On the Combined Fermat/Lucas Probable Prime Test

Abstract

Based on the well-known Baillie/Wagstaff suggestion [R. Baillie and S. Wagstaff jun., Math. Comput. 35, 1391-1417 (1980; Zbl 0458.10003)] we introduce a rapid pseudoprimality test with high confidence. The test is extremely fast and only requires evaluation of power polynomials and the Lucas V-sequence. This is in contrast to the original version, where usually the more cumbersome evaluation of the Lucas U-sequence is required as well. We analyze the underlying properties of the proposed test and give a characterization of the pseudoprimes. Software and hardware evaluation methods for both modular exponentiation and evaluation of recursion sequences are widely employed and very efficient. Therefore the test can be run at low cost for varieties of different bases/parameters. The number of those that pass the test are of great interest. We exhibit the exact number of these “liars”.

Full text

On the Combined Fermat/Lucas Probable Prime
Test?
Siguna M¨uller
University of Klagenfurt, Dept. of Math., A-9020 Klagenfurt, Europe
siguna.mueller@uni-klu.ac.at
Abstract. Based on the well-known Baillie/Wagstaff suggestion [2] we
introduce a rapid pseudoprimality test with high confidence. The test
is extremely fast and only requires evaluation of power polynomials and
the Lucas V-sequence. This is opposed to the original version, where
usually the more cumbersome evaluation of the Lucas U-sequence is re-
quired as well. We analyze the underlying properties of the proposed test
and give a characterization of the pseudoprimes. Software and hardware
evaluation methods for both modular exponentiation and evaluation of
recursion sequences are widely employed and very efficient. Therefore the
test can be run at low cost for variations of different bases/parameters.
The number of those that pass the test are of great interest. We exhibit
the exact number of these “liars”.
1 Motivation and background
1.1 Pseudoprimality testing based on the power function
Most of the pseudoprimality tests originate in some sense on Fermat’s Little
Theorem an−1≡1 mod n. The congruence is fulfilled for any a∈Z∗
nwhen n
is prime. On the other hand, composite numbers that are Carmichael numbers,
also fulfill the condition for any base a. Consequently, the most common method
for determining whether or not a number is prime is the Strong Probable Prime
Test (cf. e.g. [18]), which is a refinement of the Fermat test. It is known that
any pseudoprime nto this test (spsp(a)) is a Fermat pseudoprime, for which
additionally ν2(ordp(a)) is a constant value cfor all primes pdividing n, where
ν2(b) denotes the largest power of 2 dividing b. The strong pseudoprime test has
been implemented in many different Algebra systems. In most of these, the first
prime numbers are being used as bases. This test seemed to be a good indicator
for the primality of n. In particular, the variation of the bases are expected to
guarantee a high confidence of the test. However, examples of composite numbers
are known (cf. [1], [3], [7]) which are strong pseudoprimes to various pre-specified
prime bases. In particular, F. Arnault found a 337−digit number that is a strong
pseudoprime to all 46 prime bases up to 200. The existence of such composites
provides incentive to create other tests which are similarly fast, but which have
fewer, or at least different pseudoprimes.
?Research supported by the ¨
Osterreichischen Fonds zur F¨orderung der wis-
senschaftlichen Forschung, FWF-Project no. P 13088-MAT

2
1.2 Pseudoprimality testing based on the Lucas sequences
Let Pand Qbe integers and D=P2−4Q. The Fundamental, respectively
Primordial Lucas sequence, associated with the parameters P, Q, is defined by
means of the second-order recursion relation Um+1 =P Um−QUm−1,respec-
tively Vm+1 =P Vm−QVm−1,with initial terms U0(P, Q) = 0, U1(P, Q) = 1,
V0(P, Q) = 2, and V1(P, Q) = P. The counterpart to the Fermat test involving
the Lucas sequences is based on the congruences Vn(P, Q)≡Pmod n, and
Un−(D
n)(P, Q)≡0 mod n, where nis an odd prime and (D, n) = 1. If an odd
composite number nsatisfies the former, respectively latter congruence, then it
is called a Dickson pseudoprime, respectively Lucas pseudoprime, for Pand Q
(Lpsp(P, Q)). Conditions are known (cf. [8], [9], [14]) for pseudoprimes for the V-
test with respect to all parameters Pand Qand examples of such numbers have
been found (cf. [6], [15]). It turns out that pseudoprimes to the U-test can be
characterized in a similar way to the Fermat test, when the rank of appearance
is employed as counterpart of the order of a group element.
Definition 1. Let U=U(P, Q)be the Lucas sequence of the first kind and let
mbe any integer. The rank of appearance ρ(m, P, Q)modulo m(or simply ρ(m))
is the smallest integer l, if it exists, such that Ul(P, Q)≡0 mod m.
It can be shown that ρ(m, P, Q) exists if p|/Qfor all prime divisors pof m
(cf. [4]). If pis any prime with (p, QD) = 1, then it is known that the rank
of appearance is a divisor dof p−³D
p´.In this vein, a Lucas pseudoprime is
a composite number for which ρ(p, P, Q)|(n−¡D
n¢) for all primes pdividing n.
Similarly to the Strong Probable Prime Test, a stronger version of the Lucas test
can be obtained by means of the Strong Lucas Probable Prime Test Ud(P, Q)≡0
mod n, or V2rd(P, Q)≡0 mod nfor some r, 0≤r < s, where n−¡D
n¢= 2sd,
2|/d. It has been shown in [11] that pseudoprimes to the Strong Lucas Probable
Prime Test (in short sLpsp) can be characterized in the following way.
Lemma 1. Let nbe a positive, odd composite integer and Q∈Z∗
n. Then nis
asLpsp(P, Q)if and only if it is a Lpsp(P, Q)and ν2(ρ(p, P, Q)) is a constant
value cfor all prime factors pof n.
Nevertheless, sLpsps can be constructed that pass the test for variations of
parameters Pand/or Q(cf. [11]).
1.3 Combined tests
In [2] Baillie and Wagstaff established a compositeness test that is based on a
combination of the Strong Probable Prime Test and the Strong Lucas Probable
Prime Test that seems to be very powerful. Indeed, nobody has been able to
either calculate a composite number that passes the test, or to prove the non-
existence of such pseudoprimes. Their test seems to heavily rely on the choice
of the parameters in that they present two specific algorithms for selecting the
parameters for the Lucas test. In [10] this selection process was replaced by

3
another, faster search routine for the parameter P, such that ³P2−4Q
n´=−1,
where Q∈ {2,−2}and n6≡ 1 mod 24. By exhaustive search until 1013 no
composite number was found that passes this combined test according to the
parameter choice suggested in [10]. Recently, an extremely reliable primality
test that utilizes combinations of different types of tests has been presented in
[5]. The novel idea of this test is to replace the modular integer arithmetic by
arithmetic in residue rings Z[x]/(n, f (x)) where f(x) is a quadratic polynomial
and nan odd positive integer that is to be tested for primality.
1.4 The main goal of this paper
Since the combination of different types of primality tests seem to be much more
efficient than simply varying the parameters/bases w.r.t. one type of test, we
suggest a modification of the combined probable prime test introduced in [2]. As
with any pseudoprimality test we want the following properties to be fulfilled.
•Efficient and easy to implement algorithms: From a practical view-
point the rapid evaluation of the underlying testing functions is of essential
interest. But efficiency in evaluation is actually one of the most attractive
features of recurrence sequences. In fact, it is known that the evaluation of
the sequence Vk(P, Q) has complexity O(ld(k)) (cf. [17]). It is probably due
to the fact that these evaluation algorithms are already frequently used and
easy to implement, that the Fermat/Lucas approach [2] has received so much
attention.
•High confidentiality: Although the Fermat Test is fulfilled for all bases a
when nis a Carmichael number, an analysis of the Lucas Test has shown (cf.
[12]) that, if nis composite, the Lucas U-test cannot be fulfilled for all Pand
Qwith (n, DQ) = 1. Thus, by replacing the Fermat- by the Lucas test we
can avoid the existence of Carmichael numbers. This means that there are
no Lucas pseudoprimes with respect to all Pand Q. Even more, the author
has also shown a stronger result [12], namely that there are no composite
integers nwhich are Lucas pseudoprimes for a fixed value of Q∈Z∗
nand all
varied values of P(or vice versa) with discriminants D=P2−4Qcoprime
to n. Clearly, since there are no Carmichael numbers w.r.t. variations of Pin
the Lucas test Un−(D/n)(P, Q0) when Q=Q0is fixed, one can expect that
the number of parameters Pthat pass the strong Lucas test w.r.t. a fixed
parameter Q=Q0is even much smaller. Moreover, if these Lucas tests are
even combined with a Fermat test w.r.t. the base Q0then the number of
parameters Pthat pass, when nis composite, will be much smaller still.
•An exact formula for the number of liars: Whenever a probable prime
tests allows the existence of pseudoprimes, then it certainly is of great interest
to establish the number of such “liars” i.e. those parameters for which the
test passes. In this paper we establish this number of parameters Pin our
specific combined Fermat/Lucas test.
The goal of this paper is to capture these requirements. We introduce a specific
modification of the test suggested in [2].

4
1.5 The proposed test and the main results
In detail, we will investigate the combined test that consists of checking that,
(1), nis a spsp(Q0) for a selected base Q0∈Z∗
n, and, (2), nis a sLpsp(Pi, Q0)
for different Pi∈Z∗
nsuch that ³P2
i−4Q0
n´=−1.
We firstly will derive various necessary conditions for composite numbers to
pass this test. Based on these conditions we will be able to show that a wide
class of composite numbers cannot pass the test described above. Contrary to
the more sophisticated arithmetic of [5] the test we propose only require mod-
ular arithmetic of the power functions and of recurrence sequences. A detailed
analysis of the test will demonstrate its efficiency. As our main result we will,
depending on the parameter Q0, establish the exact formula for the number
of these Pithat pass the proposed combined test. This number turns out to be
extremely small, which also will be demonstrated by several numerical examples.
2 Some preliminaries
2.1 The rank of appearance of the Lucas sequence
Let U=U(P, Q) be the Lucas sequence of the first kind, let m, mibe integers,
and pany odd prime. Throughout, we will assume that (mmi, QD) = 1 and
(p, QD) = 1. Then the rank of appearance of (U) is known to have the following
properties (cf. [4], [18], [19])
m|Uk(P, Q) if and only if ρ(m, P, Q)|k, (1)
ρ(p, P, Q)¯¯¯(p−µD
p¶),(2)
ρ(p, P, Q)¯¯¯
p−(D/p)
2if and only if µQ
p¶= 1,(3)
ρ(lcm(m1, ..., mk)) = lcm(ρ(m1), ..., ρ(mk)).(4)
2.2 The number of parameters with the same rank of appearance
In what follows, let Q∈Z∗be fixed and let P∈Zbe arbitrary with Dcoprime
to a fixed prime p. Whenever we want to stress that Qis a special fixed value,
we will write Q0instead of Q. Further, we will let D(P) = P2−4Q0.
Definition 2. Let Q0∈Z∗
p,²∈ {−1,1}be fixed, and d > 1be any divisor of
p−². The function ψ(d, Q0, ²)is defined to be the number of distinct values of
Pmodulo pfor which ρ(p, P, Q0) = d.
Remark 1. Note that ψ(d, Q0, ²) counts the values of Pwith both ³D(P)
p´=²
and ρ(p) = d|(p−²) if d > 2.
The following property has been proved in [13].

5
Proposition 1. Let d≥2and suppose dis a divisor of p−², where ²∈ {1,−1}.
1. If ³Q0
p´=−1then ψ(d, Q0, ²) = (φ(d),if ν2(d) = ν2(p−²),
0,otherwise.
2. If ³Q0
p´= 1 then ψ(d, Q0, ²) = (φ(d),if ν2(d)< ν2(p−²),
0,otherwise.
3 The number of Pthat pass the Lucas test for a fixed
Q=Q0
Proposition 2. For any odd prime pand any positive integers k, n, and αthe
following is true.
Uk(P, Q)≡0 mod niff V2ik(P, Q)6≡ 0 mod nfor every i≥0,
if either Uk(P, Q)or Vk(P, Q)≡0 mod nthen U2k(P, Q)≡0 mod n,
U2k(P, Q)≡0 mod pαiff either Uk(P, Q)or Vk(P, Q)≡0 mod pα.
Proof. The first two assertions are obvious. So is the fourth when considering the
well known identity U2k(P, Q) = Uk(P, Q)Vk(P, Q) and the fact that pcannot
simultaneously divide both Uk(P, Q) and Vk(P, Q). 2
In this section we establish the number of zeros P∈Zpαof Ukand Vkin
dependence of the signature (cf. [19]) ³P2−4Q
p´.
Theorem 1. Let pbe an odd prime, k, α positive integers, (k, p) = 1, and ²∈
{−1,1}a constant. For a fixed value of Q0,(Q0, p) = 1, the number of distinct
numbers Pmod pαwith ³D(P)
p´=²and Uk(P)≡0 mod pα, is given in the
following way.
1. For ³Q0
p´=−1as ((k,p−²)
2,when ν2(k)≥ν2(p−²),
0,otherwise,
2. for ³Q0
p´= 1 as ((k,p−²)
2−1,when ν2(k)≥ν2(p−²),
(k, p −²)−1,otherwise.
Proof. We first count the values of Pmodulo pand then modulo pα. Now, (1)
asserts that Uk(P, Q0)≡0 mod piff ρ(p, P, Q0)|k. Moreover, ρ(p, P, Q0) always
divides p−², hence we obtain the condition
ρ(p, P, Q0)|(k, p −²).(5)
The number of integers P∈Zpwith ρ(p, P, Q0) = t|(p−²) was defined to
be ψ(t, Q0, ²). By Theorem 1 the number of the P’s depends on the quadratic
residue symbol ³Q0
p´. We consider the two possibilities as separate cases.

6
1. ³Q0
p´=−1. Then the number of distinct P’s, for ν2((k, p −²)) = ω, is
X
d|(k,p−²)
ν2(d)=ν2(p−²)
φ(d) = X
d0|(k,p−²)
2ω
φ(2ωd0) = φ(2ω)X
d0|(k,p−²)
2ω
φ(d0) = (k , p −²)
2,
provided ν2(k)≥ν2(p−²). However, for ν2(k)< ν2(p−²) there are no
integers Pwith the desired properties, since
X
d|(k,p−²)
ν2(d)=ν2(p−²)
φ(d) = 0.
2. For ³Q0
p´= 1 the desired number is, if ν2(k)≥ν2(p−²),
X
d|(k,p−²)
ν2(d)<ν2(p−²)
d>1
φ(d) = X
d|(k,p−²)
d>1
φ(d)−X
d|(k,p−²)
ν2(d)=ν2(p−²)
φ(d) = (k , p −²)
2−1,
and, if ν2(k)< ν2(p−²),
X
d|(k,p−²)
ν2(d)<ν2(p−²)
d>1
φ(d) = X
d|(k,p−²)
d>1
φ(d) = (k, p −²)−1.
This completes the part of the proof where the module is a prime p.
For a prime power module pαwe investigate the derivative U0
k(P, Q0), which
can easily found to be kVk(P,Q0)−P Uk(P,Q0)
P2−4Q0. However, U0
k(P, Q0)6≡ 0 mod p,
since, as p|Uk(Q) and ρ(p, P, Q0)|k, the contrary would imply p|Vk, which cannot
occur. It follows that for each zero of Uk(P, Q0)≡0 mod pthere is exactly one
zero of Uk(P, Q0)≡0 mod pα(which is congruent to this zero modulo p). This
completes the proof. 2
Theorem 2. Under the hypotheses of Theorem 1, the number of parameters P
with Vk(P, Q0)≡0 mod pαfor a fixed Q0∈Z∗
pis,
•when ³Q0
p´=−1,given as ((k, p−²
2),for ν2(k) + 1 = ν2(p−²),
0,otherwise,
•when ³Q0
p´= 1,given as ((k, p −²),for ν2(k)+1< ν2(p−²),
0,otherwise.
Proof. By Proposition 2 we need to count those Pfor which U2k(P, Q0)≡0
mod pαand additionally Uk(P, Q0)6≡ 0 mod pα.Consider the case ³Q0
p´=−1.
Then by Theorem 1 the number of P0s, for ν2(k)≥ν2(p−²), is (2k,p−²)
2−(k,p−²)
2=
0, for ν2(2k) = ν2(k) + 1 = ν2(p−²), the number is (2k,p−²)
2= (k, p−²
2), and for
ν2(k) + 1 < ν2(p−²) this number obviously is 0 −0. In a similar manner the
result follows for ³Q0
p´= 1. 2

7
4 The proposed strong Fermat/strong Lucas combination
4.1 Some fundamentals
A more specific form of the Fermat pseudoprimes w.r.t. the base Qare the
Euler pseudoprimes (Epsps) nthat, although composite, satisfy Qn−1
2≡³Q
n´
mod n. In terms of the Lucas sequences it is known that for any odd primes n
with (n, Q) = 1, either U(n−(D/n))/2≡0 mod nor V(n−(D/n))/2≡0 mod n,
according as ³Q
n´= 1 or −1. An odd composite integer nsuch that (n, QD) = 1
that satisfies the corresponding congruence, respectively, is called an Euler-Lucas
pseudoprime with parameters (P,Q), abbreviated ELpsp(P, Q).
Any Euler pseudoprimes w.r.t. the base Qwhere ³Q
n´=−1 is already a
spsp(Q). Similarly (cf. [18]), if nis an ELpsp(P, Q) and either ³Q
n´=−1 or
n−²(n)≡2 mod 4, then nis a sLpsp(P, Q).
4.2 Description of the proposed test
The test for one P:
1. Choose Q=Q0∈Z∗
nsuch that ³Q0
n´=−1.
2. If nis not an Epsp(Q0) then return “nis composite” , otherwise go to step
3.
3. Select P∈Zn, P 6= 0, such that for D(P) = P2−4Q0one has ³D(P)
n´=−1.
4. [ELpsp(P, Q0)?] If Vn+1
2(P, Q0)6≡ 0 mod nthen return “n is composite”,
otherwise return “nis probably prime”.
Obviously, any odd prime npasses the proposed test. If an odd composite
number passes the test, then it is both a spsp(Q0) and a sLpsp(P, Q0).
The test, of course can even be made more powerful, if the conditions are
checked for variations of parameters. In the following, we will keep Q=Q0fixed
and check condition 4 for different choices of P=Pi.Clearly, if a composite
number npasses the test for the selected choices of Pithen nis a sLpsp(Pi, Q0)
for all these Pi. For the remainder of the paper we will concern ourselves with
the question of establishing the number of Pifor which any composite integer
can pass the proposed test.
5 Fundamental properties of the proposed test
Let here and in the following ²(n), respectively ²(p) denote the Jacobi, respec-
tively Legendre symbol ¡D
n¢, respectively ³D
p´, where pis any odd prime. We
will assume throughout that (D, n) = 1.

8
Theorem 3. Let the odd integer nbe a spsp(Q0)for ³Q0
n´=−1.Then a
necessary condition that Vn−²(n)
2(P, Q0)≡0 mod nis fulfilled for at least one
integer P6= 0, is that for all prime divisors pof n



²(p) = 1,if ³Q0
p´= 1,
²(p) = ²(n),if ³Q0
p´=−1.
Proof. Let pbe an arbitrary prime divisor of n.
Consider firstly the case that ³Q0
p´= 1. Then it follows from Theorem 2 that
the number of Pwith Vn−²(n)
2(P, Q0)≡0 mod nis different form zero only when
ν2(n−²(n)) < ν2(p−²(p)).Since nis odd and (D, n) = 1 by hypothesis, we obtain
that necessarily p≡²(p) mod 4.By hypothesis nis also an Epsp to the base
Q0, so that Q
n−1
2
0≡ −1 mod n, and consequently, ν2(n−1) = ν2(ordn(Q0)).
However, since nis a spsp(Q0), the latter value is equal to ν2(ordp(Q0)) for
any prime pdividing n. Further, since ³Q0
p´= 1, ν2(ordp(Q0)) < ν2(p−1).
Consequently, ν2(p−1) ≥2, because ν2(n−1) ≥1. Therefore p≡1 mod 4 and
thus ²(p) = 1, as claimed.
Now, let ³Q0
p´=−1. Suppose firstly that n≡²(n) mod 4. Then, by The-
orem 2, necessarily p≡²(p) mod 4.Again, since nis a spsp(Q0) we conclude
that ν2(n−1) = ν2(ordp(Q0)) for all primes p, but since ³Q0
p´=−1, this is
equal to ν2(p−1).If ²(n) = −1, then, as ν2(n−1) = ν2(p−1) = 1, we obtain
p≡3 mod 4, and therefore, ²(p) = −1. Similarly, ²(n) = 1 yields ²(p)=1.
Now, consider the case that n≡ −²(n) mod 4.By Theorem 2 this implies
ν2(p−²(p)) = 1,that is, p≡ −²(p) mod 4.Similarly as above, the two separate
cases ²(n) = 1 and ²(n) = −1 yield the desired assertion ²(p) = ²(n).2
Corollary 1. If nis a spsp(Q0)for ³Q0
n´=−1,then, a necessary condition
that there exists an integer P6= 0 such that ³D(P)
n´=−1and Vn+1
2(P, Q0)≡0
mod n, is that, for every prime pdividing n,
•if ³Q0
p´= 1 then 




²(p) = 1,
ν2(n+ 1) < ν2(p−1),and ν2(n−1) < ν2(p−1),
p≡1 mod 8,
•if ³Q0
p´=−1then (²(p) = −1,
ν2(n+ 1) = ν2(p+ 1) and ν2(n−1) = ν2(p−1).
Proof. This follows from Theorems 2, 3, and Lemma 2 below. 2

9
6 The number of parameters that pass the proposed test
6.1 Some technical prerequisites
Lemma 2. If nis a sLpsp(P , Q)such that ³Q
n´=−1,then ν2(ρ(p, P, Q)) =
ν2¡n−¡D
n¢¢for all prime divisors pof n.
Proof. Since nis an ELpsp(P , Q) we have ν2(n−(D/n)) = ν2(ρ(n, P, Q)).As n
is a sLpsp the latter value is ν2(ρ(p, P, Q)).2
Lemma 3. A necessary condition for an odd composite number nto simulta-
neously pass a psp(Q0)- and a Lpsp(P, Q0)- test with ³D(P)
n´=−1is that
(ordn(Q0), ρ(n, P, Q0)) = 2.
Proof. The hypotheses yield Qn−1
0≡1 mod nand thus ordn(Q0)|(n−1) on the
one, and ρ(n, P, Q)|(n+ 1) on the other hand. Hence (ordn(Q0), ρ(n, P, Q)) ≤2.
By the choice of Q0, both ordn(Q0) and ρ(n, P, Q0) need to be even. 2
6.2 The main results
We are now in the position to determine the number of parameters Pthat
pass the proposed test. It is sufficient to establish the desired number modulo
any prime power dividing n. We first need the following proposition, which is a
specification of Theorem 1, in that nis now by hypothesis a psp(Q0).
Proposition 3. Let n=Qp|npαbe a psp(Q0). Then the number of P∈Zpα
such that ³P2−4Q0
p´=²(p)and Uk(P, Q0)≡0 mod pα,is given as follows.
1. For ³Q0
p´=−1as 

Pd|(k,p−²(p))
ν2(d)=ν2(p−²(p))
(d,ordn(Q0))=2
φ(d),when ν2(k)≥ν2(p−²(p))
0, otherwise,
2. for ³Q0
p´= 1 as 




Pd|(k,p−²(p))
ν2(d)<ν2(p−²(p))
(d,ordn(Q0))=2
φ(d),when ν2(k)≥ν2(p−²(p)),
Pd|(k,p−²(p))
(d,ordn(Q0))=2
φ(d),otherwise.
Proof. The proof runs along the same lines as the one for Theorem 1. Similarly
as for Lemma 3 we get the additional condition (d, ordn(Q0)) = 2. 2
Theorem 4. If nis a spsp(Q0)for ³Q0
n´=−1,and n=Qp|npα, then the
number of P∈Zpαsuch that ³P2−4Q0
n´=−1and Vn+1
2(P, Q0)≡0 mod pα,is
•when ³Q0
p´=−1,given as ((n+1,p+1)
2,for ν2(n+ 1) = ν2(p+ 1),
0,otherwise,
•when ³Q0
p´= 1,given as ((n+1,p−1)
2,for ν2(n+ 1) < ν2(p−1),
0,otherwise.

10
Proof. By Lemma 1 and Lemma 2 we need to count those parameters Pfor
which Un+1(P, Q0)≡0 mod pα,Un+1
2(P, Q0)6≡ 0 mod pα, and additionally
ν2(ρ(p, P, Q0)) = ν2(n+ 1).
Consider firstly the case that ³Q0
p´=−1.According to Corollary 1 we
necessarily need to have ν2(p+1) = ν2(n+ 1).Therefore, if ν2(n+ 1) 6=ν2(p+ 1),
the desired number of the P’s is zero. Now, let ν2(n+ 1) = ν2(p+ 1).Then by
Proposition 3 the number of P0swith Un+1(P, Q0)≡0 mod pαis
X
d|(n+1,p+1)
ν2(d)=ν2(p+1)
(d,ordn(Q0))=2
φ(d),
while the number of P0swith Un+1
2(P, Q0)≡0 mod pαis 0. We show that
the condition (d, ordn(Q0)) = 2 is immaterial. For suppose to the contrary that
this gcd is some value g > 2. Then g|d|(n+ 1) and g|ordn(Q0)|(n−1) which is
impossible and we thus obtain the number as (n+1,p+1)
2.
Now consider the case that ³Q0
p´= 1.We then have ²=²(p) = 1 and, addi-
tionally, ν2(ρ(p, P, Q0)) < ν2(p−1).By Corollary 1 we require that necessarily
ν2(n+ 1) < ν2(p−1).Thus, if ν2(n+ 1) ≥ν2(p−1) the number of Pis zero. If
ν2(n+ 1) < ν2(p−1) we obtain the desired number as
X
d|(n+1,p−1)
(d,ordn(Q0))=2
φ(d)−X
d|(n+1
2,p−1)
(d,ordn(Q0))=2
φ(d).
By similar arguments concerning the gcd as above, these sums evaluate to (n+
1, p −1) −1−(n+1
2, p −1) + 1 = 1
2(n+ 1, p −1),as claimed. 2
We thus have established the exact number of parameters Pthat pass the
proposed test.
Theorem 5. Suppose that a composite number nfulfills for all prime divisors
pthe following conditions
•if ³Q0
p´= 1 then 




²(p) = 1,
ν2(n+ 1) < ν2(p−1),and ν2(n−1) < ν2(p−1),
p≡1 mod 8,
•if ³Q0
p´=−1then (²(p) = −1,
ν2(n+ 1) = ν2(p+ 1) and ν2(n−1) = ν2(p−1).
Let γ= 1,respectively 0, according as n≡1or 3modulo 4. Then the number of
parameters Pthat pass the proposed test of section 4.2 is given as
Y
p|n
(Q0
p)=1
1
2(n+ 1, p −1) ·Y
p|n
(Q0
p)=−1
1
2(n+ 1, p + 1) −γ.
Otherwise ndoes not pass the proposed test for any of the parameters P.

11
6.3 Some special cases
It follows from above, that the combined test is most effective, when for the spsp
test a basis Q=Q0with suitable large orders are chosen. Alternatively, we can,
prior to the Lucas test, run the strong probable prime test for variations of bases
Q. Then the number of parameters Pthat pass the proposed Lucas test, will be
minimized.
Lemma 4. Let n=Qr
i=1 pi,pi6= 2,3,5. Suppose that for some ithere exists a
parameter aiwith pi−1
2¯¯¯ordpi(ai)such that nis a psp(ai). A necessary condition
for nto be a Lpsp(P, Q)for P∈Z∗
nand ¡D
n¢=−1, is that ³D
pi´=−1.
Proof. Suppose that ³D
pi´= 1. Then ρ(pi, P, Q)|(pi−1) and ρ(pi, P, Q)>2 since
otherwise (P, n)>1. However, since pi−1
2¯¯ordpi(ai), we have (pi−1
2, ρ(pi)) >2,
which makes it impossible for nto pass the Lucas test. 2
Corollary 2. A necessary condition for a Carmichael number n=Qr
i=1 pito
be a Lpsp(P, Q)with P∈Z∗
nand ¡D
n¢=−1is that 2|/rand ³D
pi´=−1for all
pi.
Similarly as above we obtain
Lemma 5. Let n=Qr
i=1 pibe a spsp to a set Aof bases. Suppose that for
every ithere is an ai∈Awith ui|ordpi(ai)where uidenotes the odd part of
pi−1. Let D=P2−4Qsuch that ¡D
n¢=−1and P6= 0. If 2|ror ³D
pi´= 1 for
some ithen ncannot be a sLpsp(P , Q).
For such composites the number of “liars” Pto the proposed test becomes
extremely small.
Corollary 3. Suppose that for all primes pidividing n(at least) one of the
following conditions holds:
•ui|(n−1),
•³Q0
pi´=−1.
Then, ncan pass the proposed test of section 4.2, only if, for all pi
µQ0
pi¶=µD(P)
pi¶=−1,
ν2(n+ 1) = ν2(p+ 1) and ν2(n−1) = ν2(p−1).
In this case the number of Pthat pass the test equals
Y
pi|n
(n+ 1, pi+ 1)
2−γ,
where γis defined in Theorem 5.

12
Remark 2. (i) If nhas tprime factors, then with probability 1
2tthe base Q0
is a nonresidue for all the pi. Since the spsp test is extremely fast, it can
very efficiently be run for variations of Q0.As a second step, now Corollary
3 asserts that the combination with the Lucas test as described in section
4.2 is highly reliable.
(ii) It is known (cf. [3]) that if a composite integer nis a spsp w.r.t. all possible
φ(n)
4bases, then nis either of the form n= (k+1)(2k+1), or nis a Carmichael
number with three factors that are ≡3 mod 4.The first from can easily be
checked for compositeness, since n= (k+ 1)(2k+ 1) implies that 8n+ 1
is a perfect square. For numbers of the second form, no efficient algorithms
are known. However, in this case Corollary 3 asserts that the proposed test
is very effective. In particular, since (pi−1)|(n−1) the number of liars P
obviously will be very small.
6.4 Some numerical examples
1. The spsp test w.r.t. one base Q=Q0.
For simplicity we investigated the spsp(2) ≤1013 by R. Pinch [16] in relation
to our proposed test. As Q0= 2 we only search through the numbers n≡ ±3
mod 8. There a total of 23637 of such pseudoprimes in Pinch’s list. The
following table illustrates the efficiency of the proposed test.
Distribution of all composites n≤1013,n≡ ±3 mod 8 that pass
the proposed test for Q0= 2
no. of nthat don’t pass the test for any Ppercentage
14867 62.89
distribution of nthat pass the test for tdifferent P
tpercentage tpercentage
2 29.88 14 0.38
6 2.89 18 0.18
4 1.70 12 0.16
10 0.72 16 0.09
8 0.40 others 0.66
2. The spsp test w.r.t. variations of bases Q.
When nis known to be a spsp for more than one base Qthen the num-
ber of liars Pfor the proposed test becomes very small. We considered
composites that are spsps for all bases ≤t. For example when searching
through Bleichenbacher’s list [3] of such numbers for t≤100, we found that
in many cases these composites will not pass the proposed test for any Q0
and any P. For the pseudoprimes that do pass our test, the number of liars
Pis, in relation to n, extremely small, e.g. when ³Q0
n´=−1 then n=
168790877523676911809192454171451, and n= 194350792386572081824965
3583964807114160978140504971,pass for 8 different P, and n= 10887815362
95680823159869241893780851 passes for 56 different P.

13
As another example consider Arnault’s 331 digit number. Although it is a
spsp w.r.t. all prime bases ≤200 [1] it does not pass the proposed test for
any Q0nor for any P.
Acknowledgement
I am deeply grateful to Professor W. B. M¨uller for numerous helpful discussions,
his many valuable comments and his qualifying advice.
References
1. Arnault, F.: Rabin-Miller primality test: Composite numbers which pass it. Math.
Comp. 64 (209), 355-361 (1995)
2. Baillie, R., Wagstaff, S., Jr.: Lucas pseudoprimes. Math. Comp. 35, 1391-1417
(1980)
3. Bleichenbacher, D.: Efficiency and Security of Cryptosystems based on Number
Theory. Dissertation ETH Z¨urich 1996.
4. Carmichael, R.D.: On Sequences of Integers Defined by Recurrence Relations.
Quart. J. Pure Appl. Math. Vol. 48, 343-372 (1920)
5. Grantham, J.: A Probable Prime Test with High Confidence. J. Number Theory
72, 32-47 (1998)
6. Guillaume, D., Morain, F.: Building pseudoprimes with a large number of prime
factors. AAECC 7(4), 263-277 (1996)
7. Jaeschke, G.: On strong pseudoprimes to several bases. Math. Comp. 61, 915-926
(1993)
8. Kowol, G.: On strong Dickson pseudoprimes. AAECC 3, 129-138 (1992)
9. Lidl, R., M¨uller, W.B., Oswald, A.: Some remarks on strong Fibonacci pseudo-
primes. AAECC 1, 59-65 (1990)
10. More, W.: The LD Probable Prime Test. In: Mullin, R.C., Mullen, G. (eds.) Con-
temporary Mathematics 225, 185-191 (1999)
11. M¨uller, S.: On Strong Lucas Pseudoprimes. In: Dorninger, D., Eigenthaler, G.,
Kaiser, H.K., Kautschitsch, H., More, W., M¨uller, W.B. (eds.) Contribution to
General Algebra, 10, 237-249 (1998).
12. M¨uller, S.: Carmichael Numbers and Lucas Tests. In: Mullin, R.C., Mullen, G.
(eds.) Contemporary Mathematics 225, 193-202 (1998)
13. M¨uller, S: On the rank of appearance of Lucas sequences. To appear in the Pro-
ceedings of the 8th International Conference on Fibonacci Numbers and Their
Applications, June 22 - 26, 1998, Rochester, New York.
14. M¨uller, W.B., Oswald, A.: Dickson pseudoprimes and primality testing. In: Davies,
D.W. (ed.) Advances in Cryptology - EUROCRYPT’91, 512-516. Lecture Notes in
Computer Science, Vol. 547. Berlin Heidelberg New York: Springer 1991
15. Pinch, R.G.E.: The Carmichael numbers up to 1015. Math. Comp. 61, 381-391
(1993)
16. Pinch, R.G.E.: ftp://ftp.dpmms.cam.ac.uk/pub/rgep/Papers/publish.html#41
17. Postl, H.: Fast evaluation of Dickson polynomials. In: Dorninger, D., Eigenthaler,
G., Kaiser H., M¨uller, W.B. (eds.) Contributions to General Algebra 6, 223-225.
B. G. Teubner: Stuttgart 1988
18. Ribenboim, P.: The New Book of Prime Number Records. Berlin: Springer 1996
19. Somer, L.: On Lucas d-Pseudoprimes. In: Bergum, G., Philippou, A., Horadam, A.
(eds.) Applications of Fibonacci Numbers, Vol. 7, Kluwer, 369-375 (1998)