Prime Numbers
Prime Numbers Prime Numbers
96 Chapter 2 NUMBER-THEORETICAL TOOLS create F16, the first has the pleasant property that reduction of high powers of x to lower powers is particularly simple: The mod f(x) reduction is realized through the simple rule x 4 = x + 1 (recall that we are in characteristic 2, so that 1 = −1). We may abbreviate typical field elements a0+a1x+a2x 2 +a3x 3 , where each ai ∈{0, 1} by the binary string (a0a1a2a3). We add componentwise modulo 2, which amounts to an “exclusive-or” operation, for example (0111) + (1011) = (1100). To multiply a ∗ b = (0111) ∗ (1011) we can simulate the polynomial multiplication by doing a convolution on the coordinates, first getting (0110001), a string of length 7. (Calling this (c0c1c2c3c4c5c6) wehavecj = i1+i2=j ai1bi2, where the sum is over pairs i1,i2 of integers in {0, 1, 2, 3} with sum j.) To get the final answer, we take any 1 in places 6, 5, 4, in this order, and replace them via the modulo f(x) relation. In our case, the 1 in place 6 gets replaced with 1’s in places 2 and 3, and doing the exclusive-or, we get (0101000). There are no more high-order 1’s to replace, and our product is (0101); that is, we have (0111) ∗ (1011) = (0101). Though this is only a small example, all the basic notions of general field arithmetic via polynomials are present. 2.3 Squares and roots 2.3.1 Quadratic residues We start with some definitions. Definition 2.3.1. For coprime integers m, a with m positive, we say that a is a quadratic residue (mod m) if and only if the congruence x 2 ≡ a (mod m) is solvable for integer x. If the congruence is not so solvable, a is said to be a quadratic nonresidue (mod m). Note that quadratic residues and nonresidues are defined only when gcd(a, m) = 1. So, for example, 0 (mod m) is always a square but is neither a quadratic residue nor a nonresidue. Another example is 3 (mod 9). This residue is not a square, but it is not considered a quadratic nonresidue since 3 and 9 are not coprime. When the modulus is prime the only non-coprime case is the 0 residue, which is one of the choices in the next definition. Definition 2.3.2. For odd prime p, the Legendre symbol a p a = p ⎧ ⎨ 0, if a ≡ 0(modp), 1, ⎩ −1, if a is a quadratic residue (mod p), if a is a quadratic nonresidue (mod p). is defined as
2.3 Squares and roots 97 Thus, the Legendre symbol signifies whether or not a ≡ 0(modp) isasquare (mod p). Closely related, but differing in some important ways, is the Jacobi symbol: Definition 2.3.3. For odd natural number m (whether prime or not), and for any integer a, the Jacobi symbol a m is defined in terms of the (unique) prime factorization m = p ti i as a = m ti a , pi where a a are Legendre symbols, with pi 1 = 1 understood. Note, then, that the function χ(a) = a m , defined for all integers a, isa character modulo m; see Section 1.4.3. It is important to note right off that for composite, odd m, a Jacobi symbol a 2 m can sometimes be +1 when x ≡ a (mod m) is unsolvable. An example is 2 2 2 = =(−1)(−1) = 1, 15 3 5 even though 2 is not, in fact, a square modulo 15. However, if a m = −1, then a is coprime to m and the congruence x2 ≡ a (mod m) is not solvable. And a m =0ifandonlyifgcd(a, m) > 1. It is clear that in principle the symbol a m is computable: One factors m into primes, and then computes each underlying Legendre symbol by exhausting all possibilities to see whether the congruence x2 ≡ a (mod p) is solvable. What makes Legendre and Jacobi symbols so very useful, though, is that they are indeed very easy to compute, with no factorization or primality test necessary, and with no exhaustive search. The following theorem gives some of the beautiful properties of Legendre and Jacobi symbols, properties that make their evaluation a simple task, about as hard as taking a gcd. Theorem 2.3.4 (Relations for Legendre and Jacobi symbols). Let p denote an odd prime, let m, n denote arbitrary positive odd integers (including possibly primes), and let a, b denote integers. Then we have the Euler test for quadratic residues modulo primes, namely a ≡ a p (p−1)/2 (mod p). (2.6) We have the multiplicative relations ab a b = , m m m (2.7) a a a = mn m n (2.8)
- Page 60 and 61: 46 Chapter 1 PRIMES! Vinogradov’s
- Page 62 and 63: 48 Chapter 1 PRIMES! been beyond re
- Page 64 and 65: 50 Chapter 1 PRIMES! prime? What is
- Page 66 and 67: 52 Chapter 1 PRIMES! This kind of c
- Page 68 and 69: 54 Chapter 1 PRIMES! where p runs o
- Page 70 and 71: 56 Chapter 1 PRIMES! While the prim
- Page 72 and 73: 58 Chapter 1 PRIMES! Exercise 1.35.
- Page 74 and 75: 60 Chapter 1 PRIMES! this recreatio
- Page 76 and 77: 62 Chapter 1 PRIMES! so that A3(x)
- Page 78 and 79: 64 Chapter 1 PRIMES! Conclude that
- Page 80 and 81: 66 Chapter 1 PRIMES! implies that
- Page 82 and 83: 68 Chapter 1 PRIMES! the Riemann-Si
- Page 84 and 85: 70 Chapter 1 PRIMES! such sums can
- Page 86 and 87: 72 Chapter 1 PRIMES! Cast this sing
- Page 88 and 89: 74 Chapter 1 PRIMES! 10 10 . The me
- Page 90 and 91: 76 Chapter 1 PRIMES! These numbers
- Page 92 and 93: 78 Chapter 1 PRIMES! Next, as for q
- Page 94 and 95: 80 Chapter 1 PRIMES! (see [Bach 199
- Page 96 and 97: 82 Chapter 1 PRIMES! If one invokes
- Page 98 and 99: 84 Chapter 2 NUMBER-THEORETICAL TOO
- Page 100 and 101: 86 Chapter 2 NUMBER-THEORETICAL TOO
- Page 102 and 103: 88 Chapter 2 NUMBER-THEORETICAL TOO
- Page 104 and 105: 90 Chapter 2 NUMBER-THEORETICAL TOO
- Page 106 and 107: 92 Chapter 2 NUMBER-THEORETICAL TOO
- Page 108 and 109: 94 Chapter 2 NUMBER-THEORETICAL TOO
- Page 112 and 113: 98 Chapter 2 NUMBER-THEORETICAL TOO
- Page 114 and 115: 100 Chapter 2 NUMBER-THEORETICAL TO
- Page 116 and 117: 102 Chapter 2 NUMBER-THEORETICAL TO
- Page 118 and 119: 104 Chapter 2 NUMBER-THEORETICAL TO
- Page 120 and 121: 106 Chapter 2 NUMBER-THEORETICAL TO
- Page 122 and 123: 108 Chapter 2 NUMBER-THEORETICAL TO
- Page 124 and 125: 110 Chapter 2 NUMBER-THEORETICAL TO
- Page 126 and 127: 112 Chapter 2 NUMBER-THEORETICAL TO
- Page 128 and 129: 114 Chapter 2 NUMBER-THEORETICAL TO
- Page 130 and 131: Chapter 3 RECOGNIZING PRIMES AND CO
- Page 132 and 133: 3.1 Trial division 119 d =3; while(
- Page 134 and 135: 3.2 Sieving 121 3.2 Sieving Sieving
- Page 136 and 137: 3.2 Sieving 123 this number’s ent
- Page 138 and 139: 3.2 Sieving 125 noticed that it was
- Page 140 and 141: 3.2 Sieving 127 } S = S \ (pS ∩ [
- Page 142 and 143: 3.3 Recognizing smooth numbers 129
- Page 144 and 145: 3.4 Pseudoprimes 131 } g =gcd(s, x)
- Page 146 and 147: 3.4 Pseudoprimes 133 Theorem 3.4.4.
- Page 148 and 149: 3.5 Probable primes and witnesses 1
- Page 150 and 151: 3.5 Probable primes and witnesses 1
- Page 152 and 153: 3.5 Probable primes and witnesses 1
- Page 154 and 155: 3.5 Probable primes and witnesses 1
- Page 156 and 157: 3.6 Lucas pseudoprimes 143 The Fibo
- Page 158 and 159: 3.6 Lucas pseudoprimes 145 Because
96 Chapter 2 NUMBER-THEORETICAL TOOLS<br />
create F16, the first has the pleasant property that reduction of high powers<br />
of x to lower powers is particularly simple: The mod f(x) reduction is realized<br />
through the simple rule x 4 = x + 1 (recall that we are in characteristic 2, so<br />
that 1 = −1). We may abbreviate typical field elements a0+a1x+a2x 2 +a3x 3 ,<br />
where each ai ∈{0, 1} by the binary string (a0a1a2a3). We add componentwise<br />
modulo 2, which amounts to an “exclusive-or” operation, for example<br />
(0111) + (1011) = (1100).<br />
To multiply a ∗ b = (0111) ∗ (1011) we can simulate the polynomial<br />
multiplication by doing a convolution on the coordinates, first getting<br />
(0110001), a string of length 7. (Calling this (c0c1c2c3c4c5c6) wehavecj =<br />
<br />
i1+i2=j ai1bi2, where the sum is over pairs i1,i2 of integers in {0, 1, 2, 3} with<br />
sum j.) To get the final answer, we take any 1 in places 6, 5, 4, in this order,<br />
and replace them via the modulo f(x) relation. In our case, the 1 in place 6<br />
gets replaced with 1’s in places 2 and 3, and doing the exclusive-or, we get<br />
(0101000). There are no more high-order 1’s to replace, and our product is<br />
(0101); that is, we have<br />
(0111) ∗ (1011) = (0101).<br />
Though this is only a small example, all the basic notions of general field<br />
arithmetic via polynomials are present.<br />
2.3 Squares and roots<br />
2.3.1 Quadratic residues<br />
We start with some definitions.<br />
Definition 2.3.1. For coprime integers m, a with m positive, we say that<br />
a is a quadratic residue (mod m) if and only if the congruence<br />
x 2 ≡ a (mod m)<br />
is solvable for integer x. If the congruence is not so solvable, a is said to be a<br />
quadratic nonresidue (mod m).<br />
Note that quadratic residues and nonresidues are defined only when<br />
gcd(a, m) = 1. So, for example, 0 (mod m) is always a square but is neither<br />
a quadratic residue nor a nonresidue. Another example is 3 (mod 9). This<br />
residue is not a square, but it is not considered a quadratic nonresidue since<br />
3 and 9 are not coprime. When the modulus is prime the only non-coprime<br />
case is the 0 residue, which is one of the choices in the next definition.<br />
Definition 2.3.2. For odd prime p, the Legendre symbol a<br />
p<br />
<br />
a<br />
=<br />
p<br />
⎧<br />
⎨<br />
0, if a ≡ 0(modp),<br />
1,<br />
⎩<br />
−1,<br />
if a is a quadratic residue (mod p),<br />
if a is a quadratic nonresidue (mod p).<br />
is defined as
Change language