs to obey
such a fundamental requirement.
[0158] Now redefine a prime number formula as one that satisfies
the three requirements:
[0159] 1) It always gives a prime number for each integer input
n=1, 2, 3, . . .
[0160] 2) It is always constructive.
[0161] 3) It possesses polynomial-time complexity.
[0162] Since a prime number formula is in essence one version of a
primality testing algorithm; whereas the traditional formulation of
a prime number formula is an NP problem, the foregoing formulation
recast the problem such that NP.fwdarw.P.
[0163] A new prime number formula of the type described may be
arrived at by making use of a revised version of the Fortune
Conjecture, i.e., P.sub.i+1-P.sub.1P.sub.2P.sub.3. . . Pi is always
a prime. This can be shown to be equivalent to the conjecture that
the smallest gap between two consecutive primes P.sub.i+1, and
P.sub.i is (lnP.sub.ilnlnP.sub.i).s- up.2. If this gap is
simplified to ln.sup.2P.sub.i, then following Euclid's celebrated
proof for the infinity of prime numbers, one can easily show that
Fortune Conjecture is equivalent to this smallest gap conjecture.
The validity of these two conjectures are well substantiated
empirically as well as theoretically. It is known that the maximum
gap between two consecutive primes must be rounded by the order of
lnP.sub.i. Any such logarithmic gap will do just fine for the
following prime number formula gap or range:
g=(lnP.sub.1.sup.aP.sub.2.sup.b. . . P.sub.i.sup.x).sup.2.
According to Fortune/Smallest Gap Conjecture there is at least one
prime between Q and Q+g. The method therefore needs to compute only
these sums: Q+P.sub.i+1, Q+P.sub.i+2, . . . Q+P.sub.j, where
P.sub.j is the largest prime smaller than g. There is at least one
prime among these sums, and by applying the primality testing
method described previously, the primality of each sum can be
determined rapidly. Actually, it is also useful to compute the
differences: Q-P.sub.i+1, Q-P.sub.i+2, . . . Q-P.sub.j. It turns
out that practically all such differences give not just one but
many primes within the range.
[0164] One numerical example illustrates this formula clearly: Let
P.sub.1=2, P.sub.2=3, P.sub.3=5, and a=2, b=1, x=2. Then
Q=P.sub.1.sup.aP.sub.2.sup.bP.sub.3.sup.x=22.sup.2.multidot.3.multidot.5.-
sup.2=300, (ln300).sup.2.apprxeq.32.5. That means there is a need
to compute only these numbers 300.+-.7, 300.+-.11, 300.+-.13,
300.+-.17, 300.+-.19, 300.+-.23, 300.+-.29, 300.+-.31. (The numbers
300.+-.1 are not computed here). Among these 16 numbers, the
foregoing primality testing algorithm or a similar algorithm
enables us to sieve out 11 prime numbers. The conjecture tells us
that there are at least two primes. The method obtains 11 out of
16; this is a high yield of primes. In fact, even for big numbers
this formula or sieve will still yield large quantities of primes
consistently, with an estimated or 36.78% of the sums and
differences being prime. One condition which must be observed at
all times is that lnP.sub.1.sup.aP.sub.2.sup.b. . .P.sub.i.sup.x
must always be smaller than the next prime after P.sub.i, that is
P.sub.i+1.
[0165] One can also add or subtract a large product with a small
product e.g. 2.sup.2.multidot.3.multidot.5.sup.2=300 and
2.sup.2.multidot.3.sup.2- =36, giving 300+36=336. The smallest gap
in this case will be determined by (In 36).sup.2=12.84. Among the
differences 336-5=331 is found to be prime, in line with the
conjecture. In short the possible number of candidates for primes
can always be minimized so that the greatest number of composites
is filtered out beforehand.
[0166] Note that Q +P.sub.i can always be arranged in such a way
that will best minimize the number of computations needed to sieve
out all the primes in any given range. E.g., there is a relatively
large gap between 114 and 127. Computing 2.multidot.3
.sup.23.sup.2.multidot.5 +2.sup.3.multidot.3 =114 would require
computation of 114+5, 7, 11, 13, i.e., four steps too many.
Instead, choose 2.sup.3.multidot.3.multidot.5=- 120 which allows
computation of the immediate primes as 120+7=127 and 120-7=113.
This gives all primes within that range readily while skipping all
the composite candidates simultaneously. In fact, using a few
trials and checks beforehand, one can always manage to optimize the
yield of primes within the range efficiently. Large primes can then
be chunked out much faster and consistently, all the time based on
this prime number sieving algorithm.
[0167] This approach makes it possible to compute a large prime.
This formula, along with adding or subtracting suitable sums or
differences, will readily generate many other primes around this
large prime.
