Prime Numbers
.pdf148 |
Chapter 3 RECOGNIZING PRIMES AND COMPOSITES |
and the “b” number for the second sequence is a square! Thus, if gcd(n, b) = 1 and we let A be an integer with A ≡ b−1V2(a, b) ≡ a2b−1 − 2 (mod n), then we have
V2m(a, b) ≡ bmVm(A, 1) (mod n). |
(3.16) |
Similarly, we have
U2m(a, b) ≡ abm−1Um(A, 1) (mod n),
so that using (3.13) (with A, 1 for a, b, so that “∆” in (3.13) is A2 − 4), we have
U2m(a, b) ≡ (a∆)−1bm+1 2Vm+1(A, 1) − AVm(A, 1) (mod n). (3.17)
We may use the above method of binary Lucas chains to e ciently compute the pair Vm(A, 1) (mod n), Vm+1(A, 1) (mod n), where n is a number coprime to b and we view A as an integer modulo n. Thus, via (3.16), (3.17), we may find V2m(a, b), U2m(a, b) (mod n). And from these, with 2m = n−
we may see whether n is a Lucas pseudoprime or Frobenius pseudoprime with respect to x2 − ax + b.
We summarize these notions in the following theorem. |
|
Theorem 3.6.8. Suppose that a, b, ∆, A are as above |
and that n is a |
composite number coprime to 2ab∆. Then n is a Lucas pseudoprime with respect to x2 − ax + b if and only if
AV 21 (n−(∆n ))(A, 1) ≡ 2V 21 (n−(∆n ))+1(A, 1) (mod n). |
(3.18) |
Moreover, n is a Frobenius pseudoprime with respect to x2 − ax + b if and only if the above holds and also
b(n−1)/2V 21 (n−(∆n ))(A, 1) ≡ 2 (mod n). |
(3.19) |
As we have seen above, for m = 12 n − ∆n , the pair Vm(A, 1), Vm+1(A, 1) may be computed modulo n using fewer than 2 lg n multiplications mod n and lg n additions mod n. Half of the multiplications mod n are squarings mod n. A Fermat test also involves lg n squarings mod n, and up to lg n additional multiplications mod n, if we use Algorithm 2.1.5 for the binary ladder. We conclude from (3.18) that the time to do a Lucas test is at most twice the time to do a Fermat test. To apply (3.19) we must also compute b(n−1)/2 (mod n), so we conclude that the time to do a Frobenius test (for a quadratic polynomial) is at most three times the time to do a Fermat test.
As with the Fermat test and the strong Fermat test, we apply the Lucas test and the Frobenius test to numbers n that are not known to be prime or composite. Following is pseudocode for these tests along the lines of this section.
Algorithm 3.6.9 (Lucas probable prime test).
We are given integers n, a, b, ∆, with ∆ = a2 − 4b, ∆ not a square, n > 1,
3.6 Lucas pseudoprimes |
149 |
gcd(n, 2ab∆) = 1. This algorithm returns “n is a Lucas probable prime with parameters a, b” if either n is prime or n is a Lucas pseudoprime with respect to x2 − ax + b. Otherwise, it returns “n is composite.”
1. [Auxiliary parameters]
A = a2b−1 − 2 mod n; m = n − ∆n /2;
2. [Binary Lucas chain]
Using Algorithm 3.6.7 calculate the last two terms of the sequence (V0, V1, . . . , Vm, Vm+1), with initial values (V0, V1) = (2, A) and specific rules V2j = Vj2 − 2 mod n and V2j+1 = Vj Vj+1 − A mod n;
3. [Declaration]
if(AVm ≡ 2Vm+1 (mod n)) return “n is a Lucas probable prime with parameters a, b”;
return “n is composite”;
The algorithm for the Frobenius probable prime test is the same except that Step [Declaration] is changed to
3’. [Lucas test]
if(AVm ≡2Vm+1) return “n is composite”;
and a new step is added:
4. [Frobenius test]
B = b(n−1)/2 mod n;
if(BVm ≡ 2 (mod n)) return “n is a Frobenius probable prime with parameters a, b”;
return “n is composite”;
3.6.4Theoretical considerations and stronger tests
If x2 − ax + b is irreducible over Z and is not x2 ± x + 1, then the Lucas pseudoprimes with respect to x2 − ax + b are rare compared with the primes (see Exercise 3.26 for why we exclude x2 ± x + 1). This result is in [Baillie and Wagsta 1980]. The best result in this direction is in [Gordon and Pomerance 1991]. Since the Frobenius pseudoprimes with respect to x2 − ax + b are a subset of the Lucas pseudoprimes with respect to this polynomial, they are if anything rarer still.
