{
"cells": [
{
"cell_type": "markdown",
"metadata": {},
"source": [
"# Part 5: Modular arithmetic and primality testing"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Python, like most programming languages, comes with a \"mod operation\" `%` to compute remainders. This makes basic modular arithmetic straightforward. The more interesting aspects -- from the standpoint of programming and number theory -- arise in **algorithms** related to modular arithmetic. Here we focus on Pingala's algorithm, a method for computing exponents based on an ancient method for enumerating poetic meters. We analyze the **expected performance** of this algorithm using Python's `timeit` function for timing and `randint` function to randomize input parameters. We also see how the performance depends on the number of **bits** of the input parameters. In this way, we gently introduce some practical and theoretical issues in computer science.\n",
"\n",
"We apply this algorithm to implement the Miller-Rabin primality test. This test can very quickly determine (probabilistically) whether a large (hundreds or thousands of digits!) number is prime. Our implementation is deterministic for smaller (under 64 bits) numbers. This programming tutorial complements Chapters 5 and 6 of [An Illustrated Theory of Numbers](http://illustratedtheoryofnumbers.com/index.html). \n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Table of Contents\n",
"\n",
"- [Calculations in modular arithmetic](#modcalc)\n",
"- [The Miller-Rabin Primality Test](#millerrabin)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## Calculations in modular arithmetic"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### The mod (%) operator\n",
"\n",
"For basic modular arithmetic, one can use Python's \"mod operator\" `%` to obtain remainders. There is a conceptual difference between the \"mod\" of computer programming and the \"mod\" of number theorists. In computer programming, \"mod\" is typically the operator which outputs the remainder after division. So for a computer scientist, \"23 mod 5 = 3\", because 3 is the remainder after dividing 23 by 5.\n",
"\n",
"Number theorists (starting with Gauss) take a radical conceptual shift. A number theorist would write $23 \\equiv 3$ mod $5$, to say that 23 is **congruent** to 3 modulo 5. In this sense \"mod 5\" (standing for \"modulo 5\") is a [prepositional phrase](https://www.economist.com/blogs/johnson/2012/08/grammar), describing the \"modular world\" in which 23 is the same as (\"congruent to\") 3.\n",
"\n",
"To connect these perspectives, we would say that the computer scientist's statement \"23 mod 5 = 3\" gives the **natural representative** 3 for the number 23 in the mathematician's \"ring of integers mod 5\". (Here \"ring\" is a term from abstract algebra.)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"23 % 5 # What is the remainder after dividing 23 by 5? What is the natural representative of 23 modulo 5?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The miracle that makes modular arithmetic work is that the end-result of a computation \"mod m\" is not changed if one works \"mod m\" along the way. At least this is true if the computation only involves **addition, subtraction, and multiplication**."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"((17 + 38) * (105 - 193)) % 13 # Do a bunch of stuff, then take the representative modulo 13."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"(((17%13) + (38%13)) * ((105%13) - (193%13)) ) % 13 # Working modulo 13 along the way."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"It might seem tedious to carry out this \"reduction mod m\" at every step along the way. But the advantage is that you never have to work with numbers much bigger than the modulus (m) if you can reduce modulo m at each step.\n",
"\n",
"For example, consider the following computation."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"(3**999) % 1000 # What are the last 3 digits of 3 raised to the 999 power?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The result will probably have the letter \"L\" at the end, indicating that Python switched into \"long-integer\" mode along the way. Indeed, the computation asked Python to *first* raise 3 to the 999 power (a big number!) and then compute the remainder after division by 1000 (the last 3 digits).\n",
"\n",
"But what if we could reduce modulo 1000 at every step? Then, as Python multiplies terms, it will never have to multiply numbers bigger than 1000. Here is a brute-force implementation."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"P = 1 # The \"running product\" starts at 1.\n",
"for i in range(999): # We repeat the following line 999 times, as i traverses the list [0,1,...,998].\n",
" P = (P * 3)%1000 # We reduce modulo 1000 along the way!\n",
"print P"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The result of this computation should *not* have the letter \"L\" at the end, because Python never had to work with long integers. Computations with long integers are time-consuming, and unnecessary if you only care about the result of a computation modulo a small number m."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Performance analysis\n",
"\n",
