3

I was reading Miller–Rabin primality test and there was a statement as:

$p$ is a prime iff $x^2 \cong 1\text{ mod }p \implies x \cong \pm 1\text{ mod }p$ for all $x$.

I was able to do it from left to right (a simple proof indeed), but I couldn't do the converse. I tried the following:

$x^2 \cong 1\text{ mod }p \implies (x-1)(x+1)\cong 0\text{ mod }p \implies p \text{ divides }(x-1)(x+1)$. But I wasn't able to proceed further. Any help would be great. Thanks...

Ankit Kumar
  • 1,874
  • 1
    Have you tried proving the contrapositive statement? – TheOscillator Mar 07 '20 at 11:57
  • @TheOscillator I did. But isn't the problem going to be very similar? I wasn't able to go anywhere with that – Ankit Kumar Mar 07 '20 at 12:06
  • @TheOscillator I came up with an example. $x = 5$, $p = 24$, but I wasn't sure if it's enough to disprove it. – Ankit Kumar Mar 07 '20 at 12:08
  • 4
    Note that $\ p=25\ $ also satisfies $$x^2\equiv 1\mod p\implies x\equiv \pm 1 \mod p$$ Hence the statement is not true. – Peter Mar 07 '20 at 12:13
  • 3
    Miller Rabin only needs the direction from the left to the right. The test does not prove the primality. Every prime passes the test, but also some composite numbers. The result "composite" is always true, but the result "prime" might be false. – Peter Mar 07 '20 at 12:20
  • If $\ n\ $ is odd and has at least two distinct prime factors, then we always have a non-trivial congruence $$x^2\equiv 1\mod n$$ which is the basic idea of the quadratic sieve. Not exactly, because we search a non-trivial congruence $$x^2\equiv y^2\mod n$$ but this is equivalent. – Peter Mar 07 '20 at 12:24
  • @Peter okay, I understand that it only requires left to right. But, in your example, $p (25)$ is not a prime. It isn't a counter example – Ankit Kumar Mar 07 '20 at 12:34
  • In fact it is a counterexample. This is what I mean with "the statement is not true" – Peter Mar 07 '20 at 13:37
  • @Peter that statement is correct. You can read it here (without a proof though): https://crypto.stanford.edu/pbc/notes/numbertheory/millerrabin.html. I've seen it on multiple sites, so don't think this is a mistake – Ankit Kumar Mar 07 '20 at 14:01
  • If it is stated as in your question, it is clearly false. You only have to check $p=25$ to convince yourself. – Peter Mar 07 '20 at 14:04
  • Let us continue this discussion in chat. – Peter Mar 07 '20 at 14:06
  • @Peter Not true. The Miller-Rabin primality test needs both directions (of the correct equivalence). Probably you are thinking of probabilistic variants which return either "composite" or "probable prime" (which are primarily what are used in practice since there are better deterministic tests) – Bill Dubuque Mar 08 '20 at 01:26
  • 1
    @Ankit Insisting that a statement is correct (because it is written on a website of a top university?) even after you've been given a simple counterexample is not the path to enlightenment. There are many errors on the web - even at reputable sites. Mathematical proof is not by authority. – Bill Dubuque Mar 08 '20 at 01:34
  • @BillDubuque I was unable to understand the counter example at first, that's the only reason why I was disagreeing. If you see the chat, you'll see I accepted my mistake :) – Ankit Kumar Mar 08 '20 at 06:42
  • @BillDubuque and by the way yes, my question was regarding the probabilistic variant only – Ankit Kumar Mar 08 '20 at 06:43
  • @BillDubuque No, Miller Rabin does not need both directions. And it is not deterministic unless we limit the magnitude of the number, then there are deterministic variants. That we have other deterministic variants does not matter for this question. – Peter Mar 09 '20 at 09:37
  • 1
    @BillDubuque The reason why we only need one direction is that Miller Rabin does not want to prove a number to be prime. It is only based on a condition that must be satisfied by every prime, but for every fixed set of bases we check infinite many composites pass it as well. – Peter Mar 09 '20 at 09:47
  • @Peter As I surmised, you are referring to the probabilistic variant - better called a composite test - not a primality test. The primality test does need both directions – Bill Dubuque Mar 09 '20 at 15:39
  • 1
    @AnkitKumar I added a comment on the accepted answer which gives a more conceptual viewpoint. – Bill Dubuque Mar 09 '20 at 16:20

1 Answers1

1

When $x^2 \equiv 1 \pmod{p} \implies x \equiv \pm1 \pmod{p}$ is False

Assume that $p \not\in \{1,2,4,q^t,2q^t\}$ where $q$ is an odd prime and $t$ is a positive integer.

