DOCSLIB.ORG

Notes on Primality Testing and Public Key Cryptography Part 1: Randomized Algorithms Miller–Rabin and Solovay–Strassen Tests

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Notes on Primality Testing And Public Key Cryptography Part 1: Randomized Algorithms Miller{Rabin and Solovay{Strassen Tests Jean Gallier and Jocelyn Quaintance Department of Computer and Information Science University of Pennsylvania Philadelphia, PA 19104, USA e-mail: [email protected] c Jean Gallier February 27, 2019 Contents Contents 2 1 Introduction 5 1.1 Prime Numbers and Composite Numbers . 5 1.2 Methods for Primality Testing . 6 1.3 Some Tests for Compositeness . 9 2 Public Key Cryptography 13 2.1 Public Key Cryptography; The RSA System . 13 2.2 Correctness of The RSA System . 18 2.3 Algorithms for Computing Powers and Inverses Modulo m . 22 2.4 Finding Large Primes; Signatures; Safety of RSA . 26 3 Primality Testing Using Randomized Algorithms 33 4 Basic Facts About Groups, and Number Theory 37 4.1 Groups, Subgroups, Cosets . 37 4.2 Cyclic Groups . 50 4.3 Rings and Fields . 60 4.4 Primitive Roots . 67 4.5 Which Groups (Z=nZ)∗ Have Primitive Roots . 75 4.6 The Lucas Theorem, PRIMES is in NP .................... 80 4.7 The Structure of Finite Fields . 90 5 The Miller{Rabin Test 93 5.1 Square Roots of Unity . 94 5.2 The Fermat Test; F -Witnesses and F -Liars . 96 5.3 Carmichael Numbers . 99 5.4 The Miller{Rabin Test; MR-Witnesses and MR-Liars . 103 5.5 The Monier{Rabin Bound on the Size of the Set of MR-Liars . 116 5.6 The Least MR-Witness for n . 121 6 The Solovay{Strassen Test 125 6.1 Quadratic Residues . 125 2 CONTENTS 3 6.2 The Legendre Symbol . 127 6.3 The Jacobi Symbol . 134 6.4 The Solovay{Strassen Test; E-Witnesses and E-Liars . 137 6.5 The Quadratic Reciprocity Law . 140 6.6 A Randomized Algorithm to Find a Square Root mod p . 144 6.7 Proof of the Quadratic Reciprocity Law . 150 6.8 Eisenstein's Proof of the Quadratic Reciprocity Law . 155 6.9 Strong Pseudoprimes are Euler Pseudoprimes . 158 Bibliography 163 4 CONTENTS Chapter 1 Introduction 1.1 Prime Numbers and Composite Numbers Prime numbers have fascinated mathematicians and more generally curious minds for thou- sands of years. What is a prime number? Well, 2; 3; 5; 7; 11; 13;:::; 9973 are prime numbers. The defining property of a prime number p is that it is a positive integer p ≥ 2 that is only divisible by 1 and p. Equivalently, p is prime if and only if p is a positive integer p ≥ 2 that is not divisible by any integer m such that 2 ≤ m < p. A positive integer n ≥ 2 which is not prime is called composite. Observe that the number 1 is considered neither a prime nor a composite. For example, 6 = 2 · 3 is composite. Is 3 215 031 751 composite? Yes, because 3 215 031 751 = 151 · 751 · 28351: The above number has the remarkable property of being the only composite integer less than 25 · 109 which a strong pseudoprime simultaneously to the bases 2; 3; 5; 7; see Definition 5.5, and Ribenboim [18] (Chapter 2, Section XI). Even though the definition of primality is very simple, the structure of the set of prime numbers is highly nontrivial. The prime numbers are the basic building blocks of the natu- ral numbers because of the following theorem bearing the impressive name of fundamental theorem of arithmetic. Theorem 1.1. Every natural number n ≥ 2 has a unique factorization i1 i2 ik n = p1 p2 ··· pk ; where the exponents i1; : : : ; ik are positive integers and p1 < p2 < ··· < pk are primes. Every book on number theory has a proof of Theorem 1.1. The proof is not difficult and uses induction. It has two parts. The first part shows the existence of a factorization. The second part shows its uniqueness. For example, see Apostol [1] (Chapter 1, Theorem 1.10). How many prime numbers are there? Many! In fact, infinitely many. 5 6 CHAPTER 1. INTRODUCTION Theorem 1.2. The set of prime numbers is infinite. Proof. We give three proofs. These proofs only use the fact that every integer greater than 1 has some prime divisor. (1) (Euclid) Suppose that p1 = 2 < p2 = 3 < ··· < pm are all the primes. Consider N = p1p2 ··· pm + 1. The number N must be divisible by some prime p (p = N is possible). Then p must be one of the pi, so p = pi divides N − p1p2 ··· pm = 1, contradicting the fact that pi ≥ 2. (2) (Kummer) Suppose that p1 = 2 < p2 = 3 < ··· < pm are all the primes, as in (1), but this time let N = p1p2 ··· pm. Observe that N > 2. The number N − 1 must be divisible by one of the primes pi (pi = N − 1 is possible). But if pi divides N − 1, then pi divides N − (N − 1) = 1, a contradiction. (3) (Hermite) We prove that for every natural number n ≥ 2, there is some prime p > n. Consider N = n! + 1. The number N must be divisible by some prime p (p = N is possible). Any prime p dividing N is distinct from 2; 3; : : : ; n, since otherwise p would divide N − n! = 1, a contradiction. There are many more proofs; see Ribenboim [18]. The problem of determining whether a given integer is prime is one of the better known and most easily understood problems of pure mathematics. This problem has caught the interest of mathematicians again and again for centuries. However, it was not until the 20th century that questions about primality testing and factoring were recognized as problems of practical importance, and a central part of applied mathematics. The advent of cryp- tographic systems that use large primes, such as RSA, was the main driving force for the development of fast and reliable methods for primality testing. Indeed, as we see in Chapter 2, in order to create RSA keys, one needs to produce large prime numbers. How do we do that? 1.2 Methods for Primality Testing The general strategy to test whether an integer n > 2 is prime or composite is to choose some property, say A, implied by primality, and to search for a counterexample a to this property for the number n, namely some a for which property A fails. We look for properties for which checking that a candidate a is indeed a countexample can be done quickly. Typically, together with the number n being tested for primality, some candidate coun- terexample a is supplied to an algorithm which runs a test to determine whether a is really a counterexample to property A for n. If the test says that a is a counterexample, also called a witness, then we know for sure that n is composite. If the algorithm reports that a is not a witness to the fact that n is composite, does this imply that n is prime? Unfortunately, no. 1.2. METHODS FOR PRIMALITY TESTING 7 This is because, there may be some composite number n and some candidate counterexample a for which the test says that a is not a countexample. Such a number a is called a liar. The other reason is that we haven't tested all the candidate counterexamples a for n. The remedy is to make sure that we pick a property A such that if n is composite, then at least some candidate a is not a liar, and to test all potential countexamples a. The difficulty is that trying all candidate countexamples can be too expensive to be practical. The following analogy may be helpful to understand the nature of such a method. Sup- pose we have a population and we are interested in determining whether some individual is rich or not (we will say that someone who is not rich is poor). Every individual n has several bank accounts a, and there is a test to check whether a bank account a has a negative balance. The test has the property that if it is applied to an individual n and to one of its bank accounts a, and if it is positive (it says that account a has a negative balance), then the individual n is definitely poor. Note that we are assuming that a rich person is honest, namely that all bank accounts of a rich person have a nonnegative balance. This may be an unrealistic assumption. But if the test is negative (which means that account a has a nonnegative balance), this does not imply that n is rich. The problem is that the test may not be 100% reliable. It is possible that an individual n is poor, yet the test is negative for account a (account a has a nonnegative balance). We may also not have tested all the accounts of n. One way to deal with this problem is to use probabilities. If we know that the conditional probability that the test is positive for some account a given that n is poor is greater than p ≥ 1=2, then we can apply the test to ` accounts chosen independently at random. It is easy to show that the conditional probability that the test is negative ` times given that an individual n is poor is less than (1 − p)`. For p close to 1 and ` large enough, this probability is very small. Thus, if we have high confidence in the test (p is close to 1) and if an individual n is poor, it is very unlikely that the test will be negative ` times. Actually, what we would really like to know is the conditional probability that the indi- vidual n is rich given that the test is negative ` times.
Recommended publications
  • Primality Testing and Integer Factorisation

