CS255
Chris Pollett
Apr 18, 2022
Theorem. If `p` is an odd prime, and `e ge 1`, then the equation `x^2 equiv 1 (mod p^e)` has only two solutions, `x = 1` and `x = -1`.
Proof. Let `n = p^e`. Theorem (#) implies `ZZ_n^star` has a generator `g`. So the above equation can be rewritten as `g^((i\n\d(x))2) equiv g^(i\n\d(1)) mod n`. Note `i\n\d(1) = 0`, so Theorem (##) implies this is equation is equivalent to `2 cdot i\n\d(x) equiv 0 mod phi(n)`, a modular linear equation we can solve. We know `phi(n) = p^e(1- 1/p) = (p-1)p^(e-1)`. If `d` is `gcd(2, phi(n))`, then `d=2` (as if `p` is odd, `2` divides `p-1`) and `d | 0`. So we know this equation has two solutions, which we can compute using our algorithm or by inspection as `1` and `-1`.
Corollary. If there exists a nontrivial square root of `1` modulo `n`, then `n` is composite.
Which of the following statements is true?
Witness(a,n) 1 let n - 1 = 2^t*u, where t >= 1 and u is odd 2 x_0 = Modular-Exponentiation(a, u, n) 3 for i = 1 to t: 4 x_i = (x_(i-1))^2 mod n 5 if x_i = 1 and x_(i-1) != 1 and x_(i-1) != n-1: 6 return true 7 if x_t != 1: 8 return true 9 return false
Miller-Rabin(n, s) 1 for j = 1 to s 2 a = Random(1, n - 1) 3 if Witness(a, n): 4 return "Composite" 5 return "Prime"
Exp-Mod(a, x, n) c := (Exp-Mod(a, floor(x/2), n))^2 mod n if x is even return c; else return a * c mod n;
Exp-Mod(3, 560, 561) = (Exp-Mod(3, 280, 561))^2 mod 561 = ((Exp-Mod(3, 140, 561))^2 mod 561)^2 mod 561 = (((Exp-Mod(3, 70, 561))^2 mod 561)^2 mod 561)^2 mod 561 = ((((Exp-Mod(3, 35, 561))^2 mod 561)^2 mod 561)^2 mod 561)^2 mod 561 Let c = Exp-Mod(3, 35, 561) then c= = 3 * (Exp-Mod(3, 17, 561))^2 mod 561 = 3 * (3 * (Exp-Mod(3, 8, 561))^2 mod 561)^2 mod 561 ... to save writing we note Exp-Mod(3, 8, 561) = 3^4 * 3^4 = 81*81 = 390 mod 561 = 3 * (3 * (390)^2 mod 561)^2 mod 561 = 3 * (207 mod 561) ^2 mod 561 = 78 mod 561 Plugging in for c in the above = ((((c)^2 mod 561)^2 mod 561)^2 mod 561)^2 mod 561 = (((474)^2 mod 561)^2 mod 561)^2 mod 561 = ((276)^2 mod 561)^2 mod 561 = 441^2 mod 561 = 375 mod 561.
Theorem. If `n` is composite, then the number of witnesses to compositeness is at least `(n-1)/2`.
Proof. We show the number of non-witnesses is at most `(n-1)/2`. First, any non-witness must be in `ZZ_n^(star)` as it must satisfy `a^(n-1) equiv 1 mod n`, i.e., `a cdot a^(n-2) equiv 1 mod n`; thus, it has an inverse. So we know `gcd(a,n) | 1` and hence `gcd(a, n) = 1`. Next we show that all non-witnesses are contained in a proper subgroup of `ZZ_n^(star)`. This implies the Theorem. There two cases to consider: