I want to know a proof of an alternative form of Fermat-Euler's theorem $$a^{\phi (n) +1} \equiv a \pmod n$$
I searched some number theory books and a cryptography book and internet, but there were only proofs of the original theorem $a^{\phi (n)} \equiv 1 \pmod n$ or in case n=pq which is used for RSA. So I would be very thankful if someone show me a proof or book I should read.
As the proof below shows, the claim is true $\!\iff\! n$ is squarefree (i.e. a product of distinct primes). A simple counterexample is given by $\,n=4,\,a=2.\,$ Since $\,a^2 \equiv 0 \pmod{\! n}\,$ we can not have $\,a^e \equiv a \pmod{\! n}\,$ for any $\,e>1.\,$ In particular $\,a^{\phi(n) +1}=a^{2+1} \equiv 0\not\equiv a \pmod{\!n}$.
Below are some handy more general results.
Theorem $ $ (Korselt's Carmichael Criterion) $\ $ For $\rm\:1 < e,n\in \Bbb N\:$ we have
$$\rm \forall\, a\in\Bbb Z\!:\ n\mid a^e\!-a\ \iff\ n\ \ is\ \ squarefree, \ and \ \ p\!-\!1\mid e\!-\!1\ \, for\ all \ primes\ \ p\mid n\qquad$$
Proof $\ (\Leftarrow)\ $ By unique prime factorization (or Euclid's Lemma), a squarefree natural divides another iff all its prime factors do, so we need only show $\rm\:p\:|\:a^{\large e}\!-\!a\:$ for each prime $\rm\:p\:|\:n.\:$ It's clear if $\rm\,p \mid a.\,$ Else $\rm\!\bmod p\!:\ a \not\equiv 0\,$ $\rm\overset{\rm Fermat}\Longrightarrow\, \color{c00}{a^{\large\color{#0a0}{p-1}} \equiv 1}$ so $\rm\,\color{#c00}{a^{\large\color{#0a0}{e-1}}\equiv 1}\,$ by $\rm \,\color{#0a0}{p\!-\!1\mid e\!-\!1}\,$ and modular order reduction. Thus $\rm\,a^{\large e}-a\equiv a(\color{#c00}{a^{\large\color{#0a0}{e-1}}-1})\equiv a(\color{#c00}0)\equiv 0$.
$(\Rightarrow)\ \ $ Given that $\rm\: n\mid a^e\!-\!a\:$ for all $\rm\:a\in\Bbb Z,\:$ we must show
$$\rm (1)\ \ n\,\ is\ squarefree,\quad and\quad (2)\ \ p\mid n\:\Rightarrow\: p\!-\!1\mid e\!-\!1$$
$(1)\ \ $ If $\rm\,n\,$ isn't squarefree then $\rm\,1\neq a^2\!\mid n\mid a^e\!-\!a \Rightarrow\: a^2\mid a\:\Rightarrow\!\Leftarrow$ $\rm\: (note\ \ e>1\: \Rightarrow\: a^2\mid a^e)$
$(2)\ \ $ Let $\rm\ a\ $ be a generator ("primitive root") of the cyclic multiplicative group of $\rm\:\Bbb Z/p,\,$ i.e. $\rm\ a\ $ has order $\rm\:p\!-\!1.\:$ Now $\rm\:p\mid n\mid a\,(a^{e-1}\!-\!1)\:$ but $\rm\:p\nmid a,\:$ thus $\rm\: a^{e-1}\!\equiv 1\,\ ( mod\ p),\:$ therefore $\rm\:e\!-\!1\:$ must be divisible by $\rm\:p\!-\!1,\:$ the order of $\rm\ a\,\ (mod\ p).\quad$ QED
Corollary $\rm\,\ n\mid a^e b - a b^f\ $ if $\,\rm n\:$ is squarefree, and prime $\rm\:p\:|\:n\:\Rightarrow\: p\!-\!1\:|\:e\!-\!1,\,f\!-\!1$
Proof $\ $ By the Theorem $\rm\bmod n\!:\,\ a^e\equiv a,\, b^f\equiv b\,$ so $\rm\,a^e b - ab^f\equiv ab-ab\equiv 0$
Corollary' $\ n\mid f(a^{e_1},b^{e_2}) - f(a^{e_3},b^{e_4})\,$ if $\,n\,$ is squarefree, and prime $\,p\:|\:n\:\Rightarrow\: p\!-\!1\:|\:e_i\!-\!1\,$ and $\,f(x,y)\in\Bbb Z[x,y],\,$ i.e. $\,f\,$ is a polynomial in $\,x,y\,$ with integer coefficients.
Proof $\ $ By the Theorem $\bmod n\!:\,\ a^{e_i}\equiv a,\, b^{e_i}\equiv b\,$ so $f(a^{e_i},b^{e_i}) \equiv f(a,b)\,$ by the Polynomial Congruence Rule.
The equivalent definitions of Carmichael numbers are the special case $\,e = n\,$ below.
Theorem $\ $ The following are equivalent for integers $\,n,e>1$.
