A Brief History of Factoring and Primality Testing B. C. (Before Computers)
Author(s): Richard A. Mollin
Source: Mathematics Magazine, Vol. 75, No. 1 (Feb., 2002), pp. 18-29
Published by: Mathematical Association of America
Stable URL: http://www.jstor.org/stable/3219180
Accessed: 30/03/2010 10:47
Your use of the JSTOR archive indicates your acceptance of JSTOR's Terms and Conditions of Use, available at
http://www.jstor.org/page/info/about/policies/terms.jsp. JSTOR's Terms and Conditions of Use provides, in part, that unless
you have obtained prior permission, you may not download an entire issue of a journal or multiple copies of articles, and you
may use content in the JSTOR archive only for your personal, non-commercial use.
Please contact the publisher regarding any further use of this work. Publisher contact information may be obtained at
http://www.jstor.org/action/showPublisher?publisherCode=maa.
Each copy of any part of a JSTOR transmission must contain the same copyright notice that appears on the screen or printed
page of such transmission.
JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of
content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms
of scholarship. For more information about JSTOR, please contact [email protected].
Mathematical Association of America is collaborating with JSTOR to digitize, preserve and extend access to
Mathematics Magazine.
http://www.jstor.org
18
MATHEMATICS
MAGAZINE
A Brief History of Factoringand Primality
Testing B. C. (Before Computers)
RICHARD A. MOLLIN
University of Calgary
Calgary,Alberta
Canada T2N 1 N4
[email protected]
Factoringandprimalitytestinghavebecomeincreasinglyimportantin today'sinformationbasedsociety,since they bothhaveproducedtechniquesused in the secure
transmissionof data.However,oftenlost in the modern-dayshuffleof informationare
the contributionsof the pioneerswhose ideas usheredin the computerage and,as we
shallsee, someof whoseideasarestillusedtodayas theunderpinnings
of powerfulalgorithmsfor factoringandprimalitytesting.We offerthisbriefhistoryto help readers
knowmoreaboutthesecontributionsandappreciatetheirsignificance.
Virtuallyeveryonewho has graduatedfrom high school knows the definitionof
a primenumber,namelya p E N = {1, 2, 3, 4, . . .} such that p > 1 and if p = Em
whereX,m E , theneitherf = 1 or m = 1. (If n E N andn > 1 is not prime,thenn
is calledcomposite.)Althoughwe cannotbe certain,the conceptof primalityprobably
arosewith the ancientGreeksovertwo andone-halfmillenniaago. The firstrecorded
definitionof primenumberswas given by Euclid around300 BCE in his Elements.
However,thereis some indirectevidencethat the conceptof primalitymight have
been knownfarearlier,for instance,to Pythagorasandhis followers.
The Greeksof antiquityused the termarithmeticto mean what today we would
call numbertheory,namelythe studyof the propertiesof the naturalnumbersandthe
relationshipsbetweenthem.The Greeksreservedthe wordlogistics for the studyof
ordinarycomputationsusing the standardoperationsof addition/subtraction
andmultiplication/division,
which we now call arithmetic.The Pythagoreansintroducedthe
termmathematics,whichto themmeantthe studyof arithmetic,astronomy,geometry,
andmusic.This curriculumbecameknownas the quadriviumin the MiddleAges.
Althoughwe have enjoyedthe notionof a primefor millennia,only very recently
have we developedeJficienttests for primality.This seeminglytrivialtask is in fact
muchmoredifficultthanit appears.
A primalitytest is an algorithm(a methodologyfollowinga set of rulesto achieve
a goal), the stepsof whichverify thatgiven some integern, we may conclude"n is a
primenumber."
A primalityproof is a successfulapplicationof a primalitytest.
Such tests are typicallycalled trueprimalitytests to distinguishthem fromprobabilisticprimalitytests (which can only concludethat"n is prime"up to a specified
likelihood).We will not discusssuchalgorithmshere(see [9] for these).
A conceptusedfrequentlyin primalitytestingis the notionof a sieve.A "sieve"is a
processto findnumberswithparticularcharacteristics
(forinstanceprimes)by searching amongall integersup to a prescribedbound,and eliminatinginvalidcandidates
untilonly the desirednumbersremain.Eratosthenes(ca. 284-204 scE) proposedthe
first sieve for findingprimes.The following exampleillustratesthe Sieve of Eratosthenes.
EXAMPLE
1. Supposethatwe wanttofind all primesless than30. First,we write
downall naturalnumbersless than30 and biggerthan 1. Thefirstuncrossednumber,
VOL.75, NO. 1, FEBRUARY
2002
19
2, is a prime. Wenow cross out all numbers(bigger than 2) that are multiplesof 2
(andhencecomposite).
{2, 3, 4,5, #, 7, $, 9, ,I,0, 11, ,I,2, 13, ,a4, 15, ,I,6, 17, ,I,S, 19, ;,0, 21, ;g,
23,;4,25,;5,27,g,S,29,/,0}.
Thenext uncrossednumber,3, mustbe a prime,so we cross out all numbers(bigger
than3) thatare (composite)multiplesof 3.
{2,3,5,7,2,
11, 13,,I,S, 17, 19,;/,23,25,;/7,29}.
Then5 is the nextuncrossednumber,so we concludeit is prime,and we cross out all
numbers(biggerthan5) thatare multiplesof 5.
{2,3,5,7,
11, 13, 17, 19,23,;,S,29}.
(Weneed not checkanyprimesbiggerthan5 since suchprimesare largerthan).
An historicaldescriptionof thisfactfollows.)
Theset of primesless than30 is whatremains:
{2,3,5,7,
11, 13, 17, 19,23,29}.
The Sieve of Eratosthenesrepresents the only known algorithm from antiquity that
we would call a primality test?but it is highly inefficient and it could not come close to
_ 1, shown to be prime
verifying some of the primes known today. The number26')795')3
on June 1, 1999, has 2,098,960 decimal digits (see the discussion of Mersenne primes
below). Using the Sieve of Eratosthenes to verily its primality would take longer than
the life expectancy of our sun using the fastest computers known today. The modern
techniques that yield such a spectacular primality proof as this one are based on the
ideas of later pioneers, whose contributionswe highlight in this article.
Arabs and Italians
Arabic scholars were primarily responsible for preserving much of the mathematics
from antiquity,and they extended many ancient results. Indeed, it was said that Caliph
al-Mamun (809-833) experienced a vision, which included a visit from Aristotle; after
this epiphany, al-Mamun was driven to have all of the Greek classics translated into
Arabic, including Euclid's Elements.
Under the caliphate of al-Mamun lived Mohammed ibn Musa al-Khowarizmi (Mohammed, son of Moses of Kharezm, now Khiva), who was one of those to whom
Europe owes the introductionof the Hindu-Arabic number system. Around 825 CE, he
completed a book on arithmetic, which was later translated into Latin in the twelfth
century under the title Algorithmide numeroIndorum.This book is one of the bestknown works which introducedto Europe the Hindu-Arabic number system. This may
account for the widespread, although mistaken, belief that our numerals are Arabic in
origin. Not long after Latin translations of al-Khowarizmi's book were available in
Europe, readers began to attributethe new numerals to him, and began contracting his
name, in connection with these numerals, to algorism,and ultimately to algorithm.
The
Al-Khowarizmi also wrote a book on algebra, Hisab aljabr wa'lmuqa-bala.
word algebrais derived from aljabr or restoration.The term referredto the operation
of removing a quantity that is subtractedon one side of an equation and "restoring"it
MATHEMATICS
MAGAZI
NE
20
on the otherside as an addedquantity.In the SpanishworkDon Quixote,whichcame
muchlater,the termalgebristis usedfor a bone-setteror restorer.
As we observed,Eratosthenesdidnotdiscussthe issueof whenhis algorithmwould
terminate.However,Ibn al-Banna(ca. 1258-1339) appearsto have been the firstto
observethat,in orderto find the primesless thann using the sieve of Eratosthenes,
one can restrictattentionto primedivisorsless than.
Fibonacci The resurrection
of mathematicalinterestin Europeduringthe thirteenth
centuryis perhapsbest exemplifiedby the workof Leonardoof Pisa (ca. 1170-1250),
betterknownas Fibonacci.While living in NorthAfrica,wherehis fatherservedas
consul,Fibonacciwas tutoredby an Arabscholar.Thus,Fibonacciwas well-educated
in the mathematicsknownto the Arabs.Fibonacci'sfirstbook, andcertainlyhis best
known,is LiberAbaciorBookof Calculationfirstpublishedin 1202,whichcontinued
to promotethe use of the Hindu-Arabicnumbersystemin Europe.However,only the
secondedition,publishedin 1228 has survived.
Inthiswork,Fibonaccigaveanalgorithmto determineif n is primeby dividingn by
naturalnumbersup to >. Thisrepresentsthe firstrecordedinstanceof a deterministic
algorithmfor primalitytesting,wheredeterministicmeansthatthe algorithmalways
terminateswith eithera yes answeror a no answer.(A deterministicalgorithmmay
also be viewed as an algorithmthat follows the same sequenceof operationseach
time it is executedwith the same input.This is in contrastto randomizedalgorithms
that makerandomdecisionsat certainpointsin the execution,so that the execution
pathsmay differeach time the algorithmis invokedwith the sameinput.See [9] for a
discussionof some randomizedalgorithms,whichwe will not discusshere.)
Fibonaccialso discussedthe well-knownclass of Fibonaccinumberks,
{Fn} defined
by the sequence
F1= F2= 1, Fn= Fn-l + Fn-2 (n > 3)
In additionto being one of Fibonacci'smemorableaccomplishments,this sequence
laterplayeda surprisingrole in primalitytesting,as we shallsee.
Perfectnumbers
Anotherdistinguishedset of numbersthathad a deep influenceon the development
of primalitytestingwas the set of perfectnumbers.A perfect numberis an integer
n E N equalto the sum of its properdivisors(thosem E N wherem I n butm 7&n).
Forexample,6 is a perfectnumber,since 6 = 3 + 2 + 1. The Pythagoreansprobably
knewaboutperfectnumbers;the ideais foundedin mysticism,whichwas theirvenue.
Perfectnumbersappearin Euclid'sElements,so we knowtheconcepthadbeenaround
for some time.The number2n-1(2n-1) is perfectfor n = 2,3,5,7, andthesearethe
firstfourperfectnumbers:6,28,496, and8128.
The ancientGreeksattributed
mysticalpropertiesto perfectnumbers.St. Augustine
(354430 CE) iS purportedto havesaidthatGodcreatedthe earthin six days sincethe
perfectionof the workis signifiedby the perfectnumber6. Also, the moonorbitsthe
eartheverytwenty-eightdays, and28 is the secondperfectnumber.
PietroAntonioCataldi(1548-1626) developedan algorithmicapproachto primality testing,butis probablybest knownfor his workon continuedfractions.In particular,his work Trattatodel modo brevissimodi trovarla radice quadradelli numeri
publishedin 1613, representsa significantcontributionto the developmentof continued fractions.His workon perfectnumberswas also considerable.Amonghis thirty
VOL.75, NO. 1, FEBRUARY2002
21
books, he wrote on military applications of algebra, and even published an edition of
Euclid's Elements. Cataldi proved that the fifth, sixth, and seventh perfect numbers
are:
33550336 = 2l2(2l3 - 1)
8589869056 = 216(2l7 - 1),
and
137438691328 = 218(2l9 - 1).
It is uncertain whether Cataldi was the first to discover these perfect numbers, but
his are the first known proofs of these facts. Cataldi was also the first to observe that
if 2n _ 1 is prime then n must be prime. In fact, the following result was known to
Cataldi, though proved by Fermat.
THEOREM1. (PERFECTNUMBERS)If
2n_ 1 is prime, then n is prime and
2n-1(2n-1 ) is perfect.
Proof: Since (2'n-l ) l (2n-1) whenever m Wn, then n must be prime whenever
2n _ l is prime. (Note that, in general, if n = Tm, then for any b E 1S, bn_ 1 =
(b)n_l)Lf,
lbm(e-.i))
Let Sl be the sum of all divisors of 2t1-l and let S2 be the sum of all the divisors of
the prime 2"-l. Then the sum S of all divisors of 2''-l (2''-1) is given by:
S=
E
T=
019'' 1(2"-I)
E
TT'= Lf
61''' 1 ('1('''-I)
E
T'=SIS2.
t1n'' 1 ('1(2't-I)
Also, Sl = El,._()2i, so as a geometric series, we know that
S
Finally, since 2'/-l
=
2n
_
1
is prime, then S2 = 2t1.Hence,
S = 2 (2 - 1),
so 2n-l (2n-1)
is perfect.
Long after Cataldi, Euler showed that every even perfect number has the form given
in Theorem 1. It is unknown whether there are any odd perfect numbers and the search
for them has exceeded the bound 103°°. Moreover, if such a beast exists, then it is
known that it must have at least twenty-nine (not necessarily distinct) prime factors
(see Guy [6, B l, p. 44]).
The Frenchenterthe fray
Theorem 1 tells us that the search for even perfect numbers is essentially the search
for primes of the form
Mp =
2P-1,
where p is prime.
Such primes are called Mersenne primes, the largest known of which is given above
(see: http://www.utm.edu/research/primes/largest.html).These are named after the
mendicant monk, Marin Mersenne (1588-1648). Although Mersenne was not a for-
MATHEMATICS
MAGAZI
NE
22
mally trainedmathematician,
he hadgreatenthusiasmfor numbertheory.Amonghis
contributionswere his multifariouscommunicationswith many of the outstanding
scholarsof the day, includingDescartes,Fermat,Freniclede Bessy, and Pascal.He
also publishedCognitataPhysica-Mathematica
in 1644 in which he claimedthatof
all the primesp < 257, the only MersenneprimesMpthatoccurarewhen
p =2,3,5,7,
13, 17, 19,31,67, 127,257.
It was notuntilthetwentiethcenturythatMersenne'sclaimswerecompletelychecked.
We now know thatMersennemade five mistakes.For example,Mp is not primefor
p = 67 andp = 257, but Mp is primefor p = 61, p = 89, andp = 107. It is for this
list, andthe impactwhichit had,thattheseprimeswerenamedafterhim.
Pierrede Fermat(1607-1665) keptMersenneinformedof the progressthathe, too,
was makingin numbertheory.In particular,
Fermatinformedhim thathe hadproved
223 1(237-1) = M37.
Fermatwas ableto do this by usinga seriesof results,thatbeganwithhis well-known
"littletheorem."
THEOREM
2. (FERMAT
s LITTLE
THEOREM)
If q is a primenot dividingb E ,
thenq I (bv-l-1).
Proof: The resultis obvious if q = 2, so we assumethatq > 2. We now use the
BinomialTheorem.First,we establishthatq l (jq)for anynaturalnumberj < q. Since
q > 2 is prime,then neitherj nor q-j divides q for any j with l < j < q-1.
Therefore,the integer
tqA
ViJ
q!
(q-j)!j!
is a multipleof q. Now, the BinomialTheoremin conjunctionwith this fact tells us
that
bq =(b-1+l)q
for some a,
E
= (9)(b-l)q-ili
=(b-I)q+
N. Applyingthis sameargumentto (b-l)q,
I +qa
we get
(b-1 )q = (b-2)q + 1 + qa2
for some a2 E N. Continuingin this fashion,for each (b-i)q
ultimatelyget that
with 1 < i < b, we
b
bq = b + q E ay.
j=l
Hence,q I (bq-b) = b(bq-l-1), butq t b so q I (bq--1).
l
Fermatwas actuallyinterestedin a resultslightlydifferentfromthe "littletheorem"
statedabove.It is trivialthatthe littletheoremimpliesthe followingtheorem:
THEOREM 3.
existsan n E
N
Let b E N and q a primesuch thatq does not divideb. Thenthere
such thatn I (q-1) and q I (b(q-l)/n-1).
VOL.75, NO. 1, FEBRUARY2002
23
Thisis triviallyimpliedby thelittletheoremby settingn = 1. However,caseswhere
largervaluesof n occurwereof specialinterestto Fermat,as we shallsee. The following resultshowsthatin somecases we may actuallyfindthem:
COROLLARY
1. If p > 2 is prime,thenanyprime divisorq of 2P _ 1 mustbe of
theform q = 2mp + 1for some m E N. Also, if m is the smallestnaturalnumberfor
whichq I (bm-1), thenq I (bt-1) wheneverm I t.
Here,thenumber"2m"takesthe role of n in the statementof Theorem2. In particular,not only may we assumethatn > 1, butthatit is even.
Proof: Firstwe provethe secondassertion,which follows fromthe fact thatif t =
ms for somes E , then (bt-1) = (bm-1) EJ=I bm(X-i).
Now we establishthe firstassertion.Let q be a primedividing2P-1. Thenby the
"littletheorem,"ql(2q-l-1).
CLAIM.gCd(2P-1, 2q-] -1) = 2gCd(/)
q-])-1.
Let g = gcd(p, q-1) andgl = gcd(2P-1, 2q-1-1). Thus,by the secondassertion (2g-1) Igl. It remainsto showthatgl I(2g-1). By theEuclideanAlgorithmthere
exist x, y E S such thatg = xp-y(q-l).
Since gl 1(2s)-1), thengl 1(2PX-1) by
the secondassertion,andsimilarlygl 12(q-l)Y
_ 1. Thus,gl divides
2P-t-2(b-
l). = 2("-1)-&
(2/9X-(b1)-- l ) =
2(q
).Y(2'¢-
l ).
However,since gl is odd, thengl 1(2g-1). This provesthe Claim.
Since ql(2q-1-1) andql(21'-1), theng > 1. However,since p is prime,thenwe
must havethatg = p, so Pl(q-I ). In otherwords,thereexists an n E S such that
q-I = np. Since p, q > 2, thenn = 2m for some m E S. This completesthe proof.
.
Fromthese resultsFermatsoughta numbern > 1 as in Corollary1 to use in trial
divisionsto test Mersennenumbersfor primality.He saw thatCorollary1 could be
useful to detectpossibleprimesq such thatq | (237-1). For example,q = 37n + 1
may be testedfor low, even values of n until we find, when n = 6, that223 divides
(237-1 ) = (2(q-1)/l-1 ) . Fermatalso discoveredthat
q = 47 divides(223-1 ) = (2('- l)/2 _ l )
using this method.We note thatit takesonly two trialdivisionsusing this methodto
provethat
q = 233 divides(229-1 ) = (2(233-1)/8-1 )
The reasonis thatby Corollary1 any primedivisorof 229-1 must be of the form
58m + 1 so by testingfor m = 1, 2, 3, 4 of whichonly two areprime,59 and233, we
get the nontrivialprimedivisorq = 233.
Some of Fermat'smost famousresultswere found in his correspondencewith an
excellentamateurmathematician,
BernardFreniclede Bessy (1605-1675). InFermat's
letterdatedOctober8, 1640,Fermat'sLittleTheorem,in certainspecialcases, makes
its first recordedappearance.Freniclede Bessy also correspondedwith Descartes,
Huygens,and Mersenne.He actuallysolved severalproblemsposed by Fermat,and
posedfurtherproblemshimself.
AfterFermat'searliersuccess with Mersenneprimes,he suggestedto Freniclede
Bessy thatnumbersof the form
NE
MAGAZI
MATHEMATICS
24
22n
+
1
Fershouldbe prime.TodaysuchnumbersarecalledFermatnumbers,denotedby Wn.
for n = O,1, 2, 3, 4 wereprime,calledFermatprimes,butcouldnot
matknewthatWn
is compositefor 5 < n < 24, and
proveprimalityfor n = 5. Todaywe know thatWn
is compositefor all n > 24 as well. (OnJuly25, 1999, F382447,
it is suspectedthatWn
which has over 101° decimaldigits, was shownto be compositeby John Cosgrave
(see http://www.spd.dcu.ie/johnbcos/fermat.htm).)
Fermat'sworkalso hadconsequencesfor factoring.We defineafactorizationalgorithmas one thatsolvestheproblemof determiningthe completefactorizationof aninTheoremof Arithmetic.In otherwords,
by theFundamental
tegern > 1, as guaranteed
PJj .
the algorithmshould find distinctprimes py and aj E N such that n
We observe that it suffices for such algorithmsto merely find r, s E N such that
1 < r < s < n withn = rs (calledsplittingn), since we can thenapplythe algorithm
to r and to s, therebyrecursivelysplittingeach compositenumberuntil a complete
since decidingwhethera givenn > 1 is composfactorizationis found.Furthermore,
ite or primeis easier,in general,thanfactoring,one shouldalwayscheckfirstwhether
n is composite(primalitytest)beforeapplyinga factorizationalgorithm.
In 1643, Fermatdevelopeda methodfor factoringthatwas basedon a simpleobservation.If n = rs is an oddnaturalnumberwith r < fii, then
=
nk=l
n = a2 _ b2 wherea = (s + r)/2 andb = (s-r)/2.
Hence,in orderto finda factorof n, we look throughthe variousquantitiesa2 _ n as
a rangesamongthe valuesa = L>2 + 1, L>2 + 2, . . ., (n-1)/2 until we finda
perfectsquare,whichwill playthe roleof b2.(Here Lzjis the greatestintegerfunction
or toor, namelythe greatestintegerless than or equal to z.) Once the appropriate
valuesof a and b have been determined,we may solve for the factorsr and s. This
is called the diJferenceof squaresmethodof factoring,and it has been rediscovered
numeroustimes.
From Eulerto Gauss
The Swiss mathematician,LeonhardEuler (1707-1783), becameinterestedin Fermat'sworkin 1730. He foundthat
641 1@5,
therebyrefutingFermat'sconjecture.Euler'smethodwas to generalizea resultof Fermat:
= 22 + 1, then
NUMBERS)If Wn
ON FERMAT
4. (EULERs RESULT
THEOREM
is of theform 2n+lr+ 1for some r E N.
everyprimedivisorof Wn
Supposethatm E N is the smallestvalue
Proof: Let p be a primedivisorof Wn.
suchthatp l (2m-1), andset 2m= pw + 1 for someintegerw. Thensince p l (22 +
1) andp l (22 + -1), we musthave2n+l> m > 2n.By theDivisionAlgorithm,there
must exist k E N and a nonnegativeintegerf < m, such that2n+l= mk + t. Since
m > 2n,thenk = 1 mustbe true.Also, p divides
(22n+l- 1) = 2m+t_ 1 = (2m)2t- 1 = (pw + 1)2 - 1,
so we have shownthat p l (2t-1).
Hence m = 2n+l
By the minimalityof m, we must have f = 0.
VOL.75, NO. 1, FEBRUARY2002
25
Now, by Theorem2, p | (2P-1-1), so p-1 > 2n+l. Again, by the Division
Algorithm,there must exist r E N and a nonnegativeintegert1 < 2n+l such that
p-1 = 2n+lr+ t1. Since p divides
(2P-1
_
1)
=
22n+lr+t1
_
1
=
(22
)r2t1
_
1
=
(pW
+
l)r2fl
-
1,
a quickapplicationof the BinomialTheoremshowsthatthis equals(pvl + 1)2t1-1
for some integervl. This meansthatp | (2t'-1), forcingt1 = 0 by the minimality
of 2n+l.Hence,p = 2n+lr+ 1.
In particular,we knowfromTheorem4 thatall divisorsof @5 mustbe of the form
64k + l. Thus,Euleronly neededfive trialdivisionsto findthe factor641, namelyfor
k = 3, 4, 7, 9, 10, sincethe values64k + 1 for k = 2, 5, 8 aredivisibleby 3, andthose
for k = 1, 6 aredivisibleby 5.
Euleralso knewof the sevenperfectnumbers
2n-1(2Zl-l)forn=2,3,5,7,
13, 17, 19.
By 1771, he haddeterminedthatMS1is also prime(usinga methodologywe outline
below),the largestknownprimeto thatdate,a recordthatheld until 1851.
