Fermat's little theorem

If a is not divisible by p, that is, if a is coprime to p, then Fermat's little theorem is equivalent to the statement that ap − 1 − 1 is an integer multiple of p, or in symbols:[1][2]

Fermat's little theorem is the basis for the Fermat primality test and is one of the fundamental results of elementary number theory.

The theorem is named after Pierre de Fermat, who stated it in 1640.

[3] Pierre de Fermat first stated the theorem in a letter dated October 18, 1640, to his friend and confidant Frénicle de Bessy.

His formulation is equivalent to the following:[3] If p is a prime and a is any integer not divisible by p, then a p − 1 − 1 is divisible by p. Fermat's original statement was Tout nombre premier mesure infailliblement une des puissances

de quelque progression que ce soit, et l'exposant de la dite puissance est sous-multiple du nombre premier donné

; et, après qu'on a trouvé la première puissance qui satisfait à la question, toutes celles dont les exposants sont multiples de l'exposant de la première satisfont tout de même à la question.

After one has found the first power [t] that satisfies the question, all those whose exponents are multiples of the exponent of the first one satisfy similarly the question [that is, all multiples of the first t have the same property].

Fermat did not consider the case where a is a multiple of p nor prove his assertion, only stating:[4] Et cette proposition est généralement vraie en toutes progressions et en tous nombres premiers; de quoi je vous envoierois la démonstration, si je n'appréhendois d'être trop long.

(And this proposition is generally true for all series [sic] and for all prime numbers; I would send you a demonstration of it, if I did not fear going on for too long.

)[5]Euler provided the first published proof in 1736, in a paper titled "Theorematum Quorundam ad Numeros Primos Spectantium Demonstratio" (in English: "Demonstration of Certain Theorems Concerning Prime Numbers") in the Proceedings of the St. Petersburg Academy,[6][7] but Leibniz had given virtually the same proof in an unpublished manuscript from sometime before 1683.

[3] The term "Fermat's little theorem" was probably first used in print in 1913 in Zahlentheorie by Kurt Hensel:[8] Für jede endliche Gruppe besteht nun ein Fundamentalsatz, welcher der kleine Fermatsche Satz genannt zu werden pflegt, weil ein ganz spezieller Teil desselben zuerst von Fermat bewiesen worden ist.

(There is a fundamental theorem holding in every finite group, usually called Fermat's little theorem because Fermat was the first to have proved a very special part of it.

)An early use in English occurs in A.A. Albert's Modern Higher Algebra (1937), which refers to "the so-called 'little' Fermat theorem" on page 206.

Indeed, the "if" part is true, and it is a special case of Fermat's little theorem.

However, the "only if" part is false: For example, 2341 ≡ 2 (mod 341), but 341 = 11 × 31 is a pseudoprime to base 2.

It is frequently proved as a corollary of Euler's theorem.

where φ(n) denotes Euler's totient function (which counts the integers from 1 to n that are coprime to n).

Fermat's little theorem is indeed a special case, because if n is a prime number, then φ(n) = n − 1.

This is widely used in modular arithmetic, because this allows reducing modular exponentiation with large exponents to exponents smaller than n. Euler's theorem is used with n not prime in public-key cryptography, specifically in the RSA cryptosystem, typically in the following way:[10] if

retrieving x from the values of y, e and n is easy if one knows φ(n).

[11] In fact, the extended Euclidean algorithm allows computing the modular inverse of e modulo φ(n), that is, the integer f such that

On the other hand, if n = pq is the product of two distinct prime numbers, then φ(n) = (p − 1)(q − 1).

The basic idea of RSA cryptosystem is thus: If a message x is encrypted as y = xe (mod n), using public values of n and e, then, with the current knowledge, it cannot be decrypted without finding the (secret) factors p and q of n. Fermat's little theorem is also related to the Carmichael function and Carmichael's theorem, as well as to Lagrange's theorem in group theory.

The converse of Fermat's little theorem fails for Carmichael numbers.

However, a slightly weaker variant of the converse is Lehmer's theorem: If there exists an integer a such that

The first pseudoprime to base 2 was found in 1820 by Pierre Frédéric Sarrus: 341 = 11 × 31.

The Miller–Rabin primality test uses the following extension of Fermat's little theorem:[14] If p is an odd prime and p − 1 = 2sd with s > 0 and d odd > 0, then for every a coprime to p, either ad ≡ 1 (mod p) or there exists r such that 0 ≤ r < s and a2rd ≡ −1 (mod p).This result may be deduced from Fermat's little theorem by the fact that, if p is an odd prime, then the integers modulo p form a finite field, in which 1 modulo p has exactly two square roots, 1 and −1 modulo p. Note that ad ≡ 1 (mod p) holds trivially for a ≡ 1 (mod p), because the congruence relation is compatible with exponentiation.

The Miller–Rabin test uses this property in the following way: given an odd integer p for which primality has to be tested, write p − 1 = 2sd with s > 0 and d odd > 0, and choose a random a such that 1 < a < p − 1; then compute b = ad mod p; if b is not 1 nor −1, then square it repeatedly modulo p until you get −1 or have squared s − 1 times.

Therefore after k non-conclusive random tests, the probability that p is composite is at most 4−k, and may thus be made as low as desired by increasing k. In summary, the test either proves that a number is composite or asserts that it is prime with a probability of error that may be chosen as low as desired.