US 20020099746 A1 Abstract Using a new mathematical technique called the T-sequence, the inventor has discovered a powerful primality testing method that meets all four conditions above. A similar approach can be applied to perform fast factoring for numerous special cases, a method that can, in all liklihood, be extended to the general case, making possible a general and fast factoring algorithm. (Researchers heretofore have been able to factor only in sub-exponential time, never in polynomial time.) The same T-sequence can be used to construct a prime number formula (long sought after but never achieved) and a good random number generator. The former can be used to generate infinitely many prime numbers of any size efficiently, and the latter can generate non-periodic and absolutely chaotic random numbers. These aft numbers are widely used in all areas of industrial and scientific simulations. In general, the T-sequence can be used to handle efficiently the fundamental problems concerning prime numbers (which include primality testing, factoring, prime number formula, infinite-pattern prime problem, etc.).
Claims(8) 1. A computer-implemented method, comprising:
determining at least one element of a non-montonic sequence, the non-montonic sequence being one of a family of related non-montonic sequences; using at least said element, determining at least one property of a number; and depending on said property, taking an action the effect of which is to enhance or degrade data security within a computer system or network. 2. The method of 3. The method of 4. The method of 5. A prime number generator, comprising:
means for generating candidate numbers by forming at least one of sums and differences of a given number and a series of prime numbers; and means for deterministically evaluating primality of each of the candidate numbers in polynomial time. 6. The apparatus of 7. The apparatus of 8. A random number generator, comprising:
means for determining a seed number; means for forming at least one of sums and differences of the seed number and a series of prime numbers; and means for outputting last digits of the series of prime numbers to produce a set of random digits. Description [0001] 1. Field of the Invention [0002] The present invention relates to prime and composite number computing and applications of the same, e.g., in the area of data security. [0003] 2. State of the Art [0004] Prime numbers (2, 3, 5, 7, 11, 13, . . ., those positive integers divisible only by themselves or 1) are the most fundamental building blocks of math, and with the invention of the public key ciphers (RSA, El Gamal and the like), they now form the backbone of computer security. Basically there are two problems related to the use of prime numbers in these fields, namely primality testing and factoring. The primality testing problem is about testing and determining whether a given arbitrary positive integer is a prime number or a composite (non-prime) number. For a composite number, the factoring problem requires determining the composite number's prime factors. Practicality demands that these two problems have to be solved in polynomial time (computations being proportional to the number of digits and therefore fast), not exponential time (computations being proportional to the size of the numbers themselves and therefore too slow). [0005] Traditionally, to decide whether a small integer is prime or composite, one can try to factor it with the smaller primes, but this trial division is too tedious for numbers greater than, say, 40 digits. Previously, experts have only been able to test for general primality up to about 2000 digits with certainty in a week of standard PC computational time. Several other faster methods have been devised to test larger integers, but they too fall short of expectations. [0006] Presently over the Internet, record-size prime numbers over 10,000 or 100,000 digits are frequently found and published by researchers, but they are confined to special forms only (e.g., the most famous being the Lucas-Lehmer test for Mersenne numbers of the form 2 [0007] There are four conditions in solving these problems: [0008] 1. Polynomial-time algorithm: the algorithm's speed needs to be proportional to a small power of the number of digits of that integer, e.g. d [0009] 2. 