1: \section{Analysis of the algorithm for composite numbers}\label{sec:compos}
2: In this section we propose an analysis of the behavior of the
3: algorithm for composite numbers.
4: Indeed, our algorithm can also be used to produce high, if not
5: maximal, order element modulo a composite number.
6: This analysis is also used section
7: \ref{ssec:lucas} for the probabilistic primality test.
8: It is well known that there exists primitive roots for every number of
9: the form $2$, $4$, $p^k$ or $2p^k$ with $p$ an odd prime. On the other
10: hand, Euler's theorem states that every invertible $a \in \pF{p}^*$
11: satisfies $a^{\varphi(n)} \equiv 1 [n]$. Thus, for composite
12: numbers $n$ not possessing primitive roots, $\varphi(n)$ is not a
13: possible order of an invertible.
14: We therefore use $\lambda(m)$,
15: Carmichael's lambda function, the maximal order of an invertible
16: element in the multiplicative group ($\pF{p}^*$, $\times$).
17: See e.g. \cite{Knuth:1997:TAoCPSA,Erdos:1991:CLF,Bach:1996:ANTEA}, for more details.
18: %We therefore use
19: %Carmichael's lambda function, the maximal order of an invertible,
20: %defined e.g. in \cite{Knuth:1997:SA,Erdos:1991:CF,Bach:1996:ANTEA}:
21: %
22: %\begin{definition}
23: %$\lambda(m)$ is the maximal order of an invertible element in the
24: %multiplicative group ($\pF{p}^*$, $\times$).
25: %\end{definition}
26: %
27: Of course, $\lambda$ and $\varphi$ coincide for $2$, $4$, $p^k$ and
28: $2p^k$, for $p$ and odd prime. Then $\lambda(2^e)=2^{e-2}$ for $e\geq
29: 3$. Now, for the other cases, since
30: $\varphi \left( \prod p_i^{k_i} \right) = \prod (p_i-1)p_i^{k_i-1}$
31: for distinct primes $p_i$, we obtain this similar formula for
32: $\lambda$:
33: $\lambda \left( \prod p_i^{k_i} \right) = lcm \lbrace \lambda (p_i^{k_i}) \rbrace$.
34: Eventually, we also obtain this corollary of Euler's theorem:
35: \begin{corollary}
36: Every invertible $a$ within
37: $\pF{p}^*$ satisfies $a^{\lambda(n)} \equiv 1 [n]$.
38: \end{corollary}
39: \begin{proof}
40: $n=\prod p_i^{e_i}$ for distinct primes $p_i$.
41: Then $\varphi(p_i^{e_i})$ divides $\lambda(n)$. This, together with
42: Euler's theorem shows that $a^{\lambda(n)} \equiv 1 [p_i^{e_i}]$.
43: The Chinese theorem thus implies that the latter is also true modulo the
44: product of the $p_i^{e_i}$.
45: \end{proof}
46: %
47: This corollary shows that the order of any invertible must divide
48: $\lambda(n)$. For $n$ prime, the number of invertibles having
49: order $d | n-1$ is exactly $\varphi(d)$ so that
50: $\sum_{d|k} \varphi(d) = k$ for $k | n-1$. We have the following
51: analogue for $n$ a composite number:
52: \begin{proposition}
53: The number of invertibles having
54: order $d | \lambda(n)$ is
55: $\sum_{S_d} \prod_{j=1}^{\omega} \varphi(d_j)$
56: for $n= p_1^{e_1} \ldots p_{\omega}^{e_{\omega}}$
57: and $S_d = \lbrace (d_1,\ldots,d_\omega)$ s.t.
58: $d_j|\varphi(p_j^{e_j})$ and $lcm \lbrace d_j \rbrace = d \rbrace$.
59: \end{proposition}
60: \begin{proof}By the Chinese theorem, an element has order $d$ if and
61: only if the lcm of its orders modulo the $p_j^{e_j}$ is $d$. Then
62: there are exactly $\varphi(d_j)$ elements of order $d_j$ modulo
63: $p_j^{e_j}$.
