DOCSLIB.ORG

Quadratic Frobenius Pseudoprimes with Respect to X2 + 5X

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Quadratic Frobenius Pseudoprimes with Respect to X2 + 5X JSIAM Letters Vol.11 (2019) pp.53–55 c 2019 Japan Society for Industrial and Applied Mathematics J S I A M Letters Quadratic Frobenius pseudoprimes with respect to x2 +5x +5 Saki Nagashima1, Naoyuki Shinohara2 and Shigenori Uchiyama1 1 Tokyo Metropolitan University, 1-1 Minamiosawa, Hachioji-shi, Tokyo 192-0397, Japan 2 National Institute of Information and Communications Technology, 4-2-1 Nukuikita-machi, Koganei-shi, Tokyo 184-8795, Japan E-mail nagashima-saki ed.tmu.ac.jp Received January 15, 2019, Accepted April 24, 2019 Abstract The quadratic Frobenius test is a primality test. Some composite numbers may pass the test and such numbers are called quadratic Frobenius pseudoprimes. No quadratic Frobenius pseudoprimes with respect to x2 +5x + 5, which are congruent to 2 or 3 modulo 5, have been found. Shinohara studied a specific type of such a quadratic Frobenius pseudoprime, which is a product of distinct prime numbers p and q. He showed experimentally that p must be larger than 109, if such a quadratic Frobenius pseudoprime exists. The present paper extends the lower bound of p to 1011. Keywords quadratic Frobenius pseudoprime, primality test, primality-proving algorithm Research Activity Group Algorithmic Number Theory and Its Applications 1. Introduction gruent to 2 or 3 modulo 5. He proposed an algorithm Prime numbers are currently used in many cryptosys- for searching for them and experimentally showed that p 9 tems. For example, RSA-2048 cryptosystem uses two must be larger than 10 if such a quadratic Frobenius 1024-bit prime numbers as its secret keys. To gener- pseudoprime exists. The present paper extends the lower p 11 ate those prime numbers, we can select two kinds of bound of to 10 . algorithms to determine whether a positive integer is a prime. One kind comprises primality tests and the oth- 2. Preliminaries ers are called primality-proving algorithms. A primal- Throughout this section, we assume that a, b are in- ity test is probabilistic; namely, some composite num- tegers such that Δ = a2 − 4b = 0 unless otherwise indi- bers may pass it. There are efficient primality tests such cated. as the Miller-Rabin test and the quadratic Frobenius Theorem 1 ([1]). Let f(x)=x2 − ax + b.Ifn is a O n 3 test whose time complexities are ((log ) )foragiven prime number and gcd(n, 2bΔ) = 1, then integer n. On the other hand, primality-proving algo- rithms are deterministic algorithms, and thus no com- a − x f x ,n , Δ − , xn ≡ (mod ( ( ) )) ( n )= 1 posite numbers pass their tests. However, the known Δ (1) x (mod (f(x),n)), ( n )=1. primality-proving algorithms have high computational · costs or require certain information to be able to apply (( · ) is the Jacobi symbol.) them to a given integer n, for example, knowledge of the Definition 2 ( [1]). We say that a composite num- integer factorization of n − 1. ber n such that gcd(n, 2bΔ) = 1 is a quadratic Frobe- The AKS method is the only polynomial-time nius pseudoprime with respect to f(x)=x2 − ax + b primality-proving algorithm not requiring any additional if (1) holds for n. Next, let fpsp(a, b) denote the set information. However, the AKS method is not as practi- of all quadratic Frobenius pseudprimes