100% generality, i.e., the primality or factors of any arbitrary number can be determined. [0010] 3. Provability, i.e., it can be shown to work in all cases mathematically and no counterexamples can be found. [0011] 4. Deterministic in nature, i.e., the algorithm can determine the primality of a number with certainty and not with statistical probability. [0012] Present techniques are unable to satisfy all four of these conditions simultaneously. [0013] Using a new mathematical technique called the T-sequence, the inventor has discovered a powerful primality testing method that meets all four conditions above. A similar approach can be applied to perform fast factoring for numerous special cases, a method that can, in all liklihood, be extended to the general case, making possible a general and fast factoring algorithm. (Researchers heretofore have been able to factor only in sub-exponential time, never in polynomial time.) The same T-sequence can be used to construct a prime number formula (long sought after but never achieved) and a good random number generator. The former can be used to generate infinitely many prime numbers of any size efficiently, and the latter can generate non-periodic and absolutely chaotic random numbers. These numbers are widely used in all areas of industrial and scientific simulations. In general, the T-sequence can be used to handle efficiently the fundamental problems concerning prime numbers (which include primality testing, factoring, prime number formula, infinite-pattern prime problem, etc.). [0014] Whereas previously experts have only been able to test for general primality up to about 2000 digits with certainty in a week of standard PC computational time, now with this new approach it takes only eight seconds, by comparison. On a fast computer, numbers up to a million or more digits can also be tested for primality. All other techniques become impracticable beyond 2000 or so digits for general primality testing. This new approach enables mathematicians and computer scientists to test as well as generate prime numbers of any size or form to be used in mathematical research and computer cryptography. [0015] The present invention may be further understood from the following description in conjunction with the appended drawing. In the drawing: [0016]FIG. 1 is a block diagram of a prime number computing system; and [0017]FIG. 2 is a flowchart illustrating a primality testing algorithm. [0018] T-Sequences: Definition. [0019] Let n be a positive integer and l>3 be the order. Then the general T-sequences are defined as follows:
[0020] where the subscript denotes the nth term while the superscript denotes the order l. Therefore the zeroth term is always 2 and the first term is always l; i.e., l=3 is the first T-sequence, the successive terms of which are given by
[0021] is the second T-sequence with the following terms:
[0022] There is a general and fundamental identify relating all T terms, as expressed by:
[0023] where n [0024] The T terms can grow exponentially large, but with the above identities as well as modulo arithmetic and a type of binary decomposition method described below, testing a given integer for primality is straightforward. [0025] A numerical example serves to illustrate this approach. E.g., for n=31 and l=3, binary decomposition is first performed (other forms of decomposition are feasible but are less practical):
[0026] For decomposition of odd terms D the quantity
[0027] is computed. If the result is an odd number as in
[0028] is added to 15 to give 16 so that 31=16+15. If the result is an even number such as
[0029] again 1 is added to 18 to give 19 so that 37=18+19. The successive terms can then be computed by using the above-mentioned identities. For odd nth terms such as
[0030] the quantity
[0031] or l, is always subtracted, which is 3 in this example. For even nth terms such as
[0032] the quantity
[0033] or 2, is always subtracted. The fundamental identify allows all these decompositions to be performed. Modulo arithmetic with respect to n and recursive substitutions are then carried out using the fact that, always,
[0034] that is,
[0035] in this example. [0036] Computations are then started from the smallest term, that is
[0037] and so on, with the residues always modulo 31:
[0038] Therefore it can be determined that in this example the 31st term of T [0039] There are numerous intriguing properties of T-sequences, one of which is expressed as
[0040] From this expression one can prove that all primes p will have to satisfy the relations
[0041] (mod p) and
[0042] =2 or l [0043] (mod [0044] (mod [0045] By using these T-sequences in connection with the primes p, another important and useful property in primality testing and factoring can be derived, the so-called periods k(p) consisting of two types, p+1 and p−1. The former is called the +l type and the latter the −l type. What is meant by this terminology can be illustrated by the following numerical examples: [0046] Take l=3 and p=7. Compute every term of T [0047] Again take l=4 and p=11. The residues of each T [0048] There are no other possible patterns for prime modulo. (The l type for composites will be shown in the following section describing the primality testing algorithm.) In essence, this unique characteristic of the T-sequences enables the primality of any positive integer to be determined, since only those numbers that are genuine primes can satisfy for appropriate l values both [0049] Furthermore, this characteristic can also be used to do general polynomial time factoring of composites. [0050] Computing Using T-Sequences [0051] Referring now to FIG. 1, a block diagram is shown of a computing system, e.g., a prime number computing system, in which