Lecture 10: Applications of Fermat's Theorem

Recall Fermat’s Theorem from the lecture 09

If $p$ is prime, $n \in \mathbb{Z}$, then $$ \begin{align*} a^p &\equiv a \bmod p \\ a^{p-1} &\equiv 1 \bmod p \quad \text{when } (a,p)=1 \end{align*} $$

There is another important definition that we also need as follows

The order of $a \bmod p$ is the smallest $n > 0$ with $$ \begin{align*} a^n \equiv 1 \bmod p \end{align*} $$

For example, take $p = 7$, then

$$ \begin{align*} 1 &\equiv 1 \bmod 7 \quad o(a) = 1 \\ 2^3 &\equiv 1 \bmod 7 \quad o(a) = 3 \\ 3^6 &\equiv 1 \bmod 7 \quad o(a) = 6 \end{align*} $$

What about negative powers of $a$? What is $a^{-n}$? well this is just $(a^{-1})^n$. So when can we find the inverse of $a$? We know that the inverse of $a$ will exist only if $(a,p)=1$. This is because we’re trying to solve

$$ \begin{align*} ax \equiv 1 \bmod p \end{align*} $$

This is just $ax = 1 + py$ and this has a solution if $(a,p) = 1$ by Euclid’s algorithm.

Properties of the order of $a \bmod p$

Suppose now that $p$ is prime and $n > 0$. We have two very important results:

If $p$ is prime and $a > 0$, the order of $a \bmod p$ must divide any $n$ such that $a^n \equiv 1\bmod p$.

Proof: Let’s look at all the possible integers $n$ that satisfies this. So consider the set

$$ \begin{align*} S = \{n \in \mathbb{Z} \mid a^n \equiv 1 \bmod p \} \end{align*} $$

$S$ is closed under the addition and subtraction of the exponents since if $a^m \equiv 1 \bmod p$ and $a^n \equiv 1 \bmod p$,

$$ \begin{align*} a^ma^n &= a^{m+n} \equiv 1 \bmod p \\ a^ma^{-n} &= a^{m-n} \equiv 1 \bmod p \end{align*} $$

Therefore, $S$ is an ideal. But we know that any ideal in $\mathbb{Z}$ is a principle ideal so there has to be some smallest integer such that all of these integers are multiples of it. In other words,

$$ \begin{align*} S = (d) = \{kd \mid k \in \mathbb{Z}\} \end{align*} $$

Therefore, $d$ is the order of $a \bmod p$ and for any $n \in S$, we have $n = kd$ for some $k \in \mathbb{Z}$. Thus, $d \mid n$ such that $a^n \equiv 1 \bmod p$. $\ \blacksquare$

The second result is

If $p$ is prime and $a > 0$, the order of $a \bmod p$ must divide any $p-1$.

Proof: So we already established that $d$ divides any $n$ such that $a^n \equiv 1 \bmod p$. Now observe that by Fermat’s theorem

$$ \begin{align*} a^{p-1} \equiv 1 \bmod p \end{align*} $$

So this means that $d$ or the order of $a$ divides $p-1$.

Application

One application of this is the following theorem

Suppose $p$ and $q$ are primes and that $p$ divides $2^{q} - 1$. Then $$ \begin{align*} p &\equiv 1 \bmod q \end{align*} $$

Proof

So we know that $p$ divides $2^q - 1$. This means that

$$ \begin{align*} 2^q - 1 \equiv 0 \bmod p \\ 2^q \equiv 1 \bmod p \end{align*} $$

Therefore, the order of $2$ must divide $q$ by the previous result. But $q$ is prime so the order of $2$ can either be 1 or $q$. However, it can’t be 1 since $2 \not\equiv 1 \bmod p$. So the order of 2 must be $q$. But we also showed using Fermat’s theorem that the order must also divide $p-1$. Therefore, $q$ divides $p - 1$. But this just means

$$ \begin{align*} p - 1 \equiv 0 \bmod q \\ p \equiv 1 \bmod p \end{align*} $$

as we wanted to show. $\ \blacksquare$

Example

Show that $2^{13} - 1$ is prime.

One way to do this, is to iterate through all primes less than $\sqrt{2^{13}} = \sqrt{8191} = 91$ and see if they divide $2^{13}$. This works but there is a faster way. We can use the previous theorem we just proved where if $p$ and $q$ are primes and $p$ divides $2^q - 1$, then $p \equiv 1 \bmod q$. So if $p \mid 2^{13} - 1$, then this means

$$ \begin{align*} p \equiv 1 \bmod 13 \end{align*} $$

Only two primes under $\sqrt{8191} = 91$ satisfy this equation. $p = 53$ and $p = 79$. So just need to check that that neither divide $2^13 = 8191$ and neither does! $\blacksquare$

Fermat Primes

Recall that Fermat Primes are of the form $2^n + 1$. Also recall that if $n$ has an odd factor, then $2^n+1$ is not prime. The reason for this is that $x^{2n+1}+1$ is divisible by $x+1$ since

$$ \begin{align*} x^{2n+1} + 1 = (x+1)(x^{2n} - x^{2n-1} + \cdots + 1) \end{align*} $$

In general if $n = ab$ with $a$ odd. Then,

$$ \begin{align*} 2^{n} + 1 = 2^{ab} + 1 = (2^b)^a + 1 \end{align*} $$

$(2^b)^a + 1$ is divisible by $2^b + 1$. So for $2^n + 1$ to be prime, $n$ needs to be a power of 2. For example, the following are Fermat primes

$$ \begin{align*} 2^1 + 1 = 3, 2^2 + 1 = 5, 2^4 + 1 = 17, 2^8 + 1 = 257, 2^{16} + 1 = 65537 \end{align*} $$

So now we want check the following

Show that $2^{2^n} + 1$ is prime.

As before, we can check all the primes up to $\sqrt{2^{n} + 1}$. But we can use Fermat’s theorem to speed things up. How? Suppose $p$ divides $2^{2^n} + 1$. This just means that

$$ \begin{align*} 2^{2^n} + 1 &\equiv 0 \bmod p \\ 2^{2^n} &\equiv -1 \bmod p \end{align*} $$

Squaring both sides

$$ \begin{align*} 2^{2^{n+1}} &\equiv (-1)^2 \bmod p \\ 2^{2^{n+1}} &\equiv 1 \bmod p \end{align*} $$

So now, let $d$ be the order of $2 \mod p$. $d$ must divide $2^{n+1}$ so $d$ must be some power of 2 less than $2^{n+1}$ so

$$ \begin{align*} d \in \{1,2,4,\cdots,2^n,2^{n+1}\} \end{align*} $$

At the same time, $d$ is the smallest power such that $2^d \equiv 1 \bmod p$ and we also know that

$$ \begin{align*} 2^{2n} \equiv -1 \bmod p \end{align*} $$

So $d$ can’t divide $2^n$. Why? Suppose it did, then we can write $2^n = d \cdot m$. Then

$$ \begin{align*} 2^{2^n} = 2^{d \cdot m} = (2^d)^m \end{align*} $$

But $d$ is the order of 2 so

$$ \begin{align*} 2^{2^n} = (2^d)^m \equiv 1 \bmod p \end{align*} $$

This is a contradiction since $2^{2^n} \equiv -1 \bmod p$. So $d$ must be exactly $2^{2^{n+1}}$. Also by Fermat, we know that

$$ \begin{align*} 2^{p-1} \equiv 1 \bmod p \end{align*} $$

This is because $(2,p) = 1$ and $p$ is prime. Therefore, $d = 2^{n+1}$ divides $p-1$. This means that

$$ \begin{align*} p - 1 \equiv 0 \bmod 2^{n+1} \\ p \equiv 1 \bmod 2^{n+1} \end{align*} $$

This is a strong condition that the prime factors must satisfy. For example, take

$$ \begin{align*} 65537 = 2^{16} + 1 \end{align*} $$

If $p \mid 65537$, then

$$ \begin{align*} p \equiv 1 \quad (\bmod 2^{4+1}=32) \end{align*} $$

and if

$$ \begin{align*} p \not\equiv 1 \bmod 32 \end{align*} $$

Then $p \not\mid 65537$. So we only want to check any prime $p$ less than $\sqrt{65537} < 257$ such that $p \equiv 1 \bmod 32$. If we look at any number that satisfies $p \equiv 1 \bmod 32$, then we get

$$ \begin{align*} 33, 65, 97, 129, 161, 197,225 \end{align*} $$

Some of these are obviously not prime, we only need to check

$$ \begin{align*} 97, 197 \end{align*} $$

So now we can just use long division to verify that 65537 is prime. Neither of these divide 65537 so 65537 is prime.

Example

Is $2^{2^5} + 1 = 2^{32} + 1$ prime?

Euler proved that this is not a prime. Using the condition we proved earlier, suppose that $p \mid 2^{2^5} + 1$. This means that

$$ \begin{align*} p \equiv 1 \bmod 2^{5+1} = 64 \end{align*} $$

So the numbers that satisfy this are

$$ \begin{align*} 65, 129, 193, 257, 321, 385, 449, 513, 577, 641, .... \end{align*} $$

We can cross the numbers divisible by 5 or 3 and get

$$ \begin{align*} 129, 193, 257, 449, 577, 641, .... \end{align*} $$

What Euler discovered is that $641 \mid 2^{2^5} + 1$. How do we check that 641 divides $2^{2^5} + 1$? An easy way is see that

$$ \begin{align*} 2^{16} = 154 \bmod 641 \end{align*} $$

So now

$$ \begin{align*} 2^{32} = (2^{16})^2 = (154)^2 \equiv -1 \bmod 641 \end{align*} $$

The idea is to take modulo 641 at every step to avoid large calculations.

Example

Suppose $a^2 \equiv b^2 \bmod m$. Does this imply $a \equiv \pm b \bmod m$?

The answer is no. Suppose $m = 8$. Then,

$$ \begin{align*} 1^2 \equiv 3^2 \equiv 5^2 \equiv 7^2 \bmod 8 \end{align*} $$

But

$$ \begin{align*} 1 \not\equiv \pm 3 \bmod 8 \end{align*} $$

It does work if $m$ is prime. Why? Observe that

$$ \begin{align*} a^2 \equiv b^2 \bmod p \\ a^2 - b^2 \equiv 0 \bmod p \\ (a-b)(a+b) \equiv 0 \bmod p \end{align*} $$

Because $p$ is prime, then either $(a-b)\equiv 0 \bmod p$ or $(a+b) \equiv 0 \bmod p$.

Example

Suppose $a^2 \equiv b^2 \bmod m^2$. Does this imply $a \equiv \pm b \bmod m$?

The answer is still no. Take primes $p$ and $q$ and let $m = pq$. Now suppose

$$ \begin{align*} a &\equiv b \bmod p^2 \\ a &\equiv -b \bmod q^2 \end{align*} $$

But these two imply that

$$ \begin{align*} a^2 &\equiv b^2 \bmod p^2 \\ a^2 &\equiv (-b)^2=b^2 \bmod q^2 \end{align*} $$

We can combine both to get

$$ \begin{align*} a^2 \equiv b^2 \bmod p^2 \cdot q^2 \\ a^2 \equiv b^2 \bmod m^2 \end{align*} $$

The claim is that

$$ \begin{align*} a \not\equiv \pm b \bmod m \end{align*} $$

Why? suppose for the sake of contradiction that $a \equiv \pm b \bmod m=pq$. Specifically suppose that

$$ \begin{align*} a &\equiv -b \bmod pq \end{align*} $$

Since $(p,q) = 1$, then

$$ \begin{align*} a &\equiv -b \bmod p \\ \end{align*} $$

but now recall that we also have $a \equiv b \bmod p^2$ so

$$ \begin{align*} a &\equiv b \bmod p \end{align*} $$

This is a contradiction. We can’t have both $a \equiv b \bmod p$ and $a \equiv -b \bmod p$ at the same time. Similarly, we can arrive at a contradiction if $a \equiv b \bmod pq$ by using the other assumption that $a \equiv -b \bmod q^2$. $\ \blacksquare$

References

Math115a by Richard E Borcherds

Properties of the order of \(a \bmod p\)

Application

Proof

Example

Fermat Primes

Example

Example

Example

References