"The above loop works quickly, but it is far from optimal. Let's carry out some **performance analysis** by writing two `powermod` functions."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def powermod_1(base, exponent, modulus): # The naive approach.\n",
" return (base**exponent) % modulus "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def powermod_2(base, exponent, modulus):\n",
" P = 1 # Start the running product at 1.\n",
" e = 0\n",
" while e < exponent: # The while loop saves memory, relative to a for loop, by avoiding the storage of a list.\n",
" P = (P * base) % modulus\n",
" e = e + 1\n",
" return P"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Now let's compare the performance of these two functions. It's also good to double check the code in `powermod_2` and run it to check the results. The reason is that loops like the `while` loop above are classic sources of [Off by One Errors](https://en.wikipedia.org/wiki/Off-by-one_error). Should `e` start at zero or one? Should the while loop have the condition `e < exponent` or `e <= exponent`? One has to unravel the loop carefully to be completely certain, and testing is a necessity to avoid bugs!\n",
"\n",
"We can compare the performance of the two functions with identical input parameters below."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit powermod_1(3,999,1000)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit powermod_2(3,999,1000)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The second `powermod` function was probably much slower, even though we reduced the size of the numbers along the way. But perhaps we just chose some input parameters (3,999,1000) which were inconvenient for the second function. To compare the performance of the two functions, it would be useful to try many different inputs.\n",
"\n",
"For this, we use Python's timeit features in a different way. Above we used the \"magic\" `%timeit` to time a line of code. The magic command `%timeit` is convenient but limited in flexibility. Here we use a larger Python `timeit` package which we import (as `TI`) and demonstrate below."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"import timeit as TI"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"TI.timeit('powermod_1(3,999,1000)', \"from __main__ import powermod_1\", number=10000)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"TI.timeit('powermod_2(3,999,1000)', \"from __main__ import powermod_2\", number=10000)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The syntax of the timeit *function* is a bit challenging. The first parameter is the Python code which we are timing (as a string), in this case `powermod_*(3,999,1000)`. The second parameter probably looks strange. It exists because the timeit function sets up a little isolation chamber to run the code -- within this isolation chamber, it only knows standard Python commands and not the new functions you've created. So you have to *import* your functions (`powermod_1` or `powermod_2`) into its isolation box. Where are these imported from? They are contained in `__main__` which is the location of all of your other code. Finally, the third parameter `number` is the number of times the timeit function will repeat the code (by default, this might be a large number like 1000000). \n",
"\n",
"The output of the timeit function is a *float*, which represents the number of seconds taken for *all* of the repetitions. Contrast this with the timeit magic, which found the average. So you need to divide by the `number` parameter (10000 in the above examples) to find the average time taken."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Using the timeit *function*, we can compare the performance of the two `powermod` functions on multiple inputs, wrapping the whole comparison process in a bigger function. We choose our inputs *randomly* in order to estimate the **expected performance** of our functions. To choose random inputs, Python has a package aptly called random."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"from random import randint # randint chooses random integers."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"print \"My number is \",randint(1,10) # Run this line many times over to see what happens!"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The `randint(a,b)` command chooses a random integer between `a` and `b`, inclusive! Unlike the `range(a,b)` command which iterates from `a` to `b-1`, the `randint` command includes both `a` and `b` as possibilities. The following lines iterate the `randint(1,10)` and keep track of how often each output occurs. The resulting *frequency distribution* should be nearly flat, i.e., each number between 1 and 10 should occur about 10% of the time."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"Freq = {1:0, 2:0, 3:0, 4:0, 5:0, 6:0, 7:0, 8:0, 9:0, 10:0} # We prefer a dictionary here.\n",
"for t in range(10000):\n",
" n = randint(1,10) # Choose a random number between 1 and 10.\n",
" Freq[n] = Freq[n] + 1\n",
"\n",
"print Freq"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"For fun, and as a template for other explorations, we plot the frequencies in a histogram. "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%matplotlib inline\n",
"import matplotlib.pyplot as plt\n",
"plt.bar(Freq.keys(), Freq.values()) # The keys 1,...,10 are used as bins. The values are used as bar heights.\n",
"plt.show()"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Putting together the `randint` function and the `timeit` function, we can compare the performance of `powermod_1` and `powermod_2` when given random inputs."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"time_1 = 0 # Tracking the time taken by the powermod_1 function.\n",
"time_2 = 0 # Tracking the time taken by the powermod_2 function.\n",
"for t in range(1000): # One thousand samples are taken!\n",
" base = randint(10,99) # A random 2-digit base.\n",
" exponent = randint(1000,1999) # A random 3-digit exponent.\n",
" modulus = randint(1000,1999) # A random 3-digit modulus.\n",
" \n",
" # Note in the lines below that we have to import the functions powermod_1, powermod_2 and \n",
" # the variables base, exponent, modulus, into the isolation chamber used by timeit.\n",
" # We set number=10 to allow 10 trials of each function on each sample input.\n",
" # We do a head-to-head comparison of the two functions on the same inputs!\n",
" # Note that when the lines get too long in Python, you can press / to start a new line.\n",
" # Python will ignore the line break. Just keep things indented for clarity.\n",
" \n",
" time_1 = time_1 + TI.timeit('powermod_1(base,exponent,modulus)', \n",
" \"from __main__ import powermod_1, base, exponent, modulus\", number=10)\n",
" time_2 = time_2 + TI.timeit('powermod_2(base,exponent,modulus)', \n",
" \"from __main__ import powermod_2, base, exponent, modulus\", number=10)\n",
" \n",
"print \"powermod_1 took %f seconds.\"%(time_1)\n",
"print \"powermod_2 took %f seconds.\"%(time_2) # Which is faster?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Now we can be pretty sure that the `powermod_1` function is faster (perhaps by a factor of 8-10) than the `powermod_2` function we designed. At least, this is the case for inputs in the 2-3 digit range that we sampled. But why? We reduced the complexity of the calculation by using the mod operation `%` throughout. Here are a few issues one might suspect.\n",
"\n",
"1. The mod operation itself takes a bit of time. Maybe that time added up in `powermod_2`?\n",
"2. The Python power operation `**` is highly optimized already, and outperforms our while loop.\n",
"3. We used more multiplications than necessary."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"It turns out that the mod operation is extremely fast... as in *nanoseconds* (billionths of a second) fast."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit 1238712 % 1237"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"So the speed difference is not due to the number of mod operations. But the other issues are relevant. The Python developers have worked hard to make it run fast -- built-in operations like `**` will almost certainly be faster than any function that you write with a loop in Python. The developers have written programs in the **C programming language** (typically) to implement operations like `**` (see the [CPython implementation](https://hg.python.org/cpython/file/c7163a7f7cd2/Python/bltinmodule.c#l1505), if you wish); their programs have been **compiled** into **machine code** -- the basic sets of instructions that your computer understands (and that are not meant for people to understand). When you call a built-in operation like `**`, Python just tells your computer to run the developers' optimized and **precompiled** machine code... this is very fast! When you run your own loop, Python is basically converting the code to machine code \"on the fly\" and this is slower.\n",
"\n",
"Still, it is unfortunate to use long integers if you ask Python to compute `(3**999) % 1000`. The good news is that such modular exponents are so frequently used that the Python developers have a built-in operation: the `pow` function.\n",
"\n",
"The `pow` function has two versions. The simplest version `pow(b,e)` raises `b` to the `e` power. It is the same as computing `b ** e`. But it also has a modular version! The command `pow(b,e,m)` raises `b` to the `e` modulo `m`, efficiently reducing modulo `m` along the way."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(3,999) # A long number."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(3,999,1000) # Note that there's no L at the end!"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(3,999) % 1000 # The old way"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit pow(3,999,1000)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit pow(3,999) % 1000"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The `pow(b,e,m)` command should give a significant speedup, as compared to the `pow(b,e)` command. Remember that `ns` stands for nanoseconds!\n",
"\n",
"Exponentiation runs so quickly because not only is Python reducing modulo `m` along the way, it is performing a surprisingly small number of multiplications. In our loop approach, we computed $3^{999}$ by multiplying repeatedly. There were 999 multiplications! But consider this carefully -- did we need to perform so many multiplications? Can you compute $3^{999}$ with far fewer multiplications? What if you can place results in memory along the way? \n",
"\n",
