%! TEX root = NT.tex
% vim: tw=50
% 24/11/2023 10AM

By \cref{nexists_absolute_eul_pp}, we deduce that
\[ \{b \in (\ZZ / N\ZZ)^\times \st \text{$N$ is an
\gls{eul_pp} to the base $b$}\} \]
is a proper subgroup of $(\ZZ / N\ZZ)^\times$. In
particular, its complement contains at least half
of the $b \in (\ZZ / N\ZZ)^\times$ (by the same
argument as in \cref{ferm_pp_base_subgroup_prop}).

This all forms the basis for the Soloray-Strassen
probabilistic primality test:

Steps:
\begin{enumerate}[(1)]
  \setcounter{enumi}{-1}
  \item Start with $N \in \NN$ odd, $N > 1$.
  \item Choose $b$ at random with $1 < b < N$.
    Test $\gcdbrack(b, N) = 1$. If not, then $N$ is
    composite, and stop.
  \item Otherwise, test if $b^{\frac{N - 1}{2}}
    \equiv \jacobi{b}{N} \pmod{N}$. (Compute
    $\LHS$ by repeated squaring, $\RHS$ using
    \nameref{law_qr_jac}). If not, then $N$ is
    composite.
  \item If $b^{\frac{N - 1}{2}} \equiv
    \jacobi{b}{N} \pmod{N}$, then either $N$ is
    \gls{prime}, or $N$ is an \gls{eul_pp} to the
    base $b$.
\end{enumerate}
If we get to Step 3, then $N$ is composite with
probability $\le \half$. If we carry out the whole
procedure $k \ge 1$ times, then either we will
prove that $N$ is composite, or we will know that
$N$ is \gls{prime} with probability $\ge 1 -
\frac{1}{2^k}$.

We can refine this further.

Suppose $p$ is an odd \gls{prime}, $a \in \ZZ$,
$\gcdbrack(a, p) = 1$. Then $a^{p - 1} \equiv 1
\pmod{p}$, hence $a^{\frac{p - 1}{2}} \equiv \pm 1
\pmod{p}$ (as $p$ is \gls{prime}).

If $a^{\frac{p
- 1}{2}} \equiv 1 \pmod{p}$ and $4 \mid p - 1$,
then $a^{\frac{p - 1}{4}} \equiv \pm 1 \pmod{p}$.

If $a^{\frac{p - 1}{4}} \equiv 1 \pmod{p}$ and $8
\mid p - 1$, then $a^{\frac{p - 1}{8}} \equiv \pm
1 \pmod{p}$.

\begin{flashcard}[strong-test-defn]
\begin{definition}[Strong test]
  % Definition 6.6
  \glsnoundefn{str_test}{strong test}{N/A}%
  \glsnoundefn{str_pp}{strong pseudoprime}{strong
  pseudoprimes}%
  \cloze{Let $N \in \NN$, odd, $N > 1$. Factor $N - 1 =
  2^s t$, $t$ odd, $s \ge 1$. Let $b \in \ZZ$,
  $\gcdbrack(b, N) = 1$. Then we say $N$ passes
  the \emph{strong test} to the base $b$ if either
  $b^t \equiv 1 \pmod{N}$ or if $b^{2^r t} \equiv
  -1 \pmod{N}$ for some $0 \le r < s$.

  If $N$ is composite and passes the strong test
  to the base $b$, then we say that $N$ is a
  \emph{strong pseudoprime} to the base $b$.
  }
\end{definition}
\end{flashcard}

\begin{example*}
  $N = 65$, $b = 8$. Then $N - 1 = 2^6$. Need to
  test whether: $b^1 \equiv 1 \pmod{p}$ or
  $b^{2^i} \equiv -1 \pmod{p}$ for some $0 \le i <
  6$.

  $8 \not\equiv 1 \pmod{65}$, but $8^2 \equiv -1
  \pmod{65}$. Therefore $65$ is a \gls{str_pp} to
  the base $8$.

  Now take $N = 65$, $b = 2$. Need to test
  whether: $2 \equiv 1 \pmod{N}$ or if $2^{2^{i}}
  \equiv -1 \pmod{N}$ for some $0 \le i < 6$.
  \begin{align*}
    2
    &\not\equiv \pm 1 \pmod{N} \\
    2^2
    &= 4
    \not\equiv -1 \pmod{N} \\
    2^{2^2}
    &= 16
    \not\equiv -1 \pmod{N} \\
    2^{2^3}
    &= 16^2 = 4 \times 8^2 \equiv -4
    \not\equiv -1 \pmod{N} \\
    2^{2^4}
    &= (-4)^2 \equiv 16
    \not\equiv -1 \pmod{N} \\
    2^{2^5}
    &= (16)^2 \equiv 4
    \not\equiv -1 \pmod{N}
  \end{align*}
  Hence $65$ does not pass the \gls{str_test} to
  the base $2$.
\end{example*}

\begin{remark*}
  If $N$ is a \gls{str_pp} to the base $b$, then
  it's also an \gls{eul_pp} to the base $b$.
\end{remark*}
\vspace{-1em}

You can show that if $N \in \NN$ is odd and
composite, then it's a \gls{str_pp} to at most
$\quarter$ of bases $b \in (\ZZ / N\ZZ)^\times$.
This leads to the Miller-Rabin probabilistic
primality test.
\begin{enumerate}[(1)]
  \item Choose $1 < b < N$ at random, and test if
    $\gcdbrack(b, N) = 1$.
  \item If $\gcdbrack(b, N) = 1$, test to see if
    $N$ passes the \gls{str_test} to the base $b$.
  \item If it doesn't pass, then $N$ is composite.
    If it does pass, then $N$ is composite with
    probability $\le \quarter$.
\end{enumerate}
If we assume the generalised Riemann hypothesis,
then we can use the strong test to get a
deterministic polynomial-time primality test.

\begin{theorem}
  % Theorem 6.7
  Assume Generalised Riemann Hypothesis. Let $N \in
  \NN$ be odd and composite. Then there exists $b
  \in \NN$, $b < 2(\log N)^2$, such that $N$ is
  not a \gls{str_pp} to the base $b$.
\end{theorem}
\vspace{-1em}

So, assuming Generalised Riemann Hypothesis, can
prove $N$ is \gls{prime} / composite by carrying
out \gls{str_test} for all $b < 2(\log N)^2$.

There is an unconditional (not assuming any
unproved conjectures) polynomial-time
primality test: the Agrawal-Kayal-Saxena test.
This is harder to implement than the
\gls{str_test}.

We now discuss factorisation. Suppose $N \in \NN$
is odd and composite. Say $N = ab$, $a > b > 1$.
Then $N = \left( \frac{a + b}{2} \right)^2 -
\left( \frac{a - b}{2} \right)^2$.

Conversely, if $N = r^2 - s^2$, where $r, s \in
\NN$, $r > s + 1$, then $N = (r + s)(r - s)$ is a non-trivial
factorisation.

This leads to Fermat factorisation: Assume $N$ is
not a perfect square.

Then test each of $r = \lfloor \sqrt{N}
\rfloor + 1, \lfloor \sqrt{N}
\rfloor + 2, \lfloor \sqrt{N}
\rfloor + 3, \ldots$ to see if $r^2 - N$ is
a perfect square, say $r^2 - N = s^2$, $s \in
\NN$.

If $r = \frac{a + b}{2}$, then $r > \sqrt{ab} =
\sqrt{N}$. So this will find the factorisation $N
= ab$, and after at most $\frac{a - b}{2}$ steps.
This is useful if we know that $N = ab$ has a
factorisation where $|a - b|$ is small.

\begin{example*}
  $N = 200819$. $\lfloor \sqrt{200819} \rfloor =
  448$. $449^2 - N = 782$ (not a square). But
  $450^2 = 1681 = 41^2$. So $N = 200819 = (450 +
  41)(450 - 41) = 491 \times 409$.
\end{example*}