In mathematics, the Lucas–Lehmer–Riesel test is a primality test for numbers of the form N = k ⋅ 2n − 1 with odd k < 2n. The test was developed by Hans Riesel and it is based on the Lucas–Lehmer primality test. It is the fastest deterministic algorithm known for numbers of that form. For numbers of the form N = k ⋅ 2n + 1 (Proth numbers), either application of Proth's theorem (a Las Vegas algorithm) or one of the deterministic proofs described in Brillhart–Lehmer–Selfridge 1975[1] (see Pocklington primality test) are used.
The algorithm
The algorithm is very similar to the Lucas–Lehmer test, but with a variable starting point depending on the value of k.
Define a sequence ui for all i > 0 by:
Then N = k ⋅ 2n − 1, with k < 2n is prime if and only if it divides un−2.
Finding the starting value
The starting value u0 is determined as follows.
- If k ≡ 1 or 5 (mod 6): if 1 (mod 6) and n is even, or 5 (mod 6) and n is odd, then 3 divides N, and there is no need to test. Otherwise, N ≡ 7 (mod 24) and the Lucas V(4,1) sequence may be used: we take , which is the kth term of that sequence. This is a generalization of the ordinary Lucas–Lehmer test, and reduces to it when k = 1.
- Otherwise, we are in the case where k is a multiple of 3, and it is more difficult to select the right value of u0. It is known that if k = 3 and n ≡ 0 or 3 (mod 4), we can take u0 = 5778.
An alternative method for finding the starting value u0 is given in Rödseth 1994.[2] The selection method is much easier than that used by Riesel for the 3 divides k case. First find a P value that satisfies the following equalities of Jacobi symbols:
- .
In practice, only a few P values need be checked before one is found (5, 8, 9, or 11 work in about 85% of trials).
To find the starting value u0 from the P value we can use a Lucas(P,1) sequence, as shown in [2] as well as page 124 of.[3] The latter explains that when 3 ∤ k, P=4 may be used as above, and no further search is necessary.
The starting value u0 will be the Lucas sequence term Vk(P,1) taken mod N. This process of selection takes very little time compared to the main test.
How the test works
The Lucas–Lehmer–Riesel test is a particular case of group-order primality testing; we demonstrate that some number is prime by showing that some group has the order that it would have were that number prime, and we do this by finding an element of that group of precisely the right order.
For Lucas-style tests on a number N, we work in the multiplicative group of a quadratic extension of the integers modulo N; if N is prime, the order of this multiplicative group is N2 − 1, it has a subgroup of order N + 1, and we try to find a generator for that subgroup.
We start off by trying to find a non-iterative expression for the . Following the model of the Lucas–Lehmer test, put , and by induction we have .
So we can consider ourselves as looking at the 2ith term of the sequence . If a satisfies a quadratic equation, this is a Lucas sequence, and has an expression of the form . Really, we're looking at the k ⋅ 2ith term of a different sequence, but since decimations (take every kth term starting with the zeroth) of a Lucas sequence are themselves Lucas sequences, we can deal with the factor k by picking a different starting point.
LLR software
LLR is a program that can run the LLR tests. The program was developed by Jean Penné. Vincent Penné has modified the program so that it can obtain tests via the Internet.[4] The software is both used by individual prime searchers and some distributed computing projects including Riesel Sieve and PrimeGrid.
A revised version, LLR2[5] was deployed in 2020.[6] This generates a "proof of work" certificate which allows the computation to be verified without needing a full double-check.
A further update, PRST[7] uses an alternate certificate scheme[8] which takes longer to verify but is faster to generate for some forms of prime.[9]
See also
References
- ↑ Brillhart, John; Lehmer, Derrick Henry; Selfridge, John (April 1975). "New Primality Criteria and Factorizations of 2^m ± 1". Mathematics of Computation. 29 (130): 620–647. doi:10.1090/S0025-5718-1975-0384673-1.
- 1 2 Rödseth, Öystein J. (1994). "A note on primality tests for N=h·2^n−1" (PDF). BIT Numerical Mathematics. 34 (3): 451–454. doi:10.1007/BF01935653. S2CID 120438959. Archived from the original (PDF) on March 6, 2016.
- ↑ Riesel, Hans (1994). Prime Numbers and Computer Methods for Factorization. Progress in Mathematics. Vol. 126 (2nd ed.). Birkhäuser. pp. 107–121. ISBN 0-8176-3743-5.
- ↑ Bonath, Karsten (2010-03-12). "LLRnet supports LLR V3.8! (LLRnet2010 V0.73L)". Great Internet Mersenne Prime Search forum. Retrieved 17 November 2021.
- ↑ Atnashev, Pavel. "LLR2 GitHub". GitHub. Retrieved 2023-11-23.
- ↑ "LLR2 installed on all big LLR projects". PrimeGrid message boards. 11 September 2020. Retrieved 2023-11-23.
- ↑ Atnashev, Pavel. "PRST GitHub". GitHub. Retrieved 2023-11-23.
- ↑ Li, Darren; Gallot, Yves (16 September 2022). "An Efficient Modular Exponentiation Proof Scheme". arXiv:2209.15623 [cs.CR].
- ↑ "SR5 project switched to PRST". PrimeGrid message boards. 19 July 2023. Retrieved 2023-11-23.
- Riesel, Hans (1969). "Lucasian Criteria for the Primality of N = h·2n − 1". Mathematics of Computation. American Mathematical Society. 23 (108): 869–875. doi:10.2307/2004975. JSTOR 2004975.
External links
- Download Jean Penné's LLR
- Math::Prime::Util::GMP - Part of Perl's ntheory module, this has basic implementations of LLR and Proth form testing, as well as some BLS75 proof methods.