This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: The MillerRabin algorithm uses this set L n , in place of the set L n defined above. Note that L n is a subset of L n : if α m = 1, then certainly α n 1 = ( α m ) 2 h = 1, and if α m 2 i = [ 1 mod n ] for some 0 ≤ i < h , then α n 1 = ( α m 2 i ) 2 h i = 1. As a first step in analyzing the MillerRabin algorithm, we prove the following: 66 Theorem 11.3 Let n be a Carmichael number, and suppose n = p 1 ··· p r . Let n 1 = 2 h m , where m is odd, and for 1 ≤ i ≤ r , let p i 1 = 2 h i m i , where m i is odd. Let h = max { h i } , and define P n := { u ∈ Z * n : u m 2 h 1 = [ ± 1 mod n ] } . Then we have: (i) h ≤ h ; (ii) for all u ∈ Z * n , u m 2 h = 1 ; (iii) P n is a subgroup of Z * n , and P n ( Z * n . Proof. As n is Carmichael, each p i 1 divides n 1. It follows that h ≤ h . That proves (i). It also follows that m i  m for each i . Again, by the Chinese Remainder Theorem, we have an isomorphism of Z * n with the group Z * p 1 × ··· × Z * p r , where each Z * p i is cyclic of order p i 1. Since each p i 1 divides m 2 h , it follows that each Z * p i is annihilated by the ( m 2 h )power map. It follows from the Chinese Remainder Theorem that Z * n is also annihilated by the ( m 2 h )power map. That proves (ii). To prove (iii), first note that P n is the preimage of the subgroup { [ ± 1 mod n ] } under the ( m 2 h 1 )power map, and hence is itself a subgroup of Z * n . Now, h = h i for some i , and without loss of generality, assume i = 1. Let α = [ a mod p 1 ] ∈ Z * p 1 be a generator for Z * p 1 . Since α has order m 1 2 h , it follows that α m 1 2 h 1 has order 2, which means that α m 1 2 h 1 = [ 1 mod p 1 ]. Since m 1  m and m is odd, it follows that α m 2 h 1 = [ 1 mod p 1 ]. By the Chinese Remainder Theorem, there exists an integer b such that b ≡ a (mod p 1 ) and b ≡ 1 (mod p j ) for j 6 = 1. We claim that b m 2 h 1 6≡ ± 1 (mod n ). Indeed, if b m 2 h 1 ≡ 1 (mod n ), then we would have b m 2 h 1 ≡ 1 (mod p 1 ), which is not the case, and if b m 2 h 1 ≡  1 (mod n ), then we would have b m 2 h 1 ≡  1 (mod p 2 ), which is also not the case. That proves P n ( Z * n . 2 From the above theorem, we can easily derive the following result: Theorem 11.4 If n is prime, then L n = Z * n . If n is composite, then  L n  ≤ ( n 1) / 2 . Proof. Let n 1 = m 2 h , where m is odd. For α ∈ Z * n , let define the sequence of group elements s i ( α ) := α m 2 i for 0 ≤ i ≤ h . We can characterize the set L n as follows: it consists of all α ∈ Z * n such that s h ( α ) = [1 mod n ], and for 1 ≤ i ≤ h , s i ( α ) = [1 mod n ] implies s i 1 ( α ) = [ ± 1 mod n ]. First, suppose n is prime. By Fermat’s little theorem, for α ∈ Z * n , we know that s h ( α ) = [1 mod n ]. Moreover, if s i ( α ) = [1 mod n ] for 1 ≤ i ≤ h , then as s i 1 ( α ) 2 = [1 mod n ], and the only square roots of [1 mod n ] are [ ± 1 mod n ], we have s i 1 ( α ) = [ ± 1 mod...
View
Full Document
 Spring '13
 MRR
 Math, Algebra, Number Theory

Click to edit the document details