mathematics of computation
volume 61,number 203
july
1993,pages 177-194
AVERAGECASE ERROR ESTIMATES
FOR THE STRONG PROBABLE PRIME TEST
IVAN DAMGÀRD, PETER LANDROCK, AND CARL POMERANCE
Dedicated to the memory ofD. H. Lehmer
Abstract. Consider a procedure that chooses fe-bit odd numbers independently and from the uniform distribution, subjects each number to t independent iterations of the strong probable prime test (Miller-Rabin test) with
randomly chosen bases, and outputs the first number found that passes all t
tests. Let pfc , denote the probability that this procedure returns a composite number. We obtain numerical upper bounds for pk , for various choices
of k, t and obtain clean explicit functions that bound p^ , for certain infinite classes of k, t. For example, we show Pxsyo,10 < 2-44 , Pjoo, 5 < 2-60 ,
P600,1 < 2~75 , and Pk,i < k242~™ for all k > 2 . In addition, we characterize the worst-case numbers with unusually many "false witnesses" and give
an upper bound on their distribution that is probably close to best possible.
1. Introduction
Let n > 1 be odd and write n - 1 = 2s u, where u is odd. If n is prime
and n\a, then either
(1.1)
a" e 1 mod n
or
a2'" = -lmod«
for some i< s.
If this should hold for some pair n , a we say n is a strong probable prime base
a. This concept was introduced by Selfridge in the mid 1970s; a variant was
used by Miller in his ERH-conditional primality test, and Rabin used it in his
probabilistic "primality" test. Often called now the Miller-Rabin test, we use
the more descriptive strong probable prime test.
Note that though (1.1) always occurs if n is prime and n \ a, it may sometimes also occur when n is composite. Let
<5"(n) = {a e [1, n - 1] : a" = 1 mod n or a2'" = -1 mod n for some i < s}
and let S(n) = \S^(n)\. It has been shown independently by Rabin [7] and
Monier [5] that if n is odd and composite, then S(n) < (n - l)/4. In fact, if
n t¿ 9 is odd and composite, then S(n) < <p(n)/4, where tp is Euler's function.
Thus, Rabin [7] showed that the strong probable prime test could be made
into a probabilistic compositeness test. That is, given an odd composite number
n , choose a random integer a £ [1, n - 1] and see if a 6 S?(n). If not, then
Received by the editor July 27, 1992.
1991 Mathematics Subject Classification. Primary 11Y11; Secondary 11A51.
The third author was supported in part by an NSF grant.
©1993 American Mathematical Society
0025-5718/93 $1.00+ $.25 per page
177
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
178
IVAN DAMGÁRD,PETER LANDROCK,AND CARL POMERANCE
you have proved that n is composite. The expected number of iterations to
come up with such a proof is of course at most 4/3 .
In practice, though, we may be presented with a large odd number n for
which we are not sure if it is prime or composite. Suppose we choose a random
number a e [1, n - 1] and see if a e S?(n). If a £ S?(n), we might choose
another number a' e [ 1, n -1 ] and try again. From the Rabin-Monier theorem,
we have the following: the probability that an odd composite number n has
ax, ... , at £ S^(n) for ax, ... , a, chosen uniformly and independently from
the integers in [1, n - 1] is at most 4~'.
Suppose now that the number n is also chosen randomly, say from the set
Mk of odd /obit integers. Say we continue to choose numbers n from Mk
until we find one that passes t random strong probable prime tests (and does
not fail any). That is, we choose n £ Mk at random, then choose a{ £ [1, n-1]
at random and see if a\ e S?(n). If so, we choose a2 e\\ , n - \\ at random
and see if a2 £ S?(ri). We continue until some a¡ $. <9*(n) for i < t, in
which case we discard n and try again, or until we find some n which has
ay, ... ,at£y(n).
Of course, if n is prime, then n will always have a\, ... ,at £ <5^(n). Let
pk , denote the probability that this procedure returns a composite number n .
From the above it may be tempting to say pktt < 4~' for all k . But as shown
in [2], the reasoning behind such a conclusion from the Rabin-Monier theorem
is fallacious. Indeed, if the primes were very sparsely distributed (as they are
in Mk for k large), then it might be more likely to observe an event with
probability 4~' than to observe an event with a lower probability of occurrence
(namely that a random number in Mk is prime).
Thus any estimation of pkt must take into account the distribution of the
primes. Moreover, to get a good upper bound for pkJ, one must show that the
worst-case upper bound for S(n)/(n - 1) of 1/4 for n composite is rather an
unusual occurrence. That is, for most n , S(n)/(n — 1) is considerably smaller
than 1/4. Thus we shall be concerned with the average value of S(n)/(n - 1)
for n odd and composite, rather than the worst (highest) value.
From the results in [3] we have
(1.2)
pk 1<2-(1+0<1»fclnln*/lnfc forfc^oo.
However, the expression o(\) was not computed explicitly in [3], so this result
is computationally useless for finite values of k .
In this paper we present elementary arguments for explicit upper estimates
of pk j for various values of k, /. Numerical estimates are presented in Table
1. One can see in this table that we often have pk , considerably smaller than
4~'. We also can obtain explicit upper bound estimates for pkt that are valid
for all large values of the subscripts. In particular, we show that
Pk x <k242-^
for k>2,
pkJ<kil22'rxl242-sM
for t = 2, A:> 88 or 3 < t < k/9,
pkJ < ±k2-St+x1kXilA2-kl2-2t+\2k2-kl*-*
Pk,t<
\kX5/42-k'2-21
for
t>k/4,
for
t > k/9,
k > 21,
k > 21,
k>2\.
The proof of the last two inequalities uses a result of independent interest,
namely that the number of Carmichael numbers up to x with just three prime
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
179
AVERAGECASE ERROR ESTIMATES
factors is at most xx^2(lnx)0^ . Previously, all we knew (see [6]) was that there
are at most 0(x2^) such numbers up to x. (Recall that « is a Carmichael
number if n is composite and a" = a mod n for all integers a. The existence of Carmichael numbers is what causes us to discard the simple Fermât
congruence for (1.1).)
It is interesting to note that the above upper bound for pk , in the range
t < k/9 decays by a factor smaller than 1/4 as t increases by 1, while for
t > k/4, it decays by the factor 1/4. This confirms the perhaps intuitive concept
that pk t for large t is dominated by the possibility of choosing a worst-case
composite number n with about n/4 "false witnesses", while for smaller values
of t, the probability is dominated by more typical values of n with only a few
false witnesses.
In [4], a probability related to pkl is computed. Consider a procedure
which chooses a random pair n, a, where n < x is an odd number and 1 <
a < n - 1 (with the uniform distribution on all such pairs), and accepts n if
a"~x = 1 mod 77. Let P(x) denote the probability that this procedure accepts
a composite number n. In §7 we show how the numerical estimates for P(x)
from [4] can be used to obtain estimates for pk >,. Further, these estimates
may be used together with the ideas from this paper to get estimates that are
sometimes stronger than both those in Table 1 and those in [4]. For this see
Table 2.
It is easy to see that the Rabin-Monier theorem implies that pkJ <
41-'/fy;,i/(l -Pk,\) f°r every k > 2, t > 2. Thus from (1.2) it follows that
there is a number ko such that pkt < 4~' for all k > ko, t > 1. Indeed,
if Pk,\ < 1/5, then pk t < 4~' for all r > 1 . It was left as an open question in [2] to determine a numerical value for ko. From the work in [4] it is
possible to show that 200 may be taken as a value for ko. Using our result
that pktx < k242~™, one easily sees that pkx < 1/5 for each k > 95, so
that 95 may be taken as a value for ko. From Propositions 1 and 2 below it
follows that pkx < 1/5 for each k £ {55, 56, ... , 94}, so that ko may be
taken as 55. Going further, we find that pk>\ < 1/4 and pk>2 < 1/17 for each
k £ {51, 52, 53, 54}, so that using pkj < 42~'pky2/(l -pk,2) for / > 3, we
see that ko may be taken to be 51. By tightening estimates in this paper and
computing pk x for small values of k , it may now be possible to show that ko
can be taken to be 2, which we conjecture to be the case.
Thanks are due to Ronald Burthe who brought some minor errors to our
attention.
2. Preliminaries
Recall the definition of S(n) from §1. Let a(n) := S(n)/tp(n) for
odd. Thus a(n) < 1/4 for odd composite n > 9.
Let co(n) denote the number of distinct prime factors of n, and
denote the number of prime factors of n counted with multiplicity.
always let p denote a prime number. By pP \\ n , we mean pß \ n and
n > 1, n
let Q(n)
We shall
pß+x \ n .
Lemma 1. If n > 1 is odd, then
1 > 2"(")-i TT nß~x
a(n)~
11"
pf\\n
P~l
> 2Q(-n)"1
TT
(p- l,n-l)-
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
P~ l
Jl (p - 1, n - If
p\n
180
IVAN DAMGARD, PETER LANDROCK, AND CARL POMERANCE
Proof. The second inequality follows immediately
from the identity
"£(ß - I) = Q(n) - w(n).
pß\\n
For the first inequality, by using the well-known formula for tp(n) and the
definition of a(n), it will suffice to prove
(2.1)
S(n)<2l-m^Y[(p-l,n-l).
p\n
Let v(n) be the largest number such that 2"("' | p - 1 for each prime p \ n .
Suppose the largest odd factor of n - 1 is u. In [5], Monier showed that
(2.2)
S(n) = (1 + 1 + 2w{n)+ 22"w(")+ • • • + 2^n)~x)mW) \[(p
-\,u).
p\n
Now
~\(p-\,u)<
2-"("M")Y[{p- 1, n - 1)
p\n
p\n
and
(2.3)
1 + 1 + 2w(n)+ 22'w{-n)
H_(-
2("(n)_1)<a(")
< 2 • 2(f(")_1)g,(").
Thus,
S(/i) < 2 • 2("(")-1M")2-y(")û,(")
JJ(p - 1, n - 1)= 21-w('!)
J](p - 1, « - 1),
which proves (2.1 ) and the lemma.
D
Lemma 2. If t is a real number with t > 1, then
v -1 n2~6
4- «2 < 3/ ■
Proo/. Let m = [t], so that m > 1 . Then
El
n=[i]+l
_ y^ 1
n2 ~ Z^ n2
n=l
V^ 1 _ "
V^ 1
2-, n2 ~~ 6
2—,n2
«=1
m + 1 (n2
n=l
Al\
say. If /c is at least 2, then
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
1
^
AVERAGECASE ERROR ESTIMATES
Thus the sequence f(\),f(2),...
_2E_ i
181
is decreasing and the above estimate gives
i
1/^2
«=m+i
which proves the lemma.
D
3. A SIMPLE ESTIMATE
Recalling the definition of a(n) from §2, we let Cm denote the set of odd,
composite integers n with a(n) > 2~m . Thus if m = 1, we have Cm = 0,
and if
Let
2k~2 .
which
m = 2, we have Cm = {9} .
Mk denote the set of odd Ac-bitintegers. For k > 2, we have \Mk\ =
We shall be concerned with the proportion in Mk of those odd integers
are also in Cm .
Theorem 1. Ifm,k
are positive integers with m + 1 < 2\/k - 1, then
!^fi!<»(,»-«)f2.
\Mk\
*3'~
ym-j-(k-\)/j
Proof. Note that from Lemma 1, n £ Cm implies Q.(n) < m . Let N(m, k, j)
denote the set of n £ Cm n Mk with Ol(n) = j. Thus,
m
(3.1)
\CmnMk\ = }^\N(m,k,j)\.
j=2
Suppose n £ N(m, k, j), where 2 < j < m. Let p denote the largest
prime factor of n . Since 2k~x < n < 2k , we have p > 2i-k~x^J. Let d(p, n) =
(p - \)/(p - 1, n - 1). From Lemma 1 and the definition of Cm , we have
2m > -^
> 2çl{n)~xd(p, n) = 2j-[d(p,n),
so that d(p, n) < 2m+x-J.
For a given prime /? > 2(A_1)/-' and integer úí | p - 1 with ¿/ < 2m+l~J , we
ask how many n £ Mk there are with p \ n , d = d(p, n), and n composite.
This is at most the number of solutions of the system
1
n = 0 mod p,
« = 1 mod —y— ,
p < n < 2k ,
d
which, by the Chinese Remainder Theorem, is at most
2kd
p(p-iy
We conclude that
mm.k.i)\<
y.
E
¿TjTTT)
p>2(*-')/> rf|p-l
(3.2)
^^
'
'"
E E
d<2"+i-Jp>2(*-1)«
P(P- 1)
rf|p-l
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
182
IVAN DAMGÁRD, PETER LANDROCK, AND CARL POMERANCE
Now, for the inner sum we have
Ed
^-»
p(p-\)
<
d
¿^
(ud+l)ud
d\p-\
1
v^
1
7T2-6
1
d
^
u2
3
2(fc-D/j - l '
u>(2<*-'>«-i)/d
by Lemma 2. Putting this estimate in (3.2), we get
|tf(m, k,j)\< 2^
J]
(3.3)
2(^_1)1/7_!
í/<2""+'-j
fc7T2- 6
2m+1^' - 1
—3
2(*-')/j- r
So far we have not used our hypothesis m + 1 < 2\/k - 1 . Using this and
the inequality j + (k - l)/j > 2\/k - 1, which is valid for all j > 0, we have
m + I < j + (k - \)/j. Thus,
im+l-j
1
_ i
*)m+\-j
1 < t__
2(k-i)/j - i - 2(*-o/;
= ? . jm-j-(k-\)lj
Combining this estimate with (3.3) and (3.1), we have
7
6/-
»I
|Cmn^|<2A+1^-^^2m-^-"^.
3
y=2
Thus, the theorem follows from the fact that \Mk\ = 2k~2.
4. First numerical
D
results
In this section we use Theorem 1 and an explicit estimate for the distribution
of prime numbers to obtain some quite good numerical estimates for pk , for
various values of k and /.
Let n(x) denote the number of primes p < x and let Yl' denote a sum
over composite integers.
Recall the function S(n) from §1 and let á(n) := S(n)/(n - 1). Thus,
á(n) < a(n) for all odd n > 1 . Using the law of conditional probability, we
have for k > 2
pk,t= ( £ *(/!)') £'«(*)'< ( £ w]
(4.1)
\n£Mk
J
= (n(2k)-n(2k-x))-1
«i«!
\/>€A/A
£'
£'«(«)'
/
n€Mk
«(«)'.
Thus, to get an upper estimate for pkJ, it will suffice to find an upper estimate
for the final sum in (4.1) and a lower estimate for n{2k) - n(2k~l).
