DOCSLIB.ORG

Primality Testing a Survey of Techniques

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Primality Testing a Survey of Techniques Primality Testing A survey of techniques Harish G. Rohan Ramanath Department of Computer Science & Engineering Department of Computer Science & Engineering R.V. College of Engineering R.V. College of Engineering Bangalore, India. Bangalore, India. [email protected] [email protected] Abstract — This expository paper briefly surveys the history where s has to be regarded as a complex variable and the of testing whether a number is prime. The recently discovered product is taken over all primes. The series, and so the deterministic polynomial time primality test due to Agrawal, product, converges absolutely for real( s) > 1. The identity Kayal and Saxena is presented and some improvements are between the series and the product is the analytic version of briefly discussed. the unique factorization of integers, and provides another Keywords— primality tests, polynomial time, P, NP proof for the existence of infinitely many prime numbers which is due to Euler: assuming that there are only finitely I. INTRODUCTION many primes, the product converges throughout the complex plane, contradicting the fact that the series reduces for s = 1 to Prime numbers are studied in number theory but they the divergent harmonic series. occur in many other subfields of mathematics. In the last few The Riemann hypothesis claims that the complex zeros of decades, prime numbers entered the real world in many (s) all lie on the so-called critical line Re s = 1/2 in the applications, e.g. as generator for keys in modern complex plane. This famous conjecture was stated by cryptographic algorithms. Riemann in 1859 and is still unproved. If the Riemann An integer n > 1 is called prime if it has no other positive hypothesis is true, the error term in the prime number theorem divisors than 1 and itself (within the set of integers); otherwise 1/2 n is said to be composite . is as small as possible, namely ~ x log x, and so the prime Every integer has a unique factorization into powers of numbers are distributed as uniformly as possible [7]. distinct prime numbers. Euclid was the first who proved that II. BACKGROUND there are infinitely many primes. His proof is that if p1, p2, …, It is easy to check that 97 is prime and 99 is not, but it pm are prime, then the number seems much harder to answer the same question for the q = p 1 × … × pm + 1 numbers 10 000 000 000 097 and 10 000 000 000 099, at least is not divisible by any of the p js. Thus q has a prime divisor in the same time. Indeed, a fundamental problem in number different from p 1, …, pm (one of which can be q itself). This construction of a new prime number out of an arbitrary finite theory is the decision problem collection of given primes implies the infinitude of prime Primes: given a positive integer n, decide whether n is numbers. Other proofs of this basic fact are in Ribbenboim [7]. prime or not! The celebrated prime number theorem gives information This problem became very important by developments in on how the primes are distributed. On the first view the prime cryptography in the late 1970s. It is easy to multiply two large numbers seem to appear in the sequence of positive integers prime numbers but it is much harder to factor a given large without any visible rule. However, as conjectured by Gauss integer; at least there are no factoring algorithms of satisfying and first proved by Hadamard and de la Vallée-Poussin speed known so far. This simple observation led to so-called (independently) on the base of outstanding contributions due public key cryptosystems where the key, a large integer N of to Riemann, they satisfy a distribution law. Roughly speaking, about two hundred digits, is public knowledge (as the the number π(x) of primes less than or equal to x is: telephone number) but its prime factorization is the secret of 3 0 its owner. This idea is attackable if N splits into small primes, (1) but if N is the product of two (carefully chosen) primes with ʚͬʛ = Ȅͦ ΚΝΕ 0 + error term The appearing logarithmic integral is asymptotically about hundred digits, the factorization of N is a nearly equal to x/ log x, where log x is the natural logarithm. The error unsolvable task with present day computers [4]. For term in the prime number theorem is small in comparison with generating such keys one needs to find large prime numbers x/ log x and is closely related to the zero distribution of the or, in other words, one needs to have a fast primality test, Riemann zeta-function. where fast means that the running time depending on the size of the number to be tested is small . Notice that a factoring ͥ ͥ ͯͥ Ϧ (2) algorithm and a primality test are different things: a number n ζʚͧʛ = ∑)Ͱͥ )Ħ = ∏+ ʠ1 − +Ħʡ 1 can fail a primality test and the test does not tell us any of its expectation value for the number of Mersenne primes M p with divisors, whereas a factoring algorithm gives the complete p ≤ x is factorization of n. 1 1 1 log log ͬ One of the first ideas for testing a given number n of being ȕ ∼ ȕ ∼ log ʚ2+ − 1ʛ log 2 ͤ log 2 prime might be trial division, i.e., to try all positive integers ≤ +3 +3 which tends with x to infinity; the last asymptotic identity whether they divide n or not. Obviously, if there is no √n relies on taking the logarithm in Equation (2). Note that this divisor of n among them, then n is prime. This strategy is not fits pretty well to the number of detected Mersenne primes. very useful if n is large. For example, it would take about 10 50 10 arithmetic operations to test an integer with 100 digits. If 10 III. DESIRED CHARACTERISTICS OF PRIMALITY TESTS operations can be performed by a computer within one second, then this test would take about 10 40 seconds, which is still A. Generality much more than 12 billion years, the estimated age of the There are many fast primality tests but they work for Universe. However, hypothetical quantum computers that are numbers with only certain properties. For example, the Lucas– computers which compute with quantum states, if once Lehmer test for Mersenne numbers can only be applied for realized, would solve this factorization problem within a Mersenne numbers. Pépin's test works only for Fermat fraction of a second. The simple idea of trial division leads to numbers. We would like an algorithm that can be used to test the sieve of Eratosthenes (due to the ancient Greek any general number for primality. Eratosthenes who was the first to measure approximately the circumference of the Earth 250 B.C.). If one deletes out of a B. Polynomial time in input size list of integers 1 < n ≤ x all multiples n of the primes p ≤ , √ͬ The maximum running time of the algorithm can be then only the prime numbers in between and x remain. This √x expressed as a polynomial over the number of digits in the gives a list of all primes under a given magnitude. Moreover, target number. Certain algorithms can deterministically we obtain the factorizations of all integers in the list. For a determine whether a given number is prime or not, but their primality test, this is a lot of superfluous information and we running time is not polynomial for all inputs. Algorithms like might ask for faster algorithms for detecting primes. ECPP (Elliptic Curve Primality Proving) and APR (Adleman- For some special numbers, primality tests of satisfying Pomerance-Rumely) deterministically prove primality, but speed are known for quite a long time. For instance, the they do not have polynomial running time for all inputs. We Mersenne numbers, invented by the monk Mersenne in 1644, would like an algorithm that runs in polynomial time for all p are defined by M p = 2 − 1, where p ≥ 3 is prime. It is easily possible inputs. seen that composite exponents cannot produce primes of this form. In 1750, Euler corrected Mersenne’s erroneous list of C. Deterministic Mersenne prime numbers by use of the following criterion: if The algorithm guarantees to deterministically distinguish p is a prime number of the form p = 4k + 3, then q = 2p + 1 is whether the target number is prime or composite. There are a divisor of M p if and only if q is prime; primes of the form certain randomized algorithms like Solovay-Strassen and 2p+1 for prime p are called Sophie Germain-primes. For Miller-Rabin, that can test any given number for primality in example, M 11 = 2047 = 23 × 89 is not prime as it was stated by polynomial time, but they may produce some false positives Mersenne. In 1878, Lucas found a simple and fast primality also. We would like an algorithm that can “prove” or test for Mersenne numbers (but only in 1935 Lehmer gave the “disprove” primality with certainty. first proof of the underlying mathematical theorem). His algorithm makes use of the congruence calculus and the test D. Unconditional (called Lucas-Lehmer test) can be described as follows: The Miller test for primality is fully deterministic and runs ≥ Input: a prime p 3. Output: Mp is prime or composite. in polynomial time over all inputs, but its correctness depends 1. Put s = 4. 2 on the truth of the yet-unproven generalized Riemann 2. For j from 3 to p do s := s − 2 mod M p.
Load more

Recommended publications
  • Fast Tabulation of Challenge Pseudoprimes Andrew Shallue and Jonathan Webster
    THE OPEN BOOK SERIES 2 ANTS XIII Proceedings of the Thirteenth Algorithmic Number Theory Symposium Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster msp THE OPEN BOOK SERIES 2 (2019) Thirteenth Algorithmic Number Theory Symposium msp dx.doi.org/10.2140/obs.2019.2.411 Fast tabulation of challenge pseudoprimes Andrew Shallue and Jonathan Webster We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW-challenge pseudoprimes with two or three prime factors up to 280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n 1 1 .mod n/ so n is a base-2 Fermat pseudoprime, Á (2) .5 n/ 1 so n is not a square modulo 5, and j D (3) Fn 1 0 .mod n/ so n is a Fibonacci pseudoprime, C Á or to prove that no such n exists. We call composites that satisfy these conditions PSW-challenge pseudo- primes. In[PSW80] they credit R. Baillie with the discovery that combining a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test[BW80].
    [Show full text]
  • Offprint Provided to the Author by the Publisher
    MATHEMATICS OF COMPUTATION Volume 89, Number 321, January 2020, Pages 493–514 https://doi.org/10.1090/mcom/3452 Article electronically published on May 24, 2019 AVERAGE LIAR COUNT FOR DEGREE-2 FROBENIUS PSEUDOPRIMES ANDREW FIORI AND ANDREW SHALLUE Abstract. In this paper we obtain lower and upper bounds on the average number of liars for the Quadratic Frobenius Pseudoprime Test of Grantham [Math. Comp. 70 (2001), pp. 873–891], generalizing arguments of Erd˝os and Pomerance [Math. Comp. 46 (1986), pp. 259–279] and Monier [Theoret. Com- put. Sci. 12 (1980), 97–108]. These bounds are provided for both Jacobi symbol ±1 cases, providing evidence for the existence of several challenge pseudo- primes. 1. Introduction A pseudoprime is a composite number that satisfies some necessary condition for primality. Since primes are necessary building blocks for so many algorithms, and since the most common way to find primes in practice is to apply primality testing algorithms based on such necessary conditions, it is important to gather what information we can about pseudoprimes. In addition to the practical benefits, pseudoprimes have remarkable divisibility properties that make them fascinating objects of study. The most common necessary condition used in practice is that the number has no small divisors. Another common necessary condition follows from a theorem of Fermat, that if n is prime and gcd(a, n)=1,thenan−1 =1(modn). If gcd(a, n)=1andan−1 =1 (modn) for composite n,wecalla a Fermat liar and denote by F (n) the set of Fermat liars with respect to n, or more precisely the set of their residue classes modulo n.
    [Show full text]
  • The Efficient Calculation of a Combined Fermat PRP and Lucas
    The Efficient Calculation of a Combined Fermat PRP and Lucas PRP Test Paul Underwood November 24, 2014 Abstract By an elementary observation about the computation of the dif- ference of squares for large integers, a deterministic probable prime (PRP) test is given with a running time almost equivalent to that of a Lucas PRP test but with the combined strength of a Fermat PRP test and a Lucas PRP test. 1 Introduction Much has been written about Fermat PRP tests [1, 2, 3], Lucas PRP tests [4, 5], Frobenius PRP tests [6, 7, 8, 9, 10, 11, 12] and combinations of these [13, 14, 15]. These tests provide a probabilistic answer to the question: \Is this integer prime?" Although an affirmative answer is not 100% certain, it is answered fast and reliable enough for \industrial" use [16]. For speed, these PRP tests are usually preceded by factoring methods such as sieving and trial division. The speed of the PRP tests depends on how quickly multiplication and modular reduction can be computed during exponentiation. Techniques such as Karatsuba's algorithm [17, section 9.5.1], Toom-Cook multiplication, Fourier Transform algorithms [17, section 9.5.2] and Montgomery exponen- tiation [17, section 9.2.1] play their roles for different integer sizes. The sizes of the bases used are also critical. Oliver Atkin introduced the concept of a \selfridge" [18], approximately equal to the running time of a Fermat PRP test. Hence a Lucas PRP test is 2 selfridges. The Baillie-PSW test costs 1+2 selfridges, the use of which is very efficient when processing a candidate prime list; There is no known Baillie-PSW pseudoprime but Greene and Chen give a way to construct some examples [19].
    [Show full text]
  • Quadratic Frobenius Probable Prime Tests Costing Two Selfridges
    Quadratic Frobenius probable prime tests costing two selfridges Paul Underwood June 6, 2017 Abstract By an elementary observation about the computation of the difference of squares for large in- tegers, deterministic quadratic Frobenius probable prime tests are given with running times of approximately 2 selfridges. 1 Introduction Much has been written about Fermat probable prime (PRP) tests [1, 2, 3], Lucas PRP tests [4, 5], Frobenius PRP tests [6, 7, 8, 9, 10, 11, 12] and combinations of these [13, 14, 15]. These tests provide a probabilistic answer to the question: “Is this integer prime?” Although an affirmative answer is not 100% certain, it is answered fast and reliable enough for “industrial” use [16]. For speed, these various PRP tests are usually preceded by factoring methods such as sieving and trial division. The speed of the PRP tests depends on how quickly multiplication and modular reduction can be computed during exponentiation. Techniques such as Karatsuba’s algorithm [17, section 9.5.1], Toom-Cook multiplication, Fourier Transform algorithms [17, section 9.5.2] and Montgomery expo- nentiation [17, section 9.2.1] play their roles for different integer sizes. The sizes of the bases used are also critical. Oliver Atkin introduced the concept of a “Selfridge Unit” [18], approximately equal to the running time of a Fermat PRP test, which is called a selfridge in this paper. The Baillie-PSW test costs 1+3 selfridges, the use of which is very efficient when processing a candidate prime list. There is no known Baillie-PSW pseudoprime but Greene and Chen give a way to construct some similar counterexam- ples [19].
    [Show full text]
  • Frobenius Pseudoprimes and a Cubic Primality Test
    Notes on Number Theory and Discrete Mathematics ISSN 1310–5132 Vol. 20, 2014, No. 4, 11–20 Frobenius pseudoprimes and a cubic primality test Catherine A. Buell1 and Eric W. Kimball2 1 Department of Mathematics, Fitchburg State University 160 Pearl Street, Fitchburg, MA, 01420, USA e-mail: [email protected] 2 Department of Mathematics, Bates College 3 Andrews Rd., Lewiston, ME, 04240, USA e-mail: [email protected] Abstract: An integer, n, is called a Frobenius probable prime with respect to a polynomial when it passes the Frobenius probable prime test. Composite integers that are Frobenius probable primes are called Frobenius pseudoprimes. Jon Grantham developed and analyzed a Frobenius probable prime test with quadratic polynomials. Using the Chinese Remainder Theorem and Frobenius automorphisms, we were able to extend Grantham’s results to some cubic polynomials. This case is computationally similar but more efficient than the quadratic case. Keywords: Frobenius, Pseudoprimes, Cubic, Number fields, Primality. AMS Classification: 11Y11. 1 Introduction Fermat’s Little Theorem is a beloved theorem found in numerous abstract algebra and number theory textbooks. It states, for p an odd prime and (a; p)= 1, ap−1 ≡ 1 mod p. Fermat’s Little Theorem holds for all primes; however, there are some composites that pass this test with a particular base, a. These are called Fermat pseudoprimes. Definition 1.1. A Fermat pseudoprime is a composite n for which an−1 ≡ 1 mod n for some base a and (a; n) = 1. The term pseudoprime is typically used to refer to Fermat pseudoprime. Example 1.2. Consider n = 341 and a = 2.