"In the next section, we study a very efficient **algorithm** for computing such exponents. The goal in designing a good algorithm is to create something which runs **quickly**, minimizes the need for **memory**, and runs reliably for all the necessary input values. Often there are trade-offs between speed and memory usage, but our exponentiation algorithm will be excellent in both respects. The ideas go back to [Pingala](https://en.wikipedia.org/wiki/Pingala), an Indian mathematician of the 2nd or 3rd century BCE, who developed his ideas to enumerate possible poetic meters (arrangements of long and short syllables into verses of a given length). \n",
"\n",
"You may wonder why it is necessary to learn the algorithm at all, if Python has an optimized algorithm built into its `pow` command. First, it is interesting! But also, we will need to understand the algorithm in finer detail to implement the Miller-Rabin test: a way of quickly testing whether very large numbers are prime."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Exercises\n",
"\n",
"1. Adapt the `solve_LDE` function from [PwNT Notebook 2](http://illustratedtheoryofnumbers.com/prog.html#notebooks), in order to write a function `modular_inverse(a,m)` which computes the multiplicative inverse of `a` modulo `m` (if they are coprime).\n",
"\n",
"2. Use the `timeit` and `randint` functions to investigate how the speed of the command `pow(a,e,m)` depends on how many digits the numbers `a`, `e`, and `m` have. Note that `randint(10**(d-1), 10**d - 1)` will produce a random integer with `d` digits. If you hold two of these variables fixed, consider how the time changes as the third variable is changed. \n",
"\n",
"3. Imagine that you are going to compute $3^{100}$ by multiplying positive integers together. If each multiplication operation costs 1 dollar, how much money do you need to spend? You can assume that **remembering** previously computed numbers is free. What if it costs 1 dollar each time you need to place a number into memory or recover a number from memory? What is the cheapest way to compute $3^{100}$?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
""
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"## The Miller-Rabin primality test\n",
"\n",
"### Fermat's Little Theorem and the ROO property of primes\n",
"\n",
"Fermat's Little Theorem states that if $p$ is a prime number, and $GCD(a,p) = 1$, then $$a^{p-1} \\equiv 1 \\text{ mod } p.$$\n",
"Under the assumptions above, if we ask Python to compute `(a**(p-1))%p`, or even better, `pow(a,p-1,p)`, the result should be 1. We use and refine this idea to develop a powerful and practical primality test. Let's begin with a few checks of Fermat's Little Theorem."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(3,36,37) # a = 3, p = 37, p-1 = 36"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(17,100,101) # 101 is prime."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(303, 100, 101) # Why won't we get 1?"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(5,90,91) # What's the answer?"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(7,12318, 12319) # What's the answer?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"We can learn something from the previous two examples. Namely, 91 and 12319 are **not** prime numbers. We say that 7 **witnesses** the non-primality of 12319. Moreover, we learned this fact without actually finding a factor of 12319! Indeed, the factors of 12319 are 97 and 127, which have no relationship to the \"witness\" 7.\n",
"\n",
"In this way, Fermat's Little Theorem -- a statement about prime numbers -- can be turned into a way of discovering that numbers are not prime. After all, if $p$ is not prime, then what are the chances that $a^{p-1} \\equiv 1$ mod $p$ by coincidence? "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow(3,90,91)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Well, ok. Sometimes coincidences happen. We say that 3 is a **bad witness** for 91, since 91 is not prime, but $3^{90} \\equiv 1$ mod $91$. But we could try multiple bases (witnesses). We can expect that someone (some base) will witness the nonprimality. Indeed, for the non-prime 91 there are many good witnesses (ones that detect the nonprimality)."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"for witness in range(1,20):\n",
" flt = pow(witness, 90, 91)\n",
" if flt == 1:\n",
" print \"%d is a bad witness.\"%(witness)\n",
" else:\n",
" print \"%d raised to the 90th power equals %d, mod 91\"%(witness, flt)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"For some numbers -- the [Carmichael numbers](https://en.wikipedia.org/wiki/Carmichael_number) -- there are more bad witnesses than good witnesses. For example, take the Carmichael number 41041, which is not prime ($41041 = 7 \\cdot 11 \\cdot 13 \\cdot 41$). "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"for witness in range(1,20):\n",
" flt = pow(witness, 41040, 41041)\n",
" if flt == 1:\n",
" print \"%d is a bad witness.\"%(witness)\n",
" else:\n",
" print \"%d raised to the 41040th power equals %d, mod 41041\"%(witness, flt)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"For Carmichael numbers, it turns out that finding a good witness is just as difficult as finding a factor. Although Carmichael numbers are rare, they demonstrate that Fermat's Little Theorem by itself is not a great way to be certain of primality. Effectively, Fermat's Little Theorem can often be used to quickly prove that a number **is not prime**... but it is not so good if we want to be sure that a number **is prime**."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The Miller-Rabin primality test will refine the Fermat's Little Theorem test, by cleverly taking advantage of another property of prime numbers. We call this the ROO (Roots Of One) property: if $p$ is a prime number, and $x^2 \\equiv 1$ mod $p$, then $x \\equiv 1$ or $x \\equiv -1$ mod $p$."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"for x in range(41): \n",
