Revision as of 02:13, 9 September 2023 editCatttte (talk | contribs)Extended confirmed users594 editsm oops,,Tag: 2017 wikitext editor← Previous edit | Latest revision as of 19:19, 20 August 2024 edit undoMacrakis (talk | contribs)Autopatrolled, Extended confirmed users, Pending changes reviewers, Rollbackers53,769 edits concisionTag: Visual edit | ||
(23 intermediate revisions by 14 users not shown) | |||
Line 1: | Line 1: | ||
{{ |
{{Short description|A prime p divides a^p–a for any integer a}} | ||
{{For|other theorems named after Pierre de Fermat|Fermat's theorem}} | {{For|other theorems named after Pierre de Fermat|Fermat's theorem}} | ||
'''Fermat's little theorem''' states that if {{mvar|p}} is a ], then for any ] {{mvar|a}}, the number {{math|''a''<sup>''p''</sup> − ''a''}} is an integer multiple of {{Mvar|p}}. In the notation of ], this is expressed as | In ], '''Fermat's little theorem''' states that if {{mvar|p}} is a ], then for any ] {{mvar|a}}, the number {{math|''a''<sup>''p''</sup> − ''a''}} is an integer multiple of {{Mvar|p}}. In the notation of ], this is expressed as | ||
<math display="block">a^p \equiv a \pmod p.</math> | |||
For example, if {{math|''a'' {{=}} 2}} and {{math|''p'' {{=}} 7}}, then {{math|2<sup>7</sup> {{=}} 128}}, and {{math|128 − 2 {{=}} 126 {{=}} 7 × 18}} is an integer multiple of {{math|7}}. | For example, if {{math|''a'' {{=}} 2}} and {{math|''p'' {{=}} 7}}, then {{math|2<sup>7</sup> {{=}} 128}}, and {{math|128 − 2 {{=}} 126 {{=}} 7 × 18}} is an integer multiple of {{math|7}}. | ||
If {{mvar|a}} is not divisible by {{mvar|p}}, that is, if {{mvar|a}} is ] to {{mvar|p}}, Fermat's little theorem is equivalent to the statement that {{math|''a''<sup>''p'' − 1</sup> − 1}} is an integer multiple of {{mvar|p}}, or in symbols:<ref>{{harvnb|Long|1972|pages=87–88}}.</ref><ref>{{harvnb|Pettofrezzo|Byrkit|1970|pages=110–111}}.</ref> | If {{mvar|a}} is not divisible by {{mvar|p}}, that is, if {{mvar|a}} is ] to {{mvar|p}}, then Fermat's little theorem is equivalent to the statement that {{math|''a''<sup>''p'' − 1</sup> − 1}} is an integer multiple of {{mvar|p}}, or in symbols:<ref>{{harvnb|Long|1972|pages=87–88}}.</ref><ref>{{harvnb|Pettofrezzo|Byrkit|1970|pages=110–111}}.</ref> | ||
<math display="block">a^{p-1} \equiv 1 \pmod p.</math> | |||
For example, if {{math|''a'' {{=}} 2}} and {{math|''p'' {{=}} 7}}, then {{math|2<sup>6</sup> {{=}} 64}}, and {{math|64 − 1 {{=}} 63 {{=}} 7 × 9}} is |
For example, if {{math|''a'' {{=}} 2}} and {{math|''p'' {{=}} 7}}, then {{math|2<sup>6</sup> {{=}} 64}}, and {{math|64 − 1 {{=}} 63 {{=}} 7 × 9}} is a multiple of {{math|7}}. | ||
Fermat's little theorem is the basis for the ] and is one of the fundamental results of ]. The theorem is named after ], who stated it in 1640. It is called the "little theorem" to distinguish it from ].<ref name=Burton>{{harvnb|Burton|2011|page=514}}.</ref> | Fermat's little theorem is the basis for the ] and is one of the fundamental results of ]. The theorem is named after ], who stated it in 1640. It is called the "little theorem" to distinguish it from ].<ref name=Burton>{{harvnb|Burton|2011|page=514}}.</ref> | ||
== History == | == History == | ||
] | ] | ||
Pierre de Fermat first stated the theorem in a letter dated October 18, 1640, to his friend and confidant ]. His formulation is equivalent to the following:<ref name=Burton /> | |||
<blockquote>If {{mvar|p}} is a prime and {{mvar|a}} is any integer not divisible by {{mvar|p}}, then {{math|''a''<sup> ''p'' − 1</sup> − 1}} is divisible by {{mvar|p}}. | <blockquote>If {{mvar|p}} is a prime and {{mvar|a}} is any integer not divisible by {{mvar|p}}, then {{math|''a''<sup> ''p'' − 1</sup> − 1}} is divisible by {{mvar|p}}. | ||
Line 32: | Line 32: | ||