In 1830, a valuabletechniquefor factoringany odd integern was discoveredby
Adrien-MarieLegendre( 1752-1833) uksing
the theoryof quadraticreisidues.This theory, studiedsince the time of Eulerand greatlyadvancedby Gauss waksappliedby
Legendreto developa new ksievemethod.An integerc is called a quadraticresidue
modulosl E S if thereis an integerx suchthat
( -x2(mod n)
(meaningthatn I (c-xX ) ).
Supposewe wish to find primedivisorsof an integersI. For differentprimesp,
Legendrestudiedcongruencesof the form
x2 _ Ap (modsl) .
Supposea solutionto this congruencecould be found.This would imply that Ap is
a quadraticresiduemoduloall primefactorsof n. This fact can be used to greatly
reduce the ksearch
for prime divisors of n by only consideringthose primes q for
which p is also a quadraticresidue(modq). For instance,suppose2 is a quadratic
residue(modn). A resultthatfollows fromFermat'sLittleTheoremstatesthat2 is a
quadraticresiduemoduloa primeq if and only if q--Jrl (mod8). Thus, alreadywe
havehalvedthe searchfor factorsof n (by eliminatingodd divisorswhose remainders
are 43(mod8)).
Legendreappliedthis methodrepeatedlyfor variousprimesp. This can be viewed
as constructinga (quadratic)sieve by computinglots of residuesmodulon, thereby
eliminatingpotentialprimedivisorsof n thatsit in variouslinearsequences.He found
thatif you computedenoughof them, then one could eliminateprimesup to a as
primedivisorsandthusshown was prime.
Someresultsof EulerhadactuallyanticipatedLegendre'swork.He consideredtwo
representations
of n:
n=
X2 +ay2
= Z2 +aw2
SO
(x w) _ (n-ay
) w -n w -ay
w
ay2 w2
(Z2 _ n)y2 _ (zy)2 (mod n),
MATHEMATICS
MAGAZI
NE
26
and we are back to a potentialfactorfor n. The basic idea in the above, for a given
n E , is simplythatif we can findintegersx, y suchthat
x2-y2(mod n)
(1)
andx W iy(modn), then gcd(x-y, n) is a nontrivialfactorof n. This idea is still
exploitedby numerousalgorithmsin currentuse: Pollard'sp-1 algorithm,the continuedfraction algorithm,the quadraticsieve, and the powerfulnumberfieldsieve.
For a completedescriptionof these methodsand their applicationsto cryptography,
see [9].
Legendrewas only concernedwithbuildingthe sieve on theprimefactorsof n, and
so he was unableto predict,for a given primep, a secondresidueto yield a square.
In other words,if he found a solutionto x2 _ py2(modn), he could not predicta
differentsolutionW2-pZ2 (modn). If he hadbeen ableto do this,thenhe wouldhave
been able to combinethe two as
(xw)2_
(pzy)2(modn),
so if xw t Apzy(modn), then gcd(xw-pzy, n) wouldbe a nontrivialfactorof n,
therebyputtingus backin the situationgivenin (1).
Theideaof tryingto matchthe primesto createa squarecanbe attributed
to Maurice
BorisovichKraitchik(1882-1957). Kraitchik,in theearly1920s, reasonedthatit might
suffice to find a multipleof n E N as a differenceof squares.He chose a quadratic
polynomialof the form kn = ax2 + by2 for some k E N. In its simplestform with
k = a = b = 1, he would sieve over x2-n for x > Lj. This is the basic idea
behindthe quadraticsieve methodmentionedabove.Thus,what Kraitchikhaddone
was to opt for "fast"generationof quadraticresidues,and in so doing abandoned
Legendre'sMethod(meaningthat,generally,he did not haveresiduesless than2>),
but gained controlover findingof two distinctresiduesat a given prime to form a
square(as describedabove),whichLegendrewas unableto do. Thus,Kraitchikcould
startat valuesbiggerthan> andsieve until"large"residueswerefound.
A versionof Legendre'smethodfor factoringwas developedby one of the greatest
mathematicianswho ever lived, CarlFriederichGauss (1777-1855), in his influential masterpieceDisquisitionesArithmeticae[5]. Gaussrecognizedthe importanceof
factoring[5, Art. 329, p. 396]: "Theproblemof distinguishingprimenumbersfrom
compositenumbersand of resolvingthe latterinto theirprimefactorsis knownto
be one of the most importantand usefulin arithmetic."
Gaussalso discussedanother
factoringmethodin [5], whichmay be describedas follows.
Suppose that we want to factor n E N. We choose some m E N such that
gcd(m,n) = 1. Supposethatx = r, s E N aretwo solutionsof
n | (X2-m)
(2)
Then,if n t (r i s), thengcd(r-s, n) mustbe a nontrivialdivisorof n becausen l
(r-s)(r + s), while n t (r-s) andn t (r + s).
Landry,Lucas, and Lehmer
Oncewe enterthe nineteenthcentury,the workof severalindividualsstandsoutin the
developmentof factoringandprimalitytesting.Amongtheseis C. G. Reuschle(18131875).Tablescompiledby Reuschleincludedall knownprimefactorsof bn_ 1for
b = 2,3,5,7, ll,andn < 42.
