A Formalisation of Lehmer s Primality Criterion

Similar documents
The Mason Stothers theorem

Subresultants. Sebastiaan Joosten, René Thiemann and Akihisa Yamada. October 10, 2017

A Few Primality Testing Algorithms

Free Groups. Joachim Breitner. April 17, 2016

The Divergence of the Prime Harmonic Series

The Divergence of the Prime Harmonic Series

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Part II. Number Theory. Year

The Factorization Algorithm of Berlekamp and Zassenhaus

IRREDUCIBILITY TESTS IN F p [T ]

Congruences and Residue Class Rings

On the number of semi-primitive roots modulo n

Corollary 4.2 (Pepin s Test, 1877). Let F k = 2 2k + 1, the kth Fermat number, where k 1. Then F k is prime iff 3 F k 1

NOTES ON FINITE FIELDS

R. Popovych (Nat. Univ. Lviv Polytechnic )

MA441: Algebraic Structures I. Lecture 18

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

LECTURE NOTES IN CRYPTOGRAPHY

= 1 2x. x 2 a ) 0 (mod p n ), (x 2 + 2a + a2. x a ) 2

Computing N-th Roots using the Babylonian Method

Factorization in Polynomial Rings

Course 2316 Sample Paper 1

Introduction to Number Theory

Advanced Algorithms and Complexity Course Project Report

Factorization of integer-valued polynomials with square-free denominator

Introduction to Information Security

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

TC10 / 3. Finite fields S. Xambó

Cover Page. The handle holds various files of this Leiden University dissertation.

Math 120 HW 9 Solutions

PRIMALITY TESTING. Professor : Mr. Mohammad Amin Shokrollahi Assistant : Mahdi Cheraghchi. By TAHIRI JOUTI Kamal

Number Theory and Group Theoryfor Public-Key Cryptography

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

Primality testing: variations on a theme of Lucas. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

1. multiplication is commutative and associative;

Finite Fields. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

RINGS ISOMORPHIC TO THEIR NONTRIVIAL SUBRINGS

MATH 361: NUMBER THEORY FOURTH LECTURE

A Generalization of Wilson s Theorem

arxiv: v3 [math.nt] 15 Dec 2016

The Chinese Remainder Theorem

Computational Number Theory. Adam O Neill Based on

Computing Square Roots using the Babylonian Method

Homework 6 Solution. Math 113 Summer 2016.

Lecture 8: Finite fields

1. Factorization Divisibility in Z.

Ideals: Definitions & Examples

Math 314 Course Notes: Brief description

Definitions. Notations. Injective, Surjective and Bijective. Divides. Cartesian Product. Relations. Equivalence Relations

ECEN 5022 Cryptography

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

Simultaneous Linear, and Non-linear Congruences

Examples for program extraction in Higher-Order Logic

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Lecture 7 Cyclic groups and subgroups

Modern Algebra I. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

MATH 431 PART 2: POLYNOMIAL RINGS AND FACTORIZATION

ON THE SUM OF ELEMENT ORDERS OF FINITE ABELIAN GROUPS

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

A Proof of the Lucas-Lehmer Test and its Variations by Using a Singular Cubic Curve

ON THE SUBGROUP LATTICE OF AN ABELIAN FINITE GROUP

Necklaces, periodic points and permutation representations

Level Structures of Drinfeld Modules Closing a Small Gap

LEHMER S TOTIENT PROBLEM AND CARMICHAEL NUMBERS IN A PID

4400/6400 EXERCISES. 1. Homework 1

CYCLICITY OF (Z/(p))

Generalization of Hensel lemma: nding of roots of p-adic Lipschitz functions

K. Ireland, M. Rosen A Classical Introduction to Modern Number Theory, Springer.

Chapter 5. Modular arithmetic. 5.1 The modular ring

120A LECTURE OUTLINES

CS 6260 Some number theory

1/30: Polynomials over Z/n.