with respect to cal as the Miller-Rabin test and the quadratic Frobenius f(x)=x2 − ax + b. test, because its complexity is O((log n)6). Definition 3 ([1]). We refer to an element of fpsp(a, b) It is expected to construct an efficient primality- such that ( Δ )=−1 as a quadratic Frobenius pseu- proving algorithm from some primality tests, by improv- n doprime of the second type with respect to f(x)= ing those tests. x2 − ax + b. We denote the set of such numbers by We consider the quadratic Frobenius pseudoprimes fpsp2(a, b). with respect to x2 +5x + 5. No quadratic Frobenius pseudoprimes with respect to x2 +5x + 5, which are Here, we give the equivalence condition for an element congruent to 2 or 3 modulo 5, have yet been found. Shi- being in fpsp2(a, b). nohara studied quadratic Frobenius pseudoprimes of the Definition 4 ( [1]). For a positive integer n satis- form pq with respect to x2 +5x +5,wherep and q are n, b fying gcd( 2 Δ) = 1, we suppose the factorization p q k+l ei Δ primes, is congruent to 1 or 4 modulo 5, and is con- n = p ,wherek, l are positive integers, ( )=−1 i=1 i pi –53– JSIAM Letters Vol. 11 (2019) pp.53–55 Saki Nagashima et al. for i ∈ [1,k]and(Δ )=1fori ∈ [k +1,k + l]. More- pi 4. Algorithm over, let Φm(x)bethem-th cyclotomic polynomial and From Theorem 9, we have an algorithm which com- 2 f(x)=x − ax + b. Then, we refer to the set of the putes a solution to Grantham’s problem for n = pq. following conditions on (n, a, b)asICF2. Input: L (the list of all prime numbers <B1), PL (the (ICF2-1) For each i ∈ [1,k], there exists mi such that list of all prime numbers p ≡ 1, 9 (mod 40) <B2) m | n − ,p2 − m p − x ≡ i gcd( 1 i 1), i i 1, and Φmi ( ) 0 pi Output: PQL={pq ∈ fpsp2 2(−5, 5) | p, q prime, p ≡ f x ,pei (mod ( ( ) i )). 1, 9 (mod 40), p<B2,q <B1} k (ICF2-2) i=1 ei ≡ 1(mod2). for p ∈ PL do (ICF2-3) For each i ∈ [k +1,k+ l], there exists ci such c1,c2 ← (the roots of f(x) ≡ 0(modp)) f x ≡ x − c x − cn pei × that ( ) ( i)( i )(mod i ). mp ← (the order of c1 ∈ Fp ) i ∈ k ,k l m t t (ICF2-4) For each [ +1 + ], there exists i such Compute t for c1 ≡ c2 (mod p)andc2 ≡ c1 n2 p that mi | gcd( 2 − 1,pi − 1), mi n − 1, and Φmi (x) ≡ 0 (mod ) pi ei if t then (mod (x − ci,p )). exists, i for q ∈ L do Theorem 5 ([1]). An odd composite number n is in if q ≡ t (mod mp)andq ≡±2(mod5) a, b n a, b fpsp2( ) if and only if ICF2 holds for and ( ). then QL ← QL ∪{q} 3. Grantham’s Problem for q ∈ QL do When considering the construction of a primality- mq ← (the order of x ∈ Fq[x]/f(x)) proving algorithm from the quadratic Frobenius test, the if mq | p − 1 then following very interesting problem arises, in which we fix PQL ← PQL∪{pq} f(x)=x2 +5x +5. return PQL Problem 6 (Grantham’s Problem [1–3]). Are there any composite numbers n such that 5. Experimental Results n ≡±2(mod5),xn+1 ≡ 5(mod(f(x),n))? (2) In our proposed algorithm, for one fixed p, the param- eter t is used to find prime numbers q satisfying Theo- The discriminant Δ is equal to 5 and n ≡±2(mod5), t Δ rem 9, namely, we try to compute t such that c1 ≡ c2 so ( n )=−1. Therefore, if there exists a composite num- t (mod p), c2 ≡ c1 (mod p), and q ≡ t (mod mp). Since ber n satisfying (2), then n is in fpsp2(−5, 5). 2 ct ≡ c p m t2 − m We assume that there exists an element of 1 1 (mod ), p is a factor of 1. But, p does t− f x fpsp2(−5, 5) which is a product of two distinct prime not divide 1, because ( ) does not have any multiple Z/pZ c ≡ c ≡ ct p numbers. In other words, we assume that there exist roots over ,andso 1 2 1 (mod ). Thus, the t Z/m Z × prime numbers p, q such that p ≡±1(mod5),q ≡±2 order of in ( p ) is equal to 2. Therefore, by the (mod 5), and pq is in fpsp2(−5, 5). We denote the set of approach explained in [1], which uses Chinese remainder Z/rer Z × r such numbers by fpsp2 2(−5, 5). theorem and elements of order 2 in ( ) where is a prime factor of mp and er is the largest integer such Lemma 7 . q e ([1]) Let be an odd prime number. Sup- that r r | mp, we can easily compute t if the prime fac- a, b Δ b − pose that are integers such that ( q )=(q )= 1, torization of mp is known. To compute all prime factors 2 where Δ = a − 4b.Letm be the order of x ∈ of mp for a given p in our experiments, we factorize p−1 2 s s Fq[x]/(f(x)) and q − 1=2t where t is odd. Then 2 by using the trial division algorithm. In a similar way, 2 divides m. we try to compute mq by factoring q − 1, however, we As q2 − 1=(q +1)(q − 1) is always divisible by 8, we need not to compute it in our experiments, due to the have the following. following reason. We found that there exist three odd prime numbers Corollary 8 ([1]). Let q be an odd prime number. t Δ b p ≡ 1, 9 (mod 40) such that there exists t satisfying c1 ≡ Suppose that a, b are integers such that ( q )=(q )= t c2, c2 ≡ c1 (mod p) in the algorithm. The only prime − a2 − b 11 1, where Δ = 4 . Then 8 divides the order of numbers p<10 that are potential candidates are x ∈ F x / f x q[ ] ( ( )). 521, 221401, and 1644512641.
Load more

Recommended publications
  • Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster
    THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80].
    [Show full text]
  • A FEW FACTS REGARDING NUMBER THEORY Contents 1
    A FEW FACTS REGARDING NUMBER THEORY LARRY SUSANKA Contents 1. Notation 2 2. Well Ordering and Induction 3 3. Intervals of Integers 4 4. Greatest Common Divisor and Least Common Multiple 5 5. A Theorem of Lam´e 8 6. Linear Diophantine Equations 9 7. Prime Factorization 10 8. Intn, mod n Arithmetic and Fermat's Little Theorem 11 9. The Chinese Remainder Theorem 13 10. RelP rimen, Euler's Theorem and Gauss' Theorem 14 11. Lagrange's Theorem and Primitive Roots 17 12. Wilson's Theorem 19 13. Polynomial Congruencies: Reduction to Simpler Form 20 14. Polynomial Congruencies: Solutions 23 15. The Quadratic Formula 27 16. Square Roots for Prime Power Moduli 28 17. Euler's Criterion and the Legendre Symbol 31 18. A Lemma of Gauss 33 −1 2 19. p and p 36 20. The Law of Quadratic Reciprocity 37 21. The Jacobi Symbol and its Reciprocity Law 39 22. The Tonelli-Shanks Algorithm for Producing Square Roots 42 23. Public Key Encryption 44 24. An Example of Encryption 47 References 50 Index 51 Date: October 13, 2018. 1 2 LARRY SUSANKA 1. Notation. To get started, we assume given the set of integers Z, sometimes denoted f :::; −2; −1; 0; 1; 2;::: g: We assume that the reader knows about the operations of addition and multiplication on integers and their basic properties, and also the usual order relation on these integers. In particular, the operations of addition and multiplication are commuta- tive and associative, there is the distributive property of multiplication over addition, and mn = 0 implies one (at least) of m or n is 0.
    [Show full text]
  • Offprint Provided to the Author by the Publisher
    MATHEMATICS OF COMPUTATION Volume 89, Number 321, January 2020, Pages 493–514 https://doi.org/10.1090/mcom/3452 Article electronically published on May 24, 2019 AVERAGE LIAR COUNT FOR DEGREE-2 FROBENIUS PSEUDOPRIMES ANDREW FIORI AND ANDREW SHALLUE Abstract. In this paper we obtain lower and upper bounds on the average number of liars for the Quadratic Frobenius Pseudoprime Test of Grantham [Math. Comp. 70 (2001), pp. 873–891], generalizing arguments of Erd˝os and Pomerance [Math. Comp. 46 (1986), pp. 259–279] and Monier [Theoret. Com- put. Sci. 12 (1980), 97–108]. These bounds are provided for both Jacobi symbol ±1 cases, providing evidence for the existence of several challenge pseudo- primes. 1. Introduction A pseudoprime is a composite number that satisfies some necessary condition for primality. Since primes are necessary building blocks for so many algorithms, and since the most common way to find primes in practice is to apply primality testing algorithms based on such necessary conditions, it is important to gather what information we can about pseudoprimes. In addition to the practical benefits, pseudoprimes have remarkable divisibility properties that make them fascinating objects of study. The most common necessary condition used in practice is that the number has no small divisors. Another common necessary condition follows from a theorem of Fermat, that if n is prime and gcd(a, n)=1,thenan−1 =1(modn). If gcd(a, n)=1andan−1 =1 (modn) for composite n,wecalla a Fermat liar and denote by F (n) the set of Fermat liars with respect to n, or more precisely the set of their residue classes modulo n.
    [Show full text]
  • The Efficient Calculation of a Combined Fermat PRP and Lucas
    The Efficient Calculation of a Combined Fermat PRP and Lucas PRP Test Paul Underwood November 24, 2014 Abstract By an elementary observation about the computation of the dif- ference of squares for large integers, a deterministic probable prime (PRP) test is given with a running time almost equivalent to that of a Lucas PRP test but with the combined strength of a Fermat PRP test and a Lucas PRP test. 1 Introduction Much has been written about Fermat PRP tests [1, 2, 3], Lucas PRP tests [4, 5], Frobenius PRP tests [6, 7, 8, 9, 10, 11, 12] and combinations of these [13, 14, 15]. These tests provide a probabilistic answer to the question: \Is this integer prime?" Although an affirmative answer is not 100% certain, it is answered fast and reliable enough for \industrial" use [16]. For speed, these PRP tests are usually preceded by factoring methods such as sieving and trial division. The speed of the PRP tests depends on how quickly multiplication and modular reduction can be computed during exponentiation. Techniques such as Karatsuba's algorithm [17, section 9.5.1], Toom-Cook multiplication, Fourier Transform algorithms [17, section 9.5.2] and Montgomery exponen- tiation [17, section 9.2.1] play their roles for different integer sizes. The sizes of the bases used are also critical. Oliver Atkin introduced the concept of a \selfridge" [18], approximately equal to the running time of a Fermat PRP test. Hence a Lucas PRP test is 2 selfridges. The Baillie-PSW test costs 1+2 selfridges, the use of which is very efficient when processing a candidate prime list; There is no known Baillie-PSW pseudoprime but Greene and Chen give a way to construct some examples [19].
    [Show full text]
  • Phatak Primality Test (PPT)
    PPT : New Low Complexity Deterministic Primality Tests Leveraging Explicit and Implicit Non-Residues A Set of Three Companion Manuscripts PART/Article 1 : Introducing Three Main New Primality Conjectures: Phatak’s Baseline Primality (PBP) Conjecture , and its extensions to Phatak’s Generalized Primality Conjecture (PGPC) , and Furthermost Generalized Primality Conjecture (FGPC) , and New Fast Primailty Testing Algorithms Based on the Conjectures and other results. PART/Article 2 : Substantial Experimental Data and Evidence1 PART/Article 3 : Analytic Proofs of Baseline Primality Conjecture for Special Cases Dhananjay Phatak ([email protected]) and Alan T. Sherman2 and Steven D. Houston and Andrew Henry (CSEE Dept. UMBC, 1000 Hilltop Circle, Baltimore, MD 21250, U.S.A.) 1 No counter example has been found 2 Phatak and Sherman are affiliated with the UMBC Cyber Defense Laboratory (CDL) directed by Prof. Alan T. Sherman Overall Document (set of 3 articles) – page 1 First identification of the Baseline Primality Conjecture @ ≈ 15th March 2018 First identification of the Generalized Primality Conjecture @ ≈ 10th June 2019 Last document revision date (time-stamp) = August 19, 2019 Color convention used in (the PDF version) of this document : All clickable hyper-links to external web-sites are brown : For example : G. E. Pinch’s excellent data-site that lists of all Carmichael numbers <10(18) . clickable hyper-links to references cited appear in magenta. Ex : G.E. Pinch’s web-site mentioned above is also accessible via reference [1] All other jumps within the document appear in darkish-green color. These include Links to : Equations by the number : For example, the expression for BCC is specified in Equation (11); Links to Tables, Figures, and Sections or other arbitrary hyper-targets.
    [Show full text]
  • Quadratic Frobenius Probable Prime Tests Costing Two Selfridges
    Quadratic Frobenius probable prime tests costing two selfridges Paul Underwood June 6, 2017 Abstract By an elementary observation about the computation of the difference of squares for large in- tegers, deterministic quadratic Frobenius probable prime tests are given with running times of approximately 2 selfridges. 1 Introduction Much has been written about Fermat probable prime (PRP) tests [1, 2, 3], Lucas PRP tests [4, 5], Frobenius PRP tests [6, 7, 8, 9, 10, 11, 12] and combinations of these [13, 14, 15]. These tests provide a probabilistic answer to the question: “Is this integer prime?” Although an affirmative answer is not 100% certain, it is answered fast and reliable enough for “industrial” use [16]. For speed, these various PRP tests are usually preceded by factoring methods such as sieving and trial division. The speed of the PRP tests depends on how quickly multiplication and modular reduction can be computed during exponentiation. Techniques such as Karatsuba’s algorithm [17, section 9.5.1], Toom-Cook multiplication, Fourier Transform algorithms [17, section 9.5.2] and Montgomery expo- nentiation [17, section 9.2.1] play their roles for different integer sizes. The sizes of the bases used are also critical. Oliver Atkin introduced the concept of a “Selfridge Unit” [18], approximately equal to the running time of a Fermat PRP test, which is called a selfridge in this paper. The Baillie-PSW test costs 1+3 selfridges, the use of which is very efficient when processing a candidate prime list. There is no known Baillie-PSW pseudoprime but Greene and Chen give a way to construct some similar counterexam- ples [19].
    [Show full text]
  • Frobenius Pseudoprimes and a Cubic Primality Test
    Notes on Number Theory and Discrete Mathematics ISSN 1310–5132 Vol. 20, 2014, No. 4, 11–20 Frobenius pseudoprimes and a cubic primality test Catherine A. Buell1 and Eric W. Kimball2 1 Department of Mathematics, Fitchburg State University 160 Pearl Street, Fitchburg, MA, 01420, USA e-mail: [email protected] 2 Department of Mathematics, Bates College 3 Andrews Rd., Lewiston, ME, 04240, USA e-mail: [email protected] Abstract: An integer, n, is called a Frobenius probable prime with respect to a polynomial when it passes the Frobenius probable prime test. Composite integers that are Frobenius probable primes are called Frobenius pseudoprimes. Jon Grantham developed and analyzed a Frobenius probable prime test with quadratic polynomials. Using the Chinese Remainder Theorem and Frobenius automorphisms, we were able to extend Grantham’s results to some cubic polynomials. This case is computationally similar but more efficient than the quadratic case. Keywords: Frobenius, Pseudoprimes, Cubic, Number fields, Primality. AMS Classification: 11Y11. 1 Introduction Fermat’s Little Theorem is a beloved theorem found in numerous abstract algebra and number theory textbooks. It states, for p an odd prime and (a; p)= 1, ap−1 ≡ 1 mod p. Fermat’s Little Theorem holds for all primes; however, there are some composites that pass this test with a particular base, a. These are called Fermat pseudoprimes. Definition 1.1. A Fermat pseudoprime is a composite n for which an−1 ≡ 1 mod n for some base a and (a; n) = 1. The term pseudoprime is typically used to refer to Fermat pseudoprime. Example 1.2. Consider n = 341 and a = 2.
