How do you test whether a number is a prime number? Trial division is in use since antiquity and is easy to understand. This is the process of dividing the number in question by each prime number that is smaller than it. If a smaller factor is found, then it is not a prime number (i.e. is a composite number). If no smaller factors can be found, then the number is a prime numbers. However numbers routinely used in encryption algorithms today have hundreds or even thousands of decimal digits. Factoring such large numbers is really a hard problem. If we just want to know whether a number is prime or not, the answer can be obtained very quickly. In this post we showcase a calculation that can be used for checking whether a whole number is prime or composite without actually finding any factor. This method is based on a theorem of Fermat and can be implemented using the fast powering algorithm.
The author of a recent article came across the following 204-digit number that he incorrectly asserted as a prime number.
It turns out that showing the number is composite is not difficult. The idea is what can be called the Fermat-2 test: if is a prime number, then , meaning that is divisible by , or equivalently the remainder is 1 when is divided by . Using the fast powering algorithm, the exponentiation modulo is turned into a series of squarings and multiplying. The result is that where is the following 203-digit number:
If were a prime number, then modulo is 1. But modulo is clearly not 1. Therefore must be composite. We do not show the steps that produce the 203-digit number . In carrying out the square-and-multiply algorithm, there are 676 squarings and 327 multiplications. The process runs quickly when it is implemented on a computer. In the next example, we work a small example to illustrate how the fast powering algorithm works.
Let’s do a smaller example to demonstrate the idea of the Fermat-2 test and the calculation of the fast powering algorithm (also called the square-and-multiply algorithm). Consider the number 55289. Is it a prime number?
We show that . So 55289 is not a prime (otherwise would be 1 modulo 55289). To show , the first step is to express the exponent 55288 in its binary expansion.
Step 2 is to perform a series of 15 squarings (15 is the highest power of 2 in the binary expansion of the exponent 55288). Step 3 is to perform a series of multiplications. Both steps are shown in the following table.
Example 2 Results
The column for squaring starts with 2, the base of the exponentiation . Each number in that column is the square of the preceding number and is reduced modulo 55289. The numbers with asterisks refer to the positions that are 1s in the binary expansion of 55288. The third column shows the multiplications of the numbers with asterisks in the second column.
Consider the following 309-digit number:
This example is an RSA number called RSA-1024. It is a 1024-bit (309-digit in decimal). It is a product of two prime numbers and thus is not a prime number. Indeed, where is RSA-1024 and is the following number:
Clearly, RSA-1024 does not pass the Fermat-2 test and is thus a composite number. Yet RSA-1024 has not yet been factored. It is not expected to be factored in decades to come barring a dramatic breakthrough in computing technology. This example points to the principle on which the RSA cryptosystem is based, that
It is relatively easy to decide whether or not a number is prime. But it is hard to find the prime factors of a given composite number.
In short, primality testing is easy while factoring is hard. In any case, the examples of RSA-1024 and other RSA numbers are empirical evidence that factoring is a hard problem.
The Fermat-2 test used here is based on Fermat’s Little Theorem, which is discussed in the next post.