A SURVEY OF PRIMALITY TESTS

A connection between number theory and linear algebra

The primitive root theorem

Public-key Cryptography: Theory and Practice

IRREDUCIBILITY TESTS IN Q[T ]

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

1 2 3 style total. Circle the correct answer; no explanation is required. Each problem in this section counts 5 points.

The running time of Euclid s algorithm

PRIMALITY TEST FOR FERMAT NUMBERS USING QUARTIC RECURRENCE EQUATION. Predrag Terzic Podgorica, Montenegro

GOLOMB S ARITHMETICAL SEMIGROUP TOPOLOGY AND A SEMIPRIME SUFFICIENCY CONDITION FOR DIRICHLET S THEOREM

I216e Discrete Math (for Review)

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

MATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4

A Variation of a Congruence of Subbarao for n = 2 α 5 β, α 0, β 0

ON VALUES OF CYCLOTOMIC POLYNOMIALS. V

FIXED-POINT FREE ENDOMORPHISMS OF GROUPS RELATED TO FINITE FIELDS

HOMEWORK 11 MATH 4753

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Landau Symbols. Manuel Eberl. November 28, 2018

D-MATH Algebra I HS18 Prof. Rahul Pandharipande. Solution 1. Arithmetic, Zorn s Lemma.

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

Math 546, Exam 2 Information.

THE DENOMINATORS OF POWER SUMS OF ARITHMETIC PROGRESSIONS. Bernd C. Kellner Göppert Weg 5, Göttingen, Germany

Algebra Exam Fall Alexander J. Wertheim Last Updated: October 26, Groups Problem Problem Problem 3...

17 More Groups, Lagrange s Theorem and Direct Products

Proofs of the infinitude of primes

Midterm Exam. There are 6 problems. Your 5 best answers count. Please pay attention to the presentation of your work! Best 5

Transcription:

A Formalisation of Lehmer s Primality Criterion By Simon Wimmer and Lars Noschinski April 17, 2016 Abstract In 1927, Lehmer presented criterions for primality, based on the converse of Fermat s litte theorem [2]. This work formalizes the second criterion from Lehmer s paper, a necessary and sufficient condition for primality. As a side product we formalize some properties of Euler s ϕ-function, the notion of the order of an element of a group, and the cyclicity of the multiplicative group of a finite field. Contents 1 Introduction 1 2 Simplification Rules for Polynomials 2 3 Properties of the Euler ϕ-function 3 4 Order of an Element of a Group 5 5 Number of Roots of a Polynomial 7 6 The Multiplicative Group of a Field 8 7 Lehmer s Theorem 10 1 Introduction Section 2 provides some technical lemmas about polynomials. Section 3 to 5 formalize some basic number-theoretic and algebraic properties: Euler s ϕ-function, the order of an element of a group and an upper bound of the number of roots of a polynomial. Section 6 combines these results to prove that the multiplicative group of a finite field is cyclic. Based on that, Section 7 formalizes an exted version of Lehmer s Theorem, which gives us necessary and sufficient conditions to decide whether a number is prime. 1

theory Multiplicative-Group imports Complex-Main /src/hol/algebra/group /src/hol/number-theory/miscalgebra /src/hol/algebra/coset /src/hol/algebra/univpoly /src/hol/number-theory/number-theory begin 2 Simplification Rules for Polynomials lemma (in ring-hom-cring) hom-sub[simp]: assumes x carrier R y carrier R shows h (x y) = h x S h y context UP-ring begin lemma deg-nzero-nzero: assumes deg-p-nzero: deg R p 0 shows p 0 P lemma deg-add-eq: assumes c: p carrier P q carrier P assumes deg R q deg R p shows deg R (p P q) = max (deg R p) (deg R q) lemma deg-minus-eq: assumes p carrier P q carrier P deg R q deg R p shows deg R (p P q) = max (deg R p) (deg R q) context UP-cring begin lemma evalrr-add: assumes p carrier P q carrier P assumes x:x carrier R shows eval R R id x (p P q) = eval R R id x p eval R R id x q lemma evalrr-sub: assumes p carrier P q carrier P assumes x:x carrier R shows eval R R id x (p P q) = eval R R id x p eval R R id x q 2

lemma evalrr-mult: assumes p carrier P q carrier P assumes x:x carrier R shows eval R R id x (p P q) = eval R R id x p eval R R id x q lemma evalrr-monom: assumes a: a carrier R and x: x carrier R shows eval R R id x (monom P a d) = a x (ˆ) d lemma evalrr-one: assumes x: x carrier R shows eval R R id x 1 P = 1 lemma carrier-evalrr: assumes x: x carrier R and p carrier P shows eval R R id x p carrier R lemmas evalrr-simps = evalrr-add evalrr-sub evalrr-mult evalrr-monom evalrr-one carrier-evalrr 3 Properties of the Euler ϕ-function In this section we prove that for every positive natural number the equation n d n ϕ(d) = n holds. hide-const (open) Multiset.mult lemma dvd-div-ge-1 : fixes a b :: nat assumes a 1 b dvd a shows a div b 1 lemma dvd-nat-bounds : fixes n p :: nat assumes p > 0 n dvd p shows n > 0 n p definition phi :: nat => nat 3

where phi m = card {x. 1 x x m gcd x m = 1 } notation (latex-output) phi (ϕ -) lemma phi -nonzero : assumes m > 0 shows phi m > 0 lemma dvd-div-eq-1 : fixes a b c :: nat assumes c dvd a c dvd b a div c = b div c shows a = b lemma dvd-div-eq-2 : fixes a b c :: nat assumes c>0 a dvd c b dvd c c div a = c div b shows a = b lemma div-mult-mono: fixes a b c :: nat assumes a > 0 a d shows a b div d b We arrive at the main result of this section: For every positive natural number the equation n d n ϕ(d) = n holds. The outline of the proof for this lemma is as follows: We count the n fractions 1/n,..., (n 1)/n, n/n. We analyze the reduced form a/d = m/n for any of those fractions. We want to know how many fractions m/n have the reduced form denominator d. The condition 1 m n is equivalent to the condition 1 a d. Therefore we want to know how many a with 1 a d exist, s.t. coprime a d. This number is exactly phi d. Finally, by counting the fractions m/n according to their reduced form denominator, we get: ( d d dvd n. phi d) = n. To formalize this proof in Isabelle, we analyze for an arbitrary divisor d of n the set of reduced form numerators {a. 1 a a d coprime a d} the set of numerators m, for which m/n has the reduced form denominator d, i.e. the set {m {1..n}. n div gcd m n = d} 4

We show that λa. a n div d with the inverse λa. a div gcd a n is a bijection between theses sets, thus yielding the equality phi d = card {m {1..n}. n div gcd m n = d} This gives us ( d d dvd n. phi d) = card ( d {d. d dvd n} {m {1..n}. n div gcd m n = d}) and by showing {1..n} ( d {d. d dvd n} {m {1..n}. n div gcd m n = d}) (this is our counting argument) the thesis follows. lemma sum-phi -factors : fixes n :: nat assumes n > 0 shows ( d d dvd n. phi d) = n 4 Order of an Element of a Group context group begin lemma pow-eq-div2 : fixes m n :: nat assumes x-car: x carrier G assumes pow-eq: x (ˆ) m = x (ˆ) n shows x (ˆ) (m n) = 1 definition ord where ord a = Min {d {1.. order G}. a (ˆ) d = 1} lemma assumes finite:finite (carrier G) assumes a:a carrier G shows ord-ge-1 : 1 ord a and ord-le-group-order: ord a order G and pow-ord-eq-1 : a (ˆ) ord a = 1 lemma finite-group-elem-finite-ord : assumes finite (carrier G) x carrier G shows d::nat. d 1 x (ˆ) d = 1 lemma ord-min: assumes finite (carrier G) 1 d a carrier G a (ˆ) d = 1 shows ord a d lemma ord-inj : 5