" if x*x % 41 == 1:\n",
" print \"%d squared is congruent to 1, mod 41.\"%(x) # What numbers do you think will be printed?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Note that we use \"natural representatives\" when doing modular arithmetic in Python. So the only numbers whose square is 1 mod 41 are 1 and 40. (Note that 40 is the natural representative of -1, mod 41). If we consider the \"square roots of 1\" with a composite modulus, we find more (as long as the modulus has at least two odd prime factors)."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"for x in range(91):\n",
" if x*x % 91 == 1:\n",
" print \"%d squared is congruent to 1, mod 91.\"%(x) # What numbers do you think will be printed?"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"We have described two properties of prime numbers, and therefore two possible indicators that a number is not prime.\n",
"\n",
"1. If $p$ is a number which violates Fermat's Little Theorem, then $p$ is not prime.\n",
"\n",
"2. If $p$ is a number which violates the ROO property, then $p$ is not prime.\n",
"\n",
"The Miller Rabin test will combine these indicators. But first we have to introduce an ancient algorithm for exponentiation."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Pingala's exponentiation algorithm"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"If we wish to compute $5^{90}$ mod $91$, without the `pow` command, we don't have to carry out 90 multiplications. Instead, we carry out **Pingala's algorithm**. To understand this algorithm, we begin with the desired exponent (e.g. $e=90$), and carry out a series of steps: replace $e$ by $e/2$ if $e$ is even, and replace $e$ by $(e-1) / 2$ if $e$ is odd. Repeat this until the exponent is decreased to zero. The following function carries out this process on any input $e$."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def Pingala(e):\n",
" current_number = e\n",
" while current_number > 0:\n",
" if current_number%2 == 0:\n",
" current_number = current_number / 2\n",
" print \"Exponent %d BIT 0\"%(current_number)\n",
" if current_number%2 == 1:\n",
" current_number = (current_number - 1) / 2\n",
" print \"Exponent %d BIT 1\"%(current_number)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"Pingala(90)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The codes \"BIT 1\" and \"BIT 0\" tell us what happened at each step, and allow the process to be reversed. In a line with BIT 0, the exponent gets **doubled** as one goes **up** one line (e.g., from 11 to 22). In a line with BIT 1, the exponent gets **doubled then increased by 1** as one goes **up** one line (e.g., from 2 to 5).\n",
"\n",
"We can use these BIT codes in order to compute an exponent. Below, we follow the BIT codes to compute $5^{90}$."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"n = 1 # This is where we start.\n",
"n = n*n * 5 # BIT 1 is interpreted as square-then-multiply-by-5, since the exponent is doubled then increased by 1.\n",
"n = n*n # BIT 0 is interpreted as squaring, since the exponent is doubled.\n",
"n = n*n * 5 # BIT 1\n",
"n = n*n * 5 # BIT 1 again.\n",
"n = n*n # BIT 0\n",
"n = n*n * 5 # BIT 1\n",
"n = n*n # BIT 0"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"print n # What we just computed.\n",
"print 5**90 # I hope these match!!"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Note that along the way, we carried out 11 multiplications (count the `*` symbols), and didn't have to remember too many numbers along the way. So this process was efficient in both time and memory. We just followed the BIT code. The number of multiplications is bounded by twice the number of BITs, since each BIT requires at most two multiplications (squaring then multiplication by 5) to execute.\n",
"\n",
"Why did we call the code a BIT code? It's because the code consists precisely of the bits (binary digits) of the exponent 90! Since computers store numbers in binary, the computer \"knows\" the BIT code as soon as it knows the exponent. In Python, the `bin` command recovers the binary expansion of a number."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"bin(90) # Compare this to the sequence of bits, from bottom up."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Python outputs binary expansions as strings, beginning with `'0b'`. To summarize, we can compute an exponent like $b^e$ by the following process:\n",
"\n",
"**Pingala's Exponentiation Algorithm**\n",
"\n",
"1. Set the number to 1.\n",
"\n",
"2. Read the bits of $e$, from left to right. \n",
" a. When the bit is zero, square the number. \n",
" b. When the bit is one, square the number, then multiply by $b$.\n",
" \n",
"3. Output the number."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def pow_Pingala(base,exponent):\n",
" result = 1\n",
" bitstring = bin(exponent)[2:] # Chop off the '0b' part of the binary expansion of exponent\n",