<blockquote>(And this proposition is generally true for all series and for all prime numbers; I would send you a demonstration of it, if I did not fear going on for too long.)<ref>{{harvnb|Mahoney|1994|page=295}} for the English translation</ref></blockquote> | <blockquote>(And this proposition is generally true for all series and for all prime numbers; I would send you a demonstration of it, if I did not fear going on for too long.)<ref>{{harvnb|Mahoney|1994|page=295}} for the English translation</ref></blockquote> | ||
] provided the first published proof in 1736, in a paper titled "Theorematum Quorundam ad Numeros Primos Spectantium Demonstratio" in the ''Proceedings'' of the St. Petersburg Academy,<ref>{{cite journal |last1=Euler |first1=Leonhard |title=Theorematum quorundam ad numeros primos spectantium demonstratio |journal=Commentarii Academiae Scientiarum Imperialis Petropolitanae (Memoirs of the Imperial Academy of Sciences in St. Petersburg)|date=1736 |volume=8 |pages=141–146 |url=https://www.biodiversitylibrary.org/item/38573#page/167/mode/1up |trans-title=Proof of certain theorems relating to prime numbers |language=Latin}}</ref><ref>{{harvnb|Ore|1988|page=273}}</ref> but ] had given virtually the same proof in an unpublished manuscript from sometime before 1683.<ref name=Burton /> | ] provided the first published proof in 1736, in a paper titled "Theorematum Quorundam ad Numeros Primos Spectantium Demonstratio" (in English: "Demonstration of Certain Theorems Concerning Prime Numbers") in the ''Proceedings'' of the St. Petersburg Academy,<ref>{{cite journal |last1=Euler |first1=Leonhard |title=Theorematum quorundam ad numeros primos spectantium demonstratio |journal=Commentarii Academiae Scientiarum Imperialis Petropolitanae (Memoirs of the Imperial Academy of Sciences in St. Petersburg)|date=1736 |volume=8 |pages=141–146 |url=https://www.biodiversitylibrary.org/item/38573#page/167/mode/1up |trans-title=Proof of certain theorems relating to prime numbers |language=Latin}}</ref><ref>{{harvnb|Ore|1988|page=273}}</ref> but ] had given virtually the same proof in an unpublished manuscript from sometime before 1683.<ref name=Burton /> | ||
The term "Fermat's little theorem" was probably first used in print in 1913 in ''Zahlentheorie'' by ]:<ref>{{cite book |last1=Hensel |first1=Kurt |title=Zahlentheorie |trans-title=Number Theory |date=1913 |publisher=G. J. Göschen |location=Berlin and Leipzig, Germany |page=103 |url=https://books.google.com/books?id=SbhUAAAAYAAJ&pg=PA103 |language=German}}</ref> | The term "Fermat's little theorem" was probably first used in print in 1913 in ''Zahlentheorie'' by ]:<ref>{{cite book |last1=Hensel |first1=Kurt |title=Zahlentheorie |trans-title=Number Theory |date=1913 |publisher=G. J. Göschen |location=Berlin and Leipzig, Germany |page=103 |url=https://books.google.com/books?id=SbhUAAAAYAAJ&pg=PA103 |language=German}}</ref> | ||
Line 44: | Line 44: | ||
=== Further history === | === Further history === | ||
{{main|Chinese hypothesis}} | {{main|Chinese hypothesis}} | ||
Some mathematicians independently made the related hypothesis (sometimes incorrectly called the Chinese |
Some mathematicians independently made the related hypothesis (sometimes incorrectly called the Chinese hypothesis) that {{math|2<sup>''p''</sup> ≡ 2 (mod ''p'')}} if and only if {{mvar|p}} is prime. Indeed, the "if" part is true, and it is a special case of Fermat's little theorem. However, the "only if" part is false: For example, {{math|2<sup>341</sup> ≡ 2 (mod 341)}}, but 341 = 11 × 31 is a ] to base 2. See ]. | ||
== Proofs == | == Proofs == | ||
{{main|Proofs of Fermat's little theorem}} | {{main|Proofs of Fermat's little theorem}} | ||
Several proofs of Fermat's little theorem are known. It is frequently proved as a corollary of ]. | Several proofs of Fermat's little theorem are known. It is frequently proved as a ] of ]. | ||
== Generalizations == | == Generalizations == | ||
] is a generalization of Fermat's little theorem: |
] is a generalization of Fermat's little theorem: For any ] {{mvar|n}} and any integer {{mvar|a}} coprime to {{mvar|n}}, one has | ||
<math display="block">a^{\varphi (n)} \equiv 1 \pmod n,</math> | |||
where {{math|''φ''(''n'')}} denotes ] (which counts the integers from 1 to {{mvar|n}} that are coprime to {{mvar|n}}). Fermat's little theorem is indeed a special case, because if {{mvar|n}} is a prime number, then {{math|1=''φ''(''n'') = ''n'' − 1}}. | where {{math|''φ''(''n'')}} denotes ] (which counts the integers from 1 to {{mvar|n}} that are coprime to {{mvar|n}}). Fermat's little theorem is indeed a special case, because if {{mvar|n}} is a prime number, then {{math|1=''φ''(''n'') = ''n'' − 1}}. | ||
A corollary of Euler's theorem is: |
A corollary of Euler's theorem is: For every positive integer {{mvar|n}}, if the integer {{mvar|a}} is ] with {{mvar|n}}, then | ||
<math display="block">x \equiv y \pmod{\varphi(n)}\quad\text{implies}\quad a^x \equiv a^y \pmod n, </math> | |||
for any integers {{mvar|x}} and {{mvar|y}}. | for any integers {{mvar|x}} and {{mvar|y}}. | ||
This follows from Euler's theorem, since, if <math>x \equiv y \pmod{\varphi(n)}</math>, then {{math|1=''x'' = ''y'' + ''kφ''(''n'')}} for some integer {{mvar|k}}, and one has | This follows from Euler's theorem, since, if <math>x \equiv y \pmod{\varphi(n)}</math>, then {{math|1=''x'' = ''y'' + ''kφ''(''n'')}} for some integer {{mvar|k}}, and one has | ||
<math display="block">a^x = a^{y + \varphi(n)k} = a^y (a^{\varphi(n)})^k \equiv a^y 1^k \equiv a^y \pmod n.</math> | |||
If {{mvar|n}} is prime, this is also a corollary of Fermat's little theorem. This is widely used in ], because this allows reducing ] with large exponents to exponents smaller than {{mvar|n}}. | If {{mvar|n}} is prime, this is also a corollary of Fermat's little theorem. This is widely used in ], because this allows reducing ] with large exponents to exponents smaller than {{mvar|n}}. | ||
Euler's theorem is used with {{mvar|n}} not prime in ], specifically in the ], typically in the following way:<ref>{{citation|first1=Wade|last1=Trappe|first2=Lawrence C.|last2=Washington|title=Introduction to Cryptography with Coding Theory|year=2002|publisher=Prentice-Hall|isbn=978-0-13-061814-6|page=78}}</ref> if | Euler's theorem is used with {{mvar|n}} not prime in ], specifically in the ], typically in the following way:<ref>{{citation|first1=Wade|last1=Trappe|first2=Lawrence C.|last2=Washington|title=Introduction to Cryptography with Coding Theory|year=2002|publisher=Prentice-Hall|isbn=978-0-13-061814-6|page=78}}</ref> if | ||
<math display="block">y=x^e\pmod n,</math> | |||
retrieving {{mvar|x}} from the values of {{mvar|y}}, {{mvar|e}} and {{mvar|n}} is easy if one knows {{math|''φ''(''n'')}}.<ref>If {{mvar|y}} is not coprime with {{mvar|n}}, Euler's theorem does not work, but this case is sufficiently rare for not being considered. In fact, if it occurred by chance, this would provide an easy factorization of {{mvar|n}}, and thus break the considered instance of RSA.</ref> In fact, the ] allows computing the ] of {{mvar|e}} modulo {{math|''φ''(''n'')}}, that is the integer {{mvar|f}} such that |
retrieving {{mvar|x}} from the values of {{mvar|y}}, {{mvar|e}} and {{mvar|n}} is easy if one knows {{math|''φ''(''n'')}}.<ref>If {{mvar|y}} is not coprime with {{mvar|n}}, Euler's theorem does not work, but this case is sufficiently rare for not being considered. In fact, if it occurred by chance, this would provide an easy factorization of {{mvar|n}}, and thus break the considered instance of RSA.</ref> In fact, the ] allows computing the ] of {{mvar|e}} modulo {{math|''φ''(''n'')}}, that is, the integer {{mvar|f}} such that | ||
<math display="block">ef\equiv 1\pmod{\varphi(n)}.</math> | |||
It follows that | |||
<math display="block">x\equiv x^{ef}\equiv (x^e)^f \equiv y^f \pmod n.</math> | |||
On the other hand, if {{math|1=''n'' = ''pq''}} is the product of two distinct prime numbers, then {{math|1=''φ''(''n'') = (''p'' − 1)(''q'' − 1)}}. In this case, finding {{mvar|f}} from {{mvar|n}} and {{mvar|e}} is as difficult as computing {{math|''φ''(''n'')}} (this has not been proven, but no algorithm is known for computing {{mvar|f}} without knowing {{math|''φ''(''n'')}}). Knowing only {{mvar|n}}, the computation of {{math|''φ''(''n'')}} has essentially the same difficulty as the factorization of {{mvar|n}}, since {{math|1=''φ''(''n'') = (''p'' − 1)(''q'' − 1)}}, and conversely, the factors {{mvar|p}} and {{mvar|q}} are the (integer) solutions of the equation {{math|''x''{{sup|2}} – (''n'' − ''φ''(''n'') + 1) ''x'' + ''n'' {{=}} 0}}. | On the other hand, if {{math|1=''n'' = ''pq''}} is the product of two distinct prime numbers, then {{math|1=''φ''(''n'') = (''p'' − 1)(''q'' − 1)}}. In this case, finding {{mvar|f}} from {{mvar|n}} and {{mvar|e}} is as difficult as computing {{math|''φ''(''n'')}} (this has not been proven, but no algorithm is known for computing {{mvar|f}} without knowing {{math|''φ''(''n'')}}). Knowing only {{mvar|n}}, the computation of {{math|''φ''(''n'')}} has essentially the same difficulty as the factorization of {{mvar|n}}, since {{math|1=''φ''(''n'') = (''p'' − 1)(''q'' − 1)}}, and conversely, the factors {{mvar|p}} and {{mvar|q}} are the (integer) solutions of the equation {{math|''x''{{sup|2}} – (''n'' − ''φ''(''n'') + 1) ''x'' + ''n'' {{=}} 0}}. | ||
The basic idea of RSA cryptosystem is thus: |
The basic idea of RSA cryptosystem is thus: If a message {{mvar|x}} is encrypted as {{math|1=''y'' = ''x<sup>e</sup>'' (mod ''n'')}}, using public values of {{mvar|n}} and {{mvar|e}}, then, with the current knowledge, it cannot be decrypted without finding the (secret) factors {{mvar|p}} and {{mvar|q}} of {{mvar|n}}. | ||
Fermat's little theorem is also related to the ] and ], as well as to ]. | Fermat's little theorem is also related to the ] and ], as well as to ]. | ||
== Converse == | == Converse{{Anchor|Lehmer's theorem}} == | ||
The ] of Fermat's little theorem |
The ] of Fermat's little theorem fails for ]s. However, a slightly weaker variant of the converse is '''Lehmer's theorem''': | ||
If there exists an integer {{mvar|a}} such that | If there exists an integer {{mvar|a}} such that | ||
<math display="block"> a^{p-1}\equiv 1\pmod p </math> | |||
and for all primes {{mvar|q}} dividing {{math|''p'' − 1}} one has | and for all primes {{mvar|q}} dividing {{math|''p'' − 1}} one has | ||
<math display="block"> a^{(p-1)/q}\not\equiv 1\pmod p, </math> | |||
then {{mvar|p}} is prime. | then {{mvar|p}} is prime. | ||
This theorem forms the basis for the ], an important ], and Pratt's ]. | This theorem forms the basis for the ], an important ], and Pratt's ]. | ||
== Pseudoprimes == | == Pseudoprimes == | ||
{{main|Pseudoprime}} | {{main|Pseudoprime}} | ||
If {{mvar|a}} and {{mvar|p}} are coprime numbers such that {{math|''a''<sup>''p''−1</sup> − 1}} is divisible by {{mvar|p}}, then {{mvar|p}} need not be prime. If it is not, then {{mvar|p}} is called a ''(Fermat) pseudoprime'' to base {{mvar|a}}. The first pseudoprime to base 2 was found in 1820 by ]: 341 = 11 × 31.<ref>{{Cite OEIS|A128311|Remainder upon division of 2<sup>''n''−1</sup>−1 by ''n''.}}</ref><ref>{{cite journal |first=Frédéric |last=Sarrus |author-link=Pierre Frédéric Sarrus |title=Démonstration de la fausseté du théorème énoncé á la page 320 du IXe volume de ce recueil |trans-title=Demonstration of the falsity of the theorem stated on page 320 of the 9th volume of this collection |journal=Annales de Mathématiques Pures et Appliquées |volume=10 |date=1819–1820 |pages=184–187 |language=fr |url=http://www.numdam.org/item?id=AMPA_1819-1820__10__184_0}}</ref> | If {{mvar|a}} and {{mvar|p}} are coprime numbers such that {{math|''a''<sup>''p''−1</sup> − 1}} is divisible by {{mvar|p}}, then {{mvar|p}} need not be prime. If it is not, then {{mvar|p}} is called a ''(Fermat) pseudoprime'' to base {{mvar|a}}. The first pseudoprime to base 2 was found in 1820 by ]: 341 = 11 × 31.<ref>{{Cite OEIS|A128311|Remainder upon division of 2<sup>''n''−1</sup>−1 by ''n''.}}</ref><ref>{{cite journal |first=Frédéric |last=Sarrus |author-link=Pierre Frédéric Sarrus |title=Démonstration de la fausseté du théorème énoncé á la page 320 du IXe volume de ce recueil |trans-title=Demonstration of the falsity of the theorem stated on page 320 of the 9th volume of this collection |journal=Annales de Mathématiques Pures et Appliquées |volume=10 |date=1819–1820 |pages=184–187 |language=fr |url=http://www.numdam.org/item?id=AMPA_1819-1820__10__184_0}}</ref> | ||
