Misplaced Pages

Fermat primality test

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Probabilistic primality test For the test for determining whether a Fermat number is prime, see Pépin's test.

The Fermat primality test is a probabilistic test to determine whether a number is a probable prime.

Concept

Fermat's little theorem states that if p is prime and a is not divisible by p, then

a p 1 1 ( mod p ) . {\displaystyle a^{p-1}\equiv 1{\pmod {p}}.}

If one wants to test whether p is prime, then we can pick random integers a not divisible by p and see whether the congruence holds. If it does not hold for a value of a, then p is composite. This congruence is unlikely to hold for a random a if p is composite. Therefore, if the equality does hold for one or more values of a, then we say that p is probably prime.

However, note that the above congruence holds trivially for a 1 ( mod p ) {\displaystyle a\equiv 1{\pmod {p}}} , because the congruence relation is compatible with exponentiation. It also holds trivially for a 1 ( mod p ) {\displaystyle a\equiv -1{\pmod {p}}} if p is odd, for the same reason. That is why one usually chooses a random a in the interval 1 < a < p 1 {\displaystyle 1<a<p-1} .

Any a such that

a n 1 1 ( mod n ) {\displaystyle a^{n-1}\equiv 1{\pmod {n}}}

when n is composite is known as a Fermat liar. In this case n is called Fermat pseudoprime to base a.

If we do pick an a such that

a n 1 1 ( mod n ) {\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}}

then a is known as a Fermat witness for the compositeness of n.

Example

Suppose we wish to determine whether n = 221 is prime. Randomly pick 1 < a < 220, say a = 38. We check the above congruence and find that it holds:

a n 1 = 38 220 1 ( mod 221 ) . {\displaystyle a^{n-1}=38^{220}\equiv 1{\pmod {221}}.}

Either 221 is prime, or 38 is a Fermat liar, so we take another a, say 24:

a n 1 = 24 220 81 1 ( mod 221 ) . {\displaystyle a^{n-1}=24^{220}\equiv 81\not \equiv 1{\pmod {221}}.}

So 221 is composite and 38 was indeed a Fermat liar. Furthermore, 24 is a Fermat witness for the compositeness of 221.

Algorithm

The algorithm can be written as follows:

Inputs: n: a value to test for primality, n>3; k: a parameter that determines the number of times to test for primality
Output: composite if n is composite, otherwise probably prime
Repeat k times:
Pick a randomly in the range
If a n 1 1 ( mod n ) {\displaystyle a^{n-1}\not \equiv 1{\pmod {n}}} , then return composite
If composite is never returned: return probably prime

The a values 1 and n-1 are not used as the equality holds for all n and all odd n respectively, hence testing them adds no value.

Complexity

Using fast algorithms for modular exponentiation and multiprecision multiplication, the running time of this algorithm is O(k logn log log n) = Õ(k logn), where k is the number of times we test a random a, and n is the value we want to test for primality; see Miller–Rabin primality test for details.

Flaw

There are infinitely many Fermat pseudoprimes to any given basis a > 1. Even worse, there are infinitely many Carmichael numbers. These are numbers n {\displaystyle n} for which all values of a {\displaystyle a} with gcd ( a , n ) = 1 {\displaystyle \operatorname {gcd} (a,n)=1} are Fermat liars. For these numbers, repeated application of the Fermat primality test performs the same as a simple random search for factors. While Carmichael numbers are substantially rarer than prime numbers (Erdös' upper bound for the number of Carmichael numbers is lower than the prime number function n/log(n)) there are enough of them that Fermat's primality test is not often used in the above form. Instead, other more powerful extensions of the Fermat test, such as Baillie–PSW, Miller–Rabin, and Solovay–Strassen are more commonly used.

In general, if n {\displaystyle n} is a composite number that is not a Carmichael number, then at least half of all

a ( Z / n Z ) {\displaystyle a\in (\mathbb {Z} /n\mathbb {Z} )^{*}} (i.e. gcd ( a , n ) = 1 {\displaystyle \operatorname {gcd} (a,n)=1} )

are Fermat witnesses. For proof of this, let a {\displaystyle a} be a Fermat witness and a 1 {\displaystyle a_{1}} , a 2 {\displaystyle a_{2}} , ..., a s {\displaystyle a_{s}} be Fermat liars. Then

( a a i ) n 1 a n 1 a i n 1 a n 1 1 ( mod n ) {\displaystyle (a\cdot a_{i})^{n-1}\equiv a^{n-1}\cdot a_{i}^{n-1}\equiv a^{n-1}\not \equiv 1{\pmod {n}}}

and so all a a i {\displaystyle a\cdot a_{i}} for i = 1 , 2 , . . . , s {\displaystyle i=1,2,...,s} are Fermat witnesses.

Applications

As mentioned above, most applications use a Miller–Rabin or Baillie–PSW test for primality. Sometimes a Fermat test (along with some trial division by small primes) is performed first to improve performance. GMP since version 3.0 uses a base-210 Fermat test after trial division and before running Miller–Rabin tests. Libgcrypt uses a similar process with base 2 for the Fermat test, but OpenSSL does not.

In practice with most big number libraries such as GMP, the Fermat test is not noticeably faster than a Miller–Rabin test, and can be slower for many inputs.

As an exception, OpenPFGW uses only the Fermat test for probable prime testing. The program is typically used with multi-thousand digit inputs with a goal of maximum speed with very large inputs. Another well known program that relies only on the Fermat test is PGP where it is only used for testing of self-generated large random values (an open source counterpart, GNU Privacy Guard, uses a Fermat pretest followed by Miller–Rabin tests).

References

  1. ^ Carl Pomerance; John L. Selfridge; Samuel S. Wagstaff, Jr. (July 1980). "The pseudoprimes to 25·10" (PDF). Mathematics of Computation. 35 (151): 1003–1026. doi:10.1090/S0025-5718-1980-0572872-7. JSTOR 2006210.
  2. Alford, W. R.; Granville, Andrew; Pomerance, Carl (1994). "There are Infinitely Many Carmichael Numbers" (PDF). Annals of Mathematics. 140 (3): 703–722. doi:10.2307/2118576. JSTOR 2118576.
  3. Paul Erdős (1956). "On pseudoprimes and Carmichael numbers". Publ. Math. Debrecen. 4: 201–206. MR 0079031.
  4. Joe Hurd (2003), Verification of the Miller–Rabin Probabilistic Primality Test, p. 2, CiteSeerX 10.1.1.105.3196


Pierre de Fermat
Work
Related
Number-theoretic algorithms
Primality tests
Prime-generating
Integer factorization
Multiplication
Euclidean division
Discrete logarithm
Greatest common divisor
Modular square root
Other algorithms
  • Italics indicate that algorithm is for numbers of special forms
Categories: