Wilson s theorem
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Wilson’s Theorem PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on
  • Presentation posted in: General

Wilson’s Theorem. Lemma If p is a prime, then the only solutions to x 2  p 1 are those integers x satisfying x  p 1 or x  p -1 Proof: x 2  p 1  x 2 - 1  p 0  (x - 1)(x+1)  p 0  p | (x - 1)(x+1).

Download Presentation

Wilson’s Theorem

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Wilson s theorem

Wilson’s Theorem

  • Lemma If p is a prime, then the only solutions to x2p 1 are those integers x satisfying x p 1 or x p -1

  • Proof:

    x2p 1 x2-1p 0  (x-1)(x+1) p 0  p | (x-1)(x+1).

    p prime and p | (x-1)(x+1)  p | (x-1) or p | (x+1)  x p 1 or x p -1


Wilson s theorem1

Wilson’s Theorem

  • Wilson’s TheoremAn integer p > 1 is prime if and only if (p-1)! p -1

  • Proof.

    Assume p is prime. Notice that if 1 < a < p-1, then a-1 1 and a-1 p-1, because 1 and p-1 are their own inverses mod p. Thus 1 < a-1 < p-1.

    We also know that a2  1 by the previous lemma, and thus a-1 a.

    Therefore, we may rearrange the product 23   (p-2) into pairs of the form aa-1 and thus the product evaluates to 1 (modulo p). It then follows that (p-1)! p -1.

    Now assume p is not prime. If p = 4, then (p-1)! = 3! = 6 4 2  -1. So we may assume p > 4.

    Since p is composite, p = ab with 1 < a  b < p. If a = b, then a > 2 since a2 = p > 4. Thus 1 < a < 2a < a2 = p.

    But this means that a and 2a appear in the product (p-1)!; since 2aa = 2a2 = 2p p 0, the entire product is congruent to 0 mod p.

    We now have a < b < p, so that both a and b appear in the product (p-1)!. Since ab = p, we again have (p-1)! p 0. Thus (p-1)! is not congruent to -1 modulo p.


Fermat s little theorem

Fermat’s Little Theorem

  • Theorem If p is prime and a  p, then ap-1p 1

  • Proof

  • Given prime p and a  p, we have (am p an)  (m p n)

  • Thus no two numbers in the list a, 2a, . . . , (p-1)a are congruent mod p and none of these numbers are congruent to 0 mod p

  • Thus {a mod p, 2a mod p, . . . , (p-1)a mod p} = { 1, 2, …, p-1} and hence their products are the same: (a)(2a)((p-1)a) p 12(p-1)

  • Rewritten, this becomes ap-1(p-1)! p (p-1)!

  • Since p  (p-1)!, it then follows that ap-1 p 1


Corollary to fermat s little theorem

Corollary to Fermat’s Little Theorem

  • Corollary If p is prime and a is any integer, then ap p a

  • Proof

  • If p divides a, then both ap and a are congruent to 0 mod p and hence are equal.

  • If p does not divide a, then a  p.

  • It then follows from Fermat’s Little Theorem that ap-1 p 1

  • Multiplying both sides of the previous congruence by a, we get ap p a


Carmichael numbers

Carmichael Numbers

  • It is natural to ask if the converse to the previous corollary is true

  • That is, if ann a for all integers a, can one conclude that n is prime?

  • The answer is no

  • A composite number for which ann a for all integers a is called a Carmichael number.

  • Robert Carmichael in 1909 was the first to find such a number

  • We will next show that 561 is a Carmichael number

  • In fact, it is the smallest such number

  • Although they exist, Carmichael numbers are quite rare


The carmichael number 561

The Carmichael Number 561

  • The number 561 equals the product of three primes: 561 = 31117

  • Let p be one of the primes 3, 11, 17.

  • We wish to show that a561p a for any number a

  • First of all, if p | a then both a561 and a are congruent to 0 mod p and hence a561p a.

  • Thus we may suppose a  p

  • From Fermat’s Little Theorem, we know that ap-1 p 1

  • If p = 3, then a561 = a(a560) = a(a2)280 p a(1)280 = a

  • If p = 11, then a561 = a(a560) = a(a10)56 p a(1)56 = a

  • If p = 17, then a561 = a(a560) = a(a16)35 p a(1)35 = a

  • From the above, we have 3 | a561-a, 11 | a561-a and 17 | a561-a

  • Elementary properties of primes now says 561 = 31117 | a561-a

  • Therefore if n = 561, then an n a for every integer a


Testing for primality

Testing for Primality

  • Suppose we want to test to see if a given integer n is prime

  • One way is to check each of the integers from 2 to n½ to see if it is a factor; that is, we divide and see if we get a remainder

  • For large numbers this is not practical

  • For n = 10100, we would have to check up to 1050, which is impractical

  • One method to generate a list of primes  n is to write down the numbers from 1 to n

  • Then strike out all multiples of 2, then all multiples of 3, then all multiples of 5, …

  • The numbers that remain are primes

  • This method is called the Sieve of Eratosthenes ( 3rd century B.C.)

  • But sieves are not for testing a particular number


Testing for primality1

Testing for Primality

  • One can take a probabilistic approach, based on the fact that Carmichael numbers are rare

  • If n is composite and ann a for some integer a, we say that n is a pseudoprime to the base a.

