CS 70
Discrete Mathematics for CS
Fall 2004
Rao
Lecture 6
In this lecture we shall discuss the (complexitytheoretic) divide between two very similar problems: the
problem of primality testing (i.e., of determining whether a given number is prime) and the problem of
factoring (i.e., of finding a nontrivial divisor of a composite number). The difference in the difficulty of
these two problems is the foundation upon which the RSA cryptosystem is built, and in the next lecture we
will describe RSA in some detail.
1
Primality
We are studying the complexity of two connected, numbertheoretic problems:
P
RIMALITY
Given an integer
x
, is it a prime?
F
ACTORING
Given an integer
x
, what are its prime factors?
Obviously, P
RIMALITY
cannot be harder than F
ACTORING
, since, if we knew how to factor, we would
definitely know how to test for primality. What is surprising and fundamental —and the basis of modern
cryptography— is that P
RIMALITY
is easy while
F
ACTORING
is hard!
As we know, P
RIMALITY
can be trivially solved in
O
(
x
)
time —in fact, we need only test factors up to
√
x
. But, of course, these are both exponential algorithms —exponential in the number
n
of bits of
x
, which
is the more accurate and meaningful measure of the size of the problem (seen this way, the running times
of the algorithms become
O
(
2
n
)
and
O
(
2
n
/
2
)
, respectively). In fact, pursuing this line (testing fewer and
fewer factors) will get us nowhere: Since F
ACTORING
is hard, our only hope for finding a fast P
RIMALITY
algorithm is to look for an algorithm that decides whether
n
is prime without discovering a factor of
n
in
case the answer is “no.”
We describe such an algorithm next. This algorithm is based on the following fact about exponentiation
This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
This is the end of the preview.
Sign up
to
access the rest of the document.
 Spring '05
 HUANG
 Prime number, Carmichael, Prime number theorem, P RIMALITY

Click to edit the document details