A number {{mvar|p}} that is a Fermat pseudoprime to base {{mvar|a}} for every number {{mvar|a}} coprime to {{mvar|p}} is called a ] |
A number {{mvar|p}} that is a Fermat pseudoprime to base {{mvar|a}} for every number {{mvar|a}} coprime to {{mvar|p}} is called a ]. Alternately, any number {{mvar|p}} satisfying the equality | ||
<math display="block">\gcd\left(p, \sum_{a=1}^{p-1} a^{p-1}\right)=1</math> | |||
is either a prime or a Carmichael number. | is either a prime or a Carmichael number. | ||
Line 103: | Line 104: | ||
Note that {{math|''a''<sup>''d''</sup> ≡ 1 (mod ''p'')}} holds trivially for {{math|''a'' ≡ 1 (mod ''p'')}}, because the congruence relation is ]. And {{math|1=''a''<sup>''d''</sup> = ''a''<sup>2<sup>0</sup>''d''</sup> ≡ −1 (mod ''p'')}} holds trivially for {{math|''a'' ≡ −1 (mod ''p'')}} since {{mvar|d}} is odd, for the same reason. That is why one usually chooses a random {{mvar|a}} in the interval {{math|1 < ''a'' < ''p'' − 1}}. | Note that {{math|''a''<sup>''d''</sup> ≡ 1 (mod ''p'')}} holds trivially for {{math|''a'' ≡ 1 (mod ''p'')}}, because the congruence relation is ]. And {{math|1=''a''<sup>''d''</sup> = ''a''<sup>2<sup>0</sup>''d''</sup> ≡ −1 (mod ''p'')}} holds trivially for {{math|''a'' ≡ −1 (mod ''p'')}} since {{mvar|d}} is odd, for the same reason. That is why one usually chooses a random {{mvar|a}} in the interval {{math|1 < ''a'' < ''p'' − 1}}. | ||
The Miller–Rabin test uses this property in the following way: given an odd integer {{mvar|p}} for which primality has to be tested, write {{math|1=''p'' − 1 = 2<sup>''s''</sup>''d''}} with {{math|s > 0}} and {{mvar|d}} odd > 0, and choose a random {{mvar|a}} such that {{math|1 < ''a'' < ''p'' − 1}}; then compute {{math|1=''b'' = ''a''<sup>''d''</sup> mod ''p''}}; if {{mvar|b}} is not 1 nor −1, then square it repeatedly modulo {{mvar|p}} until you get −1 or have squared {{math|''s'' − 1}} times. If {{math|''b'' ≠ 1}} and −1 has not been obtained by squaring, then {{mvar|p}} is a ] and {{mvar|a}} is a ] for the compositeness of {{mvar|p}}. Otherwise, {{mvar|p}} is a ''strong ] to base a'' |
The Miller–Rabin test uses this property in the following way: given an odd integer {{mvar|p}} for which primality has to be tested, write {{math|1=''p'' − 1 = 2<sup>''s''</sup>''d''}} with {{math|s > 0}} and {{mvar|d}} odd > 0, and choose a random {{mvar|a}} such that {{math|1 < ''a'' < ''p'' − 1}}; then compute {{math|1=''b'' = ''a''<sup>''d''</sup> mod ''p''}}; if {{mvar|b}} is not 1 nor −1, then square it repeatedly modulo {{mvar|p}} until you get −1 or have squared {{math|''s'' − 1}} times. If {{math|''b'' ≠ 1}} and −1 has not been obtained by squaring, then {{mvar|p}} is a ] and {{mvar|a}} is a ] for the compositeness of {{mvar|p}}. Otherwise, {{mvar|p}} is a ''strong ] to base a''; that is, it may be prime or not. If {{mvar|p}} is composite, the probability that the test declares it a strong probable prime anyway is at most {{frac|1|4}}, in which case {{mvar|p}} is a '']'', and {{mvar|a}} is a ''strong liar''. Therefore after {{mvar|k}} non-conclusive random tests, the probability that {{mvar|p}} is composite is at most 4<sup>−''k''</sup>, and may thus be made as low as desired by increasing {{mvar|k}}. | ||
In summary, the test either proves that a number is composite |
In summary, the test either proves that a number is composite or asserts that it is prime with a probability of error that may be chosen as low as desired. The test is very simple to implement and computationally more efficient than all known deterministic tests. Therefore, it is generally used before starting a proof of primality. | ||
