Lecture 10 - Fake Primes and Euler's Theorem

Coursenotes » Chapter 2: Congruences » Lecture 10 - Fake Primes and Euler's Theorem

Summary

Today we're finishing up our discussion of Fermat's Little Theorem. By the end of the class we'll state and prove a generalization which works for all integers — not just primes.

A Test for Primality

At the end of last class period we showed that $2^{90} \not\equiv 1 \mod{91}$. Now if 91 were a prime, then since $91 \nmid 2$ we would have gotten $2^{90} \equiv 1 \mod{91}$ by flt. Since we don't get this congruence, we must conclude that 91 is not prime. What's great about this result is that we have given a proof that 91 is composite without actually producing a factorization! This is HUGE, because it means we have a way to test for primality that doesn't involve the (usually quite difficult) problem of factorization.

We'll record this result in the following

Corollary: If n is an integer and you can find another integer a so that $n \nmid a$ and $a^{n-1} \not\equiv 1 \mod{n}$ , then n is not prime.

You should be careful not to think that this theorem is a perfect test for primality, as there are numbers which obey an flt-like congruence. That is to say, there are composite numbers n for which there exists integers a that satisfy $a^{n-1} \equiv a \mod{n}$ . In the case that a can be taken as 2, these integers get a special name.

Definition: A composite number is called a psuedoprime if $2^n \equiv 2 \mod{n}$ .

Example: 645 is psuedoprime

We'll show that $645 = 3\cdot 5 \cdot 43$ is a pseudoprime. To do this, we need to show that $2^{645} \equiv 2 \mod{645}$ . Now we could do this using successive squaring, but since we know the factorization of 645 we could instead verify that the following congruences all hold

(1)

$\begin{equation*}\begin{split} 2^{645} &\equiv 2 \mod{3}\ 2^{645} &\equiv 2 \mod{5}\ 2^{645} &\equiv 2 \mod{43}. \end{split}\end{equation*}$

Why is this the same thing as checking $2^{645} \equiv 2 \mod{645}$ , you ask? Our good old friend the CRT.

Ok, let's check these congruences. First, we know that $2^{2} \equiv 1 \mod{3}$ using flt, and so we have

(2)

$2^{645} \equiv 2^{2\cdot 322 + 1} \equiv \left(2^2\right)^{322}2 \equiv 1^{322}2 \equiv 2 \mod{3}.$

Likewise we know that $2^{4} \equiv 1 \mod{5}$ by flt, and so

(3)

$2^{645} \equiv 2^{4\cdot 161 + 1} \equiv \left(2^4\right)^{161}2 \equiv 2 \mod{5}.$

Finally, since $2^{42} \equiv 1 \mod{43}$ by flt, we have

(4)

$2^{645} \equiv 2^{42\cdot 15+ 15} \equiv \left(2^{42}\right)^{15}2^{15} \equiv 2^{15} \mod{43}.$

Using successive squaring, we checked that $2^{15} \equiv 2 \mod{43}$ as desired. $\square$

There are other composite numbers which are a kind of "strong" psuedoprimes, in the sense that they satisfy the conditions of psuedoprime numbers but with 2 replaced by an arbitrary a with $(a,n) = 1$ .

Definition: A Carmichael number is a composite number n such that every integer a with $(a,n) = 1$ satisfies $a^{n} \equiv a \mod{n}$ .

