Fermat test with Gaussian base and Gaussian pseudoprimes

The structure of the group (ℤ/nℤ)* and Fermat’s little theorem are the basis for some of the best-known primality testing algorithms. Many related concepts arise: Euler’s totient function and Carmichael’s lambda function, Fermat pseudoprimes, Carmichael and cyclic numbers, Lehmer’s totient problem, Giuga’s conjecture, etc. In this paper, we present and study analogues to some of the previous concepts arising when we consider the underlying group Gn:= {a + bi ∈ ℤ[i]/nℤ[i]: a2 + b2 ≡ 1 (mod n)}. In particular, we characterize Gaussian Carmichael numbers via a Korselt’s criterion and present their relation with Gaussian cyclic numbers. Finally, we present the relation between Gaussian Carmichael number and 1-Williams numbers for numbers n ≡ 3 (mod 4). There are also no known composite numbers less than 1018 in this family that are both pseudoprime to base 1 + 2i and 2-pseudoprime.


Introduction
Most of the classical primality tests are based on Fermat's little theorem: let p be a prime number and let a be an integer such that p ∤ a, then a p−1 ≡ 1 (mod p). This theorem offers a possible way to detect non-primes: if for a certain a coprime to n, a n−1 ≡ 1 (mod n), then n is not prime. The problem is that the converse is false and there exists composite numbers n such that a n−1 ≡ 1 (mod n) for some a coprime to n. In this situation n is called pseudoprime with respect to base a (or D. Sadornil is partially supported by the Spanish Government under projects MTM2010-21580-C02-02 and MTM2010-16051. a-pseudoprime). A composite integer n which is a pseudoprime to any base a such that gcd(a, n) = 1 is called a Carmichael number (or absolute pseudoprime).
Fermat theorem can be deduced from the fact that the non-zero elements of Z/nZ form a subgroup of order n − 1 when n is prime. Associated with the subgroup (Z/nZ) ⋆ we can define the well-know Euler's totient function and Carmichael's lambda function which are defined in the following way: ϕ(n) := |(Z/nZ) ⋆ |, λ(n) := exp(Z/nZ) ⋆ .
It seems reasonable (and natural) to extend these ideas to other general groups G n . This extension leads to composite/primality tests according to the following steps: 1 • ) Compute f (n) = |G n | under the assumption that n is prime. 2 • ) Given n, if we can find g ∈ G n such that |g| ∤ f (n), then n is not prime.
This idea is present in tests based in lucasian sequences [21] and elliptic curves [16]. Recent works have developed these concepts in other contexts. Pinch [13] considers primality tests based on quadratic rings and discuses the absolute pseudoprimes for them. Shettler [15] studies analogues to Lehmer's Problem Totient and Carmichael numbers in a PID. Steele [18] generalizes Carmichael numbers to number rings introducing Carmichael ideals in number rings and proving an analogue to Korselt's criterion for them.
Following these approaches, in this paper we consider the groups Note that G n is the unit circle modulo n over the Gaussian integers and is a very special case of the so-called Pell Conics [12]. For these groups, we define the corresponding Euler and Carmichael functions and study some of their properties. We also present the concepts of Gaussian pseudoprime and Gaussian Carmichael numbers presenting an explicit Korselt's criterion. Cyclic numbers, Lehmer's Totient Problem [3] and Giuga's conjecture [8] are also considered in this gaussian setting.
It is known that Carmichael numbers have at least three prime factors. We show that Gaussian Carmichael numbers with only two prime factors exist and determine their form. Moreover, although there are Gaussian pseudoprimes with respect to any base, if we combine our ideas with a classical Fermat test, we show that no number of the form 4k + 3 smaller than 10 18 passes both the tests (for some particular bases). This strength is possible due to a relationship with 1-Williams numbers [21] that we make explicit.

Preliminaries
In this section we determine the order and structure of the group G n . We also show some elementary properties and relations between the gaussian counterparts of Euler and Carmichael functions. Some of the results of this section, in particular Proposition 2.1, can be found in [5].
For any positive integer n we will denote by I n the ring of Gaussian integers modulo n; i.e., Further, we will consider the group G n defined by Once we have defined the group we can define the following arithmetic functions: Note that Φ and λ are the analogues to Euler's totient funtion and Carmichael's lambda functions, respectively. It is quite clear that if n = p r1 1 . . . p rs s , then As a consequence, if gcd(m, n) = 1, then Φ(mn) = Φ(m)Φ(n) and λ(mn) = lcm(λ(m), λ(n)). Hence, in order to study the group G n we can restrict ourselves to the case when n is a prime power.
if p = 2 and k = 1; P r o o f. We will focus only on the case p ≡ 3 (mod 4). In this case, it is wellknown that G p ∼ = GF (p 2 ) ⋆ . Since G p is a subgroup of GF (p 2 ) ⋆ , it must be cyclic. Moreover, counting quadratic residues it can be seen that |G p | = p + 1 and, consequently, G p ∼ = C p+1 .
