In [1]:
from random import sample
from math import sqrt
from collections import Counter

from math116 import gcd, PRIMES

In [2]:
def factor_trial_division(n):
    factorization = Counter()
    for p in range(2, int(sqrt(n))+1):
        while n % p == 0:
            n //= p
            factorization[p] += 1
        if n == 1:
            break
    else:
        factorization[n] += 1
    return factorization


<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


# The (Fermat) pseudoprime test, or “basic” pseudoprime test

## When $n$ *is* prime, $b^{n-1} \equiv 1 \pmod{n}$ for all $b$ (that are coprime to $n$)

In [3]:
factor_trial_division(120)

Counter({2: 3, 3: 1, 5: 1})

### The following works, and shows n is prime, but on such a large number, it's slow

In [4]:
n = 685164018569
factor_trial_division(n)

Counter({685164018569: 1})

### Instead, let's try the Fermat pseudoprime test with a few bases...

In [5]:
pow(2, n-1, n)

1

In [6]:
pow(3, n-1, n)

1

In [7]:
pow(5, n-1, n)

1

In [8]:
pow(7, n-1, n)

1

In [9]:
pow(11, n-1, n)

1

### Since they all gave us 1, n is *probably* prime

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


# The (Fermat) pseudoprime test, or “basic” pseudoprime test

## When $n$ *is not* prime, $b^{n-1} \pmod{n}$ will *usually* not be $1$

In [10]:
# Here's a way you can generate a number that is a product of two primes, and will be pretty large (8 digits)
p, q = sample(PRIMES[180:], 2)
n = p * q
n

8435249

### Here's an example of using the Fermat pseudoprime test to show that a number is *composite*

In [11]:
n = 10387693

In [12]:
pow(2, n-1, n)

5955546

<br>
<br>
<br>
<br>
<br>


In [13]:
factor_trial_division(n)

Counter({3217: 1, 3229: 1})

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


# The Miller–Rabin test, or “strong” pseudoprime test

## A first example: $n = 561$

In [14]:
n = 561

In [15]:
pow(2, n - 1, n)

1

In [16]:
560 == 35 * 2**4

True

In [17]:
a0 = pow(2, 35, n)
a0

263

In [18]:
a1 = a0**2 % n
a1

166

In [19]:
a2 = a1**2 % n
a2

67

In [20]:
a3 = a2**2 % n
a3

1

Note that $a_2 \not\equiv \pm 1 \pmod{n}$, but $a_2^2 \equiv 1 \pmod{n}$. So that means we should get a nontrivial factor of $n$ from $\gcd(a_2 - 1, n)$ (and also from $\gcd(a_2 + 1, n)$. 

In [21]:
gcd(67 - 1, n)

33

In [22]:
gcd(67 + 1, n)

17

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


## An interesting example: $n = 1099201$

First, note that with base $3$, the basic Fermat pseudoprime test would imply that $n$ is *probably* prime. 

In [23]:
n = 1099201
pow(3, n-1, n)

1

<br>
<br>
<br>
<br>
<br>


In [24]:
(n - 1) / 64

17175.0

In [25]:
q = 17175
n - 1 == q * 2**6

True

In [26]:
a0 = pow(3, q, n)
a0

59294

In [27]:
a1 = a0 * a0 % n
a1

533638

In [28]:
a2 = a1 * a1 % n
a2

611175

In [29]:
a3 = a2 * a2 % n
a3

1

In [30]:
611175 == n - 1

False

But the Miller–Rabin (strong) pseudoprime test, with the same base $3$, not only proves $n$ is composite, but actually gives us a nontrivial factor of $n$. 

In [31]:
gcd(a2 - 1, n)

4561

In [32]:
gcd(a2 + 1, n)

241

In [33]:
base = 3
a = pow(base, q, n)
for i in range(6 + 1):
    print(f"i = {i}: {base}^({2**i}*q) = {a}   (mod n)")
    a = a * a % n


i = 0: 3^(1*q) = 59294   (mod n)
i = 1: 3^(2*q) = 533638   (mod n)
i = 2: 3^(4*q) = 611175   (mod n)
i = 3: 3^(8*q) = 1   (mod n)
i = 4: 3^(16*q) = 1   (mod n)
i = 5: 3^(32*q) = 1   (mod n)
i = 6: 3^(64*q) = 1   (mod n)


In [34]:
factor_trial_division(n)

Counter({241: 1, 4561: 1})

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


# The Miller–Rabin test, or “strong” pseudoprime test

## Another interesting example: $n = 251521$

In [35]:
n = 251521
base = 5

In [36]:
(n - 1) / 128

1965.0

In [39]:
q = 1965
k = 7
n - 1 == q * 2**k

True

In [40]:
a = pow(base, q, n)
for i in range(k + 1):
    print(f"i = {i}: {base}^(q*{2**i}) = {a}   (mod n)")
    a = a * a % n


i = 0: 5^(q*1) = 12073   (mod n)
i = 1: 5^(q*2) = 126670   (mod n)
i = 2: 5^(q*4) = 9747   (mod n)
i = 3: 5^(q*8) = 180592   (mod n)
i = 4: 5^(q*16) = 251520   (mod n)
i = 5: 5^(q*32) = 1   (mod n)
i = 6: 5^(q*64) = 1   (mod n)
i = 7: 5^(q*128) = 1   (mod n)


This time (with base $5$), the strong pseudoprime test doesn't give us any new information, because $a_4 \equiv -1 \pmod{n}$, so when $a_5 \equiv 1 \pmod{n}$, we don't get a nontrivial factor of $n$. 

So, as far as we can tell, $n$ is *probably* prime..........

<br>
<br>
<br>
<br>
<br>


However, testing $n$ with a different base ($b = 2$), even with the basic Fermat pseudoprime test, proves that $n$ is composite. 

In [41]:
pow(2, n-1, n)

40547

<br>
<br>
<br>
<br>
<br>


In [42]:
base = 2
a = pow(base, q, n)
for i in range(k + 1):
    print(f"i = {i}: {base}^(q*{2**i}) = {a}   (mod n)")
    a = a * a % n


i = 0: 2^(q*1) = 48682   (mod n)
i = 1: 2^(q*2) = 106262   (mod n)
i = 2: 2^(q*4) = 80391   (mod n)
i = 3: 2^(q*8) = 132307   (mod n)
i = 4: 2^(q*16) = 35212   (mod n)
i = 5: 2^(q*32) = 137935   (mod n)
i = 6: 2^(q*64) = 9701   (mod n)
i = 7: 2^(q*128) = 40547   (mod n)


<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>

<br>
<br>
<br>
<br>
<br>


### If anyone is interested... 

Here's the (completely BFI$^*$) method that I used to generate the examples above randomly. 

$^*$ BFI = “Brute Force and Ignorance”

In [44]:
found = False
while not found:
    p, q = sample(PRIMES[1:], 2)
    n = p*q
    exp = 1
    oddpart = (n - 1) // 2
    while oddpart % 2 == 0:
        exp += 1
        oddpart //= 2
    for base in [2, 3, 5, 7]:
        a0 = pow(base, oddpart, n)
        a_list = [pow(a0, 2**i, n) for i in range(exp + 1)]
        if a_list[-1] == 1 and n - 1 not in a_list: # First type of example
        #if n - 1 in a_list: # Last type of example
            print(f"n = {n}, base {base}: {a_list}")
            found = True
            break


n = 229633, base 7: [217444, 228803, 1, 1, 1, 1, 1, 1, 1]
