Fermat and Mersenne Primes

In this section we investigate the primes of the form2𝑘+ 1and2𝑘− 1; they are called FermatandMersenneprimes, respectively. As mentioned in the previous section, it is unknown whether or not there exist infinitely many Fermat or Mersenne primes.

In Exercise 1.4.4 we have seen that if2𝑘+1is a prime, then𝑘is necessarily a power of two, whereas if2𝑘− 1is a prime, then𝑘itself must be a prime. Thus it is enough to investigate the Fermat numbers𝐹𝑛= 22𝑛+ 1and the Mersenne numbers𝑀𝑝= 2𝑝− 1 (where𝑝is a prime).

We consider Fermat numbers first. Fermat believed that𝐹𝑛was always a prime (this isnotthe famous Fermat’s Last Theorem to be discussed in Chapter 7). For0 ≤ 𝑛 ≤ 4these are primes (3,5,17,257, and65537), but Euler showed that𝐹5= 232+ 1is composite, since it is divisible by641.

As of February 2019 we know that𝐹𝑛is composite for5 ≤ 𝑛 ≤ 32and also for some larger values of𝑛. The record is𝐹3329780 (with more than101000000decimal digits!) having a factor193 ⋅ 23329782+ 1. No other Fermat primes have been found other than the𝐹𝑛 with𝑛 ≤ 4. We have no information about𝐹33. No factors of𝐹20or 𝐹24 are known (though they are known to be composite). The factorization of𝐹5,𝐹6, and𝐹7

can be found in the table of Fermat numbers at the end of this book (the complete factorization of𝐹𝑛is known only for𝑛 ≤ 11).

The Fermat primes play a central role in the Euclidean constructibility of regular polygons: Gauss’s theorem states that a regular𝑁-gon is constructible if and only if the standard form of𝑁, 𝑁 ≥ 3is𝑁 = 2𝛼𝑝1. . . 𝑝𝑟where𝛼 ≥ 0,𝑟 ≥ 0, and the numbers𝑝𝑖

are distinct Fermat primes. The first few values are𝑁 = 3,4,5,6,8,10,12,15,16,17, 20, . . . .

5.2. Fermat and Mersenne Primes 119

The following two theorems give practical tools for investigating the Fermat num- bers. Theorem 5.2.1 is an effective help in finding their prime divisors and Theo- rem 5.2.2 yields a (relatively) fast algorithm to test whether a given Fermat number is prime or composite.

Theorem 5.2.1. Any (positive) divisor of𝐹𝑛is of the form𝑘2𝑛+1+ 1, and for𝑛 ≥ 2it is

of the form𝑟2𝑛+2+ 1. ♣

Presumably Euler used this theorem for proving that𝐹5 is composite: the prime divisors of𝐹5can only be primes of form128𝑘 + 1. The first two of these are257and 641, and the latter one divides𝐹5.

Proof. First we verify the statement if the divisor is a prime𝑝. Then𝑝 ∣ 𝐹𝑛means

(5.2.1) 22𝑛≡ −1 (mod 𝑝) .

Squaring both sides, we obtain

(5.2.2) 22𝑛+1≡ 1 (mod 𝑝) .

By Theorem 3.2.2(i),

2𝑗≡ 1 (mod 𝑝) ⟺ 𝑜𝑝(2) ∣ 𝑗.

Hence (5.2.2) implies

𝑜𝑝(2) ∣ 2𝑛+1, and by (5.2.1), we have

𝑜𝑝(2) ∤ 2𝑛,

since clearly𝑝 > 2, and thus−1 ≢ 1 (mod 𝑝). It follows that 𝑜𝑝(2) = 2𝑛+1.

Using𝑜𝑝(2) ∣ 𝑝 − 1, we obtain2𝑛+1∣ 𝑝 − 1, so𝑝 = 𝑘2𝑛+1+ 1for a suitable integer𝑘.