    [Show full text]
  • There Are Infinitely Many Perrin Pseudoprimes
    There are Infinitely Many Perrin Pseudoprimes Jon Grantham Institute for Defense Analyses Center for Computing Sciences 17100 Science Drive, Bowie, MD 20715, United States Abstract This paper proves the existence of infinitely many Perrin pseudoprimes, as con- jectured by Adams and Shanks in 1982. The theorem proven covers a general class of pseudoprimes based on recurrence sequences. The result uses ingredients of the proof of the infinitude of Carmichael numbers, along with zero-density estimates for Hecke L-functions. Keywords: pseudoprime; Hecke L-function; Perrin pseudoprime; Frobenius pseudoprime 2000 MSC: 11Y11, 11N13, 11N25 1. Introduction The search for fast primality tests has led to the examination of the gener- alization of the Fermat probable prime test: n is a probable prime if 2n−1 ≡ 1 mod n. This test, and its generalizations, requires O(log n) multiplications. If such a generalization could be found with a finite list of exceptions (pseudo- primes), we would have a primality test which runs deterministically in time O(log˜ 2 n). (Recall that O˜ is an extension to the O notation that ignores factors that are bounded by a fixed power of the logarithm.) By contrast, the Agrawal-Kayal-Saxena test [2] has recently been improved to O(log˜ 6 n) [16]. Non-deterministic variants of the AKS test [4], [5] have running time of O(log˜ 4 n); the same can be achieved heuristically for the ECPP test [19]. arXiv:1903.06825v1 [math.NT] 15 Mar 2019 Although ECPP is the fastest method in practice, it is not proven to be in (random) polynomial time.
    [Show full text]
  • Lucas and Frobenius Pseudoprimes
    LUCAS AND FROBENIUS PSEUDOPRIMES ANDRZEJ ROTKIEWICZ Abstract. We define several types of Lucas and Frobenius pseudoprimes and prove some theorems on these pseudoprimes. In particular: There exist infinitely many arithmetic progressions formed by three different Frobenius-Fibonacci pseudoprimes. There are composite numbers, which behave in certain situation as they would be primes. The classical examples are pseudoprimes, which satisfy Fermat's congruence on_1 = 1 mod n, where (a,n) — 1. Such numbers n are called pseudoprimes to base a. The pseudoprimes are not just a curiosity, they are of considerable im­ portance in factoring large integers and in deciding primality of large inte­ gers. Applications of pseudoprimes to cryptography and computing have gi­ ven pseudoprimes a more practical turn. Several tests for primality involve recurrence sequences. For example, if we define the Fibonacci numbers by Fo — 0, F\ = 1 and Fn = Fn_i 4- Fn_2, then ^-(s/p) = 0 mod p if p is a prime and (5/p) is the Legendre symbol. A composite n is called a Fibonacci pseudoprime if Fn_(s/n) = 0 mod n, where n is composite and (5/n) is the Jacobi symbol. One reason that pseudoprimes based on recurrence sequences have at­ tracted interest is that the pseudoprime for these sequences are often different from ordinary pseudoprimes. In fact, nobody has applied for the $620 offered for a Fibonacci pseu­ doprime n with (5/n) = —1, that is also a pseudoprime to the base 2 (Po- merance, Selfridge, Wagstaff [14], Guy [11]). In 1909 Banachiewicz noted that all Fermat numbers 22" +1 are primes or pseudoprimes to base 2 (see also Kfiżek, Luca and Somer" [12]) and perhaps Received: 18.06.2002.
    [Show full text]
  • Expanding Compositeness Tests
    Master Thesis Mathematics Expanding Compositeness Tests Supervisor: Dr. Wieb Bosma Author: Erik Mulder Second Reader: Prof. dr. Wadim Zudilin July 23, 2020 Contents 1 Introduction 2 2 Matrices 5 2.1 Matrix Carmichael numbers . .5 2.2 Miller-Rabin in matrix groups . 15 2.3 Lucas-Lehmer in matrix groups . 23 3 Finite Field Extensions 26 3.1 Grantham's test . 26 3.2 Irreducible polynomials modulo divisors of n ................ 37 3.3 Elliptic curves . 42 3.4 Non-residue modulo all divisors of n ..................... 47 Bibliography 53 1 Chapter 1 Introduction For millennia mathematicians have been fascinated by prime numbers, integers n such that the only positive divisors of n are 1 and n itself. Certainly not all integers are prime numbers, which raises the question how many there are and how one can find and detect them. The most obvious way to test if an integer n is prime is to check if one of 2; 3; : : : ; n − 1 divides n. If not, then n is prime! This primality test works every time, but doing n−1 divisions is not ideal when n is large. This is why we try to use algebraic properties of the prime numbers to find faster tests. We can note for example that if n p is not prime, then n has a divisor a such that a ≤ n. Using this fact, we now only p have to check if one of 2; 3;:::; b nc divides n. We are often interested in how fast an algorithm is. One way the describe the effi- ciency of an algorithm is by computing its complexity.
    [Show full text]
  • Tutorme Subjects Covered.Xlsx
    Subject Group Subject Topic Computer Science Android Programming Computer Science Arduino Programming Computer Science Artificial Intelligence Computer Science Assembly Language Computer Science Computer Certification and Training Computer Science Computer Graphics Computer Science Computer Networking Computer Science Computer Science Address Spaces Computer Science Computer Science Ajax Computer Science Computer Science Algorithms Computer Science Computer Science Algorithms for Searching the Web Computer Science Computer Science Allocators Computer Science Computer Science AP Computer Science A Computer Science Computer Science Application Development Computer Science Computer Science Applied Computer Science Computer Science Computer Science Array Algorithms Computer Science Computer Science ArrayLists Computer Science Computer Science Arrays Computer Science Computer Science Artificial Neural Networks Computer Science Computer Science Assembly Code Computer Science Computer Science Balanced Trees Computer Science Computer Science Binary Search Trees Computer Science Computer Science Breakout Computer Science Computer Science BufferedReader Computer Science Computer Science Caches Computer Science Computer Science C Generics Computer Science Computer Science Character Methods Computer Science Computer Science Code Optimization Computer Science Computer Science Computer Architecture Computer Science Computer Science Computer Engineering Computer Science Computer Science Computer Systems Computer Science Computer Science Congestion Control
    [Show full text]
  • Arxiv:1806.08697V1 [Math.NT]
    FAST TABULATION OF CHALLENGE PSEUDOPRIMES ANDREW SHALLUE AND JONATHAN WEBSTER Abstract. We provide a new algorithm for tabulating composite numbers which are pseudoprimes to both a Fermat test and a Lucas test. Our algorithm is optimized for parameter choices that minimize the occurrence of pseudoprimes, and for pseudoprimes with a fixed number of prime factors. Using this, we have confirmed that there are no PSW challenge pseudoprimes with two or three prime factors upto280. In the case where one is tabulating challenge pseudoprimes with a fixed number of prime factors, we prove our algorithm gives an unconditional asymptotic improvement over previous methods. 1. Introduction Pomerance, Selfridge, and Wagstaff famously offered $620 for a composite n that satisfies (1) 2n−1 1 (mod n) so n is a base 2 Fermat pseudoprime, (2) (5 n≡)= 1 so n is not a square modulo 5, and (3) F | 0− (mod n) so n is a Fibonacci pseudoprime, n+1 ≡ or to prove that no such n exists. We call composites that satisfy these conditions PSW challenge pseudoprimes. In [PSW80] they credit R. Baillie with the discovery that combin- ing a Fermat test with a Lucas test (with a certain specific parameter choice) makes for an especially effective primality test [BW80]. Perhaps not as well known is Jon Grantham’s of- fer of $6.20 for a Frobenius pseudoprime n to the polynomial x2 5x 5 with (5 n)= 1 [Gra01]. Similar to the PSW challenge, Grantham’s challenge− number− would be| a base− 5 Fermat pseudoprime, a Lucas pseudoprime with polynomial x2 5x 5, and satisfy (5 n) = 1.