64: \end{proof}
65:
66: Let us have a look of this behavior on an example:
67: let $n=45$ so that $\varphi(45) = 6 \times 4 = 24$ and
68: $\lambda(45) = 12$. We thus know that any order modulo $9$ divides
69: $\varphi(9) = 6$ and that any order modulo $5$ divides
70: $\varphi(5) = 4$. This gives the different orders of the $24$
71: invertibles shown on table \ref{tab:45}.
72: \begin{table}[ht]
73: \begin{center}\begin{small}\begin{tabular}{|lccr|}
74: \hline
75: \multicolumn{3}{|c}{order} & \# of elements of that\\
76: modulo 45 & modulo 9 & modulo 5 & order modulo 45\\
77: \hline
78: 1 & 1 & 1 & \bf{1}\\
79: \hline
80: & 1 & 2 & 1\\
81: & 2 & 1 & 1\\
82: & 2 & 2 & 1\\
83: & \multicolumn{3}{r|}{\rule{60mm}{0.1pt}}\\
84: 2 & & & \bf{3}\\
85: \hline
86: 3
87: & 3 & 1 & $\varphi(3) \times \varphi(1) = $ \bf{2}\\
88: \hline
89: & 1 & 4 & $ \varphi(1) \times \varphi(4) = 2$\\
90: & 2 & 4 & $\varphi(2) \times \varphi(4) = 2$\\
91: & \multicolumn{3}{r|}{\rule{60mm}{0.1pt}}\\
92: 4 & & & \bf{4}\\
93: \hline
94: & 6 & 1 & $\varphi(6) \times \varphi(1) = 2$\\
95: & 3 & 2 & $\varphi(3) \times \varphi(2) = 2$\\
96: & 6 & 2 & $\varphi(6) \times \varphi(2) = 2$\\
97: & \multicolumn{3}{r|}{\rule{60mm}{0.1pt}}\\
98: 6 & & & \bf{6}\\
99: \hline
100: & 3 & 4 & $\varphi(3) \times \varphi(4) = 4$\\
101: & 6 & 4 & $\varphi(6) \times \varphi(4) = 4$\\
102: & \multicolumn{3}{r|}{\rule{60mm}{0.1pt}}\\
103: 12 & & & \bf{8}\\
104: \hline
105: \end{tabular}\end{small}
106: \caption{Elements of a given order modulo 45}\label{tab:45}
107: \end{center}
108: \end{table}%\vspace{-5ex}
109: %
110: It would be highly desirable to have tight bounds on those number of
111: elements of a given order. Moreover, these bounds should be easily computable
112: (e.g. not requiring some factorization !).
113: In \cite{Cameron:2003:lambdaroots,Muller:2004:lambdaroots}, the following is proposed:
114: \begin{proposition}\label{cj:lambda}\cite[Corollary 6.8]{Cameron:2003:lambdaroots}
115: For $n$ odd, the number of elements of order $\lambda(n)$ (primitive
116: $\lambda-$roots) is larger than
117: $\varphi(\varphi(n))$.
118: \end{proposition}
119: %The bound is tight: $\varphi(\varphi(15))=4$
120: %and only $2$, $7$, $8$ and $13$ have order $\lambda(15)=4$.
121: %On the other hand,
122: %for example, $\varphi(\varphi(21))=4$ but more than $4$ elements ($2$,
123: %$5$, $10$, $11$, $17$ and $19$) are of order $\lambda(21)=6$.
124: %
125: Now, this last result shows that actually quite a lot of elements are of
126: maximal order modulo $n$. Using this fact, a modification of algorithm
127: $1$ can then produce with high probability an element of maximal order
128: even though $n$ is composite.
129: %
130: %
131: %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
132: %%% Local Variables:
133: %%% mode: latex
134: %%% TeX-master: "polypr"
135: %%% End:
136: