- 125 Views
- Uploaded on
- Presentation posted in: General

Wilson’s Theorem

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

- Lemma If p is a prime, then the only solutions to x2p 1 are those integers x satisfying x p 1 or x p -1
- Proof:
x2p 1 x2-1p 0 (x-1)(x+1) p 0 p | (x-1)(x+1).

p prime and p | (x-1)(x+1) p | (x-1) or p | (x+1) x p 1 or x p -1

- Wilson’s TheoremAn integer p > 1 is prime if and only if (p-1)! p -1
- Proof.
Assume p is prime. Notice that if 1 < a < p-1, then a-1 1 and a-1 p-1, because 1 and p-1 are their own inverses mod p. Thus 1 < a-1 < p-1.

We also know that a2 1 by the previous lemma, and thus a-1 a.

Therefore, we may rearrange the product 23 (p-2) into pairs of the form aa-1 and thus the product evaluates to 1 (modulo p). It then follows that (p-1)! p -1.

Now assume p is not prime. If p = 4, then (p-1)! = 3! = 6 4 2 -1. So we may assume p > 4.

Since p is composite, p = ab with 1 < a b < p. If a = b, then a > 2 since a2 = p > 4. Thus 1 < a < 2a < a2 = p.

But this means that a and 2a appear in the product (p-1)!; since 2aa = 2a2 = 2p p 0, the entire product is congruent to 0 mod p.

We now have a < b < p, so that both a and b appear in the product (p-1)!. Since ab = p, we again have (p-1)! p 0. Thus (p-1)! is not congruent to -1 modulo p.

- Theorem If p is prime and a p, then ap-1p 1
- Proof
- Given prime p and a p, we have (am p an) (m p n)
- Thus no two numbers in the list a, 2a, . . . , (p-1)a are congruent mod p and none of these numbers are congruent to 0 mod p
- Thus {a mod p, 2a mod p, . . . , (p-1)a mod p} = { 1, 2, …, p-1} and hence their products are the same: (a)(2a)((p-1)a) p 12(p-1)
- Rewritten, this becomes ap-1(p-1)! p (p-1)!
- Since p (p-1)!, it then follows that ap-1 p 1

- Corollary If p is prime and a is any integer, then ap p a
- Proof
- If p divides a, then both ap and a are congruent to 0 mod p and hence are equal.
- If p does not divide a, then a p.
- It then follows from Fermat’s Little Theorem that ap-1 p 1
- Multiplying both sides of the previous congruence by a, we get ap p a

- It is natural to ask if the converse to the previous corollary is true
- That is, if ann a for all integers a, can one conclude that n is prime?
- The answer is no
- A composite number for which ann a for all integers a is called a Carmichael number.
- Robert Carmichael in 1909 was the first to find such a number
- We will next show that 561 is a Carmichael number
- In fact, it is the smallest such number
- Although they exist, Carmichael numbers are quite rare

- The number 561 equals the product of three primes: 561 = 31117
- Let p be one of the primes 3, 11, 17.
- We wish to show that a561p a for any number a
- First of all, if p | a then both a561 and a are congruent to 0 mod p and hence a561p a.
- Thus we may suppose a p
- From Fermat’s Little Theorem, we know that ap-1 p 1
- If p = 3, then a561 = a(a560) = a(a2)280 p a(1)280 = a
- If p = 11, then a561 = a(a560) = a(a10)56 p a(1)56 = a
- If p = 17, then a561 = a(a560) = a(a16)35 p a(1)35 = a
- From the above, we have 3 | a561-a, 11 | a561-a and 17 | a561-a
- Elementary properties of primes now says 561 = 31117 | a561-a
- Therefore if n = 561, then an n a for every integer a

- Suppose we want to test to see if a given integer n is prime
- One way is to check each of the integers from 2 to n½ to see if it is a factor; that is, we divide and see if we get a remainder
- For large numbers this is not practical
- For n = 10100, we would have to check up to 1050, which is impractical
- One method to generate a list of primes n is to write down the numbers from 1 to n
- Then strike out all multiples of 2, then all multiples of 3, then all multiples of 5, …
- The numbers that remain are primes
- This method is called the Sieve of Eratosthenes ( 3rd century B.C.)
- But sieves are not for testing a particular number

