6.s897 Algebra and Computation Lecture 12

Given an n-bit integer N , output YES if n is prime and NO otherwise. This is one of the most basic questions about numbers, with the following history. • By definition Prime ∈ coNP, because the prime decomposition is a short certificate for a number that is not prime. • [Pratt'75] showed that Prime ∈ NP. The Pratt certificate of a number N being prime, is by looking at all prime factor q of N − 1 (which will be proved recursively), and giving some a such that a (N −1)/q ≡ 1 (mod N) for all such q's. This proof is of length polylogN. • The subsequent discoveries by [Solovay-Strassen'70s] [Miller-Rabin'70s] put Prime in coRP. This algorithm uses the fact that if there exists some a, k such that a 2k ≡ 1 (mod n) but a k ≡ ±1 (mod n) then N is composite. Moreover, the probabilistic algorithm picks a at random, and with > 1/2 probability there will be some k satisfying such compositeness criterion if N is composite. • [Goldwassar-Killian'86] [Adleman-Huang'87] used algebraic (elliptic curve) techniques and proved that Prime ∈ RP. Lemma 1 For all a such that (a, N) = 1,