Fermat primality test
The Fermat primality test is a probabilistic test to determine whether a number is probable prime.
Concept
Fermat's little theorem states that if p is prime and , then
If we want to test whether p is prime, then we can pick random a's in the interval and see whether the equality holds. If the equality does not hold for a value of a, then p is composite. If the equality does hold for many values of a, then we can say that p is probable prime.
It might be in our tests that we do not pick any value for a such that the equality fails. Any a such that
when n is composite is known as a Fermat liar. Vice versa, in this case n is called Fermat pseudoprime to base a.
If we do pick an a such that
then a is known as a Fermat witness for the compositeness of n.
Example
Suppose we wish to determine whether n = 221 is prime. Randomly pick 0 < a < 221, say a = 38. We check the above equality and find that it holds:
Either 221 is prime, or 38 is a Fermat liar, so we take another a, say 24:
So 221 is composite and 38 was indeed a Fermat liar.
Algorithm and running time
The algorithm can be written as follows:
- Inputs: n: a value to test for primality; k: a parameter that determines the number of times to test for primality
- Output: composite if n is composite, otherwise probably prime
- Repeat k times:
- Pick a randomly in the range [1, n − 1]
- If , then return composite
- If composite is never returned: return probably prime
Using fast algorithms for modular exponentiation, the running time of this algorithm is O(k × log2n × log log n × log log log n), where k is the number of times we test a random a, and n is the value we want to test for primality.
Flaw
There are infinitely many values of (known as Carmichael numbers) for which all values of for which are Fermat liars. While Carmichael numbers are substantially rarer than prime numbers,[1] there are enough of them that Fermat's primality test is often not used in the above form. Instead, other more powerful extensions of the Fermat test, such as Baillie-PSW, Miller-Rabin, and Solovay-Strassen are more commonly used.
In general, if is not a Carmichael number then at least half of all
are Fermat witnesses. For proof of this, let be a Fermat witness and , , ..., be Fermat liars. Then
and so all for are Fermat witnesses.
Applications
In practice the Fermat test is combined with other primality tests to generate a random number, which is prime with sufficiently high probability. GNU Privacy Guard uses a combination of trial division by small prime numbers, then a Fermat test and finally a Miller-Rabin test to test for primality.[2] Similar approaches are used by PGP and OpenSSL.
References
- Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, Clifford Stein (2001). "Section 31.8: Primality testing". Introduction to Algorithms (Second Edition ed.). MIT Press; McGraw-Hill. p. 889–890. ISBN 0-262-03293-7.
- ↑ Erdös' upper bound for the number of Carmichael numbers is lower than the prime number function n/log(n)
- ↑ http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=blob;f=cipher/primegen.c;h=9f6ec7055977163681838803a4f298235c1ab8c2;hb=HEAD#l852
|