- One can take a probabilistic approach, based on the fact that Carmichael numbers are rare
- If n is composite and ann a for some integer a, we say that n is a pseudoprime to the base a.
- Note that a Carmichael number is a pseudoprime to any base
- Recall that we can compute an mod n in log n steps, which is much faster than using n½ steps as we used by checking all possible factors
- Previously we showed that if p is prime, then the only solutions mod p to x2 p 1 are 1 and -1
- We claim that if n is composite, then x2 n 1 has at least four solutions
- To see this, suppose n = rs, with r > 1, s > 1 and r s
- Look at the following four pairs of congruences:x r 1 & x s 1; x r 1 & x s -1; x r -1 & x s 1; x r -1 & x s -1
- By the Chinese Remainder Theorem, each of the four systems above has a unique solution mod rs. Clearly these solutions are distinct.
- Therefore, x2 n 1 has at least 4 solutions mod n

- Lemma Let n, x and y be integers such that x2n y2 but x is not congruent mod n to either y or –y. Then n is composite and gcd(x-y,n) is a nontrivial factor of n.
- Proof
- Let d = gcd(x-y,n).
- If d = n, then n | (x-y) hence x n y, contradicting our assumptions.
- If d = 1, then n x-y. Since n | x2-y2 = (x-y)(x+y), we have n | (x+y) which contradicts our assumption that x is not congruent to –y mod n
- Thus 1 < d < n and we have a nontrivial factor of n.

- Factorization and primality testing are not the same!
- It is often easier to prove that an integer is composite than it is to factor it.
- We know: p prime 2p-1 p 1
- We can use this fact to show that 35 is not prime (forgetting the fact that we know it equals 7 time 5)
- 22 35 4, 24 35 16, 28 = 256 35 11, 216 35 121 35 16, 232 35 256 35 11
234 = 23222 35 114 = 44 35 9, which is not congruent to 1 mod 35.

- Let n > 1 be an odd integer. Write n-1 = 2km with m odd.
- Randomly choose a with 1 < a < n-1
- Compute b0 = am (mod n)
- If b0n 1 return ( probably prime )
- Compute b1 = b02 (mod n)
- if b1 n 1 return ( composite, with factor gcd(b0-1,n) )else if b1 n -1 return ( probably prime )
- Compute b2 = b12 (mod n)
- if b2 n 1 return ( composite, with factor gcd(b1-1,n) )else if b2 n -1 return ( probably prime )
- . . .
- If bk-1 is not congruent mod n to -1, return (composite)

- Let n = 561
- Then n-1 = 560 = 1635 = 2435, so k = 4 and m = 35.
- Let a = 2
- b0 561 235 561 263 (See previous slide)
- b1 561 b02 561 166
- b2 561 b12 561 67
- b3 561 b22 561 1
- Since bk-1 = b3 561 1, we conclude that 561 is composite with nontrivial factor gcd(b2-1,561) = gcd(66,561) = 33.
- If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.
- The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.

- If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.
- The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.
- Up to 1010, there are 455052511 primes, 14884 pseudoprimes for the base 2 and 3291 strong pseudoprimes for the base 2.
- Thus calculating 2n-1 (mod n) will fail to recognize a composite in this range with probability less than 1 in 30,000 and the Miller-Rabin test will fail with probability less than 1 out of 100, 000
- In fact, one can show that Miller-Rabin test with a randomly chosen a will fail to recognize a composite with probability that is at most ¼
- Thus if we repeat the text 10 times, we will fail with probability at most (1/4)10 10-6.

- Also called the Euler totient function
- For any positive integer n, define (n) to be the number of positive integers less than or equal to n that are relatively prime to n
- (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6
- Apparently (p) = p-1 if p is prime
- Is it true that (mn) = (m) (n)?

- Theorem If n = pk for a prime p, then (n) = pk-pk-1 = pk-1(p-1).
- Proof
- There are n = pk integers a in the range 1 a n.
- The only integers in this range that have a common divisor d with pk such that d > 1 are the multiples of p
- The multiples of p in this range are p, 2p, . . . , pk-1p
- Since there are exactly pk-1 integers a in the range 1 a n that are not relatively prime to n = pk, there are exactly pk-pk-1 integers of this type that are relatively prime to n = pk
- Thus (pk) = pk-pk-1

- We now examine the calculation of (mn) when m n
- First we do an example where n = 8 and m = 9
- We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

- We now examine the calculation of (mn) when m n
- First we do an example where n = 8 and m = 9
- We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

Next we mark with bold face the entries that are relatively prime to 72

There are two facts that stand out:

1. the selected numbers only appear in columns headed by the integers

that are relatively prime to n = 8: 1, 3, 5, and 7

2. Each of these columns contains exactly (m) entries

This pattern suggests that (mn) = (m)(n) when m n and is the basis of a proof of this fact. We omit the proof here.

- Product TheoremIf n m, then (mn) = (m)(n)
- Euler’s Theorem: If a n, then a(n) n 1

- Corollary to the Product Theorem:If , where the pi’s are distinct primes and each ei > 0, then

Page 175: 2