Number Theory

Wilson's Theorem

n is prime if and only if (n−1)! ≡ −1 (mod n)

Wilson's theorem characterizes primes through factorials: for any integer n > 1, n is prime if and only if (n−1)! ≡ −1 (mod n). Equivalently, (n−1)! + 1 is divisible by n iff n is prime. Conjectured by Ibn al-Haytham around 1000 CE, restated by Waring in 1770 (attributing it to John Wilson), and proved by Lagrange in 1771. The cleanest known characterization of primes — and the most impractical, because (n−1)! grows like (n/e)ⁿ. Theoretical gem, not a working test.

Statementn prime ⟺ (n−1)! ≡ −1 (mod n)
ConjecturedIbn al-Haytham, ~1000 CE
ProvedLagrange, 1771
Proof methodPair each x with its inverse mod p
Practical costΩ(n log² n) — infeasible past n ≈ 30
Wilson primesp² ∣ (p−1)! + 1 — only 5, 13, 563 known

Watch the 60-second explainer

A condensed visual walkthrough — narrated, captioned, under a minute.

The statement

For any integer n > 1:

n is prime  ⟺  (n − 1)! ≡ −1 (mod n)

Or equivalently, n divides (n − 1)! + 1 iff n is prime.

This is a genuine if-and-only-if. Many primality results are one-way (primes satisfy property P, but some composites also satisfy P — Fermat's test is famously fooled by Carmichael numbers). Wilson's theorem is tight: the factorial test never misclassifies in either direction.

Worked example — primality of 7 (and contrast with 9)

Compute (7 − 1)! = 6! = 720. Reduce mod 7:

720 = 7 · 102 + 6
720 mod 7 = 6 = -1 (mod 7)  ✓ — 7 is prime.

And in full pairing form:

6! mod 7 = 1 · 2 · 3 · 4 · 5 · 6  (mod 7)
         = 1 · (2 · 4) · (3 · 5) · 6
         = 1 · 8 · 15 · 6  (mod 7)
         = 1 · 1 · 1 · 6  (mod 7)        ← inverse pairs collapse to 1
         = 6 ≡ -1 (mod 7)  ✓

Notice 2 · 4 = 8 ≡ 1 (mod 7), so 2 and 4 are inverses. Similarly 3 · 5 = 15 ≡ 1 (mod 7). Only 1 and 6 ≡ −1 pair with themselves. Product collapses to −1. This is the whole proof in miniature.

Now check n = 9 (composite):

8! = 40320
40320 mod 9: 40320 / 9 = 4480 exactly. So 40320 ≡ 0 (mod 9).
Not −1, not even close. 9 is composite — confirmed.

For composite n > 4, (n−1)! always contains enough of n's factors to make it divisible by n — so (n−1)! ≡ 0, not −1. (The lone exception is n = 4: 3! = 6 ≡ 2 (mod 4), neither 0 nor −1.)

Why pairing works (proof sketch)

Let p be prime. Consider the group (ℤ/pℤ)* — the nonzero elements 1, 2, …, p − 1 under multiplication mod p. We want to compute their product. Group it cleverly:

Each element x has a unique inverse x⁻¹ (mod p) — because gcd(x, p) = 1 for x ∈ {1, 2, …, p − 1}.
Inverses pair up. If x · x⁻¹ ≡ 1 and y = x⁻¹, then y · y⁻¹ = y · x = 1 too — same pair.
The only self-paired elements are ±1. If x = x⁻¹, then x² ≡ 1 (mod p), so (x − 1)(x + 1) ≡ 0 (mod p). Since p is prime, x ≡ ±1.

So the product 1 · 2 · 3 · … · (p − 1) splits into:

(p − 1)! ≡ 1 · (p − 1) · ∏(inverse pairs)  (mod p)
        ≡ 1 · (-1) · 1 · 1 · ... · 1
        ≡ -1  (mod p)

The converse — if (n − 1)! ≡ −1 (mod n) then n is prime — is short. Suppose n is composite. Then n has a factor 1 < d < n, so d divides (n − 1)! (because d appears as one of the factors 1, 2, …, n − 1). Therefore d divides (n − 1)! and also divides n, so d divides ((n − 1)! mod n). For (n − 1)! ≡ −1 (mod n), we'd need d to divide −1 — impossible for d > 1. So no composite satisfies the congruence.

