For a prime $p$, let $c_n(p)$ denote the fraction of $n\times n$ matrices over $\mathbb{F}_p$ whose determinant is a primitive root modulo $p$, and let $c(p)=\lim_{n\to\infty}c_n(p)$ be the limiting density. This quantity governs the efficiency of PRIM-LWE, a variant of the learning with errors (LWE) problem in which the secret matrix is required to have primitive-root determinant. The value $1/c(p)$ equals the expected rejection-sampling overhead in the reduction from standard LWE to PRIM-LWE. We prove unconditionally that $\inf_{p\text{ prime}}c(p)=0$, resolving an open question from the PRIM-LWE literature, and establish the rate $\min_{p\le x}c(p)\asymp 1/\log\log x$ as $x\to\infty$. We show that $c(p)$, viewed as a function on the primes, has a continuous, purely singular limiting distribution with support $[0,1/2]$ and Hausdorff dimension $0$. The moments of this limiting distribution are given by convergent Euler products, and the Mellin transform $\mathbb{E}[X^s]$ extends analytically to $\operatorname{Re}(s)>0$. Using the number of distinct prime factors $ω(p-1)$, we derive explicit lower bounds: for every prime $p>2^{30}$ the overhead satisfies $1/c(p) < 1.79\log p$, and in general $1/c(p)=O(\log\log p)$. We also describe a certified algorithm for evaluating $c(p)$ and tabulate values for primes of cryptographic interest.

翻译：对于素数$p$，令$c_n(p)$表示$\mathbb{F}_p$上$n\times n$矩阵中行列式为模$p$本原根的比例，并令$c(p)=\lim_{n\to\infty}c_n(p)$为极限密度。该量控制着PRIM-LWE（一种学习带误差问题（LWE）的变体，其中秘密矩阵要求具有本原根行列式）的效率。值$1/c(p)$等于从标准LWE到PRIM-LWE归约中预期的拒绝采样开销。我们无条件证明$\inf_{p\text{ 素数}}c(p)=0$，解决了PRIM-LWE文献中的一个开放问题，并建立了当$x\to\infty$时速率$\min_{p\le x}c(p)\asymp 1/\log\log x$。我们证明了$c(p)$作为素数上的函数具有连续、纯奇异的极限分布，其支撑集为$[0,1/2]$，豪斯多夫维数为$0$。该极限分布的矩由收敛的欧拉积给出，且梅林变换$\mathbb{E}[X^s]$可解析延拓到$\operatorname{Re}(s)>0$。利用不同的素因子个数$\omega(p-1)$，我们推导出显式下界：对于每个素数$p>2^{30}$，开销满足$1/c(p) < 1.79\log p$，一般情况下$1/c(p)=O(\log\log p)$。我们还描述了一种计算$c(p)$的可认证算法，并给出了密码学兴趣素数的取值表。