Suppose you start with some large number x and want to find a prime number at least as big as x. First you test whether x is prime. Then you test whether x + 1 is prime. Then you test whether x + 2 is prime, and so on until you find a prime. Of course you would just test odd numbers, but how far might you have to look? How much larger than x might your result be?

Bertrand conjectured, and Chebyshev proved, that you’ll find a prime before you get to 2x. Said another way, the width of the interval you need to explore is no larger than x.

Note that if we just want to find a prime of a certain order of magnitude, the most efficient approach is to try numbers at random until you find one. But if you want to find the next prime you have to search more methodically. Maybe there’s a better way to do this than sequentially testing odd numbers. In any case, this post looks at an upper on the result you get, regardless of how you go about finding it.

New results

In [1] the authors prove that the length of the interval to search can be orders of magnitude smaller than x. For example, if

x > e⁶⁰

then the interval can be of length x/10¹⁶.

The authors state their results in the form of an interval up to x rather than an interval starting at x, so their theorems immediately apply to starting at x and searching backward for the largest prime no greater than x. But by changing what you call x you could apply the results to looking forward for the smallest prime no smaller than x.

Illustration related to cryptography

Let’s see what the results in [1] might say about primes of the size used in cryptography. For example, RSA and Diffie-Hellman work with primes on the order of 2²⁰⁴⁸ or 2³⁰⁷². More on that here.

If x is a 2048-bit integer x, then log x is around 1420. The authors in [1] show that if

log x > 1200

then the length of the interval to explore has width less than x/Δ where Δ = 3.637×10²⁶³.

Now if x is a 2048-bit number then we need to explore an interval of length less than

2²⁰⁴⁸ / 3.637 × 10²⁶³ ≈ 2²⁰⁴⁸/ 2^857.5 = 2^1172.5.

So for a 2048-bit number, the length of the interval to search is a 1173 bit number. Said another way, we can turn x into a prime number by only changing the last 1173 bits, leaving the top 875 bits alone.

The number of bits in the length of the interval to search is a little more than half the number of bits in x; we can turn x into a prime by modifying a little more than half its bits.This is a general result for sufficiently large x.

The key contribution of [1] is that they’re explicit about what “sufficiently large” means for their theorems. There are other theorems that are not explicit. For example, in [2] the authors prove that for large enough x, the interval to search has width x^0.525, but they don’t say how large x has to be.

If 2²⁰⁴⁸ is large enough for the theorem in [2] to hold, then the length of our interval could be a 1076-bit integer.

Related posts

• How long does it take to find large primes?
• Cryptography posts

[1] Michaela Cully-Hugill and Ethan S. Lee. Explicit interval estimates for prime numbers. Mathematics of Computation. https://doi.org/10.1090/mcom/3719. Article electronically published on January 25, 2022

[2] R. C. Baker, G. Harman, and J. Pintz, The difference between consecutive primes. II, Proc. London Math. Soc. (3) 83 (2001), no. 3, 532–562.

Here’s a surprising theorem [1].

(Beatty’s theorem) Let a and b be any pair of irrational numbers greater than 1 with 1/a + 1/b = 1. Then the sequences { ⌊na⌋ } and { ⌊nb⌋ } contain every positive integer without repetition.

Illustration

Here’s a little Python code to play with this theorem.We set a = e and make b what it has to be to make the reciprocals add to 1.

We can’t tell from a finite sample whether the sequence covers all the integers, but we can at least verify that there are no repeats.

    from math import exp, floor

    a = exp(1)
    b = 1/(1 - 1/a)
    N = 100

    nums = set()
    for n in range(1, N+1):
        nums.add(floor(n*a))
        nums.add(floor(n*b))    
    print(len(nums))

We put 200 numbers into our set, and since they’re all unique, the set will have 200 elements when we’re done.

Except it doesn’t! We get 199 elements. Is there some subtle issue with floating point accuracy, where two numbers that should have different floors happen to have the same floor?

No, it’s nothing that complicated. When n = 0, ⌊0 a⌋ and ⌊0 b⌋ are both 0.

The theorem implicitly assumes that n ranges over positive integers, not non-negative integers [2]. If we modify our loop to

    for n in range(1, N+1):

then we do indeed get 200 distinct integers.

Coverage

Beatty’s theorem says that every integer k will eventually be part of one of the two sequences. That is, there will be some n such that k either equal ⌊na⌋ or ⌊nb⌋. How big might n be relative to k?

To get an idea, let’s modify the script above to report the smallest number that hasn’t occurred and the largest number that has occurred. We do this by taking the following line on at the end.

    print(min(set(range(1, 2*N)) - nums), max(nums))

This prints 159 and 271. That is, all the numbers from 1 through 158 have appeared, as well as numbers up to 271.

Now let’s do a longer run, changing N to 1000. Our code prints 1583 and 2718. So once again the numbers are filling in somewhat in order. Over three quarters of the numbers from 1 to 2000 have occurred.

Let’s crank N up to 1,000,000. Now we get 1581978 and 2718281. Each time, the smallest number not visited seems to be going up proportionally, as well as the largest number that has been visited.

That maximum number 2718281 looks familiar. In fact, it’s approximately 1,000,000 times e. In terms of our program parameters, it’s approximately Na.

And what about the lower number? It doesn’t look familiar, but we might guess Nb, and indeed b = 1.5819767….

Theorem

Based on the experiments above, we guess the following theorem. Define

S(N) = { ⌊na⌋ | 1 ≤ n ≤ N } ∪ { ⌊Nb⌋ | 1 ≤ n ≤ N }.

Then the smallest positive integer not in S(N) is

⌊(N+1) min(a, b)⌋

and the largest element in S(N) is

⌊N max(a, b)⌋.

Without loss of generality, assume a < b.

The largest element of S(N) will occur is as large as possible, i.e. n = N, and so the largest value in S(N) will be ⌊Nb⌋.

The number ⌊(N+1) a⌋ is not in S(N) since none of the elements of the Beatty sequences repeat, and it is the smallest number not in S(N).

One more run

Let’s illustrate our new theorem with a = √2.

Or program prints 1414214 and 3414213. The smallest number not encountered is 1414214, which equals ⌊1000001 √2⌋ .

Now b = 1/(1 – 1/√2) = 3.4142135…. and the maximum is indeed ⌊1000000 b⌋.

Notes

[1] Ezra Brown and Richard K. Guy. The Unity of Combinatorics. MAA Press, 2020.

[2] This is another example of a theme I return to regularly: it helps to test a theorem with a program, even if you’re certain the theorem is correct, because you’re not only testing the theorem, you’re testing your understanding of the theorem. Beatty’s theorem has been around over a century, and if it were wrong then we’d know by now. But my initial Python script revealed a requirement that was not explicit in the given statement of the theorem.

When does the equation

x² + 7 = 2ⁿ

have integer solutions?

This is an interesting question, but why would anyone ask it? This post looks at three paths that have led to this problem.

Ramanujan

Ramanujan [1] considered this problem in 1913. He found five solutions and conjectured that there were no more. Then in 1959 three authors [2] wrote a paper settling the conjecture, showing that Ramanujan was right. We don’t know what motivated Ramanujan, but the subsequent paper was a response to Ramanujan.

Nagell

T. Nagell [3] published a solution in 1960 after becoming aware of [2]. This paper republished in English a solution the author had first published in 1948 in a Norwegian journal. Nagell says he gave the problem as an exercise in a number theory textbook he wrote in 1951. By mentioning his textbook but not Ramanujan, Nagell implies that he came to the problem independently.

Golay

I ran into the problem a week ago in the course of looking at a problem that came out of Golay’s work in coding theory. A necessary condition for the existence of a perfect binary code of length n including p redundant bits that can detect up to 2 errors is

This leads, via the quadratic equation, to the equation at the top of the post.

All solutions

Each of the paths above states the problem in different notation; it’s simpler to state the solutions without variables.

• 1² + 7 = 2³
• 3² + 7 = 2⁴
• 5² + 7 = 2⁵
• 11² + 7 = 2⁷
• 181² + 7 = 2¹⁵

Verifying that these are solutions is trivial. Proving that there are no more solutions is not trivial.

References

[1] K. J. Sanjana and T. P. Trivedi, J. Indian Math. Soc. vol. 5 (1913) pp. 227-228.

[2] Th. Skolem, S. Chowla and D. J. Lewis. The Diophantine Equation 2ⁿ⁺² – 7 = x². Proceedings of the American Mathematical Society , Oct., 1959, Vol. 10, No. 5. pp. 663-669

[3] T. Nagell, The Diophantine Equation x² + 7 = 2ⁿ. Arkiv för Matematik, Band 4 nr 13. Jan 1960.

Thanks to Brian Hopkins for his help on this problem via his answer to my question on Math Overflow.

I’ve written a couple posts about the Golay problem recently, first here then here. The problem is to find all values of N and n such that

is a power of 2, say 2^p. Most solutions apparently fall into three categories:

• n = 0 or n = N,
• N is odd and n = (N-1)/2, or
• n = 1 and N is one less than a power of two.

The only two other solutions as far as I know are the two that Golay found, namely N = 23 with n = 3 and N = 90 with n = 2. Those are the only solutions for N < 30,000.

Solutions for fixed p

Phil Connor wrote me with a good suggestion: for fixed n, S(N, n) is an nth degree polynomial in N, and we can search for when that polynomial equals 2^p.

Instead of looping over N and seeing whether any S(N, n) is a power of 2 comes out, we could fix p and see whether there’s a corresponding value of N.

Now

S(N, n) = (1/n!)Nⁿ + … + 1

and so we are looking for positive integer solutions to

Nⁿ + … + n! = n! 2^p.

Using the rational root theorem

By the rational root theorem, a necessary condition for

Nⁿ + … – n!(2^p -1)= 0

to have a rational root is that N must divide the constant term

-n!(2^p -1).

That means that for fixed n and fixed p there are only a finite number of Ns that could possibly be solutions, namely the divisors of

n!(2^p -1).

Say we wanted to find all solutions with p = 32 and n = 3. Then we only need to check 96 values of N because 3!(2³² -1) has 96 divisors as the following Python code shows.

    >>> from sympy import divisors
    >>> len(divisors(6*(2**32-1)))
    96

We could evaluate S(N, 3) for each of the divisors of 6(2³² -1) and see if any of them equal 2³². And since S(N, n) is an increasing function of N, we could speed things up by being a little clever in our search. For example, if S(d, 3) > 2³² for a particular divisor d, there’s no need to keep trying larger divisors. More generally, we could do a binary search.

Not only could this approach be more efficient, I suspect it casts the problem in a form that would make it easier to prove theorems about.

Using the quadratic equation

The rational root theorem isn’t the only theorem we could apply to the polynomial formulation of the Golay problem. For example, if n = 2 we can use the quadratic equation and look at the discriminant to show that a necessary condition for there to be an integer solution is that

2^p+3 – 7

must be a positive integer. When p = 12 we get

2¹⁵ – 7 = 181²,

and this corresponds to Golay’s solution N = 90. There cannot be any solutions for larger values of p if p is odd because then 2^p+3 is a perfect square and there cannot be another perfect square so close. I don’t know whether there can be larger even values of p with

2^p+3 – 7

being a perfect square. If someone could show there are no such solutions, this would prove Golay found the only solution with n = 2. Maybe something similar would work for larger values of n.

Rumors of a proof

The conjecture I’ve been writing about is listed as Theorem 9.3 in Martin Erickson’s book Introduction to Combinatorics, Erickson does not give a proof but refers to Vera Pless’ book Introduction to the Theory of Error-correcting Codes, Wiley, 1989. However, people on MathOverflow who have seen Pless’ book say there’s no proof there.

Terry Tao says he doubts there is a proof:

To be honest, I doubt that this “theorem” is within the reach of existing technology. … My guess is that Erickson misread the discussion in Pless’s book.

Part of the confusion is that exceptional solutions to the problem discussed here are necessary (but not sufficient) for the existence of perfect Golay codes. It is widely reported that there is only one perfect binary Golay code, one based on S(23, 3) = 2¹¹. Some have taken that to mean that there are no more exceptional solutions, but this doesn’t follow. Maybe there are more exceptional solutions, but they don’t lead to the existence of more perfect binary Golay codes.

I haven’t seen a proof that Golay’s 23-bit code is the only perfect binary Golay code, though I’ve seen this theorem quoted repeatedly. It would be good to track down the proof of this theorem (if there is one!) and see whether it proves what I’m calling the Golay conjecture as an intermediate step. (Update: it does not. Seems Terry Tao was right to suspect there is no proof.)

Marcel Golay noticed that

and realized that this suggested it might be possible to create a perfect code of length 23. I wrote a Twitter thread on this that explains how this relates to coding theory (and to sporadic simple groups).

This made me wonder how common it is for cumulative sums of binomial coefficients to equal a power of 2.

Define

Golay’s observation could be expressed as saying

S(23, 3) = 2¹¹.

How often is S(N, n) a power of 2?

There are two easy cases. First,

S(N, 0) = 2⁰

for all N because there’s only one way to not choose anything from a set of N items. Second,

S(N, N) = 2^N

for all N. (Proof: apply the binomial theorem to (1 + 1)^N.)

If N is odd, then we have

S(N, (N-1)/2) = 2^N-1

by symmetry of the binomial coefficients.

Also,

S(2^p – 1, 1) = 2^p

In summary, S(N, k) is a power of 2 if

• k = 0 or k = N,
• N is odd and k = (N-1)/2, or
• k = 1 and N is one less than a power of two.

Are there any more possibilities? Apparently not many.

The only exceptions I’ve found are (23, 3) and (90, 2). Those are the only possibilities for N < 10,000. (Update: Searched up to 30,000.)

Golay found both of these solutions and mentioned them in [1]. In Golay’s words, “A limited search has revealed two such cases.” He didn’t say how far he looked, and apparently he didn’t have a proof that these were the only exceptional solutions.

(This post has been edited several times since I first posted it, to reflect corrections and a better understanding of the problem.)

Related posts

• Golay codes
• Error correcting codes from octonions
• Maximum gap between binomial coefficients
• When do binomial coefficients have integer roots?

[1] Golay, M. (1949). Notes on Digital Coding. Proc. IRE. 37: 657.

A positive integer n is said to be congruent if there exists a right triangle with area n such that the length of all three sides is rational.

You could always choose one leg to have length n and the other to have length 2. Such a triangle would have area n and two rational sides, but in general the hypotenuse would not be rational.

The smallest congruent number is 5. You can verify that 5 is congruent because the triangle with legs 20/3 and 3/2 has hypotenuse 41/6 and area 5. You can find a list of congruent numbers in OEIS A003273.

You can show that a number is congruent by demonstrating a rational right triangle with the specified area, as with 5 above. Showing that a number is not congruent is harder. How do you know you haven’t looked long enough?

There’s no simple classification of congruent numbers, but there are partial results. Jerrold Tunnell proved [1] a way to show that a number is not congruent.

It suffices to look at square-free numbers, numbers not divisible by the square of an integer. This is because if n = mk² then n is congruent if and only if m is.

Tunnell gives two necessary conditions for whether a square-free number n is congruent: one for the case of n odd and one for the case of n even.

Because Tunnell’s theorem gives necessary conditions, it can only prove that a number is not congruent.

It would be tidy if Tunnell’s conditions were also sufficient, i.e. that they could prove that a number is congruent. And they may be sufficient. Tunnell proved that if the Birch and Swinnerton-Dyer conjecture is true, then the converse of his theorem is true. If you could prove that the Birch and Swinnerton-Dyer conjecture, you could prove the converse of Tunnell’s theorem as a corollary. You could also win a million dollar prize.

Now for Tunnell’s conditions. If an odd square-free positive integer n is congruent, then there are twice as many integer solutions to

2x² + y² + 8z² = n

as

2x² + y² + 32z² = n.

And if n is even and square free, there are twice as many solutions to

4x² + y² + 8z² = n

as

4x² + y² + 32z² = n.

In general it’s hard to know how many integer solutions an equation has, but for the equations above we can find the solutions by brute force because all the terms are positive. We know each variable is between -√n and √n. We could even be more efficient and check smaller ranges of x and z because of the coefficients. And we can mostly look for solutions in the first quadrants and multiply by 8, but we need to be careful not to count solutions with zero components more than once.

Let’s prove that 11 is not a congruent number.

How many solutions to

2x² + y² + 8z² = 11

are there?

Clearly z can only possibly be ±1 or 0. If z = ±1 then x = ±1 and y = ±1. If z = 0 then the only solutions are x = ±1 and y = ±3. So we have 14 solutions: eight of the form (±1, ±1, ±1) and two of the form (±1, ±3, 0).

For the equation

2x² + y² + 32z² = 11

z must be 0, and so we have the eight solutions we found before: all combinations of (±1, ±3, 0).

Our first equation has 14 solutions and the second has 4, and so 11 must not be congruent.

[1] Tunnell, Jerrold B. (1983), “A classical Diophantine problem and modular forms of weight 3/2”, Inventiones Mathematicae, 72 (2): 323–334, doi:10.1007/BF01389327