    Primality Testing and Integer Factorisation

    Primality Testing and Integer Factorisation Richard P. Brent, FAA Computer Sciences Laboratory Australian National University Canberra, ACT 2601 Abstract The problem of finding the prime factors of large composite numbers has always been of mathematical interest. With the advent of public key cryptosystems it is also of practical importance, because the security of some of these cryptosystems, such as the Rivest-Shamir-Adelman (RSA) system, depends on the difficulty of factoring the public keys. In recent years the best known integer factorisation algorithms have improved greatly, to the point where it is now easy to factor a 60-decimal digit number, and possible to factor numbers larger than 120 decimal digits, given the availability of enough computing power. We describe several recent algorithms for primality testing and factorisation, give examples of their use and outline some applications. 1. Introduction It has been known since Euclid’s time (though first clearly stated and proved by Gauss in 1801) that any natural number N has a unique prime power decomposition α1 α2 αk N = p1 p2 ··· pk (1.1) αj (p1 < p2 < ··· < pk rational primes, αj > 0). The prime powers pj are called αj components of N, and we write pj kN. To compute the prime power decomposition we need – 1. An algorithm to test if an integer N is prime. 2. An algorithm to find a nontrivial factor f of a composite integer N. Given these there is a simple recursive algorithm to compute (1.1): if N is prime then stop, otherwise 1. find a nontrivial factor f of N; 2.
  • An Analysis of Primality Testing and Its Use in Cryptographic Applications

    An Analysis of Primality Testing and Its Use in Cryptographic Applications

    An Analysis of Primality Testing and Its Use in Cryptographic Applications Jake Massimo Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Information Security Royal Holloway, University of London 2020 Declaration These doctoral studies were conducted under the supervision of Prof. Kenneth G. Paterson. The work presented in this thesis is the result of original research carried out by myself, in collaboration with others, whilst enrolled in the Department of Mathe- matics as a candidate for the degree of Doctor of Philosophy. This work has not been submitted for any other degree or award in any other university or educational establishment. Jake Massimo April, 2020 2 Abstract Due to their fundamental utility within cryptography, prime numbers must be easy to both recognise and generate. For this, we depend upon primality testing. Both used as a tool to validate prime parameters, or as part of the algorithm used to generate random prime numbers, primality tests are found near universally within a cryptographer's tool-kit. In this thesis, we study in depth primality tests and their use in cryptographic applications. We first provide a systematic analysis of the implementation landscape of primality testing within cryptographic libraries and mathematical software. We then demon- strate how these tests perform under adversarial conditions, where the numbers being tested are not generated randomly, but instead by a possibly malicious party. We show that many of the libraries studied provide primality tests that are not pre- pared for testing on adversarial input, and therefore can declare composite numbers as being prime with a high probability.
  • Chapter 9 Quadratic Residues

