File: proof-text-format.txt

package info (click to toggle)
libmath-prime-util-gmp-perl 0.52-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 1,504 kB
  • sloc: ansic: 16,770; perl: 4,530; sh: 162; makefile: 15
file content (292 lines) | stat: -rw-r--r-- 8,552 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
 
[MPU - Primality Certificate]
Version 1.0
# We should allow base 10, base 16, and base 62.  Base 10 is the default.
Base 10

# This is the N value we're proving.
Proof for:
N 8087094497428743437627091507362881


# The following types allow a simple chain:
#    Pocklington
#    BLS3
#    BLS15
#    ECPP
#    Small
# These could result in a tree:
#    Lucas
#    BLS5
#    BLS7
#
# Types ECPP3 and ECPP4 are from Primo, and can be easily translated into
# a type ECPP.  We include them here rather than convert because they save
# quite a bit of space and we may want to generate them ourselves someday.
# I remain dubious about including them, so it is possible they will go away
# in the format and we'll just have the converter/verifier do the conversion.
#
# MPU will generate types: BLS3, BLS15, ECPP, BLS5, Small.
# Primo (converted) will generate types: Pocklington, BLS15, ECPP3, ECPP4.
# Lucas is included for completeness.
# I no longer use BLS7 so will not include it.

# BLS## stands for theorem ## in the paper:
#   "New Primality Criteria and Factorizations of 2^m +/- 1" by
#   Brillhart, Lehmer, and Selfridge, Mathematics of Computation, 1975.
# which includes 21 theorems related to N-1, N+1, and hybrid primality proofs.
# The paper is often referred to as BLS75, and is highly recommended reading.

# I allow N or any Q smaller than 2^64 to implicitly construct a "Small"
# certificate.  So once we have a Q of <= 2^64, we can run a deterministic
# test to prove its primality.  One of the many BPSW variants works for this,
# or 7 M-R tests with bases 2, 325, 9375, 28178, 450775, 9780504, 1795265022.
# Hence if we have Q values <= 2^64, the verifier needs to do its test, and
# the certificate can leave out an explicit proof for the Q.  This is done
# to prevent a few Lucas, BLS5, etc. type tests from creating a swarm of
# "Small" certificates for each little factor.

Type BLS15
N  8087094497428743437627091507362881
Q  175806402118016161687545467551367
LP 1
LQ 22

# Note: Primo type 2 can map to this, though this allows Q to be
#       smaller.  ( prevR->N, R->Q, S->M, Q->(LP,LQ) )
#       Primo condition a is implied by Q odd
#       Primo condition c is stricter than required by BLS15.
#       Primo conditions e and f relate to the Lucas code
#       Primo condition g is not required
# Verify: Q is odd
# Verify: Q > 2
# Verify: Q divides N+1
# Let: M = (N+1)/Q
# Verify: MQ-1 = N                             # Primo d
# Verify: M > 0                                # Primo b
# Verify: 2Q-1 > sqrt(N)                       # Primo c (less strict)
# Let: D = LP*LP - 4*LQ
# Verify: D != 0
# Verify Jacobi(D,N) = -1                      # Primo h
# Verify V_{m/2} mod N != 0                    # Primo j
# Verify V_{(N+1)/2} mod N == 0                # Primo i
# Then N is prime if Q is prime.


Type ECPP
N  175806402118016161687545467551367
A  96642115784172626892568853507766
B  111378324928567743759166231879523
M  175806402118016177622955224562171
Q  2297612322987260054928384863
X  3273750212
Y  82061726986387565872737368000504

# Generic ECPP / AKGM block
# A and/or B can be -1, so mod them.
# Let A = A % N
# Let B = B % N
# Verify: N > 0                                # Primo b
# Verify: gcd(N, 6) = 1                        # Primo a
# Verify: gcd(4*a^3 + 27*b^2, N) = 1           # Primo i
# Verify: Y^2 mod N = X^3 + A*X + B mod N      # Primo j
# Verify: M >= N + 1 - 2*sqrt(N)               # Primo g
# Verify: M <= N + 1 + 2*sqrt(N)               # Primo h
# Verify: Q > (N^(1/4)+1)^2                    # Primo f
# Verify: Q < N                                # Primo e
# Verify: M != Q
# Verify: Q divides M
# Note:  EC(A,B,N,X,Y) defines the elliptic curve Y^2 = X^3 + A*X + B, mod N
#        with operations defined in affine coordinates.
# Let POINT = (M/Q) * EC(A,B,N,X,Y)
# Verify: POINT is not the identity            # Primo k
# Let POINT = Q * POINT   (or M * EC(A,B,N,X,Y))
# Verify: POINT is the identity                # Primo l
# Then N is prime if Q is prime.


Type BLS3
N  2297612322987260054928384863
Q  16501461106821092981
A  5

# Note: This is similar to Pocklington, but Q can be smaller.
# Verify: Q odd
# Verify: Q > 2
# Verify: Q divides N-1
# Let: M = (N-1)/Q
# Verify: MQ+1 = N
# Verify: M > 0
# Verify: 2Q+1 > sqrt(N)
# Verify A^((N-1)/2) mod N = N-1
# Verify A^(M/2) mod N != N-1
# Then N is prime if Q is prime.