It has been proved that for each irreducible polynomial x2 − ax + b there are infinitely many Lucas pseudoprimes, and in fact, infinitely many Frobenius pseudoprimes. This was done in the case of Fibonacci pseudoprimes in [Lehmer 1964], in the general case for Lucas pseudoprimes in [Erd˝os et al. 1988], and in the case of Frobenius pseudoprimes in [Grantham 2001]. Grantham’s proof on the infinitude of Frobenius pseudoprimes works only in the case ∆n = 1. There are some specific quadratics, for example, the polynomial x2 − x − 1 for the Fibonacci recurrence, for which we know that there are infinitely many Frobenius pseudoprimes with ∆n = −1 (see [Parberry 1970] and [Rotkiewicz
150 |
Chapter 3 RECOGNIZING PRIMES AND COMPOSITES |
|||
|
2 |
= a2 |
− |
4b |
1973]). Recently, Rotkiewicz proved that for any x − ax + b with ∆ |
∆ |
|
||
not a square, there are infinitely many Lucas pseudoprimes n with |
n = −1. |
|||
|
In analogy to strong pseudoprimes (see Section 3.5), we may have strong |
|||
Lucas pseudoprimes and strong Frobenius pseudoprimes. Suppose n is an odd prime not dividing b∆. In the ring R = Zn[x]/(f (x)) it is possible (in the case
∆ |
2 |
|
|
|
|
example, take f (x) = x2 |
− |
x |
− |
1, |
|||||
n = 1) to have z |
|
= 1 and z =±1. For1 2m |
|
|
|
|
|
|
|
||||||
= 11, z = 3 + 5x. However, if (x(a |
− |
x) |
− ) |
= 1, then a simple calculation |
|||||||||||
n |
|
|
|
|
|||||||||||
|
|
|
|
|
|
∆ |
|
− |
x)−1)m = |
± |
1. We have |
||||
(see Exercise 3.30) shows that we must have (x(a |
|
|
|||||||||||||
∆ |
|
|
− |
x)−1)n−(n ) = 1 in R. Thus, if we write |
|||||||||||
from (3.10) and (3.11) that (x(a |
|
||||||||||||||
n − n = 2st, where t is odd, then
either (x(a − x)−1)t ≡ 1 (mod (f (x), n))
or (x(a − x)−1)2i t ≡ −1 (mod (f (x), n)) for some i, 0 ≤ i ≤ s − 1.
This then implies that
either Ut ≡ 0 (mod n)
or V2i t ≡ 0 (mod n) for some i, 0 ≤ i ≤ s − 1.
If this last statement holds for an odd composite number n coprime to b∆, we say that n is a strong Lucas pseudoprime with respect to x2 − ax + b. It is easy to see that every strong Lucas pseudoprime with respect to x2 − ax + b is also a Lucas pseudoprime with respect to this polynomial.