assumes finite: finite (carrier G) assumes a: a carrier G shows inj-on (λ x. a (ˆ) x) {0.. ord a 1 } lemma ord-inj : assumes finite: finite (carrier G) assumes a: a carrier G shows inj-on (λ x. a (ˆ) x) {1.. ord a} lemma ord-elems : assumes finite (carrier G) a carrier G shows {a(ˆ)x x. x (UNIV :: nat set)} = {a(ˆ)x x. x {0.. ord a 1 }} (is?l =?R) lemma ord-dvd-pow-eq-1 : assumes finite (carrier G) a carrier G a (ˆ) k = 1 shows ord a dvd k lemma dvd-gcd : fixes a b :: nat obtains q where a (b div gcd a b) = b q lemma ord-pow-dvd-ord-elem : assumes finite[simp]: finite (carrier G) assumes a[simp]:a carrier G shows ord (a(ˆ)n) = ord a div gcd n (ord a) lemma ord-1-eq-1 : assumes finite (carrier G) shows ord 1 = 1 theorem lagrange-dvd: assumes finite(carrier G) subgroup H G shows (card H ) dvd (order G) lemma element-generates-subgroup: assumes finite[simp]: finite (carrier G) assumes a[simp]: a carrier G shows subgroup {a (ˆ) i i. i {0.. ord a 1 }} G lemma ord-dvd-group-order : 6

assumes finite[simp]: finite (carrier G) assumes a[simp]: a carrier G shows ord a dvd order G 5 Number of Roots of a Polynomial definition mult-of :: ( a, b) ring-scheme a monoid where mult-of R ( carrier = carrier R {0 R }, mult = mult R, one = 1 R ) lemma carrier-mult-of : carrier (mult-of R) = carrier R {0 R } lemma mult-mult-of : mult (mult-of R) = mult R lemma nat-pow-mult-of : op (ˆ) mult-of R = (op (ˆ) R :: - nat -) lemma one-mult-of : 1 mult-of R = 1 R lemmas mult-of-simps = carrier-mult-of mult-mult-of nat-pow-mult-of one-mult-of context field begin lemma field-mult-group : shows group (mult-of R) lemma finite-mult-of : finite (carrier R) = finite (carrier (mult-of R)) lemma order-mult-of : finite (carrier R) = order (mult-of R) = order R 1 lemma (in monoid) Units-pow-closed : fixes d :: nat assumes x Units G shows x (ˆ) d Units G lemma (in comm-monoid) is-monoid: 7

shows monoid G declare comm-monoid.is-monoid[intro?] lemma (in ring) r-right-minus-eq[simp]: assumes a carrier R b carrier R shows a b = 0 a = b context UP-cring begin lemma is-up-cring:up-cring R lemma is-up-ring : shows UP-ring R context UP-domain begin lemma roots-bound: assumes f [simp]: f carrier P assumes f-not-zero: f 0 P assumes finite: finite (carrier R) shows finite {a carrier R. eval R R id a f = 0} card {a carrier R. eval R R id a f = 0} deg R f lemma (in domain) num-roots-le-deg : fixes p d :: nat assumes finite:finite (carrier R) assumes d-neq-zero : d 0 shows card {x carrier R. x (ˆ) d = 1} d 6 The Multiplicative Group of a Field In this section we show that the multiplicative group of a finite field is generated by a single element, i.e. it is cyclic. The proof is inspired by the first proof given in the survey [1]. lemma (in group) pow-order-eq-1 : assumes finite (carrier G) x carrier G shows x (ˆ) order G = 1 lemma nat-div-eq: a 0 = (a :: nat) div b = a b = 1 8