== See also == | == See also == | ||
Line 144: | Line 145: | ||
{{Portal bar|Mathematics}} | {{Portal bar|Mathematics}} | ||
{{Pierre de Fermat}} | {{Pierre de Fermat}} | ||
{{Authority control}} | |||
{{DEFAULTSORT:Fermat's Little Theorem}} | {{DEFAULTSORT:Fermat's Little Theorem}} |
Latest revision as of 19:19, 20 August 2024
A prime p divides a^p–a for any integer a For other theorems named after Pierre de Fermat, see Fermat's theorem.In number theory, Fermat's little theorem states that if p is a prime number, then for any integer a, the number a − a is an integer multiple of p. In the notation of modular arithmetic, this is expressed as
For example, if a = 2 and p = 7, then 2 = 128, and 128 − 2 = 126 = 7 × 18 is an integer multiple of 7.
If a is not divisible by p, that is, if a is coprime to p, then Fermat's little theorem is equivalent to the statement that a − 1 is an integer multiple of p, or in symbols:
For example, if a = 2 and p = 7, then 2 = 64, and 64 − 1 = 63 = 7 × 9 is a multiple of 7.
Fermat's little theorem is the basis for the Fermat primality test and is one of the fundamental results of elementary number theory. The theorem is named after Pierre de Fermat, who stated it in 1640. It is called the "little theorem" to distinguish it from Fermat's Last Theorem.
History
Pierre de Fermat first stated the theorem in a letter dated October 18, 1640, to his friend and confidant Frénicle de Bessy. His formulation is equivalent to the following:
If p is a prime and a is any integer not divisible by p, then a − 1 is divisible by p.
Fermat's original statement was
Tout nombre premier mesure infailliblement une des puissances de quelque progression que ce soit, et l'exposant de la dite puissance est sous-multiple du nombre premier donné ; et, après qu'on a trouvé la première puissance qui satisfait à la question, toutes celles dont les exposants sont multiples de l'exposant de la première satisfont tout de même à la question.
This may be translated, with explanations and formulas added in brackets for easier understanding, as:
Every prime number divides necessarily one of the powers minus one of any progression , and the exponent of this power divides the given prime minus one . After one has found the first power that satisfies the question, all those whose exponents are multiples of the exponent of the first one satisfy similarly the question .
Fermat did not consider the case where a is a multiple of p nor prove his assertion, only stating:
Et cette proposition est généralement vraie en toutes progressions et en tous nombres premiers; de quoi je vous envoierois la démonstration, si je n'appréhendois d'être trop long.
(And this proposition is generally true for all series and for all prime numbers; I would send you a demonstration of it, if I did not fear going on for too long.)
Euler provided the first published proof in 1736, in a paper titled "Theorematum Quorundam ad Numeros Primos Spectantium Demonstratio" (in English: "Demonstration of Certain Theorems Concerning Prime Numbers") in the Proceedings of the St. Petersburg Academy, but Leibniz had given virtually the same proof in an unpublished manuscript from sometime before 1683.
The term "Fermat's little theorem" was probably first used in print in 1913 in Zahlentheorie by Kurt Hensel:
Für jede endliche Gruppe besteht nun ein Fundamentalsatz, welcher der kleine Fermatsche Satz genannt zu werden pflegt, weil ein ganz spezieller Teil desselben zuerst von Fermat bewiesen worden ist.
(There is a fundamental theorem holding in every finite group, usually called Fermat's little theorem because Fermat was the first to have proved a very special part of it.)
An early use in English occurs in A.A. Albert's Modern Higher Algebra (1937), which refers to "the so-called 'little' Fermat theorem" on page 206.
