MATHEMATICSof computation VOLUME55, NUMBER 192 OCTOBER 1990, PAGES 783-813
PSEUDOPRIMES FOR HIGHER-ORDER LINEAR RECURRENCESEQUENCES
S. GURAK
Abstract. With the advent of high-speed computing, there is a rekindled inter- est in the problem of determining when a given whole number N > 1 is prime or composite. While complex algorithms have been developed to settle this for 200-digit numbers in a matter of minutes with a supercomputer, there is a need for simpler, more practical algorithms for dealing with numbers of a more mod- est size. Such practical tests for primality have recently been given (running in deterministic linear time) in terms of pseudoprimes for certain second- or third- order linear recurrence sequences. Here, a powerful general theory is described to characterize pseudoprimes for higher-order recurrence sequences. This char- acterization leads to a broadening and strengthening of practical primality tests based on such pseudoprimes.
1. Introduction Efficient, practical tests for primality have recently been given in terms of pseudoprimes for certain second- or third-order linear recurrences [1, 5, 11]. The utility of these tests rely on the quickness of the algorithm (deterministic linear time) and the scarceness of pseudoprimes in the test range. In a recent paper [9] I refined and strengthened those pseudoprimes that involved Lucas sequences. Here I wish to extend these results to higher-order sequences. The methods developed will enable one to devise much stronger tests (fewer pseu- doprimes) of comparable efficiency. To begin, I review some of the types of pseudoprimes that have appeared in the literature and mention what is known concerning their distribution. The first pseudoprimes studied [15] were based on Fermat's criterion. Let c be an integer greater than 1. An (ordinary) pseudoprime to base c (or pspc) is a composite number /V, (c, N) = 1, for which c ~ = X (mod N). A strong pseudoprime to base c is an odd composite number N, (c, N) = X, for which either (i) c = -1 (mod N) or (ii) c ' = -1 (mod N) for some r with 0 < r < s, where N - X= d ■2s, d odd. Such kinds of pseudoprimes where shown to be rare, but not too scarce. Pomerance [13] has shown for ordinary or strong pseudoprimes, base c, that
Received February 23, 1989; revised October 2, 1989. 1980 Mathematics Subject Classification (1985 Revision). Primary 11Y11; Secondary 11R37, 11A51, 11B50.
©1990 American Mathematical Society 0025-5718/90 $1.00+ $.25 per page
783
License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 784 S. GURAK
the number of pseudoprimes not exceeding x is bounded above by (1) xexp{-logxlogloglogA:/21oglogx} for all sufficiently large x. For the best lower bounds, see Pomerance's work [14]. Baillie and Wagstaff [5] introduced analogs for ordinary pseudoprimes based on Lucas sequences and obtained similar results concerning their distributions. In [9], I strengthened their characterization of pseudoprimes for those Lucas se- quences which arise from resolvents of certain irreducible polynomials having dihedral Galois group of order 6, 8, or 12. That treatment defined pseudoprimes using sequence signatures and was motivated in part to fully exploit the periodic and recursive properties of the sequences. I indicated there that the techniques employed had a broader application to higher-order linear recurrence sequences than that of strengthening Kurtz, Shanks, and Williams' characterization [11] of pseudoprimes for certain third-order recurrences. It is this far-reaching gen- eralization that I wish to develop here. I shall begin by outlining some preliminary results on matrix subrings in §2 which will be critical later on. In §3,1 will give suitable higher-order analogs for the classical Lucas sequences. Recall that if ß and ß are conjugate irrational roots of p(x) = x + axx + a0, where aQ , ax are integers with ax ^ 0, then the Lucas sequences U and V corresponding to p(x) are given by ß"-T V(2) > Un = P--L-ß_ß (n > 0) and (3) Vn= ß"+T (n>0). Their higher-order analogs provide the basis for characterizing pseudoprimes for higher-order linear recurrences in §4. In the final section, this characterization of pseudoprimes is further strengthened for sequences which arise from resol- vent polynomials. The methods employed rely heavily on the deeper arithmetic properties associated with Lagrange resolvents. For the sake of simplicity, I shall only treat linear recurrences defined over ß. But the theory can be adapted to the more general setting of linear recurrences defined over an arbitrary number field. 2. Some remarks concerning matrices In order to characterize pseudoprimes for higher-order sequences, I will need some elementary results from the theory of matrices over commutative rings. Let R denote a commutative ring with unity 1, and Rx the multiplicative group of invertible elements in R . Let Mm(R) be the ring of square my. m matrices with entries from R, and GLm(R) the group of those matrices M with det(M) in Rx . Consider any monk polynomial p(x) in Z[x] of degree m > 0, say p(x) = x +am_xx +■ -+a0,
License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 785
and associate with it an m x m matrix 0 1 0 0 0 0 1 0 (4) A 0 0 0 1 "0 -ax"1 -a2"2 -a."m-1. considered as an element of Mm(R) in the natural manner. Let MA(R) be the subset of M (R) consisting of those matrices of the form
(x. *J¿ Mx = m-\ _(xx x2 ■■■ xm)A for some x = (x. ,xm) in Rm . It is clear that
Mx= ÎLXiMer
where e¡ denotes the vector of Rm with 1 in the ith component and zeros elsewhere. Since Me = AJ~ (X < j < m) and p(A) = Om, the m x m zero matrix, one has the following Proposition 1. The set MA(R) is a commutative subring of Mm(R) containing the identity matrix Im. Asan R-module, MA(R) is spanned by the powers AJ~ (X (xx+x2ß+-+ xmßm-l)(yx +y2ß + ...+ ymßm~l) = (z. + z2ß + - + zjr m-l,') in Q(ß) with respect to the basis {X, ß, ... , ß,m-l- ~~}. Now consider any linear recurrence sequence W = (Wn) with values in R satisfying the recursion (5) Wn+m + am_xWn+m_x+ ■+a0Wn = 0 (n>0). Write W wx w W, w. w_ det(lf) = det , w w_ w.2m-2-> License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 786 S. GURAK. Proposition 2. Let W0,WX, ... , Wm_x be any values in R. If det(W) g R* then there is a unique matrix C in MA(R) satisfying W W, w, (6) C w.m-\ wm-\ -1 Proof. The matrix equation (6) is equivalent to solving xl% + x2Wl + ... + xmWm_l = W0, XiWm_i+x2Wm + ... + xmW2m_2 = Wm_l for some C = Mx with x G Rm . Since det( W) g Rx by hypothesis, one can use Cramer's rule to find a unique solution x = (xx, ... , xm). a Before concluding this discussion, I would like to make a remark pertain- ing to the computation of any sequence W = (Wm) defined over R and satisfying (5). For the most part one wishes to find m consecutive terms K WrrN> rrN+lW WN . , which amounts to finding the matrix power A since w w, w,N+\ wm-\ w,N+m-\ There is, of course, a standard technique to do this, requiring at most 2 log2 N matrix multiplications, which relies on the binary representation of N. 3. HlGHER-ORDER ANALOGS FOR LUCAS SEQUENCES The Lucas sequences (2), (3) introduced in §1 satisfy fundamental identities found by Lucas. To name two of them, (7) 2^-nn+AtW and (8) 2Un+k = UnVk+ UkVn for n , k > 0, where A = a, - 4a0 is the discriminant of x2 + axx + a0 , a, # 0 [12]. The sequence U is a divisibility sequence; that is, U0 = 0, Ux = X, and if N\UW then N\Uko) for all k > X. In particular, if N is a positive integer prime to a0, there is a least positive integer to for which N\Um . (This value License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMES FOR HIGHER-ORDER LINEAR RECURRENCE SEQUENCES 787 to = co(N) is called the rank of apparition of N in the Lucas sequence U.) When N is prime and N \ 2a0A, it is known that (9) to(N) N - (Á/N) and that rf-l (10) to(N) N to(N) forr>0. The periodicity properties of the sequences U and V are well documented [12, 18]. For a positive integer N with (N, 2a0A) = X, both sequences have a common period n = n(N), modulo N and to(N)\n(N). In addition, the set of values B = BN = {Uk(ü+X\0< k < n/to} forms a multiplicative group (mod N), known as the group of multipliers of U for the modulus N. In fact, BN is cyclic generated by the term Ua)+X(mod N). My purpose here is to introduce higher-order analogs of the Lucas sequences U and V, which will make particularly convenient choices later in characteriz- ing pseudoprimes for higher-order linear recurrences. The sequences introduced possess properties similar to those just mentioned for Lucas sequences. With this goal in mind, I define sequences U = (Un) and V = (Vn) by m-\ ßl ß"m ßm-2 (ID u„ ßl (n>0), X ••• 1 1 (12) Vn = ß\ + - +ßnm (n>0), where the ßi are distinct roots of some monic polynomial (13) p(x) = amx + + axx + aQ, a» = 1. in Z[x] of discriminant A = A(p(x)). Both sequences are integer-valued and satisfy the recursion (14) Wn+m+am-XWn+m-l + +«,*;+1+v*;=o (n > 0). I note that U is a generalized "divisibility" sequence in the sense that U0 = £/, = ••• = Um_2 = 0, Um_x = X, and if /V divides m - X consecutive terms Um> V»+\ « •• • ' C/cU+m-2' then N divides Uku ,Uk(0+x,..., Ukm+m_2 for k > 1. This divisibility property and other similarities with the Lucas sequence (2) were noted by H. Duparc [8]. I shall give a separate, self-contained treatment of some of these similarities here. The divisibility property is an immediate consequence of the following result. Proposition 3. For any to, k > 0, (i) GCD(UW, Ua+X,..., Uœ+m__2)\GCD(Uku),Ukü)+X, ... , Ukw+m_2), License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 788 S. GURAK (») *W«-i = Vm+m_x ■Ulw+m_x (mod GCD(Um, Um+X,..., Um+m_2)) if k = r + s with r, s > 0, and (iü) Ukw+m_x = Ukw+m_x(mod GCD(C/w, t/^,, ... , Uw+m_2)). Proof. I shall first establish that (15) Um+r= Uw+m_x■ Ur (mod GCD(i/w, C/^ , ... , Ua+m_2)) for all r>0. Since both (Ur) and (C/^^) satisfy (14), it suffices to verify that (15) holds for any m consecutive values of r, say 0 < r < m - X. But this is immediate, since U0 = Ux = ■■ ■ = Um_2 = 0, Um_x = X. Now (i) follows easily from (15) using induction on k, as does (iii). To establish (ii), note that for r, s > 0 "rw+m-X = "w+m-l and "sœ+m-l = "co+m-i mod(GCD(Um, C7W+1,... , Uw+m_2))by (iii). Thus, u = uk = ur • us = u ■u kw+m—1 (D+m—1 co+m—l w+m—\ rw+m—l sw+m—l mod(GCD(í7tó, Ua+l, ... , Ua+m_2)) fork = r + s with r, s > 0. If either r or 5 is zero, the result (ii) holds trivially. This completes the proof of the proposition, a The question naturally arises as to whether or not there is a rank of apparition of /V in the sequence U. To settle this, one has Proposition 4. Suppose N is an odd positive integer prime to a0, and that N divides Uk, Uk+X,... , Uk+m_2and U,,U¡+{,..., U¡+m_2for some l,k>0. Then N divides \J},Uj+x,..., Uj+m_2, where j = GCD(/, jfc). Proof. It suffices to show that jV divides U¡_k, U¡_k+X, ... , U¡_k+m_2, as- suming / > k. I assert that if (N, aQ) = X, then Uk+m_x is prime to N. Suppose otherwise, say GCD(A, Uk+m_x) = d > X. Since (d, aQ) = X, we get d\Uk_x from (14). Repeating this argument shows that U is the zero se- quence (mod d). This contradicts the fact that Um_x = 1, so the assertion that (Uk+m_x,N) = X is valid. I now show that N divides U¡_k, Ul_k+X, ... , U¡_k+m_2. Observe that since (Uk+m_i,N) = X, (16) U¡+r^Uk+r.