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
AVERAGECASE ERROR ESTIMATES
183
Proposition 1. Let c = 8(tt2 - 6)/3. For any integers k, M, t with 3 < M <
2y/k - 1 - 1 and t > 1, we have
M
M
Y' ä(n)<< 2k-2~m+ c • 2k-2+<
J2 £
n£Mk
j=2
2m(1-'>-;-<fc-1^'.
m=j
mji2
Proof. First note that the hypothesis implies k > 5, so we have Cx D Mk =
C2nMk = 0. Thus,
OO
£'*(«)'
=
neMk
OO
£
£
*(")'<£
£
m=3n£MknCm\Cm-\
«(«)'
m=3 n£Mkr\Cm\Cm
. ^m— 1
oo
(4.2)
<Y,2-{m-x)i\Mkf)Cm\Cm-x\
m=3
M
< 2~M'\Mk\CM\ + £
2-^m-X)t\Mk n Cm|.
m=3
From Theorem 1 and the above estimate we have
M
Y' ¿(«y < 2k-2~M<+c • 2k~2 y
«eA^
m
£ 2-C"-i»+"!-;-(*-i>/;
m=3 7=2
M M
_ 2<<-2-mí + c. 2fc-2+' y^ y^ 2w('-,)-^('i~l)/-/,
;=2 w=7
mj¿2
which proves the proposition.
D
Proposition 2. For k an integer at least 21, we have
2k
n(2k)-n{2k~x) > (0.71867)-p
Proof. Let 0(x) = J2P<X^P ■we have
(4.3)
,W-,(*)>-L
y, ^ = ¿(w-»(!))•
x/2<;i<x
From [8] we have
0(x) < 1.001 lx
forx>0,
0(x)>O.9987x
for *> 1155901.
Thus, for x > 1155901, we have
0(x)-ö(!)
>0.9987x-
^(1.001 l)x = 0.49815x.
Thus, from (4.3) we have
n(x)-n(^r)
> 0.49815^\2/
lnx
for x > 1155901 . In particular, if k > 21 , then
n(2k) - n(2k~x) > 0.49815^—
A:In 2
which proves the proposition.
> 0.71867^- ,
D
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
k
184
IVAN DAMGARD, PETER LANDROCK, AND CARL POMERANCE
Table 1. Lower bounds for -\%pkJ
k\t
100
150
200
250
300
350
400
450
500
550
600
12
3 4 5
5 14 20 25 29
8
11
14
16
19
21
23
25
27
29
20
25
29
33
37
40
43
46
49
52
28
34
39
44
48
53
57
61
64
68
34
41
47
53
58
63
68
72
76
80
39
47
54
60
66
72
77
82
87
91
6
33
43
52
60
67
73
80
85
91
96
101
7
36
47
57
65
73
80
87
93
99
104
110
8
39
51
61
70
78
86
93
100
106
112
118
<
41
54
65
75
83
91
99
106
113
119
125
10
44
57
69
79
88
97
105
112
119
126
132
The numbers in Table 1 were computed from (4.1 ), Proposition 1, and Proposition 2, using the optimal value of the free parameter M. If j is the entry
corresponding to k and t in Table 1, then we are asserting that pk,t <2~J.
5. General
inequalities
for pkl
It is the purpose of this section to obtain clean upper-bound inequalities for
pk t that are valid for all k or all large k . We begin with the following.
Theorem 2. For k > 2 we have pkt x < k242~^k .
Proof. From (4.1) we have for k > 2 that
pk,x<(n(2k)-n(2k~x))-xY'
(5.1)
*(")•
n€Mk
Using J2m=j 2m(1_/) = M+ 1 -j
for t = 1, we obtain from Proposition
1 that
M
(5.2)
Y! ä(") ^ 2k-2~M+ c-2k~x Y(M + 1 - j)2-i-(k-x)li
n£Mk
j-2
for any integer M with 3 < M < 2\/k - 1 - 1 . Note that for any j we have
j + ^^>2^fk^\.
Assume k > 5 and let M = [2\/k - 1 - 1]. We get from the above that
M
Y' *{n) < 2k~2~M+ c • 2k-x'2^k~-xY(M + 1 - ;')
neMk
(5.3)
;=2
= 2k~2~M + cM(M - i)2k-2-2"/kZx
<2k-2^k~x
<ck2
+ \c(2y/k-
1- l){2y/k-
k-2Jk-\
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
1 -2)2k-2^kZx
AVERAGECASE ERROR ESTIMATES
Using VX < Vk -1 + l/(2y/k(5.4)
185
1), we have for k > 2 that
2-2sfk~T\< 2-2^+1/^^1.
Suppose now that k > 42. Then from (5.3) and (5.4) we have
Y' ä(n) < ck2x'^2k-2Vk.
neMk
Using this and Proposition 2 in (5.1), we have for k > 42 that
Pk-x<öjmik2
<k4
'
which proves the theorem for k > 42. But k242~^k > 1 for k < 63, so the
theorem is trivially true for k < 63 . D
Remark. With a little more careful estimation of the sum on the right side of
(5.2) we can show pk x = 0(kil24~^k) with an explicit 0-constant.
Theorem 3. For k, t integers with k>2\,
have
3 < t < k/9 or k > 88, t = 2, we
'"7i
< kV2^42-Vik_
Proof. Assume k >9, t>2.
obtain from Proposition 1 that
Using ¿Zm=j2m(l~t) < 2J(W)/(1 - 21"'), we
Y' ö(«)' < 2k-2-Mt+c
(5.5)
_
Y2~Jl~{k~l)/J
neMk
j=2
for any integer M with 3 < M < 2Vk - 1 - 1. We shall use the inequality
k- 1
H+ —
> 2y]t{k- 1) for all ; > 0.
Further, we shall choose M = \2y/(k - 1)//] in (5.5). Thus, to have M > 3,
we must restrict t to t < k - 1 . Further, for k > 9 we have
M
2yJ{k-\)/t < 2yJ(k-\)/2 <2y/k-
1- 1,
so that (5.5) is applicable. Thus, from (5.5) we get
Y
2k-2+t
â(n)' < 2k-2~Mt + c _
<2^2-2v^)^l
(M - i)2-2v/^rñ
+ 2c/fr^rr7).
Now for k > 9 and í > 2 we have
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
186
IVAN DAMGARD, PETER LANDROCK, AND CARL POMERANCE
Thus,
(5.6)
Y! *(«)' < 2k~2~2VKrT)^2c]il-]
. 1 -21-'-
neMk
Note that 2"V'(fc-1) < 2~2^k2^k~^
1 -2'-'
. For 3 < ? < fc/9, we have
< Z2V3/26 < 1/7.
■
For t = 2 and A:> 88 , we have
2v/#Ii)
2x+^2/(k-i) < 2.222.
1-21-'
Putting these estimates in (5.6), we get
£'
ä(«)' < 2¿-2-2^|^4.444c^2'
for 3 < t < (k - l)/2, fc > 9 and for r = 2, /c > 88 .
Now using (4.1) and Proposition 2, we get
351 1.111
^'^3500.71867^
3/22'
^
,/F
for 3 < t < k/9, k > 21 and for ? = 2, fc > 88. Thus, for these values of
k, t we have
/;,,,<
which proves the theorem.
^2|=42-^,
D
Remark. It should be clear from the proof that we have a somewhat stronger,
but less clean, inequality that is valid in a wider range for k, t.
We can also use the above methods to estimate pk t for very large values of
t. However, when we do many probable prime tests it is more important to
have improved estimates on the distribution of the worst-case numbers, namely
the members of C3. We do this in the next section.
6. The worst-case
numbers
In this section we classify the members of C3, get an improved estimate for
IC3 n Mk\, and use this to get an estimate for pk , when / is large.
Theorem 4. The following numbers comprise C3 :
(i) (m + l)(2m + 1), where m + 1, 2m + 1 are odd primes,
(ii) (m + l)(3m + 1), where m + 1, 3m + 1 are primes that are 3 mod 4,
(iii) PxP2Pi, where Px, p2, Pi are primes, PxP2Pi is a Carmichael number,
and there is some integer s with 2s\\p,■— 1 for « = 1,2,3,
(iv) 9, 25, 49.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
AVERAGECASE ERROR ESTIMATES
Proof. Suppose m+\,
2m+\
187
are prime and 2v\\m. If n = (m + l)(2m+
then (2.2) implies S(n) = (1 + ^-)4-vm2,
S(n)
1),
so that
l+(4"-l)/3
1
a{n) = W) =-2^->
6-
Similarly, if n is in class (ii), then v = 1 and
f*u
(6.1)
t ^ =-j-^-=
l + (4"-l)/3
a(n)
1
-6.
If n is in class (iii), then
. .
1 + (8s - l)/7
«(")=— >
1
>r
Finally, a(9) = 1/3, q(25) = 1/5, a(49) = 1/7.
It remains to show that C3 has no other elements. From (2.2) and (2.3) we
have
S(n) < 2l+^^-l)a^Y[(p
- \,u).
p\n
Say the distinct primes in n are p\, p2. • • • , Pw(n) and p¡- I = 2Siu¡ for each
i, where «, is odd. Then
<p(n)>
(6.2)
Tiff Vu,
s(n) - 2i+("(«)-i)«(«)
nrii'b/ -1, u)
a>(n)
= 2w(")-12¿T=il(í'-í'("))
FT
i=i (/>/- 1 , U)
Thus, a necessary condition for « e C3 is that the integer on the right of (6.2)
is less than 8 .
We thus immediately see that co(n) < 3. Suppose to(n) = 3. Then, if
n £ C3, we see from (6.2) that s¡ = v(n) for / = 1, 2, 3 and u¡ = {p¡ - 1, u)
for ¿=1,2,3.
Thus n is in class (iii).
Suppose co(n) = 2. Suppose Sx = s2 = v(n). Since n, having only two
distinct prime factors, cannot be a Carmichael number, the final product on the
right of (6.2) must be at least 3. Thus, if n £ C3, this product is 3 and n is
in class (ii) (and from (6.1) we see that v(n) = 1 ). If Sx / s2 and n £ C3, we
must have \st - s2\ = 1, say Sx = v(n), 52 = S\ + 1 . We also must have the
final product in (6.2) equal to 1, so n is in class (i).
Finally, if n = pa with p prime, then a(n) = \/pa~x , so that n £ C3
implies n is in class (iv). D
Theorem 5. Let N(x) denote the number of Carmichael numbers up to x with
exactly three prime factors. Then for all x > 1 we have
N{x)<
ix1/2(lnx)11/4.
Proof. A Carmichael number n with three prime factors can be written as
pqr with 2 < p < q < r primes and [p-l,q-l,r-\]\
pqr - 1 . Let
g = (p-\,q-\,r-\),
and let a, b, c be such that
p-\=ga,
q-\=gb,
r-\=gc.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
188
IVAN DAMGÀRD,PETER LANDROCK,AND CARL POMERANCE
Thus, a < b < c, (a, b, c) = 1, and
(6.3)
a | b + c + gbc,
b\ a + c + gac,
c \a + b + gab.
From (6.3) it easily follows that a, b, c are pairwise coprime. For example,
the first relation in (6.3) implies that (a, b) \ c, so that (a, b, c) = 1 implies
(a,b) = l.
Thus, the relations in (6.3) imply that if a, b, c are given, then g is deter-
mined mod abc.
We now count the number AT of quadruples g, a, b, c which satisfy the
above conditions and g3abc < x. Note that N(x) < N. We write N =
Nx + N2 + Ni, where in Nx we count those quadruples with g > abc, in N2
we count those quadruples with G < g < abc, and in /V3 we count those
quadruples with g < G and g < abc. Here G is a parameter we shall choose
later.
If a, b, c are given, then the number of g with g3abc < x, g in a particular residue class mod abc, and g > abc is at most [(x/abc)x/3/abc] <
xxl3/(abc)V3. Thus,
(")
«E»<!l'l'l,!
a<b<c
(abc)W
^^6^1,3,
'
where C denotes the Riemann zeta function.
To estimate /V2 note that for each coprime triple a, b, c there is at most
one g that satisfies (6.3) and g < abc. Further, if g > G and g3abc < x,
then abc < x/G3. Thus, N2 is at most the number of triples a, b, c with
a < b <c and abc < x/G3. Thus,
"2<
(6-5)
Y
£
£
\<a<x'l}/G
a<b<(x/aG})"2
b<c<x/abG}
!
<££^<£^ln(Gè)1/2
ab
a
<2gîl'
+
v
i*(Ç)}"(à)<û-^
for G > e .
Now we estimate /V3. From (6.3), for g, a, b, c given, there is an integer
h with
a + b + gab
(6-6)
(ga+\)b
+a
c=--h-=--h-
so that
(6.7)
h\(ga+\)b
+ a and h < ga.
Note that
(ga + l)2b + (ga+
a + c + gac = (ga + \)c + a = —-—;——-—
n
\)a
+ a,
so that (6.3) implies b | (ga + \)a + ha . Since (b, a) = 1, we have
(6.8)
b\ga+l+h.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
189
AVERAGECASE ERROR ESTIMATES
Also note that
b + c + gbc = (gb+l)c + b = (gb+ x)^a+\)b
+ a + b^
so that (6.3) implies a \ (gb + \)b + hb , and since (a, b) = 1, we have
(6.9)
a\gb+l+h.
Let j be such that
(6.10)
b=^a+X+h
J
so that a < b and h < g a imply j < 2g . We have
i
,
,
ga+ I + h
gb + 1 + h = g--:-+
,
,
1 + h,
so that (6.9) implies that a\ g + gh + j + jh; that is,
(6.11)
{g + j)(l+h)
=0
moda.
Suppose we are given g, a, j. Let d = (a, j(g + j)). Note that (6.10) and
(6.11) imply
1 + h = -ga
mod j,
1+ h = 0
mod
a
(a, g + j)
Thus,
ja
mod -rd
1 + h = -ga
(6.12)
Indeed,
ja
(a, g + j)(j,a/{a,
a, g + j)
g + j))
(j{a,g
ja _
+ j),a)
¿a
d'
Now the number of positive integers h < ga which satisfy (6.12) is at most
ga
(6.13)
ja/d
since j < 2g implies gd/j
gd_ < 2gd
j
j
> d/2 > 1/2.
Further, if g, a, j, h are given,
then b, c are also specified, via (6.6) and (6.10). Thus, by (6.13),
N < y-
y-
g<G j<2g
(6,'4)
y-
2g{a,j{j + g))
a<x^/g
sEE
E 2-f E >s2-"3EE
g<G )<2g d\j(j+g
a<x1'3/
d\a
Next note that
Y
^r(j(j
+ g))<r(j)x(j + g)..
d\j(j+g)
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
E )■
g<G j<2g d\j(j+g)
190
IVAN DAMGÀRD, PETER LANDROCK, AND CARL POMERANCE
where x(m) denotes the number of divisors of m . Thus, from (6.14),
Ai < 2xi/'£
£IÜM¿±1)
g<G )<2g
,6.15)
=2*./3£íM
J'<2G
J
£
J
«U+ ,>
j/2<g<G
VÄ ; / [AG
We have from Lemma 2.6 in [4] and its proof,
Y t(w) < 3G(1+ ln(3G)),
m<3G
Y — ^ \(2 + ln(2C7))2.
j<2G
•*
Thus, from (6.15) we have
7V3< 3x'/3C7(l +ln(3G))(2 + ln(2G))2.
We now let G = xx/6/(\nx)x/A ■ Assume x > 1010. Then
l+ln(3G)<
so that N3< &xl'2(\nx)"'A
ilnx,
2 + ln(2C7)< ±lnx,
.
We have from (6.5) that N2 < |x'/2(lnx)u/4.
(6.16)
forx>
Thus, with (6.4), we have
N(x) <N = Nx+N2 + N3< ix1/2(lnx)11/4
1010. (We use f(4/3) < 1+/,°° r^3 dt = 4 and 43/6 < ^x'/^lnx)"/4
for x > 1010.) Finally, we note that from the table of Carmichael numbers associated with [6], the inequality of the theorem holds for all x in the remaining
range 1 <x < 1010. D
Corollary. For k>2 we have \C3 nMk\< ±klx/42k/2.
Proof. We consider the four classes of members of C3 listed in Theorem 4. If
n = (m+ l)(2m + 1) < x is in class (i), then 2m2 < x . Using that m is even,
we have at most ^/x/8 such n < x. If n = (m + l)(3m + 1) < x is in class
(ii), then we similarly get at most sJx~[Y2 such n < x .
Now consider IC3 n Mk\ for k > 1. No member of class (iv) is in Mk .
Using the above estimates with x = 2k and using Theorem 5, we have
|C3 n Mk\ < ^2fe/2 + ^2^2
+ I(ln2)11/4yt11/42/c/2
< (0.354 + 0.289 + 0.0913Â:11/4)2/c/2
< ±kxx'42k'2,
which proves the corollary for k > 7 . For the remaining values of k it suffices
to note that the upper bound in the corollary exceeds 2k~2 = \Mk\. o
We remark that the prime fc-tuples conjecture in analytic number theory
implies that the number of members of C3 n Mk which are in either of the
first two classes of Theorem 4 exceeds c'k~22kl2 for some positive constant
d . Thus, but for a factor that is k0(X), the above corollary is probably best
possible.
The following result complements
Theorems 2 and 3.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
AVERAGECASE ERROR ESTIMATES
191
Theorem 6. For integers k, t with k > 21 and t > k/9 we have
Pk,t<
±k2-5< + ^H2-k'2-2t
+ \2k2-k'4-3'.
Proof. By taking M = 5 in (4.2), we have
Y' «(»)' < 2~5'\Mk\ + 2~2t\Mk n C3| + 2~3'\Mk n C4| + 2-4'|A//t n C5\.
neMk
We use Theorem 1 and the corollary to Theorem 5 to get
Y'
*(")' < 2k-2~51 + ±kxx'A2kl2-2t
neMk
+ c2/c-2-3'(22-(fc-1)/2
+ 2'-(*-1)/3
+ 2-{k-X)/4)
+ c2k-2-M(23~(k-x)l2
+ 22-{k~X)l3 + 2x~(k~X)lA+ 2-(i:-1)/5),
where c = %(n2- 6)/3 . Using k > 21, we then get from this estimate that
YÍ ä(n)' < 2k~2-5' + ^kxx'42k/2-' + Uc2k-2-3^-^
neMk
+ 2.7C2*-2-4'-«*-1)/5.
Now using (4.1) and Proposition 2, we have
Pk,, < (0.35)k2~5' + {0A392)kX5/42-k/2-2'
+ (7.26)k2-k/4-3'
+ (ll.2)k2-k'5-4'.
For t > k/9 and k > 21 the last term above is less than (4.6l)k2~k/4-3t,
which, when put in (6.17), gives the theorem. D
Corollary. For integers t, k with t > k/4
and k > 21 we have pk , <
l_k\5/42-k/2-2t
Proof. This result follows immediately from (6.17). G
7. Improved numerical
results
In this section we show how the numerical estimates in [4] can be used together with the methods in this paper to get numerical upper estimates for pk ,
that are sometimes better than our results above in §4.
In [4], the ratio
P(x)= Y' (F(n)-2)/ Y OW-2)
n<x
n odd
\<n<x
n odd
is estimated from above, where the prime continues to indicate the sum is
restricted to composite numbers. Here, F(n) is the number of residues a mod
n with a"~l = 1 mod n .
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
192
IVAN DAMGÁRD,PETER LANDROCK, AND CARL POMERANCE
It is further shown in [4] that
X2
Y
(F(n)-2)>
^
v v '
' - ——2(2 + lnx)
n odd
for all x > 37. The argument in [4] proceeds to majorize P(x) by instead
majorizing the function
~
2(2 + lnx) w
P(x):=-—2-
Y *(»)■
n<x
n odd
Thus, the estimates in [4] actually give upper bounds for the function P(x).
We now show a connection between P(2k) and the quantities estimated in
Proposition 1.
Proposition 3. For k > 2 we have
e'*<»>
sïH^ï**)
4
n€Mk
Moreover, if k, M, t are integers with 3 < M < 2Vk - 1 - 1 and t > 2, we
have
*>k—2+t M
Y' ä(n)' < 2-^'-» Y' ä(») + cf^l
£ 2-J'-{k-l)/J-
nÇ:Mk
j=2
n€Mk
where c = 8(7i2 - 6)/3.