Further history
Main article: Chinese hypothesisSome mathematicians independently made the related hypothesis (sometimes incorrectly called the Chinese hypothesis) that 2 ≡ 2 (mod p) if and only if p is prime. Indeed, the "if" part is true, and it is a special case of Fermat's little theorem. However, the "only if" part is false: For example, 2 ≡ 2 (mod 341), but 341 = 11 × 31 is a pseudoprime to base 2. See below.
Proofs
Main article: Proofs of Fermat's little theoremSeveral proofs of Fermat's little theorem are known. It is frequently proved as a corollary of Euler's theorem.
Generalizations
Euler's theorem is a generalization of Fermat's little theorem: For any modulus n and any integer a coprime to n, one has
where φ(n) denotes Euler's totient function (which counts the integers from 1 to n that are coprime to n). Fermat's little theorem is indeed a special case, because if n is a prime number, then φ(n) = n − 1.
A corollary of Euler's theorem is: For every positive integer n, if the integer a is coprime with n, then for any integers x and y. This follows from Euler's theorem, since, if , then x = y + kφ(n) for some integer k, and one has
If n is prime, this is also a corollary of Fermat's little theorem. This is widely used in modular arithmetic, because this allows reducing modular exponentiation with large exponents to exponents smaller than n.
Euler's theorem is used with n not prime in public-key cryptography, specifically in the RSA cryptosystem, typically in the following way: if retrieving x from the values of y, e and n is easy if one knows φ(n). In fact, the extended Euclidean algorithm allows computing the modular inverse of e modulo φ(n), that is, the integer f such that It follows that
On the other hand, if n = pq is the product of two distinct prime numbers, then φ(n) = (p − 1)(q − 1). In this case, finding f from n and e is as difficult as computing φ(n) (this has not been proven, but no algorithm is known for computing f without knowing φ(n)). Knowing only n, the computation of φ(n) has essentially the same difficulty as the factorization of n, since φ(n) = (p − 1)(q − 1), and conversely, the factors p and q are the (integer) solutions of the equation x – (n − φ(n) + 1) x + n = 0.
The basic idea of RSA cryptosystem is thus: If a message x is encrypted as y = x (mod n), using public values of n and e, then, with the current knowledge, it cannot be decrypted without finding the (secret) factors p and q of n.
Fermat's little theorem is also related to the Carmichael function and Carmichael's theorem, as well as to Lagrange's theorem in group theory.
Converse
The converse of Fermat's little theorem fails for Carmichael numbers. However, a slightly weaker variant of the converse is Lehmer's theorem:
If there exists an integer a such that and for all primes q dividing p − 1 one has then p is prime.
This theorem forms the basis for the Lucas primality test, an important primality test, and Pratt's primality certificate.
Pseudoprimes
Main article: PseudoprimeIf a and p are coprime numbers such that a − 1 is divisible by p, then p need not be prime. If it is not, then p is called a (Fermat) pseudoprime to base a. The first pseudoprime to base 2 was found in 1820 by Pierre Frédéric Sarrus: 341 = 11 × 31.
A number p that is a Fermat pseudoprime to base a for every number a coprime to p is called a Carmichael number. Alternately, any number p satisfying the equality is either a prime or a Carmichael number.
Miller–Rabin primality test
The Miller–Rabin primality test uses the following extension of Fermat's little theorem:
If p is an odd prime and p − 1 = 2d with s > 0 and d odd > 0, then for every a coprime to p, either a ≡ 1 (mod p) or there exists r such that 0 ≤ r < s and a ≡ −1 (mod p).
This result may be deduced from Fermat's little theorem by the fact that, if p is an odd prime, then the integers modulo p form a finite field, in which 1 modulo p has exactly two square roots, 1 and −1 modulo p.
Note that a ≡ 1 (mod p) holds trivially for a ≡ 1 (mod p), because the congruence relation is compatible with exponentiation. And a = a ≡ −1 (mod p) holds trivially for a ≡ −1 (mod p) since d is odd, for the same reason. That is why one usually chooses a random a in the interval 1 < a < p − 1.
The Miller–Rabin test uses this property in the following way: given an odd integer p for which primality has to be tested, write p − 1 = 2d with s > 0 and d odd > 0, and choose a random a such that 1 < a < p − 1; then compute b = a mod p; if b is not 1 nor −1, then square it repeatedly modulo p until you get −1 or have squared s − 1 times. If b ≠ 1 and −1 has not been obtained by squaring, then p is a composite and a is a witness for the compositeness of p. Otherwise, p is a strong probable prime to base a; that is, it may be prime or not. If p is composite, the probability that the test declares it a strong probable prime anyway is at most 1⁄4, in which case p is a strong pseudoprime, and a is a strong liar. Therefore after k non-conclusive random tests, the probability that p is composite is at most 4, and may thus be made as low as desired by increasing k.