^±m=± (mod TV) for 0 < r < m - X. The congruence (16) actually holds for all r > -k, since both (Ul+r) and (Uk+r) satisfy the recursion (14), and (TV, a0) = X. In particular, we get U,_k , U,_k+X, ... , U¡_k+m_2 = 0 (mod N). D From Proposition 4 it follows that for any /V with (TV, a0) = X, there is a least positive integer to = to(N) for which TVdivides Uu, Uw+X,... , Uœ+m_2. (I shall refer to to(N) as the rank of apparition of TVin the sequence U.) Let t = t(N) be the order of U(i)+m_x(mod TV). (Note from the argument in the License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 789 proof of Proposition 4 above that (TV, Uw+m_x)= X.) It follows from (iii) of Proposition 3 that the set B = BN = {Ukw+m_x (mod N)\ 0 < k < t} is a cyclic multiplicative group modulo TV. Following the classical terminology, we refer to BN as the group of multipliers of U for the modulus TV. The period of U modulo TV, denoted it = n(N), is the product to(N) x r(TV). When p(x) is irreducible, it easily follows from properties of finite fields that for a prime P + A, (17) n(p) o(p) and (18) n(p) Pr Xn(p) for r > 1, where S(p) = LCMplp{pnp)- 1} . Here, the LCM is taken over all ß(/?)-primes p lying above p and f(p) denotes the residue degree of p in Q(ß)/Q. More generally, for any modulus TVwith (a0, TV)= 1, (19) n(N) = LCMn(p p"\\N where p ranges over the distinct prime divisors of TV. For a numerical illustration, consider the polynomial p(x) = x - x - X of discriminant A = -23 . The sequence U satisfies Un+i = Un+X+ Un . The first 29 terms starting with n = 0 are 0,0, 1,0, 1, 1-, 1,2,2, 3,4, 5, 7, 9, 12, 16,21,28, 37, 49, 65, 86, 114, 151, 200, 265, 351, 465, 616, .... The values to(N) and 7t(TV), and the set BN, are tabulated below for TV= 2,3,4,7. N to(N) n(N) B, 2 7 7 {1} 3 13 13 {1} 4 14 14 {1} 7 16 48 {2,4,1} Let us now turn to the companion sequence V in (12), demonstrating certain identities relating V with U, including one which is the analog of (7). Propositions. The sequences U and V satisfy the following identities: rn+k Vn+m—2 vk+m-2 2m -4 m-2 (20) W* (",£>0), License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 790 S. GURAK. (21) Un = EbkVn+k-l (n>0), k=l where V V Vr2m-(k+2) Vy2m-(k+4) m-2 k-l V V V V v (-1) y2m-4 r2m-5 y2m-(k+3) y2m-(k+5) m-3 'm-k+l Vvm-\ V*m-2 Vm-k m-(k+2) r0Vn (X ß'l ß"^m ß\ ßr2 m-2 m-2 nk nm-2 ß ß m A»2 ß2 ßk ßm-2 "m ~ m n+k n+m—2 Vrk+m-2 VV2m-A Vm-2 K m-2 Since m-\ m-l 1 m m-2 m-2 A = 1 1 it follows from (11) that the right-hand side of (20) is UnUkA. Now observe that (21) is just (20) with k = m - X, where the right-hand determinant has been expanded by minors using the top row. It remains to verify (22), but since U and V satisfy the same recursion (14), it is enough to check the identity for 0 < « < m - X. Replacing k by m-k + l in the right-hand side of (22) and then re-indexing yields an equivalent expression m-l £(m - k)am_kUn+m_k_x (n>0). From Newton's identities [7], each term (m - k)a k may be replaced by the License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCESEQUENCES 791 sum EUam-k+jVj (0< k m-l ¿Li I ¿_^am-k+}V}Vn+m-k-l k=0 \j=0 or equivalently, (23) m—k+j n+m—k- upon changing the order of summation. I claim that the inner sum, for 0 < n < m — 1, is just the delta function ôJn (ôjn = 0 for j ^ n and 1 when j = n), so that (23) evaluates to Vn for 0 < n < m - X, thereby proving (22). To verify the assertion, I consider the cases j > n and j < n separately. Case (i):j > n . Here, direct evaluation yields J2k=j am-k+jUn+m-k-l - 0 if j>n or amUm_x = X if j = n . »m-l Case (ii):;' < n. Here, one can enlarge the sum £*=/ am-k+jUn+m-k-i to Ek=r' am-k+jun+m-k-i >since a!1additional terms am_k+jUn+m_k_x :ero. (Note that m < k < m+j- X implies 0 < n-j < n + m-k- X< n-X < m-l here.) But since U satisfies (14), the padded sum, as well as the original, are both zero. G Remark. Identity (20) generalizes the Lucas identity (7), but there seems to be no analog of (8) for higher-order sequences. The question naturally arises as to when V , or for that matter, any integer- valued sequence W satisfying (14) has the same period as U modulo TV. This situation is governed by the following theorem. Theorem 1. Suppose W is an integer-valued sequence satisfying (X4). For any TV relatively prime to aQ and any k > 0, W = tJ W (24) yyko)+r — ^kw+m-l "r (mod TV) (r > 0). Moreover, if also (TV,det(W)) = X, then W has the same period n(N) as U modulo TV. (Here, co = to(N) is the rank of apparition of TVfor the sequence U.) Proof. For any fixed k > 0, to demonstrate (24), it is enough to verify that it holds for 0 < r < m - X, since (Wkw+r) and (Wr) both satisfy (14). Observe that this is automatically true when W = U from the definition of co(N). Thus, the matrix C = Akio satisfies C/„ un (25) C = u,kw+m-l (mod N). U:m-l -I Um-l License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 792 S. GURAK. Aktô But C = Ukw+m_x -Im also satisfies (25), so by Proposition 2, A s UkoJ+m_xIn (mod TV). Thus, wn w„ .kw = u,kw+m—l (mod TV), w.m-l Wm-l -I or equivalently, (24) holds for 0 < r < m - X. Incidentally, the congruence (24) readily implies that the period nw(N) of W modulo TVdivides n(N). Now suppose that TVis prime to det(W), too. Since wn wn i*wW (mod TV) wm-l , w it follows from Proposition 2 that AwK>4*AN) = Im (mod TV). But then, UK {N)+r Ur (mod TV) for 0 < r < m - X, so 7r(TV)divides nw(N). Thus nw(N) n(N). The proof of the theorem is now complete, a 4. PSEUDOPRIMES FOR THE SEQUENCES U AND V In this section I shall characterize pseudoprimes for higher-order linear re- currence sequences. It is convenient to consider the sequence V first; so again, let m-l p(x) = x +a m-l x -\-\-axx + aQ be irreducible in Z[x], as in the previous section, with discriminant A. (The coefficients ai may be rational but are chosen here to be integral to simplify the exposition.) Denote the splitting field of p(x) by L and its Galois group by G = G(L/Q). Let A(L) be the discriminant of L/Q. For a G G, set (26) K,r = T,^ßi)ßri (0 (27) yp+r=Vo,r (m°dp) (0 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 793 There is an equivalent way to express (27) in terms of certain matrices Ca in MA(ka) (a gG) . For a G G, let xg = (xx, ... , xm) be the unique solution of the linear system m (29) ¿2xjßr=o(ßi) (l o,0 v°,i (32) C. v_m-l J L V. a,m—lJ It is also clear from (29) or (31) that the Ca (a G G) are mutually distinct, and that (33) P(Ca) = Cpap for any a, p G G. Now since P+l m-l -> p+m-l it follows from Proposition 2 that (27) is equivalent to the congruence (34) Ap = Ca (modp), where p is the ka -prime lying between p and p . Before introducing the pseudoprimes for the sequence V, I first specify cer- tain sequence signatures. The m-term sequence Va r (0 < r < m - X) in (26) License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 794 S. GURAK shall be referred to as an admissible signature for V corresponding to o. (Ac- tually, r need only run over any fixed set of m consecutive integers in (26) and (27), but I have chosen 0, I, ... , m-l for the sake of simplicity. I relax this requirement later in some of the examples.) The comment concerning con- gruence (27) prompts the following definition. Let TV be any composite with (TV,2a0A) = 1. Call TV a pseudoprime with respect to V, denoted pspK , if the terms VyN' VyN+l Vft+m-i match some admissible signature for V modulo ñ for some L-ideal ñ with ñnZ (TV). Equivalently, TVis a psp^ if (35) VN+r= Var (modn) (0 < r < m - 1) for some a G G and ka -ideal n satisfying nfiZ= (TV). If TV satisfies (35), one says TV is a pspF of type C(o), where C(a) denotes the conjugacy class of G that contains a. Observe that if (35) holds, then for any p G G, VN+r=vPop-\r (mod/>(n)) (0 < r < m - X), where p(n) is an ideal of k -¡ = p(ka). That (35) has equivalents analogous to (28) and (34) is the key in this study of pseudoprimes. Theorem 2. A composite TVwith (TV,2a0A) = 1 satisfies (35) if and only if (36) AN = Ca (mod n) if and only if (37) ß" = °(ßt) (modñ) (l rj,0 (mod n) in ka . Vm-l -I a, m—l Since TV is prime to det(K) = A, it follows from Proposition 2 that A = Ca (mod n). (36) -» (37) : If A" = C (mod n), then from (31) 1 i X ßt ßt ß, ß: = oW (mod ñ) T < /< m) m-l m-l m-l ß'i iß: ß\ for any L-ideal ñ with ñ(~)ka = n. In particular, the congruences (37) hold modulo any such L-ideal ñ. D Theorem 2 has several interesting consequences which will be developed in the remainder of this section. Among the more obvious ones is the following. License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 795 Corollary 1. Any psp„ TVis a psp„ . Proof. Suppose A is a pspK of type C(a). Then from Theorem 2, ßf = (r(ßi) (modñ) (X for some L-ideal ñ with ñnZ = (TV). Thus, ((-l)ma0f = (-l)ma0 (mod TV). Since TVis odd, a^ = a0 (mod TV). D This is an apt time to remark about the distribution of pseudoprimes with respect to V. Let n(x, V) count the number of pspK's less than or equal to x . In view of Corollary 1 one immediately gets an upper bound for n(x, V) from(l). Corollary 2. 7t(x, V) < xexp{-logxlogloglogx/21oglogx} for all sufficiently large x, if \a0\ ¿ X. Virtually nothing else is known about the distribution of the pspK's when m > 2. It is not even known whether there is such a sequence V for which n(x, V) —>oo as x —►oo. (I exclude here certain degenerate sequences which arise when ß is a multiple of a root of unity Ç, say ß = tÇ, with t in Z , or even t a real quadratic unit; cf. [16].) More intriguing is to determine precisely what role the Galois group G plays. One naturally expects pseudoprimes will be rarer when G is larger. But for sequences of identical order m , each with Galois group of order m , how does the structure of G influence the distribution of pseudoprimes, if at all? I give some examples next that demonstrate that pseudoprimes for higher-order sequences are indeed very rare. Unfortunately, the search range (up to 2 ' ) is too narrow, and the examples too few, to shed any light concerning the questions just raised. More comprehensive testing is planned, and the findings will be reported at a later date. I first ought to mention that for a given a G G, there may be composites TVwhich are pspK's of type C(a) for any sequence V in (12) that is defined in terms of the minimal polynomial p(x) for some integral element ß in L, (a0A(p(x)), N) = X, which generates L. Such composites, when they exist, will be called L-Carmichael numbers. In view of Theorem 2, I formally define L-Carmichael numbers as follows: A composite N, (N, A(L)) = 1, is said to be an L-Carmichael number of type C(rj) if for all ß G L, (ß, N) = X and ß integral, (38) ßN' = a(ß) (modñ) for some L-ideal ñ with ñ n Z = (TV). The smallest example is 561 = 3-11-17, which is easily seen to be a Q(v7-13)-Carmichael number of type C(l). Since an L-Carmichael number is clearly a ß-Carmichael or ordinary Car- michael number, it follows [6] that any L-Carmichael number N is odd and License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 796 S. GURAK square-free. An equivalent characterization for L-Carmichael numbers is given next. For any prime p \ A(L), let ((L/Q)/p) denote the Artin class of p in L/Q and f(p) the residue degree of p in L/Q. Given a conjugacy class C of G and any integer v > 0, let C be the conjugacy class consisting of the z/th powers of elements in C. Proposition 6. Let TVbe an odd, square-free composite relatively prime to A(L), and a G G be of order f. Then TV is an L-Carmichael number of type C(a) if and only if for all primes p\N there is an integer v(p), 0 < v(p) < f(p), such that (39) C(a) ç(—)"' and N-pv(p) = 0 (mod pm - X). Proof. (<—) Let p be any prime dividing TV. If (39) holds, then there is an L-prime %$ lying above p with ((L/Q)/%1 )v{-p)= a. In particular, for any integral ß in L, (ß, TV)= 1, (40) ßN = ßp^=o(ß) (mod?îp, since TV-pv(p) = 0 (mod pm - X). Thus, if ñ = UP\NVp , then ßN = o(ß) (mod ñ). Since ñ n Z = (TV), one finds that TVis an L-Carmichael number of type C(o). (—>)Suppose TV is an L-Carmichael number of type C(o) satisfying (38) for some L-ideal ñ, and p a prime dividing TV. Let ?ß be an L-prime ly- ing above p which divides ñ. Since (38) implies that the map z —►zN is an automorphism for the finite field of p elements, it follows that N = pv(p) (mod p^p' - X) for some integer 0 < v(p) < f(p). In particular, ((L/Q)/y)u{p) = a, again from (38). □ For the case of a quadratic field L one immediately has Corollary 3. Let L be a quadratic field and N > X be odd, square-free, and prime to A(L). Then (i) N is an L-Carmichael number of type o= 1 if and only if p -1|TV-1 for each inert p\N and p - X\N - X for each p\N which splits in L; (ii) N is an L-Carmichael number of type a^ X if and only if each p\N is inert and p - X\N-p. Using Corollary3, it is easilychecked that 7,045,248,121 = 821• 1231 -6971 and 24,306,384,961 = 19-53-79-89-3433are ß(v/z23)-Carmichaelnumbers of type C(l). One also has the following lower bound on the number of prime factors of L-Carmichael numbers. Corollary 4. Suppose N is an L-Carmichael number of type C(tr), where ordG a = f. Then N has at least f+2 prime factors. License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCESEQUENCES 797 Proof. For each prime p\N, one has from Proposition 6 that TV = //^ (modpf{p) - X) with 0 < v(p) < f(p) and ((L/Q)/^)v(p) = a for some L- prime P + p - X or N/p > pJ . Taking the product over all prime divisors of TV,one finds Ng~l > TV , where g is the number of prime divisors of TV. Thus g > f + X. o Very little is known concerning the distribution of ordinary Carmichael num- bers, much less L-Carmichael numbers. For a given normal extension L and conjugacy class C of G(L/Q), it is not even known whether there exists an L-Carmichael number of type C. From the remark preceding Proposition 6, an affirmative answer here would immediately imply that there are infinitely many ordinary Carmichael numbers. Example 1. Consider p(x) = x - x - X with roots ßx, ß2, and ß3. Here, L = Q(ßx, \/-23) with G = S3, say, generated by the automorphisms a and t induced by mappings: a: ßx-*ß2 t: ßx^ßx ß2 ^ßj ß2_ ß3 ß3-+ßl ß^ß2 The admissible signatures for the sequence Vn = ß" + ß2 + ß^ (n > 0) with fixed choice r = - X, 0, 1 are as follows: Vyl,r Vfa ,r VrV i ,r Vyx,r_y Vxa ,r_y Vxa1 ■> ,r -1 3 a a ßx ß2 ß} 0 0 0 0 0 0 0 1 2 -1 -1 3/32-2 3/?2-2 3/i2- Here, a and o are conjugate roots of x2 - 3x + 8 . The characterization of pseudoprimes for V in terms of the sequence signatures above can be checked using integer arithmetic modulo N, and is equivalent to that given by Adams and Shanks [1]. Kurtz, Shanks, and Williams [11] showed that n(23i, V) = 10 and tt(50 x 109, F) = 55. Example 2. Consider p(x) =x6 + x5 + 3x4+ 1 lx3 + 44x2 + 36x + 32, which has a root ßx = C31+C31 +C31 +C3i +Í31 ■ Here, L = Q(ßx) is the unique cyclic field of degree six and conductor 3il, so G = Z6 is generated by the automorphism a which is induced by the mapping £31 —>£31 . The admissible signatures for the corresponding sequence V for the fixed choice r = -2, -1, 0, 1,2,3 are License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 798 S. GURAK. as follows: Lr _fZ_, Ll YsLl. _o. -2 -9/8 83/64 145/64 114/64 238/64 -413/64 -1 6 17/8 -45/8 -7/4 -7/4 17/8 0 -1 -1 -1 -1 -1 -1 1 -5 -5 -5 26 -5 -5 2 -25 -25 -25 6 37 37 3 -125 61 61 -32 -1 61 Since G is Abelian, each term VP,r (p G G, -2 < r < 3) lies in ß. Up to 2J.31 , there are only two pspF's; namely 775,368,901 = 373 • 1117 • 1861 and 955,134,181 = 311-1303-2357, both L-Carmichaelof type C(l). Example 3. Next consider p(x) = x6-(49/36)x4-(143/216)x3+x2 + (ll/6)x + 1 with roots so ordered that its Galois group G = S} is generated by the permutations a = (123)(456) and r = (14)(26)(35) as a subgroup of 56. The admissible signatures for the corresponding sequence V with fixed choice r = -2, -1, 0, 1, 2, 3 are as follows: v. V ! K -2 1I(q - l)/6 11(5- I)/6 morl - r2- -1 6 2a 25 49y,/36 49y2/36 49y,/36 0 0 0 0 0 0 0 12 _ 49 49 2(3-/32- 2) 1 18 Î6 2{3yf- 2) 2(3-/22- 2) 2 143a/216 1435/216 lly,/6 Hj-j/6 11)-,/« w 4ûiM - 2) 3 12')t. 15(3?í - 2) where a, 5 satisfy x 2 - 3x + 8 = 0 and yx, y2, and y3 satisfy x 1 -x - 1 = 0. There are only two pspF's< 231, namely, 517,697,641 = 6311 • 82031 and 855,073,301 = 16883• 50647, both of type C(X). Example 4. Consider p(x) = x - 8x + 4 with Galois group S4 , splitting field L and roots 1/2 1/2 1/2 ßx = q. +a2 + a(3 ' 1/2 1/2 1/2 ß2=a a. 03 = 1/2 q21/2 + a31/2 1/2 1/2 + a2 - a}1/2 where the aJ satisfy x -x-1 =0. The automorphisms of L corresponding to the permutations /? = (12)(34) and t = (13)(24) generate the Klein subgroup H of S4 with fixed field Q(ax, \/-23). The admissible signatures for the sequence Vn = ß" + ß" + ß" + ß"A (n > 0), of type C(o) for a G H, with License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 799 fixed choice r = - X, 0, 1,2 are: l,r -1 4 4/q, 4/a2 4/a3 0 0 0 0 0 1 0 8a j 8a2 8a, 2 24 -8 -8 One such pseudoprimefor V is 970,355,431 = 22027-44053 of type C(X). I have not computed the psp^'s up to 2 ', but this may be the only one. So far, I have defined pseudoprimes with respect to the sequence V. Let us consider now any integer-valued sequence W = (Wn) satisfying the same recurrence as V. It follows from (28) and the argument of Theorem 2 that if p is a prime not dividing 2a0A ■A(L), then Ap = Ca (mod $), where fy is any L-prime above p and ((L/ß)/$) = o. In particular, (41) Wyr N+r =— Wyy a ,r (mod$) (0 W(7,0 wn (42) = c_ W.a,m—lJ wm-l The sequence Wg r (0 < r < m - X) is the analogous admissible signature for W corresponding to a. The values Wa r lie in ka , so (41) actually holds in k as before. A composite TV with (TV,2a0A) = 1 is called a pseudoprime with respect to W (or psp^ ) of type C(a) if (43) W,N+r Wn (modn) (0 < r < m - X) for some ka-ideaX n satisfying nflZ = (N). For the sequence U, the admissible sequence signatures are given by A License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 800 S. GURAK Proof. Now A is a r>spw of type C(a) if and only if Wn wCT,0 (45) (mod n) L, wyvm-l wrj, m— 1 for some /cCT-idealn with nflZ = (A). Since N is prime to aüAdzt(W), one finds from (42) and Proposition 2 that (45) is equivalent to (46) A = Ca (mod n). But from the argument of Theorem 2, (46) holds if and only if A is a pspK of type C(a). G 5. Stronger pseudoprimes