In [Grantham 2001] a strong Frobenius pseudoprime test is developed, not only for quadratic polynomials, but for all polynomials. We describe the
quadratic case for |
∆ |
|
= |
− |
1. Say n2 |
− |
1 = 2S T , where n is an odd prime not |
|||||||
|
n |
|
|
= |
|
|
|
|
2 |
|
1 |
|
||
dividing b∆ and where |
∆ |
− |
1. From (3.10) and (3.11), we have xn |
|
|
≡ 1 |
||||||||
(mod n), so that |
|
|
n |
|
|
|
|
|
|
− |
|
|||
either |
xT ≡ 1 (mod n) |
|
|
|
|
|
|
|
||||||
2i T |
≡ −1 (mod n) |
for some i, 0 ≤ i ≤ S − 1. |
|
|
|
|
|
|||||||
or x |
|
|
|
|
|
|
||||||||
If this holds for a Frobenius pseudoprime n with respect to x2 |
2− ax + b, |
|||||||||||||
we say that n is a strong Frobenius pseudoprime with respect to x |
− ax + b. |
|||||||||||||
(That is, the above congruence does not appear to imply that n is a Frobenius pseudoprime, so this condition is put into the definition of a strong Frobenius pseudoprime.) It is shown in [Grantham 1998] that a strong Frobenius
pseudoprime n with respect to x2 − ax + b, with ∆n |
= −1, is also a strong |
Lucas pseudoprime with respect to this polynomial. |
|
As with the ordinary Lucas test, the strong Lucas test may be accomplished in time bounded by the cost of two ordinary pseudoprime tests. It is shown in [Grantham 1998] that the strong Frobenius test may be accomplished in time bounded by the cost of three ordinary pseudoprime tests. The interest in strong Frobenius pseudoprimes comes from the following result from [Grantham 1998]:
3.6 Lucas pseudoprimes |
151 |
Theorem 3.6.10. Suppose n is a composite number that is not a square and not divisible by any prime up to 50000. Then n is a strong Frobenius
pseudoprime with respect to at most 1/7710 of 2all polynomials x2 − ax + b, |
|||||||
|
n |
|
− |
|
n |
|
|
where a, b run over the integers in [1, n] with |
a −4b |
= |
|
1 and |
b |
|
= 1. |
This result should be contrasted with |
the |
Monier–Rabin |
theorem |
||||
|
|
|
|
|
|
||
(Theorem 3.5.4). If one does three random strong pseudoprime tests, that result implies that a composite number will fail to be recognized as such at most 1/64 of the time. Using Theorem 3.6.10, in about the same time, one has a test that recognizes composites with failure at most 1/7710 of the time. A recent test in [Zhang 2002] should be mentioned in this context. It combines a strong probable prime test and a Lucas test, giving a result that is superior to the quadratic Frobenius test in all but a thin set of cases.
3.6.5The general Frobenius test
In the last few sections we have discussed Grantham’s Frobenius test for quadratic polynomials. Here we briefly describe how the idea generalizes to arbitrary monic polynomials in Z[x].
Let f (x) be a monic polynomial in Z[x] with degree d ≥ 1. We do not necessarily assume that f (x) is irreducible. Suppose p is an odd prime that does not divide the discriminant, disc(f ), of f (x). (The discriminant of a monic polynomial f (x) of degree d may be computed as (−1)d(d−1)/2 times the resultant of f (x) and its derivative. This resultant is the determinant of
the (2d−1)×(2d−1) matrix whose i, j entry is the coe cient of xj−i in f (x) for i = 1, . . . , d−1 and is the coe cient of xj−(i−d+1) in f (x) for i = d, . . . , 2d−1,
where if the power of x does not actually appear, the matrix entry is 0.) Since disc(f ) = 0 if and only iff (x) has no repeated irreducible factors of positive degree, the hypothesis that p does not divide disc(f ) automatically implies that f has no repeated factors.
By reducing its coe cients modulo p, we may consider f (x) in Fp[x]. To avoid confusion, we shall denote this polynomial by f (x). Consider the polynomials F1(x), F2(x), . . . , Fd(x) in Fp[x] defined by
F1(x) = gcd(xp − x, f (x)),
F2(x) = gcd(xp2 − x, f (x)/F1(x)),
.
.
