AKS primality test

The AKS primality test, developed by Indian computer scientists Manindra Agrawal, Neeraj Kayal, and Nitin Saxena from IIT Kanpur, is a groundbreaking algorithm that determines whether a number is prime or composite in polynomial time. Unlike earlier methods, it does not rely on unproven mathematical theories such as the Riemann hypothesis or complex analysis, making it the first deterministic primality test with a complete, self-contained proof.

Published in 2002 under the title PRIMES is in P, the algorithm solved a decades-old problem in computational complexity. For this breakthrough, the trio earned the Gödel Prize and Fulkerson Prize in 2006, two of the highest honors in theoretical computer science.

The AKS test’s significance lies in its efficiency and mathematical purity, offering a definitive answer to primality without probabilistic guesswork or external conjectures. It remains a landmark achievement in India’s growing contributions to global computer science.

Importance[edit]

AKS is the first primality-proving algorithm to be simultaneously general, polynomial-time, deterministic, and unconditionally correct. Previous algorithms had been developed for centuries and achieved three of these properties at most, but not all four.

The AKS algorithm can be used to verify the primality of any general number given. Many fast primality tests are known that work only for numbers with certain properties. For example, the Lucas–Lehmer test works only for Mersenne numbers, while Pépin's test can be applied to Fermat numbers only.
The maximum running time of the algorithm can be bounded by a polynomial over the number of digits in the target number. ECPP and APR conclusively prove or disprove that a given number is prime, but are not known to have polynomial time bounds for all inputs.
The algorithm is guaranteed to distinguish deterministically whether the target number is prime or composite. Randomized tests, such as Miller–Rabin and Baillie–PSW, can test any given number for primality in polynomial time, but are known to produce only a probabilistic result.
The correctness of AKS is not conditional on any subsidiary unproven hypothesis. In contrast, Miller's version of the Miller–Rabin test is fully deterministic and runs in polynomial time over all inputs, but its correctness depends on the truth of the yet-unproven generalized Riemann hypothesis.

While the algorithm is of immense theoretical importance, it is not used in practice, rendering it a galactic algorithm. For 64-bit inputs, the Baillie–PSW test is deterministic and runs many orders of magnitude faster. For larger inputs, the performance of the (also unconditionally correct) ECPP and APR tests is far superior to AKS. Additionally, ECPP can output a primality certificate that allows independent and rapid verification of the results, which is not possible with the AKS algorithm.

Concepts[edit]

The AKS primality test is based upon the following theorem: Given an integer Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n\ge 2} and integer Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle a} coprime to Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} , Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is prime if and only if the polynomial congruence relation Template:NumBlk holds within the polynomial ring Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (\mathbb Z/n\mathbb Z)[X]} .^[1] Note that Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle X} denotes the indeterminate which generates this polynomial ring.

This theorem is a generalisation to polynomials of Fermat's little theorem. In one direction it can easily be proven using the binomial theorem together with the following property of the binomial coefficient:

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle {n \choose k} \equiv 0 \pmod{n}} for all Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle 0<k<n} if Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is prime.

While the relation (Template:EquationNote) constitutes a primality test in itself, verifying it takes exponential time: the brute force approach would require the expansion of the Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (X + a)^n} polynomial and a reduction Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \pmod{n}} of the resulting Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n + 1} coefficients.

The congruence is an equality in the polynomial ring Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (\mathbb Z/n\mathbb Z)[X]} . Evaluating in a quotient ring of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (\mathbb Z/n\mathbb Z)[X]} creates an upper bound for the degree of the polynomials involved. The AKS evaluates the equality in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle (\mathbb Z/n\mathbb Z)[X]/(X^r -1)} , making the computational complexity dependent on the size of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle r} . For clarity,^[1] this is expressed as the congruence Template:NumBlk which is the same as: Template:NumBlk for some polynomials Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle f} and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle g} .