associated with resolvent sequences Let L/k/Q be any normal tower of finite extensions with Galois groups T = G(L/Q) and H = G(L/k). Suppose x is a linear character of H of order 5 > 1 and K/k the cyclic subextension of L/k fixed by annihilator Ann(^). Fix a primitive 5-root of unity £ . I shall assume that L n Q(Q = Q, so that Q = G(L(Q/Q) consists precisely of the maps for p g F and X< e < s , (e, s) = X, given by (47) py/p \knnx) = ol(p)(Annx) in H/ Ann(x) with 0 < X(p) < 5 . This map is well defined, since H < T. The function X is constant on the cosets of H in F. Now fix a generator 6 for K/k and form the Lagrange resolvents ojp,, = ojp,M = PW + C PaP (pm (48) -i)i/ + ■■•+ £ pas-{p-\p(d)) for integers v > 0 and /? e T. As demonstrated in [10], one may, and I will, assume that the generator 6 for K/k is chosen so that each of the Lagrange resolvents to v ^ 0 for (v , s) = X and p G T. For the sake of simplicity, 8 will be taken to be integral here. Since Lnß(C) = Q, these Lagrange resolvents (48) satisfy for any p, r in F (49) \,eV°f,v) = to.xp,ve ' Also, (50) o>p,v(oe(6)) = C(opv(e) License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCESEQUENCES 801 and (51) ^(0)) = ¿tE'^,.(0) for p gF and any integer e , where the primed sum is over a complete system of reduced residues modulo s . To establish (51), just note, since Lnß(C) = ß and to, <52) ^0) = ¿tE'c from (49). Additional, deeper properties will be needed in characterizing the pseudo- primes. To begin, set for each v > 0 and p G F, (53) ßp{v)= (o>pJ and ypr(v) = copJ(cop J when (r, s) = X. Proposition 7. For fixed v and any t g H and p G F, (54) o)pr^ = CÀcopiy ifr = aÀr' with r' G Ann x- In particular, (55) (ùPx,v=wp,v if i G Annx, (56) ßpr(v)=ßp(i,) ifxGH, (57) JV>)=V» ÉfT€ff. Proo/-. To establish (54), observe that -e(s-l) s-l „^T^ + C >ff(0)+ •■■+ £ "VJ 'Vta '(0) Co<« = ^(ö) + c">^+1(0) +... + r^-1 V+i_1(0). since Ann(x) fixes 0 . The last expression is just co v(a (8)), or Ç" w ^(0) by (50). This yields (54). Formulas (55)-(57) now follow. D It is evident from (49) that the ß (v) are mutually conjugate over ß in L(Q , in fact, in k(Q by (56). If m is the number of distinct conjugates, then the ßp(v) are roots of a minimal polynomial (58)icn\ P(x)i \ = x m +am_xx , m-l +--- , + a0 as in (13). Let /c' be the field generated by ßx(X), and T the subgroup of Q. which fixes /c'. The next series of results leads to a characterization of the subgroup T and to criteria for determining when ßT(u) = ß (p). License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 802 S. GURAK First let /* denote the multiplicative inverse (mod s) for any / relatively prime to 5. Proposition 8. There holds tor v = tox , if and only if x G Ar(Ann/), t(0) = 8, and xax~x = ovx for some x G Ann/ . Proof. To prove the implication -*, first write xax~{ = o x for some x G Ann/ , since H < F. As ordH,A (tot- ) = 5, one has (/, 5) = 1 above. Next, note that if toT v = tox ,, then -j5)E,i"'''»..,= »*■(»). *>«*) =*, or equivalently, T€Ar(Ann/). Thus, <*x,»= License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMES FOR HIGHER-ORDER LINEAR RECURRENCE SEQUENCES 803 Proof. I shall verify the implications (60) -+ (61) —>(62) -» (60) to prove the proposition. (60) - (61): If ßp(p) = ßz(u), then ßr- X, .V , -1 /_ —1 ,1/ ,. V*U I. I —I _ —1 .1/ X (V) =X(i porp x) =/(((T x)x pxp x) , Lß , —I — —I , , Lp. = X(o) X(r prp t) = /((t) . Since H = pHp~x, one has (xPf = (/Y on H. (61) - (62) : If (/")" = (/Y on H, then for any y/ G H X(p~1¥Pf= X(?~V?f• Replacing y/ by §yi<$>~ for any (63) x(P~X (64) ^y^V) _ ff^r(t"V) _ This last condition is equivalent to (62). (62) —>(60) : Suppose now that (62) holds. Then for all (f>GF and y/ G H, p~ (66) T = {4>Tv\x G NT(Annx) and tot- = avx for some x G Ann/}. Thus, |T| = |Ar(Ann/)|, so the index m = [Q:T] = \F\cf>(s)/\T\= [F : Ar(Ann/)] • License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 804 S. GURAK is a complete set of right coset representatives for 7" in fi. Consequently, the linear sequence V given by (68) >; = £'!>»" (»>o) " xetf is integer-valued and satisfies the recursion (69) Wn+m+ am_xWn+m_x + --- + a,Wn = Q (n>0). It has order m dividing [k : Q] ■ " x& = E'E^.rC)^(t'V),-F;>rf/. I wish to give a stronger characterization of pseudoprimes with respect to resolvent sequences, such as V in (68), than was developed in the previous section. To this end, I first establish some properties V satisfies for prime moduli. Let p be a rational prime not dividing 5<20A• A(L) and p any prime in L lying above p. Suppose p is the prime in k lying between p and p, say of residue degree /. From the usual transport of structure properties of the Frobenius map, one finds that the Artin symbol ((K/k)/p(p)) satisfies (71) (^)=aMp]Annx forany^eT, where X is the function (47) corresponding to y/ = ((L/k)/p). Now express q = p = st + r with 0 < r < s and (r, s) = I . By the lemma in [10, p. 425], it follows that for any x, p in F, (72) ßx(v) = oJTJ(toTJ = y^r(u)Cr^lp) (mod p(p)) in k(Q. Taking p = X in (72) and summing, one finds that for 0 < / < m - X, (73) Vt+i=v¥,r,l (mod p) in A:, since, as was previously noted, the Vv r ¡ lie in k . There is an equivalent way to express (73) in terms of matrices C r in MA(k) for y/ G H and X < r < s with (r, s) = X. Let xv r = (x,, ... , xm) License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 805 be the unique solution of the linear system (74) ¿Zxj(ßr(u))J-l = yTr(u)C"I „(T-) (te?, 1 <^<5, (v,s) = X). j=i (As before in (29), one finds that the values Ax are integral, but now in k(Ç).) Applying any automorphism = ,e in Q, to both sides of (49) for any fixed x and v yields, by (49), the equation ¿ZMXjWrW =Vr,ÁveKrveXJx * ) J=l Thus, (f>(x r) also solves (74). Hence, tf>(x r) = xv r from uniqueness, and therefore the x lie in k . Now set (75) C,„ =Mr for y/ G H and 1 < r < s, (r, s) = X. Y ■>' up .r Observe that from (74), 1 1 £(") «*,(») /W (76) C,V, r = yrr("K IßA")m-l U» m-l (re 1 < v < s, (v , s) = 1), so that y/ ,r,0 (77) CV,r , V l.Vm-1 L y ,r,m— 1 Evidently, from (76), the C r (y/ G H, X< r < s, (r, s) = X) are seen to be distinct, and for any y/ G H, p G F, (78) rtCr.r) = CW-.r- It also follows from (76) that 1 /?