.
Fd(x) = gcd(xpd − x, f (x)/(F1(x) · · · Fd−1(x))).
Then the following assertions hold:
(1) i divides deg(Fi(x)) for i = 1, . . . , d,
(2) Fi(x) divides Fi(xp) for i = 1, . . . , d,
(3) for
S = 1 deg(Fi(x)), i even i
152 |
Chapter 3 RECOGNIZING PRIMES AND COMPOSITES |
||
|
we have |
p |
. |
|
(−1)S = |
||
|
|
disc(f ) |
|
Assertion (1) follows, since Fi(x) is precisely the product of the degree-i irreducible factors of f (x), so its degree is a multiple of i. Assertion (2) holds for all polynomials in Fp[x]. Assertion (3) is a little trickier to see. The idea is
to consider the Galois group for the polynomial f (x) over Fp. The Frobenius
automorphism (which sends elements of the splitting field of f (x) to their p-th powers) of course permutes the roots of f (x) in the splitting field. It acts as a cyclic permutation of the roots of each irreducible factor, and hence the sign of the whole permutation is given by −1 to the number of even-degree irreducible factors. That is, the sign of the Frobenius automorphism is exactly (−1)S . However, it follows from basic Galois theory that the Galois group of a polynomial with distinct roots consists solely of even permutations of the roots if and only if the discriminant of the polynomial is a square. Hence
the sign of the Frobenius automorphism is identical to the Legendre symbol disc(f )
p
The idea of Grantham is that the above assertions can actually be numerically checked and done so easily, even if we are not sure that p is prime. If one of the three assertions does not hold, then p is revealed as composite. This, then, is the core of the Frobenius test. One says that n is a Frobenius pseudoprime with respect to the polynomial f (x) if n is composite, yet the test does not reveal this.
For many more details, the reader is referred to [Grantham 1998, 2001].
3.7 Counting primes
The prime number theorem (Theorem 1.1.4) predicts approximately the value of π(x), the number of primes p with p ≤ x. It is interesting to compare these predictions with actual values, as we did in Section 1.1.5. The computation of
π 1021 = 21127269486018731928
was certainly not performed by having a computer actually count each and every prime up to 1021. There are far too many of them. So how then was the task actually accomplished? We give in the next sections two di erent ways to approach the interesting problem of prime counting, a combinatorial method and an analytic method.
3.7.1Combinatorial method
We shall study here an elegant combinatorial method due to Lagarias, Miller, and Odlyzko, with roots in the work of Meissel and Lehmer; see [Lagarias et al. 1985], [Del´eglise and Rivat 1996]. The method allows the calculation of π(x) in bit complexity O x2/3+ , using O x1/3+ bits of space (memory).
3.7 Counting primes |
153 |
Label the consecutive primes p1, p2, p3, . . ., where p1 = 2, p2 = 3, p3 = 5, etc. Let
φ(x, y) = #{1 ≤ n ≤ x : each prime dividing n is greater than y}.
Thus φ(x, pa) is the number of integers left unmarked in the sieve of
Eratosthenes, applied to the interval [1, x], after sieving with p1, p2, . . . , pa.
√ √
Since sieving up to x leaves only the number 1 and the primes in ( x, x], we have √ √
π(x) − π x + 1 = φ x, x .
One could easily use this idea to compute π(x), the time taking O(x ln ln x) operations and, if the sieve is segmented, taking O x1/2 ln x space. (We shall begin suppressing ln x and ln ln x factors for simplicity, sweeping them under a rather large rug of O(x ). It will be clear that each x could be replaced, with a little more work, with a small power of logarithm and/or double logarithm.)
A key thought is that the sieve not only allows us to count the primes, it also identifies them. If it is only the count we are after, then perhaps we can be speedier.
We shall partition the numbers counted by φ(x, y) by the number of prime factors they have, counted with multiplicity. Let
φk(x, y) = #{n ≤ x : n has exactly k prime factors, each exceeding y}.
Thus, if x ≥ 1, φ0(x, y) is 1, φ1(x, y) is the number of primes in (y, x], φ2(x, y) is the number of numbers pq ≤ x where p, q are primes with y < p ≤ q, and so on. We evidently have
φ(x, y) = φ0(x, y) + φ1(x, y) + φ2(x, y) + · · · .
Further, note that φk(x, y) = 0 if yk ≥ x. Thus,
φ x, x1/3 |
= 1 + π(x) − π x1/3 + φ2 |
x, x1/3 . |
|
(3.20) |
||||||
π x1/3 . |
|
|
|
|
can compute φ x, x1/3 |
, φ2 x, x |
1/3 |
and |
||
One then can find π(x) if one |
|
|
||||||||
The computation of π |
|
x1/3 |
can be accomplished, of course, using the |
|||||||
|
|
nothing fancy. The next easiest ingredient in (3.20) |
||||||||
Eratosthenes sieve and |
|
|
1/3 |
|
|
|
|
|
|
|
is the computation of φ |
2 |
x, x |
, which we now describe. This quantity is |
|||||||
found via the identity |
|
|||||||||
|
|
1/3 |
) − |
1/2 |
) + x1/3<p≤x1/2 |
π(x/p), |
|
(3.21) |
||
φ2(x, x1/3) = π(x2 |
|
π(x2 |
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
where in the sum the letter p runs over primes. To see why (3.21) holds, we begin by noting that φ2 x, x1/3 is the number of pairs of primes p, q with x1/3 < p ≤ q and pq ≤ x. Then p ≤ x1/2. For each fixed p, the prime q is
154 |
Chapter 3 RECOGNIZING PRIMES AND COMPOSITES |
allowed to run over the interval [p, x/p], and so the number of choices for q is π(x/p) − π(p) + 1. Thus,
φ2(x, x1/3) = |
|
|
|
|
|
|
|
|
|
|
|
||
|
|
(π(x/p) − π(p) + 1) |
|
|
|
|
|
||||||
|
|
|
|
x1/3<p≤x1/2 |
|
|
|
|
|
|
|
|
|
|
|
= |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
π(x/p) − |
|
(π(p) − 1). |
|
|
|||||
|
|
|
|
x1/3<p≤x1/2 |
|
x1/3<p≤x1/2 |
|
|
|
|
|
||
The last sum is |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
π(x1/2) |
|
π(x1/3) |
|
|
|
|
|
|
|
|
|
(j − 1) = |
|
|
|
(j − 1) |
|
|
|
||
|
|
|
|
|
(j − 1) − |
|
|
|
|||||
π(x |
1/3 |
)<j≤π(x |
1/2 |
) |
j=1 |
|
j=1 |
|
|
|
|
|
|
|
|
1/2 |
) |
1/3 |
) , |
|
|
|
|
||||
|
|
|
|
|
|
|
|
|
|
||||
|
|
|
|
|
= π(x2 |
− π(x2 |
|
|
|
|
|||
which proves (3.21). |
|
|
|
|
|
|
|
|
|
|
|
||
To use (3.21) to compute φ2 x, x1/3 we shall compute π x1/3 , π |
x1/2 , |
||||||||||||
and the sum of the π(x/p). We |
have already computed π x1/3 |
. The |
|||||||||||
|
|
|
|
|
|
|
|
||||||
computation of π x1/2 |
|
can again be done using the simple |
Eratosthenes |
||||||||||
|
|
|
|
|
|
|
|
||||||
sieve, except that the |
sieve is segmented into blocks of size about x1/3 |
to |
|||||||||||
|
|
|
|
|
|
|
|
|
|||||
preserve the space bound for the algorithm. Note that in the sum of π(x/p) in (3.21), each x/p < x2/3. Thus a simple sieve of Eratosthenes can likewise compute the sum of π(x/p) in total time O x2/3+ . We do this within the space allotment of O x1/3+ as follows. Let N ≈ x1/3 be a convenient number for segmenting the sieve, that is, we look at intervals of length N , beginning at x1/2. Assuming that we have already computed π(z), we use a sieve (with stored primes less than x1/3) in the interval [z, z + N ) to compute the various π(x/p) for x/p landing in the interval, and we compute π(z + N ) to be used in computations for the next interval. The various π(x/p)’s computed are put into a running sum, and not stored individually. To find which p have x/p landing in the interval, we have to apply a second sieve, namely to the interval (x/(z + N ), x/z], which lies in x1/3, x1/2,. The length of this interval is less than N so that space is not an issue, and the sieve may be accomplished using a stored list of primes not exceeding x1/4 in time O x1/3+ . When z is large, the intervals (x/(z + N ), x/z] become very short, and some time savings may be made (without altering the overall complexity), by sieving an interval of length N in this range, storing the results, and using these for several di erent intervals in the upper range.
