In this post, we discuss a primality testing exercise involving the eighth Fermat number. A Fermat number is of the form where is any nonnegative integer. We search for the first prime number that is greater than . The basic idea is to search for the first probable prime base 2 among the odd numbers after . Once the first probable prime base 2 is identified, we apply the Miller-Rabin primality test to confirm that it is a prime number. At the outset of this exercise, we did not know how many numbers we had to check before reaching the first prime number.
The first five Fermat numbers , , , and are the only Fermat numbers that are known to be prime (it was conjectured by Fermat that all Fermat numbers are prime). It is unknown whether there exists prime Fermat number beyond . What is clear, however, is that all the higher Fermat numbers that were studied turn out to be composite. The 8th Fermat number has 78 decimal digits with two factors with 16 and 62 digits (it was factored in 1961). The largest Fermat number that has been completely factored (as of the writing of this post) is which has 617 decimal digits. Many Fermat numbers larger than have been partially factored.
The basic approach
The following is the number , which has 78 decimal digits.
Define where is an odd positive integer, i.e., . The exercise is to find the smallest such that is a prime number. According to Euclid’s proof that there are infinitely many prime numbers, such a is sure to exist. Just that we do not know at the outset how far we have to go to find it. Of course, is the 8th Fermat number, which is a composite number with two prime factors with 16 and 62 decimal digits. So the search starts with .
The key is to do the following two quick checks to eliminate composite numbers so that we can reach a probable prime as quickly as possible.
- For any given , the first step is to look for small prime factors, i.e., to factor using prime numbers less than a bound . If a small prime factor is found, then we increase by 2 and start over. Note that we skip any where the sum of digits is divisible by 3. We also skip any that ends with the digit 5.
- If no small factors are found, then compute the congruence . If the answer is not congruent to 1, then we know is composite and work on the next number. If , then is said to be a probable prime base 2. Once we know that a particular is a probable prime base 2, it is likely a prime number. To further confirm, we apply the Miller-Rabin primality test on that .
In the first check, we check for prime factors among the first 100 odd prime numbers (i.e. all odd primes up to and including 547).
Searching the first probable prime
At the outset, we did not know how many numbers we will have to check. Since there can be a long gap between two successive prime numbers, the worse fear is that the number range we are dealing with is situated in such a long gap, in which case we may have to check thousands of numbers (or even tens of thousands). Luckily the search settles on a probable prime rather quickly. The magic number is 297. In other words, for the number
, we find that . Thus is a probable prime in base 2. The following shows the decimal digits of .
To further give a sense of how the magic number is reached, the following table lists the 25 calculations leading to the magic number.
The first number is in the table ends in a 5 and is thus composite. The third number is composite since the sum of the digits of its is divisible by 3. The third column of the above table shows the least prime factor below 547 (if one is found). An asterisk in the third column means that none of the prime numbers below 547 is a factor. For such numbers, we compute the modular exponentiation .
In the above table, 4 of the asterisks lead to the result . These numbers are thus composite. For example, for , the following is the result:
The last number in the table is a probable prime base 2 since our calculation shows that . Being a probable prime to base 2 is actually very strong evidence that the number is a prime number. We want even stronger evidence that is a prime. For example, we can carry out the Miller-Rabin test in such a way that the probability of mistaking a composite number as prime is at most one in a septillion! A septillion is the square of a trillion. A trillion is . Thus a septillion is . One in a septillion is for all practical purposes zero. But if one wants more reassurance, one can always run the Miller-Rabin test with more bases.
The Miller-Rabin primality test
The Miller-Rabin test is a variant of the Fermat test because Miller-Rabin still relies on Fermat’s little theorem. But Miller-Rabin uses Fermat’s little theorem in such a way that it eliminates the issue of the Fermat test mistakenly identifying Carmichael numbers as prime.
Given an odd positive integer whose “prime or composite” status is not known, the Miller-Rabin test will output “composite” or “probable prime”. Like the Fermat test, the Miller-Rabin test calculates for several values of . But the test organizes the congruence a little differently to capture additional information about prime numbers.
Here’s how to set up the calculation for Miller-Rabin. Because is odd, is even. We can factor as a product of a power of 2 and an odd number. So we have where and is odd ( may not be prime). Then we calculate the following sequence:
The first term in (1) can be calculated using the fast powering algorithm (using the binary expansion of to convert the calculation of into a series of squarings and multiplications). Each subsequent term is then the square of the preceding term. The last term is of course . Each squaring or multiplication is reduced modulo . The Miller-Rabin test is based on the following property of prime numbers:
- At least one term in the sequence (1) is congruent to 1 modulo .
