Fermat Pseudoprime

In number theory, the Fermat pseudoprimes make up the most important class of pseudoprimes that come from Fermat's little theorem.

Definition

Fermat's little theorem states that if $p$ is prime and $a$ is coprime to $p$, then $a^-1$ is divisible by $p$. For a positive integer $a$, if a composite integer $x$ divides $a^-1$ then $x$ is called a Fermat pseudoprime to base $a$.

In other words, a composite integer is a Fermat pseudoprime to base $a$ if it successfully passes the Fermat primality test for the base $a$. The false statement that all numbers that pass the Fermat primality test for base 2 are prime is called the Chinese hypothesis.

The smallest base-2 Fermat pseudoprime is 341. It is not a prime, since it equals 11·31, but it satisfies Fermat's little theorem: $2^ \equiv 1 (\bmod)$ and thus passes the
Fermat primality test for the base 2.

Pseudoprimes to base 2 are sometimes called Sarrus numbers, after P. F. Sarrus who discovered that 341 has this property, Poulet numbers, after P. Poulet who made a table of such numbers, or Fermatians .

A Fermat pseudoprime is often called a pseudoprime, with the modifier Fermat being understood.

An integer $x$ that is a Fermat pseudoprime for all values of $a$ that are coprime to $x$ is called a Carmichael number.

Properties

Distribution

There are infinitely many pseudoprimes to any given base $a > 1$. In 1904, Cipolla showed how to produce an infinite number of pseudoprimes to base $a > 1$: let $A = (a^p-1)/(a-1)$ and let $B = (a^p+1)/(a+1)$, where $p$ is a prime number that does not divide $a(a^2-1)$. Then $n= AB$ is composite, and is a pseudoprime to base $a$. For example, if $a=2$ and $p=5$, then $A=31$, $B=11$, and $n=AB=341$ is a pseudoprime to base $2$.

In fact, there are infinitely many strong pseudoprimes to any base greater than 1 (see Theorem 1 of
) and infinitely many Carmichael numbers, but they are comparatively rare. There are three pseudoprimes to base 2 below 1000, 245 below one million, and 21853 less than 25·10⁹. There are 4842 strong pseudoprimes base 2 and 2163 Carmichael numbers below this limit (see Table 1 of ).

Starting at 17·257, the product of consecutive Fermat numbers is a base-2 pseudoprime, and so are all Fermat composites and Mersenne composites.

The probability of a composite number n passing the Fermat test approaches zero for $n \to\infty$. Specifically, Kim and Pomerance showed the following: The probability that a random odd number $n \le x$ is a Fermat pseudoprime to a random base 1 is less than 2.77·10⁻⁸ for x= 10¹⁰⁰, and is at most (log x)⁻¹⁹⁷<10^−10,000 for x≥10^100,000.

Factorizations

The factorizations of the 60 Poulet numbers up to 60787, including 13 Carmichael numbers (in bold), are in the following table.

A Poulet number all of whose divisors ''d'' divide 2^''d'' − 2 is called a super-Poulet number. There are infinitely many Poulet numbers which are not super-Poulet Numbers.

Smallest Fermat pseudoprimes

The smallest pseudoprime for each base ''a'' ≤ 200 is given in the following table; the colors mark the number of prime factors. Unlike in the definition at the start of the article, pseudoprimes below ''a'' are excluded in the table. (For that to allow pseudoprimes below ''a'', see )

List of Fermat pseudoprimes in fixed base ''n''

For more information (base 31 to 100), see to , and for all bases up to 150, se
table of Fermat pseudoprimes (text in German)
this page does not define ''n'' is a pseudoprime to a base congruent to 1 or −1 (mod ''n'')

Bases ''b'' for which ''n'' is a Fermat pseudoprime

If composite $n$ is even, then $n$ is a Fermat pseudoprime to the trivial base $b \equiv 1 \pmod n$.
If composite $n$ is odd, then $n$ is a Fermat pseudoprime to the trivial bases $b \equiv \pm 1 \pmod n$.

For any composite $n$, the ''number'' of distinct bases $b$ modulo $n$, for which $n$ is a Fermat pseudoprime base $b$, is

:$\prod_^k \gcd(p_i - 1, n - 1)$
where $p_1, \dots, p_k$ are the distinct prime factors of $n$. This includes the trivial bases.

For example, for $n = 341 = 11 \cdot 31$, this product is $\gcd(10, 340) \cdot \gcd(30, 340) = 100$. For $n = 341$, the smallest such nontrivial base is $b = 2$.

Every odd composite $n$ is a Fermat pseudoprime to at least two nontrivial bases modulo $n$ unless $n$ is a power of 3.

For composite ''n'' < 200, the following is a table of all bases ''b'' < ''n'' which ''n'' is a Fermat pseudoprime. If a composite number ''n'' is not in the table (or ''n'' is in the sequence ), then ''n'' is a pseudoprime only to the trivial base 1 modulo ''n''.

For more information (''n'' = 201 to 5000), see (Table of pseudoprimes 16–4999). Unlike the list above, that page excludes the bases 1 and ''n''−1. When ''p'' is a prime, ''p''² is a Fermat pseudoprime to base ''b'' if and only if ''p'' is a Wieferich prime to base ''b''. For example, 1093² = 1194649 is a Fermat pseudoprime to base 2, and 11² = 121 is a Fermat pseudoprime to base 3.

The number of the values of ''b'' for ''n'' are (For ''n'' prime, the number of the values of ''b'' must be ''n'' − 1, since all ''b'' satisfy the Fermat little theorem)
:1, 1, 2, 1, 4, 1, 6, 1, 2, 1, 10, 1, 12, 1, 4, 1, 16, 1, 18, 1, 4, 1, 22, 1, 4, 1, 2, 3, 28, 1, 30, 1, 4, 1, 4, 1, 36, 1, 4, 1, 40, 1, 42, 1, 8, 1, 46, 1, 6, 1, ...

The least base ''b'' > 1 which ''n'' is a pseudoprime to base ''b'' (or prime number) are
:2, 3, 2, 5, 2, 7, 2, 9, 8, 11, 2, 13, 2, 15, 4, 17, 2, 19, 2, 21, 8, 23, 2, 25, 7, 27, 26, 9, 2, 31, 2, 33, 10, 35, 6, 37, 2, 39, 14, 41, 2, 43, 2, 45, 8, 47, 2, 49, 18, 51, ...

The number of the values of ''b'' for a given ''n'' must divide $\varphi$(''n''), or (''n'') = 1, 1, 2, 2, 4, 2, 6, 4, 6, 4, 10, 4, 12, 6, 8, 8, 16, 6, 18, 8, 12, 10, 22, 8, 20, 12, 18, 12, 28, 8, 30, 16, 20, 16, 24, 12, 36, 18, 24, 16, 40, 12, 42, 20, 24, 22, 46, 16, 42, 20, ... The quotient can be any natural number, and the quotient = 1 if and only if ''n'' is a prime or a Carmichael number (561, 1105, 1729, 2465, 2821, 6601, 8911, 10585, 15841, ... ) The quotient = 2 if and only if ''n'' is in the sequence: 4, 6, 15, 91, 703, 1891, 2701, 11305, 12403, 13981, 18721, ... .)

The least numbers which are pseudoprime to ''k'' values of ''b'' are (or 0 if no such number exists)
:1, 3, 28, 5, 66, 7, 232, 45, 190, 11, 276, 13, 1106, 0, 286, 17, 1854, 19, 3820, 891, 2752, 23, 1128, 595, 2046, 0, 532, 29, 1770, 31, 9952, 425, 1288, 0, 2486, 37, 8474, 0, 742, 41, 3486, 43, 7612, 5589, 2356, 47, 13584, 325, 9850, 0, ... (if and only if ''k'' is even and not totient of squarefree number, then the ''k''th term of this sequence is 0.)

Weak pseudoprimes

A composite number ''n'' which satisfies $b^n \equiv b \pmod n$ is called a weak pseudoprime to base ''b''. For any given base ''b'', all Fermat pseudoprimes are weak pseudoprimes, and all weak pseudoprimes coprime to ''b'' are Fermat pseudoprimes. However, this definition also permits some pseudoprimes which are ''not'' coprime to ''b''. For example, the smallest even weak pseudoprime to base 2 is 161038 (see ).

The least weak pseudoprime to bases ''b'' = 1, 2, ... are:
:4, 341, 6, 4, 4, 6, 6, 4, 4, 6, 10, 4, 4, 14, 6, 4, 4, 6, 6, 4, 4, 6, 22, 4, 4, 9, 6, 4, 4, 6, 6, 4, 4, 6, 9, 4, 4, 38, 6, 4, 4, 6, 6, 4, 4, 6, 46, 4, 4, 10, ...

Carmichael numbers are weak pseudoprimes to all bases, thus all terms in this list are less than or equal to the smallest Carmichael number, 561. Except for 561 = 3⋅11⋅17, only semiprimes can occur in the above sequence. Not all semiprimes less than 561 occur; a semiprime ''pq'' (''p'' ≤ ''q'') less than 561 occurs in the above sequences if and only if ''p'' − 1 divides ''q'' − 1 (see ). The least Fermat pseudoprime to base ''b'' (also not necessary exceeding ''b'') () is ''usually'' semiprime, but not always; the first counterexample is (648) = 385 = 5 × 7 × 11.

If we require ''n'' > ''b'', the least weak pseudoprimes (for ''b'' = 1, 2, ...) are:
:4, 341, 6, 6, 10, 10, 14, 9, 12, 15, 15, 22, 21, 15, 21, 20, 34, 25, 38, 21, 28, 33, 33, 25, 28, 27, 39, 36, 35, 49, 49, 33, 44, 35, 45, 42, 45, 39, 57, 52, 82, 66, 77, 45, 55, 69, 65, 49, 56, 51, ...

Euler–Jacobi pseudoprimes

Another approach is to use more refined notions of pseudoprimality, e.g. strong pseudoprimes or Euler–Jacobi pseudoprimes, for which there are no analogues of Carmichael numbers. This leads to probabilistic algorithms such as the Solovay–Strassen primality test, the Baillie–PSW primality test, and the Miller–Rabin primality test, which produce what are known as industrial-grade primes. Industrial-grade primes are integers for which primality has not been "certified" (i.e. rigorously proven), but have undergone a test such as the Miller–Rabin test which has nonzero, but arbitrarily low, probability of failure.

Applications

The rarity of such pseudoprimes has important practical implications. For example, public-key cryptography algorithms such as RSA require the ability to quickly find large primes. The usual algorithm to generate prime numbers is to generate random odd numbers and test them for primality. However, deterministic primality tests are slow. If the user is willing to tolerate an arbitrarily small chance that the number found is not a prime number but a pseudoprime, it is possible to use the much faster and simpler Fermat primality test.

References

External links

*W. F. Galway and Jan Feitsma
Tables of pseudoprimes to base 2 and related data
(comprehensive list of all pseudoprimes to base 2 below 2⁶⁴, including factorization, strong pseudoprimes, and Carmichael numbers)

{{Pierre de Fermat

Pseudoprimes
Asymmetric-key algorithms