



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Fermat's little theorem and its applications to primality testing through the fermat test, euler test, and rabin-miller test. The conditions for composite and prime numbers based on fermat's theorem, counterexamples, and the limitations and improvements of each test.
Typology: Study notes
1 / 6
This page cannot be seen from the preview
Don't miss anything!




If
a (^) n − 1 / 1 (mod≡
n )
for some
a with
a
/ 0 (mod≡
n ), then
n is composite.
Inverse to Fermat’s Little Theorem ( Unfortunately, the inverse statement is not always true.This statement is absolute: There are no exceptions.
not always true
If
a (^) n − 1 ≡ (^1)
(mod
n ) for some
a with
a
/ 0 (mod≡
n ), then
n is prime.
Some counterexamples:
340
1 (mod 341), but 341 = 11
31 is composite, and
560
1 (mod 561), but 561 = 3
(^) 17 is composite.
561 is a Fermat pseudoprime to the base 5.We say that 341 is a Fermat pseudoprime (to the base 2), and
It is even possible for
a (^) n − 1 ≡ (^) 1 (mod
n ) to hold for
every
a with
gcd(
a , (^) n ) = 1, and still have
n be composite.
This occurs if
n is a Carmichael number (also called an absolute
pseudoprime to any baseFermat pseudoprime). A Carmichael number is a Fermat
a
with gcd(
a , (^) n ) = 1.
10000:Carmichael numbers are fairly rare: There are only seven less than
In fact, there are only 585,355 Carmichael numbers less than 10
17 .
Given a randomly chosen odd integer
n less than 10
17 , the
probability that
n is a Carmichael number is only a little over
− 11
(about one in one hundred billion).
For a randomly chosen odd integer
(^) n
with 100 to 300 digits, the
probability that
n is a Carmichael number appears to be exceedingly
low (for practical purpose, zero).
If
n is composite and not a Carmichael number, then there are at most
ϕ ( n )
(^) 2 values of
a (
a <
n ) for which
a (^) n − 1 ≡ (^) 1 (mod
n ).
Let
n be any odd integer, other than a Carmichael number.
Say we choose 50 random integers
a and compute that each
satisfies
a (^) n − 1 ≡
1 (mod
n ).
The probability that this would occur if
n is composite is at most
− 50
≈ 10
− 15 .
So we can say with reasonable certainty that
n is prime.
If
n is composite and not a Carmichael number, then it is actually
possible to have
ϕ ( n )
(^) 2 values for which
a (^) n − 1 ≡ (^) 1 (mod
n ).
For example, take
n = 91 = 7
ϕ ( n ) = 6
There are 36 values of
a with
a 72
≡ (^) 1 (mod 91), namely
a = 1, 3,
But this is unusual.
For nearly all odd composite integers
n (other than Carmichael
numbers),
a (^) n − 1 ≡ 1 (mod
n ) for far fewer than
(^) ϕ
( n )
(^) 2 values of
a.
n
ϕ (n)
No of
a with
a n − 1 ≡^ 1 (mod
n )
This means that far fewer than the 50 random values of
a ,
integer (not a Carmichael number) is prime, with near certainty.mentioned earlier, are typically sufficient to show that an odd
For a randomly chosen odd integer
n with 100 to 300 digits, it appears
that if
a (^) n − 1 ≡ 1 (mod n) for even a single randomly chosen
a , then
(^) n
is
Fermat Test for Primality: prime with probability very close to 1.
To test whether n is prime or composite,
choose
a at random and compute
(^) a (^) n − 1 (mod
n ).
i)
If
a (^) n − 1 ≡
1 (mod
n ), declare
n a probable prime, and
optionally repeat the test a few more times.
ii)
If
a (^) n − 1 ≡^ / 1 (mod
n ), declare
n composite, and stop.
numbers.We have seen that the Fermat test is really quite good for large
One limitation:
If someone is supposed to provide us with a prime
In any case, we can improve upon the Fermat test at almost no cost.the deception with the Fermat test.number, and sends a Carmichael number instead, we cannot detect
n is an odd prime, we know that an integer can have at most two
square roots, mod
n
. In particular, the only square roots of 1 (mod
n )
are
numbers).(by analogy with the absolute Fermat pseudoprimes, i.e., CarmichaelThe integers 1729 and 2465 are called absolute Euler pseudoprimes
These are composite odd integers such that
a ( (^) n − 1)/
1 (mod
n )
for every
a with
gcd
a , (^) n ) = 1.
