A Simple Derivation for the Frobenius Pseudoprime Test

Probabilistic compositeness tests are of great practical importance in cryptography. Besides prominent tests (like the well-known Miller-Rabin test), there are tests that use Lucas-sequences for testing compositeness. One example is the so-called Frobenius test that has a very low error probability. Using a slight modification of the above mentioned Lucas sequences we present a simple derivation for the Frobenius pseudoprime test in the version proposed by Crandall and Pommerance in [CrPo05]. 1 Lucas and Frobenius Pseudoprimes For f(x) = x − ax+ b ∈ Z[x] the Lucas sequences are given by Uj := Uj(a, b) := x − (a− x) x− (a− x) (mod f(x)) Vj := Vj(a, b) := x j + (a− x) (mod f(x)) (1) These sequences both satisfy the same recurrence relation Uj = aUj−1 − bUj−2 ; Vj = aVj−1 − bVj−2 for j ≥ 2 with initial values U0 = 0, U1 = 1 V0 = 2, V1 = a The following theorem is the basis for a probabilistic prime test, called the Lucas test: Theorem 1. Let a, b ∈ Z \ {0}, ∆ := a − 4b and the sequences (Uj), (Vj) defined as above. If p is prime, with gcd(p, 2ab∆) = 1, we have: U p− ( ∆ p ) ≡ 0 (mod p) (2) Proof. If ∆ is a quadratic nonresidue modulo p, then the polynomial f(x) ∈ Zp[x] is irreducible over Zp, which means that Zp[x]/(f(x)) is a field and isomorphic to Fp2 . The elements of the subfield Zp are exactly those elements i+ jx ∈ Zp[x]/(f(x)) with j = 0. The zeroes of the polynomial f(x) are x and a − x, both in Fp2 \ Zp, and therefore permuted by the Frobenius automorphism. Thus we have in the case ( ∆ p ) = −1 :    x ≡ a− x (mod f(x), p) (a− x) ≡ x (mod f(x), p) D A N IE L L O E B E N B E R G E R (2 00 9) . A Si m pl e D er iv at io n fo rt he Fr ob en iu s Ps eu do pr im e Te st . In W eW O R C 20 09 . T hi sd oc um en ti sp ro vi de d as a m ea ns to en su re tim el y di ss em in at io n of sc ho la rl y an d te ch ni ca lw or k on a no nco m m er ci al ba si s. C op yr ig ht an d al lr ig ht s th er ei n ar e m ai nt ai ne d by th e au th or s or by ot he rc op yr ig ht ho ld er s, no tw ith st an di ng th at th es e w or ks ar e po st ed he re el ec tr on ic al ly .I ti s un de rs to od th at al lp er so ns co py in g an y of th es e do cu m en ts w ill ad he re to th e te rm s an d co ns tr ai nt s in vo ke d by ea ch co py ri gh t ho ld er ,a nd in pa rt ic ul ar us e th em on ly fo r no nc om m er ci al pu rpo se s. T he se w or ks m ay no tb e po st ed el se w he re w ith ou tt he ex pl ic it w ri tte n pe rm is si on of th e co py ri gh th ol de r. (L as tu pd at e 20 15 /0 7/ 13 -1 7 :4 6. )