%! TEX root = NT.tex % vim: tw=50 % 22/11/2023 10AM Method to find solutions to Pell's equation $X^2 - dY^2 = 1$: Compute the \gls{cfe} of $\sqrt{d}$ as \[ \sqrt{d} = \contf[\acf_0, \rcring{\acf_1, \ldots, \acf_n}] .\] Look at $\frac{p_{n - 1}}{q_{n - 1}}$, the $(n - 1)$-th convergent of $\sqrt{d}$. If $n$ is even, then $p_{n - 1}^2 - dq_{n - 1}^2 = 1$. If $n$ is odd, then $p_{n - 1}^2 - dq_{n - 1}^2 = -1$, but $p_{2n - 1}$, $q_{2n - 1}$ will give a solution. \begin{example*} $d = 6$, $\sqrt{d} = \contf[2, \rcring{2, 4}]$. $n = 2$, $\frac{p_1}{q_1} = 2 + \half = \frac{5}{2}$. $5^2 - 6 \cdot 2^2 = 25 - 24 = 1$. $d = 17$, $4 < \sqrt{17} < 5$, $\acf_0 = 4$, $\theta_1 = \frac{1}{\sqrt{17} - 4} = \frac{\sqrt{17} + 4}{17 - 16} = (\sqrt{17} - 4) + 8$. Then $\acf_1 = 8$, $\theta_2 = \frac{1}{\sqrt{17} - 4} = \theta_1$, so $\sqrt{17} = \contf[4, \rcring{8}]$. So $n = 1$, $\frac{p_0}{q_0} = \frac{4}{1}$, $4^2 - 17 \cdot 1^2 = -1$. $\frac{p_1}{q_1} = 4 + \frac{1}{8} = \frac{33}{8}$. Then $33^2 - 17 \cdot 8^2 = 1$. \end{example*} \begin{remark*} The solutions $(x, y) \in \ZZ^2$ to $x^2 - dy^2 = \pm 1$ correspond to \emph{units} in the ring of integers in $\QQ(\sqrt{d})$ ($\to$ \courseref[Number Fields]{NF}), via the formula \[ (x, y) \leftrightarrow x + \sqrt{d} y .\] You can show that the solutions $(x, y)$ to $x^2 - dy^2 = \pm 1$ are precisely the pairs $\pm (p_{kn - 1}, q_{kn - 1})$, where $k \ge 0$, and $n$ is minimal such that $\sqrt{d} = \contf[\acf_0, \rcring{\acf_1, \ldots, \acf_n}]$ (if $k = 0$, then $(p_{-1}, q_{-1}) = (1, 0)$ gives the trivial solution). \end{remark*} \newpage \section{Primality testing and factorisation} Want to find processes to: \begin{itemize} \item Test whether a given integer $N \in \NN$ is \gls{prime}, \item If $N$ is not \gls{prime}, find a non-trivial factor. \end{itemize} Hope to do these in polynomial-time. Can test primality in polynomial-time. Don't know how to factorise in polynomial-time, but there are algorithms that are much faster than trial division. We'll usually assume $N > 1$ and that $N$ is odd. (Can always divide by powres of $2$ if $N$ is even). Begin by looking at necessary conditions for $N$ to be \gls{prime}. For example: \begin{example*} If $N$ is \gls{prime}, $a \in \ZZ$, $\gcdbrack(a, N) = 1$, then $a^{N - 1} \equiv 1 \pmod{N}$ (\nameref{fermats_little_thm}). For example, if $N = 15$, $a = 2$, then $\gcdbrack(a, N) = 1$, but \[ a^{N - 1} = 2^{14} = (2^4)^3 2^2 \equiv 4 \not\equiv 1 \pmod{15} \] \end{example*} \begin{remark*}[Binary exponentiation] Suppose $a, x, N \in \NN$. Then we can compute $a^x \mod N$ in polynomial-time. Write \[ x = \sum_{i = 0}^k b_i 2^i, \qquad b_i \in \{0, 1\} .\] Compute $a, a^2, a^4 = (a^2)^2, \ldots, a^{2^k} = (a^{2^{k - 1}})^2$. Then \[ a^x = \prod_{i = 0}^k (a^{2^i})^{b_i} .\] \end{remark*} \begin{example*} $N = 91$, $a = 3$. Then $3^{90} = 3^{N - 1} \equiv 1 \pmod{91}$. However, $N = 7 \times 13$ is composite. \end{example*} \begin{flashcard}[fermat-pseudoprime] \begin{definition}[Fermat pseudoprime] % Definition 6.1 \glsnoundefn{ferm_pp}{Fermat pseudoprime}{Fermat pseudoprimes} \cloze{Let $N \in \NN$ be an odd composite integer, $b \in \ZZ$, $\gcdbrack(b, N) = 1$. We say $N$ is a \emph{Fermat pseudoprime to the base $b$} if $b^{N - 1} \equiv 1 \pmod{N}$.} \end{definition} \end{flashcard} \begin{remark*} For fixed $N$, the condition of $N$ being a \gls{ferm_pp} to the base $b$ only depends on $b \mod N$. So it makes sense for $b \in (\ZZ / N\ZZ)^\times$. \end{remark*} \begin{proposition} % Proposition 6.2 \label{ferm_pp_base_subgroup_prop} Let $N \in \NN$ be odd, composite. Then \begin{enumerate}[(1)] \item $\{b \in (\ZZ / N\ZZ)^\times \st \text{$N$ is a \gls{ferm_pp} to the base $b$}\}$ is a subgroup of $(\ZZ / N\ZZ)^\times$. \item If $\exists ~b_0 \in (\ZZ / N\ZZ)^\times$ such that $N$ is not a \gls{ferm_pp} to the base $b_0$ then the same is true for at least half of all $b \in (\ZZ / N\ZZ)^\times$. \end{enumerate} \end{proposition} \begin{proof} \phantom{} \begin{enumerate}[(1)] \item Call this set $H$. We need to show $1 \in H$, and $H$ closed under multiplication (since $(\ZZ / N\ZZ)^\times$ is finite). $1^{N - 1} \equiv 1 \pmod{N}$, so $1 \in H$. If $b_1, b_2 \in H$, then $b_1^{N - 1} \equiv 1 \equiv b_2^{N - 1} \pmod{N}$. So $(b_1 b_2)^{N - 1} \equiv b_1^{N - 1} b_2^{N - 1} \equiv 1 \pmod{N}$. So $b_1 b_2 \in H$. \item $b_0$ exists implies $H \neq (\ZZ / N\ZZ)^\times$. We need to show $\#((\ZZ / N\ZZ)^\times \setminus H) \ge \frac{\#(\ZZ / N\ZZ)^\times}{2}$. We know $\#(\ZZ / N\ZZ)^\times = \#H \cdot [(\ZZ / N\ZZ)^\times : H] \ge 2\#H$. \qedhere \end{enumerate} \end{proof} Idea for primality test: choose $b \in (\ZZ / N\ZZ)^\times$ at random and testing whether $N$ is a \gls{ferm_pp} to the base $b$. \begin{flashcard}[carmichael-defn] \begin{definition}[Carmichael number] % Definition 6.3 \glsnoundefn{carm_num}{Carmichael number}{Carmichael numbers} \cloze{Let $N \in \NN$ be odd and composite. We say $N$ is a \emph{Carmichael number} if it's a \gls{ferm_pp} to every base $b \in (\ZZ / N\ZZ)^\times$.} \end{definition} \end{flashcard} \vspace{-1em} There exist infinitely many \glspl{carm_num}. \begin{flashcard}[euler-pseudoprime-defn] \begin{definition}[Euler pseudoprime] % Definition 6.4 \glsnoundefn{eul_pp}{Euler pseudoprime}{Euler pseudoprimes} \cloze{Let $N \in \NN$ be odd and composite. Let $b \in \ZZ$ with $\gcdbrack(b, N) = 1$. Then we say that $N$ is an \emph{Euler pseudoprime to the base $b$} if \[ b^{\frac{N - 1}{2}} \equiv \jacobi{b}{N} \pmod{N} .\]} \end{definition} \end{flashcard} \vspace{-1em} Recall: If $p$ is an odd \gls{prime}, $\gcdbrack(b, p) = 1$, then $b^{\frac{p - 1}{2}} \equiv \legendre{b}{p} \pmod{p}$ (\nameref{eulers_criterion}). \begin{remark*} If $N $is an \gls{eul_pp} to the base $b$, then it's a \gls{ferm_pp} to the base $b$. This definition makes sense for $b \in (\ZZ / N\ZZ)^\times$, and it's again the case that \[ \{b \in (\ZZ / N\ZZ)^\times \st \text{$N$ is an \gls{eul_pp} to the base $b$}\} \] is a subgroup of $(\ZZ / N\ZZ)^\times$. \end{remark*} \begin{hiddenflashcard}[fakeproof-carmichael-numbers] \begin{theorem} Let $N \in \NN$ be odd, composite. Then there exists $b \in (\ZZ / N\ZZ)^\times$ such that $N$ is not a \gls{ferm_pp} to the base $b$. \end{theorem} \begin{proof} \cloze{This is false. The numbers for which this fails are called \glspl{carm_num}.} \vspace{15em} \phantom{} \end{proof} \end{hiddenflashcard} \begin{flashcard}[non-existence-of-absolute-euler-pseudoprimes-thm] \begin{theorem} % Theorem 6.5 \label{nexists_absolute_eul_pp} Let $N \in \NN$ be odd, composite. Then there exists $b \in (\ZZ / N\ZZ)^\times$ such that $N$ is not an \gls{eul_pp} to the base $b$. \end{theorem} \begin{proof} \cloze{First assume $N$ is squarefree, $N = pN_0$, $p$ \gls{prime}, $N_0 \ge 3$, $p \nmid N_0$. Since $p$ is odd, there exists $u \in \ZZ$ such that $\legendre{u}{p} = -1$. Choose $b \in \ZZ$ such that $b \equiv u \pmod{p}$, $b \equiv 1 \pmod{N_0}$ (using \nameref{CRT}). Then \[ \jacobi{b}{N} = \jacobi{b}{p} \jacobi{b}{N_0} = \legendre{u}{p} \jacobi{1}{N_0} = -1 .\] We know \[ b^{\frac{N - 1}{2}} \equiv 1^{\frac{N - 1}{2}} \equiv 1 \not\equiv -1 \pmod{N_0} .\] So $b^{\frac{N - 1}{2}} \not\equiv \jacobi{b}{N} \pmod{N}$. So $b$ works. Next suppose $N$ is not squarefree, and choose $p$ \gls{prime} such that $p^2 \mid N$. Choose $b \in \ZZ$ such that $b \equiv 1 + p \pmod{p^2}$, $\gcdbrack(b, N) = 1$ (\nameref{CRT}). Then \[ b^{N - 1} \equiv (1 + p)^{N - 1} \equiv 1 + (N - 1)p \equiv 1 - p \not\equiv 1 \pmod{p^2} .\] So $b^{N - 1} \not\equiv 1 \pmod{N}$, so $N$ is not a \gls{ferm_pp} to the base $b$, so certainly not an \gls{eul_pp} to the base $b$.} \end{proof} \end{flashcard}