(unless we happen to choose anThese number cannot be proven composite with the Euler test
a with
gcd
a , (^) n ) > 1, which is
exceedingly unlikely if
n is a large integer lacking small prime
factors.
1 (mod
n)
, then
n must be
composite.
If
a ( n − 1)/
1 (mod
n ), where
gcd
a (^) , n ) = 1, then
n must be
composite for one of two reasons:
i) If
a (^) n − 1 ≡^ / 1 (mod
n ), then
n must be composite by Fermat’s
Little Theorem
ii) If
a (^) n − 1 ≡ 1 (mod
n ), then
n must be composite because
a ( (^) n − 1)/
is a square root of 1 (mod
n ) different from
effort to find square roots of 1, different fromThe limitation of the Euler test is that is does not go to any special
test does do this.
because 2For example, recall the Euler Test declares 341 a probable prime
170
1 (mod 341).
But if we compute 2
85
(mod 341), we find 2
85
≡
32 (mod 341).
Thus 32 is a square root of 2
2 ⋅ 85
≡ 2 170
1 (mod 341), different
from
1, so we would find that 341 is composite.
In the Rabin-Miller test, we write
n − 1 = 2
s ⋅ m , with
m
odd and
s ≥
We then start by compute
a (^) m (mod^
n ) using fast exponentiation.
If
a m ≡
± 1 (mod
(^) n ), we declare n a probable prime, and stop.
Why? We know that a
(^) n − 1 ≡ ( a m ) 2 s ≡ 1 (mod n), and we will not
find a square root of 1, other than
1, in repeated squaring of a
m
to get a
(^) n − 1 .
Otherwise, unless
s = 1, we square
a m (mod
n ) to obtain
a 2 m .
If
a 2 m ≡
1 (mod
n ), we declare
n composite, and stop.
Why? a
m is a square root of a
2m
1 (mod n), different from
If
a 2 m ≡
− 1 (mod
n ), we declare
n a probable prime, and stop.
Why? Just as above, we know that a
(^) n − 1 ≡ 1 (mod n), and we
will not find a square root of 1, other than
1.
Otherwise, unless
s
= 2, we square
a 2 m
(mod
n ) to obtain
a 2 2 m .
If
a 2 2 m ≡
1 (mod
n ), we declare
n composite, and stop.
from Why? We have found a square root of 1 (mod n), different
1, just as above
If
a 2 m ≡ − 1 (mod
n ), we declare
n a probable prime, and stop.
Why? Just above, we know that a
(^) n − 1 ≡ 1 (mod n), and we will
not find a square root of 1, other than
1.
test, or (b) we have computed Otherwise we continue in this manner until either (a) we stop the
a 2 s − 1 m , and stopped if
a 2 s − 1 m ≡
a ( (^) n − 1)/
1 (mod
n ).
If we haven’t stopped by this point, we declare
n composite and
stop.
Why? Exactly as with the Euler test.
pseudoprime 1729, using Let us carry out the Rabin-Miller test on the absolute Euler
a = 671.
6 ⋅
So
s = 6,
m
= 27.
27
≡
1084
(mod 1729)
27 ⋅ 2 ≡ 1084
2 ≡
1065
(mod 1729)
27 ⋅ 2 2 ≡
1065
2 ≡
1
(mod 1729)
The test declares
n composite, and terminates.
Next we test a much larger integer,
n = 972133929835994161 (also a
Carmichael number), using
a = 2.
n − 1 = 2
4 ⋅^ (^) 60758370614749635.
60758370614749635
(mod
n )
2 (^) ⋅ (^60758370614749635)
2
(mod
n )
(mod
n )
2 2 ⋅^ (^60758370614749635)
2
(mod
n )
(mod
n )
2 3 ⋅^ (^60758370614749635)
2
(mod
n )
(mod
n )
The test declares
n composite, and terminates.
number,Next we test an integer that is composite, but not a Carmichael
n = 2857191047211793, using
a = 1003.
n −
1 = 2
4 ⋅^ (^) 178574440450737.
178574440450737
(mod
n )
2 ⋅ 178574440450737
2
(mod
n )
(mod
n )
2 2 ⋅ 178574440450737
2
(mod
n )
(mod
n )
2 3 ⋅ 178574440450737
2
(mod
n )
(mod
n )
The test declares
n
composite, and terminates.