If𝑛 ≥ 2, then this implies𝑝 = 8𝑠 + 1, so (2

𝑝) = 1, hence 2𝑝−12 ≡ 1 (mod 𝑝) . Therefore

𝑜𝑝(2) = 2𝑛+1|

| 𝑝 − 1 2 , so𝑝 = 𝑟2𝑛+2+ 1for a suitable integer𝑟.

These results can be written also as𝑝 ≡ 1 (mod 2𝑛+1), and for𝑛 ≥ 2, as𝑝 ≡ 1 (mod 2𝑛+2).

Consider an arbitrary divisor𝑑 ∣ 𝐹𝑛. Write𝑑 as the product of (not necessarily distinct) primes (if𝑑 > 1):𝑑 = 𝑝1. . . 𝑝𝑠. We have just proven that𝑝𝑖 ≡ 1 (mod 2𝑛+1) for every𝑖. Multiplying these congruences, we see that also𝑑 ≡ 1 (mod 2𝑛+1)holds.

We can use the same argument also for the modulus2𝑛+2. □ Theorem 5.2.2(Pepin’s test). Let𝑛 ≥ 1. Then𝐹𝑛is prime if and only if

♣ (5.2.3) 3(𝐹𝑛−1)/2≡ −1 (mod 𝐹𝑛) .

Proof. Assume first that𝐹𝑛is a prime. Then (5.2.3) means that3is a quadratic non- residue modulo𝐹𝑛, i.e.

(3 𝐹𝑛

) = −1.

To verify this, we use that𝑛 ≥ 1yields22𝑛 = 4𝑡, hence

𝐹𝑛≡ 1 (mod 4) , and 𝐹𝑛= 4𝑡+ 1 ≡ −1 (mod 3) . Applying quadratic reciprocity, we obtain

(3

𝐹𝑛) = (𝐹𝑛

3 ) = (−1 3 ) = −1.

To prove the converse, assume that (5.2.3) holds. Squaring both sides, we get

(5.2.4) 3𝐹𝑛−1≡ 1 (mod 𝐹𝑛) .

Congruences (5.2.4) and (5.2.3) imply

𝑜𝐹𝑛(3) ∣ 𝐹𝑛− 1 and 𝑜𝐹𝑛(3) ∤ 𝐹𝑛− 1 2 . Since𝐹𝑛− 1is a power of two, we infer

𝑜𝐹𝑛(3) = 𝐹𝑛− 1.

Therefore𝐹𝑛− 1 ∣ 𝜑(𝐹𝑛)follows. Clearly𝜑(𝐹𝑛) ≤ 𝐹𝑛− 1, therefore𝐹𝑛− 1 = 𝜑(𝐹𝑛), or

equivalently,𝐹𝑛is a prime. □

Using Theorem 5.2.2, we can show the compositeness of𝐹5= 232+1by computing the residue of3231 modulo𝐹5 by31squarings and reducing modulo𝐹5in every step.

It turns out that this residue is not−1. Moreover, even Fermat’s Little Theorem is sufficient for our purposes:32such steps of squaring and reduction reveal

3𝐹5−1= 3232≢ 1 (mod 𝐹5) ,

hence𝐹5 cannot be a prime. So Fermat could have disproved his conjecture about Fermat primes with his own theorem (the computations would have been no obstacle since even more lengthy calculations were regularly done in those times).

Theorem 5.2.2 is an efficient tool in general for determining whether a Fermat number is prime or composite: we can check the validity of (5.2.3) quickly by repeated squarings (and reducing modulo𝐹𝑛); we need altogether2𝑛−1 ≈ log2𝐹𝑛such steps.

Unfortunately, the practical application is limited by the fact that the Fermat numbers grow with enormous speed,𝐹𝑛≈ 𝐹𝑛−12 , therefore computers are unable to handle even relatively small values of𝑛.

Now we turn to study the Mersenne numbers𝑀𝑝 = 2𝑝− 1(where𝑝is a prime). It is easy to see that not all of them are primes; the smallest composite number is obtained for𝑝 = 11:

211− 1 = 2047 = 23 ⋅ 89.

The significance of Mersenne primes lies, partly, in their connection with the even perfect numbers (see Theorem 6.3.2). Mersenne was a superb scientific manager in the seventeenth century, corresponding intensively with Fermat, Descartes, and other

5.2. Fermat and Mersenne Primes 121

leading scientists, and encouraged the search for such primes in the hope of finding new perfect numbers.

Mersenne was aware of the difficulty of determining whether a large integer is prime or composite. He wrote in his book in 1644: “To tell if a given number of15or 20digits is prime or not, all time would not suffice for the test, whatever use is made of what is already known.” A few pages later, however, we can read his claim that:2𝑝− 1 is a prime for𝑝 = 2,3,5,7,13,17,19,31,67,127,257, but for no other values of𝑝 below 257.

For more than two centuries, nobody knew whether Mersenne’s list was correct or not. The first error was discovered in 1876(!) by another Frenchman, Édouard Lucas, who proved that267− 1is composite. It is interesting that Lucas proved the compos- iteness of267− 1without exhibiting any factors of it (based on Theorem 5.2.4 bearing also his name). The factorization

193707721 ⋅ 761838257287

was found only in 1903(!) by the American mathematician F. N. Cole who spent three years of Sunday afternoons wrestling with the problem (remember, he had to work by hand without computers, since these were invented half a century later).

Later four other errors were discovered in Mersenne’s list: the missing261 − 1, 289− 1, and2107− 1are primes and2257− 1is composite.

The presently (as of February 2019) known51Mersenne primes are2𝑝− 1where 𝑝 = 2,3,5,7,13,17,19,31,61,89,107,127,521,607,1279,2203,2281,3217,4253, 4423,9689,9941,11213,19937,21701,23209,44497,86243,110503,132049,216091, 756839,859433,1257787,1398269,2976221,3021377,6972593,13466917,20996011, 24036583,25964951,30402457,32582657,37156667,42643801,43112609,57885161, 74207281,77232917, and82589933. The last number,282589933− 1is the largest known prime—it has24862048decimal digits! It is a famous unsolved problem whether there are infinitely many Mersenne primes.

In the table of Mersenne numbers at the end of this book you can find the prime factorization of all composite Mersenne numbers for the (prime) exponents between 10and100.

Now we prove the analogues of Theorems 5.2.1 and 5.2.2 for Mersenne numbers.

Theorem 5.2.3. Let𝑝 > 2be a prime. Then any (positive) divisor of𝑀𝑝 = 2𝑝− 1is of

the forms2𝑘𝑝 + 1and8𝑟 ± 1. ♣

Example. Consider𝑝 = 47. Then for any prime divisor𝑞of𝑀47 = 247− 1, we have 𝑞 = 94𝑘 + 1 = 8𝑟 ± 1. Solving the system of simultaneous congruences

𝑥 ≡ 1 (mod 94) , 𝑥 ≡ ±1 (mod 8) we obtain

𝑥 ≡ 1or95 (mod 376) . The primes satisfying these conditions are

𝑞 = 1129, 1223, 2351, . . . We find that2351 ∣ 𝑀47, hence𝑀47is composite.

It is conceivable that also Mersenne found this divisor of𝑀47, and therefore he did not include𝑝 = 47into his list (and the missing of this value is not just a lucky coincidence).

Proof. Similar to the argument seen at the Fermat numbers, it is sufficient to prove the statement for prime divisors.

Assume that a prime𝑞satisfies

𝑞 ∣ 2𝑝− 1, i.e. 2𝑝≡ 1 (mod 𝑞) . Then𝑜𝑞(2) ∣ 𝑝, and𝑜𝑞(2) ≠ 1, hence𝑜𝑞(2) = 𝑝.

We infer𝑝 ∣ 𝑞 − 1, thus𝑞 = 𝑡𝑝 + 1. Since𝑞and𝑝are odd, therefore𝑡is even, so 𝑞 = 2𝑘𝑝 + 1.

To verify𝑞 = 8𝑟 ± 1, we have to show that2is a quadratic residue mod𝑞. This follows from the congruence2𝑝≡ 1 (mod 𝑞)by the properties of the Legendre symbol using that𝑝is odd:

(2 𝑞) = (2

𝑞)

𝑝

= (2𝑝 𝑞) = (1

𝑞) = 1. □

Theorem 5.2.4(Lucas–Lehmer-test). Let𝑝 > 2be a prime,𝑎1= 4, and𝑎𝑖+1= 𝑎2𝑖 − 2 for𝑖 ≥ 1. Then𝑀𝑝is a prime if and only if

♣

(5.2.5) 𝑀𝑝∣ 𝑎𝑝−1.

Example. Put𝑝 = 5. Then

𝑎1 = 4, 𝑎2 = 14, 𝑎3= 194 ≡ 8 (mod 31) , and 𝑎4≡ 62 ≡ 0 (mod 31) , hence𝑀5= 31is a prime.

When checking (5.2.5), we compute the modulo𝑀𝑝remainders of the𝑎𝑖, which requires𝑝 − 2 ≈ log2𝑀𝑝steps of squaring (plus subtracting and reducing).

Proof. The numbers𝑎+𝑏√3(where𝑎, 𝑏are integers) form a (commutative) ring (with identity element and without zero divisors) for the usual operations; we denote this ring by𝐻. In our proof we shall rely on the elementary properties of divisibility, con- gruences, and order in𝐻(which hold exactly the same way as for the integers). Unique prime factorization is valid in𝐻(see Theorem 10.3.6 and Exercise 10.3.1), but we shall not need this result in our argument.

I. We can easily verify by induction that

𝑎𝑘= (2 + √3)2𝑘−1+ (2 − √3)2𝑘−1 holds for every𝑘. Hence (5.2.5) is equivalent to the divisibility (5.2.6) 𝑀𝑝∣ (2 + √3)2𝑝−2 + (2 − √3)2𝑝−2. Factoring the right-hand side in (5.2.6), we obtain

(5.2.7) 𝑀𝑝∣ (2 − √3)2𝑝−2((2 + √3)2𝑝−1+ 1).

We note that the divisibility in (5.2.7) holds among the integers if and only if it is valid in𝐻(see Exercise 5.2.10), and(2 − √3)(2 + √3) = 1implies that2 ± √3raised to

5.2. Fermat and Mersenne Primes 123

integer powers are units in𝐻. Therefore (5.2.7) and thus (5.2.5) are equivalent to the congruence

(5.2.8) (2 + √3)2𝑝−1 ≡ −1 (mod 𝑀𝑝) .

We conclude that Theorem 5.2.4 can be reformulated as follows:𝑀𝑝is a prime if and only if (5.2.8) holds.

II. We shall need the following lemma: For any prime𝑞 > 3, we have (5.2.9) (𝑎 + 𝑏√3)𝑞≡ 𝑎 + (3

𝑞) 𝑏√3 (mod 𝑞) . Proof of the lemma: Consider the binomial expansion (5.2.10) (𝑎 + 𝑏√3)𝑞= 𝑎𝑞+ (𝑞

1)𝑎𝑞−1𝑏√3 + (𝑞

2)𝑎𝑞−23𝑏2+ ⋯ + 𝑏𝑞3(𝑞−1)/2√3.

By Fermat’s Little Theorem,

𝑎𝑞≡ 𝑎 (mod 𝑞) and 𝑏𝑞≡ 𝑏 (mod 𝑞) , further, each of

(𝑞 1), (𝑞

2), . . . , ( 𝑞 𝑞 − 1) is divisible by𝑞, and

3(𝑞−1)/2≡ (3

𝑞) (mod 𝑞) . Substituting these into (5.2.10), we obtain (5.2.9) as stated.

III. Now we are in the position to show that (5.2.8) implies the primality of𝑀𝑝. Squaring (5.2.8), we have

(5.2.11) (2 + √3)2𝑝 ≡ 1 (mod 𝑀𝑝) .