Proof. The second assertion follows immediately from the proofs of Proposition 1 and (5.5), the only difference being the estimation of
OO
£
m=M+i
£
*(*)'=
neMknC„\Cm-,
£'
<*(«)'■
n€Mk\CM
In Proposition 1 we majorized this expression by 2~M'\Mk\CM\ < 2k^2~Ml.
Now we argue that this expression is at most
Y,' a(«)'-1â(«)<2-w('-,>Y! «(«)< 2-W('-l)
52'ö(«).
neMk\CM
n€Mk\C„
n£Mk
It remains to show the first inequality in the proposition. We use the fact
S(n) < F(n)/2 if n is odd and divisible by at least two distinct primes. This
follows easily from the first inequality in Lemma 1 and the formula (see [1, 5])
F(n) = H(p-\,n-l).
p\n
Note that if n = pa, where p is an odd prime, then S(n) = F(n) = p - 1.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
193
AVERAGECASE ERROR ESTIMATES
Thus,
£' *(") = £' izr
n€Mk
* 2l~k£' w
neMk
n€Mk
<2-k Y' F(n) + 2l~k Y S(P")
n€Mk
m(n)>\
P°€Mk
a>\
< 2~kY! F(n) + 2~k Y
n<2k
S(P"Î
pa<2k
n odd
p>2,a>\
22k
=2~*2(2TW(2t>+2~' E cp-i:
pa<2k
p>2,a>\
^2^¥P{2k)
+ 2~kk E
(P-D-
2<p<2kn
Using
v-
,x ,
51 ,(P-1)<2
2<p<2k'2
v-
5]
2fc/2+l
2*/2-l
m<—-—<2
yt-2
w<(2*/2-l)/2
we thus have
e'^tIhU^)4
2 + A:ln2
This completes the proof of Proposition 3. D
It remains now to use (4.1) and Propositions 2 and 3, together with the
estimates in [4], to get numerical estimates for pkt.
There is a difficulty,
however, with using the table from [4] since it gives estimates for P(x) for
x equal to various powers of 10, while in Proposition 3, we need to know an
estimate when x is a power of 2. Suppose 2k < x . From the definition of P
we have
Thus, if we have an estimate for P(x), we can use this to get an estimate for
P(2k). However, this interpolation formula is too crude. So instead of using the
table from [4] and interpolating, we recompute P(x) using the formulas from
[4] for x being various powers of 2 and use these estimates in Proposition 3.
Table 2 gives numerical upper bounds for various pk( using these ideas. If j
is the entry in Table 2 corresponding to k, t, then pkJ< 2~J. An entry is
italicized if it is an improvement on the corresponding entry in Table 1.
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use
IVAN DAMGARD,PETER LANDROCK,AND CARL POMERANCE
194
lgpk j '■combined method
Table 2. Lower bounds for
k\t
100
150
200
250
300
350
400
450
500
550
600
12
5 14
8 20
11 25
14 29
19 33
28 38
37 46
46 54
56 63
65 72
75 82
3
20
28
34
39
44
48
55
62
70
79
88
4
25
34
41
47
53
58
63
70
78
86
95
29
39
47
54
60
66
72
78
85
93
102
6
33
43
52
60
67
73
80
85
92
100
108
7
36
47
57
65
73
80
87
93
99
107
115
8
39
51
61
70
78
86
93
100
106
113
121
9
10
41
54
44
57
65
75
83
91
99
106
113
119
127
69
79
88
97
105
112
119
126
133
Bibliography
1. R. Baillie and S. S. Wagstaff,Jr., Lucas pseudoprimes,Math. Comp. 35 (1980), 1391-1417.
2. P. Beuchemin, G. Brassard, C. Crépeau, C. Goutier, and C. Pomerance, The generation of
random numbers that are probably prime, J. Cryptology 1 (1988), 53-64.
3. P. Erdös and C. Pomerance, On the number of false witnesses for a composite number, Math.
Comp. 46(1986), 259-279.
4. S. H. Kim and C. Pomerance, The probability that a random probable prime is composite,
Math. Comp. 53 (1989), 721-741.
5. L. Monier, Evaluation and comparison of two efficient probabilistic primality testing algo-
rithms, Theoret. Comput. Sei. 12 (1980), 97-108.
6. C. Pomerance, J. L. Selfridge, and S. S. Wagstaff, Jr., The pseudoprimes to 25 • 109 , Math.
Comp. 35 (1980), 1003-1026.
7. M. O. Rabin, Probabilistic algorithm for testing primality, J. Number Theory 12 (1980),
128-138.
8. L. Schoenfeld, Sharper bounds for the Chebyshev functions
8(x)
and
i//(x). II, Math.
Comp. 30 (1976), 337-360; Corrigendum,op cit, 900.
(I. Damgàrd and P. Landrock) Matematisk
Institut,
Ny Munkegade,
DK 8000 Ärhus C,
Denmark
E-mail address, I. Damgàrd: [email protected]
E-mail address, P. Landrock: [email protected]
(C. Pomerance) Department
of Mathematics,
The University of Georgia, Athens, Geor-
gia 30602
E-mail address: [email protected]
License or copyright restrictions may apply to redistribution; see http://www.ams.org/journal-terms-of-use