" for bit in bitstring: # Iterates through the \"letters\" of the string. Here the letters are '0' or '1'.\n",
" if bit == '0':\n",
" result = result*result\n",
" if bit == '1':\n",
" result = result*result * base\n",
" return result"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"pow_Pingala(5,90)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"It is straightforward to modify Pingala's algorithm to compute exponents in modular arithmetic. Just reduce along the way."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"def powmod_Pingala(base,exponent,modulus):\n",
" result = 1\n",
" bitstring = bin(exponent)[2:] # Chop off the '0b' part of the binary expansion of exponent\n",
" for bit in bitstring: # Iterates through the \"letters\" of the string. Here the letters are '0' or '1'.\n",
" if bit == '0':\n",
" result = (result*result) % modulus \n",
" if bit == '1':\n",
" result = (result*result * base) % modulus\n",
" return result"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"powmod_Pingala(5,90,91)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Let's compare the performance of our new modular exponentiation algorithm."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit powmod_Pingala(3,999,1000) # Pingala's algorithm, modding along the way."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit powermod_1(3,999,1000) # Raise to the power, then mod, using Python built-in exponents."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit powermod_2(3,999,1000) # Multiply 999 times, modding along the way."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit pow(3,999,1000) # Use the Python built-in modular exponent."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The fully built-in modular exponentiation `pow(b,e,m)` command is probably the fastest. But our implementation of Pingala's algorithm isn't bad -- it probably beats the simple `(b**e) % m` command (in the `powermod_1` function), and it's certainly faster than our naive loop in `powermod_2`. "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"One can quantify the efficiency of these algorithms by analyzing how the **time** depends on the **size** of the input parameters. For the sake of exposition, let us keep the base and modulus constant, and consider how the time varies with the size of the exponent.\n",
"\n",
"As a function of the exponent $e$, our `powmod_Pingala` algorithm required some number of multiplications, bounded by twice the number of bits of $e$. The number of bits of $e$ is approximately $\\log_2(e)$. The size of the numbers multiplied is bounded by the size of the (constant) modulus. In this way, the time taken by the `powmod_Pingala` algorithm should be $O(\\log(e))$, meaning bounded by a constant times the logarithm of the exponent.\n",
"\n",
"Contrast this with the slow `powermod_2` algorithm, which performs $e$ multiplications, and has thus has runtime $O(e)$."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### The Miller-Rabin test"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Pingala's algorithm is effective for computing exponents, in ordinary arithmetic or in modular arithmetic. In this way, we can look for violations of Fermat's Little Theorem as before, to find witnesses to non-primality. But if we look more closely at the algorithm... we can sometimes find violations of the ROO property of primes. This strengthens the primality test.\n",
"\n",
"To see this, we create out a \"verbose\" version of Pingala's algorithm for modular exponentiation."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def powmod_verbose(base, exponent, modulus):\n",
" result = 1\n",
" print \"Computing %d raised to %d, modulo %d.\"%(base, exponent, modulus)\n",
" print \"The current number is %d\"%(result)\n",
" bitstring = bin(exponent)[2:] # Chop off the '0b' part of the binary expansion of exponent\n",
" for bit in bitstring: # Iterates through the \"letters\" of the string. Here the letters are '0' or '1'.\n",
" sq_result = result*result % modulus # We need to compute this in any case.\n",
" if bit == '0':\n",
" print \"BIT 0: %d squared is congruent to %d, mod %d\"%(result, sq_result, modulus)\n",
" result = sq_result \n",
" if bit == '1':\n",
" newresult = (sq_result * base) % modulus\n",
" print \"BIT 1: %d squared times %d is congruent to %d, mod %d\"%(result, base, newresult, modulus)\n",
" result = newresult\n",
" return result"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"powmod_verbose(2,560,561) # 561 is a Carmichael number."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The function has displayed every step in Pingala's algorithm. The final result is that $2^{560} \\equiv 1$ mod $561$. So in this sense, $2$ is a bad witness. For $561$ is not prime (3 is a factor), but it does not violate Fermat's Little Theorem when $2$ is the base.\n",
"\n",
"But within the verbose output above, there is a violation of the ROO property. The penultimate line states that \"67 squared is congruent to 1, mod 561\". But if 561 were prime, only 1 and 560 are square roots of 1. Hence this penultimate line implies that 561 is not prime (again, without finding a factor!). \n",
"\n",