    Chapter 9 Quadratic Residues

    Chapter 9 Quadratic Residues 9.1 Introduction Definition 9.1. We say that a 2 Z is a quadratic residue mod n if there exists b 2 Z such that a ≡ b2 mod n: If there is no such b we say that a is a quadratic non-residue mod n. Example: Suppose n = 10. We can determine the quadratic residues mod n by computing b2 mod n for 0 ≤ b < n. In fact, since (−b)2 ≡ b2 mod n; we need only consider 0 ≤ b ≤ [n=2]. Thus the quadratic residues mod 10 are 0; 1; 4; 9; 6; 5; while 3; 7; 8 are quadratic non-residues mod 10. Proposition 9.1. If a; b are quadratic residues mod n then so is ab. Proof. Suppose a ≡ r2; b ≡ s2 mod p: Then ab ≡ (rs)2 mod p: 9.2 Prime moduli Proposition 9.2. Suppose p is an odd prime. Then the quadratic residues coprime to p form a subgroup of (Z=p)× of index 2. Proof. Let Q denote the set of quadratic residues in (Z=p)×. If θ :(Z=p)× ! (Z=p)× denotes the homomorphism under which r 7! r2 mod p 9–1 then ker θ = {±1g; im θ = Q: By the first isomorphism theorem of group theory, × jkerθj · j im θj = j(Z=p) j: Thus Q is a subgroup of index 2: p − 1 jQj = : 2 Corollary 9.1. Suppose p is an odd prime; and suppose a; b are coprime to p. Then 1. 1=a is a quadratic residue if and only if a is a quadratic residue.
  • FACTORING COMPOSITES TESTING PRIMES Amin Witno

    FACTORING COMPOSITES TESTING PRIMES Amin Witno

    WON Series in Discrete Mathematics and Modern Algebra Volume 3 FACTORING COMPOSITES TESTING PRIMES Amin Witno Preface These notes were used for the lectures in Math 472 (Computational Number Theory) at Philadelphia University, Jordan.1 The module was aborted in 2012, and since then this last edition has been preserved and updated only for minor corrections. Outline notes are more like a revision. No student is expected to fully benefit from these notes unless they have regularly attended the lectures. 1 The RSA Cryptosystem Sensitive messages, when transferred over the internet, need to be encrypted, i.e., changed into a secret code in such a way that only the intended receiver who has the secret key is able to read it. It is common that alphabetical characters are converted to their numerical ASCII equivalents before they are encrypted, hence the coded message will look like integer strings. The RSA algorithm is an encryption-decryption process which is widely employed today. In practice, the encryption key can be made public, and doing so will not risk the security of the system. This feature is a characteristic of the so-called public-key cryptosystem. Ali selects two distinct primes p and q which are very large, over a hundred digits each. He computes n = pq, ϕ = (p − 1)(q − 1), and determines a rather small number e which will serve as the encryption key, making sure that e has no common factor with ϕ. He then chooses another integer d < n satisfying de % ϕ = 1; This d is his decryption key. When all is ready, Ali gives to Beth the pair (n; e) and keeps the rest secret.
  • The Pseudoprimes to 25 • 109

    The Pseudoprimes to 25 • 109

    MATHEMATICS OF COMPUTATION, VOLUME 35, NUMBER 151 JULY 1980, PAGES 1003-1026 The Pseudoprimes to 25 • 109 By Carl Pomerance, J. L. Selfridge and Samuel S. Wagstaff, Jr. Abstract. The odd composite n < 25 • 10 such that 2n_1 = 1 (mod n) have been determined and their distribution tabulated. We investigate the properties of three special types of pseudoprimes: Euler pseudoprimes, strong pseudoprimes, and Car- michael numbers. The theoretical upper bound and the heuristic lower bound due to Erdös for the counting function of the Carmichael numbers are both sharpened. Several new quick tests for primality are proposed, including some which combine pseudoprimes with Lucas sequences. 1. Introduction. According to Fermat's "Little Theorem", if p is prime and (a, p) = 1, then ap~1 = 1 (mod p). This theorem provides a "test" for primality which is very often correct: Given a large odd integer p, choose some a satisfying 1 <a <p - 1 and compute ap~1 (mod p). If ap~1 pi (mod p), then p is certainly composite. If ap~l = 1 (mod p), then p is probably prime. Odd composite numbers n for which (1) a"_1 = l (mod«) are called pseudoprimes to base a (psp(a)). (For simplicity, a can be any positive in- teger in this definition. We could let a be negative with little additional work. In the last 15 years, some authors have used pseudoprime (base a) to mean any number n > 1 satisfying (1), whether composite or prime.) It is well known that for each base a, there are infinitely many pseudoprimes to base a.
  • Primes and Primality Testing