    [Show full text]
  • By Leo Goldmakher 1.1. Legendre Symbol. Efficient Algorithms for Solving Quadratic Equations Have Been Known for Several Millenn
    1. LEGENDRE,JACOBI, AND KRONECKER SYMBOLS by Leo Goldmakher 1.1. Legendre symbol. Efficient algorithms for solving quadratic equations have been known for several millennia. However, the classical methods only apply to quadratic equations over C; efficiently solving quadratic equations over a finite field is a much harder problem. For a typical in- teger a and an odd prime p, it’s not even obvious a priori whether the congruence x2 ≡ a (mod p) has any solutions, much less what they are. By Fermat’s Little Theorem and some thought, it can be seen that a(p−1)=2 ≡ −1 (mod p) if and only if a is not a perfect square in the finite field Fp = Z=pZ; otherwise, it is ≡ 1 (or 0, in the trivial case a ≡ 0). This provides a simple com- putational method of distinguishing squares from nonsquares in Fp, and is the beginning of the Miller-Rabin primality test. Motivated by this observation, Legendre introduced the following notation: 8 0 if p j a a <> = 1 if x2 ≡ a (mod p) has a nonzero solution p :>−1 if x2 ≡ a (mod p) has no solutions. a (p−1)=2 a Note from above that p ≡ a (mod p). The Legendre symbol p enjoys several nice properties. Viewed as a function of a (for fixed p), it is a Dirichlet character (mod p), i.e. it is completely multiplicative and periodic with period p. Moreover, it satisfies a duality property: for any odd primes p and q, p q (1) = hp; qi q p where hm; ni = 1 unless both m and n are ≡ 3 (mod 4), in which case hm; ni = −1.
    [Show full text]
  • Primality Testing a Survey of Techniques
    Primality Testing A survey of techniques Harish G. Rohan Ramanath Department of Computer Science & Engineering Department of Computer Science & Engineering R.V. College of Engineering R.V. College of Engineering Bangalore, India. Bangalore, India. [email protected] [email protected] Abstract — This expository paper briefly surveys the history where s has to be regarded as a complex variable and the of testing whether a number is prime. The recently discovered product is taken over all primes. The series, and so the deterministic polynomial time primality test due to Agrawal, product, converges absolutely for real( s) > 1. The identity Kayal and Saxena is presented and some improvements are between the series and the product is the analytic version of briefly discussed. the unique factorization of integers, and provides another Keywords— primality tests, polynomial time, P, NP proof for the existence of infinitely many prime numbers which is due to Euler: assuming that there are only finitely I. INTRODUCTION many primes, the product converges throughout the complex plane, contradicting the fact that the series reduces for s = 1 to Prime numbers are studied in number theory but they the divergent harmonic series. occur in many other subfields of mathematics. In the last few The Riemann hypothesis claims that the complex zeros of decades, prime numbers entered the real world in many (s) all lie on the so-called critical line Re s = 1/2 in the applications, e.g. as generator for keys in modern complex plane. This famous conjecture was stated by cryptographic algorithms. Riemann in 1859 and is still unproved.
    [Show full text]
  • Lecture 19: Quadratic Reciprocity (Contd.) Overview 1 Proof Of
    CS681 Computational Number Theory Lecture 19: Quadratic Reciprocity (contd.) Instructor: Piyush P Kurur Scribe: Ramprasad Saptharishi Overview Last class we proved one part of the Quadratic Reciprocity Theorem. We shall first finish the proof of the other part and then get to a generalization of the Legendre symbol - the Jacobi symbol. 1 Proof of Reciprocity Theorem (contd.) Recall the statement of the theorem. If p 6= q are odd primes, then p q p−1 q−1 = (−1) 2 2 q p The idea of the proof is just the same. We choses τ = 1 + i last time and p−1 p we got a 2 2 term while computing τ . It would be the same here as well. Let ζ be a principle q-th root of unity. We shall work with the field Fp(ζ). Let X a τ = ζa ? q a∈Fq Just as before, we compute τ 2. 2 X a a X b b τ = ζ ζ ? q ? q a∈Fq b∈Fq X a b = ζa+b ? q q a,b∈Fq X a b−1 = ζa+b ? q q a,b∈Fq X ab−1 = ζa+b ? q a,b∈Fq 1 Let us do a change of variable, by putting c = ab−1 X c τ 2 = ζbc+b ? q c,b∈Fq X c X X −1 = (ζc+1)b + ? q ? ? q −16=c∈Fq b∈Fq b∈Fq ? c+1 Since both p and q are primes and −1 6= c ∈ Fq, ζ is also a principle q-th P c+1 b root of unity.
