Download Wilson`s Theorem and Fermat`s Theorem

7-27-2006
Wilson’s Theorem and Fermat’s Theorem
• Wilson’s theorem says that p is prime if and only if (p − 1)! = −1 (mod p).
• Fermat’s theorem says that if p is prime and p 6 | a, then ap−1 = 1 (mod p).
• Wilson’s theorem and Fermat’s theorem can be used to reduce large numbers with respect to a give
modulus and to solve congruences. They are also used to prove other results in number theory — for
example, those used in cryptographic applications.
Lemma. Let p be a prime and let 0 < k < p. k 2 = 1 (mod p) if and only if k = 1 or k = p − 1.
Proof. If k = 1, then k 2 = 1 (mod p). If k = p − 1, then
k 2 = p2 − 2p + 1 = 1 (mod p) .
Conversely, suppose k 2 = 1 (mod p). Then
p | k 2 − 1 = (k − 1)(k + 1),
and since p is prime, p | k − 1 or p | k + 1. The only number in {1, . . . , p − 1} which satisfies p | k − 1 is 1,
and the only number in {1, . . . , p − 1} which satisfies p | k + 1 is p − 1.
Theorem. (Wilson’s theorem) Let p > 1. p is prime if and only if
(p − 1)! = −1 (mod p) .
Proof. Suppose p is prime. If k ∈ {1, . . . , p − 1}, then k is relatively prime to p. So there are integers a and
b such that
ak + bp = 1, or ak = 1 (mod p) .
Reducing a mod p, I may assume a ∈ {1, . . . , p − 1}.
Thus, every element of {1, . . . , p − 1} has a reciprocal mod p in this set. The preceding lemma shows
that only 1 and p − 1 are their own reciprocals. Thus, the elements 2, . . . , p − 2 must pair up into pairs
{x, x−1}. It follows that their product is 1. Hence,
(p − 1)! = 1 · 2 · · · (p − 2) · (p − 1) = 1 · 1 · (p − 1) = p − 1 = −1 (mod p) .
Now suppose (p − 1)! = −1 (mod p). I want to show p is prime. Begin by rewriting the equation as
(p − 1)! + 1 = kp.
Suppose p = ab. I may take 1 ≤ a, b ≤ p. If a = p, the factorization is trivial, so suppose a < p. Then
a | (p − 1)! (since it’s one of {1, . . . , p − 1}) and a | p, so (p − 1)! + 1 = kp shows a | 1. Therefore, a = 1.
This proves that the only factorization of p is the trivial one, so p is prime.
Example. Wilson’s theorem implies that the product of any ten consecutive numbers, none divisible by 11,
equals −1 mod 11 (since any ten consecutive numbers reduce mod 11 to {1, 2, . . . , 10}. For example,
12 · 13 · · · 20 · 21 = −1 (mod 11) .
1
Example. Find the least nonnegative residue of 70! (mod 5183).
Note that 5183 = 71 · 73. I’ll start by finding the residues of 70! mod 71 and 73.
By Wilson’s theorem,
70! = −1 (mod 71) .
Next, let k = 70! (mod 73). Then
71 · 72 · k = 70! · 71 · 72 (mod 73) ,
(−2)(−1)k = 72! (mod 73) ,
2k = −1 (mod 73) .
Note that 2 · 37 = 74 = 1 (mod 73). So
37 · 2k = 37 · (−1) (mod 73) ,
k = −37 = 36 (mod 73) .
Thus,
70! = −1 (mod 71)
and 70! = 36 (mod 73) .
I’ll the the iterative method of the Chinese Remainder Theorem to get a congruence mod 5183. First,
70! = −1 (mod 71) means 70! = −1 + 71a for some a ∈ Z. Plugging this into the second congruence yields
−1 + 71a = 36 (mod 73) ,
71a = 37 (mod 73) ,
−2a = 37 (mod 73) ,
(−37)(−2a) = (−37)(37) (mod 73) ,
a = −1369 = 18 (mod 73) .
The last congruence means that a = 18 + 73b for some b ∈ Z. Plugging this into 70! = −1 + 71a gives
70! = −1 + 71(18 + 73b) = 1277 + 5183b,
or
70! = 1277 (mod 5183) .
Theorem. (Fermat’s Theorem) Let p be prime, and suppose p 6 | a. Then ap−1 = 1 (mod p).
Proof. The idea is to show that the integers
a, 2a, . . . , (p − 1)a
reduce mod p to the standard system of residues {1, . . . , p − 1}, then apply Wilson’s theorem.
There are p − 1 numbers in the set {a, 2a, . . . , (p − 1)a}. So all I need to do is show that they’re distinct
mod p. Suppose that 1 ≤ j, k ≤ p − 1, and
aj = ak (mod p) .
This means p | aj − ak = a(j − k), so p | a or p | j − k. Since the first case is ruled out by assumption,
p | j − k. But since 1 ≤ j, k ≤ p − 1, this is only possible if j = k.
Thus, {a, 2a, . . . , (p − 1)a} are p − 1 distinct numbers mod p. So if I reduce mod p, I must get the
numbers in {1, . . . , p − 1}. Hence,
a · 2a · · · (p − 1)a = 1 · 2 · · · (p − 1) = (p − 1)! = −1 (mod p) .
2
On the other hand, another application of Wilson’s theorem shows that
a · 2a · · · (p − 1)a = ap−1 (p − 1)! = −ap−1 (mod p) .
So −ap−1 = −1 (mod p), or ap−1 = 1 (mod p).
Corollary. If p is prime, then ap = a (mod p) for all a.
Proof. If p | a, then ap = 0 (mod p) and a = 0 (mod p), so ap = a (mod p).
If p 6 | a, then ap−1 = 1 (mod p). Multiplying by a, I get ap = a (mod p) again.
Example. Compute 50250 (mod 83).
One way is to multiply out 50250; Mathematica tells me it is
52714787526044456024726519219225572551424023323922008641517022
09078987540239533171017648022222644649987502681255357847020768
63325972445883937922417317167855799198150634765625000000000000
00000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000000000000000000000000
0000000000000000000000000000000000000000000000000000
Now just reduce mod 83. Heh.
If you don’t have Mathematica, maybe you should use Fermat’s theorem. 83 6 | 50, so Fermat says
5082 = 1 (mod 83). Now 3 · 82 = 246, so
50250 = 50246 · 504 = (5082 )3 · 25002 = 13 · 102 = 100 = 17 (mod 83) .
In other words, if you’re trying to reduce ak mod p, where p 6 | a, factor out as many ap−1 ’s as possible,
then reduce the rest “by hand”.
Example. Solve 16x = 25 (mod 41).
I’d like to multiply both sides by the reciprocal of 16 mod 41. What is it? Well, I could use the Euclidean
algorithm on (16, 41), or I could do a multiplication table mod 41. A simpler approach is to note that by
Fermat, 1640 = 1 (mod 41). Hence,
1639 · 16x = 1639 · 25 (mod 41)
gives
x = 1639 · 25 (mod 41) .
Now this is an answer, but a rather cheesy one. I ought to reduce the right side mod 41 to something
a little smaller! I can’t use Fermat any more, so I just “divide and conquer”.
162 = 256 = 10 (mod 41), so
1639 · 25 = (162 )19 · (16 · 25) = 1019 · 400 = 1019 · 31 (mod 41) .
Now 102 = 100 = 18 (mod 41), so
1019 · 31 = (102 )9 · (10 · 31) = 189 · 310 = 189 · 23 (mod 41) .
182 = 324 = 37 (mod 41), so
189 · 23 = (182 )4 · (18 · 23) = 374 · 414 = 1874161 · 414 = 10 · 4 = 40 (mod 41) .
(I reduce down to the point where the arithmetic can be handled by whatever computational tools I
have available.)
c 2006 by Bruce Ikenaga
3
7-26-1998
Pseudoprimes and Mersenne primes
If is prime, the little Fermat theorem implies that
p
2p = 2 (mod )
p :
The ancient Chinese thought for empirical reasons that the converse was true: j 2p ; 2 implies is
prime. For instance,
213 ; 2 = 8190 = 13 630
and 13 is indeed prime. Unfortunately, the result is not true in general.
p
p
Example. Since 11 6 j 2, little Fermat implies 210 = 1 (mod 11). Therefore,
2340 = 1 (mod 11)
2341 = 2 (mod 11)
:
Next, 231 = 2 (mod 31), so
(231)11 = 211 = 2 (25 )2 = 2 322 = 2 12 = 2 (mod 31)
:
That is, 2341 = 2 (mod 31).
Now 11 and 31 are prime, so 2341 = 2 (mod 341). However, 341 = 11 31 isn't prime.
2341 is
4479489484355608421114884561136888556243290994469299
069799978201927583742360321890761754986543214231552
Imagine trying to do this without congruences!
Denition. Let be a positive composite number, 0. is a pseudoprime to the base if
n = (mod )
In other words, j n ; . The Chinese case above was = 2.
n
b >
b
n
b
n
b
b
n :
b
b
Example. 341 is a pseduprime to the base 2.
Example. (Mersenne primes) The -th Mersenne number is
k = 2k ; 1
k
M
If k is prime, it is a Mersenne prime.
Claim: If k is prime, then is prime.
Suppose k is prime and = , where
:
M
M
k
M
k
ab
a b >
1. Now
2k ; 1 = 2ab ; 1 = (2a )b ; 1 = (2a ; 1) (2a )b;1 + (2a )b;2 + + 2a + 1
;
This is a proper factorization of k . This contradiction establishes the claim.
M
1
:
Mersenne thought the converse was true: If is prime, then k is prime. However,
k
M
211 ; 1 = 2047 = 23 89
:
Hence, Mersenne's conjecture is false. However, 244497 ; 1 is prime, so you can sometimes come up with
large primes this way.
Proposition. If is prime, then k is a pseudoprime to the base 2.
Proof. Since k = 2k ; 1, 2k = 1 (mod k ). Suppose is prime. Then
2k = 2 (mod )
j 2k ; 2 2k ; 2 = for some
k
M
M
M
k k
k
kj
Then
j:
(2k )j = 1 (mod k ) 2kj = 1 (mod k ) 22 ;2 = 1 (mod k )
22k;1 = 2 (mod k ) 2Mk = 2 (mod k )
This proves that k is a pseudoprime to the base 2.
Question. Are there innitely many Mersenne primes? Note that the even perfect numbers are exactly the
numbers of the form 2p;1 (2p ; 1), where 2p ; 1 is a Mersenne prime. So the existence of innitely many
Mersenne primes would imply the existence of innitely many even perfect numbers.
M
M
M
k
M
M
c 1996 by Bruce Ikenaga
M
2
:
7-27-2006
Euler’s Theorem
• If n is a positive integer, φ(n) is the number of integers in the range {1, . . . , n} which are relatively
prime to n. φ is called the Euler phi-function.
• Euler’s theorem generalizes Fermat’s theorem to the case where the modulus is not prime. It says
that if n is a positive integer and (a, n) = 1, then aφ(n) = 1 (mod n).
Question: How can you generalize the little Fermat theorem to the case where the modulus is composite?
Idea: The key point of the proof of Fermat’s theorem was that if p is prime, {1, 2, . . . , p − 1} are relatively
prime to p.
This suggests that in the general case, it might be useful to look at the numbers less than the modulus
n which are relatively prime to n. This motivates the following definition.
Definition. The Euler φ-function is the function on positive integers defined by
φ(n) = (the number of integers in {1, 2, . . ., n − 1} which are relatively prime to n).
Example. φ(24) = 8, because there are eight positive integers less than 24 which are relatively prime to 24:
1, 5, 7, 11, 13, 17, 19, 23
On the other hand, φ(11) = 10, because all of the numbers in {1, . . . , 10} are relatively prime to 11.
Here’s a graph of φ(n):
5000
4000
3000
2000
1000
1000
2000
3000
4000
5000
You can see that the function jumps around a little, but the data points are bounded above by the line
y = x. A point will be nearly on this line whenever n is prime, and since there are infinitely many primes,
there will always be points near it.
Later, I’ll derive a formula for computing φ(n) in terms of the prime factorization of n.
Remarks.
1
1. If p is prime, φ(p) = p − 1.
This is clear, because all of the numbers {1, . . . , p − 1} are relatively prime to p.
2. φ(n) counts the elements in {1, 2, . . ., n − 1} which are invertible mod n.
For (a, n) = 1 if and only if ax = 1 (mod n) for some x. (For people who know some abstract
algebra, φ(n) is the order of the group of units Z∗n .)
Definition. A reduced residue system mod n is a set of numbers
a1 , a2 , . . . , aφ(n)
such that:
(a) If i 6= j, then ai 6= aj (mod n). That is, the a’s are distinct mod n.