VOL.75, NO. 1, FEBRUARY
2002
27
He also includedpartialfactorizationsof 2n _ 1 for somevaluesof n < 156, andas we
have alreadyseen, this informationis useful for primalitytesting.In 1925, CunninghamandWoodall[3] publishedtablesof factorizationsof bni 1 for a small number
of valuesb < 12, and some high powersof n. As a consequence,workon extending
Project.(Relativelyrecentwork
thesetableshas cometo be knownas the Cunningham
on the CunninghamProjectandrelatedproblemsis available[1].)
In the late 1860s a ParisiannamedFortuneLandryworkedon findingfactorsof
Mn.He beganby looking closely at Euler'sproof of the primalityof M31,and tried
to improveit. Euler had observedthat any prime p dividing M31must be of the
form p _ 1 mod62. Since primesdividingforms of the type x2 _ 2y2 must satisfy
p _ Al(mod8), Euler knew that if p l M31,then p-1, 63(mod248), given that
= 46340, Eulerhad to trialdivide M31by primesof
p l ((216)2-2). Since L2
the formp = 248k + 1 or p = 248k + 63, wherep < 46340. Findingno suchprimes,
he concludedthatM31mustbe prime.LandryextendedEuler'sideas as follows: If a
given n E N is known to have only factorsof the form ax + b for some (known)
integersa, b, and if n = (axl + b)(ax2 + b) for some (unknown)integersxl, x2, he
deducedthatthereexist integersq, h, r suchthat
XlX2=q-bh,
X1 +X2
=
r +ah,
(3)
(4)
and
h = q-xl (r-xl )
axl +b
Landryalso showedthat if h = gh' + k for some integersg, h', then thereexists a
boundB such thatif xl > B, then h' = O.Hence, his algorithminvolvedtesting all
possiblevaluesof k-h to see whetherEquations(3)-(4) havesolutionswhenxl > B.
If theydo, thenwe havea factorof n. If they do not, thenwe test all possiblevaluesof
xl < B to see if Equation(5) has a solution.We eitherget a factorof n or show thatn
is prime.(Dickson[4, p. 371] mentionsLandry'seffortsin the case wherea = 6 and
b = + 1, for instance.)
Using these methods,Landrycompletelyfactored2n + l for all n < 64 with four
exceptions.He even foundthe largestknownprimeof the time, namely
(253+ l)/321 = 2805980762433.
individualin the area of primalPerhapsthe most influentialnineteenth-century
ity testingwas Franbcois
EdouardAnatoleLucas(1842-1891). Lucashad interestsin
recreationalmathematics,such as his inventionof the well-knownTowerof Hanoi
problem.However,his seriousinterestwas in numbertheory,especiallyDiophantine
analysis.Althoughhe spentonly the years 1875-1878 on the problemsof factoring
and primalitytesting,his contributionwas impressive.Some of the ideas developed
by Lucasmay be interpretedtodayas the beginningsof computerdesign.He studied
Fibonaccinumbersandby 1877 had completelyfactoredthe firstsixty of them.This
led him to developresultson the divisibilityof Fibonaccinumbers,andultimatelyto a
proofthatMl27is prime(moduloa correctedproofof the theorembelow). The significanceof this feat is revealedby the fact thatthis numberheld the distinctionof being
of a century.A largerprimewas not found
the largestknownprimefor three-quarters
until 1951 by MillerandWheeler[8].
TheinfluencethatLucashadon modern-dayprimalitytestingis well describedin a
recentbook by HughWilliams[10], devotedto a discussionof the workof Lucasand
his influenceon the historyof primalitytesting.
28
MATHEMATICS
MAGAZI
NE
To see how LucasdeterminedthatM127is prime,we statethe followingresultthat
was known to Lucas, althoughit was not given a valid proof until 1913 by R. D.
Carmichael[2].
THEOREM5. Supposethat Fk denotes the kth Fibonaccinumberand n E N is
given. If n _ i3(mod 10) and n | Fn+lbut n t Fmfor all divisorsm of n with 1 <
m < n, thenn is prime.Also, if n--i1 (mod10) and n | Fn_lbutn t Fm
for all divisors m of n with 1 < m < n-2, thenn is prime.
Baseduponthisresult,all Lucashadto establishwas thatM127I F2l27butM127t F2n
for all naturalnumbersn < 127. He did this in 1876, using methodsthat led to a
primalitytest,the last we includein ourhistoricaldiscussion.
In the 1930S a pioneeringgiant in the world of primalitytesting,DerrickHenry
Lehmer(1905-1991), extendedthe ideas of Lucasto providethe followingprimality
test. (A look at his collectedworks[7] is highlyrecommended.)
Lucas-Lehmertrue primalitytest for Mersennenumbers The algorithmconsists
of the followingstepsperformedon a MersennenumberMn = 2n _ 1 with n > 3.
(l) Set sl = 4 andcomputeSy _ s2_l-2(modMn)
for j = 1, 2, . . ., n-1.
(2) If Sn-l-O(modMn),
then concludethat Mnis prime.Otherwise,concludethat
Mtlis composite.
Lucasknewonly thatthe test was sufficientfor primality,andthis only for certain
restrictedtypes of values of n. In 1930, Lehmerprovedboth that the conditionis
necessaryandthatthe test holdsfor anyn E N.
EXAMPLE2. InputM7 = 127. Thenwe computesj, the least nonnegativeresidue
of s; moduloM7as follows. 52 = 14, sS = 67, 54 = 42, s5 = 111, and S6 = 0. Thus,
M7is primeby the Lucas-Lehmer
Test.
This celebratedtest is a fine exampleof the effortsof the pioneerssuch as Lehmer
whose work, it may reasonablybe said, had a deep and lastinginfluenceupon the
developmentof computationalnumbertheory,an experimentalscience with its feet
in boththe mathematicalandcomputerscience camps.One aspectof computational
numbertheorythathas givenit high profileis cryptography,
the studyof methodsfor
sendingmessagesin secret.
Ourage is dominatedby information,andthe need for secrecyis paramountin industry,academe,andthe military,notto mentionourpersonallives. As we sendemail
messages and financialdata, we hope they remainprivate.Factoringand primality
testingplay a dominantrole in the developmentof moderncryptographic
techniques.
Thoughthe ideas of the pioneersareubiquitousin modernalgorithms,creditfor their
workis oftenoverlooked.Wehope to haveincreasedthe readersinterest,understanding, andappreciationfor theseideas.
Acknowledgments. The author'sresearchis supportedby NSERC Canadagrant# A8484. Thanksgo to the two
anonymousreferees whose comments inspired a complete rewritingof the first draft of this article in orderto
make the articlemore accessible and focused. Also, thanksto Glenn Appleby for help with the final edition.
REFERENCES
l. J. Brillhart,D. H. Lehmer,J. L. Selfridge, B. Tuckerman,and S. S. WagstaffJr., Factorizationsof bni 1,
b = 2, 3, 5, 6, 7, 10, 11, 12 up to High Powers, ContemporaryMath.22, Amer.Math. Soc., Providence,R.I.,
Second Edition(1988).
2. R. D. Carmichael,On the numericalfactors of the arithmeticforms Oln i ,Bn, Annals of Math., 15 (1913),
30-70.
VOL.75, NO. 1, FEBRUARY
2002
29
3. A. J. C. Cunninghamand H. J. Woodall, FactorizationOfyn T 1, y = 2, 3, 5, 6, 7, 10, 11, 12 Up to High
Powers (n), Hodgson, London, 1925.
4. L. Dickson, Theoryof Numbers,Vol. I, Chelsea, New York, 1992.
5. C. F. Gauss, DisquisitionesArithmeticae(English edition), Springer-Verlag,Berlin, 1985.
6. R. K. Guy, UnsolvedProblemsin NumberTheory,Vol. 1, Second Edition, Springer-Verlag,Berlin, 1994.
7. D. H. Lehmer,Selected Papers of D. H. Lehmer,Vol. I-III, D. McCarthy(Ed.), The CharlesBabbage ResearchCentre,St. Pierre,Canada,1981.
8. J. C. P. Miller, Largeprimes,Eureka14 (1951), 10-1 1.
9. R. A. Mollin, An Introductionto Cryptography,Chapmanand Hall/CRCPress, New York,2001.
10. H. C. Williams,EdouardLucas and PrimalityTesting,CanadianMathematicalSociety Series of Monographs
and AdvancedTexts, Vol. 22, Wiley-Interscience,New York,Toronto,1998.
Doing Math
DONNA DAVIS
P.O. Box 23392
BiIIings, MT 59 104
Au contraire,ThreeDog Night,one
is not the loneliestnumber.Two,
however,is indeedthe loneliestnumber
since the numberone is out of the running.
In a three-leggedrace,it helpsto becomeone
withthe two you'retied-to.
The Foursquare
GospelChurchhas truth
cornered.Five in the hive andbefore
you knowit, honey,we'redonefor.
S1xtzmesS1XtlmeS S1Xgets
you 200+ years
to plantapricotsandpots of petunias.
.
.
.
.
.
Twocalls me again it's thatdouble
helix, the doublecross,the doublewe
all aresaid to havesomewherein the world.
Minewas on a TV showonce, Jeopardy,but
thenagainaren'twe all in danger?
Seven'sso lucky,we shouldprimethe pump
withherbeforeeverybathandbaptism.Eight
won'twait ask any cat with only one morelife left.
Nine is fine-faceted like a sparkle.
And ten lets you startagainwhere
yournumbersystem'sbass'ed
andcello'ed andviolin'edandviola'ed
andthe way to heavenis chartedfor you.