Lecture 25: Order and a Primality Test

Summary

We started class by finishing the proof of the Primitive Root theorem: first by reviewing the case when the modulus is $p^m$, then using this to find primitive roots mod $2p^m$. Afterwards we saw an application of order in the land of primality testing. This is our first example of an "easy" test for primality which doesn't require tremendous computation.

Finishing the Primitive Root Theorem

We started class by reviewing our proof of the existence of primitive roots mod $p^m$, where p is an odd prime. In fact, we proved the following

Theorem: A primitive root mod $p^2$ is a primitive root mod $p^m$.

Our method was to note that any primitive root r mod $p^2$ must have

(1)
\begin{align} \mbox{ord}_{p^m}(r) = p^k(p-1) \quad \mbox{ for some }1 \leq k \leq m-1. \end{align}

To show that r is a primitive root we want to prove that $k=m-1$, so we need to rule out the possibility that $k<m-1$. If it happened that $k<m-1$, though, then we'd find ourselves in the case that

(2)
\begin{align} r^{p^{m-2}(p-1)} \equiv 1 \mod{p^m}. \end{align}

Hence to prove that $k<m-1$ is impossible, we show that Equation () is impossible. The details of this proof are found in last class periods coursenotes, so you can see them there.

To finish off the primitive root theorem, we need to verify that a modulus of the form $2p^m$ has a primitive root. This will be our next

Theorem: If r is an odd primitive root mod $p^2$, then r is a primitive root mod $2p^m$. In particular, primitive roots exist mod $2p^m$.

Proof: To prove that primitive roots exist mod $2p^m$, the first part of the theorem says that we need to prove that odd primitive roots exists mod $p^2$. So choose a primitive root mod $p^2$. If it's odd, then we win. Otherwise it is even. In this case, the number $r+p^2$ is an odd number, and since $r+p^2 \equiv r \mod{p^2}$, we have that $r+p^2$ is a primitive root mod $p^2$. Hence we can always find an odd primitive root mod $p^2$, and so the first part of the theorem says that there is always a primitive root mod $2p^m$.

So let's prove that the first part of the theorem is true. Since r is an odd number, and since r is a primitive root mod $p^2$, we must have $(r,2) = 1$ and $(r,p)=1$. Together, these imply that $(r,2p^m) = 1$. Hence the element r has an order mod $2p^m$. We'll write $n = \mbox{ord}_{2p^m}(r)$.

Now we know that $n \mid \phi(2p^m)$, and since $\phi(2p^m) = \phi(2)\phi(p^m) = \phi(p^m)$ we get

(3)
\begin{align} n \mid \phi(p^m). \end{align}

On the other hand, we know that

(4)
\begin{align} a^n \equiv 1 \mod{2p^m} \Rigtharrow a^n \equiv 1 \mod{p^m} \Rightarrow \mbox{ord}_{p^m}(r) \mid n. \end{align}

Considering that r is a primitive root mod $p^2$, we know that r is a primitive root mod $p^m$, and hence $\mbox{ord}_{p^m}(r) = \phi(p^m)$. Combining Equations (3) and (4), we therefore have

(5)
\begin{align} n = \phi(p^m) = \phi(2p^m), \end{align}

and so r is a primitive root (since it has maximal order). $\square$

Having talked about when a given integer has a primitive root, one thing to notice is that our theory doesn't give us a way of finding primitive roots mod p. This is the main problem when trying to find a primitive root mod $p^m$ or $2p^m$, since one can take such a primitive root and use it to find a primitive root mod $p^2$ (and subsequently mod $p^m$ or $2p^m$). So: how does one know how to find a primitive root mod p? Sadly, the answer is that one has to just try numbers until a primitive root is found.

Another natural question to ask is whether one can expect a given number to appear as a primitive root for "lots" of primes p. For instance, for how many primes p is 2 a primitive root mod p? Are there other numbers k for which we might expect that k appears as a primitive root for lots of primes p? For instance, we know that $k=-1$ will never be a primitive root for larger primes p, since $(-1)^2 = 1$ implies that $\mbox{ord}_p(-1) \in \{1,2\}$. To approach this question, we proved the following

Lemma: If r is a quadratic residue mod p, then r is not a primitive root.