>) lT("r) /?» (79) Cv, »■ A>)m-l /l>) m-l so (80) ^ (/ , rA - % ' where n = nr is that element of the Galois group G of the polynomial (58) given by mapping each ß (v) to ßT(vr). License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 806 S. GURAK I am ready to give the matrix equivalent of (72). Since V. where p = st + r Vm—\ . V,/-!-**!_ 1 with 1 < r < s, (r, s) = X, it follows from Proposition 2 that (72) is equivalent to the congruence (81) A' = C¥,r (modp). The congruence (72), or its equivalent (81), is the basis upon which to char- acterize stronger pseudoprimes associated with the resolvent sequence V than were given in §3. For this purpose, I shall henceforth assume that k/Q is Abelian, say of conductor F. Then k is a classfield corresponding to some group sé of norm residues defined modulo F . From classfield theory, if ¿% is the full group of reduced residues modulo F , then the residue degree / of the prime p is just the order of p in 3Î /sé . I have required that k/Q be Abelian here to facilitate determining the residue degree of p in k. This can be done also for non-Abelian k/Q, but at the expense of introducing certain auxiliary linear sequences that are helpful in deciding the Artin class of p in k/Q (chiefly, on account of (27)). The sequence (Vvrù, VvrX, ... , V¥f m_x) in (70) will be referred to as an admissible signature for V of type ( y/, r). Suppose A is a composite prime to 2a0AA(L) and to s. Let / be the order of A in 31 ¡sé , and suppose (82) Nf = st + r, l Call A an 5-pseudoprime with respect to V, denoted s- psp^ , if the terms Vt, Vl+X,... , V(+m_x match an admissible sequence signature for V (mod n) in k for some /c-ideal n with n n Z = (N) ; that is, if (83) K+l = Vy,r,l (modn) (0 in k for some yi G H. An 5-pspK N satisfying (83) is said to be of type (V,r). Actually, one may define admissible sequence signatures (V r ¡) using any m fixed consecutive values on / here (and in (70)), not just 0, X, ... , m- I, and then take the corresponding terms (Vl+l) to define 5-pseudoprimes in the same fashion. In the same way, one may let r run through any fixed complete set of reduced residues ( mod s) with the appropriate modifications in the def- initions. I shall take this liberty later in some examples. In addition, I will illustrate how to relax the requirement that k/Q be Abelian, using an auxiliary sequence rather than a congruence condition to decide an appropriate "/" for A in expression (82). License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMES FOR HIGHER-ORDER LINEAR RECURRENCE SEQUENCES 807 Condition (83) defining the 5-pspK's has equivalents analogous to (72) and (81). Namely, Theorem 4. A composite A with (A, 2aQ5A-A(L))= 1 satisfies (83) if and only if (84) A' = C. (mod n), which in turn holds if and only if for all x G F and (v, s) = 1 (85) ßr(v) = yrr(v)CrA{T~l) (modñ) for any k(Q-ideal ñ with ñ n k = n. Proof. I demonstrate that (85) -» (83) -> (84) — (85) to prove the result. (85) -» (83) : This follows immediately from (70). (83) —►(84) : If (83) holds, then, arguing as in the proof of Theorem 2, one has A' = C (mod n), since A is prime to det(F) = A. (84) -» (85) :if A'sC r ( mod n), then from (76), 1 i ßM ß,iy) m-l m-l £>) /?» vrX(x ßxiy) = yx,Á"K (mod ñ) m-l ßr(") for all t € r and (u, s) = X, where ñ is any k(Ç)-ideaXwith ñ n k = n. Thus (85) holds modulo any such k(Ç)-ideal ñ . G Corollary 5. Any 5-psp^ A of type (y/, r) with f = X isa pspK of type nr 1 /? and an ordinary pspc, where c = \a0\ . Proof. Suppose A is an 5-psp,,, of type (y/, r). From Theorem 4, A' = ClV ,r (mod n) for some k-ideaX n with n n Z = (A). Then by (80), (86) A" -Clr,rAr-Cr,r (modn)' so if / = 1, A is a psp^, of type nr. Also from Theorem 4, ßM = »O&rJ - UxX^'l^xJ (modft) for some k(Q-idtaX ñ with ñn/c = n. Hence, "¿J* ) (87) Wx,v = Wx,¿ (mod 91) License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 808 S. GURAK for some L(()-ideal 01 with 9ïn/c(Ç) = ñ. Taking the product in (87) over x gW and 1 < v < s with (v , s) = l, one obtains (8g) (iinO ^iîik, (modín). \ V T / V T I assert that y = fj'^ Yl^ œT v ües in ß and that c = |y|, so that (89) c*' = c (mod A), since A is odd. Hence A is a pspf if / = 1. To prove the assertion that y lies in ß, it is enough to show that any Thus, y lies in Q; in fact, / = \Xv \\^ßz(v) = (-X)maQ, so c = \y\. This completes the proof of the corollary, a From (86) above one immediately has Corollary 6. Any 5-pspK A of type (y/, r) satisfies VNf+l= V%¡ (modn) (0 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 809 Example 5. Consider q(x) = x5 - 75x3 - 375x2 - 625x - 3125/11 with root 0 and splitting field L = Q(ÇX,+ C"1). Here, K = L, k = Q, and F = H is cyclic of order 5 generated, say, by a induced by the action Çxx —>Çn . Taking any nontrivial character / of H, one sees that W = {1} in (68), since Q is Abelian. In addition, the function Xa„(p) = p in (47) for any p G F and 0 < p < s. Using 0/4 in place of 0 to define the Lagrange resolvents (48), one finds from (52) that the conjugates of 0 are just oe(8) = Çeco i. i + C w1 ,2 + C 0)1,3 + Ç CO1,4 (0 < e < 4). The minimal polynomial for ß = cox is p(x) = x4 - 4500x3/l 1 + 92500x2 8696875x + 55 and k! = Q(Q . The admissible signatures for the sequence Vn= ßx(X)"+ßx(2)n+ßx(3)"+ßx(4)n (n >0) with fixed choice / •1,0, 1,2 are as follows: V^1A. i,i,/ 'a,l,I .1,/ .1./ 23/1331 -84/6655 -153/6655 58/6655 64/6655 4 -1 -1 -1 -1 4500/11 -2525/11 4425/11 -4550/11 -1850/11 -2135000 -3679000 12607125 ■11974750 5181625 121 121 121 121 121 / '1,2,1 Vü,l,l .2.1 .2,1 V.2.7 -1 148/73205 -538/73205 449/73205 -601/73205 542/73205 0 15/11 -9/11 2/11 -7/11 -1/11 1 185 60 -40 -65 -140 2 32250/11 338750/11 78500/11 -82125/11 -367375/11 -2,1 -2,1 ,-2.1 ,-2,/ ,-2,l 59/121 -2/121 -10/121 5/121 -52/121 75 -30 -10 -40 5 60300/11 -91825/11 -56825/11 -35075/11 123425/11 100573750 -237157500 -74741875 153435000 259038125 121 121 L2l 121 1,-1,/ "a,-l,l -\.l -I.I Ll -i,; 15/121 5/121 9/121 -19/121 -10/121 30 -10 -5 -5 -10 35875/11 -12900/11 -34425/11 38050/11 -26600/11 -16447625 50381125 ■101612000 103903625 -36225125 121 121 121 121 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 810 S. GURAK Up to 231, there are 16 pseudoprimes for V, all of type (1,1) but one. These 5-pspj/s are listed below. N Factorization Type V, r) 5049001 31-271-601 , 1) 5148001 41-241-521* . 