Let𝑞be a prime divisor of𝑀𝑝(clearly𝑞 > 3). Then (5.2.11) and (5.2.8) hold also for the modulus𝑞instead of𝑀𝑝. This yields (similar to the argument used in the proofs of Theorems 5.2.1 and 5.2.2) that𝑜𝑞(2 + √3) = 2𝑝.

If(3𝑞) = 1, then by (5.2.9) we obtain

(2 + √3)𝑞−1= (2 − √3)(2 + √3)𝑞≡ (2 − √3)(2 + √3) = 1 (mod 𝑞) , hence

𝑜𝑞(2 + √3) = 2𝑝≤ 𝑞 − 1.

But this is impossible since𝑞 ≤ 𝑀𝑝= 2𝑝− 1.

If(3𝑞) = −1, then similarly

(2 + √3)𝑞+1≡ (2 − √3)(2 + √3) = 1 (mod 𝑞) , thus

𝑜𝑞(2 + √3) = 2𝑝≤ 𝑞 + 1.

Comparing this with𝑞 ≤ 𝑀𝑝= 2𝑝− 1, we have𝑞 = 𝑀𝑝, i.e.𝑀𝑝is a prime.

IV. Finally, we prove that if𝑀𝑝is a prime, then (5.2.8) must hold.

We shall use that𝑀𝑝≡ −1 (mod 8)implies

(5.2.12) ( 2

𝑀𝑝

) = 1,

further, using𝑀𝑝≡ 1 (mod 3),𝑀𝑝≡ −1 (mod 4), and the law of reciprocity we get

(5.2.13) ( 3

𝑀𝑝) = − (𝑀𝑝

3 ) = − (1 3) = −1.

Starting from the equality

2(2 + √3) = (1 + √3)2, we raise both sides to the power(𝑀𝑝+ 1)/2 = 2𝑝−1:

(5.2.14) 2(𝑀𝑝+1)/2⋅ (2 + √3)2𝑝−1 = (1 + √3)𝑀𝑝+1.

For the first factor on the left-hand side of (5.2.14), using (5.2.12), we obtain (5.2.15) 2(𝑀𝑝+1)/2= 2 ⋅ 2(𝑀𝑝−1)/2≡ 2 ( 2

𝑀𝑝) = 2 (mod 𝑀𝑝) .

The right-hand side of (5.2.14) can be transformed as follows, applying (5.2.9) with 𝑎 + 𝑏√3 = 1 + √3and𝑞 = 𝑀𝑝, and using (5.2.13):

(5.2.16)

(1 + √3)𝑀𝑝+1= (1 + √3)(1 + √3)𝑀𝑝

≡ (1 + √3)(1 + ( 3 𝑀𝑝) √3)

= (1 + √3)(1 − √3) = −2 (mod 𝑀𝑝) . Substituting (5.2.15) and (5.2.16) into (5.2.14), we infer

(5.2.17) 2(2 + √3)2𝑝−1 ≡ −2 (mod 𝑀𝑝) .

Multiplying (5.2.17) by2𝑝−1 and using2𝑝 ≡ 1 (mod 𝑀𝑝), we obtain the desired con-

gruence (5.2.8). □

Exercises 5.2

1. (a) Verify𝐹𝑛+1= 𝐹0𝐹1. . . 𝐹𝑛+ 2.

(b) Demonstrate that the Fermat numbers are pairwise relatively prime (cf. Ex- ercise 1.3.14).

(c) Use part (b) to devise a new proof for the existence of infinitely many primes.

(d) Give a new proof for the statement of Exercise 5.1.9a.

2. Show that Theorem 5.2.2 remains valid for𝑛 ≥ 2if3 is replaced by5or10in formula (5.2.3).

3. Let𝑛 ≥ 2. Prove that𝐾𝑛= 5 ⋅ 2𝑛+ 1is a prime if and only if 3(𝐾𝑛−1)/2≡ −1 (mod 𝐾𝑛) .