What about ? This is a bit tricker to do efficiently. Let denote the result after removing all factors of or from , as before. Then we want to be evenly divisible by , or put another way, we want the smallest such that
So the obvious method is to compute , , , and so on, and find the first which yields . Practically speaking, we don’t have to compute from scratch at each step: we can start with , and then at each step multiply the current value by and reduce . We keep doing this until we reach again, and record how many steps it took. For example,
This took 6 steps, therefore is the smallest such that is divisible by 21; this matches what we saw in the previous posts, for example, the fact that has a repetend length of (remember that removing factors of 2 and 5 from yields ).
This method is correct, but we can do better—although for this we’ll need a little bit of group theory!
We can use this knowledge to find more quickly than simply counting powers of : just list all the divisors of , try each one by raising to the power of the divisor (using fast modular exponentiation of course), and pick the smallest one that yields . Using our example from before of , we find that , and so has to be one of , , , , , or . As another, bigger example, suppose . Then we can compute
.
(I was going to link to an explanation of how to compute —but it seems although I’ve mentioned many times before, I’ve never actually written about how to compute it! I’ll have to do that soon, since it’s a very interesting topic. In any case, if you don’t know how, you can just take my word for now.) This number has divisors we would have to try (since to make a divisor of , there are choices for the exponent of (namely, 0 through 5), 6 choices for the exponent of 3, and 2 choices for the exponent of ). things to try is much, much better than trying every single possible value from up to ! I wrote a little computer program to try them all, and it turns out that is the smallest divisor that works. Hence, we find that has a repetend of length (but I’m sure you knew that already =).
It turns out we can do this computation even faster—but that will have to wait for another post!
]]>What are the smallest values of and such that is evenly divisible by ?
and I left it at that, with some questions for thought.
Can you see why we get to determine the values of and separately, i.e. neither value influences the other at all?
The reason we get to consider and separately is that and cannot possibly share any prime factors in common. only has 2 and 5 as prime factors; on the other hand, cannot have 2 or 5 as prime factors since it is equivalent to and . So the original question splits into two independent questions: (1) What is the smallest value of such that cancels all the factors of and in ? (2) What is the smallest value of such that cancels all the other prime factors in ?
The first sub-question is easy enough to answer: if , where has no factors of or , then choosing is both necessary and sufficient: it will be just enough to cancel all the factors of and in .
Let’s see how this works. The example we looked at last time was . If we factor we get , so our analysis above says , since there are two factors of . And sure enough, the decimal expansion has a prefix of length .
As another example, let’s pick a denominator by its factorization: suppose we have a denominator of . 5 has a higher exponent than the 2, so we predict the prefix will have length 4: and sure enough, for example,
We can try other numerators too, we just have to make sure they are relatively prime to . For example,
.
In my next post I’ll talk about how to find the repetend length!
]]>(Let’s assume ; if then we can just pull out the integer part before analyzing the part after the decimal point.) We’ll call the prefix, which has digits, and is the -digit repetend.
The question is, given a fraction , how long will the prefix and repetend be (i.e. what are the smallest possible values of and )? In particular, it possible to compute and without simply doing long division?
It turns out that it is possible, and I’d like to explain how it can be done. I wrote about this a long time ago (exactly ten years and two days ago, actually!!) but I think I can do a better job explaining it now.
Let’s start by looking at the fraction
It starts with a two-digit prefix (that is, ), and after that it repeats the sequence of digits forever.
Let’s play with this a bit. First of all, let’s multiply by to shift the prefix over to the left of the decimal point:
Now if we multiply by another , we shift one entire copy of the repetend to the left of the decimal point as well:
If we subtract these, the infinite repeating parts to the right of the decimal point will cancel, and we will be left with an integer:
(Of course in this case the integer is , but we don’t really care: since we’re only interested in the length of the prefix and repetend, it turns out that it doesn’t actually matter what the integer is, only the fact that it is one!)
We can now factor the left-hand side a bit to get
Let’s think about why this is an integer. Note that . First, the cancels with the and in , leaving
Now note that is divisible by , so the remaining denominator cancels and we are left with an integer. In fact, as you can check, is the smallest value of such that is divisible by .
Let’s generalize: suppose we have
and assume that is in lowest terms, that is, and share no common factors. Multiplying by shifts the prefix to the left of the decimal point,
then multiplying by and subtracting cancels the repeating part to the right of the decimal point:
Again, we can factor the left-hand side, yielding
We want to find the smallest values of and which make this work. Note that since we assumed and share no common factors, is actually irrelevant: it doesn’t contribute to cancelling at all. (This explains why repetends are always the same length for a given denominator.) So in the end, the question becomes:
What are the smallest values of and such that is evenly divisible by ?
Or, put another way, how can we choose and in such a way that every prime factor of also shows up in ? I’ll continue in future posts; for now, I leave you with a few questions:
(Hints: finding turns out to be much easier than finding , and requires only knowing some basic facts about divisibility. Saying useful things about requires knowing some number theory and/or group theory.)
]]>Theorem: if is composite and there exists at least one Fermat witness for , then at least half of the numbers relatively prime to are Fermat witnesses.
Were you able to prove this? Here’s one way to do it.
Suppose is composite and is a Fermat witness for —that is, . Let be some Fermat liar for , that is, is relatively prime to but . (How do we know there exists a Fermat liar for , you ask? Well, we don’t, but if there aren’t any then the theorem is obviously true.) Then I claim that is also a Fermat witness for :
So for every Fermat liar there is a corresponding Fermat witness . The only thing we might worry about is that some of these Fermat witnesses might not be distinct. But in fact, since is relatively prime to , multiplication by modulo is invertible, so and must be distinct modulo whenever and are. This proves that there are at least as many Fermat witnesses as there are liars; hence at least half are witnesses.
This means that, as long as there is at least one Fermat witness for , each we pick has a probability of at least of revealing that is composite. So if we pick different values for and all of them yield , we can conclude that there is only a chance that is composite. That’s pretty good, and it’s nice that the probability is independent of .
However, there’s one big flaw, which relates to my third question from the previous post: can there be composite values of with no Fermat witnesses? More in my next post!
]]>and could share a common factor. In this case we can find the common factor using the Euclidean Algorithm, and is definitely not prime. (See my previous post.)
On the other hand, and might not share a prime factor, that is, they might be relatively prime (or put yet another way, their GCD might be ). This case breaks down into three subcases:
The question becomes: for a given composite , how many Fermat liars and Fermat witnesses could there be? How many values of do we have to test to be “reasonably sure” whether is prime or composite?
Each pixel in the image from my previous post represents a particular pair. Each row represents a value of , with the top row corresponding to and the bottom row to . Each column represents a value of . Of course we only consider pairs with , which explains the triangular shape. (I include the case to complete the triangle, although these are not interesting from a primality testing point of view.)
The four cases outlined above correspond to the four colors:
Here’s a much smaller sample of the same visualization so we can see more clearly what’s going on.
Primes of course yield blue stripes. Non-primes are stripes of yellow, green, and sometimes red. Testing a particular to see whether it is prime corresponds to picking random squares from its row: if we hit a yellow or green square, we learn immediately that is composite. If we hit a red square or a blue square, we aren’t sure. So far, however, things don’t look too bad: there are only a few isolated red squares, so picking two or three random values should be enough to ensure that we either find out is composite, or can safely assume that it is prime. Let’s continue the picture a bit farther; here are the first 100 values of :
I’ve also included some purple bars to the left of each row, showing what proportion of the numbers relatively prime to are Fermat liars. So far, none of the purple bars extend beyond the halfway mark (the first vertical line corresponds to half, and the second, slightly darker vertical line corresponds to ). It turns out there’s a good reason for this:
Theorem: if is composite and there exists at least one Fermat witness for , then at least half of the numbers relatively prime to are Fermat witnesses.
Some questions for you:
But wait a minute, this is silly: if shares a common factor with , then we don’t need anything as complex as Fermat’s Little Theorem to figure out that is not prime! All we have to do is compute using the Euclidean Algorithm, and when we find out that the result isn’t , we can immediately conclude that isn’t prime since it has a nontrivial divisor.
So for comparison, let’s consider this (terrible!) primality test, call it the GCD test: given an we want to test, pick values of such that and compute for each one. If we find an for which , then is not prime.
This is terrible for several reasons. First, if we want this test to tell us for certain when is prime, we essentially have to try all the possible values of . We can optimize a bit by only trying —if has any nontrivial divisors we will be sure to find some that are under —but this doesn’t help all that much in the grand scheme of things. In fact, this GCD test is actually almost the same thing as trial division, where we try a bunch of different numbers to see whether they evenly divide . Both are essentially trying to find divisors of by brute-force search.
So suppose instead that we are willing to live with some uncertainty, and we just try some fixed number of values for , and either conclude with certainty that is composite (if we happen to find an that shares a nontrivial factor with ), or report that it is probably prime. How bad can this be—or put another way, how many values of do we have to try so we can be “reasonably certain” that really is prime when the test says it is?
The answer is that it can be very bad indeed. Euler’s totient function counts the number of integers which are relatively prime to . So if is composite and we pick uniformly at random, there are choices which won’t reveal the fact that is composite, and approximately choices which do share a common factor with and hence do reveal the fact that it is composite.
So the question is, how big can be, relative to ? We would like it to be small—which would leave us with many opportunities to learn that is composite—but in fact it can be quite big. For example, , which is not much smaller than itself. This means that of the numbers less than share no factors in common with ; only of them share a factor. In fact, is big precisely when has just a few large prime factors, which intuitively is exactly when is most difficult to factor. For such there really is no acceptable number of ’s we can test with the GCD test in order to be reasonably sure that is prime—in the case of , for example, each we randomly pick has only a chance of sharing a common factor with ; and this can get arbitrarily bad as gets larger.
So remember we started down this path by showing that if we use the Fermat primality test, values of which share a common factor with will definitely reveal the compositeness of . But now we know that if we rely on only such values of , not only do we have a very small chance of discovering composite —no better than just using trial division—but more than that, actually using the Fermat test itself would be silly, since we should just use the simpler GCD test instead!
So if the Fermat primality test is worthwhile at all, it must be because there are other values of , which don’t share any common factors with , but nonetheless still reveal the fact that is composite since . So how many of those values of are there? Stay tuned!
]]>If is prime and is an integer where , then .
Recall that we can turn this directly into a test for primality, called the Fermat primality test, as follows: given some number that we want to test for primality, pick an integer between and (say, at random), and compute . If the result is not equal to , then Fermat’s Little Theorem tells us that is definitely not prime. Repeat some fixed number of times . If we get every time, then report that is probably prime.
This “probably prime” business is a little annoying. Can we somehow turn this into a deterministic primality test? Well, for one thing, instead of just picking random values, what if we tested all ? (Yes, of course this would take way too long, but bear with me for a bit!) If they all yield when raised to the power, could still possibly be composite, or could we conclude it is definitely prime? Put another way, are there any composite numbers such that for all ?
It turns out that this would work: there do not exist composite numbers such that for all , so if we test all possible values of and we always get , then we can conclude with certainty that is prime. Let’s prove it!
Suppose is composite, and let be some number which shares a nontrivial common divisor with , that is, . If is composite then such an must exist; for example, we could just take to be one of ’s prime divisors. Now, I claim that can’t possibly be equivalent to . Let be the remainder when dividing by , that is, . Rearranging gives , which means that is divisible by , that is, for some integer . Rearranging this again, we get . But by our assumption, and are both divisible by , and hence must be divisible by —but that means must be divisible by as well. Since we assumed that and have a nontrivial common factor, that is, , we conclude that too, that is, .
So we now know that any number which shares a common factor with will definitely reveal the fact that is composite. How many (or how few) such could there be? And what about other values of , which don’t share a factor with —how many of them might also reveal the fact that is composite? We’ll tackle these questions in my next post!
]]>Given the exact sequence of operations you did to reduce the rational to zero, you can easily reverse them to reconstruct the original rational. For example, suppose you had to subtract 1 three times, then reciprocate, then subtract 1 five times, reciprocate, then subtract 1 two more times. This gives us the equation
or, inverting everything to solve for ,
.
This clearly gives the right answer; the only question is whether it will stop after a finite amount of time. But it does, since every time we subtract 1 we are making the numerator smaller without changing the denominator, and reciprocating just switches the numerator and denominator without making them bigger. Also, if we had a number less than 1 and reciprocate it, the result will definitely be bigger than 1, at which point we can subtract 1 from it at least once, and hence we cannot get stuck reciprocating repeatedly without doing any subtracting. Since we have two positive integers which are either staying the same or getting smaller on each step, the process must eventually stop.
There are several equivalent ways to think about what is going on here:
One way to think about this—made clear by the expression for in the example above—is that we are building up the continued fraction expansion for .
Another way to think about it is that we are running the Euclidean Algorithm on ’s numerator and denominator. Of course the Euclidean Algorithm is typically used to find the greatest common divisor of two numbers, and if we imagine to be in lowest terms then of course the gcd of its numerator and denominator will be 1, so finding the gcd doesn’t tell us anything in and of itself. The point is, however, that the exact sequence of steps taken by the Euclidean Algorithm is unique for each relatively prime pair , and so we can use the sequence of steps to reverse-engineer what and must have been in the first place.
Yet another way, closely related to the previous, is to imagine that we are finding our way up the Calkin-Wilf tree step by step. Recall that the Calkin-Wilf tree is the infinite binary tree of positive rationals where the root is and each node has as its left child and as its right child. Each rational appears at a unique location in the tree, so the sequence of upwards steps taken from to the root allows us to reconstruct the original .
More specifically, if we have a number bigger than , it must be of the form for some and , i.e. it is a right child in the Calkin-Wilf tree. Subtracting one from yields , so it corresponds to taking one step up and to the left in the Calkin-Wilf tree. When we reach a number less than , it means that node is a left child, so we cannot take another step up and to the left. Reciprocating corresponds to mirroring the entire tree left-right, and then we can continue taking steps up and to the left.
So how long does this take? Moving up one level in the Calkin-Wilf tree takes at worst operations: one subtraction, two comparisons, and a reciprocate. (We have to do two comparisons because when we find out that a number is less than one, we have to also check if it is greater than 0 to see whether we should reciprocate or stop.) On the other hand, the best case takes only two operations (a subtraction and a comparison, if the result is still greater than one). The worst case for a given depth in the C-W tree would be if we start with the ratio of two consecutive Fibonacci numbers, since we would have to reciprocate after doing only one subtraction at every single step (try it!).
There’s also another fun thing we can do to speed things up. Instead of just subtracting repeatedly, we can use a sort of binary search instead. That is, we can first create cubes containing powers of two (in practice we can just create them on the fly as needed). Then given a number , we first find the smallest power of two such that is less (by computing , then , then , then , … and checking each time until we find the first such that ), and then we do a binary search on the interval to find the smallest such that (in practice this just means adding or subtracting the next smaller power of two at each step, depending on whether the previous step was less than or greater than 1). Not counting the operations needed to create the cubes with the powers of 2 in the first place (since we can reuse them many times, and in any case it takes only one operation per power of two), this would take about addition and subtraction operations. One might worry that this would be slightly slower for small values of ; however, I think (but have not fully worked out the details) that this will actually never require more operations than the naive subtraction method; I will leave this as an exercise. Of course, for larger this is clearly going to be a big win, since is much smaller than .
Of course, if the wizard had provided a machine that could perform a “floor” operation, we could make this even more efficient: instead of subtracting until finding a result less than , we could just compute . This is like being able to jump as far up and to the left as possible in the Calkin-Wilf tree using only two operations. (Unsurprisingly, the floor function plays a key role in the algorithm for generating the Calkin-Wilf sequence.) I actually had this in the original version of the puzzle, but took it out when I realized that it was not necessary, and slightly more interesting to do without!
Several commenters mentioned using the Stern-Brocot tree to search for the secret rational. It’s probably a topic for another blog post, but briefly, the idea is to keep track of four integers , , , and representing the rational numbers and . We start with and (representing ) and , (, representing “infinity”). We maintain the invariant that , that is, we maintain and as the endpoints of an interval that contains the secret rational . At each step we compute the mediant , which is guaranteed to lie in between and (exercise: prove this!), and check whether it is equal to the secret rational. If not, we either set or , depending on whether the secret rational is greater or less than , respectively. Unlike a simple binary search (which can only find rationals with a denominator that is a power of two in finite time), this is guaranteed to terminate in a finite amount of time; every rational can be obtained after a finite number of successive steps of taking the mediant.
So how long does it take? It turns out that the Stern-Brocot tree and the Calkin-Wilf tree have all the same rationals on each level, but in a different order^{1}, so the two methods are easy to compare. The proposed Stern-Brocot method moves down the tree one level each step, and it needs four five operations for each step (two additions to form the mediant, one division to turn the pair of integers representing the mediant into a rational number, and then two comparisons to find out whether the mediant is less than, equal to, or greater than the target number). Unless there is a more clever way to do this that I missed, it seems my method is a clear win: for a rational on level of the Stern-Brocot or Calkin-Wilf trees, the iterated mediant algorithm always needs exactly operations, whereas for my algorithm is only a worst case (for a ratio of consecutive Fibonacci numbers), but in many cases it does better (much better for rationals with large entries in their continued fraction expansion, which we can skip past in logarithmic time).
Each is a bit-reversal permutation of the other.