### Warmup Test

<p>
    Given an integer, how can we tell if $n$ is prime?
</p>

### 1. The Fermat Test

- Theoretical basis: Based on Fermat's Theorem, if $n$ is prime, then for any $a$, we have $a^{n-1}=1(mod\;n)$.
- Method: Pick a random $a∈[1,2, ..., n-1]$, then see if it satisfies $a^{n-1}=1(mod\;n)$. If any $a^{n-1}!=1(mod\;)$ found, then $n$ is not a prime. 

### 2. Flaw of the Fermat Test

- Carmichael Numbers: These are composite numbers $n$ for which all values of $a$ with $gcd(a,n)=1$ are Fermat liars. It's thankless to repeat $the\; Fermat\; Test$ for these numbers the same as a random search for factors.
- Limitations: While $Carmichael\; Numbers$ are substantially rarer than prime numbers, there are still enough of them that the Fermat Test is not often used as naively as above.
<br>

- Extensions: If $a$ is not coprime to $n$, then the Fermat test must fail, but in this case we can recover a factor of $n$, by calculating $gcd(a,n)$.

### 3. Carmichael Numbers
- Definition：it's a composite number $n$, for all $b$ which are relative prime to $n$ satisifies the congruence relation $b^{n-1}\equiv 1(mod\;n)$

- Example: 
<p>
    Take $n=561=3\times 11\times 17$. By $Chinese\; Remainder\; Theorem$, $Z_{561}=Z_3\times Z_{11}\times Z_{17}$.<br>
    Each $a\in Z^*_{561}$ corresponds to some $(x,y,z)\in Z^*_3\times Z^*_{11}\times Z^*_{17}$,<br>
    By Fermat's Theorem, $x^2=1,y^{10}=1,z^{16}=1$, since $2,10,6$ are all factors of $560$, this means $(x,y,z)^{560}=(1,1,1)$. <br><br>
    In other words, $a^{560}=1$ for any $a\in Z^*_{561}$ and $a$ is a Carmichael Number.
</p>

### 4. The Miller-Rabin Test

- Prior Knowledge: 
    - $n$ is prime if and only if the solutions of $x^2=1(mod\; n)$ are $x=\pm 1$.
- How to Test:
    - If $n$ pass $a^{n-1}=1$, then we also check $a^{(n-1)/2}=\pm1$, because $a^{(n-1)/2}$ is square root of $1$.
    - Let $n-1=2^sq$, then we have sequence $2^{s_i}q=(q, 2q, ..., 2^sq)$. 
        - Given any $a\in Z^*_n$, if $a^q=1$, then test passed.
        - Otherwise, for any $s_i>0$ from the sequence above satisfying $a^{2^{s_i}q}=1$, if $a^{2^{s_i-1}q}!\pm1$, then $n$ is composite. 
        - Thus, we can iterate $s_i$ from $1$ to $s$, if $a^{2^{s_i}q}$ equals to $1$ occurs befores $-1$, which means $a^{2^{s_i+1}q}=1$ has solutions beyond $\pm1$,so $n$ is composite.

<p>
Tips：
These tests are compositeness tests since they do not prove the input is prime, but rather prove that an input is composite.
</p>

### 5. Example of Miller-Rabin Test
- From Calculation as below:
    - 67 is the "Bad" solution which doesn't pass test.
    - we can find factors of 561 by calculating $gcd(68,561)=17,gcd(66,561)=33=3*11$.

In [18]:
n = 561
a = 2

power = n - 1

s_start = 0
while True:
    if (n-1) % 2 ** (s_start + 1) == 0:
        s_start += 1
    else:
        break
s_max = s_start
print("s is {}\n".format(s_max))

while True:
    if power % 2 > 0:
        print("Test Passed! Power reach mininum value: {}".format(power))
        break
    
    if 2 ** power % 561 == 1:
        print('Test Passed In Current Round!')
        print('Power is: ', power)
        
        power = power // 2
    elif 2 ** power % 561 == 560:
        print('Test Passed! Square root value reaches -1')
        break
    else:
        print('Test Failed!')
        print('Square root value is: {}, Power is {}'.format(2 ** power % 561, power))
        break
    
    print('\n')

s is 4

Test Passed In Current Round!
Power is:  560


Test Passed In Current Round!
Power is:  280


Test Failed!
Square root value is: 67, Power is 140


### Quiz1: 
<p>What happens when we run the Miller-Rabin test on numbers of the form <em>p*q</em>, where <em>p, q</em> are large primes? Can we break RSA with it?</p>

- For $n=p*q$, given $a$, if $a^{p*q-1}=1$ and we can use Miller-Rabin test to factorize $a$.<br>
  Furthermore, correspond $a$ to $(m,n)\in Z_p\times Z_q$, then $a^{p*q-1}$ correspond to $(m^{p*q-1,n^{p*q-1}})$.<br> 
  So we need to find combinations of $(m,n)\in (m^{p*q-1}=m^{q-1}=\pm1,n^{p*q-1}=n^{p-1}=\pm1)$ and $(m,n)\notin\{(1,1),(-1,-1)\}$ to factorize $a$.