Type BLS5
N  8087094497428743437627091507362881
Q[1]  98277749
Q[2]  3631
A[0]  11
----

# Note: This also covers generalized Pocklington
# Note: We have to have N-1 factored to (N/2)^1/3
# Note: A line starting with - is required at the end.
# Verify: N > 2, N odd
# For each i (0-max):
#   Q[0] = 2                       # 2 is always a factor of n-1
#   A[i] = 2 unless specified
#   Verify: Q[i] > 1, Q[i] < N-1
#   Verify: A[i] > 1, A[i] < N-1
#   Verify: Q[i] divides N-1
# Let: F = N-1 divided by each Q[i] with multiplicity
#      (i.e. if Q[i] evenly divides N-1 3 times, then divide it out 3 times)
# Let: R = (N-1)/F
# Verify: F is even
# Verify: gcd(F, R) = 1
# Let: s = integer    part of R / 2*F
# Let: r = fractional part of R / 2*F
# Let: P = (F+1) * (2*F*F + (r-1)*F + 1)
# Verify: n < P
# Note: The next condition is trivially met if F >= R,
#       as is the case with Pocklington.
# Let: rt = r^2 - 8s
# Verify: s = 0   OR  rt not a perfect square [e.g. floor(sqrt(rt))^2 != rt]
# For each i:
#   Verify: A[i]^(N-1) mod N = 1
#   Verify: gcd(A[i]^((N-1)/Q[i])-1, N) = 1
# Then N is prime if each Q is prime.


Type Lucas
N     10384593717069655257060992658440473
Q[1]  2
Q[2]  3
Q[3]  13
Q[4]  379
Q[5]  87820459687010818424506060639
A     41

# Note: All factors of N-1 are listed
# Verify: A > 1 and A < N
# Verify: N-1 has only factors Q (to some multiplicity).
# Verify: A^(N-1) mod N = 1
# Verify for each Q:
#   Q > 0
#   Q < N-1
#   Q divides N-1
#   A^((N-1)/Q) mod N != 1
# Then N is prime if each Q is prime.


Type Pocklington
N  2297612322987260054928384863
Q  16501461106821092981
A  5

# Note: This is Primo type 1 ( prevR->N, R->Q, S->M, B->A )
# verify: Q divides N-1
# let: M = (N-1)/Q
# Verify: M is even                            # Primo a
# Verify: M > 0                                # Primo b
# Verify: M < Q                                # Primo c
# Verify: MQ+1 = N                             # Primo d
# Verify: A > 1                                # Primo e
# Verify: A^(N-1) mod N = 1                    # Primo f
# Verify: gcd(A^M - 1, N) = 1                  # Primo g
# Then N is prime if Q is prime.



Type ECPP3
N 33863876771064627047864880693347
S 8929168182
R 3792500721324706215857
A -30
B 56
T 0

# From Primo.  Experimental, may go away.
# Verify: |A| <= N/2
# Verify: |B| <= N/2
# Verify: T >= 0
# Verify: T < N
# Let: L = (T^3 + A*T + B) mod N
# Let: A = (A * L^2) mod N
# Let: B = (B * L^3) mod N
# Let: X = (T*L) mod N
# Let: Y = (L^2) mod N
# Let: Q = R
# Let: M = R*S
# Continue as type ECPP.


Type ECPP4
N 346908375519289784739191985209489924762236002832827279935279239073873837063
S 26591618
R 13045779144363828659812726897983038292936490633310834005307717308699
J -4092776160830678382137043215242735918658074999545950247507675196218505248
T 4

# From Primo.  Experimental, may go away.
# Verify: |J| <= N/2
# Verify: T >= 0
# Verify: T < N
# Let: A = 3 * J * (1728 - J)
# Let: B = 2 * J * (1728 - J)^2
# Let: L = (T^3 + A*T + B) mod N
# Let: A = (A * L^2) mod N
# Let: B = (B * L^3) mod N
# Let: X = (T*L) mod N
# Let: Y = (L^2) mod N
# Let: Q = R
# Let: M = R*S
# Continue as type ECPP.


Type Small
N  5791

# Verify: N < 2^64
# Verify: N is prime using BPSW or deterministic M-R tests


# Experimental, not used:
#Type BLS7
#N  10384593717069655257060992658440473
#Q[1]  87820459687010818424506060639
#Q[2]  379
#Q[3]  13
#Q[4]  3
#Q[5]  2
#A[1]  2
#A[2]  2
#A[3]  2
#A[4]  19
#A[5]  5
#B  10000
#AR 2

# Verify for each i:
#   Q[i] > 1, Q[i] < N
#   A[i] > 1, A[i] < N
#   Q[i] divides n-1
# Let: F = product of all Qs
# Let: R = N/F
# Verify: F is even
# Verify: gcd(F, R) = 1
# Verify: F has no factors smaller than B (this may be time consuming)
# Let: s = integer    part of R / 2*F
# Let: r = fractional part of R / 2*F
# Let: P = (F*B+1) * (2*F*F + (r-B)*F + 1)
# Verify: n < P
# Let: rt = r^2 - 8s
# Verify: s = 0   OR  rt not a perfect square [e.g. floor(sqrt(rt))^2 != rt]
# For each i:
#   Verify: A[i]^(N-1) mod N = 1
#   Verify: gcd(A[i]^((N-1)/Q[i])-1, N) = 1
# Verify: AR^(N-1) mod N = 1
# Verify: gcd(AR^((N-1)/R)-1, N) = 1
# Then N is prime if each Q is prime.