mersenneforum.org (https://www.mersenneforum.org/index.php)
-   And now for something completely different (https://www.mersenneforum.org/forumdisplay.php?f=119)
-   -   FastECPP software and 50000 digit primality proof (reposted from NMBRTHRY) (https://www.mersenneforum.org/showthread.php?t=27775)

 Batalov 2022-05-06 21:16

FastECPP software and 50000 digit primality proof (reposted from NMBRTHRY)

[QUOTE="Andreas Enge @inria.fr"]
Dear colleagues,

I am pleased to announce the release of a new free software for creating
elliptic curve primality proofs using the fastECPP algorithm due to
Morain, Franke, Kleinjung and Wirth [1, 2]. It is available under the
GPL version 3 or later at
[url]https://www.multiprecision.org/cm/[/url]

It relies on the approach of computing class polynomials by complex
approximations as described in [3]. Optimal class invariants are chosen
derived from Weber functions [4], simple [5] or double eta quotients [6],
including cases where it is enough to compute lower-degree subfields of
the class field [7]. The evaluation of modular functions, which is the
most important part of the class polynomial computation, is optimised
following [3, 8]. To ease the step of factoring class polynomials modulo
primes, the class fields are then represented as a tower of cyclic Galois
extensions of prime degree following [9].

The software relies on a number of libraries from the GNU project,
notably GMP [10], MPFR [11] and MPC [12], and on PARI/GP [13] for
computations with class groups and for root finding modulo a prime.

The code has been used to prove a record prime of about 50000 digits;
indeed it has shown that [URL="http://factordb.com/index.php?id=1100000000213115214"]10^50000+65859[/URL] is the smallest prime with
50001 digits. The certificate is available at
in PARI/GP format [13] and at
in Primo format [14] as converted by PARI/GP code written by
J. Asuncion, who is also the author of the fastECPP implementation in
PARI/GP. Parallelisation uses MPI.

Computations have been carried out on the PlaFRIM [15] and MCIA [16]
clusters in Bordeaux.

The first phase of the record, in which a list of discriminants and
candidate orders of points on elliptic curves is produced, has taken
about 26 days of wallclock time and 67 years of CPU time, in several
runs on clusters with 752 to 1328 cores. Of this CPU time, about 8%
has been devoted to the computation of square roots modulo a prime by
Cornacchia's algorithm, about 65% to removing smooth factors from curve
cardinalities, and about 15% to internal primality tests. This imbalance
probably indicates non-optimal choices of parameters. On the other hand,
it leads to very short certificates: We reach a length of only 1645 steps,
as opposed to the 3794 steps in the recent 49000 digits record [17],
which implies that verification time is proportionally lower.
For the specialists, the parameters were as follows: Discriminants with
absolute value up to about 6.9*10^9, leading to class numbers with prime
factors up to 157 (and no bound on the class numbers themselves), and
a smoothness bound of about 5.5*10^11 for partial factorisation of point
orders.

The second phase of the record, in which complex multiplication produces
a list of elliptic curves and points of (recursively shown to be) prime
orders on them, has taken about 74 days of wallclock time and less than
4 years of CPU time on a few machines with 32 to 256 cores in total.
Depending on the largest factor of the class number, each step may take
a vastly differing amount of time. The longest step has taken close to
10 days for factoring a class polynomial for the discriminant -345992327
of class number 13112=2^3*11*149 for an intermediate prime of about
47800 digits; this would also have been the wallclock time for this phase
had it been run sufficiently in parallel. Of the total CPU time, about
96% has been devoted to finding roots of class polynomials, about 3% to
verifying point orders, and only about 1% to the construction of the class
polynomials.

Verification of the certificate takes a little over 4 hours using PARI/GP
on a machine with 128 cores.

Andreas Enge

[1] F. Morain: "Implementing the asymptotically fast version of the
elliptic curve primality proving algorithm", Mathematics of Computation
76 (257), 2007, pp. 493-505
[2] J. Franke, T. Kleinjung, F. Morain and T. Wirth: "Proving the Primality
of Very Large Numbers with fastECPP", in Duncan Buell: "Algorithmic
Number Theory - ANTS-VI", Lecture Notes in Computer Science 3076,
Springer-Verlag, Berlin 2004, pp. 194-207
[3] A. Enge: "The complexity of class polynomial computation via floating
point approximations", Mathematics of Computation 78 (266), 2009,
pp. 1089-1107
[4] R. Schertz: "Die singulären Werte der Weberschen Funktionen $f$,
$f_1$, $f_2$, $\gamma_2$, $\gamma_3$", Journal für die reine und
angewandte Mathematik 286/287, 1976, pp. 46-74
[5] A. Enge and F. Morain: "Generalised Weber Functions", Acta Arithmetica
164 (4), 2014, pp. 309-341
[6] A. Enge and R. Schertz: "Constructing elliptic curves over finite
fields using double eta-quotients", Journal de Théorie des Nombres de
Bordeaux 16, 2004, pp. 555-568
[7] A. Enge and R. Schertz: "Singular values of multiple eta-quotients
for ramified primes", LMS Journal of Computation and Mathematics 16,
2013, 407-418
[8] A. Enge, W. Hart and F. Johansson: "Short addition sequences for theta
functions", Journal of Integer Sequences 18 (2), 2018, pp. 1-34
[9] A. Enge and F. Morain: "Fast Decomposition of Polynomials with Known
Galois Group", in Marc Fossorier, Tom Høholdt and Alain Poli (editors):
"Applied Algebra, Algebraic Algorithms and Error-Correcting Codes -
AAECC-15", Lecture Notes in Computer Science 2643, Springer-Verlag,
Berlin 2003, pp. 254-264
[10] Torbjörn Granlund et al.: "GMP - The GNU Multiple Precision Arithmetic
Library", release 6.2.1, 2020, [url]http://gmplib.org/[/url]
[11] Guillaume Hanrot, Vincent Lefèvre, Patrick Pélissier, Paul Zimmermann
et al.: "GNU MPFR - A library for multiple-precision floating-point
computations with exact rounding", release 4.1.0, 2020,
[url]http://www.mpfr.org/[/url]
[12] A. Enge, M. Gastineau, P. Théveny and P. Zimmermann: "GNU MPC - A
library for multiprecision complex arithmetic with exact rounding",
release 1.2.1, 2020, [url]https://www.multiprecision.org/mpc/[/url]
[13] PARI Group: "PARI/GP", release 2.13.4, 2022, [url]https://pari.math.u-bordeaux.fr/[/url]
[14] M. Martin: "Primo", release 4.3.3, 2020,
[url]http://www.ellipsa.eu/public/primo/primo.html[/url]
[15] PlaFRIM, Plateforme Fédérative pour la Recherche en Informatique et Mathématiques, [url]https://www.plafrim.fr/[/url]
[16] MCIA, Mésocentre de Calcul Intensif Aquitain, [url]https://www.mcia.fr/[/url]
[17] [url]https://primes.utm.edu/primes/page.php?id=133761[/url]
[/QUOTE]
Exciting development. The early preview was visible since last August:
[QUOTE]rank prime digits who when comment
64129 U(148091) 30949 x49 Sep 2021 Fibonacci number, ECPP
66197 (2^95369 + 1)/3 28709 x49 Aug 2021 Generalized Lucas number, Wagstaff, ECPP[/QUOTE]

 paulunderwood 2022-05-06 22:05

An amazing feat! Such parallelism and clever mathematics run on some very big hardware. I take my hat off to these provers. :smile:

 ATH 2022-05-06 23:17

So 71 years of CPU time for 51,000 digits vs 20 months * 64 cores ~ 107 years of CPU time for 49,081 digits.
But depends on how comparable those CPU core years are.

51,000 digits is supposed to take (51000/49081)^3.75 ~ 15% longer ? At least with Primo.

 Batalov 2022-05-06 23:29

Note in their text that they say "This <<...>> probably indicates non-optimal choices of parameters. On the other hand, it leads to very short certificates: We reach a length of only 1645 steps" (!!).

They call it a pre-release. They will likely optimize it even more.

Btw, I had to "massage" their cert a little bit, but then factorDB took it. Took 3 iterations slightly reformatting the file (and to rename it into .out file)

 paulunderwood 2022-05-06 23:31

[QUOTE=ATH;605381]So 71 years of CPU time for 51,000 digits vs 20 months * 64 cores ~ 107 years of CPU time for 49,081 digits.
But depends on how comparable those CPU core years are.

51,000 digits is supposed to take (51000/49081)^3.75 ~ 15% longer ? At least with Primo.[/QUOTE]

It is 50,001 digits. My estimate for Primo is (50001/49081)^4 = 1.077 or 7.7% longer.

I used quad channel DDR 2400MHz for R49081's certification. I guess they were using octa channel most of the time, but that does not explain their speed fully. There is marginal gain by having fewer stage 2 steps to do.

 paulunderwood 2022-05-06 23:33

[QUOTE=Batalov;605382]Note in their text that they say "This <<...>> probably indicates non-optimal choices of parameters. On the other hand, it leads to very short certificates: We reach a length of only 1645 steps" (!!).

They call it a pre-release. They will likely optimize it even more.

Btw, I had to "massage" their cert a little bit, but then factorDB took it. Took 3 iterations slightly reformatting the file (and to rename it into .out file)[/QUOTE]

 Batalov 2022-05-06 23:50

I made a shorter jump and forwarded NMBRTHRY email to Caldwell. (though he is surely on the list.*)

________
* Funny story: a few years ago a ton (literally!) of porn links started coming every day via NMBRTHRY email list. It went on for quite a while. Many folks, I am afraid, unsubscribed from it at that point. Since then it has been moderated with huge delays. One curious example was when an invitation to a December conference was sent out in March.

 ixfd64 2022-05-07 00:33

This is great news for two reasons:

1. It's a new ECPP world record.
2. We finally have an open-source ECPP implementation that can compete with Primo. I'm aware that Marcel has no obligation to make Primo open source, but I do feel that closed-source software goes against the spirit of science.

 Puzzle-Peter 2022-05-07 07:31

Holy s**t!

Hats off and congrats to all those involved. That is some serious soft- and hardware. I wonder how big the code can go? There are so many interesting numbers from 50K to 100K digits. Just the electricity cost alone will make such a number pretty valuable :smile:

 mathwiz 2022-05-07 13:51

Fantastic!