1) 49019851 4951 -9901 . 1) 82929001 281-421-701* . 1) 139952671 131 -571 • 1871* , 1) 216821881 331 -661-991* . 1) 382536001 31 -71 • 151- 1151* . 1) 392099401 29- 139-211-461* . 1) 625482001 241- 1201 -2161* , 1) 652969351 271 -811 -2971* , O 1024966801 12101-84701 , 1) 1098000091 23431-46861 , 1) 1317828601 41 • 181 -311 -571* . 1) 1515785041 331-991 -4621* .1) 1708549501 211- 1741 -4651* , 1) 2487941 911 -2731 , 1) g(i)-Carmichael numbers of type C(l). Example 6. Now consider k = Q(ß, v7—23), where ß satisfies x - x - 1 = 0, and let K = k(ßx/2) with splitting field L. Choose a character / of H which is nontrivial on G(K/k). Fix a in H with /(tr) ± X, and let ô generate Ann/ . Then the subgroup H = G(L/k) < F = S4 is generated by S and a , with 1/2 1/2 1/2 ~ß 1/2 o:ß I ß and o: ß 1 1/2 ~ß 1/2 1/2 1/2 ß> ß ßl 1/2 1/2 1/2 ßr - -ß1/2 ß ~ß for an appropriate ordering of the roots of x - x - 1 with ßx = ß . Using 0 = ß ' ¡2 to define the Lagrange resolvents (48), one finds that to , = p(ßx ) for any p in F. 1 1 Next, fix coset representatives X, p, p , x, xp, xp for H in F, where p:ßx^ß2 and r:ßx^ßx ß2 ^ß, ß2^ ß3 ß^ßx ß)^ß2 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 811 The functions X on F defined by (47) are given in the table below. coset \ y/ X ô a 8a H Ö Ö Î r pH 0 1 1 0 p2H 0 10 1 xH 0 0 1 1 xpH 0 110 xp2H 0 10 1 Now fí = r here, Ar(Ann/) = H UxH, so k1 = Q(ß). The sequence V in (68) is just V = ß" + ß2 + ß" , which was considered in Example 1. The admissible sequences for V of type (y/, X) with fixed choice / = -1, 0, 1 are given below: / Vyl.l.l Vv6.l.t_yo,l,l V VySo,l,l 3 -1 -1 -1 0 2ßx 2ß2 2ß, 2 -2 + 2/J2 -2 + 2ß\ -2 + 2/i Since k/Q is non-Abelian, it will be necessary here to determine an appro- priate choice for / in (82) for composite A in order to define 2-pspF's. A very convenient strategy is to first test whether or not A is a pspK . Given a composite A with (A, 2 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use 812 S. GURAK I would now like to extend the notion of higher-order pseudoprimes to other sequences satisfying the same recursion as V. Let us consider an integer se- quence W = (Wn) satisfying (69). For a prime p not dividing 2 r w.V,r,0 w„ (92) = C. W„.y/ ,r,m-l J L w„' m— 1 ■ in km . Here, // = st + r with 1 < r < s, (r, s) = I as before with y/ = ((L/k)/p). The sequence W ¡ (0 < / < m - X) is the analogous admissible signature for W of type (y/, r). A composite A with (N, 2a0A ■A(L)) = X is called an 5-pseudoprime with respect to W, denoted 5- psp^ , of type (yi, r), if the terms (93) W,+, = W¥.r,l (m0d") (0 'rvi-Ax ) yT>)/W (94) tW,,= £'E re* P'(ßr(")) The characterization of these higher-order pseudoprimes using the sequence U or V is essentially the same. More generally, I note Theorem 5. Suppose W = (Wn) is an integer sequence satisfying (69). For N satisfying (A, 2a0Adet(H/)-A(L)) = 1, A is an 5-psp^ oftype (y/, r) if and only if N is an s- pspK oftype ( xp, r). I omit the proof of Theorem 5, since the argument is essentially the one used in the proof of Theorem 3, except now one uses (84) instead of (36). Bibliography 1. W. Adams and D. Shanks, Strong primality tests that are not sufficient, Math. Comp. 39 (1982), 255-300. 2. W. Adams, Characterizing pseudoprimes for third-order linear recurrences, Math. Comp. 48 (1987), 1-15. 3. E. Artin, Galois theory, 2nd ed., University of Notre Dame, 1946. License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use PSEUDOPRIMESFOR HIGHER-ORDERLINEAR RECURRENCE SEQUENCES 813 4. E. Artin and J. Täte, Classfield theory, Benjamin, New York, 1968. 5. R. Baillie and S. WagstafT,Jr., Lucas pseudoprimes,Math. Comp. 35 (1980), 1390-1417. 6. R. Carmichael, On composite numbers p , which satisfy the Fermât congruence, Amer. Math. Monthly 19(1912), 22-27. 7. L. E. Dickson, Elementary theory of equations, Wiley, New York. 8. H. Duparc, Periodicity properties of recurring sequences. II, Indag. Math. 16 (1954), 473- 485. 9. S. Gurak, Cubic and biquadratic pseudoprimes of Lucas type (to appear). 10. _, On the representation theory for full decomposable forms, J. Number Theory 13(1981), 421-442. 11. G. Kurtz, D. Shanks, and H. C. Williams, Fast primality tests for numbers less than 50-10 , Math. Comp. 46 (1986), 691-701. 12. E. Lucas, Théorie des fonctions numériques simplement périodiques, Amer. J. Math. 1 (1878), 184-240,289-321. 13. C. Pomerance, On the distribution of pseudoprimes, Math. Comp. 37 (1981), 587-593. 14. _, A new lower bound for the pseudoprime counting function, Illinois J. Math. 26 (1982), 4-9. 15. C. Pomerance, J. L. Selfridge, and S. WagstafT,Jr., The pseudoprimes to 25,000,000,000, Math. Comp. 35 (1980), 1003-1026. 16. A. Rotkiewicz, On the pseudoprimes with respect to the Lucas sequence, Bull. Acad. Polon. Sei. Ser. Sei. Math. Astronom. Phys. 21 (1973), 793-797. 17. B. L. van der Waerden, Modern algebra, vols. 1, 2, Ungar, New York, 1949-1950. 18. M. Ward, Arithmetical properties of sequences in finite fields, Ann. of Math. (2) 39 (1938), 210-219. Department of Mathematics and Computer Science, University of San Diego, San Diego, California 92110 License or copyright restrictions may apply to redistribution; see https://www.ams.org/journal-terms-of-use