T-sequences are used. The computing system includes one or more processors, random-access memory, read-only (non-volative) memory, and an I/O subsystem. The computing system is intended to be representative of all classes of computing systems, large and small, local or distributed. Within memory is stored a routine for generating T-sequence terms. The results of this routine are used by one or more other routines, e.g., a routine for primality testing, a routine for factoring, a prime number generator, a random number generator, etc. These routines find wide application, especially in data security, e.g., securely encrypting data or, by the opposite token, breaking a given encryption. The operation of various ones of these routines will now be described. [0052] Primality Testing [0053] Given any positive integer n, the T [0054] For n to be an eligible candidate for prime, the residues have to be
[0055] Any n which does not give such residues can immediately be declared composite. [0056] As will be explained below, it can be seen readily that any n with the last digit 1 or 9 will be of the −l type in T [0057] A fast and general method to determine the l type of n in T [0058] (both mod r), and is − when
[0059] (both mod r). [0060] Note a few facts about the relationships between r and l: [0061] 1. The l type is always − whenever r=l. [0062] 2. The small residue r must be coprime to the determinant, that is (r, 2l [0063] 3. Besides r being coprime to the determinant, r needs to be greater than the value of l. Otherwise that particular l value is not used. [0064] 4. The period k(r) must be greater than 2. When the period is 1 or 2, that l value is not to be used. [0065] 5. Applying the above identities and binary decomposition methods to r will give
[0066] Whenever
[0067] that particular l value will not be used. When
[0068] that particular l value will be used. [0069] 6. The +l type and the −l type occur in equal proportion among all n and T [0070] For example, when n=31, l=3 observe that r=1 since 31 =1 (mod 2·3 [0071] (both mod 7) are then computed, from which it appears that 7 is of +l type in T [0072] To take another example, when n=31, l=4 observe that r=7 since 31=7 (mod 2·4 [0073] (both mod 7). This shows that 7 is of +l type in T [0074] (both mod 13). This shows that 13 is −l of type in T [0075] Note that these small r residue computations can be skipped and the n residues computed directly for primality testing and l-type decisions whenever r is indeterminate. The whole algorithm will still be in polynomial time owing to binary decomposition, which ensures that it is in polynomial time. The complexity is of the order of (log [0076] Referring now to FIG. 2, a fast primality testing routine consists of the following three steps: [0077] STEP A: For any given positive integer n, first use l=3. From the above, determine the l type of n in T [0078] If either R [0079] Note that all composites which are not genuine primes or pseudoprimes or proper cofactors of T [0080] If
[0081] (mod n)then proceed to STEP B below. [0082] STEP B: This step performs a “greatest common factor sieving” to sieve away certain pseudoprimes. For example, take a composite n=1729=7 ×13 ×19 and l=4. The number 1729 is a pseudoprime of T [0083] Take the odd term right below
[0084] that is
[0085] Since the residue is 914 (mod 1729), subtract from this residue
[0086] giving 912. Using the Euclidean algorithm for the greatest common factor (gcd), compute gcd (912, 1729)=19. This shows that 1729 is composite since 19 is one of its factors. (Computing gcd by the Euclidean algorithm is useful in factoring.) In other words, for n to be a candidate for prime, the odd term residue
[0087] right under
[0088] when 2 is subtracted must at least be coprime to n: gcd
[0089] STEP B still misses some pseudoprimes or cofactor composites but when followed by STEP C, all possible exceptions in the form of proper cofactors or pseudoprimes will be sieved away, leaving only the genuine primes. [0090] STEP C: Find an l which is of opposite l type to that in STEP A in T [0091] If in STEP A T [0092] Only a genuine prime p can always satisfy these conditions when n=p. This completes STEP C. [0093] A variation of the foregoing algorithm uses the Jacobi to avoid blind trials seeking for opposite l types. In particular, taking JACOBI(l [0094] Primality Testing—Summary. Following the above method of computation ensures that this primality testing algorithm is 100% general, deterministic, provable and polynomial-time. It runs as follows: [0095] The integer n is a genuine prime whenever n satisfies the conditions in these three steps: [0096] STEP A:
[0097] STEP B:
[0098] STEP C: T [0099] Failing to satisfy any one or more of these conditions will render n to be composite. [0100] As may be seen from Table 1, the time and memory requirements required to test the primality of integers is very small compared to existing methods, and remains comparatively quite small even when testing primality of integers of unprecedented size.
[0101] Polynomial-Time Factoring Routine [0102] A promising and viable factoring method is also based on the T-sequences. This method is unlike any previous method. [0103] The T-sequences allow all forms of composites to be factored, without exception, in polynomial time, simply because binary decomposition modulo C is fundamentally polynomial time. So far, mathematicians have only found exponential or sub-exponential time factoring algorithms for composites less than 200 digits, in general, and no polynomial-time factoring exists for even special forms of composites like the Mersenne numbers 2 [0104] The gist of this PTFA lies in the natural mathematical interrelationships between the composite C=P [0105] The periods of the prime factors with respect to l can only take on the patterns p [0106] The first important thing to take advantage of in PTFA is that whenever the period residue r [0107] Take C=91(=7×13). The possible periods k(p [0108] mod 91 is first computed, which gives 76 as residue. Now
[0109] =6, and 1 is the r [0110] Thus one is able to factor by taking gcd(76−6, 91)=7. Likewise T [0111] Whenever the periods p+1 or p−1 [match?] the composite C in either the above straightforward way or a simple function like the cubic polynomial below, factoring can always be performed by taking gcd
[0112] −2 is used when the periods p+1 or p−1 divides exactly into f(C) and +2 is used whenever f(C) divided by p+1 or p−1 gives a residue of
[0113] as is quite often the case. The expression
[0114] stands for
[0115] (mod C), where m can be any arbitrary term or a function of the composite f(C) to be computed. [0116] Again, to illustrate the this point, when +2 is added to 76 (the residue of T [0117] There are numerous sets of composites that can be factored readily because their factors' periods bear such a simple relationship to C. For example, composites of the form C=p[1+(p+1)(p+2)] can always be factored readily in this way: [0118] gcd(R [0119] For C of the form p[1+(p−1)(p−2)] there results gcd
[0120] e.g., [0121] Obviously, one can easily construct or find infinitely many such composites to factor. In general for C=p[1+m(p+1)] where m is any prime or composite, C can always be factored as follows: gcd(R [0122] Furthermore, often the period of one prime factor of a composite happens to divide into the other prime factor or factors with a small enough residue, e.g., C=147149=37×41×94. In this example, factoring begins by finding by trial that when C has subtracted from it a small number 2, i.e., 147149−2, it gives
[0123] Factorization then proceeds by taking gcd(R [0124] Again it is obvious that there are infinitely many such composites. Quite often too, when C is multiplied by a small integer, the period of a certain factor can divide exactly into this product of C by a small integer, allowing for ready factorization, e.g., C=41×67=2747. Multiplying C by the small integer 3 gives 2747×3=82441. Originally, 2747=27 (mod 41−1), and 27 is too large a residue period to readily factor. However, 8241=1 (mod 41−1), and 1 is definitely small enough, leading to gcd
[0125] This constitutes another infinite set of composites that can be factored in polynomial time through PTFA by a few trials. [0126] A powerful and very general PTFA method results from taking the cubic polynomial function of C to factor. It works as follows: [0127] f(C)=aC [0128] Since 0 ≦a, b ≦4, and since when a=0, also b=0 and c=0 in some cases, the results is only 5×2×2×2×5−3=497 combinations basically. Factorization is performed by taking gcd
[0129] where f(C) stays positive. Two arbitrary examples will illustrate. Take C=641×3469=2223629. Note
[0130] Taking a=1, b=+3, c=−1 and d=−3, 641 can be factored out by selecting one l for which 641 is of −l type such as l=3: since 22233629=269 (mod) there results 149+3×41−269−3=(269) [0131] As another arbitrary example, take C=4567×0837=49492579. Note the fixed relationship between the period residues of each prime factors, particularly when they are the RSA form of two prime composites, e.g., when C=p
[0132] Again trials show that when a=3, b=−4, c=−3, d=−4, 4568|3C [0133] This formula can be linked to the fundamental Diophantine Equation (p±1)×− [0134] In addition to the above methods, other factoring methods have been programmed and tested such as: [0135] (A).
[0136] (mod n) is factored by taking a
[0137] (mod n). Taking the gcd of this relation minus 2 allows for factoring. Here 1≦a≦4, −4≦b, c≦+4and a≠0. E.g., take
[0138] (=1871×34511). Take 851=R, which comes from 64570081=851 (mod 1871−1) and 1870|2(851) [0139] (B). Compute the four possible residues: (a)
[0140] (mod n), (b)
[0141] (mod 1−n), (c)
[0142] (mod n) (d)
[0143] (mod 1−n). Use the residues as “inputs” for one or more layers of T-sequence modulo computation. Then factor by taking gcd
[0144] E.g., take the composite n=2077≡31×67. Let l≡3, l n ≡3×2077≡6231. There result the four Rs:
[0145] When e=1, f=−1, l=+for 67, e.g., l=3 there results 1×2077+(3267−719)−1=4624=68×68. [0146] Factor by taking gcd(R [0147] (C) Another method makes use of the recursive period pattern of certain primes, e.g., n=2701=37×73. First compute T [0148] (D) Whenever the ratio between the two factors of the composite n is less than 2, one can always factor by adding or subtracting from n by the nearest integer [{square root}{square root over (4 [0149] Compute [{square root}{square root over (4·1591−4)}]=80 and 1591−80=1511. By finding l such as l=4 where 37 is −l type but not 43, factorization is made possible by taking 1511+1=0 (mod 37−1), i.e., gcd (R [0150] Factoring—Summary. T-sequences are closely tied in to factoring. There have been described several very promising polynomial-time factoring methods. The cubic polynomial PTFA seems to work the best, but other lines of attack are feasible too. [0151] Prime Number Formula. Traditionally, a prime number formula (which has never been found) has always had these requirements: [0152] 1) It always gives a prime number for each integer input n=1, 2, 3, 4, . . . [0153] 2) It is constructive, i.e., the formula can always be computed to give prime numbers. For example, Mills' formula p=[hd A [0154] 3) It is forthright, i.e., it takes little time to readily compute the prime number. For example, for the polynomial equation ax [0155] is forthright in that it gives the roots readily. [0156] On the face of it, these requirements seem natural enough. Seekers of prime number formula have always exerted their best efforts to find a prime number formula that satisfies these three requirements. The continuing failure to find such a prime number formula has caused many researchers to conclude no such formula exists. [0157] While it appears doubtful that a prime number formula of this type can be constructed, upon reflection, it may be seen that the third requirement is inconsistent with the very definition of prime numbers, namely that they cannot be divided exactly by any other numbers other than themselves and 1. The implication is that the primality of a positive integer n needs to be determined by a legitimate polynomial-time primality testing algorithm. Whether n is prime or composite cannot be ascertained right away. Rather, n must be tested for primality. A prime number formula which is supposed to generate primes and not composites also needs to obey such a fundamental requirement. [0158] Now redefine a prime number formula as one that satisfies the three requirements: [0159] 1) It always gives a prime number for each integer input n=1, 2, 3, . . . [0160] 2) It is always constructive. [0161] 3) It possesses polynomial-time complexity. [0162] Since a prime number formula is in essence one version of a primality testing algorithm; whereas the traditional formulation of a prime number formula is an NP problem, the foregoing formulation recast the problem such that NP→P. [0163] A new prime number formula of the type described may be arrived at by making use of a revised version of the Fortune Conjecture, i.e., P [0164] One numerical example illustrates this formula clearly: Let P [0165] One can also add or subtract a large product with a small product e.g. 2 [0166] Note that Q +P [0167] This approach makes it possible to compute a large prime. This formula, along with adding or subtracting suitable sums or differences, will readily generate many other primes around this large prime. [0168] Random Number Generator [0169] Mathematically a good random number generator (RNG) should be infinitely non-periodic, such that no generated number can be deduced from any previous number. Of course, statistical tests like the chi-square test can be applied to ensure that all digits are distributed 100% randomly with no bias whatsoever. Admittedly, if only math is concerned, a fixed input will always yield a fixed output. Only physical systems like the quantum mechanical systems can give “dynamically genuine” random numbers. Coupling these two notions together, it is possible to construct a powerful and convenient RNG. [0170] First, note the fact that the last digits of all primes, except 2 and 5, can only be 1, 3, 7 and 9. They are distributed absolutely randomly among the infinite set of positive integers. The very definition of prime number demands this, since prime numbers can only be divided exactly by 1 and themselves. Thus by taking the last digits only and ignoring the trivial 2 and 5, from the prime set 3, 7, 11, 13, 17, 19, 23, 29, 31, etc., one obtains the random digits 3, 7, 1, 3, 7, 9, 3, 9, 1, 7, 1, 3, 7, 3, 9, 1, 7, 1, 3, 9, 3, 9, 7 for primes from 3 to 97. These digits form an infinite set, and no digit can be derived from the previous or succeeding ones. Each one of the four digits appears 25% of the time. Above all, they are absolutely non-periodic. [0171] The prime-number formula based on the T-sequence polynomial-time primality testing algorithm provides infinitely many variations of these random prime digits, e.g., take 2×3×5×7×=210. Based on the formula presented previously, add or subtract all the primes between 7<11 and 47<7 [0172] Since the seeds such as 2·3·5 or 2 [0173] This RNG can also be easily modified into a simple but innovative cipher: a function F [0174] It will be appreciated by those of ordinary skill in the art that the invention can be embodied in other specific forms without departing from the spirit or essential character thereof. The presently disclosed embodiments are therefore considered in all respects to be illustrative and not restrictive. The scope of the invention is indicated by the appended claims rather than the foregoing description, and all changes which come within the meaning and range of equivalents thereof are intended to be embraced therein. Referenced by
Classifications
Legal Events
Rotate |