JavaScript — verify Wilson's theorem

// Slow direct check — only works for small n
function wilsonTest(n) {
  if (n <= 1) return false;
  if (n === 2) return true;
  let fact = 1n;
  const N = BigInt(n);
  for (let i = 1n; i < N; i++) {
    fact = (fact * i) % N;
  }
  return fact === N - 1n;  // ≡ -1 (mod n)
}

// Check primes 2..20
for (let n = 2; n <= 20; n++) {
  console.log(n, wilsonTest(n));
}
// 2 true, 3 true, 4 false, 5 true, 6 false, 7 true, 8 false, 9 false,
// 10 false, 11 true, 12 false, 13 true, ... — matches primes exactly.

// Wilson prime check: p² | (p−1)! + 1
function isWilsonPrime(p) {
  if (!wilsonTest(p)) return false;
  let fact = 1n;
  const P = BigInt(p);
  for (let i = 1n; i < P; i++) fact = (fact * i) % (P * P);
  return (fact + 1n) % (P * P) === 0n;
}

isWilsonPrime(5);    // true
isWilsonPrime(13);   // true
isWilsonPrime(563);  // true (but slow — 562 multiplications mod 563²)
isWilsonPrime(7);    // false

Variants and comparison

Primality test	Type	Iff?	Cost	Practical?
Wilson's theorem	Algebraic identity	Yes — exact characterization	O(n log² n)	No — factorial growth
Fermat's little theorem	Algebraic identity	No — Carmichael numbers fool it	O(log³ n)	Yes — but only as a screen
Trial division	Direct factor search	Yes	O(√n)	Up to n ~ 10¹²
Miller-Rabin	Probabilistic + square-root check	Yes (probabilistically)	O(k · log³ n)	Yes — RSA standard
AKS (2002)	Deterministic, polynomial	Yes	O(log⁶ n)	Asymptotic, not practical
Lucas-Lehmer (Mersenne)	Specific to 2^p − 1	Yes, for Mersenne form	O(p² log p log log p)	Yes — GIMPS uses it
Wilson generalized (Gauss)	Product of group units	Yes — characterizes (ℤ/nℤ)*	Ω(φ(n))	No — same factorial-blowup problem

Common pitfalls

Trying to use Wilson as a real primality test. (n−1)! has n log n digits. Even modular reduction during multiplication is O(log² n) per step, totalling Ω(n log² n) — exponentially slower than Miller-Rabin's O(log³ n). Wilson is a theorem, not a tool.
Forgetting the converse. Some sources state only "prime ⇒ factorial ≡ −1". Wilson is an iff; the converse needs the divisibility argument for composites.
n = 4 exception trap. 3! = 6 ≡ 2 (mod 4), neither 0 nor −1. The clean statement "composite ⇒ (n−1)! ≡ 0" fails here. It works for all composite n > 4 because n then has > 1 distinct factors below it, and they accumulate.
Misnaming. Wilson never proved Wilson's theorem. Lagrange did. Ibn al-Haytham conjectured it 700 years earlier. The Eurocentric naming has stuck.
Confusing with Wilson's primes. Wilson's theorem holds for all primes. Wilson primes are the very rare p satisfying p² | (p−1)! + 1 — only 5, 13, 563 known despite exhaustive search to p < 2 · 10¹³.
Believing it generalizes simply to composites. Gauss's generalization works for (ℤ/nℤ)*, but the product equals −1 only when n is 1, 2, 4, p^k, or 2p^k; otherwise +1. The classical Wilson is the p^k with k = 1 case.

Applications

Number-theoretic proofs. Wilson's theorem appears in proofs of Fermat's theorem on sums of two squares, the four-squares theorem, and in deriving properties of quadratic residues.
Mathematical olympiads. Standard tool in IMO and Putnam problems on factorials mod primes — knowing the inverse-pairing trick unlocks many problems.
Wilson-prime hunting. Distributed-computing projects have checked p < 2 · 10¹³; no fourth Wilson prime has been found. Open conjecture: infinite Wilson primes; heuristic density log log p / p.
Formal verification. Proof assistants (Coq, Lean) include Wilson's theorem in their number-theory libraries as a foundational result for deeper algebraic number theory.
Pedagogy. The inverse-pairing proof is the cleanest entry to thinking about multiplicative groups (ℤ/pℤ)* as cyclic objects — sets the stage for primitive roots, quadratic residues, Fermat's little theorem, and group theory more broadly.
Combinatorial identities mod primes. Wilson plus Fermat give clean formulas for binomial coefficients and Stirling numbers reduced mod p — used in Lucas's theorem and generating functions.