To compute π(x) with (3.20) we are left with the computation of
φx, x1/3 . At first glance, this would appear to take about x steps, since it counts the number of uncanceled elements in the sieve of Eratosthenes applied to [1, x] with the primes up to x1/3. The idea is to reduce the calculation of
φx, x1/3 to that of many smaller problems. We begin with the recurrence
φ(y, pb) = φ(y, pb−1) − φ(y/pb, pb−1), |
(3.22) |
3.7 Counting primes |
155 |
for b ≥ 2. We leave the simple proof for Exercise 3.33. Since φ(y, 2) |
= |
(y + 1)/2 , we can continue to use (3.22) to eventually come down to expressions φ(y, 2) for various choices of y. For example,
φ(1000, 7) = φ(1000, 5) − φ(142, 5)
=φ(1000, 3) − φ(200, 3) − φ(142, 3) + φ(28, 3)
=φ(1000, 2) − φ(333, 2) − φ(200, 2) + φ(66, 2)
− φ(142, 2) + φ(47, 2) + φ(28, 2) − φ(9, 2)
=500 − 167 − 100 + 33 − 71 + 24 + 14 − 5
=228.
Using this scheme, we may express any φ(x, pa) as a sum of 2a−1 terms. In fact, this bottom-line expression is merely the inclusion–exclusion principle applied to the divisors of p2p3 · · · pa, the product of the first a − 1 odd primes. We have
φ(x, pa) = n |
p2p3 |
pa |
µ(n)φ(x/n, 2) = n |
p2p3 |
pa µ(n) x/n2+ 1 |
, |
|
| |
··· |
|
| |
··· |
|
|
|
where µ is the M¨obius function see Section 1.4.1.
For a = π(x1/3), clearly 2a−1 terms is too many, and we would have been better o just sieving to x. However, we do not have to consider any n in the sum with n > x, since then φ(x/n, 2) = 0. This “truncation rule” reduces the number of terms to O(x), which is starting to be competitive with merely sieving. By fiddling with this idea, we can reduce the O-constant to a fairly small number. Since 2 · 3 · 5 · 7 · 11 = 2310, by computing a table of values of φ(x, 11) for x = 0, 1, . . . , 2309, one can quickly compute any φ(x, 11): It is ϕ(2310) x/2310 + φ(x mod 2310, 11), where ϕ is the Euler totient function. By halting the recurrence (3.22) whenever a b value drops to 11 or a y/pb value drops below 1, we get
φ(x, pa) = µ(n)φ(x/n, 11).
n|p6p7···pa n≤x
If a = π x1/3 , the number of terms in this sum is asymptotic to cx with
c = ρ(3)ζ(2)−1 5 pi/(pi + 1), where ρ is the Dickman function (see Section
i=1
1.4.5), and ζ is the Riemann zeta function (so that ζ(2) = 6/π2). This expression for c captures the facts that n has no prime factors exceeding x1/3, n is squarefree, and n has no prime factor below 12. Using ρ(3) ≈ 0.0486, we get that c ≈ 0.00987. By reducing a to π x1/4 (and agreeing to compute φ3 x, x1/4 in addition to φ2 x, x1/4 ), we reduce the constant c to an expression where ρ(4) ≈ 0.00491 replaces ρ(3), so that c ≈ 0.000998. These machinations amount, in essence, to the method of Meissel, as improved by Lehmer, see [Lagarias et al. 1985].
156 |
Chapter 3 RECOGNIZING PRIMES AND COMPOSITES |
However, our present goal is to reduce the bit complexity to O x2/3+ . We do this by using a di erent truncation rule. Namely, we stop using the recurrence (3.22) at any point φ(y, pb) where either
(1)pb = 2 and y ≥ x2/3, or
(2)y < x2/3.
Here, y corresponds to some number |
x/n where n |
p |
|
p |
|
· · · |
p |
|
. The number |
||
|
1/3 |
| |
|
2 |
|
3 |
|
a |
|
||
of type-1 terms clearly does not exceed x |
|
, since such terms correspond to |
|||||||||
values n < x1/3. To count the number of type-2 terms, note that a “parent” of φ(x/n, pb) in the hierarchy is either the term φ(x/n, pb+1) or the term φ(x/(n/pb+1), pb+1). The latter case occurs only when pb+1 is the least prime factor of n and n/pb+1 ≤ x1/3, and the former case never occurs, since it would already have been subjected to a type-2 truncation. Thus, the number
of type-2 terms is at most the number of pairs m, p |
x1/3 and p |
|
||||
b, where m ≤ |
|
1/3 |
π(x |
1/3 |
|
b |
is smaller than the least prime factor of m. This count is at most x |
|
|
), |
|||
so the number of type-2 terms is less than x2/3. For an integer m > 1, let
Pmin(m) = the least prime factor of m.
We thus have using the above truncation rule that
φ(x, pa) = |
|
µ(m) |
|
x/m + 1 |
|
|
|
|
(3.23) |
|
|
|
|
|
|
|
|
|
|||
m|p2 31···/3 a |
|
2 |
|
|
|
|
|
|
||
p |
p |
|
|
|
|
|
|
|
|
|
m≤x |
|
|
µ(m) pb+1<Pmin(m) |
|
mpb+1 |
, pb . |
||||
− m p2p3 pa |
φ |
|||||||||
|
|
···1/3 |
|
|
|
|
x |
|
||
|
| |
1/3 |
|
|
|
|
||||
|
1<m≤x |
|
pb+1m>x |
|
|
|
|
|
||
We apply (3.23) with a = π(x1/3). The first sum in (3.23), corresponding to type-1 terms, is easy to compute. With a sieve, prepare a table T of the odd squarefree numbers m ≤ x1/3, together with their least prime factor (which will be of use in the double sum), and the value µ(m). (Each sieve location corresponds to an odd number not exceeding x1/3 and starts with the number 1. The first time a location gets hit by a prime, we record this prime as the least prime factor of the number corresponding to the sieve location. Every time a prime hits at a location, we multiply the entry at the location by −1. We do this for all primes not exceeding x1/6 and then mark remaining entries with the number they correspond to, and change the entry to −1. Finally, we sieve with the squares of primes p2 for p ≤ x1/6, and any location that gets hit gets its entry changed to 0. At the end, the numbers with nonzero entries are the squarefree numbers, the entry is µ of the number, and the prime recorded there is the least prime factor of the number.) The time and space to prepare table T is O(x1/3+ ), and with it we may compute the first sum in (3.23) in time O(x1/3+ ).