We can now apply the Fundamental Lemma in [9], page 587, to obtain that |G p k | = p k−1 (p + 1). This means that, if Φ : G p k → G p is the (mod p) group homomorphism, then |Ker Φ| = p k−1 . Finally, observe that Ker Φ is an abelian p-group with exactly p − 1 elements of order p, namely {1 + Bp k−1 i ∈ G p k : 1 B p − 1}.
Consequently it must be cyclic and the proof is complete in this case.
As a straightforward consequence we compute Φ(p k ) and λ(p k ).
Recall that Φ(mn) = Φ(m)Φ(n) provided gcd(m, n) = 1. The following result describes the general situation. In particular, if we put m = n we obtain the following.
Recall that for the classical Euler and Carmichael functions, ϕ(n) = λ(n) if and only if n = 2, n = 4 or n = p r , 2p r for some odd prime p and r > 0. Note that in all these cases the group (Z/nZ) ⋆ is cyclic. For our above defined functions Φ and λ we have the following: We end this section showing that the asymptotic behavior of Φ(n) is not exactly the same as that of its classical counterpart.
P r o o f. For the asymptotic growth of Euler ϕ function and its limits see [10]. Now consider sequences {S n } and {L n } given by: We have that Φ(p) = p + 1 for every odd prime p ≡ 3 (mod 4), hence since (p + 1)/p 1 + 1/p and this series is divergent by the strong form of Dirichlet's theorem. On the other hand, where the sum in the exponent is taken over the primes p ≡ 1 (mod 4), p n. Again, by the strong form of Dirichlet's theorem, this function tends to 0 and the result holds.

Gaussian Fermat pseudoprimes
We start this section by introducing the arithmetic function F , which will play the same role as n − 1 plays in the classical setting: We present the analogue to Fermat's little theorem in this gaussian setting.
Proposition 3.1. Let p be a prime number and let z be a Gaussian integer such that p is coprime with zz. Then is such that gcd(n, zz) = 1, then z/z ∈ G n . Hence, it is enough to apply Corollary 2.1. We can view the above result as a compositeness test for integers: if for some integer n we find a Gaussian integer z such that either condition a) or b) does not hold, then n is a composite number. Nevertheless, like in the classical setting, the converse is not always true. This fact motivates the following definition: if gcd(n, zz) = 1 and condition a) (or equivalently b)) from Proposition 3.1 holds for n.
In the classical setting the choice of different basis leads, in general, to different sets of associated Fermat pseudoprimes. In our case it is easy to describe a family of different bases leading to the same set of associated Gaussian Fermat pseudoprimes.
Proposition 3.4. Let z, w be two gaussian integers such that |z| = |w|. Then an integer n is a Gaussian Fermat pseudoprime with respect to z if and only if n is a Gaussian Fermat pseudoprimes with respect to w.
P r o o f. Assume that n is a GFP with respect to z. Then gcd(n, zz) = 1 and (z/z) F (n) ≡ 1 (mod n). Now, since |w| = |z| we have that gcd(n, ww) = gcd(n, zz) = 1. Moreover, since (z/z) F (n) ≡ 1 (mod n) and z/z ∈ G n , it follows that λ(n) | F (n). Hence, (w/w) F (n) ≡ 1 (mod n) because w/w ∈ G n . The converse is clear since the roles of z and w are symmetric. The proof is complete.

Gaussian Carmichael and cyclic numbers
An integer n that is a Fermat pseudoprime for all bases coprime to n is called a Carmichael number [4]. In the gaussian case there also exists composite numbers which are GFP with respect to all bases.  a) n is a G-Carmichael number. b) λ(n) divides F (n). c) For every prime divisor p of n, F (p) divides F (n) and one of the following conditions holds: α) n is odd and square-free, β) n is a multiple of 4 and n/4 = 2, 3, 5 or not a prime number.
P r o o f. Since λ(n) is the exponent of the group G n , a) and b) are clearly equivalent.
From Corollary 2.1 and the fact that λ(mn) = lcm(λ(m), λ(n)) if gcd(m, n) = 1, it is easy to see that c) implies b) when n is a number that satisfies α) or β).
If n is odd (a = 0) and r i 2 for some i ∈ {1, . . . , s} we get that p i divides λ(n) and, consequently, also F (n). Thus, p i divides n − 1 or n + 1 which is a contradiction and n must be square-free in this case.
We now turn to the even case. If a = 1 and n is divisible by another prime p such that p ≡ 1 (mod 4), then p − 1 divides F (n) = n. Hence n is a multiple of 4, a contradiction. The same follows if there exists a prime p ≡ 3 (mod 4) dividing n so we conclude that if n = 2 is even, it must be a multiple of 4. Now, let n = 4p with p a prime. If p = 2, then n = 8 and we are done. If p ≡ 1 (mod 4), it follows that p − 1 divides n; i.e., p − 1 divides 4 so p = 5 and n = 20. Finally, if p ≡ 3 (mod 4), it follows that p + 1 divides 4 so p = 3 and n = 12. Hence we see that if 4 divides n and n = 8, 12, 20, then n/4 is not prime and the proof in complete.
In 1994 it was shown by Alford, Granville and Pomerance [1] that there exist infinitely many Carmichael numbers. It is easy to see that every power of 2 is a G-Carmichael number, hence there are also infinitely many of them. However, if we restrict to odd G-Carmichael numbers, the problem seems to have at least the same difficulty as the classical case.
Carmichael numbers have at least three prime factors. We know that 12 and 20 are the only even G-Carmichael numbers with only two prime factors. The following result describes the family of odd G-Carmichael numbers with exactly two prime factors. P r o o f. Assume that n = pq with p < q odd primes is a G-Carmichael number. If p, q ≡ 1 (mod 4) , then F (n) = n−1 = pq−1. From Proposition 4.1, p−1 divides pq−1 = (p−1)(q+1)+q−p. Hence p−1 divides q−p and also q−1 = (q−p)+(p−1). In the same way q − 1 divides p − 1. So p − 1 = q − 1, which is impossible. If p, q ≡ 3 (mod 4) we reach a similar contradiction using the same ideas. If p ≡ 1 (mod 4) and q ≡ 3 (mod 4) we obtain that p = q + 2, which is impossible because p < q.
The converse is trivially true and the proof is complete.
Recall that a positive integer n which is coprime to ϕ(n) is called a cyclic number (sequence A003277 in [17]). This terminology comes from the group theory since a number n is cyclic if and only if any group of order n is cyclic [19]. From Korselt's criterion it follows that any divisor of a Carmichael number is cyclic. In the gaussian setting we define Gaussian cyclic numbers in the following way. The relationship between G-Carmichael and G-cyclic numbers is the same as in the previous setting, the proof being also quite similar. then there exist two indices i = k in J such that p i divides p k − β(p k ). As n is a Carmichael number, we also have that p k − β(p k ) divides n − β(n). Hence, p i divides n − β(n), which is absurd since n is divisible by p i and β(p i ) = ±1.
Around 1980, G. Michon conjectured that all odd cyclic numbers have Carmichael multiples. This can be reasonably extended to G-cyclic numbers and we can ask if all odd G-cyclic numbers have G-Carmichael multiples.
Cyclic numbers can also be characterized in terms of congruences. A number n is cyclic if and only if it satisfies ϕ(n) ϕ(n) ≡ 1 (mod n) or λ(n) λ(n) ≡ 1 (mod n). In our situation only one implication remains valid, namely Proposition 4.6. If Φ(n) Φ(n) ≡ 1 (mod n) or λ(n) λ(n) ≡ 1 (mod n), then n is a G-cyclic number.
P r o o f. Let n be a positive integer such that Φ(n) Φ(n) ≡ 1 (mod n). Then for any prime divisor p of n it holds that Φ(n) Φ(n) ≡ 1 (mod p). Now, if n is not a Gcyclic number, there exists a prime p with p | gcd(Φ(n), n). Thus, p divides Φ(n) and Φ(n) Φ(n) ≡ 0 (mod p), a contradiction.
The converse of the previous proposition is not true. In fact there are G-cyclic numbers n that do not satisfy any of the above conditions. The first of them are: 119, 133, 187, 217, 253, 287, 301, 319, 323, 341, 391, . . .

G-Lehmer's totient problem and G-Giuga's conjecture
Lehmer's totient problem, named after Lehmer, asks whether there is any composite number n such that ϕ(n) divides n − 1. This is true for every prime number, and Lehmer conjectured in 1932 (see [11]) that the answer to his question was negative. He showed that if any such n exists, it must be odd, square-free, and divisible by at least seven primes. These numbers, called Lehmer numbers, are clearly Carmichael numbers and, up to date, none has been found. It is known that these numbers have at least 15 prime factors and are greater than 10 30 . Moreover, if a Lehmer number is divisible by 3, the number of prime factors increases to 40,000,000 with more than 360,000,000 digits (see [3]). We now define our analogous concept.
It is clear that every G-Lehmer number is a G-Carmichael number. Besides, it is easy to note that G-Lehmer numbers exist. In 1932, Giuga [8] proposed another conjecture about prime numbers. He postulated that a number p is prime if and only if i p−1 ≡ −1 (mod p), where the sum is taken over all integers 1 i p − 1. Giuga showed that there are no exceptions to his conjecture up to 10 1000 . This was later improved to 10 13800 , see [2]. A similar approach to Giugas's conjecture, replacing n − 1 by F (n), leads us to consider the following set, which contains all prime numbers G := n ∈ N : However, this set also contains lots of composite numbers. For example, every power of 2 is in G. For odd integers we have the next result.
Proposition 5.5. Let n be an odd integer. If Φ(n) = F (n), then n ∈ G.
and n is in G.
Thus, prime numbers and every known G-Lehmer numbers are in G. Furthermore, no other odd composite integer is known to be in G. So, we formulate the following conjecture regarding the numbers in G. 6. Gaussian Fermat test for numbers of the form 4k + 3.
The use of Gaussian integers to perform the equivalent of Fermat's little theorem to test primality is not just a mere theoretical speculation. Lucas pseudoprimes [21] for some particular sequences can be also seen as Gaussian pseudoprimes. However, Gaussian integers, and the corresponding definition of peudoprimes using powers, are more similar to the classical one than the concept of Lucas sequences.
As we have said before, we can take advantage of Proposition 3.1 to test primality (more precisely, compositeness) of a number. This is what we call the Gaussian Fermat Test with respect to the base z. Computational evidence reveals that this test, based on the structure of G N , is very powerful when it is combined with the classical one; i.e., there are very few common pseudoprimes. Furthermore, this combination is stronger if we restrict ourselves to numbers of the form 4k + 3. From the William Galway list [7], we have checked that no Fermat pseudoprime number to base 2 less than 10 18 and of the form 4k + 3 is a Gaussian pseudoprime to base z = 1 + 2i.
Baillie-PSW primality test [14], used in many computer algebra systems and software packages, is also a combination of two primality tests. This test has no known pseudoprimes. Although this is not the case for our test (since it has pseudoprimes of the form 4k + 1), it must be noted that our test is much simpler as it consists of the combination of two basic Fermat tests.
In general, combination of two Fermat tests with respect to two different prime bases (less than 30) presents more than 10 (and a mean of 34) pseudoprimes lower than 4 · 10 7 of the form 4k + 3. Even if we combine two bases to test if a number n is a prime using the Gaussian Fermat Test, there are more pseudoprimes. However, there is no composite number of the form 4k + 3 less than 4 · 10 7 which is both a Gaussian pseudoprime with respect to 1 + 2i and a Fermat pseudoprime with respect to a prime base less than 30. The lowest base to be used to find a Fermat pseudoprime with respect to this base which is also a Gaussian Fermat pseudoprime to the base 1 + 2i is 10. Also with other Gaussian bases the combination with a Fermat test is very strong as is shown in the following table, which presents the number of composite integers less than 4 · 10 7 which are simultaneously Gaussian Fermat pseudoprimes with respect to a base z (horizontal) and Fermat pseudoprimes with respect to a base a (vertical). One of the reasons explaining this phenomenon is that Carmichael numbers, which always appear when combining two classical Fermat tests, are avoided when we combine a Fermat test and a Gaussian Fermat test, because Carmichael numbers are not necessarily G-Carmichael numbers and conversely. In fact, there are no Carmichael numbers of the form 4k+3 smaller than 10 18 which are also G-Carmichael numbers.
Recall that an integer n is called an r-Williams number [6], [21] if p | n ⇒ p + r | n + r and p − r | n − r.
The next result relates our previous discussion with 1-Williams numbers. Now, if there exists a prime factor p ≡ 1 (mod 4) it follows that n−1 = (p−1)k ≡ 0 (mod 4), a contradiction. Hence, every prime factor is congruent with 3 modulo 4 and n is a 1-Williams number.
On the other hand, if n is a 1-Williams number, then for each prime factor p of n we have p − 1 | n − 1 and p + 1 | n + 1, so n is a Carmichael number. If n were a G-Carmichael number it would be also necessary that every factor p ≡ 1 (mod 4) satisfy p − 1 | n + 1. But, by hypothesis, n does not have this kind of factors and the result follows.
Thus, the search for a number of the form n ≡ 3 (mod 4) which is both a G-Carmichael number and a Carmichael number is harder than to find a 1-Williams number and, up to date, no 1-Williams number is known