Strong pseudoprime

A strong pseudoprime is a composite number that passes the Miller–Rabin primality test.
All prime numbers pass this test, but a small fraction of composites also pass, making them "pseudoprimes".

Unlike the Fermat pseudoprimes, for which there exist numbers that are pseudoprimes to all coprime bases (the Carmichael numbers), there are no composites that are strong pseudoprimes to all bases.

Motivation and first examples

Let us say we want to investigate if ''n'' = 31697 is a probable prime (PRP). We pick base ''a'' = 3 and, inspired by Fermat's little theorem, calculate:
: $3^ \equiv 1 \pmod$
This shows 31697 is a Fermat PRP (base 3), so we may suspect it is a prime. We now repeatedly halve the exponent:
: $3^ \equiv 1 \pmod$
: $3^ \equiv 1 \pmod$
: $3^ \equiv 28419 \pmod$
The first couple of times do not yield anything interesting (the result was still 1 modulo 31697), but at exponent 3962 we see a result that is neither 1 nor minus 1 (i.e. 31696) modulo 31697. This proves 31697 is in fact composite (it equals 29×1093). Modulo a prime, the residue 1 can have no other square roots than 1 and minus 1. This shows that 31697 is not a strong pseudoprime to base 3.

For another example, pick ''n'' = 47197 and calculate in the same manner:
: $3^ \equiv 1 \pmod$
: $3^ \equiv 1 \pmod$
: $3^ \equiv 1 \pmod$
In this case, the result continues to be 1 (mod 47197) until we reach an odd exponent. In this situation, we say that 47197 is a strong probable prime to base 3. Because it turns out this PRP is in fact composite (can be seen by picking other bases than 3), we have that 47197 is a strong pseudoprime to base 3.

Finally, consider ''n'' = 74593 where we get:
: $3^ \equiv 1 \pmod$
: $3^ \equiv 1 \pmod$
: $3^ \equiv 74592 \pmod$
Here, we reach minus 1 modulo 74593, a situation that is perfectly possible with a prime. When this occurs, we stop the calculation (even though the exponent is not odd yet) and say that 74593 is a strong probable prime (and, as it turns out, a strong pseudoprime) to base 3.

Formal definition

An odd composite number ''n'' = ''d'' · 2^''s'' + 1 where ''d'' is odd is called a strong (Fermat) pseudoprime to base ''a'' if:

: $a^d\equiv 1\pmod n$
or
: $a^\equiv -1\pmod n\quad\mbox0 \leq r < s .$

(If a number ''n'' satisfies one of the above conditions and we don't yet know whether it is prime, it is more precise to refer to it as a strong probable prime to base ''a''. But if we know that ''n'' is not prime, then we may use the term strong pseudoprime.)

The definition is trivially met if so these trivial bases are often excluded.

Guy mistakenly gives a definition with only the first condition, which is not satisfied by all primes.

Properties of strong pseudoprimes

A strong pseudoprime to base ''a'' is always an Euler–Jacobi pseudoprime, an Euler pseudoprime and a Fermat pseudoprime to that base, but not all Euler and Fermat pseudoprimes are strong pseudoprimes. Carmichael numbers may be strong pseudoprimes to some bases—for example, 561 is a strong pseudoprime to base 50—but not to all bases.

A composite number ''n'' is a strong pseudoprime to at most one quarter of all bases below ''n''; thus, there are no "strong Carmichael numbers", numbers that are strong pseudoprimes to all bases. Thus given a random base, the probability that a number is a strong pseudoprime to that base is less than 1/4, forming the basis of the widely used Miller–Rabin primality test. The true probability of a failure is generally vastly smaller. Paul Erdos and Carl Pomerance showed in 1986 that if a random integer n passes the Miller–Rabin primality test to a random base b, then n is almost surely a prime. For example, of the first 25,000,000,000 positive integers, there are 1,091,987,405 integers that are probable primes to base 2, but only 21,853 of them are pseudoprimes, and even fewer of them are strong pseudoprimes, as the latter is a subset of the former.
However, Arnault

gives a 397-digit Carmichael number that is a strong pseudoprime to every base less than 307.
One way to reduce the chance that such a number is wrongfully declared probably prime is to combine a strong probable prime test with a Lucas probable prime test, as in the Baillie–PSW primality test.

There are infinitely many strong pseudoprimes to any base.

Examples

The first strong pseudoprimes to base 2 are
:2047, 3277, 4033, 4681, 8321, 15841, 29341, 42799, 49141, 52633, 65281, 74665, 80581, 85489, 88357, 90751, ... .
The first to base 3 are
:121, 703, 1891, 3281, 8401, 8911, 10585, 12403, 16531, 18721, 19345, 23521, 31621, 44287, 47197, 55969, 63139, 74593, 79003, 82513, 87913, 88573, 97567, ... .
The first to base 5 are
:781, 1541, 5461, 5611, 7813, 13021, 14981, 15751, 24211, 25351, 29539, 38081, 40501, 44801, 53971, 79381, ... .

For base 4, see , and for base 6 to 100, see to .
By testing the above conditions to several bases, one gets somewhat more powerful primality tests than by using one base alone.
For example, there are only 13 numbers less than 25·10⁹ that are strong pseudoprimes to bases 2, 3, and 5 simultaneously.
They are listed in Table 7 of. The smallest such number is 25326001.
This means that, if ''n'' is less than 25326001 and ''n'' is a strong probable prime to bases 2, 3, and 5, then ''n'' is prime.

Carrying this further, 3825123056546413051 is the smallest number that is a strong pseudoprime to the 9 bases 2, 3, 5, 7, 11, 13, 17, 19, and 23.



So, if ''n'' is less than 3825123056546413051 and ''n'' is a strong probable prime to these 9 bases, then ''n'' is prime.

By judicious choice of bases that are not necessarily prime, even better tests can be constructed. For example, there is no composite $< 2^$ that is a strong pseudoprime to all of the seven bases 2, 325, 9375, 28178, 450775, 9780504, and 1795265022.

Smallest strong pseudoprime to base ''a''

References

{{Classes of natural numbers

Pseudoprimes