3.7 Counting primes |
157 |
The heart of the argument is the calculation of the double sum in (3.23). We first describe how to compute this sum using O x2/3+ space and time, and later show how segmentation can cut down the space to O(x1/3+ ). Prepare a table T of triples µ(m), x/(mpb+1) , b, where m runs over numbers greater than 1 in the table T previously computed, and b runs over numbers such that pb+1 < Pmin(m) and mpb+1 > x1/3. Note that all of the numbers x/(mpb+1) are less than x2/3. Sieve the interval +1, x2/3, with the primes not exceeding x1/3. At stage b we have sieved with p1, p2, . . . , pb, and thus we can read o φ(y, b) for any y ≤ x2/3. We are interested in the values y = x/(mpb+1) .
However, just knowing which numbers are coprime to p1p2 · · · pb is not the same as knowing how many there are up to y, which requires an additional computation. Doing this for each b would increase the bit complexity to O x1+ . This problem is solved via a binary data structure. For i = 0, 1, . . . , lg n , consider the intervals
Ii,j = (j − 1)2i, j2i,
for j a positive integer and Ii,j +1, x2/3,. The total number of these intervals is O x2/3 . For each of the intervals Ii,j , let
A(i, j, b) = #{n Ii,j : gcd(n, p1p2 . . . pb) = 1}.
The plan is to compute all of the numbers A(i, j, b) for a fixed b. Once these are computed, we may use the binary representation of x/(mpb+1) and add up the appropriate choices of A(i, j, b) to compute φ( x/(mpb+1) , pb).
So, we now show how the numbers A(i, j, b) are to be computed from the
i |
− |
1) (where the initial values A(i, j, 0) are set equal |
previous values A(i, j, b |
|
to 2 ). Note that in the case i = 0, the interval I0,j contains only the integer j, so that A(0, j, b) is 1 if j is coprime to p1p2 · · · pb, and is 0 otherwise. For integers l ≤ x/pb, we update the numbers A(i, j, b) corresponding to intervals Ii,j containing lpb. The number of such intervals for a given lpb is O(ln x). If A(0, j, b− 1) = 0, where j = lpb, then no update is necessary in any interval. If
A(0, j, b |
− |
1) = 1, where again j = lp |
b, we set each |
relevant A(i, j, b) equal to |
||||||||||||||||||||||||
|
|
|
|
|
|
|
|
|
2/3 |
(ln x)/pb |
, so summing |
|||||||||||||||||
A(i, j, b−1)−1. The total number of updates is O |
|
|
x |
|
||||||||||||||||||||||||
for pb |
≤ |
x1/3, an estimate O x2/3+ accrues. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||||||||||
|
|
|
|
|
|
|
argument is O(x2/3+ |
|
|
|
|
|
|
|
|
|
|
1/3+ |
), |
|||||||||
The space for the above |
|
|
|
|
|
|
). To reduce it to O(x |
|
|
|||||||||||||||||||
we let k be |
the integer with x1/3 |
k≤ 2 |
k |
< 2x |
1/3 |
, and then we segment the |
||||||||||||||||||||||
2/3 |
|
in blocks of size 2 |
|
|
|
|
||||||||||||||||||||||
interval |
1, x |
|
|
, where perhaps the last block is short, or |
||||||||||||||||||||||||
|
|
little beyond x2/3 |
. The r-th block is (r |
|
|
|
1)2 |
k |
, r2 |
k |
, namely, it is the |
|||||||||||||||||
we go a + |
|
|
, |
|
− |
|
|
|||||||||||||||||||||
interval I |
|
|
|
|
|
|
|
|
|
|
|
|
numbers φ |
(r |
− |
1)2k |
, p |
b |
||||||||||
for all b |
r,k. When we reach it, we have stored the |
|
|
|
|
, |
|
|
|
|||||||||||||||||||
|
|
≤ |
|
|
|
from the prior block. We next use the table T |
|
|
|
|
|
|||||||||||||||||
earlier to find the triples µ(m), x/(mpb+1) , b where x/(mpb+1) is in the r-th block. The intervals Ii,j fit neatly in the r-th block for i ≤ k, and we do not need to consider larger values of i. Everything proceeds as before, and we compute each relevant φ(x/(mpb+1), pb) where x/(mpb+1) is in the r-th