History

The result is named for John Wilson, an English mathematician who studied with Edward Waring in the 1760s. Waring stated the theorem in Meditationes Algebraicae (1770), crediting his student Wilson with the conjecture. Neither could prove it.

Joseph-Louis Lagrange supplied the first proof in 1771, using exactly the inverse-pairing argument now standard. But the result had been known much earlier — Ibn al-Haytham (Alhazen) stated and used it around 1000 CE in his work on algebra and number theory. So "Wilson's theorem" predates Wilson by seven centuries and Waring by eight.

Gauss later generalized the theorem to ℤ/nℤ — the product of all units of ℤ/nℤ is −1 iff n is 1, 2, 4, p^k, or 2p^k for odd prime p, and +1 otherwise.

Frequently asked questions

What exactly does Wilson's theorem say?

For an integer n > 1: n is prime if and only if (n−1)! ≡ −1 (mod n). Equivalently, (n−1)! + 1 is divisible by n iff n is prime. Examples: (7−1)! = 720, and 720 ≡ −1 (mod 7) (720 + 1 = 721 = 7 · 103). (9−1)! = 40320, and 40320 mod 9 = 0 — not −1, confirming 9 is composite.

Who first conjectured and who proved it?

Ibn al-Haytham (Alhazen) stated the forward direction around 1000 CE in Iraq. Edward Waring restated it in his Meditationes Algebraicae (1770), attributing it to his student John Wilson — hence the name. Joseph-Louis Lagrange proved both directions a year later, in 1771. So "Wilson's theorem" is actually a thousand-year-old observation that Wilson never proved and Lagrange did.

What's the proof idea?

For prime p, every nonzero element of ℤ/pℤ has a unique multiplicative inverse. Pair each x in {2, 3, …, p−2} with x⁻¹. The only self-pairs are elements with x² ≡ 1 (mod p) — which mod a prime means x ≡ ±1. So in the product 1 · 2 · 3 · … · (p−1), all the middle elements pair up to 1, leaving just (p−1)! ≡ 1 · (p−1) ≡ −1 (mod p). The converse — composite n has (n−1)! ≡ 0, not −1 (mod n) — uses divisibility of (n−1)! by the small prime factors of n.

Why isn't Wilson used as a real primality test?

(n−1)! grows factorially — by Stirling, (n−1)! ≈ (n/e)ⁿ √(2πn). For n = 100, (n−1)! has 156 digits; for n = 1000, it has 2567 digits. Computing (n−1)! mod n takes n−2 multiplications, each O(log² n) bits — total O(n log² n). Miller-Rabin does O(log³ n) bit operations per round — exponentially faster. So Wilson is mathematically beautiful but useless past tiny n. It's a characterization, not a test.

What's a Wilson prime?

A prime p such that p² divides (p−1)! + 1 — a strengthening of Wilson's theorem from divisibility by p to divisibility by p². Only three are known: 5, 13, 563. The Wilson quotient W(p) = ((p−1)! + 1)/p has been computed for all primes p ≤ 2 · 10¹³ with no fourth Wilson prime found. Conjectured to be infinite but extremely rare.

How does Wilson relate to Fermat's Little Theorem?

Both characterize primes via modular relations. Fermat: for prime p and a coprime to p, a^p−1 ≡ 1 (mod p). Wilson: (p−1)! ≡ −1 (mod p). Fermat is much weaker — composites (Carmichael numbers) can satisfy aⁿ⁻¹ ≡ 1. Wilson is an iff; Carmichael-like composites can't fool it. But Wilson costs factorial time, while Fermat costs log time — so Fermat is the practical foundation of Miller-Rabin.

Does Wilson generalize to other moduli?

Yes. Gauss generalized: in (ℤ/nℤ)* the product of all units equals −1 iff n is 1, 2, 4, p^k, or 2p^k for odd prime p; otherwise +1. So for n = 8: (1)(3)(5)(7) = 105 ≡ 1 (mod 8), not −1, as Gauss predicts. The classical Wilson is the prime case. Gauss's version is used in some structure theorems for cyclic groups and in the theory of quadratic residues.