Zulip Chat Archive
Stream: lean4
Topic: proving a specific p is Prime
David Stainton 🦡 (Aug 23 2024 at 11:01):
Lately I've been using mathlib's ZMod to make the prime order fields for various elliptic curves for cryptography such as X25519. However I've had to apologize to the Lean compiler for not being able to prove p is prime. Is there a known solution in Lean for proving a specific large p is prime? Looks like in the coq world there is coqprime which produces Pocklington certificates.
def p : â„• := 2^255 - 19
def basepoint : ZMod p := 9
def keySize : â„• := 32
theorem p_is_prime : Nat.Prime p := by sorry
instance fact_p_is_prime : Fact (Nat.Prime p) := ⟨p_is_prime⟩
instance : Field (ZMod p) := ZMod.instField p
Ruben Van de Velde (Aug 23 2024 at 11:49):
In theory this is a job for norm_num, but I don't know how well it handles big numbers
Daniel Weber (Aug 23 2024 at 12:18):
Daniel Weber (Aug 23 2024 at 12:22):
This uses Pollard's rho algorithm for factoring p-1, which is too slow — you should probably manually create a Pratt certificate for your prime
David Stainton 🦡 (Aug 23 2024 at 15:29):
Alright thanks! I'll look into creating a pratt certificate.
Last updated: May 02 2025 at 03:31 UTC