A primality proving algorithm using a theorem of Lucas

In this post we discuss a theorem that can be used as a primality test that actually proves primality rather than just giving strong evidence for primality. The theorem is originally due to Lucas in 1891. The version we discuss here is proved by Lehmer [1]. The primality test using the theorem is a limited one since the test requires that n-1 must be completely factored if n is the number being tested. Though a limited test, this is a useful test in situations where n-1 has small prime factors or the factorization of n-1 is known in advance (e.g. factorial primes and primorial primes).

___________________________________________________________________

The theorem

Theorem 1 (Lucas)
Let n be a positive integer. Then n is prime if and only if there exists some integer a such that

  • \displaystyle a^{n-1} \equiv 1 \ (\text{mod} \ n),
  • \displaystyle a^{\frac{n-1}{r}} \not \equiv 1 \ (\text{mod} \ n) for all prime factor r of n-1.

The function \phi is Euler’s phi function. If n is a prime number, \phi(n)=n-1. The following lemma shows that the converse is true. The lemma is used in proving Theorem 1.

Lemma 2
If \phi(n)=n-1, then n is prime.

Proof of Lemma 2
By definition \phi(n) is the number of integers t where 1<t<n such that \text{GCD}(t,n)=1, i.e., t and n are relatively prime. First of all, \phi(n) \le n-1. Suppose n is composite. Then there is some t where 1<t<n such that t is a divisor of n. Clearly \text{GCD}(t,n)>1. It follows that \phi(n)<n-1. Therefore if If \phi(n)=n-1, then n must be prime. \blacksquare

Proof of Theorem 1
It is well known that for any prime number n, there exists a primitive root modulo n (see here). A primitive root modulo n is a number a such that a^{\phi(n)} \equiv 1 \ (\text{mod} \ n) but a^{j} \not \equiv 1 \ (\text{mod} \ n) for all 1<j<\phi(n). In other words, \phi(n) is the least exponent such that a^{\phi(n)} \equiv 1 \ (\text{mod} \ n). Let n be a prime number. Then \phi(n)=n-1. By the point that is just stated, there exists an a that is a primitive root modulo n. This primitive root a would satisfy a^{n-1} \equiv 1 \ (\text{mod} \ n) and a^{\frac{n-1}{r}} \not \equiv 1 \ (\text{mod} \ n) for any prime divisor r of n-1.

Now suppose that there exists an a such that a^{n-1} \equiv 1 \ (\text{mod} \ n) and a^{\frac{n-1}{r}} \not \equiv 1 \ (\text{mod} \ n) for any prime divisor r of n-1. Let k be the least positive integer such that a^{k} \equiv 1 \ (\text{mod} \ n). The number k is said to be the order of a modulo n.

We claim that k=n-1. From the assumption that a^{n-1} \equiv 1 \ (\text{mod} \ n), we have k \lvert (n-1). Thus k \le n-1. Suppose that k<n-1. Then \frac{n-1}{k} is an integer that is greater than 1. Let r be a prime factor of \frac{n-1}{k}. Set \frac{n-1}{k}=r \cdot t for some integer t. Then a^{\frac{n-1}{r}} \equiv a^{kt} \equiv (a^k)^t \equiv 1 \ (\text{mod} \ n), contradicting the assumption stated above. Thus k=n-1.

On the other hand, a^{\phi(n)} \equiv 1 \ (\text{mod} \ n) always holds (see here). Since k is least, we have k=n-1 \le \phi(n). It is always the case that \phi(n) \le n-1. Thus we have established that \phi(n)=n-1. By Lemma 2, n is prime. \blacksquare

Remark
The above proof shows that n is prime from the existence of a such that a^{n-1} \equiv 1 \ (\text{mod} \ n) and a^{\frac{n-1}{r}} \not \equiv 1 \ (\text{mod} \ n) for any prime divisor r of n-1. The proof also shows that \phi(n) is the least number such that a^{\phi(n)} \equiv 1 \ (\text{mod} \ n). That is, the number a is a primitive root modulo n. Whenever n is proved prime by finding such an a, keep in mind that the task of primality proving using this theorem is essentially the task of finding a primitive root.

___________________________________________________________________

The primality test from the theorem

Theorem 1 can be fashioned into a primality test, or rather a primality proving algorithm. The key requirement to proving n is prime is that n-1 must be completely factored. Because of this obstacle, the primality test is a limited one. The following are some of the cases for which Lucas’s theorem is suitable as a proof for the primality of n.

  • All prime factors of n-1 are small.
  • For each prime factor of n-1, either it is small or its primality can be established using Lucas’s theorem.

The second case points to the fact that sometimes Lucas’ theorem can be used recursively to establish the primality of a number. Specifically, in factoring n-1, we may come across a factor that is a probable prime. We then can use Lucas’ theorem to prove its primality. In doing so, we may come across another number that is a probable prime. We can then use Lucas’ theorem again and prove its primality and so on.

