Exam 2 Solutions. In class questions

Transcription

1 Math 5330 Spring 2018 Exam 2 Solutions In class questions 1. (15 points) Solve the following congruences. Put your answer in the form of a congruence. I usually find it easier to go from largest to smallest modulus. (a) x 5 pmod 21q x 6 pmod 25q Solution: Starting with x 6 pmod 25q, we have x 6 ` 25k 5 pmod 21q, which reduces to 4k 1 20 pmod 21q, so k 5 pmod 21q. Next, k 5 ` 21m so x 6 ` 25p5 ` 21mq 131 ` 525m. Thus, x 131 pmod 525q. If we use the first congruence first, then x 5 ` 21k 6 pmod 25q and we can try to do something clever like write 21k as 4k or just convert to a Diophantine equation: 21k 1`25j so k j` 1`4j 1`4j. We can write y or 21y 1`4j Ñ j 5y ` y 1. Setting y 1 gives j 5, k 6. More to the point, k 6 ` 25n 4 so x 5 ` 21p6 ` 25nq 131 ` 525n or x 131 pmod 525q. (b) x 5 pmod 7q x 2 pmod 12q x 8 pmod 13q Solution: Again, I ll start with the largest congruence. We have x 8`13k 2 pmod 12q, or k 6 6 pmod 12q. This means x 8 ` 13p6 ` 12jq 86 ` 156j 5 pmod 7q. Reducing, 2j 3 10 pmod 7q, or j 5 ` 7m. Thus, x 86 ` 156p5 ` 7mq 866 ` 1092m. We have x 866 pmod 1092q. As an aside, given an answer, you can check it. That is, you can check that x 866 is congruent to 5 modulo 7, 2 modulo 12, and 8 modulo (20 points) This problem considers the range of Euler s φ function. Note 1 is the only odd number in the range (φpnq 3 has no solutions, for example. It turns out not all even numbers are in the range either, with 14 being the smallest number with φpnq 14 having no solutions. Here, we show that 76 is not in the range. We proceed in steps. (a) Recall that if p n, then p 1 φpnq. For which primes p does p 1 divide 76? Solution: The divisors of are 1, 2, 4, 19, 38 and 76. Adding 1 gives 2, 3, 5, 20, 39, 77. Selecting the primes gives p 2, 3, 5 as primes with p 1 dividing 76.

2 Page 2 (b) If p 2 n then ppp 1q φpnq. For which primes p does ppp 1q divide 76? Solution: Since we need p 1 to be a possible divisor of 76, the only choices are 2, 3, 5. Of these, 3 and 5 do not divide 76 leaving only 2. (c) Use parts (a) and (b) to show φpnq 76 has no solutions. There might still be several cases to check. Solution: One approach: By parts (a) and (b), we must have n 2 a 3 b 5 c where only a can be larger than 1, and b, c could possibly be 0. If c 1 then n 5m so φpnq 4φpmq 76 meaning φpmq 19, an odd number, so this can t happen, and n 2 a or n 3 2 a. In these cases, φpnq 2 a 1 or φpnq 2 2 a 1 2 a. Either way, φpnq is a power of 2 but 76 is not a power of 2 so there are no solutions. An alternative approach is to ask how 19 gets to be a factor of φpnq. There are only two ways: Either 19 2 divides n or p n for some p with p 1 being a multiple of 19. But the only primes that can divide n by part (a) are 2, 3, 5, and these don t have the desired property so again there are no solutions. A proof from the class that was very nice: Again by parts (a), (b), n 2 a 3 b 5 c with a ď 3, b, c ď 1. The largest φpnq could possibly be is φp q ă 76 so there are no solutions. (d) Find another even m different from 14 and 76 for which φpnq m has no solutions. Hint: m 2p sometimes works. Solution: In fact, if 2p ` 1 is not prime then φpnq 2p has no solution n. The reason: The divisors of 2p are 1, 2, p, 2p, which means the only possible prime divisors of n would be 2, 3, p ` 1, 2p ` 1. But p ` 1 is even, and if 2p ` 1 is not prime, this only leaves 2 and 3 as possible prime divisors of n. As in part (c), this means φpnq must be a power of 2 and 2p is not a power of 2 so there are no solutions n. Numbers of this form (where 2p ` 1 is not prime) are p 7 (giving the 14 mentioned above), 13, 17, 19, 31,... leading to m values of 14, 26 (the most common answer on the exam), 38, 62,...

3 Page 3 3. (15 points) Consider the number n ˆ 109. (a) How many steps of the p 1 method are needed to factor n? Why? Solution: If p 11 then p 1 10, a divisor of 5! so it should take 5 steps. One might ask about the other prime, q 109. In this case, In order to pick up the second and third factors of 3, we would need k 9. that is, q 1 divides 9! but not 8! so we really should factor n in 5 steps. In fact, I did the calculation: 2 1! 2, 2 2! 4, 2 3! 64, 2 4! 808, 2 5! 826. If we subtract 1 from each of these and find the greatest common divisor of the result with 1111 we get 1, 1, 1, 1, 11, so we factor the number in 5 steps. (b) How many steps of Fermat s method are need to factor n? (Use x 0 r? 1199s 35.) Solution: We need px yqpx ` yq 11 ˆ 109 so x y 11, x ` y 109 Ñ 2x 120. Thus, x 60. We check x 35, x 36,..., x 60, so it takes = 26 steps. One person actually applied Fermat s method, factoring 1199 in 26 steps. (c) Fill out the following table, where a k a 2 k 1 ` 1 pmod 11q for each k. k a k a k{ a k a k{ Based on the table, how many steps does the rho method take to factor n? Explain. Solution: Based on the 0 s in the bottom line the rho method takes 8 steps (or 4 if one does double steps or counts only the steps where a subtraction/gcd is performed). The reason what the table shows is that a 8 a 4 0 pmod 11q, so when calculating gcdpa 8 a 4, nq this number will be divisible by 11. I did check: Here is the table with entries modulo 1199 rather than 11: k a k a k{ a k a k{ gcd

4 Page 4 Extra credit. 4. (5 points) Find the largest number m for which p 4 1 pmod mq for all primes p ą 5. Solution: One person noted that , ˆ 61. This puts 240 as the largest possibility for m. To actually prove that m 240 we need to prove that p 4 1 pmod 240q for every prime p ą 5. To that end, note that for p ą 5, p pmod 5q by Fermat s Little Theorem. This means 5 m. Similarly, p pmod 3q, so p 4 1 pmod 3q, and 3 m. Finally, p 4 1 pp 1qpp ` 1qpp 2 ` 1q, the product of three even numbers. Moreover, one of two consecutive even numbers is divisible by 4, giving another factor of 2. This means 16 m. Putting these together, m is divisible by 16, 3, and 5, so m is divisible by 240, showing that m (5 points) We call b the inverse of a modulo n if ab 1 pmod nq. (a) If a is relatively prime to n prove that the inverse of a is a φpnq 1 pmod nq. Solution: One of the easiest extra credit problems you will find! Let b a φpnq 1. Then ab a φpnq 1 pmod nq, as desired. (b) Use the binary squaring method and part a to find the inverse of 23 modulo 100. Solution: φp100q φp25qφp4q 20 ˆ 2 40, so by part (a), we want pmod 100q. The calculation goes like this: exponent value so ˆ 23 2 ˆ 23 4 ˆ ˆ 29 ˆ 41 ˆ pmod 100q. That is, the inverse of 23 is (6 points) Consider the first 10 odd primes: 3, 5,..., 31. (a) In what order do these primes appear when using the p 1 method? Hint: 3 appears first (after two steps). Solution: This was actually fairly straightforward. For each p, figure out k so p 1 divides k!. The only minor points: a prime like 17 has p 1 16 and it takes prime till 6! to get enough 2 s. k-value