If $p$ is a power of $2$ greater than $4$, it is clear that $x=\frac{p}{2}-1$ shows the necessary since: $$\bigg(\frac{p}{2}-1\bigg)^2 \equiv \frac{p^2}{4}-p+1 \equiv 1 \pmod{p}$$

Let $p$ not be a power of $2$. Clearly, we have some odd prime $q \mid p$. Let $t$ be the highest power of $q$ dividing $p$, i.e. $q^t \mid \mid p$. Now, let $p=k \cdot q^t$.

Since $p \not\in \{1,2,4,q^t,2q^t\}$ , we must have $k>2$. Also, since $q$ is an odd prime and $t$ is a positive integer, $q^t>2$.

We will show that there exists $x$ such that $x^2 \equiv 1 \pmod{p}$ and $x \not\equiv \pm 1 \pmod{p}$. We allow: $$q^t \mid (x+1) \implies x=q^tn-1$$

Now, we need $k \mid (x-1)$. This is the same as $k \mid (q^tn-2)$. However, we know from the fact that $\gcd(k,q^t)=1$ that: $$q^tn \equiv 2 \pmod{k}$$ has a solution for $0<n<k$. Now, set $n$ such that this congruence is satisfied. It is clear that: $$k \cdot q^t \mid (x-1)(x+1) \implies x^2 \equiv 1 \pmod{p}$$

If $x \equiv 1 \pmod{p}$, we need $q^t \mid (x+1) \implies q^t \mid 2$ which is clearly false as $q^t>2$.

Similarly, if $x \equiv -1 \pmod{p}$, we need $k \mid (x-1) \implies k \mid 2$ which is again false as $k>2$.

This shows that $x \not\equiv \pm 1 \pmod{p}$. This proves that for these values of $p$, $x^2 \equiv 1 \pmod {p}$ does not imply $x \equiv \pm 1 \pmod{p}$.

When $x^2 \equiv 1 \pmod{p} \implies x \equiv \pm1 \pmod{p}$ is True

Clearly, this is true for $p \in \{1,2,4\}$. We will show that it is true for $p=q^t$ and $p=2q^t$. Let $x^2 \equiv 1 \pmod{q^t}$. This shows that: $$q^t \mid (x-1)(x+1)$$ Since $q \nmid 2$, $q$ cannot divide both factors. This means that $q^t$ has to divide one of the factors completely. $$q^t \mid (x \pm 1) \implies x \equiv \pm 1 \pmod{q^t}$$

When $p=2q^t$, since $x^2 \equiv 1 \pmod{p}$, we will additionally have $x$ to be odd as $p$ is even. This gives an additional condition $x \equiv 1 \pmod{2}$ showing that $x \equiv \pm 1 \pmod{2q^t}$.

Summary

  • $x^2 \equiv 1 \pmod{p} \implies x \equiv \pm1 \pmod{p}$ is True for $p \in \{1,2,4,q^t,2q^t\}$ where $q$ is an odd prime and $t$ is a positive integer.
  • $x^2 \equiv 1 \pmod{p} \implies x \equiv \pm1 \pmod{p}$ is False otherwise.

Counterexamples

The counterexamples are when for $p$ not prime: $$x^2 \equiv 1 \pmod{p} \implies x \equiv \pm1 \pmod{p}$$

From above, this is the set $\{1,4,q^a,2q^b\}$ where $q$ is an odd prime, $a$ and $b$ are positive integers, and $a>1$. Note that $2$ and $q$ are removed as they are prime.

Community
  • 1
Haran
  • 9,717
  • 1
  • 13
  • 47
  • To the user who gave the downvote, please do share your reason. – Haran Mar 09 '20 at 10:30
  • 1
    You've reinvented the wheel (cyclic group). More conceptually: $,x^2\equiv 1\iff x\equiv \pm1\pmod{!n},$ is true $\iff \Bbb Z_n^$ is a cyclic* group (i.e. a primitive root exists), as follows from basic group theory. There are many CRT examples here that show how to obtain nontrivial square roots of $1$ in the non-cyclic cases, e.g. here. – Bill Dubuque Mar 09 '20 at 15:58
  • @BillDubuque The user Peter had noticed the same when we were chatting. – Haran Mar 09 '20 at 17:13
  • 1
    These fundamental facts are proved in most elementary number theory and algebra textbooks. I see no mention of it anywhere on this page so I thought it would be worthwhile to emphasize it here. – Bill Dubuque Mar 09 '20 at 17:20
  • @Haran How do we chat on MSE? – SARTHAK GUPTA Mar 09 '20 at 20:37