(b) For each i, (ai , n) = 1. That is, all the a’s are relatively prime to n.
Thus, a reduced residue system contains exactly one representative for each number relatively prime
to n. Compare this to a complete residue system mod n, which contains exactly one representative to
every number mod n.
Example. {1, 5, 7, 11} is a reduced residue system mod 12. So if {−11, 17, 31, −1}.
On the other hand, {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11} is a complete residue system mod 12.
Lemma. Let φ(n) = k, and let {a1 , . . . , ak } be a reduced residue system mod n.
(a) For all m, {a1 + mn, . . . , ak + mn} is a reduced residue system mod n.
(b) If (m, n) = 1, {ma1 , . . . , mak } is a reduced residue system mod n.
Proof. (a) This is clear, since ai = ai + mn (mod n) for all i.
(b) Since (m, n) = 1, I may find x such that mx = 1 (mod n). Since (ai , n) = 1, so I may find bi such that
ai bi = 1 (mod n). Then (xbi )(ami ) = (mx)(ai bi ) = 1 (mod n), which proves that ami is invertible mod n.
Hence, (ami , n) = 1 — the ma’s are relatively prime to n.
Now if mai = maj (mod n), then xmai = xmaj (mod n), or ai = aj (mod n). Since the a’s were
distinct mod n, this is only possible of i = j. Hence, the ma’s are also distinct mod n.
Therefore, {ma1 , . . . , mak } is a reduced residue system mod n.
Corollary. Let φ(n) = k, and let {a1 , . . . , ak } be a reduced residue system mod n. Suppose (s, n) = 1, and
let t be any integer. Then
{sa1 + tn, sa2 + tn, . . . , sak + tn}
is a reduced residue system mod n.
Example. {1, 5} is a reduced residue system mod 6. Adding 12 = 2· 6 to each number, I get {13, 17}, another
reduced residue system mod 6.
Since (6, 25) = 1, I may multiply the original system by 25 to obtain {25, 125}, another reduced residue
system.
Finally, {25 + 12, 125 + 12} = {37, 137} is yet another reduced residue system mod 12.
2
Theorem. (Euler’s Theorem) Let n > 0, (a, n) = 1. Then
aφ(n) = 1 (mod n) .
Remark. If n is prime, then φ(n) = n − 1, and Euler’s theorem says an−1 = 1 (mod n): the little Fermat
theorem.
Proof. Let φ(n) = k, and let {a1 , . . . , ak } be a reduced residue system mod n. I may assume that the ai ’s
lie in the range {1, . . . , n − 1}.
Since (a, n) = 1, {aa1 , . . . , aak } is another reduced residue system mod n. Since this is the same set of
numbers mod n as the original system, the two systems must have the same product mod n:
(aa1 ) · · · (aak ) = a1 · · · ak (mod n) ,
ak (a1 · · · ak ) = a1 · · · ak (mod n) .
−1
Now each ai is invertible mod n, so multiplying both sides by a−1
1 · · · ak , I get
ak = 1 (mod n) ,
or
aφ(n) = 1 (mod n) .
Example. φ(40) = 16, and (9, 40) = 1. Hence, 916 = 1 (mod 40) — surely not an obvious fact!
Likewise, 2116 = 1 (mod 40).
You can also use Euler’s theorem to compute modular powers. Suppose I want to find 33100 (mod 40).
Mathematica tells me that 33100 is
710221782186656322963163299396543086278510372299267862649156272
39769472510693096283702513561865297732677687859060633131423168
375418697393542687445968001
I probably don’t want to do this by hand!
Euler’s theorem says that 3316 = 1 (mod 40). So
33100 = 3396 · 334 = (3316 )6 · 10892 = 92 = 81 = 1 (mod 40) .
Example. Solve 15x = 7 (mod 32).
Note that (15, 32) = 1 and φ(32) = 16. Therefore, 1516 = 1 (mod 32). Multiply the equation by 1515:
x = 7 · 1515 (mod 32) .
Now
7 · 1515 = 105 · 1514 = 105 · (152 )7 = 105 · 2257 = 9 · 17 = 9 (mod 32) .
So the solution is x = 9 (mod 32).
c 2006 by Bruce Ikenaga
3