Proof: Suppose that r is a quadratic residue, so that $x^2 \equiv r \mod{p}$ has a solution x. Then we get

(6)
\begin{align} \mbox{ord}_{p}(r) = \mbox{ord}_{p}(x^2) = \frac{\mbox{ord}_p(x)}{(2,\mbox{ord}_p(x))}. \end{align}

Now if $\mbox{ord}_p(x)<\phi(p)$ then the above expression for $\mbox{ord}_p(x)$ is clearly never $\phi(p)$: it shows that $\mbox{ord}_p(r)$ is a divisor of a number smaller than $\phi(p)$. On the other hand, if x is a primitive root then the equation above gives

(7)
\begin{align} \mbox{ord}_{p}(r) = \mbox{ord}_{p}(x^2) = \frac{\mbox{ord}_p(x)}{(2,\mbox{ord}_p(x))} = \frac{\phi(p)}{(2,\phi(p))} = \frac{\phi(p)}{2}. \end{align}

Hence in this case again we find that the order of r is not $\phi(p)$, and so r isn't a primitive root. $\square$

The above theorem tells us that any square of an integer never has a shot at being a primitive root for any prime p: if it is a square integer, then mod any p it will be a quadratic residue, and hence the above lemma says it can't be a primitive root. Except for the integers which we've ruled as being potential primitive roots, do all other integers have a shot as showing up as a primitive root for "lots of primes"? This is the subject of the following

Artin's Conjecture: For any number a that isn't -1 or a square, there are infinitely many primes p for which a is a primitive root.

More information on this conjecture (including the special case where $a=2$) would make for a good posting in the forum.

A Primality Test

Now that we've covered the basics of primitive roots and order, we're going to spend the next few class periods talking about some applications of these ideas. Our first application will be a primality test. Now at the beginning of the course we said that the method for checking whether an integer is prime or compositive is trial division. Essentially, attempts to factorize were the only techniques we had on hand for testing primality. Since then, though, we've developed other techniques for checking primality. Two that stick out are the following

  • $\phi(n) = n-1$ if and only if n is prime.
  • $(n-1)! \equiv -1 \mod{n}$ if and only if n is prime.

Notice that neither of these techniques seem to require any factoring at all, and yet they can tell us whether a given number is prime. Verifying the first condition, however, would amount to knowing divisors of n (so that one could determine the number of integers $1 \leq a \leq n$ so that $(a,n) = 1$), but it can still be a very useful tool from a theoretical standpoint. For instance, it is used to prove the following

Theorem: If there exists a number a so that

$\displaystyle a^{n-1} \equiv 1 \mod{n}$

and so that for every prime divisor q of $n-1$ we have

$\displaystyle a^{\frac{n-1}{q}} \not\equiv 1 \mod{n}$

then n is a prime number.

Proof: The condition $a^{n-1} \equiv 1 \mod{n}$ implies that $\mbox{ord}_n(a) \mid n-1$. Hence we get $k \cdot \mbox{ord}_n(a) = n-1$. We'd like to show that $k=1$, so we'll assume that $k>1$ and derive a contradiction. Now if $k>1$ then there exists a prime divisor q of k. Note that q is therefore also a prime divisor of $n-1$. Now we see that

(8)
\begin{align} a^{\frac{n-1}{q}} \equiv a^{\frac{\mbox{\tiny{ord}}_n(a)\cdot k}{q}} \equiv \left(a^{\mbox{\tiny{ord}}_n(a)}\right)^{\frac{k}{q}} \equiv 1^{\frac{k}{q}} \equiv 1 \mod{n}, \end{align}

contradicting our hypothesis. Hence we cannot have $k>1$, and so we have $k=1$, implying $\mbox{ord}_n(a) = n-1$.

