Pocklington primality test

In mathematics, the Pocklington–Lehmer primality test is a primality test devised by Henry Cabourn Pocklington[1] and Derrick Henry Lehmer.[2] The test uses a partial factorization of to prove that an integer is prime.

It produces a primality certificate to be found with less effort than the Lucas primality test, which requires the full factorization of .

Pocklington criterion

edit

The basic version of the test relies on the Pocklington theorem (or Pocklington criterion) which is formulated as follows:

Let   be an integer, and suppose there exist natural numbers a and p such that

  (1)
p is prime,   and   (2)
  (3)

Then N is prime.[3] Here   means that after finding the remainder of division by k, i and j are equal;   means that i is a divisor for j; and gcd is the greatest common divisor.

Note: Equation (1) is simply a Fermat primality test. If we find any value of a, not divisible by N, such that equation (1) is false, we may immediately conclude that N is not prime. (This divisibility condition is not explicitly stated because it is implied by equation (3).) For example, let  . With  , we find that  . This is enough to prove that N is not prime.

Proof

Suppose N is not prime. This means there must be a prime q, where   that divides N.

Since  ,  , and since p is prime,  .

Thus there must exist an integer u, a multiplicative inverse of p modulo q−1, with the property that

  (4)

and therefore, by Fermat's little theorem

  (5)

This implies

 ,     by (1) since  
 ,
 ,     by (5)

This shows that q divides the   in (3), and therefore this  ; a contradiction.[3]

Given N, if p and a can be found which satisfy the conditions of the theorem, then N is prime. Moreover, the pair (p, a) constitute a primality certificate which can be quickly verified to satisfy the conditions of the theorem, confirming N as prime.

The main difficulty is finding a value of p which satisfies (2). First, it is usually difficult to find a large prime factor of a large number. Second, for many primes N, such a p does not exist. For example,   has no suitable p because  , and  , which violates the inequality in (2); other examples include   and  .

Given p, finding a is not nearly as difficult.[4] If N is prime, then by Fermat's little theorem, any a in the interval   will satisfy (1) (however, the cases   and   are trivial and will not satisfy (3)). This a will satisfy (3) as long as ord(a) does not divide  . Thus a randomly chosen a in the interval   has a good chance of working. If a is a generator mod N, its order is   and so the method is guaranteed to work for this choice.

Generalized Pocklington test

edit

The above version of Pocklington's theorem is sometimes impossible to apply because some primes   are such that there is no prime   dividing   where  . The following generalized version of Pocklington's theorem is more widely applicable.[5]: Corollary 1 

Theorem: Factor N − 1 as N − 1 = AB, where A and B are relatively prime,  , the prime factorization of A is known, but the factorization of B is not necessarily known.

If for each prime factor p of A there exists an integer   so that

 , and (6)
 , (7)

then N is prime.

Proof

Let p be a prime dividing A and let   be the maximum power of p dividing A. Let q be a prime factor of N. For the   from the corollary set  . This means   and because of   also  .

This means that the order of   is  

Thus,  . The same observation holds for each prime power factor   of A, which implies  .

Specifically, this means  

If N were composite, it would necessarily have a prime factor which is less than or equal to  . It has been shown that there is no such factor, which proves that N is prime.

Comments

edit

The Pocklington–Lehmer primality test follows directly from this corollary. To use this corollary, first find enough factors of N − 1 so the product of those factors exceeds  . Call this product A. Then let B = (N − 1)/A be the remaining, unfactored portion of N − 1. It does not matter whether B is prime. We merely need to verify that no prime that divides A also divides B, that is, that A and B are relatively prime. Then, for every prime factor p of A, find an   which fulfills conditions (6) and (7) of the corollary. If such  s can be found, the Corollary implies that N is prime.

According to Koblitz,   = 2 often works.[3]

Example

edit

Determine whether

 

is prime.

First, search for small prime factors of  . We quickly find that

 .

We must determine whether   and   meet the conditions of the Corollary.  , so  . Therefore, we have factored enough of   to apply the Corollary. We must also verify that  .

It does not matter whether B is prime (in fact, it is not).

Finally, for each prime factor p of A, use trial and error to find an ap that satisfies (6) and (7).

For  , try  . Raising   to this high power can be done efficiently using binary exponentiation:

 
 .

So,   satisfies (6) but not (7). As we are allowed a different ap for each p, try   instead:

 
 .

So   satisfies both (6) and (7).

For  , the second prime factor of A, try  :

 .
 .

  satisfies both (6) and (7).

This completes the proof that   is prime. The certificate of primality for   would consist of the two   pairs (2, 5) and (3, 2).

We have chosen small numbers for this example, but in practice when we start factoring A we may get factors that are themselves so large their primality is not obvious. We cannot prove N is prime without proving that the factors of A are prime as well. In such a case we use the same test recursively on the large factors of A, until all of the primes are below a reasonable threshold.

In our example, we can say with certainty that 2 and 3 are prime, and thus we have proved our result. The primality certificate is the list of  pairs, which can be quickly checked in the corollary.

If our example had included large prime factors, the certificate would be more complicated. It would first consist of our initial round of aps which correspond to the 'prime' factors of A; Next, for each factor of A where primality was uncertain, we would have more ap, and so on for factors of these factors until we reach factors of which primality is certain. This can continue for many layers if the initial prime is large, but the important point is that a certificate can be produced, containing at each level the prime to be tested, and the corresponding aps, which can easily be verified.

Extensions and variants

edit

The 1975 paper by Brillhart, Lehmer, and Selfridge[5] gives a proof for what is shown above as the "generalized Pocklington theorem" as Theorem 4 on page 623. Additional theorems are shown which allow less factoring. This includes their Theorem 3 (a strengthening of an 1878 theorem of Proth):

Let   where p is an odd prime such that  . If there exists an a for which  , but  , then N is prime.

If N is large, it is often difficult to factor enough of   to apply the above corollary. Theorem 5 of the Brillhart, Lehmer, and Selfridge paper allows a primality proof when the factored part has reached only  . Many additional such theorems are presented that allow one to prove the primality of N based on the partial factorization of  ,  ,  , and  .[5][6][7]

References

edit
  • Leonard Eugene Dickson, "History of the Theory of Numbers" vol 1, p 370, Chelsea Publishing 1952
  • Henry Pocklington, "Math. Quest. Educat. Times", (2), 25, 1914, p 43-46 (Mathematical questions and solutions in continuation of the mathematical columns of "the Educational times".)
  1. ^ Pocklington, Henry C. (1914–1916). "The determination of the prime or composite nature of large numbers by Fermat's theorem". Proceedings of the Cambridge Philosophical Society. 18: 29–30. Retrieved 2022-06-22.
  2. ^ D. H. Lehmer (1927). "Tests for primality by the converse of Fermat's theorem". Bull. Amer. Math. Soc. 33 (3): 327–340. doi:10.1090/s0002-9904-1927-04368-3.
  3. ^ a b c Koblitz, Neal (1994). A Course in Number Theory and Cryptography. Graduate Texts in Mathematics. Vol. 144 (2nd ed.). Springer. ISBN 0-387-94293-9.
  4. ^ Roberto Avanzi; Henri Cohen; Christophe Doche; Gerhard Frey; Tanja Lange; Kim Nguyen; Frederik Vercauteren (2005). Handbook of Elliptic and Hyperelliptic Curve Cryptography. Boca Raton: Chapman & Hall/CRC.
  5. ^ a b c Brillhart, John; Lehmer, D. H.; Selfridge, J. L. (April 1975). "New Primality Criteria and Factorizations of 2m ± 1" (PDF). Mathematics of Computation. 29 (130): 620–647. doi:10.1090/S0025-5718-1975-0384673-1. JSTOR 2005583.
  6. ^ Williams, Hugh C.; Holte, R. (July 1978). "Some observations on primality testing". Mathematics of Computation. 32 (143): 905–917. doi:10.2307/2006495. JSTOR 2006495.
  7. ^ The classical tests
edit