Note that all primes satisfy this relation (choosing Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle g=0} in (Template:EquationNote) gives (Template:EquationNote), which holds for Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} prime). This congruence can be checked in polynomial time when Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle r} is polynomial to the digits of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} . The AKS algorithm evaluates this congruence for a large set of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle a} values, whose size is polynomial to the digits of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} . The proof of validity of the AKS algorithm shows that one can find an Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle r} and a set of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle a} values with the above properties such that if the congruences hold then Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} is a power of a prime.^[1]

History and running time[edit]

In the first version of the above-cited paper, the authors proved the asymptotic time complexity of the algorithm to be Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^{12})} (using Õ from big O notation)—the twelfth power of the number of digits in n times a factor that is polylogarithmic in the number of digits. However, this upper bound was rather loose; a widely-held conjecture about the distribution of the Sophie Germain primes would, if true, immediately cut the worst case down to Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^6)} .

In the months following the discovery, new variants appeared (Lenstra 2002, Pomerance 2002, Berrizbeitia 2002, Cheng 2003, Bernstein 2003a/b, Lenstra and Pomerance 2003), which improved the speed of computation greatly. Owing to the existence of the many variants, Crandall and Papadopoulos refer to the "AKS-class" of algorithms in their scientific paper "On the implementation of AKS-class primality tests", published in March 2003.

In response to some of these variants, and to other feedback, the paper "PRIMES is in P" was updated with a new formulation of the AKS algorithm and of its proof of correctness. (This version was eventually published in Annals of Mathematics.) While the basic idea remained the same, r was chosen in a new manner, and the proof of correctness was more coherently organized. The new proof relied almost exclusively on the behavior of cyclotomic polynomials over finite fields. The new upper bound on time complexity was Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^{10.5})} , later reduced using additional results from sieve theory to Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^{7.5})} .

In 2005, Pomerance and Lenstra demonstrated a variant of AKS that runs in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^{6})} operations,^[2] leading to another updated version of the paper.^[3] Agrawal, Kayal and Saxena proposed a variant which would run in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \tilde{O}(\log(n)^{3})} if Agrawal's conjecture were true; however, a heuristic argument by Pomerance and Lenstra suggested that it is probably false.

The algorithm[edit]

The algorithm is as follows:^[1]

Input: integer

n > 1

.

Check if n is a perfect power: if $n = a b$ for integers $a > 1$ and $b > 1$ , then output composite.
Find the smallest r such that $ord r (n) > (log 2 n) 2$ . If r and n are not coprime, then output composite.
For all 2 ≤ a ≤ min (r, n−1), check that a does not divide n: If a|n for some 2 ≤ a ≤ min (r, n−1), then output composite.
If n ≤ r, then output prime.
For $a = 1$ to Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \left\lfloor \sqrt{\varphi(r)}\log_2(n) \right\rfloor} do
if (X+a)ⁿ ≠ Xⁿ+a (mod X^r − 1,n), then output composite;
Output prime.

Here ord_r(n) is the multiplicative order of n modulo r, log₂ is the binary logarithm, and Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \varphi(r)} is Euler's totient function of r.

Step 3 is shown in the paper as checking 1 < gcd(a,n) < n for all a ≤ r. It can be seen this is equivalent to trial division up to r, which can be done very efficiently without using gcd. Similarly the comparison in step 4 can be replaced by having the trial division return prime once it has checked all values up to and including Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \left\lfloor \sqrt{n} \right\rfloor.}

Once beyond very small inputs, step 5 dominates the time taken. The essential reduction in complexity (from exponential to polynomial) is achieved by performing all calculations in the finite ring

Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle R = (\mathbb Z/n\mathbb Z)[X]/(X^r -1)}

consisting of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n^r} elements. This ring contains only the Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle r} monomials Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \{X^0,X^1,\ldots,X^{r-1}\} } , and the coefficients are in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb Z/n\mathbb Z} which has Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle n} elements, all of them codable within Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \log_2(n)} bits.

Most later improvements made to the algorithm have concentrated on reducing the size of r, which makes the core operation in step 5 faster, and in reducing the size of s, the number of loops performed in step 5.^[4] Typically these changes do not change the computational complexity, but can lead to many orders of magnitude less time taken; for example, Bernstein's final version has a theoretical speedup by a factor of over 2 million.

Proof of validity outline[edit]

For the algorithm to be correct, all steps that identify n must be correct. Steps 1, 3, and 4 are trivially correct, since they are based on direct tests of the divisibility of n. Step 5 is also correct: since (2) is true for any choice of a coprime to n and r if n is prime, an inequality means that n must be composite.

The difficult part of the proof is showing that step 6 is true. Its proof of correctness is based on the upper and lower bounds of a multiplicative group in Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{Z}_{n}[x]} constructed from the (X + a) binomials that are tested in step 5. Step 4 guarantees that these binomials are Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \left\lfloor \sqrt{\varphi(r)}\log_2(n) \right\rfloor} distinct elements of Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \mathbb{Z}_n[x]} . For the particular choice of r, the bounds produce a contradiction unless n is prime or a power of a prime. Together with the test of step 1, this implies that n is always prime at step 6.^[1]

Example 1: n = 31 is prime[edit]

   Input: integer n = 31 > 1.

   (* Step 1 *)
   If (n = a^b for integers a > 1 and b > 1), 
     output composite.
     For ( b = 2; b <= log₂(n); b++) {
       a = n^1/b;
       If (a is integer), 
         Return[Composite]
     }
     a = n^1/2...n^1/4 = {5.568, 3.141, 2.360}

   (* Step 2 *)
   Find the smallest r such that O_r(n) > (log₂ n)².
     maxk = ⌊(log₂ n)²⌋;
     maxr = Max[3, ⌈(Log₂ n)⁵⌉]; (* maxr really isn't needed *)
     nextR = True;
     For (r = 2; nextR && r < maxr; r++) {
       nextR = False;
       For (k = 1; (!nextR) && k ≤ maxk; k++) {
         nextR = (Mod[n^k, r] == 1 || Mod[n^k, r]==0)
       }
     }
     r--; (*the loop over increments by one*)
      
     r = 29

   (* Step 3 *)
   If (1 < gcd(a,n) < n for some a ≤ r), 
     output composite.
     For (a = r; a > 1; a--) {
       If ((gcd = GCD[a,n]) > 1 && gcd < n), 
         Return[Composite]
     }
      
     gcd = {GCD(29,31)=1, GCD(28,31)=1, ..., GCD(2,31)=1} ≯ 1

   (* Step 4 *)
   If (n ≤ r), 
     output prime.
     If (n ≤ r), 
       Return[Prime] (* this step may be omitted if n > 5690034 *)
      
     31 > 29
   
   (* Step 5 *)
   For a = 1 to Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \left\lfloor\sqrt{\varphi(r)}\log_2(n)\right\rfloor}
 do
     If ((X+a)ⁿ ≠ Xⁿ + a (mod X^r − 1,n)), 
       output composite;
      
     φ[x_] := EulerPhi[x];
     PolyModulo[f_] := PolynomialMod[PolynomialRemainder[f, x^r-1, x], n];
     max = Floor[Log[2, n]Template:Sqrt];
     For (a = 1; a ≤ max; a++) {
       If (PolyModulo[(x+a)ⁿ - PolynomialRemainder[xⁿ+a, x^r-1], x] ≠ 0) {
         Return[Composite]
       {
     }
      
     (x+a)³¹ =
       a³¹ +31a³⁰x +465a²⁹x² +4495a²⁸x³ +31465a²⁷x⁴ +169911a²⁶x⁵ +736281a²⁵x⁶ +2629575a²⁴x⁷ +7888725a²³x⁸ +20160075a²²x⁹ +44352165a²¹x¹⁰ +84672315a²⁰x¹¹ +141120525a¹⁹x¹² +206253075a¹⁸x¹³ +265182525a¹⁷x¹⁴ +300540195a¹⁶x¹⁵ +300540195a¹⁵x¹⁶ +265182525a¹⁴x¹⁷ +206253075a¹³x¹⁸ +141120525a¹²x¹⁹ +84672315a¹¹x²⁰ +44352165a¹⁰x²¹ +20160075a⁹x²² +7888725a⁸x²³ +2629575a⁷x²⁴ +736281a⁶x²⁵ +169911a⁵x²⁶ +31465a⁴x²⁷ +4495a³x²⁸ +465a²x²⁹ +31ax³⁰ +x³¹
      
     PolynomialRemainder [(x+a)³¹, x²⁹-1] =
       465a² +a³¹ +(31a+31a³⁰)x +(1+465a²⁹)x² +4495a²⁸x³ +31465a²⁷x⁴ +169911a²⁶x⁵ +736281a²⁵x⁶ +2629575a²⁴x⁷ +7888725a²³x⁸ +20160075a²²x⁹ +44352165a²¹x¹⁰ +84672315a²⁰x¹¹ +141120525a¹⁹x¹² +206253075a¹⁸x¹³ +265182525a¹⁷x¹⁴ +300540195a¹⁶x¹⁵ +300540195a¹⁵x¹⁶ +265182525a¹⁴x¹⁷ +206253075a¹³x¹⁸ +141120525a¹²x¹⁹ +84672315a¹¹x²⁰ +44352165a¹⁰x²¹ +20160075a⁹x²² +7888725a⁸x²³ +2629575a⁷x²⁴ +736281a⁶x²⁵ +169911a⁵x²⁶ +31465a⁴x²⁷ +4495a³x²⁸
      
     (Template:EquationRef) PolynomialMod [PolynomialRemainder [(x+a)³¹, x²⁹-1], 31] = a³¹+x²
      
     (Template:EquationRef) PolynomialRemainder [x³¹+a, x²⁹-1] = a+x²
      
     (Template:EquationNote) - (Template:EquationNote) = a³¹+x² - (a+x²) = a³¹-a
      
     Failed to parse (SVG (MathML can be enabled via browser plugin): Invalid response ("Math extension cannot connect to Restbase.") from server "https://wikimedia.org/api/rest_v1/":): {\displaystyle \max = \left\lfloor\log_2 (31) \sqrt{\varphi(29)} \right\rfloor = 26}

      
     {1³¹-1 = 0 (mod 31), 2³¹-2 = 0 (mod 31), 3³¹-3 = 0 (mod 31), ..., 26³¹-26 = 0 (mod 31)}
   
   (* Step 6 *)
   Output prime.
     31 Must be Prime

Where PolynomialMod is a term-wise modulo reduction of the polynomial. e.g. PolynomialMod[x+2x²+3x³, 3] = x+2x²+0x³

^[5]

References[edit]

↑ ^1.0 ^1.1 ^1.2 ^1.3 ^1.4 Cite error: Invalid <ref> tag; no text was provided for refs named AKS
↑ H. W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods", preliminary version July 20, 2005.
↑ H. W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods Archived 2012-02-25 at the Wayback Machine", version of April 12, 2011.
↑ Daniel J. Bernstein, "Proving Primality After Agrawal-Kayal-Saxena", version of January 25, 2003.
↑ See AKS Talk page for a discussion on why 'Example 2: n is not Prime past Step 4' is missing.

[AKS-1] 1.0 ^1.1 ^1.2 ^1.3 ^1.4 Cite error: Invalid <ref> tag; no text was provided for refs named AKS

[lenstra_pomerance_2005-2] H. W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods", preliminary version July 20, 2005.

[lenstra_pomerance_2011-3] H. W. Lenstra Jr. and Carl Pomerance, "Primality testing with Gaussian periods Archived 2012-02-25 at the Wayback Machine", version of April 12, 2011.

[bernstein03-4] Daniel J. Bernstein, "Proving Primality After Agrawal-Kayal-Saxena", version of January 25, 2003.

[5] See AKS Talk page for a discussion on why 'Example 2: n is not Prime past Step 4' is missing.

[1]

[2]

[3]

[4]

[5]