- Either the first term in (1) is congruent to 1 modulo or the term preceding the first 1 is congruent to -1 modulo .
Let be an odd prime number such that where and is odd. Let be a positive integer not divisible by . Then the following two conditions are true about the sequence (1).
How the Miller-Rabin test works
Suppose that the “prime or composite” status of an odd integer is not known. If both conditions in the above theorem are satisfied with respect to the number , then is said to be a strong probable prime in base . If a strong probable prime in base happens to be composite, then it is said to be a strong pseudoprime in base . In other words, a strong pseudoprime is a composite number that possesses a prime-like property, namely it satisfies the two conditions in Theorem 1 with respect to one base .
The test procedure of Miller-Rabin is to check whether is a strong probable prime to several bases that are randomly chosen. The following determines the outcome of the test:
- If is not a strong probable prime in one of the chosen bases, then is proved to be composite.
- If is shown to be a strong probable prime in all the chosen bases (say there are of them), then is “probably prime” with an error probability of at most .
To prove the integer is composite, we look for a base for which is not a strong probable prime. Such a value of is also called a Miller-Rabin witness for the compositeness of . For primality, the Miller-Rabin test does not give a mathematical proof that a number is prime. The Miller-Rabin test is a probable prime test. It gives strong evidence that is a prime number, with an error probability that can be made arbitrarily small by using a large random sample of values of .
Take the prime candidate that is discussed above. We plan to run the Miller-Rabin test on using 40 random values of where . If is shown to be a strong probable prime in all 40 bases, then the prime candidate is likely a prime number with an error probability of at most . This probability works out to be less than 1 in 10 raised to 24 (hence the one in a septillion that is mentioned earlier). If one wants stronger evidence, we can compute for more values of . Thus if is in actuality a composite number, there is at most a one in septillion chance that the Miller-Rabin test will declare is a prime number.
How can the Miller-Rabin test make the claim of having such a small error probability? The fact the the error probability of Miller-Rabin can be made arbitrarily small stems from the following fact.
Suppose that is a composite odd number. At most 25% of the numbers in the interval are bases in which is a strong pseudoprime. Putting it in another way, at least 75% of the numbers in are bases in which is not a strong pseudoprime.
To paraphrase Theorem 2, if is composite to begin with, at least 75% of the numbers in will prove its compositeness. That means that at most 25% of the numbers will exhibit the prime-like property described in Theorem 1. The power of Miller-Rabin comes from the fact that for composite numbers there are more values of that will give a correct result (in fact, at least 3 times more).
Thus if you apply the Miller-Rabin test on a composite number , you will bound to stumble on a base that will prove its compositeness, especially if the bases are randomly chosen. Any random choice of where has at least a 75% chance of being correct on the composite number . In a series of 100 random choices of , it will be hard to miss such values of . The only way that Miller-Rabin can make a mistake by declaring a composite number as prime is to pick all the values of from the (at most) 25% of the pool of values of that are strong pseudoprime prime. This probability is bounded by (if is the number of selections of ).
Applying Miller-Rabin on the prime candidate
The first task is to factor . We find that where is the following odd number:
For each randomly selected , we calculate the following sequence:
The first term is calculated using the fast powering algorithm (a series of squarings and multiplications). Each subsequent term is the square of the preceding term. Each term in the sequence is reduced modulo . The goal is to see if the two conditions in Theorem 1 are satisfied. One is that one of the 4 values in (2) is a 1. The other is that the term preceding the first 1 in (2) has to be a -1.
The following shows the 40 numbers that are randomly chosen in the interval .
For each random number , we calculated the 4 numbers indicated in sequence (2). The following 3 tables show the results of the calculation.
There are 4 columns of calculation results, one for each term in sequence (2). If a calculation result is a blank in the above tables, it means that the result is a number that is not 1 or -1 modulo . For example, and are congruent to the following two numbers:
In the above 3 tables, all results match the conditions of Theorem 1. For each number , the calculated results are eventually 1. On some of the rows, the first result is a 1. In all the other rows, the term right before the first 1 is a -1. For example, in the first row where , the first 1 and the term preceding that is a -1.
The results in the above 3 tables show that the number is a strong probable prime in all 40 of the randomly chosen bases. We have very strong evidence that the number is a prime number. The probability that it is a composite number but we mistakenly identify it as prime is at most one in a septillion!
In our search for probable primes larger than the 8th Fermat number, we also find that the number is also a probable prime base 2. The following shows the decimal digits:
Is it a prime number? Perform the Miller-Rabin test on this number.