Now we know that

(9)
\begin{align} \mbox{ord}_n(a) \leq \phi(n) \leq n-1 \end{align}

simply because the order of any element is a divisor of $\phi(n)$, and since $\phi(n) \leq n-1$ for every n. But we know that $\mbox{ord}_n(a) = n-1$, so the above equation becomes

(10)
\begin{align} n-1 = \mbox{ord}_n(a) \leq \phi(n) \leq n-1, \end{align}

and hence all the inequalities much actually be equalities. We therefore see that $\phi(n) = n-1$, from which we conclude that n is prime. $\square$

Example: 19 is prime

We'll use the above test to verify that 19 is prime. We'll try $a=2$ and see if it fits the bill in the above equation. Since $19-1 = 18 = 3^2 \cdot 2$, the prime divisors of $18$ are 2 and 3. Hence we want to verify that

(11)
\begin{split} 2^{18} &\equiv 1 \mod{19} \\ 2^{\frac{18}{2}} &\not\equiv 1 \mod{19} \\ 2^{\frac{18}{3}} &\not\equiv 1 \mod{19}. \end{split}

Hence we need to compute the 6th, 9th and 18th powers of 2 mod 19. For this, we'll use successive squaring:

(12)
\begin{split} 2^1 &\equiv 2 \mod{19}\\ 2^2 &\equiv 4 \mod{19}\\ 2^4 &\equiv 16 \equiv -3 \mod{19}\\ 2^8 &\equiv (-3)^2 \equiv 9 \mod{19}. \end{split}

Hence we see that

(13)
\begin{split} 2^{\frac{18}{3}} &\equiv 2^6 \equiv 2^4\cdot 2^2 \equiv -3 \cdot 4 \equiv -12 \not\equiv 1 \mod{19}\\ 2^{\frac{18}{2}} &\equiv 2^9 \equiv 2\cdot 2^8 \equiv 2 \cdot 9 \equiv 18 \equiv -1 \not\equiv 1 \mod{19}\\ 2^{18} &\equiv (2^{9})^2 \equiv (-1)^2 \equiv 1 \mod{19}. \end{split}

We've verified the desired congruences, and so we have that 19 is prime. $\square$

We can simplify the above theorem slightly with the following

Corollary: If n is an odd integer and there exists a number a so that

$\displaystyle a^{\frac{n-1}{2}} \equiv -1 \mod{n}$

and so that for every odd prime divisor q of $n-1$ we have

$\displaystyle a^{\frac{n-1}{q}} \not\equiv 1 \mod{n}$

then n is a prime number.

Proof: If we square the first condition of this theorem then we get $a^{n-1} \equiv 1 \mod{n}$, the first condition of the previous theorem. The remaining hypotheses of this theorem come from the provided statement about odd prime divisors together with the observation that $a^{\frac{n-1}{2}} \equiv -1 \mod{n}$ implies the necessary incongruence for the only non-odd prime divisor of $n-1$ (i.e., for $q=2$). $\square$

This test will be especially useful for testing the primality of Fermat numbers. The nth Fermat number is

(14)
\begin{equation} F_n = 2^{2^n}+1, \end{equation}

and it's easy to see that the prime factorization of $F_n-1$ is easily computed (it's just a bunch of powers of 2). Hence the previous corollary tells us that

If $3^{\frac{F_n-1}{2}} \equiv -1 \mod{F_n}$, then $F_n$ is prime.

(Notice that this follows from the previous corollary since $F_n-1$ has no odd prime divisors). Indeed, there's even a converse for this statement.

If $F_n$ is prime, then either $n=0$ (in which case $F_0 = 3$) or $3^{\frac{F_n-1}{2}} \equiv -1 \mod{F_n}$.

Proof: To see that this is true, suppose that $F_n$ is prime. Then Euler's Criterion says that

(15)
\begin{align} 3^{\frac{F_n-1}{2}} \equiv \left(\frac{3}{F_n}\right) \mod{F_n}. \end{align}

Now when $n>0$ we have that $2^n$ is an even number, so that $2^n = 2k$ for some k. Hence we have $F_n = 2^{2^n}+1 = 2^{2k}+1 = 4^k+1$. This means that $F_n \equiv 1 \mod{4}$, and so quadratic reciprocity shows

(16)
\begin{align} \left(\frac{3}{F_n}\right) \equiv \left(\frac{F_n}{3}\right). \end{align}

Since $F_n = 4^k +1$ and $4 \equiv 1 \mod{3}$, we can reduce the "numerator" on the right hand side of the above equation to give

(17)
\begin{align} \left(\frac{F_n}{3}\right) \equiv \left(\frac{2}{3}\right) \equiv -1. \end{align}

This gives the desired result. $\square$

Add a New Comment
page revision: 5, last edited: 29 Oct 2008 19:07
Edit Tags History Files Print Site tools + Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License