  • Note that a Carmichael number is a pseudoprime to any base

  • Recall that we can compute an mod n in log n steps, which is much faster than using n½ steps as we used by checking all possible factors

  • Previously we showed that if p is prime, then the only solutions mod p to x2 p 1 are 1 and -1

  • We claim that if n is composite, then x2 n 1 has at least four solutions

  • To see this, suppose n = rs, with r > 1, s > 1 and r  s

  • Look at the following four pairs of congruences:x r 1 & x s 1; x r 1 & x s -1; x r -1 & x s 1; x r -1 & x s -1

  • By the Chinese Remainder Theorem, each of the four systems above has a unique solution mod rs. Clearly these solutions are distinct.

  • Therefore, x2 n 1 has at least 4 solutions mod n


Toward a probabilistic primality test

Toward a Probabilistic Primality Test

  • Lemma Let n, x and y be integers such that x2n y2 but x is not congruent mod n to either y or –y. Then n is composite and gcd(x-y,n) is a nontrivial factor of n.

  • Proof

  • Let d = gcd(x-y,n).

  • If d = n, then n | (x-y) hence x n y, contradicting our assumptions.

  • If d = 1, then n  x-y. Since n | x2-y2 = (x-y)(x+y), we have n | (x+y) which contradicts our assumption that x is not congruent to –y mod n

  • Thus 1 < d < n and we have a nontrivial factor of n.


Factorization and primality testing

Factorization and Primality Testing

  • Factorization and primality testing are not the same!

  • It is often easier to prove that an integer is composite than it is to factor it.

  • We know: p prime  2p-1 p 1

  • We can use this fact to show that 35 is not prime (forgetting the fact that we know it equals 7 time 5)

  • 22 35 4, 24 35 16, 28 = 256 35 11, 216 35 121 35 16, 232 35 256 35 11

    234 = 23222 35 114 = 44 35 9, which is not congruent to 1 mod 35.


Miller rabin primality test

Miller-Rabin Primality Test

  • Let n > 1 be an odd integer. Write n-1 = 2km with m odd.

  • Randomly choose a with 1 < a < n-1

  • Compute b0 = am (mod n)

  • If b0n 1 return ( probably prime )

  • Compute b1 = b02 (mod n)

  • if b1 n 1 return ( composite, with factor gcd(b0-1,n) )else if b1 n -1 return ( probably prime )

  • Compute b2 = b12 (mod n)

  • if b2 n 1 return ( composite, with factor gcd(b1-1,n) )else if b2 n -1 return ( probably prime )

  • . . .

  • If bk-1 is not congruent mod n to -1, return (composite)


Example miller rabin primality test

Example: Miller-Rabin Primality Test

  • Let n = 561

  • Then n-1 = 560 = 1635 = 2435, so k = 4 and m = 35.

  • Let a = 2

  • b0 561 235 561 263 (See previous slide)

  • b1 561 b02 561 166

  • b2 561 b12 561 67

  • b3 561 b22 561 1

  • Since bk-1 = b3 561 1, we conclude that 561 is composite with nontrivial factor gcd(b2-1,561) = gcd(66,561) = 33.

  • If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.

  • The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.


Miller rabin primality test1

Miller-Rabin Primality Test

  • If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.

  • The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.

  • Up to 1010, there are 455052511 primes, 14884 pseudoprimes for the base 2 and 3291 strong pseudoprimes for the base 2.

  • Thus calculating 2n-1 (mod n) will fail to recognize a composite in this range with probability less than 1 in 30,000 and the Miller-Rabin test will fail with probability less than 1 out of 100, 000

  • In fact, one can show that Miller-Rabin test with a randomly chosen a will fail to recognize a composite with probability that is at most ¼

  • Thus if we repeat the text 10 times, we will fail with probability at most (1/4)10 10-6.


The euler phi function

The Euler phi function

  • Also called the Euler totient function

  • For any positive integer n, define (n) to be the number of positive integers less than or equal to n that are relatively prime to n

  • (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6

  • Apparently (p) = p-1 if p is prime

  • Is it true that (mn) = (m) (n)?


The euler phi function1

The Euler phi Function

  • Theorem If n = pk for a prime p, then (n) = pk-pk-1 = pk-1(p-1).

  • Proof

  • There are n = pk integers a in the range 1  a  n.

  • The only integers in this range that have a common divisor d with pk such that d > 1 are the multiples of p

  • The multiples of p in this range are p, 2p, . . . , pk-1p

  • Since there are exactly pk-1 integers a in the range 1  a  n that are not relatively prime to n = pk, there are exactly pk-pk-1 integers of this type that are relatively prime to n = pk

  • Thus (pk) = pk-pk-1


Products and euler s phi function

Products and Euler’s phi Function

  • We now examine the calculation of (mn) when m  n

  • First we do an example where n = 8 and m = 9

  • We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:


Products and euler s phi function1

Products and Euler’s phi Function

  • We now examine the calculation of (mn) when m  n

  • First we do an example where n = 8 and m = 9

  • We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

Next we mark with bold face the entries that are relatively prime to 72

There are two facts that stand out:

1. the selected numbers only appear in columns headed by the integers

that are relatively prime to n = 8: 1, 3, 5, and 7

2. Each of these columns contains exactly (m) entries

This pattern suggests that (mn) = (m)(n) when m  n and is the basis of a proof of this fact. We omit the proof here.


Products and the euler phi function

Products and the Euler phi Function

  • Product TheoremIf n  m, then (mn) = (m)(n)

  • Euler’s Theorem: If a  n, then a(n) n 1


Prime powers

Prime Powers

  • Corollary to the Product Theorem:If , where the pi’s are distinct primes and each ei > 0, then


Homework

Homework

Page 175: 2


  • Login