Theorem 2.2. If n is an odd prime, and a ∈ {1, . . . , n − 1}, the probability that the
algorithm returns “prime” is [Solovay − Strassen(n) = “prime”] = 1.
If n is an odd composite, the probability that algorithm returns ”composite” is
 [Solovay − Strassen(n) = “composite”] ≥1/2

Proof: If n is an odd prime, then the algorithm will obviously always output  ”prime”.  Let us now prove the second part of the theorem.  Assume that n is an odd composite. We will show that the probability of the algorithm returning  ”prime” is ≤ 1/2

 [Solovay − Strassen(n) = “prime”] =
 [{gcd(a, n) = 1} ∈  {= a^(n−1)/2 mod n}] =

From Lemma 2.1 it follows that E(n)  ≠ Z_n^*

Now it is easy to show that E(n) is a subgroup of the multiplicative group Z_n^*

a, b ∈ E(n) ∈ (ab mod n) ∈ E(n)
a ∈ E(n) ⇒  a⁻¹ ∈ E(n).

E(n) is thus a proper subgroup of Z_n^*
and, from elementary group theory, we conclude that

 

Thus  [Solovay − Strassen(n) = “prime”] ≤  ½