Week 5 Monday

Week 5 Monday#

Screenshare notes#

Deepnote notebook#

from sympy import nextprime, isprime, factorint

The Fermat Primality Test#

(And why it’s inadequate.)

n = 5459

a = 2

pow(a, n-1, n) # Much better than pow(a, n-1)%n

Because 517 is not 1 mod n, this proves definitively that 5459 is composite. a=2 is a witness to the compositeness of 5459.

# We don't see any zeros, so this wasn't enough divisions to prove compositeness.
for a in range(2, 50):
    print(a, n%a)

n1 = nextprime(5000)
n1

pow(2, n1-1, n1)

pow(3, n1-1, n1)

for j in range(2, 150):
    print(j, pow(j, n1, n1))

Don’t use the phrase “witness” in this context, we only use “witness” when something is proven. These results don’t prove that n1 is prime.

10 minute break until 10:10am#

# Back to n
n

# Proved n was composite
pow(2, n-1, n)

Notice: we proved n was composite without finding a prime divisor (or any nontrivial divisor) of n. Your intuition should be that proving a number is composite is much easier (much faster, can be done much more efficiently) than finding a nontrivial divisor.

Think:

gcd and modular exponentiation (pow(a,b,c)) are very fast
primality testing is pretty fast, but not as fast as gcd and fast powering
Factoring and discrete logs are very slow to compute

Major flaw with the Fermat primality test#

n2 = 340561

pow(2, n2-1, n2)

pow(3, n2-1, n2)

for j in range(2, 13):
    print(j, pow(j, n2-1, n2))

# Notice a^(p-1) = 1 mod p, also have a^p = a mod p (this second one, no constraints on a), when p is prime
# these results scream "prime"
for j in range(2, 150):
    print(j, pow(j, n2, n2))

# Let's use `isprime` from sympy to confirm that n2 is indeed prime
isprime(n2)

False

n2

factorint(n2)

{13: 1, 17: 1, 23: 1, 67: 1}

13*17*23*67

Major flaw with the Fermat primality test: there exist composite numbers n, called Carmichael numbers, such that the only values of a which witness the compositeness of n are values of a such that gcd(a,n) > 1

pow(13, n2-1, n2)

Finding a Fermat witness for a Carmichael number is no easier than finding a nontrivial divisor of that Carmichael number.

The smallest Carmichael number is 561. It has been proved there are infinitely many Carmichael numbers.

for j in range(2, 150):
    print(j, pow(j, n2-1, n2))

for j in range(2, 150):
    print(j, n2%j)

The Miller-Rabin Primality Test#

# Carmichael number
n = 340561

a = 2

pow(a, n-1, n)

n-1

pow(a, (n-1)/2, n)

---------------------------------------------------------------------------
TypeError                                 Traceback (most recent call last)
Cell In [31], line 1
----> 1 pow(a, (n-1)/2, n)

TypeError: pow() 3rd argument not allowed unless all arguments are integers

type((n-1)/2)

float

(n-1)/2

170280.0

(n-1)%2

# Forces the output to be an integer
# Only use this `//` if you know the number is divisible
(n-1)//2

pow(a, (n-1)//2, n)

pow(a, (n-1)//4, n)

pow(140232, 2, n)

\(140232^2 \equiv 1 \bmod n\) So we have \((140232^2 - 1^2) \equiv 0 \bmod n\) So \(n\) divides \((140232 - 1)(140232 + 1)\)

from math import gcd

gcd(n, 140232 - 1)

n%20033

Our very first choice of a, a = 2, was a witness to the compositeness of n.

Created in Deepnote