$(1)_{\phantom{|_{|_.}}}\ n\mid a^e\ -\ a\ \ $ for all $\,a\in\Bbb Z^{\phantom{|^|}}\!\!,\: $ and $\ (e\!-\!1,n)=1$
$(2)_{\phantom{|_{|_.}}}\ n\mid a^{e-1}\!-1\ $ for all $\,a\in\Bbb Z\,$ with $\, \color{#90f}{(a,n)=1}= (e\!-\!1,n)$
$(3)\ \ \ \:\! n\,$ is squarefree, $ $ prime $\,p\mid n\,\Rightarrow\, \color{#0a0}{p\!-\!1\mid e\!-\!1},\ p\nmid e\!-\!1$
Proof $\ \ $ See this answer
Although this is an old question, I realized that I had actually asked and answered this question myself in my undergraduate education. Although the proof is a bit rough around the edges, hopefully it provides enough of a different view than the currently accepted answer as to be useful to someone in the future.
Conjecture: Let $n\in\mathbb{N}$. We shall prove that $n$ is square-free if and only if for all $z\in\mathbb{Z}$, $z^{\phi(n)+1}\equiv z\ (\text{mod } n)$.
Proof: $(\Rightarrow)$ Proceeding with the forward direction, let $n$ be a square-free natural number. Thus, $n$ is of the form $n=p_1p_2...p_r.$ We will now proceed by induction on the number of prime factors of $n$.
Base Case: If $n$ has one prime factor, then $n=p$ for some prime $p$. Since $$z^{\phi(p)+1}=z^{p-1+1}=z^p\equiv z\ (\text{mod }p)$$
the base case is true.
Inductive Step: Now, assume that for all $z\in\mathbb{Z}$, $z^{\phi(n)+1}\equiv z\ (\text{mod }n)$. Define $n'=nq$ where $\gcd(n,q)=1$. Note that $q$ is to the first power since $n'$ must be square-free. It suffices to show that $$z^{\phi(n')+1}\equiv z\ (\text{mod }n)$$
and $$z^{\phi(n')+1}\equiv z\ (\text{mod }q)$$
in order to conclude $$z^{\phi(n')+1}\equiv z\ (\text{mod }n').$$
For $q$, note that for $z\not\equiv 0\ (\text{mod }q)$, we have $$z^{\phi(n')+1}=z\cdot z^{\phi(n)\phi(q)}=z(z^{\phi(q)})^{\phi(n)}=z(z^{q-1})^{\phi(n)}\equiv z\cdot 1^{\phi(n)}=z\ (\text{mod }q).$$
If $z\equiv 0\ (\text{mod }q)$, then $$z^{\phi(n')+1}\equiv 0\equiv z\ (\text{mod }q).$$
Either way, we can conclude $$z^{\phi(n')+1}\equiv z\ (\text{mod }q).$$
For $n$, we have $$z^{\phi(n')+1}=z^{\phi(n)\phi(q)+1}$$ $$=z^{\phi(n)(q-1)+1}=z^{\phi(n)(q-2+1)+1}=z^{\phi(n)(q-2)+\phi(n)+1}=z^{\phi(n)(q-2)}z^{\phi(n)+1}\equiv z\cdot z^{\phi(n)(q-2)}\ (\text{mod }n)$$ $$=z^{\phi(n)(q-2)+1}=z^{\phi(n)(q-3+1)+1}=z^{\phi(n)(q-3)+\phi(n)+1}=z^{\phi(n)(q-3)}z^{\phi(n)+1}\equiv z\cdot z^{\phi(n)(q-3)}\ (\text{mod }n)$$ $$\vdots$$
Continuing this process for $q$ steps, we have $$\vdots$$ $$=z^{\phi(n)(q-(q-2))+1}=z^{2\phi(n)+1}=z^{\phi(n)+\phi(n)+1}=z^{\phi(n)}z^{\phi(n)+1}\equiv z\cdot z^{\phi(n)}\ (\text{mod }n)$$ $$=z^{\phi(n)+1}\equiv z\ (\text{mod }n)$$
We conclude $$z^{\phi(n')+1}\equiv z\ (\text{mod }n).$$
As stated above, since $\gcd(n,q)=1$, this implies $$z^{\phi(n')+1}\equiv z\ (\text{mod }n').$$
By the principle of mathematical induction, we can conclude that if $n$ is square-free, then for all $z\in\mathbb{Z}$, $z^{\phi(n)+1}\equiv z\ (\text{mod }n).$
$(\Leftarrow)$ Proceeding with the reverse direction, for $n\in\mathbb{N}$ and for all $z\in\mathbb{Z}$, we know $$z^{\phi(n)+1}\equiv z\ (\text{mod }n).$$
Now, suppose by way of contradiction that $n$ is not square-free. From the canonical form of $n$, $$n=p_1^{k_1}p_2^{k_2}...p_r^{k_r},$$
this would imply that for $1\leq i\leq r$, there exists $k_i>1$. For ease of notation, define such an exponent and prime as $k_i=t$ and $p_i=q$ respectively. Also, define $n'=\frac{n}{q^t}$. From our initial condition, choose $z=q$. Thus $$q^{\phi(n)+1}\equiv q\ (\text{mod }n).$$
This implies there exists $N$ such that $$nN=q^{\phi(n)+1}-q$$ $$q^tn'N=q^{\phi(n)+1}-q$$ $$q^{t-1}n'N=q^{\phi(n)}-1.$$
However, since $t>1$, this implies $$0\equiv q^{t-1}n'N_1 =q^{\phi(n)}-1\equiv -1\ (\text{mod }q),$$
a contradiction. We conclude $n$ is square-free. QED
