3

https://en.wikipedia.org/wiki/Cipolla%27s_algorithm describes the steps to compute a modular square root, assuming a prime modulus.

The converse of this algorithm could be: considering a quadratic residue, a failure to compute its square root would indicate that the modulus is not prime.

This looks like a possible primality test.

Steps to check the primality of a odd number p > 3

  • get the the smallest integer i larger than $ \sqrt p $, which satisfies $ a = i^2 \mod p $ is not a perfect square (a is a (non-trivial) quadratic residue mod p)

  • get the first integer n larger than i where $ u = (n^2 - a) \mod p $ is not a quadratic residue (checked $ jacobi(u|q) = -1 $)

Now in the field $ F_{p^2} = F_p(\sqrt u) $

  • let $ w = (n + \sqrt u) $

  • Try to compute the square root of w

    $$ z = w^{(q+1)/2} $$

  • Then verify z, and curiously there are only 2 possibilities

    $ z = (x + y * \sqrt u )$ with either $ y \not = 0 $ , either $ x^2 \not = a \mod p $ and curiously, p seems to always be composite

    $ z = (x + 0 * \sqrt u )$ with $ x^2 = a \mod p $ and curiously, p seems to always be prime

I tested all integers p up to $ 2^{48} $ against either a false positive, either a false negative. I checked against all spsps base 2 up to $ 2^{64} $ (http://www.cecm.sfu.ca/Pseudoprimes) I can't find a counter-example for that Cipolla primality test

I did not find many papers related to this, the closest being https://arxiv.org/abs/1307.7920

How can I find at least one pseudo-prime to this test ?

Pierre
  • 198

2 Answers2

1

For the sake of convenience, I will redefine variables in this answer. Let $n$ be a composite number. $z^2=b\pmod n$ has a solution ($z$) if and only if for each prime $p | n$, there is a solution to $z^2=b\pmod p$. In the case that the Kronecker symbol $K(a | n)=1$, but there is a prime $p|n$ where $K(a | p)=-1$, then $n$ will be proven composite by this algorithm.

The solution $z$ if it exists, is $(a + \sqrt{a^2-b})^{(n+1)/2} \pmod n$ where Jacobi$(a^2-b|n)=-1$.

The polynomial $x^2 - 2ax + b$ has the roots $x = a ± \sqrt{a^2-b}$.

Therefore, we have, $z=x^{(n+1)/2} = c_1x+c_2 \pmod {x^2-2ax+b,n}$.

These follow from properties of Lucas Sequences. $c_1$ must be $0$ assuming $a^2-b$ is not a square $\pmod n$. The rest of the work seems trivial enough, so this amounts to counterexamples being Lucas pseudo primes for the parameters $(a,b)$.

J. Linne
  • 3,228
  • mod(x^2−2ax+b,n) is not the polynomial from cipolla test, it is mod(x^2-\sqrt{a^2-b}, n) – Pierre Jun 25 '25 at 13:18
  • This does not exactly answer the question. Since a and b are varying for each input n, the counter-examples of one lucas sequence are not exactly useful for the desperate brute-force quest of a counterexample. – Pierre Jun 25 '25 at 13:26
0

For completeness of the original question, here is the pari/gp code

isCipollaPrime(n)={
if((n==2||n==3||n==5||n==7||n==11),return(1));
if(n<13||n%2==0,return(0));
s=sqrtint(n)+1;d=(s*s)%n;
while(ispower(d,2),s=s+1;d=(s*s)%n;);
t=s+1;t2=(t*t-d)%n;j=kronecker(t2,n);if(j==0,return(0));
while(j!=-1,t=t+1;t2=(t*t-d)%n;j=kronecker(t2,n);if(j==0,return(0)));
A=Mod(Mod(x+t,n),x^2-t2);B=A^((n+1)/2);S=B*B;
if(S==d,return(1),return(0));
}

​for(i=100,10000000,n=2*i+1;if(isCipollaPrime(n) != isprime(n),print(n)))
Pierre
  • 198