    [Show full text]
  • Introduction
    Math. J. Okayama Univ. 54 (2012), 1–32 SOME REMARKS ON LUCAS PSEUDOPRIMES Noriyuki Suwa Abstract. We present a way of viewing Lucas pseudoprimes, Euler- Lucas pseudoprimes and strong Lucas pseudoprimes in the context of group schemes. This enables us to treat the Lucas pseudoprimalities in parallel to establish pseudoprimes, Euler pseudoprimes and strong pseudoprimes. Introduction Let p be a prime > 2. Then, as is well known, we have the following assertions: (1)(Fermat) If a is an integer prime to p, then ap 1 1 mod p; − ≡ p−1 a (2)(Euler) If a is an integer prime to p, then a 2 mod p; ≡ p (3) Put p 1 = 2sm with (m, 2) = 1. If a is an integer prime to p, then − k either am 1 mod p or a2 m 1 mod p for some k<s. These facts≡ provide us with a≡− convenient way to prove that an odd integer n is composite. That is to say, n is verified to be composite if a statement fails for n among those above mentioned. The repeated squaring method is very effective to perform the required exponentiation. In particular, the assertion (3) is a basis for the Strong Probale Prime Test or the Miller- Rabin Test ([8],[10]), which is recognized as rapid and accurate enough to generate an industrial-grade prime ([3, Ch.III, 5]). Examining the accuracy of probable prime tests, we arrive at the notion of pseudoprimality. Let n be an odd composite and a an integer prime to n. (1) n is called a pseudoprime base to a if an 1 1 mod n; − ≡ n−1 a (2) n is called an Euler pseudoprime base to a if a 2 mod n; ≡ n (3) Put n 1 = 2sm with (m, 2) = 1.
    [Show full text]
  • Average Liar Counts for Degree 2 Frobenius Pseudoprimes
    Average Liar Counts for Degree 2 Frobenius Pseudoprimes Andrew Fiori and Andrew Shallue University of Calgary – Illinois Wesleyan University West Coast Number Theory 2016 Inspiration and summary Erd˝os,Pomerance, “On the number of false witnesses for a composite number” (1986) proved that 1 X −(1 + o(1)) log y log log log y y 15/23 < F (n) ≤ y · exp y log log y n≤y where the sum is over n composite, and F (n) is the count of Fermat liars for n. We have proven a similar result for degree 2 Frobenius pseudoprimes. Headline result: Grantham challenge pseudoprimes exist “on average” Why study pseudoprimes? 1. Primality tests based on necessary conditions are still used in practice. 2. Pseudoprimes exhibit fascinating divisibility properties. 3. Prize money! Definitions Composite n is a 2-Fermat pseudoprime if 2n−1 ≡ 1 mod n First example: 341. Lucas pseudoprime: let P, Q be integers, ∆ = P2 − 4Q (discriminant), α, β the roots of x2 − Px + Q. The Lucas U sequence is defined by αn − βn U(n) = . α − β Let (n) = (∆ | n). Composite n is a (P, Q)-LucasU pseudoprime if n | U(n − (n)). First (1, −1)-Lucas pseudoprime: 323 Degree 2 Frobenius pseudoprimes Definition (Grantham) Let f (x) ∈ Z[x] be a degree 2 monic polynomial with discriminant ∆. Suppose that all the following conditions hold for a composite n. 1. (Integer Divisibility) We have gcd(n, f (0)∆) = 1. n 2. (Factorization) Let F1(x) = gcmd(x − x, f (x)), n2 f1(x) = f (x)/F1(x), F2(x) = gcmd(x − x, f1(x)), and f2(x) = f1(x)/F2(x).
    [Show full text]