lemma (in group) assumes finite : finite (carrier G) assumes a carrier G shows pow-ord-eq-ord-iff : group.ord G (a (ˆ) k) = ord a coprime k (ord a) (is?l?r) context field begin lemma num-elems-of-ord-eq-phi : assumes finite: finite (carrier R) and dvd: d dvd order (mult-of R) and exists: a carrier (mult-of R). group.ord (mult-of R) a = d shows card {a carrier (mult-of R). group.ord (mult-of R) a = d} = phi d theorem (in field) finite-field-mult-group-has-gen : assumes finite:finite (carrier R) shows a carrier (mult-of R). carrier (mult-of R) = {a(ˆ)i i::nat. i UNIV } This result can be transferred to the multiplicative group of Z/pZ for p prime. lemma mod-nat-int-pow-eq: fixes n :: nat and p a :: int assumes a 0 p 0 shows (nat a ˆ n) mod (nat p) = nat ((a ˆ n) mod p) theorem residue-prime-mult-group-has-gen : fixes p :: nat assumes prime-p : prime p shows a {1.. p 1 }. {1.. p 1 } = {aˆi mod p i. i UNIV } theory Lehmer imports Main Multiplicative-Group begin 9

7 Lehmer s Theorem In this section we prove Lehmer s Theorem [2] and its converse. These two theorems characterize a necessary and complete criterion for primality. This criterion is the basis of the Lucas-Lehmer primality test and the primality certificates of Pratt [3]. lemma mod-1-coprime-nat: fixes a b :: nat assumes 0 < n [a ˆ n = 1 ] (mod b) shows coprime a b lemma phi-leq: phi x nat x 1 lemma phi-nonzero: assumes 2 x shows phi x 0 This is a weak variant of Lehmer s theorem: All numbers less then p 1 must be considered. lemma lehmers-weak-theorem: assumes 2 p assumes min-cong1 : x. 0 < x = x < p 1 = [a ˆ x 1 ] (mod p) assumes cong1 : [a ˆ (p 1 ) = 1 ] (mod p) shows prime p lemma prime-factors-elem: fixes n :: nat assumes 1 < n shows p. p prime-factors n lemma prime-factors-dvd-nat: fixes p :: nat assumes x prime-factors p shows x dvd p lemma cong-pow-1-nat: fixes a b :: nat assumes [a = 1 ] (mod b) shows [a ˆ x = 1 ] (mod b) lemma cong-gcd-eq-1-nat: fixes a b :: nat assumes 0 < m and cong-props: [a ˆ m = 1 ] (mod b) [a ˆ n = 1 ] (mod b) shows [a ˆ gcd m n = 1 ] (mod b) lemma One-leq-div: fixes a b :: nat assumes a dvd b a < b shows 1 < b div a 10

theorem lehmers-theorem: assumes 2 p assumes pf-notcong1 : x. x prime-factors (p 1 ) = [a ˆ ((p 1 ) div x) 1 ] (mod p) assumes cong1 : [a ˆ (p 1 ) = 1 ] (mod p) shows prime p The converse of Lehmer s theorem is also true. lemma converse-lehmer-weak: assumes prime-p:prime p shows a. [aˆ(p 1 ) = 1 ] (mod p) ( x. 0 < x x p 2 [aˆx 1 ] (mod p)) a > 0 a < p theorem converse-lehmer: assumes prime-p:prime(p) shows a. [aˆ(p 1 ) = 1 ] (mod p) ( q. q prime-factors (p 1 ) [aˆ((p 1 ) div q) 1 ] (mod p)) a > 0 a < p References [1] K. Conrad. Cyclicity of (Z/(p)). http://www.math.uconn.edu/ kconrad/blurbs/grouptheory/cyclicfp.pdf. [2] D. H. Lehmer. Tests for primality by the converse of fermat s theorem. Bull. Amer. Math. Soc., 33:327 340, 1927. [3] V. R. Pratt. Every prime has a succinct certificate. SIAM Journal on Computing, 4(3):214 220, 1975. 11

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback