Primality Proofs. Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN

Similar documents
LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

Applied Cryptography and Computer Security CSE 664 Spring 2018

A SURVEY OF PRIMALITY TESTS

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Chapter 8. Introduction to Number Theory

a the relation arb is defined if and only if = 2 k, k

Fermat s Little Theorem. Fermat s little theorem is a statement about primes that nearly characterizes them.

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Number Theory and Group Theoryfor Public-Key Cryptography

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Discrete Structures Lecture Primes and Greatest Common Divisor

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Number Theory Math 420 Silverman Exam #1 February 27, 2018

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Ma/CS 6a Class 4: Primality Testing

MATH 361: NUMBER THEORY FOURTH LECTURE

MATH 25 CLASS 8 NOTES, OCT

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Homework #2 solutions Due: June 15, 2012

Senior Math Circles Cryptography and Number Theory Week 2

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

The set of integers will be denoted by Z = {, -3, -2, -1, 0, 1, 2, 3, 4, }

Lecture 4: Number theory

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Discrete Mathematics with Applications MATH236

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

ECEN 5022 Cryptography

Elementary Number Theory

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Theory of Numbers Problems

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Some Facts from Number Theory

PRIMALITY TEST FOR FERMAT NUMBERS USING QUARTIC RECURRENCE EQUATION. Predrag Terzic Podgorica, Montenegro

NUMBER THEORY. Anwitaman DATTA SCSE, NTU Singapore CX4024. CRYPTOGRAPHY & NETWORK SECURITY 2018, Anwitaman DATTA

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Lecture Notes. Advanced Discrete Structures COT S

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Integers and Division

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

LECTURE 5: APPLICATIONS TO CRYPTOGRAPHY AND COMPUTATIONS

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

Introduction to Public-Key Cryptosystems:

1 Structure of Finite Fields

Introduction to Number Theory

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Ma/CS 6a Class 4: Primality Testing

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

SQUARE PATTERNS AND INFINITUDE OF PRIMES

Mathematics of Cryptography

Cryptography. Number Theory with AN INTRODUCTION TO. James S. Kraft. Lawrence C. Washington. CRC Press

RSA Key Generation. Required Reading. W. Stallings, "Cryptography and Network-Security, Chapter 8.3 Testing for Primality

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Number Theory. Modular Arithmetic

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Number Theory. Everything else. Misha Lavrov. ARML Practice 10/06/2013

C.T.Chong National University of Singapore

For your quiz in recitation this week, refer to these exercise generators:

Chapter 1. Number of special form. 1.1 Introduction(Marin Mersenne) 1.2 The perfect number. See the book.

Basic elements of number theory

Basic elements of number theory

CSC 474 Information Systems Security

Notes on Primitive Roots Dan Klain

Number Theory Proof Portfolio

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Topics in Cryptography. Lecture 5: Basic Number Theory

Number Theory. Raj Jain. Washington University in St. Louis

1. Algebra 1.7. Prime numbers

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Mathematics of Cryptography

FERMAT S TEST KEITH CONRAD

Introduction to Cryptography. Lecture 6

Part V. Chapter 19. Congruence of integers

Primality testing: variations on a theme of Lucas

Lucas Lehmer primality test - Wikipedia, the free encyclopedia

Factorization & Primality Testing

Algorithms CMSC Basic algorithms in Number Theory: Euclid s algorithm and multiplicative inverse

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Number Theory and Algebra: A Brief Introduction

THE TRIANGULAR THEOREM OF THE PRIMES : BINARY QUADRATIC FORMS AND PRIMITIVE PYTHAGOREAN TRIPLES

PRIMES is in P. Manindra Agrawal. NUS Singapore / IIT Kanpur

CPSC 467b: Cryptography and Computer Security

Elementary Properties of the Integers

1. multiplication is commutative and associative;

Discrete Logarithms. Let s begin by recalling the definitions and a theorem. Let m be a given modulus. Then the finite set

1 Overview and revision

Transcription:

Primality Proofs Geoffrey Exoo Department of Mathematics and Computer Science Indiana State University Terre Haute, IN 47809 ge@cs.indstate.edu July 30, 2013 Abstract There is an web site [1] that lists the 5000 largest integers that are provably (as opposed to probably) prime. Each of these primes has a special form, in that each is very close to a large power of small integer, and this special form is essential to the proof of primality. The best known examples are the Mersenne primes, which have the form 2 n 1, and in fact the ten largest known primes are all Mersenne primes. For integers that cannot be expressed in one of these special forms, proving primality is much more difficult. In this note, we outline some basic methods that can be used to prove primality when no special form is assumed. 1 Introduction We present a series of four related methods for proving that an integer n is prime. Each method works by factoring n 1 into smaller known primes. The four methods are distinguished by the extent to which one is able to factor n 1. The four methods are designed for the following situations. Method 1: used if n 1 can be completely factored into small primes, Method 2: used if n 1 can be completely factored into small primes and probable primes, Method 3: used if n 1 can be factored into two factors, AB such that the prime factorization of A is known and A B, and Method 4: used if n 1 can be factored into two factors, AB such that the prime factorization of A is known and A 2 B > A. Before we begin detailing the methods, some background will be necessary. Many of the elementary methods for factoring and primality proving make use of a theorem of Leonhard Euler. Euler s theorem is stated in terms of his totient function, φ, which is defined as follows. Definition 1 Let n be a positive integer, then φ(n) is the number of integers k such that 1 k < n and gcd(k, n) = 1. There are a number of different proofs of this theorem. Most of them require some background in Number Theory or Abstract Algebra, so no proof is given here. However, the reader is encouraged to verify the theorem for a few specific numbers. Theorem 1 Let n be a positive integer, and a 0 mod n, then a φ(n) 1 mod n. Note that if n is a prime, φ(n) = n 1 and in this special case the Theorem was first proved by Fermat and is known as Fermat s Little Theorem. Each of the methods discussed can be used to establish the primality of a (large) integer n by reducing the issue to the primality of a set of smaller integers. The idea is that the verification of the primality of any of the smaller integers can be done easily. So we need some guidelines as to what constitutes a small integer. There are 78, 498 primes less than one million (10 6 ), so using a list of such primes one can quickly check whether or not an integer less than one trillion (10 12 ) is prime. If one were a little more ambitious, once could maintain a list of the 664, 579 primes less than 10 7 and use it to check the primality of integers less than 10 14.

2 The Basic Method: Lucas Theorem The method is based on the following theorem, due to Édouard Lucas (who also invented the Towers of Hanoi puzzle). Theorem 2 If a and n > 1 are integers and but for every prime q that divides n 1 a n 1 1 mod n then n is prime. a (n 1)/q 1 mod n To apply the theorem and prove that a given integer n is prime, there are essentially two steps. First, the prime factorization of n 1 is needed. Second, one must find an integer a that satisfies the congruences. In general, the first will be considerably more difficult than the second step. Example 0. As a simple illustration on the use of this theorem, we apply it to a trivial example. Our goal is to prove that 11 is prime. So, referring to the statement of the theorem, we have n = 11 and the prime factors of n 1 = 10 are 2 and 5. If we can find an integer a (1 a < 11) such that the following three statements hold, then we will have proved that 11 is prime (assuming that we know 2 and 5 to be prime). a 10 1 mod 11 a 10/2 = a 5 1 mod 11 a 10/5 = a 2 1 mod 11 A little computation reveals that a = 2 works, since a 10 = 1024 = 1 + 93 11 1 mod 11, 2 2 = 4 1 mod 11 and 2 5 = 32 1 mod 11. Therefore, 11 is prime. Let s try a more challenging example. Example 1. Using either the program gp or the extended precision arithmetic package gmp, one can check that the following 20-digit integer is a probable prime. n = 2221222211221112111122111 To prove that this integer is prime using Lucas theorem, we need to factor n 1. This example is small enough that one can find the prime factorization by trial division. n 1 = 2 3 2 5 7 11 13 37 101 271 601 967 4231 9901 In this case, we were lucky 1 since all of the prime factors of n 1 are relatively small. To prove the primality of n, we need to find a value of a that meets the conditions of the theorem. It turns out that a = 12 is the smallest value that will work. Using an extended precision calculator (very carefully) one can verify the following congruence. 12 2221222211221112111122110 1 mod 2221222211221112111122111 Then for each prime factor q in the prime factorization of n 1 given above, one checks that 12 (n 1)/q 1 mod n. The results of these computations are given in the following table. 1 It took nearly 10,000 attempts to get this lucky.

(n 1)/q 1110611105610556055561055 12 (n 1)/q mod n 2221222211221112111122110 q 3 (n 1)/q 740407403740370703707370 12 (n 1)/q mod n 2182949738321903361431311 q 5 (n 1)/q 444244442244222422224422 12 (n 1)/q mod n 1961365065792481737175891 q 7 (n 1)/q 317317458745873158731730 12 (n 1)/q mod n 216088418235841707706948 q 11 (n 1)/01929291929192010102010 12 (n 1)/q mod n 1149404640467046734510464 q 13 (n 1)/q 170863247017008623932470 12 (n 1)/q mod n 1431748596055399543313771 q 37 (n 1)/q 60033032735705732733030 12 (n 1)/q mod n 2094226622050481435799357 q 101 (n 1)/1992299121001110011110 12 (n 1)/q mod n 1220581396132231768209210 71 (n 1)/q 8196391923325136941410 12 (n 1)/q mod n 1964432231292546731390102 q 601 (n 1)/q 3695877223329637456110 12 (n 1)/q mod n 370367282447852485652624 q 967 (n 1)/297024003331036309330 12 (n 1)/q mod n 1688005164805213242843917 q 4231 (n 1)/q 524987523332808345810 12 (n 1)/q mod n 1066399149682614490143275 q 9901 (n 1)/24343218990113333110 12 (n 1)/q mod n 384146268175804518291995 3 Recursive Application of the Basic Method In the examples above, we were able to find a complete factorization of n 1. This is not usually quite so easy. After factoring out the small prime factors, we might be left with a large factor whose primality is uncertain. In this case, one can apply the method recursively to the remaining factor. After the primality of the factor is established, one can complete the proof of the primality of the original integer. Example 2. Let s prove that the 40-digit integer n = 2112221211112211121112212121122221222111 is prime. A search through small primes gives the following, perhaps incomplete, factorization. n 1 = 2 5 285355717 740206375859016387294673378183 This leaves us with a new problem - an uncertainly about the primality of the last factor. However, leaving that aside for the moment, we find that using a = 37 is the smallest value that satisfies the conditions of the theorem.

(n 1)/q 1056110605556105560556106060561110611055 37 (n 1)/q mod n 2112221211112211121112212121122221222110 q 5 (n 1)/q 422444242222442224222442424224444244422 37 (n 1)/q mod n 1209999676948245787739440995657254072740 85355717 (n 1)/q 7402063758590163872946733781830 37 (n 1)/q mod n 1245810415581446524363882348882550750038 q 740206375859016387294673378183 (n 1)/853557170 37 (n 1)/q mod n 868884182377049806585573408165439359793 It remains to prove that the final factor is prime. Verifying this requires another application of the method. We need to prove that n 2 = 740206375859016387294673378183 is prime. We find that n 2 1 factors as follows. n 2 1 = 2 3 7 10613 13577 2645479 6234737 7415477 Since (by our working definition) these are all small primes, we need only find a value of a that meets the requirement of the theorem. It happens that a = 13 is the smallest value that works, since 13 n2 1 1 mod n 2 and no smaller power of 13 is congruent to one modulo n 2. The other details are given in the table below. (n 1)/q 370103187929508193647336689091 13 (n 1)/q mod n 740206375859016387294673378182 q 3 (n 1)/46735458619672129098224459394 13 (n 1)/q mod n 15525278755645667899909851854 q 7 (n 1)/q 105743767979859483899239054026 13 (n 1)/q mod n 283075596468830260344585016817 q 10613 (n 1)/q 69745253543674398124439214 13 (n 1)/q mod n 37411016732304939115468925392 q 13577 (n 1)/q 54519140889667554488817366 13 (n 1)/q mod n 2352151787472608168741011521 645479 (n 1)/79800510931674901707658 13 (n 1)/q mod n 7117520496080548503983024733 q 6234737 (n 1)/q 118722951081820514208486 13 (n 1)/q mod n 300489223308558754989268633781 q 7415477 (n 1)/q 99819118292594850917166 13 (n 1)/q mod n 211673824333939603919414981909 This shows that n 2 is prime, which in turn implies that all the factors given for the original n are prime, thereby completing the proof that n itself is prime. 4 A More Powerful Method: Pocklington s Theorem Recursive application of the basic method is not always enough. It might happen that we are left with a large factor that is not prime, as verified by a compositeness test such as Miller-Rabin, but which we are unable to factor. The next two methods enable us to prove primality with only a partial factorization of n 1.

Theorem 3 Let a and n > 1 be integers. Suppose that n 1 = A B, such that A B and that the prime factorization of A is known. If a n 1 1 mod n and gcd(a (n 1)/q 1, n) = 1 for each prime factor q of A, then n is prime. Example 3. This method will be used to prove that the 60-digit integer n = 112221212122221122121112121221212221212122121122122111211121 is prime. First we find that n 1 factors as follows. where n 1 = 2 3 5 163243 5614681 6814061 353973481 n 0 n 0 = 7833638954819589418361831173 and just to illustrate the method, let us suppose that we are unable to determine whether or not n 0 is prime (actually you should be able to make this determination). Since n 2 0 < n, we can apply the theorem, and find that when a = 7 gcd(7 (n 1)/q 1, n) = 1 for each of the first seven prime divisors of n. The table below gives the values needed to verify the proof. (n 1)/q 56110606061110561060556060610606110606061060561061055605560 7 (n 1)/q 1 mod n 112221212122221122121112121221212221212122121122122111211120 q 3 (n 1)/q 37407070707407040707037373740404073737374040374040703737040 7 (n 1)/q 1 mod n 90457272601162796268286480776761192315917215136222852362352 q 5 (n 1)/2444242424444224424222424244242444242424424224424422242224 7 (n 1)/q 1 mod n 75880508830123651060716013069647827684537715390261894588328 q 163243 (n 1)/q 687448846947318550388758606624554934742207145924309840 7 (n 1)/q 1 mod n 80362615596772639146556201774041384278973201685664135887630 q 5614681 (n 1)/q 19987103830515237129431239498951449104966447982017520 7 (n 1)/q 1 mod n 106978595234357601649128941211421844687408025262939575634620 q 6814061 (n 1)/q 16469064794433322818963921987374668529107990245775920 7 (n 1)/q 1 mod n 82061424394151396761879200159705839582978171984410568966517 q 353973481 (n 1)/q 317032823490585505531450027526814137842495949921520 7 (n 1)/q 1 mod n 12001077333598453370952044517448952946576613995608612853727 5 An Even More Powerful Method: Brillhart, Lehmer and Selfridge As the integers under consideration become larger, factoring n 1 becomes more difficult. Our final method requires that the portion of n 1 that can be factored into primes is at least as great as the cube root of n. Theorem 4 Let n be an integer, where n 1 = A B and where the complete factorization of A is known, and satisfy the inequality n 1/3 A < n 1/2. Let a be an integer such that a n 1 1 mod n and suppose for each prime factor q of A we have gcd(a (n 1)/q 1, n) = 1. Let c 2 A 2 + c 1 A + 1 be the base A represenation of n. Then n is prime if and only if c 2 1 4c 2 is not a square. Example 4. We apply this theorem to prove that the 80-digit integer 21211212112211112112212211111212212211221221211212222112111222212212121211112211 is prime. A little effort reveals the following factorization of n 1. n 1 = 2 3 5 649981 60178589057 1036760601625393 n 0

where The product of all factors of n 1, except for n 0, is and so n 0 = 5811681824139174850454007962163369229863706849. A = n 1 n 0 = 3649754538197368127316936115774290 A 2 = 13320708189092283880702052883287210926654542045591754154566225004100. Since A 2 > n 0, we have A > n 1/3, and one can check that A < n 1/2. So the requirements of the theorem are met. Using a value of a = 3, we find that the condition and the condition a n 1 1 mod n a (n 1)/q 1 mod n are satisfied for q {2, 3, 5, 649981, 60178589057, 1036760601625393}. The verification of these conditions, and the verification that 1036760601625393 is prime, are left as exercises. It remains to show that the final condition of the theorem is satisfied. In the base A representation of n we find that and The reader should check that and that c 2 = 1592348680799 c 1 = 432257427115662839619413922849139. n = c 2 A 2 + c 1 A + 1 c 2 1 4c 2 = 186846483296652571920180935546316933660096378710601114977958318125 and is not a square, completing the proof that n is prime. References [1] The List of Largest Known Primes Home Page, http://primes.utm.edu/primes/.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback