Prime Numbers

174 Chapter 4 PRIMALITY PROVING
Remark. The version of Theorem 4.1.1 above is due to Lehmer. Lucas had
such a result where q runs through all of the proper divisors of n − 1.
The hypothesis (4.1) of the Lucas theorem is not vacuous for prime numbers;
such a number a is called a primitive root, and all primes have them. That is,
if n is prime, the multiplicative group Z∗ n is cyclic; see Theorem 2.2.5. In fact,
each prime n>200560490131 has more than n/(2 ln ln n) primitive roots in
{1, 2,...,n−1}; see Exercise 4.1. (Note: The prime 200560490131 is 1 greater
than the product of the first 11 primes.)
A consequence is that if n>200560490131 is prime, it is easy to find
a number satisfying (4.1) via a probabilistic algorithm. Just choose random
integers a in the range 1 ≤ a ≤ n − 1 until a successful one is found. The
expected number of trials is less than 2 ln ln n.
Though we know no deterministic polynomial-time algorithm for finding a
primitive root for a prime, the principal hindrance in implementing the Lucas
theorem as a primality test is not the search for a primitive root a, but rather
finding the complete prime factorization of n − 1. As we know, factorization is
hard in practice for many numbers. But it is not hard for every number. For
example, consider a search for primes that are 1 more than a power of 2. As
seen in Theorem 1.3.4, such a prime must be of the form Fk =22k+1. Numbers
in this sequence are called Fermat numbers after Fermat, who thought they
were all prime.
In 1877, Pepin gave a criterion similar to the following for the primality
of a Fermat number.
Theorem 4.1.2 (Pepin test). For k ≥ 1, the number Fk =22k+1 is prime
if and only if 3 (Fk−1)/2 ≡−1(modFk).
Proof. Suppose the congruence holds. Then (4.1) holds with n = Fk, a =3,
so Fk is prime by the Lucas Theorem 4.1.1. Conversely, assume Fk is prime.
Since 2k is even, it follows that 22k ≡ 1 (mod 3), so that Fk ≡ 2 (mod 3). But
also Fk ≡ 1 (mod 4), so the Legendre symbol
3 is −1, that is, 3 is not a
Fk
square (mod Fk). The congruence in the theorem thus follows from Euler’s
criterion (2.6). ✷
Actually, Pepin gave his test with the number 5 in place of the number 3 (and
with k ≥ 2). It was noticed by Proth and Lucas that one can use 3. In this
regard, see [Williams 1998] and Exercise 4.5.
As of this writing, the largest Fk for which the Pepin test has been used
is F24. As discussed in Section 1.3.2, this number is composite, and in fact,
so is every other Fermat number beyond F4 for which the character (prime or
composite) has been resolved.
4.1.2 Partial factorization
Since the hardest step, in general, in implementing the Lucas Theorem 4.1.1
as a primality test is coming up with the complete prime factorization of n−1,