Example: 561 is Carmichael

In class we showed that $561 = 3\cdot 11 \cdot 17$ is Carmichael. To do this, we showed that for an arbitrary integer a with $(a,561) = 1$ , the congruences

(5)

$\begin{equation*}\begin{split} a^{561} &\equiv a \mod{3}\ a^{561} &\equiv a \mod{11}\ a^{561} &\equiv a \mod{17} \end{split}\end{equation*}$

are satisfied. To do this, notice first that since $(a,561) = 1$ we must also have $(a,3) = (a,11) = (a,17) = 1$ . This has to be the case since any common divisor of a with any of 3,7 of 17 would mean that a has a common divisor with 561, something we already know doesn't exist. Because a is relatively prime to all these prime numbers, then, we can apply flt in each case, as follows:

(6)

$\begin{equation*}\begin{split} a^{561} &\equiv a^{2\cdot 280+1} \equiv a \mod{3}\ a^{561} &\equiv a^{10\cdot 56+1} \equiv a \mod{11}\ a^{561} &\equiv a^{16\cdot 35+1} \equiv a \mod{17}. \end{split}\end{equation*}$

$\square$

Notice that this same technique can be used to show that a number $n = p_1\cdots p_k$ such that [{$p_i-1 \mid n-1$]] for every i is a Carmichael number.

Euler's Theorem

We're now going to try to generalize Fermat's Little Theorem so that it can be applied to more than just prime numbers. We first noted that we will never have a chance of having an equation of the form $a^? \equiv 1 \mod{n}$ unless $(a,n) = 1$ . Hence to get some evidence for what this magical exponent might look like, we tried out a few values of n. We came up with the following

n	$\{a : 1\leq a \leq n \mbox{ and }(a,n) =1$	Magic Exponent
6	$\{1,5\}$	2
8	$\{1,3,5,7\}$	2
10	$\{1,3,7,9\}$	4
12	$\{1,5,7,11\}$	2
15	$\{1,2,4,7,8,11,13,14\}$	4

We saw a lot of patterns here, but the trend which winds up providing a generalization of flt is to notice that the "magic exponent" is always a divisor of the number of integers between 1 and n which are relatively prime to n. This observation gives us a definition and a theorem.

Euler's $\phi$ function: For an integer n, $\phi(n)$ is the number of integers between 1 and n (inclusive) which are relatively prime to n. This is also called Euler's Totient function.

Euler's Theorem: For any integer n and any a satisfying $(a,n) = 1$ , one has $a^{\phi(n)} \equiv 1 \mod{n}$ .

Proof: To prove this theorem, let $S = \{r_1,r_2,\cdots,r_{\phi(n)}\}$ be the set of least non-negative residues which are relatively prime to n. For the given a, we'll denote by $T$ the set $T = \{ar_1,ar_2,\cdots,ar_{\phi(n)}\}$ . We claim that S and T are the same modulo n. If this claim is true, notice that this means that the product of the elements in S is the same as the product of the elements in T — at least modulo n. Hence we'd have

(7)

$\prod_{i=1}^{\phi(n)} r_i = a^{\phi(n)}\prod_{i=1}^{\phi(n)}r_i.$

Expressed as a divisibility statement, this says

(8)

$n \mid \left(a^{\phi(n)}-1\right)\left(\prod_{i=1}^{\phi(n)}r_i\right).$

Since each of the $r_i$ are relatively prime to n this means that $\prod_{i=1}^{\phi(n)}r_i$ is also relatively prime to $n$, and hence the divisibility above implies that $n \mid a^{\phi(n)}-1$ ; in other words, we have $a^{\phi(n)}\equiv 1 \mod{n}$ .

Hence all that's left is to verify the claim. To do this, we'll show that each of the elements of T is relatively prime to n, and that each of them is distinct from each other modulo n. For the first, notice that since both a and $r_i$ are relatively prime to n, their product is also relatively prime to n. Hence — modulo n — the elements of T are a subset of the elements of S. To show they're the same set, we'll show that T has $\phi(n)$ distinct elements, meaning that we need to show that $ar_i \equiv ar_j \mod{n}$ only when $i = j$ . So suppose that $ar_i \equiv ar_j \mod{n}$ . Since $(a,n) = 1$ we can "cancel" the a's on both side of the equation, and so we have $r_i \equiv r_j \mod{n}$ . Of course this can only happen when $i = j$ , so we're done. $\square$