[0168] Random Number Generator
[0169] Mathematically a good random number generator (RNG) should
be infinitely non-periodic, such that no generated number can be
deduced from any previous number. Of course, statistical tests like
the chi-square test can be applied to ensure that all digits are
distributed 100% randomly with no bias whatsoever. Admittedly, if
only math is concerned, a fixed input will always yield a fixed
output. Only physical systems like the quantum mechanical systems
can give "dynamically genuine" random numbers. Coupling these two
notions together, it is possible to construct a powerful and
convenient RNG.
[0170] First, note the fact that the last digits of all primes,
except 2 and 5, can only be 1, 3, 7 and 9. They are distributed
absolutely randomly among the infinite set of positive integers.
The very definition of prime number demands this, since prime
numbers can only be divided exactly by 1 and themselves. Thus by
taking the last digits only and ignoring the trivial 2 and 5, from
the prime set 3, 7, 11, 13, 17, 19, 23, 29, 31, etc., one obtains
the random digits 3, 7, 1, 3, 7, 9, 3, 9, 1, 7, 1, 3, 7, 3, 9, 1,
7, 1, 3, 9, 3, 9, 7 for primes from 3 to 97. These digits form an
infinite set, and no digit can be derived from the previous or
succeeding ones. Each one of the four digits appears 25% of the
time. Above all, they are absolutely non-periodic.
[0171] The prime-number formula based on the T-sequence
polynomial-time primality testing algorithm provides infinitely
many variations of these random prime digits, e.g., take
2.times.3.times.5.times.7.times.=210. Based on the formula
presented previously, add or subtract all the primes between
7<11 and 47<7.sup.2, to test each sum or difference for
primality. From the seed 210 onward one obtains the sums +1, +11,
+13, +17, . . . +47 which give this set of random digits: 1, 3, 7,
9, 3, 9, 1, 1, 7 from 211 to 257. The differences -1, -11, -13,
-17, . . . -47 give another set of random digits: 9, 7, 3, 1, 1, 9,
3, 3, 7, 3 from 199 back to 163. Of course, the foregoing primality
testing algorithm can be used generate an abundance of large primes
such as cannot be generated in any other way.
[0172] Since the seeds such as 2.multidot.3.multidot.5 or
2.sup.2.multidot.3.sup.2.multidot.5.multidot.7, etc. can be varied
in infinitely many ways, the set of last prime digits can also be
generated and arranged in all sorts of arbitrary ways. The seeds
can be added or subtracted in any which way too. Without a complete
knowledge of the exact seeds and their mathematical operations, no
one can reproduce or deduce this type of random digits of the
primes. These random digits of primes behave in just as chaotic
fashion as the physical subatomic particles in their distribution.
Therefore this method can conveniently generate any length of
random digits or numbers desired to use in mathematical research or
industrial simulation. This generator of random digits can be
implemented easily and efficiently in both hardware and software.
Conventional RNGs such as linear or non-linear feedback shift
registers always carry period patterns which are inherent.
Non-periodicity is inherent in the foregoing random prime digit
generator.
[0173] This RNG can also be easily modified into a simple but
innovative cipher: a function F.sub.1, (such as transposition,
shuffling, etc.) that operates on the last prime digit and another
function F.sub.2 that computes and determines the seeds are both
kept secret. F.sub.2 is coupled to a simple but chaotic physical
system such as dice-throwing, radioactive matter, etc., for the
first random input as seeds. The functions F.sub.2 and F.sub.1 are
used to generate a truly random string of digits such as 9, 7, 3,
1, 1, 9, 3, 3, 7, 3, 1, 3, 7, 9, 3, 9, 1, 1, 7. This string of
random digits can be used as a one-time pad for encryption. The
receiver who is informed only of the starting seeds (from the
physical system input) can decrypt the ciphertext to obtain the
plaintext since he also possesses F.sub.1, and F.sub.2 as well as
the relevant table of primes like the sender. As long as F.sub.1
and F.sub.2 are kept secret, no eavesdropper can decrypt the
ciphertext. The cipher can even be timed accordingly so that the
functions F.sub.1 and F.sub.2 change according to time changes or
context changes. In any event, math theory about primes guarantees
that the string of random digits thus generated are absolutely
chaotic. No fixed inter-relationship can be derived from among
themselves.
[0174] It will be appreciated by those of ordinary skill in the art
that the invention can be embodied in other specific forms without
departing from the spirit or essential character thereof. The
presently disclosed embodiments are therefore considered in all
respects to be illustrative and not restrictive. The scope of the
invention is indicated by the appended claims rather than the
foregoing description, and all changes which come within the
meaning and range of equivalents thereof are intended to be
embraced therein.
* * * * *