Lecture 26: Checking Order; Fun Facts on Mersenne and Fermat Numbers

Summary

Today we spent time discussing techniques for checking whether a given number is a primitive root for a given modulus. Hopefully this cleared up some confusion that people had when they worked on Homework 9. We then spent time discussing properties of the Fermat and Mersenne Numbers.

Calculating Order

One of the problems that several people seemed to have in the last homework assignment is verifying that a given element was a primitive root mod p^2, where p was an odd prime. For instance, many people made the following

Erroneous claim: Since 3^{\phi(17^2)} \equiv 1 \mod{17^2}, 3 is a primitive root mod 17^2.

The reason that this is justification is invalid is that one doesn't check that \mbox{ord}_{17^2}(3) = \phi(17^2) in this manner. In fact, checking 3^{\phi(17^2)} \equiv 1 \mod{17^2} only tells us that the order of 3 mod 172 is a divisor of \phi(17^2) — a fact which we could have justified without doing any computations at all! To show that the order of 3 mod 172 really is "maximal," then, we need another technique. With this as motivation, let's review the process for verifying that a given element is a primitive root.

The case where the modulus is prime

Suppose that we want to show that a is a primitive root mod p, where p is a prime number. In order to verify this claim, we need to show that the smallest n which satisfies the equation

(1)
a^n \equiv 1 \mod{p}

is n = p-1. Since we know that a^{\phi(p)} = a^{p-1} \equiv 1 mod{p} by Fermat's Little Theorem, all we really need to do is check that

(2)
a^s \not\equiv 1 \mod{p} \quad \mbox{ for all }s<p-1.

Of course, checking this is really overkill. We already know that the order of an element mod p isn't just any number smaller than \phi(p)=p-1, it actually has to be a divisor of p_1. Hence to check that a has order p-1, we need to check that

(3)
a^d \not\equiv 1 \mod{p} \quad \mbox{for all divisors }d \mbox{ of }p.

As it happens, though, even this is more than we need to check. From our work in class last time, it turns out that all we really need to show is that

(4)
a^{\frac{p-1}{q}} \not\equiv 1 \mod{p} \mbox{ for every prime divisor }q \mbox{ of } p.

This final simplification really cuts down on the number of computations we have to do.

Example: Finding a primitive root mod 61

Suppose we want to determine whether 2 is a primitive root mod 61. Since 61 is prime, we have \phi(61) = 60 = 2^2\cdot 3 \cdot 5. According to the criteria we just wrote down, we can prove that 2 is a primitive root by calculating

(5)
\begin{split} 2^{\frac{60}{2}} &\mod{61}\ 2^{\frac{60}{3}} &\mod{61}\ 2^{\frac{60}{5}} &\mod{61}. \end{split}

If all these quantities are not equivalent to 1, then 2 will be a primitive root. If even one of these quantities is equal to 1, then 2 will not be a primitive root. \square

Primitive Roots Mod p2

Now suppose you want to check if a is a primitive root mod p2. In theory, this should mean that you check

(6)
a^d \not\equiv 1 \mod{p^2} \quad \mbox{ for every divisor }d \mbox{ of }\phi(p^2) = p(p-1).

From our discussions in class on Monday, though, we can find a better way.

Specifically, suppose that you have already determined that a is a primitive root mod p (using the ideas presented in the previous section). Then we proved in class that

(7)
\begin{split} a &\mbox{ is a primitive root }\mod{p^2} &\mbox{ if } a^{p-1} \not\equiv 1 \mod{p^2}\ a+p \mbox{ is a primitive root}\mod{p^2} &\mbox{ if }a^{p-1} \equiv 1 \mod{p^2}.\ \end{split}

Hence if you calculate a^{p-1} \mod{p^2}, whatever answer you get will tell you how to find a primitive root mod p2.

Primitive Roots Mod pm and 2pm

Suppose now that you want to find a primitive root mod pm. The theory we discussed in class on Monday shows that any primitive root a mod p2 will also be a primitive root mod pm. Furthermore, if that primitive root a is odd, then a is a primitive root mod 2pm. (And if it isn't odd, then a+p^m is a primitive root mod 2p^m.

Fun Topics with Fermat and Mersenne Numbers

The rest of the class was spent talking about "fun" topics related to Fermat and Mersenne numbers. These topics won't be covered on the test, but they are worth thinking about nonetheless.

Recall from last class period that we had the following primality test (known as the Lucas-Lehmer test):

For a number n, if there exists a number a so that

a^{n-1} \equiv 1 \mod{n}


and for all primes q dividing n-1 we have

a^{\frac{n-1}{q}} \not\equiv 1 \mod{n}


then n is a prime number.

This test was good, but it did require that we know something about the factorization of n-1. For more numbers, a prime factorization for n-1 is just as difficult to compute as a prime factorization for n. But for some numbers, like the Fermat numbers F_n = 2^{2^n}+1, such a factorization is quite easy. In fact, for these special numbers we have

Pepin's Primality Test: F_n is a prime number if and only if n=0 or

3^{\frac{F_n-1}{2}} \equiv -1 \mod{F_n}.

This test is great, because it gives an "efficient" way to determine the primality of a Fermat Number. Unfortunately, though, "efficient" is a relative term: though these numbers grow at a doubly-exponential rate, this test takes an exponential amount of time to compute. While an exponential algorithm is way better than a doubly-exponential algorithm

Now some people wondered if we could use this test on Mersenne numbers, M_n = 2^n-1. Unfortunately, it's hard to find a good factorization of M_n-1 = 2^n-2 = 2(2^{n-1}-1). There is, however, a primality test that one can use on Mersenne numbers.

(Lucas-Lehmer Test for Mersenne Numbers): For a given p, define u_0 = 4 and recursively define

u_i = u_{i-1}^2-2.


Then M_p is a prime if and only if u_{p-2} \equiv 0 \mod{M_p}.

Example

To check that M_3 = 2^3-1 = 7, let's compute the u sequence. We only need to go to u_{3-2} = u_1:

(8)
\begin{split} u_0 &\equiv 4 \mod{M_3}\ u_1 &\equiv 4^2-2 \equiv 14 \equiv 0 \mod{M_3}. \end{split}

According to our test, this means that M_3 is a prime number (surprise, surprise).

On the other hand, determining whether M_{11} is prime or not might not be so clear. To do so, we'll need to look at the sequence u_0,u_1,\cdots, u_9 and determine whether u_9 \not\equiv 0 \mod{M_{11}}. It turns out that u_9 \not\equiv 0 \mod{M_{11}}, which means that M_{11} isn't prime. \square

Notice that this above test, while it tells us whether or not a given M_p is prime or composite, it does not give us a factorization in the case that the number winds up being composite. For instance, Lucas used his test in 1876 to show that M_{67} is not prime, but he did not give a factorization. This would have to wait for Cole's amazing speech during a conference in 1903, which had him silently verifying the factorization

(9)
M_{67} = 193,707,721 \times 761,838,257,287.

His speech was the only one at the conference that got a standing ovation.

Though there's not very much known about the primality or compositeness of general Mersenne numbers, there are certain cases when it's known that M_p is composite.

Suppose that p is a prime congruence to 3 mod 4, and that 2p+1 is a prime. Then 2p+1 \mid M_p. In particular, if p>3 then M_p is composite.

Proof: Since p \equiv 3 \mod{4} we have p = 4k+3. Hence 2p+1 = 2(4k+3)+1 = 8k+7 \equiv 7 \mod{8}, and this means that 2 is a square mod 2p+1. According to Euler's Criterion, we get

(10)
1 \equiv \left(\frac{2}{2p+1}\right) \equiv 2^{\frac{2p+1-1}{2}} \equiv 2^p \mod{2p+1}.

This translates to 2p+1 \mid 2^p-1 = M_p.

In the case that p>3, we have M_p > 2p+1, and so this divisor 2p+1 is a proper divisor (making M_p prime). \square

To finish our discussion on Fermat and Mersenne numbers, we're going to give a new proof of the infinitude of primes using Fermat numbers. This is somewhat amazing, since we don't really know much about how Fermat numbers factor. To prove this result, we'll need the following fact about Fermat numbers.

Lemma: F_n -2 = F_0 \cdot F_1 \cdots F_{n-1}.

Proof: We'll check this by induction. The base case n=1 follows because

(11)
\begin{split} F_1-2 &= 2^{2^1}+1-2 = 4+1-2 = 3\ F_0 &= 2^{2^0}+1 = 2^1+1=3. \end{split}

For the inductive step, let's compute F_n-2:

(12)
F_n-2 = 2^{2^n}+1-2 = 2^{2^n}-1 = (2^{2^{n-1}}-1)(2^{2^{n-1}}+1) = (F_{n-1}-2)F_{n-1}.

Now by induction we know F_{n-1} -2 = F_0 \cdots F_{n-2}, which we substitute into the equation above to prove

(13)
F_n-2 = (F_0 \cdot F_1 \cdots F_{n-2})F_{n-1} = F_0 \cdot F_1 \cdots F_{n-1}.

\square

Theorem: There are infinitely many prime numbers.

Proof: We'll show there are infinitely many prime numbers by showing that all the Fermat numbers are relatively prime to each other; i.e., that no two Fermat numbers share a common factor. This will prove there are infinitely many prime numbers, since each of the Fermat numbers will have a "new" prime factor.

So let's check that all Fermat numbers are relatively prime by contradiction. We'll assume that there exists Fermat numbers F_j and F_n that have a common prime divisor p, and we'll shows that this leads to a contradiction. Since one of n or j has to be bigger than the other, let's assume that n>j. By the previous Lemma, we know that

(14)
p \mid F_n-2 = F_0 \cdots F_{n-1},

since the product on the right hand side contains F_j. Hence we know that p divides the integral linear combination

(15)
p \mid F_n - (F_n-2)= 2.

But if p mid 2 then we must have p=2. Notice, though, that each F_n is an odd number (since it takes the form 2^{2^n}+1), and so it is impossible for 2 \mid F_n to be true. We conclude that our assumption about a common prime factor is false, and therefore the Fermat numbers are pairwise relatively prime as desired. \square

Add a new comment
page_revision: 4, last_edited: 1237394372|%e %b %Y, %H:%M %Z (%O ago)
EditTags History Files Print Site tools+ Options
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License