5 Page 5 (b) In what order do these primes appear when using the rho method? Hint: 3 still appears first (after two steps). Solution: This is more involved that for the p 1 method. I calculated the first several x-values: x 1 2, x 2 5, x 3 26, x 4 677, x ` 1 and x 6 p677 2 ` 1q 2 ` 1. Now x 2 x 1 3, x 4 x and x 6 x 3 p677 2`1q2 52 p qp677 2`6q I found divisors 5, 7, 31 and 97 here. For the rest of the primes, I just made out charts as in problem 3(c). prime I got the following table. steps (4 points) Prove that φpnq 2 32 has no odd solutions n, though there are even solutions. Hint: If p divides n, show that p must be a Fermat number. Also, the fifth Fermat number, F 5 is not prime. Solution: I think this is a cute problem. Since φpnq is a power of 2, the only possible prime divisors of n are primes with p 1 being a power of 2, or p 1 ` 2 k for some k. We talked about these in class a tiny bit they are called Fermat numbers, and for a Fermat number to be prime, you need the exponent to be a power of 2. The following are Fermat primes: ` 1, ` 1, ` 1, ` 1 and ` 1. Euler showd that the next one, 2 32 ` 1 is not prime. Next, n can t be divisible by the square of an odd prime because that prime would have to divide φpnq in that case, so these primes can only occur to the first power. But even if we multiply them all together, φp q ă Thus, there are no odd solutions. Note that there are lots of even solutions: n 2 33 works, as does various products of Fermat primes times appropriate powers of 2.

6 Page 6 Take Home Exam Questions 1. (15 points) This problem concerns numbers of the form T n 3 n 2 n. Have a look at the notes related to Mersenne numbers and the notes on congruences for help with this question. (a) How many vanes of n can you find for which T n is prime? Solution: I checked values of n ď 10, 000 and found the values n: 2, 3, 5, 17, 29, 31, 53, 59, 101, 277, 647, 1061, 2381, 2833, 3613, 3853, 3929, 5297, A student in the class mentioned that this sequence can be found in the On- Line Encyclopedia of Integer Sequences, which lists several more values: 90217, , , , , , , That cite notes that these are really values for which T n is a probable prime, with T n proved to be prime for only those values of n ă That is, it has not been currently proven that T is prime. (b) Use the fact that 3 n 2 n pmod T n q to show that T n divides T m n for all positive integers m and n. Solution: Since T n 3 n 2 n, 3 n 2 n pmod T n q. Raising this to the m th power, 3 mn 2 mn pmod T n q, or 3 mn 2 mn T mn 0 pmod T n q. Thus, T n T mn. (c) Prove that T n is prime only when n is prime. Solution: If n is not prime, say n km with k, m ą 1 then T n T km is divisible by T m. We should rule out the possibility that T m 1 or T m T n. This follows from the fact that T m`1 3T m ` 2 m, showing that T m ě 3 m 1 ą 1 for all m ě 2. (d) Use paper/pen or pencil/calculator (Mathematica, Maple, etc not allowed) and the binary squaring algorithm to show that 2 T 7 1 ı 1 pmod T 7 q. (Showing T 7 is not prime.) Solution: We have T ` 8 ` 2 ` 1. We have k k with the bottom row being congruences modulo So ˆ2 8ˆ ˆ 256 ˆ pmod 2059q. Since we did not get 1, T 7 is not prime.

7 Page 7 2. (20 points) This problem deals with the congruence x 2 1 pmod nq. (a) When p is an odd prime, prove that the congruence x 2 1 pmod pq has exactly two solutions. Solution: The key property is that if p is a prime and p mk then p m or p k. In our case, if x 2 1 pmod pq then p x 2 1, so p px 1qpx ` 1q. Thus, p x 1 or p x ` 1. In the first case, x 1 pmod pq, in the second, x 1 p 1 pmod pq, and we have exactly two solutions. (b) Use the Chinese Remainder Theorem and the fact that ˆ 41 to solve the congruence x 2 1 pmod 451q. That is, use solutions to x 2 1 pmod 11q and x 2 1 pmod 41q to build solutions modulo 451. You should get 4 solutions, Mathematica, Maple, Excel, etc are not allowed. Solution: Since ˆ 41, by the" Chinese Remainder * Theorem, x 2 1 x pmod 451q is equivalent to the system 2 1 pmod 11q x 2. By part (a), each 1 pmod 41q of these congruences has two solutions, so we get four systems: x 1 pmod 11q x 1 pmod 11q, x 1 pmod 41q x 1 pmod 41q, x 1 pmod 11q x 1 pmod 11q, x 1 pmod 41q x 1 pmod 41q. The first system has solution x 1 pmod 451q and the last one has solution x pmod 451q. This leaves us with the middle two. For the second, if we start with x 1 pmod 41q, then we have x 1 ` 41k 1 pmod 11q, or 8k 9 pmod 11q. I rewrote this 3k 9 pmod 11q so k 3 8 pmod 11q. Thus, x 1`41p8`11mq 329`451m so x 329 pmod 305q. A cute trick for getting the last solution: If x is a solution, then x must be as well, so the other solution is x pmod 451q. Without the trick, x 1 ` 41k 1 pmod 11q gives 8k 2 pmod 11q. I divided by 2 and then multiplied by 3 to get k 3 pmod 11q, so x 1 ` 41p3 ` 11mq 122 ` 451m, as expected. There are four solutions: 1, 122, 329, 451. I used tricks to solve these problems, but the tricks are not needed. For example, 8k 9 pmod 11q is equivalent to 8k ` 11j 9 so by Euler s method, k 1 j ` 1 3j which leads us to 8i ` 3j 1 or j 2i ` 1 2i. Selecting i gives j 3 and k 3. That is, k 3 8 pmod 11q, as before.

8 Page 8 (c) How many solutions does the congruence x 2 1 pmod 4961q have? Justify your answer. Again, you are not allowed to use symbolic calculators or Excel. Solution: " As with* the previous problem, this one is equivalent to a system x 2 1 pmod 121q x 2. The bottom congruence has exactly two solutions; we 1 pmod 41q need to know how many solutions the top one has. If x 2 1 pmod 121q, then 121 x 2 1, or 121 px 1qpx ` 1q. This means 11 divides the product, so 11 x 1 or 11 x ` 1. Now 11 cannot divide both terms (if it did, then 11 would have to divide px ` 1q px 1q 2.) This means that which ever term is divisible by 11 is also divisible by 121. Thus, we have only two solutions to the congruence x 2 1 pmod 121q, and the original congruence will have 2 ˆ 2 4 solutions. There is one last issue: do these four solutions really have to be different? One way to check is to actually find them. Two are easy: 1 pmod 4961q or 1, The solution with x 1 pmod 121q, x 40 pmod 41q is not too hard to find: x 1 ` 121k 1 pmod 41q ñ 2k 2 pmod 41q so k 1 and x 122 The other will be its negative, -122 or Thus, we have 1, 122, 4839, 4960, four distinct solutions modulo Alternatively, we could give a proof as I do below. (d) Prove that if n km where m ą 2, k ą 2 and gcdpm, kq 1, then x 2 1 pmod nq has at least 4 solutions. Hint: use the Chinese Remainder Theorem. Solution: By the Chinese " Remainder* Theorem, then x 2 1 pmod nq is equivalent to the system 2 1 pmod kq x x 2. Since m ą 2, k ą 2, these congruences 1 pmod mq have at least two solutions: x 1. That is, 1 and -1 are not congruent modulo m or k because if they were, then their difference, 2, would have to be divisible by m or k. Thus, we have the solutions x 1 1 and x 2 km 1, which are different. What about x 3 with x 3 1 pmod mq, x 3 1 pmod kq or x 4 with x 4 1 pmod mq, x 4 1 pmod kq? In this case, x 3 x 1, x 2 because x 3 ı 1 pmod kq as x 1 is, and x 3 ı 1 pmod mq like x 2. Similarly, x 4 is distinct from both x 1 and x 2. Finally, x 3 x 4 because x 3 x 4 2 pmod mq so x 3 ı x 4 pmod mq. (e) If n 2p, where p is an odd prime, how many solutions does x 2 1 pmod nq have? What if n 4p? Solution: Since x 2 1 pmod 2q has a single solution x 1 pmod 2q (that is, x must be odd) and x 2 1 pmod pq has two, the Chinese Remainder Theorem says we have exactly 1 ˆ 2 2 solutions. They are 1 and 2p 1, of course.

9 Page 9 For x 2 1 pmod 4pq, we get two solutions from p and two more from 4: just trying x 0, 1, 2, 3, we see that only 1 and 3 are solutions x 2 1 pmod 4q, so we are back to 4 solutions. These solutions can be given explicitly: 1, 2p 1, 2p ` 1, 4p 1. I probably should have asked about x 2 1 pmod 8pq, which has 8 solutions, and x 2 1 pmod 2 k pq for k ą 3, which also has 8 solutions. That is, as k increases, we have two solutions for k 0, 1, four solutions for k 2 and 8 solutions for all k ě (15 points) This problem introduces a suped up version of Fermats Little theorem. It is the basis for the Miller-Rabin test (given in part c). Let p be an odd prime, and suppose that p 2 k m ` 1, where m is odd. For example, if p 47, then p ` 1, if p 61, then p ` 1, and if p 127, then p ` 1. In these three cases, k 1, m 23 for 47, k 2, m 15 for 61, k 7, m 1 for 127. Given an integer a, with p ffl a, consider the sequence a m, a 2m, a 4m,, a 2km pmod pq. Here are some examples: Let p ` 1. If a 2, then , pmod 41q, pmod 41q, pmod 41q. The sequence is 32, -1, 1, 1. If we had used a 3, then a 5 38, a 10 9, a 20 1, a 40 1, and the sequence would be 38, 9, -1, 1. If we had picked a 10, the sequence would have been 1, 1, 1, 1. Note here that -1 means p 1. Also, one can calculate a m by the binary squaring algorithm, and all subsequent powers are obtained by squaring previous things in the sequence. (a) What is the sequence a m, a 2m, a 4m,, a 2km pmod pq if a 2, p 113? Solution: ` 2 4 ˆ 7, so k 4, m 7. We have pmod 113q, pmod 113q, pmod 113q. The sequence is 15, -1, 1, 1, 1. (b) What is the sequence a m, a 2m, a 4m,, a 2km pmod pq if a 3, p 113? Solution: Here, , , , pmod 113q, so we get 40, 18, 98, -1, 1.

10 Page 10 (c) For general a and p with p ffl a, prove that either the sequence consists of all 1 s, or that the sequence has the form x 0, x 1,..., x j, 1, 1,..., 1. What this says is that the sequence a m, a 2m, a 4m,, a 2km pmod pq must end with 1, and if the sequence is not all 1 s, then it must contain -1. Hint: If we let the sequence be x 0, x 1,..., x k, then Fermat s Little Theorem tells us that x k 1. (Why?) Since each x i is x 2 i 1, we can use problem 2a and work backwards from x k. An alternative might be to use an extension of a factorization like a 40 1 pa 5 1qpa5`1qpa10`1qpa20`1q, which is divisible by 41 if gcdpa, 41q 1. Solution: Following the second hint, if A a m then a p 1 A 2k so a p 1 1 A 2k 1 pa 1qpA ` 1qpA 2 ` 1q pa 2k 1 ` 1q. Since p a p 1 1, p has to divide one of these terms. If it is the first term, then a m 1 pmod pq, and the sequence is all 1 s. If p A 2j ` 1, then x j 1 pmod pq, and the sequence becomes 1 s after that. Alternatively, x k 2 2k m 2 p 1 1 pmod pq, and x 2 k 1 x k pmod pq, so x 2 k 1 1 pmod pq. By problem 2 of the take home, this means x k 1 1 pmod pq. If x k 1 1, then our sequence is x 0,..., x k 2, 1, 1. The alternative is that x k 1 1 pmod pq. Now x 2 k 2 1 pmod pq, so x k 2 1 pmod pq. One possibility is that the sequence of x s is all 1 s. If this is not the case, then some last x j is 1, and the previous x j 1 is not 1. In this case, x 2 j 1 x j 1 pmod pq, so x j 1 1 pmod pq. Since we have said x j 1 ı 1 pmod pq, we are left with x j 1 1. (d) Any number n which does not have the property above for some a is not prime. For example, if n ` 1, then pmod 341q, pmod 341q, so the sequence is 32, 1, 1, which does not pass through -1 to get to 1. This means 341 is not prime, even though it is a base 2 pseudoprime. It can be shown that for every composite number n, there is an a for which either x k ı 1 pmod nq or the sequences of x s does not pass through -1 to get to 1. Find the smallest values of a for the numbers n 561, a Carmichael number, and n Solution: For n ˆ 35 ` 1, we have , , , pmod 561q. The sequence is 263, 166, 67, 1, 1, which does not pass through -1 so 561 can t be prime by this test, even though it is a base 2 pseudoprime. If n ˆ ` 1, picking various values of a we have the table

11 Page 11 a x 0 x 1 x so n passes the test for a 2, 3, 4 but fails for a 5. Some extra credit problems, if you are interested. 4. (3 points) With regard to question 1, prove that if q is a prime divisor of T p, where p is a prime, then q 1 pmod pq. 5. (10 points) Related to question 1, suppose we define R n 2 n ` 3 n and S n 2n ` 3 n, 5 when n is odd. How much of problem 1 can we do? That is, (a) How many n can you find with R n prime? With S n prime? Solution: I only found 1, 2, 4 for R n. With S n there are lots of examples. I found 10 with n ă These are n 3, 7, 11, 83, 149, 223, 599, 647, 1373, (b) Does R n or S n have a multiplicative property? That is, does R n always divide R mn? Does S n always divide S mn? Solution: I don t know of a divisibility property for R n but there is one for S n provided indices are odd numbers. (c) Can you give a necessary condition on n for R n to be prime? For S n to be prime? Solution: I won t prove anything here, but n must be a power of 2 for R n to be prime, and n must be prime for S n to be prime. (d) Must prime divisors of R p or S p congruent to 1 modulo p? 6. (2 points) With regard to problem 2, prove that if p is an odd prime then for all integers n ě 1, x 2 1 pmod p n q has exactly two solutions. You did the case n 1 in 2a. 7. (4 points) Related to problem 3 on the exam, if n pq, where p ą q are two odd primes, find conditions on p, q, and a so that n does not fail the compositeness test in question

12 Page 12 3, as described in 3d. That is, the sequences of x s is either all 1 s or passes through -1 on the way to 1. Use this to find numbers n pq for a 2, a 3, a (4 points) Possibly related to the previous question: (a) Suppose that p and q both divide 2 n 1 and that n p 1, n q 1. Prove that m pq is a base 2 pseudoprime. for example, , and 10 p11 1q, 10 p31 1q so 11 ˆ is a base 2 pseudoprime. (b) How large of a base 2 pseudoprime can you find using this idea? You need m ą 341 for credit and I will give an extra point to the largest base 2 pseudoprime found by this method. 9. (8 points) This problem is related to our factoring homework. Let ωpnq be the number of distinct prime divisors of n. In class, I stated that on average, ωpnq «lnplnpnqq`.261, and this matched our results fairly well on our factoring homework. (a) Knowing how many distinct prime factors a random number has gives information on its largest prime divisor. Suppose that n is an average number with ωpnq distinct prime divisors. Let p be the largest prime divisor of n and suppose that n p n is also average. Then we should have ωpnq ω `1. If ωpnq lnplnpnqq`.261, p what does this tell us about the size of p? Your answer should be p «n α for some α. I have stated in class that α «.632. What I m looking for is the actual number. nÿ (b) To actually find ωpnq, first, show that tn{pu. k 1 ωpkq ÿ pďn (c) How bad of an approximation is it to replace tn{pu by n{p in the sum above? (d) There is a theorem that says ÿ 1 lnplnpnqq`.261`small error. Use this theorem p pďn and parts b, c to show that the average value of ωpkq for k ď n is approximately lnplnpnqq `.261.