In summary, the test either proves that a number is composite or asserts that it is prime with a probability of error that may be chosen as low as desired. The test is very simple to implement and computationally more efficient than all known deterministic tests. Therefore, it is generally used before starting a proof of primality.
See also
- Fermat quotient
- Frobenius endomorphism
- p-derivation
- Fractions with prime denominators: numbers with behavior relating to Fermat's little theorem
- RSA
- Table of congruences
- Modular multiplicative inverse
Notes
- Long 1972, pp. 87–88.
- Pettofrezzo & Byrkit 1970, pp. 110–111.
- ^ Burton 2011, p. 514.
- Fermat, Pierre (1894), Tannery, P.; Henry, C. (eds.), Oeuvres de Fermat. Tome 2: Correspondance, Paris: Gauthier-Villars, pp. 206–212 (in French)
- Mahoney 1994, p. 295 for the English translation
- Euler, Leonhard (1736). "Theorematum quorundam ad numeros primos spectantium demonstratio" [Proof of certain theorems relating to prime numbers]. Commentarii Academiae Scientiarum Imperialis Petropolitanae (Memoirs of the Imperial Academy of Sciences in St. Petersburg) (in Latin). 8: 141–146.
- Ore 1988, p. 273
- Hensel, Kurt (1913). Zahlentheorie [Number Theory] (in German). Berlin and Leipzig, Germany: G. J. Göschen. p. 103.
- Albert 2015, p. 206
- Trappe, Wade; Washington, Lawrence C. (2002), Introduction to Cryptography with Coding Theory, Prentice-Hall, p. 78, ISBN 978-0-13-061814-6
- If y is not coprime with n, Euler's theorem does not work, but this case is sufficiently rare for not being considered. In fact, if it occurred by chance, this would provide an easy factorization of n, and thus break the considered instance of RSA.
- Sloane, N. J. A. (ed.). "Sequence A128311 (Remainder upon division of 2−1 by n.)". The On-Line Encyclopedia of Integer Sequences. OEIS Foundation.
- Sarrus, Frédéric (1819–1820). "Démonstration de la fausseté du théorème énoncé á la page 320 du IXe volume de ce recueil" [Demonstration of the falsity of the theorem stated on page 320 of the 9th volume of this collection]. Annales de Mathématiques Pures et Appliquées (in French). 10: 184–187.
- Rempe-Gillen, Lasse; Waldecker, Rebecca (2013-12-11). "4.5.1. Lemma (Roots of unity modulo a prime)". Primality Testing for Beginners. American Mathematical Soc. ISBN 9780821898833.
References
- Albert, A. Adrian (2015) , Modern higher algebra, Cambridge University Press, ISBN 978-1-107-54462-8
- Burton, David M. (2011), The History of Mathematics / An Introduction (7th ed.), McGraw-Hill, ISBN 978-0-07-338315-6
- Long, Calvin T. (1972), Elementary Introduction to Number Theory (2nd ed.), Lexington: D. C. Heath and Company, LCCN 77171950
- Mahoney, Michael Sean (1994), The Mathematical Career of Pierre de Fermat, 1601–1665 (2nd ed.), Princeton University Press, ISBN 978-0-691-03666-3
- Ore, Oystein (1988) , Number Theory and Its History, Dover, ISBN 978-0-486-65620-5
- Pettofrezzo, Anthony J.; Byrkit, Donald R. (1970), Elements of Number Theory, Englewood Cliffs: Prentice Hall, LCCN 71081766
Further reading
- Paulo Ribenboim (1995). The New Book of Prime Number Records (3rd ed.). New York: Springer-Verlag. ISBN 0-387-94457-5. pp. 22–25, 49.
External links
- Media related to Fermat's little theorem at Wikimedia Commons
- János Bolyai and the pseudoprimes (in Hungarian)
- Fermat's Little Theorem at cut-the-knot
- Euler Function and Theorem at cut-the-knot
- Fermat's Little Theorem and Sophie's Proof
- "Fermat's little theorem", Encyclopedia of Mathematics, EMS Press, 2001
- Weisstein, Eric W. "Fermat's Little Theorem". MathWorld.
- Weisstein, Eric W. "Fermat's Little Theorem Converse". MathWorld.
Pierre de Fermat | |
---|---|
Work | |
Related |
|