1 / 20

# Wilson’s Theorem - PowerPoint PPT Presentation

Wilson’s Theorem. Lemma If p is a prime, then the only solutions to x 2  p 1 are those integers x satisfying x  p 1 or x  p -1 Proof: x 2  p 1  x 2 - 1  p 0  (x - 1)(x+1)  p 0  p | (x - 1)(x+1).

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about ' Wilson’s Theorem' - blaine-everett

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

• Lemma If p is a prime, then the only solutions to x2p 1 are those integers x satisfying x p 1 or x p -1

• Proof:

x2p 1 x2-1p 0  (x-1)(x+1) p 0  p | (x-1)(x+1).

p prime and p | (x-1)(x+1)  p | (x-1) or p | (x+1)  x p 1 or x p -1

• Wilson’s TheoremAn integer p > 1 is prime if and only if (p-1)! p -1

• Proof.

Assume p is prime. Notice that if 1 < a < p-1, then a-1 1 and a-1 p-1, because 1 and p-1 are their own inverses mod p. Thus 1 < a-1 < p-1.

We also know that a2  1 by the previous lemma, and thus a-1 a.

Therefore, we may rearrange the product 23   (p-2) into pairs of the form aa-1 and thus the product evaluates to 1 (modulo p). It then follows that (p-1)! p -1.

Now assume p is not prime. If p = 4, then (p-1)! = 3! = 6 4 2  -1. So we may assume p > 4.

Since p is composite, p = ab with 1 < a  b < p. If a = b, then a > 2 since a2 = p > 4. Thus 1 < a < 2a < a2 = p.

But this means that a and 2a appear in the product (p-1)!; since 2aa = 2a2 = 2p p 0, the entire product is congruent to 0 mod p.

We now have a < b < p, so that both a and b appear in the product (p-1)!. Since ab = p, we again have (p-1)! p 0. Thus (p-1)! is not congruent to -1 modulo p.

• Theorem If p is prime and a  p, then ap-1p 1

• Proof

• Given prime p and a  p, we have (am p an)  (m p n)

• Thus no two numbers in the list a, 2a, . . . , (p-1)a are congruent mod p and none of these numbers are congruent to 0 mod p

• Thus {a mod p, 2a mod p, . . . , (p-1)a mod p} = { 1, 2, …, p-1} and hence their products are the same: (a)(2a)((p-1)a) p 12(p-1)

• Rewritten, this becomes ap-1(p-1)! p (p-1)!

• Since p  (p-1)!, it then follows that ap-1 p 1

• Corollary If p is prime and a is any integer, then ap p a

• Proof

• If p divides a, then both ap and a are congruent to 0 mod p and hence are equal.

• If p does not divide a, then a  p.

• It then follows from Fermat’s Little Theorem that ap-1 p 1

• Multiplying both sides of the previous congruence by a, we get ap p a

• It is natural to ask if the converse to the previous corollary is true

• That is, if ann a for all integers a, can one conclude that n is prime?

• The answer is no

• A composite number for which ann a for all integers a is called a Carmichael number.

• Robert Carmichael in 1909 was the first to find such a number

• We will next show that 561 is a Carmichael number

• In fact, it is the smallest such number

• Although they exist, Carmichael numbers are quite rare

• The number 561 equals the product of three primes: 561 = 31117

• Let p be one of the primes 3, 11, 17.

• We wish to show that a561p a for any number a

• First of all, if p | a then both a561 and a are congruent to 0 mod p and hence a561p a.

• Thus we may suppose a  p

• From Fermat’s Little Theorem, we know that ap-1 p 1

• If p = 3, then a561 = a(a560) = a(a2)280 p a(1)280 = a

• If p = 11, then a561 = a(a560) = a(a10)56 p a(1)56 = a

• If p = 17, then a561 = a(a560) = a(a16)35 p a(1)35 = a

• From the above, we have 3 | a561-a, 11 | a561-a and 17 | a561-a

• Elementary properties of primes now says 561 = 31117 | a561-a

• Therefore if n = 561, then an n a for every integer a

• Suppose we want to test to see if a given integer n is prime

• One way is to check each of the integers from 2 to n½ to see if it is a factor; that is, we divide and see if we get a remainder

• For large numbers this is not practical

• For n = 10100, we would have to check up to 1050, which is impractical

• One method to generate a list of primes  n is to write down the numbers from 1 to n

• Then strike out all multiples of 2, then all multiples of 3, then all multiples of 5, …

• The numbers that remain are primes

• This method is called the Sieve of Eratosthenes ( 3rd century B.C.)

• But sieves are not for testing a particular number

• One can take a probabilistic approach, based on the fact that Carmichael numbers are rare

• If n is composite and ann a for some integer a, we say that n is a pseudoprime to the base a.

• Note that a Carmichael number is a pseudoprime to any base

• Recall that we can compute an mod n in log n steps, which is much faster than using n½ steps as we used by checking all possible factors

• Previously we showed that if p is prime, then the only solutions mod p to x2 p 1 are 1 and -1

• We claim that if n is composite, then x2 n 1 has at least four solutions

• To see this, suppose n = rs, with r > 1, s > 1 and r  s

• Look at the following four pairs of congruences:x r 1 & x s 1; x r 1 & x s -1; x r -1 & x s 1; x r -1 & x s -1

• By the Chinese Remainder Theorem, each of the four systems above has a unique solution mod rs. Clearly these solutions are distinct.

• Therefore, x2 n 1 has at least 4 solutions mod n

• Lemma Let n, x and y be integers such that x2n y2 but x is not congruent mod n to either y or –y. Then n is composite and gcd(x-y,n) is a nontrivial factor of n.

• Proof

• Let d = gcd(x-y,n).

• If d = n, then n | (x-y) hence x n y, contradicting our assumptions.

• If d = 1, then n  x-y. Since n | x2-y2 = (x-y)(x+y), we have n | (x+y) which contradicts our assumption that x is not congruent to –y mod n

• Thus 1 < d < n and we have a nontrivial factor of n.

• Factorization and primality testing are not the same!

• It is often easier to prove that an integer is composite than it is to factor it.

• We know: p prime  2p-1 p 1

• We can use this fact to show that 35 is not prime (forgetting the fact that we know it equals 7 time 5)

• 22 35 4, 24 35 16, 28 = 256 35 11, 216 35 121 35 16, 232 35 256 35 11

234 = 23222 35 114 = 44 35 9, which is not congruent to 1 mod 35.

• Let n > 1 be an odd integer. Write n-1 = 2km with m odd.

• Randomly choose a with 1 < a < n-1

• Compute b0 = am (mod n)

• If b0n 1 return ( probably prime )

• Compute b1 = b02 (mod n)

• if b1 n 1 return ( composite, with factor gcd(b0-1,n) )else if b1 n -1 return ( probably prime )

• Compute b2 = b12 (mod n)

• if b2 n 1 return ( composite, with factor gcd(b1-1,n) )else if b2 n -1 return ( probably prime )

• . . .

• If bk-1 is not congruent mod n to -1, return (composite)

• Let n = 561

• Then n-1 = 560 = 1635 = 2435, so k = 4 and m = 35.

• Let a = 2

• b0 561 235 561 263 (See previous slide)

• b1 561 b02 561 166

• b2 561 b12 561 67

• b3 561 b22 561 1

• Since bk-1 = b3 561 1, we conclude that 561 is composite with nontrivial factor gcd(b2-1,561) = gcd(66,561) = 33.

• If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.

• The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.

• If n is composite and a is an integer such that n passes the Miller-Rabin test, we say that n is astrong pseudoprime for the base a.

• The number 561 is a pseudoprime for any base a, but is not a strong pseudoprime. Strong pseudoprimes are extremely rare.

• Up to 1010, there are 455052511 primes, 14884 pseudoprimes for the base 2 and 3291 strong pseudoprimes for the base 2.

• Thus calculating 2n-1 (mod n) will fail to recognize a composite in this range with probability less than 1 in 30,000 and the Miller-Rabin test will fail with probability less than 1 out of 100, 000

• In fact, one can show that Miller-Rabin test with a randomly chosen a will fail to recognize a composite with probability that is at most ¼

• Thus if we repeat the text 10 times, we will fail with probability at most (1/4)10 10-6.

• Also called the Euler totient function

• For any positive integer n, define (n) to be the number of positive integers less than or equal to n that are relatively prime to n

• (1) = 1, (2) = 1, (3) = 2, (4) = 2, (5) = 4, (6) = 2, (7) = 6

• Apparently (p) = p-1 if p is prime

• Is it true that (mn) = (m) (n)?

• Theorem If n = pk for a prime p, then (n) = pk-pk-1 = pk-1(p-1).

• Proof

• There are n = pk integers a in the range 1  a  n.

• The only integers in this range that have a common divisor d with pk such that d > 1 are the multiples of p

• The multiples of p in this range are p, 2p, . . . , pk-1p

• Since there are exactly pk-1 integers a in the range 1  a  n that are not relatively prime to n = pk, there are exactly pk-pk-1 integers of this type that are relatively prime to n = pk

• Thus (pk) = pk-pk-1

• We now examine the calculation of (mn) when m  n

• First we do an example where n = 8 and m = 9

• We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

• We now examine the calculation of (mn) when m  n

• First we do an example where n = 8 and m = 9

• We arrange the integers from 1 to mn = 89 = 72 in an m by n grid:

Next we mark with bold face the entries that are relatively prime to 72

There are two facts that stand out:

1. the selected numbers only appear in columns headed by the integers

that are relatively prime to n = 8: 1, 3, 5, and 7

2. Each of these columns contains exactly (m) entries

This pattern suggests that (mn) = (m)(n) when m  n and is the basis of a proof of this fact. We omit the proof here.

• Product TheoremIf n  m, then (mn) = (m)(n)

• Euler’s Theorem: If a  n, then a(n) n 1

• Corollary to the Product Theorem:If , where the pi’s are distinct primes and each ei > 0, then

Page 175: 2