    Primes and Primality Testing

    Primes and Primality Testing A Technological/Historical Perspective Jennifer Ellis Department of Mathematics and Computer Science What is a prime number? A number p greater than one is prime if and only if the only divisors of p are 1 and p. Examples: 2, 3, 5, and 7 A few larger examples: 71887 524287 65537 2127 1 Primality Testing: Origins Eratosthenes: Developed “sieve” method 276-194 B.C. Nicknamed Beta – “second place” in many different academic disciplines Also made contributions to www-history.mcs.st- geometry, approximation of andrews.ac.uk/PictDisplay/Eratosthenes.html the Earth’s circumference Sieve of Eratosthenes 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 Sieve of Eratosthenes We only need to “sieve” the multiples of numbers less than 10. Why? (10)(10)=100 (p)(q)<=100 Consider pq where p>10. Then for pq <=100, q must be less than 10. By sieving all the multiples of numbers less than 10 (here, multiples of q), we have removed all composite numbers less than 100.
  • A Clasification of Known Root Prime-Generating

    A Clasification of Known Root Prime-Generating

    Special properties of the first absolute Fermat pseudoprime, the number 561 Marius Coman Bucuresti, Romania email: [email protected] Abstract. Though is the first Carmichael number, the number 561 doesn’t have the same fame as the third absolute Fermat pseudoprime, the Hardy-Ramanujan number, 1729. I try here to repair this injustice showing few special properties of the number 561. I will just list (not in the order that I value them, because there is not such an order, I value them all equally as a result of my more or less inspired work, though they may or not “open a path”) the interesting properties that I found regarding the number 561, in relation with other Carmichael numbers, other Fermat pseudoprimes to base 2, with primes or other integers. 1. The number 2*(3 + 1)*(11 + 1)*(17 + 1) + 1, where 3, 11 and 17 are the prime factors of the number 561, is equal to 1729. On the other side, the number 2*lcm((7 + 1),(13 + 1),(19 + 1)) + 1, where 7, 13 and 19 are the prime factors of the number 1729, is equal to 561. We have so a function on the prime factors of 561 from which we obtain 1729 and a function on the prime factors of 1729 from which we obtain 561. Note: The formula N = 2*(d1 + 1)*...*(dn + 1) + 1, where d1, d2, ...,dn are the prime divisors of a Carmichael number, leads to interesting results (see the sequence A216646 in OEIS); the formula M = 2*lcm((d1 + 1),...,(dn + 1)) + 1 also leads to interesting results (see the sequence A216404 in OEIS).
  • A FEW FACTS REGARDING NUMBER THEORY Contents 1