    [Show full text]
  • An O(M(N) Logn) Algorithm for the Jacobi Symbol
    An O(M(n) log n) algorithm for the Jacobi symbol Richard P. Brent, ANU Paul Zimmermann, INRIA, Nancy 6 December 2010 Richard Brent and Paul Zimmermann An algorithm for the Jacobi symbol Definitions The Legendre symbol (ajp) is defined for a; p 2 Z, where p is an odd prime. 8 0 if a = 0 mod p; else <> (ajp) = +1 if a is a quadratic residue (mod p), > :−1 otherwise. By Euler’s criterion, (ajp) = a(p−1)=2 mod p. The Jacobi symbol (ajn) is a generalisation where n does not have to be prime (but must still be odd and positive): α1 αk α1 αk (ajp1 ··· pk ) = (ajp1) ··· (ajpk ) This talk is about an algorithm for computing (ajn) quickly, without needing to factor n. Richard Brent and Paul Zimmermann An algorithm for the Jacobi symbol Connection with the GCD The greatest common divisor (GCD) of two integers b; a (not both zero) can be computed by (many different variants of) the Euclidean algorithm, using the facts that: gcd(b; a) = gcd(b mod a; a); gcd(b; a) = gcd(a; b); gcd(a; 0) = a: Identities satisfied by the Jacobi symbol (b j a) are similar: (b j a) = (b mod a j a); (b j a) = (a j b)(−1)(a−1)(b−1)=4 for b odd positive; 2 (−1 j a) = (−1)(a−1)=2; (2 j a) = (−1)(a −1)=8; (b j a) = 0 if gcd(a; b) 6= 1: Richard Brent and Paul Zimmermann An algorithm for the Jacobi symbol Computing the Jacobi symbol The similarity of the identities satisfied by gcd(b; a) and the Jacobi symbol (b j a) suggest that we could compute (b j a) while computing gcd(b; a), just keeping track of the sign changes and making sure that everything is well-defined.
    [Show full text]
  • Math 110 Homework 5 Solutions
    Math 110 Homework 5 Solutions February 12, 2015 1. (a) Define the Legendre symbol and the Jacobi symbol. (b) Enumerate the key properties of the Jacboi symbol (as on page 91 of Chapter 3.10). What additional properties hold when n is prime? (c) Suppose that p and q are distinct odd primes. What does the law of quadratic reciprocity say about the relationship between the solutions to x2 ≡ p (mod q) and the solutions to x2 ≡ q (mod p)? 4321 (d) Use the properties of the Jacobi symbol to compute . 123123 a Solution: (a) Let a be an integer and p be a prime. If p - a the Legendre symbol p is 1 if a has a r1 rm square root modulo p and −1 otherwise. Let n be an odd positive integer, and write n = p1 : : : pm . Then provided a is a unit modulo n define the Jacobi symbol a a r1 a rm = ::: n p1 pm a Note that one sometimes defines p = 0 if a ≡ 0 (mod p) which then also allows a definition of a Jacobi symbol when a is not a unit modulo n. (b) The important properties of the Jacobi symbol are those in the Proposition on page 91, especially the multiplicativity and reciprocity properties (2 and 5). If n is prime, then there is also the connection with whether a has square roots modulo n given by the definition and Euler's criterion (part 2 of the Proposition on page 89). p q p−1 q−1 2 2 (c) Quadratic reciprocity says that q p = (−1) .
    [Show full text]