"This underlies the Miller-Rabin test. We carry out Pingala's exponentiation algorithm to compute $b^{p-1}$ modulo $p$. If we find a violation of ROO along the way, then the test number $p$ is not prime. And if, at the end, the computation does not yield $1$, we have found a Fermat's Little Theorem (FLT) violation, and the test number $p$ is not prime.\n",
"\n",
"The function below implements the Miller-Rabin test on a number $p$, using a given base."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": true
},
"outputs": [],
"source": [
"def Miller_Rabin(p, base):\n",
" '''\n",
" Tests whether p is prime, using the given base.\n",
" The result False implies that p is definitely not prime.\n",
" The result True implies that p **might** be prime.\n",
" It is not a perfect test!\n",
" '''\n",
" result = 1\n",
" exponent = p-1\n",
" modulus = p\n",
" bitstring = bin(exponent)[2:] # Chop off the '0b' part of the binary expansion of exponent\n",
" for bit in bitstring: # Iterates through the \"letters\" of the string. Here the letters are '0' or '1'.\n",
" sq_result = result*result % modulus # We need to compute this in any case.\n",
" if sq_result == 1:\n",
" if (result != 1) and (result != exponent): # Note that exponent is congruent to -1, mod p.\n",
" return False # a ROO violation occurred, so p is not prime\n",
" if bit == '0':\n",
" result = sq_result \n",
" if bit == '1':\n",
" result = (sq_result * base) % modulus\n",
" if result != 1:\n",
" return False # a FLT violation occurred, so p is not prime.\n",
" \n",
" return True # If we made it this far, no violation occurred and p might be prime."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
" Miller_Rabin(101,6)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"How good is the Miller-Rabin test? Will this modest improvement (looking for ROO violations) improve the reliability of witnesses? Let's see how many witnesses observe the nonprimality of 41041."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false,
"scrolled": true
},
"outputs": [],
"source": [
"for witness in range(2,20):\n",
" MR = Miller_Rabin(41041, witness) # \n",
" if MR: \n",
" print \"%d is a bad witness.\"%(witness)\n",
" else:\n",
" print \"%d detects that 41041 is not prime.\"%(witness)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"In fact, one can prove that at least 3/4 of the witnesses will detect the non-primality of any non-prime. Thus, if you keep on asking witnesses at random, your chances of detecting non-primality increase exponentially! In fact, the witness 2 suffices to check whether any number is prime or not up to 2047. In other words, if $p < 2047$, then $p$ is prime if and only if `Miller_Rabin(p,2)` is `True`. Just using the witnesses 2 and 3 suffice to check primality for numbers up to a million (1373653, to be precise, according to [Wikipedia](https://en.wikipedia.org/wiki/Miller%E2%80%93Rabin_primality_test).)\n",
"\n",
"The general strategy behind the Miller-Rabin test then is to use just a few witnesses for smallish potential primes (say, up to $2^{64}$). For larger numbers, try some number $x$ (like 20 or 50) random bases. If the tested number **is** composite, then the probability of all witnesses reporting `True` is is less than $1 / 4^x$. With 50 random witnesses, the chance that a composite number tests as prime is less than $10^{-30}$. "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Note that these are statements about **conditional probability**. In more formal language,\n",
"$$\\text{Prob} \\left( \\text{tests prime} \\ \\vert \\ \\text{ is composite} \\right) < \\frac{1}{4^{\\# \\text{witnesses} } }.$$\n",
"As those who study medical testing know, this probability differs from the probability that most people care about: the probability that a number is prime, given that it tests prime. The relationship between the two probabilities is given by Bayes Theorem, and depends on the **prevalence** of primes among the sample. If our sample consists of numbers of absolute value about $N$, then the prevalence of primes will be about $1 / \\log(N)$, and the probability of primality given a positive test result can be approximated. \n",
"$$\\text{Prob} \\left( \\text{ is prime } \\ \\vert \\ \\text{ tests prime } \\right) > 1 - \\frac{\\log(N) - 1}{4^{\\# \\text{witnesses}}}.$$\n",
"As one chooses more witnesses, this probability becomes extremely close to $1$."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"from mpmath import *\n",
"# The mpmath package allows us to compute with arbitrary precision!\n",
"# It has specialized functions for log, sin, exp, etc.., with arbitrary precision.\n",
"# It is probably installed with your version of Python.\n",
"\n",
"def prob_prime(N, witnesses):\n",
" '''\n",
" Conservatively estimates the probability of primality, given a positive test result.\n",
" N is an approximation of the size of the tested number.\n",
" witnesses is the number of witnesses.\n",
" '''\n",
" mp.dps = witnesses # mp.dps is the number of digits of precision. We adapt this as needed for input.\n",
" prob_prime = 1 - (log(N) - 1) / (4**witnesses)\n",
" print str(100*prob_prime)+\"% chance of primality\" # Use str to convert mpmath float to string for printing."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"prob_prime(10**100, 50) # Chance of primality with 50 witnesses, if a 100-digit number is tested."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"We implement the Miller-Rabin test for primality in the `is_prime` function below."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"def is_prime(p, witnesses=50): # witnesses is a parameter with a default value.\n",