As mentioned at the end of the previous section, the task of primality proving here is essentially the task of finding a primitive root. There is no easy formula for finding primitive roots. One can always start with a=2 and work the way up to a value of a that works. But this may be a lengthy process. A faster option is to use randomly chosen values of a.

To use Theorem 1 to prove that n is prime, it is a matter of finding a value of a with 1<a<n that satisfies the two conditions in the theorem. If such an a is not found after a reason number of iterations, then n is probably composite. In this case, it makes sense to subject n to a probabilistic primality test such as the Miller-Rabin test to check for compositeness.

In light of the comment made in the preceding paragraph, before using Theorem 1, we should apply a probabilistic primality test on the number being tested. If the number is shown to be composite by the Miller-Rabin test, then there is no need to use Theorem 1. If the number is a strong probable prime to base 2 for example, then we can proceed to use Theorem 1. Even when Theorem 1 is applicable, there may still be a need to switch back to a probabilistic primality test if a suitable value of a cannot be found in a reasonable number of iterations. Additional remark is given at the end of Example 1.

___________________________________________________________________

Examples

The examples demonstrated here are small enough to be realistically proved as prime by factoring (by computer). However, they are large enough to be excellent demonstrations of the method using the theorem of Lucas.

Example 1

Consider the number n= 3825123056546413057. As a preliminary check, we find that it is a strong probable prime to base 2. The following is the prime factorization of n-1.

    n-1=2^9 \cdot 3 \cdot 53 \cdot 647 \cdot 2689 \cdot 2927 \cdot 9227

Choose a random number a in the interval 1<a<n. Then calculate the following 8 congruences.

    \displaystyle a^{n-1} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{3}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{53}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{647}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2689}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2927}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{9227}} \ (\text{mod} \ n)

If the first one is a 1 and the other 7 congruences are not 1, then we have a proof that n= 3825123056546413057 is prime. Using the random number a= 986534828637101811, we have the following results.

    \displaystyle a^{n-1} \equiv 1 \  (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2}} \equiv -1 \  (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{3}} \equiv 452981711193023997 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{53}} \equiv 3170926069526963063 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{647}} \equiv 1877702458518081231 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2689}} \equiv 2711620409082022280 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2927}} \equiv 2162838710620876676 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{9227}} \equiv 178583766553568086 \not \equiv 1 \ (\text{mod} \ n)

The first congruence is a 1 and the remaining 7 congruences are not 1. Thus by Lucas’ theorem, the number n= 3825123056546413057 is prime.

Remarks
Upon choosing a value of a (random or otherwise), if the first congruence \displaystyle a^{n-1} \ (\text{mod} \ n) is not a 1, then n is composite by Fermat’s little theorem, and we are done. Suppose the first congruence is a 1. If the second congruence \displaystyle a^{\frac{n-1}{2}} \ (\text{mod} \ n) is not \pm 1, then n is composite. This is because if n is prime, then the square root of 1 modulo n must be \pm 1. Since Lucas’ theorem requires that \displaystyle a^{\frac{n-1}{2}} \not \equiv 1 \ (\text{mod} \ n), the only legitimate value of the second congruence is -1. This is something we should look for. If the second congruence \displaystyle a^{\frac{n-1}{2}} \ (\text{mod} \ n) is not a -1, then choose another value of a and start over. In fact, the second congruence should be the one to do first. If it is not a -1, then use another value of a.

Example 2

Using Lucas’ theorem, perform primality testing on the following number

    n= 3825123056546413183.

As a preliminary check, it is a strong probable prime to base 2. Next, factor n-1 as far as possible.

    n-1=2 \cdot 3 \cdot 11 \cdot 17 \cdot 211 \cdot 16157348744821

The last factor m= 16157348744821 of n-1 is an 14-digit number. It is a probable prime to base 2, meaning that 2^{m-1} \equiv 1 \ (\text{mod} \ m). So we have a good reason to believe that m might be a prime. To test whether it is prime, we can use the same method to test. So now we focus our attention on the number m= 16157348744821. Factor m-1 as far as possible.

    m-1=2^2 \cdot 3 \cdot 5 \cdot 31 \cdot 149 \cdot 58300313

The last factor T= 58300313 is a prime number. The square root of T is 7635.46. None of the prime numbers below 7635 is a factor of T. So the above factorization is the prime factorization of m-1. We calculation the following:

    \displaystyle a^{m-1} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{2}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{3}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{5}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{31}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{149}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{58300313}} \ (\text{mod} \ m)

We use a=2 as a starting point. We have the following results.

    \displaystyle 2^{m-1} \equiv 1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{2}} \equiv -1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{3}} \equiv 10783747104377 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{5}} \equiv 6880981597483 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{31}} \equiv 8907135419651 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{149}} \equiv 4770370795536 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle 2^{\frac{m-1}{58300313}} \equiv 13899477097778 \not \equiv 1 \ (\text{mod} \ m)

We are lucky that the first a we try works. Now we have proof that the number m is a prime. As a result, the prime factorization of n-1 for the original number n= 3825123056546413183 is complete. To prove the primality of n, we calculate the following.

    \displaystyle a^{n-1} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{3}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{11}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{17}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{211}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{m}} \ (\text{mod} \ n)

We try a=2 and then a=3, both not working, with \displaystyle 2^{\frac{n-1}{2}} \equiv 1 \ (\text{mod} \ n) and \displaystyle 3^{\frac{n-1}{3}} \equiv 1 \ (\text{mod} \ n). Next we try a=5, with the following results.

    \displaystyle 5^{n-1} \equiv 1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{2}} \equiv -1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{3}} \equiv 289450338018998060 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{11}} \equiv 2294646644277354980 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{17}} \equiv 660679882646053403 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{211}} \equiv 3566794465656534455 \not \equiv 1 \ (\text{mod} \ n)

    \displaystyle 5^{\frac{n-1}{m}} \equiv 985813616806446564 \not \equiv 1 \ (\text{mod} \ n)

The above calculation for base a=5 shows that the number n= 3825123056546413183 is prime.

Example 3

Consider the number n= 219944603708904241. The following is the factorization of n-1.

    n-1=2^4 \cdot 3^3 \cdot 5 \cdot 23 \cdot 3691 \cdot 1199465273

The last factor m= 1199465273 is a probable prime to base 2, meaning that 2^{m-1} \equiv 1 \ (\text{mod} \ m). We have good evidence that m is prime. To confirm, we apply Lucas’ theorem on this number. The following is the prime factorization of m-1, where each factor is small and is easy to be determined as prime.

    m-1=2^3 \cdot 23 \cdot 677 \cdot 9629

To prove the primality of m, we calculate the following.

    \displaystyle a^{m-1} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{2}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{23}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{677}} \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{9629}} \ (\text{mod} \ m)

We try two random choices for a and do not have the desired results. The next random choice is a= 526979896. The following calculation proves that m is prime.

    \displaystyle a^{m-1} \equiv 1 \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{2}} \equiv -1 \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{23}} \equiv 820189482 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{677}} \equiv 695226481 \not \equiv 1 \ (\text{mod} \ m)

    \displaystyle a^{\frac{m-1}{9629}} \equiv 554335065 \not \equiv 1 \ (\text{mod} \ m)

With the prime factorization of n-1 being complete, we turn our attention to the following calculations.

    \displaystyle a^{n-1} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{2}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{3}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{5}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{23}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{3691}} \ (\text{mod} \ n)

    \displaystyle a^{\frac{n-1}{m}} \ (\text{mod} \ n)

We generate the following 8 random choices of a

    013397886753078290
    193080712858269996
    012695419760523254
    096180046746919966
    134541150430885987
    212892893489065625
    209448807773524821
    141141720485036352

and find that \displaystyle a^{\frac{n-1}{2}} \equiv 1 \ (\text{mod} \ n) for all these 8 values of a. This is highly unusual if the number n is prime. We then realize that we forget to check for strong probable primality of n. With n-1=2^4 \cdot Q where Q= 13746537731806515, we calculate the following:

    \displaystyle 2^{Q} \equiv 123276781822261547 \ (\text{mod} \ n)

    \displaystyle 2^{2Q} \equiv 2648415336489 \not \equiv -1 \ (\text{mod} \ n)

    \displaystyle 2^{4Q} \equiv 1 \ (\text{mod} \ n)

    \displaystyle 2^{8Q} \equiv 1 \ (\text{mod} \ n)

    \displaystyle 2^{16Q} \equiv 1 \ (\text{mod} \ n)

The above calculation shows that the number n= 219944603708904241 is composite; it is a strong pseudoprime to base 2. This goes to show that before applying Lucas’ theorem, it makes sense to do some strong probable prime test to rule out numbers that happen to be composite.

The number in Example 3 is a Carmichael number. It is the product of the prime factors 6m+1, 12m+1 and 18m+1 where m= 55365.

___________________________________________________________________

Exercises

Prove the compositeness or primality of each of the following numbers. In proving primality, use Lucas’ theorem as shown in the above examples.

    204482919124364689
    3825123056546413093
    3825123056546413133
    3825123056546413211
    3825123056546413213

___________________________________________________________________

Reference

  1. Lehmer D. H., Tests for primality by the converse of Fermat’s theorem, Bull. Amer. Math. Soc., 33, 327-340 1927.

___________________________________________________________________
\copyright \ \ 2014 \ \text{Dan Ma}

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s