{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

The miller-rabin algorithm uses this set l n in place

Info iconThis preview shows pages 71–73. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: The Miller-Rabin algorithm uses this set L n , in place of the set L n defined above. Note that L n is a subset of L n : if α m = 1, then certainly α n- 1 = ( α m ) 2 h = 1, and if α m 2 i = [- 1 mod n ] for some 0 ≤ i < h , then α n- 1 = ( α m 2 i ) 2 h- i = 1. As a first step in analyzing the Miller-Rabin algorithm, we prove the following: 66 Theorem 11.3 Let n be a Carmichael number, and suppose n = p 1 ··· p r . Let n- 1 = 2 h m , where m is odd, and for 1 ≤ i ≤ r , let p i- 1 = 2 h i m i , where m i is odd. Let h = max { h i } , and define P n := { u ∈ Z * n : u m 2 h- 1 = [ ± 1 mod n ] } . Then we have: (i) h ≤ h ; (ii) for all u ∈ Z * n , u m 2 h = 1 ; (iii) P n is a subgroup of Z * n , and P n ( Z * n . Proof. As n is Carmichael, each p i- 1 divides n- 1. It follows that h ≤ h . That proves (i). It also follows that m i | m for each i . Again, by the Chinese Remainder Theorem, we have an isomorphism of Z * n with the group Z * p 1 × ··· × Z * p r , where each Z * p i is cyclic of order p i- 1. Since each p i- 1 divides m 2 h , it follows that each Z * p i is annihilated by the ( m 2 h )-power map. It follows from the Chinese Remainder Theorem that Z * n is also annihilated by the ( m 2 h )-power map. That proves (ii). To prove (iii), first note that P n is the pre-image of the subgroup { [ ± 1 mod n ] } under the ( m 2 h- 1 )-power map, and hence is itself a subgroup of Z * n . Now, h = h i for some i , and without loss of generality, assume i = 1. Let α = [ a mod p 1 ] ∈ Z * p 1 be a generator for Z * p 1 . Since α has order m 1 2 h , it follows that α m 1 2 h- 1 has order 2, which means that α m 1 2 h- 1 = [- 1 mod p 1 ]. Since m 1 | m and m is odd, it follows that α m 2 h- 1 = [- 1 mod p 1 ]. By the Chinese Remainder Theorem, there exists an integer b such that b ≡ a (mod p 1 ) and b ≡ 1 (mod p j ) for j 6 = 1. We claim that b m 2 h- 1 6≡ ± 1 (mod n ). Indeed, if b m 2 h- 1 ≡ 1 (mod n ), then we would have b m 2 h- 1 ≡ 1 (mod p 1 ), which is not the case, and if b m 2 h- 1 ≡ - 1 (mod n ), then we would have b m 2 h- 1 ≡ - 1 (mod p 2 ), which is also not the case. That proves P n ( Z * n . 2 From the above theorem, we can easily derive the following result: Theorem 11.4 If n is prime, then L n = Z * n . If n is composite, then | L n | ≤ ( n- 1) / 2 . Proof. Let n- 1 = m 2 h , where m is odd. For α ∈ Z * n , let define the sequence of group elements s i ( α ) := α m 2 i for 0 ≤ i ≤ h . We can characterize the set L n as follows: it consists of all α ∈ Z * n such that s h ( α ) = [1 mod n ], and for 1 ≤ i ≤ h , s i ( α ) = [1 mod n ] implies s i- 1 ( α ) = [ ± 1 mod n ]. First, suppose n is prime. By Fermat’s little theorem, for α ∈ Z * n , we know that s h ( α ) = [1 mod n ]. Moreover, if s i ( α ) = [1 mod n ] for 1 ≤ i ≤ h , then as s i- 1 ( α ) 2 = [1 mod n ], and the only square roots of [1 mod n ] are [ ± 1 mod n ], we have s i- 1 ( α ) = [ ± 1 mod...
View Full Document

{[ snackBarMessage ]}

Page71 / 74

The Miller-Rabin algorithm uses this set L n in place of...

This preview shows document pages 71 - 73. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online