" '''\n",
" Tests whether a positive integer p is prime.\n",
" For p < 2^64, the test is deterministic, using known good witnesses.\n",
" Good witnesses come from a table at Wikipedia's article on the Miller-Rabin test,\n",
" based on research by Pomerance, Selfridge and Wagstaff, Jaeschke, Jiang and Deng.\n",
" For larger p, a number (by default, 50) of witnesses are chosen at random.\n",
" '''\n",
" if (p%2 == 0): # Might as well take care of even numbers at the outset!\n",
" if p == 2:\n",
" return True\n",
" else:\n",
" return False \n",
" \n",
" if p > 2**64: # We use the probabilistic test for large p.\n",
" trial = 0\n",
" while trial < witnesses:\n",
" trial = trial + 1\n",
" witness = randint(2,p-2) # A good range for possible witnesses\n",
" if Miller_Rabin(p,witness) == False:\n",
" return False\n",
" return True\n",
" \n",
" else: # We use a determinisic test for p <= 2**64.\n",
" verdict = Miller_Rabin(p,2)\n",
" if p < 2047:\n",
" return verdict # The witness 2 suffices.\n",
" verdict = verdict and Miller_Rabin(p,3)\n",
" if p < 1373653:\n",
" return verdict # The witnesses 2 and 3 suffice.\n",
" verdict = verdict and Miller_Rabin(p,5)\n",
" if p < 25326001:\n",
" return verdict # The witnesses 2,3,5 suffice.\n",
" verdict = verdict and Miller_Rabin(p,7)\n",
" if p < 3215031751:\n",
" return verdict # The witnesses 2,3,5,7 suffice.\n",
" verdict = verdict and Miller_Rabin(p,11)\n",
" if p < 2152302898747:\n",
" return verdict # The witnesses 2,3,5,7,11 suffice.\n",
" verdict = verdict and Miller_Rabin(p,13)\n",
" if p < 3474749660383:\n",
" return verdict # The witnesses 2,3,5,7,11,13 suffice.\n",
" verdict = verdict and Miller_Rabin(p,17)\n",
" if p < 341550071728321:\n",
" return verdict # The witnesses 2,3,5,7,11,17 suffice.\n",
" verdict = verdict and Miller_Rabin(p,19) and Miller_Rabin(p,23)\n",
" if p < 3825123056546413051:\n",
" return verdict # The witnesses 2,3,5,7,11,17,19,23 suffice.\n",
" verdict = verdict and Miller_Rabin(p,29) and Miller_Rabin(p,31) and Miller_Rabin(p,37)\n",
" return verdict # The witnesses 2,3,5,7,11,17,19,23,29,31,37 suffice for testing up to 2^64. \n",
" "
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"is_prime(1000000000000066600000000000001) # This is Belphegor's prime."
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"How fast is our new `is_prime` function? Let's give it a try."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit is_prime(234987928347928347928347928734987398792837491)"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"%timeit is_prime(1000000000000066600000000000001)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"The results will probably on the order of a millisecond, perhaps even a tenth of a millisecond ($10^{-4}$ seconds) for non-primes! That's much faster than looking for factors, for numbers of this size. In this way, we can test primality of numbers of hundreds of digits!\n",
"\n",
"For an application, let's find some Mersenne primes. Recall that a Mersenne prime is a prime of the form $2^p - 1$. Note that when $2^p - 1$ is prime, it must be the case that $p$ is a prime too. We will quickly find the Mersenne primes with $p$ up to 1000 below!"
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {
"collapsed": false
},
"outputs": [],
"source": [
"for p in range(1,1000):\n",
" if is_prime(p): # We only need to check these p.\n",
" M = 2**p - 1 # A candidate for a Mersenne prime.\n",
" if is_prime(M):\n",
" print \"2^%d - 1 = %d is a Mersenne prime.\"%(p,M)"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Exercises\n",
"\n",
"1. Recall that if $2^p - 1$ is a Mersenne prime, then Euclid proved that $(2^p - 1) \\cdot 2^{p-1}$ is a perfect number. Find all the (even) perfect numbers up to $2^{1000}$. (Note: nobody has ever found an odd perfect number. All even perfect numbers arise from Mersenne primes by Euclid's recipe.)\n",
"\n",
"2. The Fermat sequence is the sequence of numbers 3, 5, 257, 65537, etc., of the form $2^{2^n} + 1$ for $n \\geq 0$. Test the primality of these numbers for $n$ up to 10.\n",
"\n",
"3. Why do you think the is_prime function (using Miller-Rabin) runs more quickly on non-primes than it does on primes?\n",
"\n",
"4. Compare the performance of the new `is_prime` function to \"trial division\" (looking for factors up to the square root of the test number). Which is faster for small numbers (1-digit, 2-digits, 3-digits, etc.)? Adapt the `is_prime` function to perform trial division for small numbers in order to optimize performance. \n",
"\n",
"5. Estimate the probability that a randomly chosen 10-digit number is prime, by running is_prime on a large number of samples. How does this probability vary as the number of digits increases (e.g., from 10 digits to 11 digits to 12 digits, etc., onto 20 digits)? "
]
}
],
"metadata": {
"kernelspec": {
"display_name": "Python 2",
"language": "python",
"name": "python2"
},
"language_info": {
"codemirror_mode": {
"name": "ipython",
"version": 2
},
"file_extension": ".py",
"mimetype": "text/x-python",
"name": "python",
"nbconvert_exporter": "python",
"pygments_lexer": "ipython2",
"version": "2.7.13"
}
},
"nbformat": 4,
"nbformat_minor": 0
}