    A FEW FACTS REGARDING NUMBER THEORY Contents 1

    A FEW FACTS REGARDING NUMBER THEORY LARRY SUSANKA Contents 1. Notation 2 2. Well Ordering and Induction 3 3. Intervals of Integers 4 4. Greatest Common Divisor and Least Common Multiple 5 5. A Theorem of Lam´e 8 6. Linear Diophantine Equations 9 7. Prime Factorization 10 8. Intn, mod n Arithmetic and Fermat's Little Theorem 11 9. The Chinese Remainder Theorem 13 10. RelP rimen, Euler's Theorem and Gauss' Theorem 14 11. Lagrange's Theorem and Primitive Roots 17 12. Wilson's Theorem 19 13. Polynomial Congruencies: Reduction to Simpler Form 20 14. Polynomial Congruencies: Solutions 23 15. The Quadratic Formula 27 16. Square Roots for Prime Power Moduli 28 17. Euler's Criterion and the Legendre Symbol 31 18. A Lemma of Gauss 33 −1 2 19. p and p 36 20. The Law of Quadratic Reciprocity 37 21. The Jacobi Symbol and its Reciprocity Law 39 22. The Tonelli-Shanks Algorithm for Producing Square Roots 42 23. Public Key Encryption 44 24. An Example of Encryption 47 References 50 Index 51 Date: October 13, 2018. 1 2 LARRY SUSANKA 1. Notation. To get started, we assume given the set of integers Z, sometimes denoted f :::; −2; −1; 0; 1; 2;::: g: We assume that the reader knows about the operations of addition and multiplication on integers and their basic properties, and also the usual order relation on these integers. In particular, the operations of addition and multiplication are commuta- tive and associative, there is the distributive property of multiplication over addition, and mn = 0 implies one (at least) of m or n is 0.
  • Number Theory Summary

    Number Theory Summary

    YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467: Cryptography and Computer Security Handout #11 Professor M. J. Fischer November 13, 2017 Number Theory Summary Integers Let Z denote the integers and Z+ the positive integers. Division For a 2 Z and n 2 Z+, there exist unique integers q; r such that a = nq + r and 0 ≤ r < n. We denote the quotient q by ba=nc and the remainder r by a mod n. We say n divides a (written nja) if a mod n = 0. If nja, n is called a divisor of a. If also 1 < n < jaj, n is said to be a proper divisor of a. Greatest common divisor The greatest common divisor (gcd) of integers a; b (written gcd(a; b) or simply (a; b)) is the greatest integer d such that d j a and d j b. If gcd(a; b) = 1, then a and b are said to be relatively prime. Euclidean algorithm Computes gcd(a; b). Based on two facts: gcd(0; b) = b; gcd(a; b) = gcd(b; a − qb) for any q 2 Z. For rapid convergence, take q = ba=bc, in which case a − qb = a mod b. Congruence For a; b 2 Z and n 2 Z+, we write a ≡ b (mod n) iff n j (b − a). Note a ≡ b (mod n) iff (a mod n) = (b mod n). + ∗ Modular arithmetic Fix n 2 Z . Let Zn = f0; 1; : : : ; n − 1g and let Zn = fa 2 Zn j gcd(a; n) = 1g. For integers a; b, define a⊕b = (a+b) mod n and a⊗b = ab mod n.
  • Primality Testing for Beginners

    Primality Testing for Beginners

    STUDENT MATHEMATICAL LIBRARY Volume 70 Primality Testing for Beginners Lasse Rempe-Gillen Rebecca Waldecker http://dx.doi.org/10.1090/stml/070 Primality Testing for Beginners STUDENT MATHEMATICAL LIBRARY Volume 70 Primality Testing for Beginners Lasse Rempe-Gillen Rebecca Waldecker American Mathematical Society Providence, Rhode Island Editorial Board Satyan L. Devadoss John Stillwell Gerald B. Folland (Chair) Serge Tabachnikov The cover illustration is a variant of the Sieve of Eratosthenes (Sec- tion 1.5), showing the integers from 1 to 2704 colored by the number of their prime factors, including repeats. The illustration was created us- ing MATLAB. The back cover shows a phase plot of the Riemann zeta function (see Appendix A), which appears courtesy of Elias Wegert (www.visual.wegert.com). 2010 Mathematics Subject Classification. Primary 11-01, 11-02, 11Axx, 11Y11, 11Y16. For additional information and updates on this book, visit www.ams.org/bookpages/stml-70 Library of Congress Cataloging-in-Publication Data Rempe-Gillen, Lasse, 1978– author. [Primzahltests f¨ur Einsteiger. English] Primality testing for beginners / Lasse Rempe-Gillen, Rebecca Waldecker. pages cm. — (Student mathematical library ; volume 70) Translation of: Primzahltests f¨ur Einsteiger : Zahlentheorie - Algorithmik - Kryptographie. Includes bibliographical references and index. ISBN 978-0-8218-9883-3 (alk. paper) 1. Number theory. I. Waldecker, Rebecca, 1979– author. II. Title. QA241.R45813 2014 512.72—dc23 2013032423 Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting for them, are permitted to make fair use of the material, such as to copy a chapter for use in teaching or research. Permission is granted to quote brief passages from this publication in reviews, provided the customary acknowledgment of the source is given.
  • On Types of Elliptic Pseudoprimes

    On Types of Elliptic Pseudoprimes

    journal of Groups, Complexity, Cryptology Volume 13, Issue 1, 2021, pp. 1:1–1:33 Submitted Jan. 07, 2019 https://gcc.episciences.org/ Published Feb. 09, 2021 ON TYPES OF ELLIPTIC PSEUDOPRIMES LILJANA BABINKOSTOVA, A. HERNANDEZ-ESPIET,´ AND H. Y. KIM Boise State University e-mail address: [email protected] Rutgers University e-mail address: [email protected] University of Wisconsin-Madison e-mail address: [email protected] Abstract. We generalize Silverman's [31] notions of elliptic pseudoprimes and elliptic Carmichael numbers to analogues of Euler-Jacobi and strong pseudoprimes. We inspect the relationships among Euler elliptic Carmichael numbers, strong elliptic Carmichael numbers, products of anomalous primes and elliptic Korselt numbers of Type I, the former two of which we introduce and the latter two of which were introduced by Mazur [21] and Silverman [31] respectively. In particular, we expand upon the work of Babinkostova et al. [3] on the density of certain elliptic Korselt numbers of Type I which are products of anomalous primes, proving a conjecture stated in [3]. 1. Introduction The problem of efficiently distinguishing the prime numbers from the composite numbers has been a fundamental problem for a long time. One of the first primality tests in modern number theory came from Fermat Little Theorem: if p is a prime number and a is an integer not divisible by p, then ap−1 ≡ 1 (mod p). The original notion of a pseudoprime (sometimes called a Fermat pseudoprime) involves counterexamples to the converse of this theorem. A pseudoprime to the base a is a composite number N such aN−1 ≡ 1 mod N.
  • Introduction to Abstract Algebra “Rings First”

    Introduction to Abstract Algebra “Rings First”

    Introduction to Abstract Algebra \Rings First" Bruno Benedetti University of Miami January 2020 Abstract The main purpose of these notes is to understand what Z; Q; R; C are, as well as their polynomial rings. Contents 0 Preliminaries 4 0.1 Injective and Surjective Functions..........................4 0.2 Natural numbers, induction, and Euclid's theorem.................6 0.3 The Euclidean Algorithm and Diophantine Equations............... 12 0.4 From Z and Q to R: The need for geometry..................... 18 0.5 Modular Arithmetics and Divisibility Criteria.................... 23 0.6 *Fermat's little theorem and decimal representation................ 28 0.7 Exercises........................................ 31 1 C-Rings, Fields and Domains 33 1.1 Invertible elements and Fields............................. 34 1.2 Zerodivisors and Domains............................... 36 1.3 Nilpotent elements and reduced C-rings....................... 39 1.4 *Gaussian Integers................................... 39 1.5 Exercises........................................ 41 2 Polynomials 43 2.1 Degree of a polynomial................................. 44 2.2 Euclidean division................................... 46 2.3 Complex conjugation.................................. 50 2.4 Symmetric Polynomials................................ 52 2.5 Exercises........................................ 56 3 Subrings, Homomorphisms, Ideals 57 3.1 Subrings......................................... 57 3.2 Homomorphisms.................................... 58 3.3 Ideals.........................................