1 / 20

Wilson’s Theorem

Wilson’s Theorem. Lemma If p is a prime, then the only solutions to x 2  p 1 are those integers x satisfying x  p 1 or x  p -1 Proof: x 2  p 1  x 2 - 1  p 0  (x - 1)(x+1)  p 0  p | (x - 1)(x+1).

blaine-everett
Télécharger la présentation

Wilson’s Theorem

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wilson’s Theorem • Lemma If p is a prime, then the only solutions to x2p 1 are those integers x satisfying x p 1 or x p -1 • Proof: x2p 1 x2-1p 0  (x-1)(x+1) p 0  p | (x-1)(x+1). p prime and p | (x-1)(x+1)  p | (x-1) or p | (x+1)  x p 1 or x p -1

  2. Wilson’s Theorem • Wilson’s TheoremAn integer p > 1 is prime if and only if (p-1)! p -1 • Proof. Assume p is prime. Notice that if 1 < a < p-1, then a-1 1 and a-1 p-1, because 1 and p-1 are their own inverses mod p. Thus 1 < a-1 < p-1. We also know that a2  1 by the previous lemma, and thus a-1 a. Therefore, we may rearrange the product 23   (p-2) into pairs of the form aa-1 and thus the product evaluates to 1 (modulo p). It then follows that (p-1)! p -1. Now assume p is not prime. If p = 4, then (p-1)! = 3! = 6 4 2  -1. So we may assume p > 4. Since p is composite, p = ab with 1 < a  b < p. If a = b, then a > 2 since a2 = p > 4. Thus 1 < a < 2a < a2 = p. But this means that a and 2a appear in the product (p-1)!; since 2aa = 2a2 = 2p p 0, the entire product is congruent to 0 mod p. We now have a < b < p, so that both a and b appear in the product (p-1)!. Since ab = p, we again have (p-1)! p 0. Thus (p-1)! is not congruent to -1 modulo p.

  3. Fermat’s Little Theorem • Theorem If p is prime and a  p, then ap-1p 1 • Proof • Given prime p and a  p, we have (am p an)  (m p n) • Thus no two numbers in the list a, 2a, . . . , (p-1)a are congruent mod p and none of these numbers are congruent to 0 mod p • Thus {a mod p, 2a mod p, . . . , (p-1)a mod p} = { 1, 2, …, p-1} and hence their products are the same: (a)(2a)((p-1)a) p 12(p-1) • Rewritten, this becomes ap-1(p-1)! p (p-1)! • Since p  (p-1)!, it then follows that ap-1 p 1

  4. Corollary to Fermat’s Little Theorem • Corollary If p is prime and a is any integer, then ap p a • Proof • If p divides a, then both ap and a are congruent to 0 mod p and hence are equal. • If p does not divide a, then a  p. • It then follows from Fermat’s Little Theorem that ap-1 p 1 • Multiplying both sides of the previous congruence by a, we get ap p a

  5. Carmichael Numbers • It is natural to ask if the converse to the previous corollary is true • That is, if ann a for all integers a, can one conclude that n is prime? • The answer is no • A composite number for which ann a for all integers a is called a Carmichael number. • Robert Carmichael in 1909 was the first to find such a number • We will next show that 561 is a Carmichael number • In fact, it is the smallest such number • Although they exist, Carmichael numbers are quite rare

  6. The Carmichael Number 561 • The number 561 equals the product of three primes: 561 = 31117 • Let p be one of the primes 3, 11, 17. • We wish to show that a561p a for any number a • First of all, if p | a then both a561 and a are congruent to 0 mod p and hence a561p a. • Thus we may suppose a  p • From Fermat’s Little Theorem, we know that ap-1 p 1 • If p = 3, then a561 = a(a560) = a(a2)280 p a(1)280 = a • If p = 11, then a561 = a(a560) = a(a10)56 p a(1)56 = a • If p = 17, then a561 = a(a560) = a(a16)35 p a(1)35 = a • From the above, we have 3 | a561-a, 11 | a561-a and 17 | a561-a • Elementary properties of primes now says 561 = 31117 | a561-a • Therefore if n = 561, then an n a for every integer a

  7. Testing for Primality • Suppose we want to test to see if a given integer n is prime • One way is to check each of the integers from 2 to n½ to see if it is a factor; that is, we divide and see if we get a remainder • For large numbers this is not practical • For n = 10100, we would have to check up to 1050, which is impractical • One method to generate a list of primes  n is to write down the numbers from 1 to n • Then strike out all multiples of 2, then all multiples of 3, then all multiples of 5, … • The numbers that remain are primes • This method is called the Sieve of Eratosthenes ( 3rd century B.C.) • But sieves are not for testing a particular number

  8. Testing for Primality • One can take a probabilistic approach, based on the fact that Carmichael numbers are rare • If n is composite and ann a for some integer a, we say that n is a pseudoprime to the base a. • Note that a Carmichael number is a pseudoprime to any base • Recall that we can compute an mod n in log n steps, which is much faster than using n½ steps as we used by checking all possible factors • Previously we showed that if p is prime, then the only solutions mod p to x2 p 1 are 1 and -1 • We claim that if n is composite, then x2 n 1 has at least four solutions • To see this, suppose n = rs, with r > 1, s > 1 and r  s • Look at the following four pairs of congruences:x r 1 & x s 1; x r 1 & x s -1; x r -1 & x s 1; x r -1 & x s -1 • By the Chinese Remainder Theorem, each of the four systems above has a unique solution mod rs. Clearly these solutions are distinct. • Therefore, x2 n 1 has at least 4 solutions mod n

  9. Toward a Probabilistic Primality Test • Lemma Let n, x and y be integers such that x2n y2 but x is not congruent mod n to either y or –y. Then n is composite and gcd(x-y,n) is a nontrivial factor of n. • Proof • Let d = gcd(x-y,n). • If d = n, then n | (x-y) hence x n y, contradicting our assumptions. • If d = 1, then n  x-y. Since n | x2-y2 = (x-y)(x+y), we have n | (x+y) which contradicts our assumption that x is not congruent to –y mod n • Thus 1 < d < n and we have a nontrivial factor of n.

  10. Factorization and Primality Testing • Factorization and primality testing are not the same! • It is often easier to prove that an integer is composite than it is to factor it. • We know: p prime  2p-1 p 1 • We can use this fact to show that 35 is not prime (forgetting the fact that we know it equals 7 time 5) • 22 35 4, 24 35 16, 28 = 256 35 11, 216 35 121 35 16, 232 35 256 35 11 234 = 23222 35 114 = 44 35 9, which is not congruent to 1 mod 35.

  11. Miller-Rabin Primality Test • Let n > 1 be an odd integer. Write n-1 = 2km with m odd. • Randomly choose a with 1 < a < n-1 • Compute b0 = am (mod n) • If b0n 1 return ( probably prime ) • Compute b1 = b02 (mod n) • if b1 n 1 return ( composite, with factor gcd(b0-1,n) )else if b1 n -1 return ( probably prime ) • Compute b2 = b12 (mod n) • if b2 n 1 return ( composite, with factor gcd(b1-1,n) )else if b2 n -1 return ( probably prime ) • . . . • If bk-1 is not congruent mod n to -1, return (composite)

  12. Example: Miller-Rabin Primality Test • Let n = 561 • Then n-1 = 560 = 1635 = 2435, so k = 4 and m = 35. • Let a = 2 • b0 561 235 561 263 (See previous slide) • b1 561 b02 561 166 • b2 561 b12 561 67 • b3 561 b22 561 1 • Since bk-1 = b3 561 1, we conclude that 561 is composite with nontrivial factor gcd(b2-1,561) = gcd(66,561) = 33. • If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a. • The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.

  13. Miller-Rabin Primality Test • If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a. • The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare. • Up to 1010, there are 455052511 primes, 14884 pseudoprimes for the base 2 and 3291 strong pseudoprimes for the base 2. • Thus calculating 2n-1 (mod n) will fail to recognize a composite in this range with probability less than 1 in 30,000 and the Miller-Rabin test will fail with probability less than 1 out of 100, 000 • In fact, one can show that Miller-Rabin test with a randomly chosen a will fail to recognize a composite with probability that is at most ¼ • Thus if we repeat the text 10 times, we will fail with probability at most (1/4)10 10-6.

  14. The Euler phi function • Also called the Euler totient function • For any positive integer n, define (n) to be the number of positive integers less than or equal to n that are relatively prime to n • (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6 • Apparently (p) = p-1 if p is prime • Is it true that (mn) = (m) (n)?

  15. The Euler phi Function • Theorem If n = pk for a prime p, then (n) = pk-pk-1 = pk-1(p-1). • Proof • There are n = pk integers a in the range 1  a  n. • The only integers in this range that have a common divisor d with pk such that d > 1 are the multiples of p • The multiples of p in this range are p, 2p, . . . , pk-1p • Since there are exactly pk-1 integers a in the range 1  a  n that are not relatively prime to n = pk, there are exactly pk-pk-1 integers of this type that are relatively prime to n = pk • Thus (pk) = pk-pk-1

  16. Products and Euler’s phi Function • We now examine the calculation of (mn) when m  n • First we do an example where n = 8 and m = 9 • We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

  17. Products and Euler’s phi Function • We now examine the calculation of (mn) when m  n • First we do an example where n = 8 and m = 9 • We arrange the integers from 1 to mn = 89 = 72 in an m by n grid: Next we mark with bold face the entries that are relatively prime to 72 There are two facts that stand out: 1. the selected numbers only appear in columns headed by the integers that are relatively prime to n = 8: 1, 3, 5, and 7 2. Each of these columns contains exactly (m) entries This pattern suggests that (mn) = (m)(n) when m  n and is the basis of a proof of this fact. We omit the proof here.

  18. Products and the Euler phi Function • Product TheoremIf n  m, then (mn) = (m)(n) • Euler’s Theorem: If a  n, then a(n) n 1

  19. Prime Powers • Corollary to the Product Theorem:If , where the pi’s are distinct primes and each ei > 0, then

  20. Homework Page 175: 2

More Related