Pocklington primality test explained

In mathematics, the Pocklington - Lehmer primality test is a primality test devised by Henry Cabourn Pocklington^[1] and Derrick Henry Lehmer.^[2] The test uses a partial factorization of

N-1

to prove that an integer

is prime.

It produces a primality certificate to be found with less effort than the Lucas primality test, which requires the full factorization of

N-1

Pocklington criterion

The basic version of the test relies on the Pocklington theorem (or Pocklington criterion) which is formulated as follows:

Let

N>1

be an integer, and suppose there exist natural numbers and such that

Then is prime.^[3] Here

i\equivj\pmod{k}

means that after finding the remainder of division by k, i and j are equal;

i\vertj

means that i is a divisor for j; and gcd is the greatest common divisor.

Note: Equation is simply a Fermat primality test. If we find any value of, not divisible by, such that equation is false, we may immediately conclude that is not prime. (This divisibility condition is not explicitly stated because it is implied by equation .) For example, let

N=35

. With

a=2

, we find that

a^N-1\equiv9\pmod{N}

. This is enough to prove that is not prime.

Suppose is not prime. This means there must be a prime, where

q\le\sqrt{N}

that divides .

Since

p>\sqrtN-1\geq-1

p>q-1

, and since is prime,

\gcd{(p,q-1)}=1

Thus there must exist an integer, a multiplicative inverse of modulo, with the property that

and therefore, by Fermat's little theorem

This implies

1 \equiva^N-1\pmod{q}

, by since

q\vertN

\equiv(a^N-1)^u\equiva^u(N-1)\equiva^up((N-1)/p)\equiv(a^up)^(N-1)/p\pmod{q}

\equiva^(N-1)/p\pmod{q}

, by This shows that divides the

\gcd

in , and therefore this

\gcd\ne1

; a contradiction.

Given, if and can be found which satisfy the conditions of the theorem, then is prime. Moreover, the pair constitute a primality certificate which can be quickly verified to satisfy the conditions of the theorem, confirming as prime.

The main difficulty is finding a value of which satisfies . First, it is usually difficult to find a large prime factor of a large number. Second, for many primes, such a does not exist. For example,

N=17

has no suitable because

N-1=2⁴

, and

p=2<\sqrt{N}-1

, which violates the inequality in ; other examples include

N=19,37,41,61,71,73,

and

Given, finding is not nearly as difficult.^[4] If is prime, then by Fermat's little theorem, any in the interval

1\leqa\leqN-1

will satisfy (however, the cases

a=1

and

a=N-1

are trivial and will not satisfy). This will satisfy as long as ord does not divide

(N-1)/p

. Thus a randomly chosen in the interval

2\leqa\leqN-2

has a good chance of working. If is a generator mod, its order is and so the method is guaranteed to work for this choice.

Generalized Pocklington test

The above version of Pocklington's theorem is sometimes impossible to apply because some primes

are such that there is no prime

dividing

N-1

where

p>\sqrt{N}-1

. The following generalized version of Pocklington's theorem is more widely applicable.^[5]

Theorem: Factor as, where and are relatively prime,

A>\sqrt{N}

, the prime factorization of is known, but the factorization of is not necessarily known.

If for each prime factor of there exists an integer

a_p

so that

then N is prime.

Let be a prime dividing and let

p^e

be the maximum power of dividing .Let be a prime factor of . For the

a_p

from the corollary set

b\equiv

	(N-1)/p^e
a
	p

\pmod{q}

. This means

	p^e
b

\equiv

	N-1
a
	p

\equiv1\pmod{q}

and because of

	(N-1)/p
\gcd{(a
	p

-1,N)}=1

also

	p^e-1
b

\equiv

	(N-1)/p
a
	p

\not\equiv1\pmod{q}

This means that the order of

b\pmod{q}

p^e

Thus,

p^e\vert(q-1)

. The same observation holds for each prime power factor

p^e

of A,which implies

A\vert(q-1)

Specifically, this means

q>A\ge\sqrt{N}.

If were composite, it would necessarily have a prime factor which is less than or equal to

\sqrt{N}

. It has been shown that there is no such factor, which proves that is prime.

Comments

The Pocklington–Lehmer primality test follows directly from this corollary.To use this corollary, first find enough factors of so the product of those factors exceeds

\sqrt{N}

.Call this product .Then let be the remaining, unfactored portion of . It does not matter whether is prime.We merely need to verify that no prime that divides also divides, that is, that and are relatively prime.Then, for every prime factor of, find an

a_p

which fulfills conditions and of the corollary.If such

a_p

s can be found, the Corollary implies that is prime.

According to Koblitz,

a_p

= 2 often works.

Example

Determine whether

N=27457

is prime.

First, search for small prime factors of

N-1

.We quickly find that

N-1=2⁶ ⋅ 3 ⋅ B=192 ⋅ B

.We must determine whether

A=192

and

B=(N-1)/A=143

meet the conditions of the Corollary.

A²=36864>N

, so

A>\sqrt{N}

.Therefore, we have factored enough of

N-1

to apply the Corollary.We must also verify that

\gcd{(A,B)}=1

It does not matter whether is prime (in fact, it is not).

Finally, for each prime factor of, use trial and error to find an that satisfies and .

For

p=2

, try

a₂=2

.Raising

a₂

to this high power can be done efficiently using binary exponentiation:

	N-1
a
	2

\equiv2²⁷⁴⁵⁶\equiv1\pmod{27457}

	(N-1)/2
\gcd{(a
	2

-1,N)}=\gcd{(2¹³⁷²⁸-1,27457)}=27457

So,

a₂=2

satisfies but not . As we are allowed a different for each, try

a₂=5

instead:

	N-1
a
	2

\equiv5²⁷⁴⁵⁶\equiv1\pmod{27457}

	(N-1)/2
\gcd{(a
	2

-1,N)}=\gcd{(5¹³⁷²⁸-1,27457)}=1

a₂=5

satisfies both and .

For

p=3

, the second prime factor of, try

a₃=2

	N-1
a
	3

\equiv2²⁷⁴⁵⁶\equiv1\pmod{27457}

	(N-1)/3
\gcd{(a
	3

-1,N)}=\gcd{(2⁹¹⁵²-1,27457)}=1

a₃=2

satisfies both and .

This completes the proof that

N=27457

is prime.The certificate of primality for

N=27457

would consist of the two

(p,a_p)

pairs (2, 5) and (3, 2).

We have chosen small numbers for this example, but in practice when we start factoring we may get factors that are themselves so large their primality is not obvious. We cannot prove is prime without proving that the factors of are prime as well. In such a case we use the same test recursively on the large factors of, until all of the primes are below a reasonable threshold.

In our example, we can say with certainty that 2 and 3 are prime, and thus we have proved our result. The primality certificate is the list of

(p,a_p)

pairs, which can be quickly checked in the corollary.

If our example had included large prime factors, the certificate would be more complicated. It would first consist of our initial round of s which correspond to the 'prime' factors of ; Next, for each factor of where primality was uncertain, we would have more, and so on for factors of these factors until we reach factors of which primality is certain. This can continue for many layers if the initial prime is large, but the important point is that a certificate can be produced, containing at each level the prime to be tested, and the corresponding s, which can easily be verified.

Extensions and variants

The 1975 paper by Brillhart, Lehmer, and Selfridge gives a proof for what is shown above as the "generalized Pocklington theorem" as Theorem 4 on page 623. Additional theorems are shown which allow less factoring. This includes their Theorem 3 (a strengthening of an 1878 theorem of Proth):

Let

N-1=mp

where is an odd prime such that

2p+1>\sqrtN

. If there exists an for which

a^(N-1)/2\equiv-1\pmod{N}

, but

a^m/2\not\equiv-1\pmod{N}

, then is prime.

If is large, it is often difficult to factor enough of

N-1

to apply the above corollary. Theorem 5 of the Brillhart, Lehmer, and Selfridge paper allows a primality proof when the factored part has reached only

(N/2)^1/3

. Many additional such theorems are presented that allow one to prove the primality of based on the partial factorization of

N-1

N+1

N²+1

, and

N²\pmN+1

.^[6] ^[7]

References

Leonard Eugene Dickson, "History of the Theory of Numbers" vol 1, p 370, Chelsea Publishing 1952
Henry Pocklington, "Math. Quest. Educat. Times", (2), 25, 1914, p 43-46 (Mathematical questions and solutions in continuation of the mathematical columns of "the Educational times".)

External links

Chris Caldwell, "Primality Proving 3.1: n-1 tests and the Pepin's tests for Fermats" at the Prime Pages.
Chris Caldwell, "Primality Proving 3.2: n+1 tests and the Lucas-Lehmer test for Mersennes" at the Prime Pages.

Notes and References

Henry C. . Pocklington . Henry Cabourn Pocklington . The determination of the prime or composite nature of large numbers by Fermat's theorem. Proceedings of the Cambridge Philosophical Society. 18. 1914–1916. 29–30. 2022-06-22.
D. H. Lehmer . Derrick Henry Lehmer . Tests for primality by the converse of Fermat's theorem . Bull. Amer. Math. Soc. . 33. 3. 1927. 327–340 . 10.1090/s0002-9904-1927-04368-3. free.
Book: Koblitz, Neal . Neal Koblitz . A Course in Number Theory and Cryptography . 2nd . Springer . 1994 . Graduate Texts in Mathematics . 144 . 0-387-94293-9.
Book: Roberto Avanzi . Henri Cohen . Christophe Doche . Gerhard Frey . . Kim Nguyen . Frederik Vercauteren . Handbook of Elliptic and Hyperelliptic Curve Cryptography . Chapman & Hall/CRC . Boca Raton . 2005 .
John . Brillhart . John Brillhart . D. H. . Lehmer . Derrick Henry Lehmer . J. L. . Selfridge . John Selfridge . New Primality Criteria and Factorizations of 2^m ± 1 . Mathematics of Computation . 29 . 130 . April 1975 . 620–647 . 2005583 . 10.1090/S0025-5718-1975-0384673-1 . free .
Hugh C. . Williams . R. . Holte. Some observations on primality testing . Mathematics of Computation . July 1978 . 32 . 143 . 905–917 . 2006495 . 10.2307/2006495 . free.
https://primes.utm.edu/prove/prove3.html The classical tests