{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

To test n for primality we set an “error

Info iconThis preview shows pages 71–72. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: To test n for primality, we set an “error parameter” t , and choose random elements α 1 ,...,α t ∈ Z + n . If α i ∈ L n for all 1 ≤ i ≤ t , then we output “prime”; otherwise, we output “composite.” It is easy to see that if n is prime, this algorithm always outputs “prime,” and if n is composite this algorithm outputs “composite” with probability at least 1- 2 t . If t is chosen large enough, say t = 100, then the probability that the output is wrong is so small that for all practical purposes, it is “just as good as zero.” We now make a first attempt at defining a suitable set L n . Let us define L n = { α ∈ Z + n : α n- 1 = 1 } . Note that L n ⊂ Z * n , since if α n- 1 = 1, then α has a multiplicative inverse, namely, α n- 2 . Using a repeated-squaring algorithm, we can test if α ∈ L n in time O (lg( n ) 3 ). Theorem 11.1 If n is prime, then L n = Z * n . If n is composite and L n ( Z * n , | L n | ≤ ( n- 1) / 2 . Proof. Note that L n is the kernel of the ( n- 1)-power map on Z * n , and hence is a subgroup of Z * n . If n is prime, then we know that Z * n is a group of order n- 1. Hence, α n- 1 = 1 for all α ∈ Z * n . That is, L n = Z * n . Suppose that n is composite and L n ( Z * n . Since the order of a subgroup divides the order of the group, we have | Z * n | = m | L n | for some integer m > 1. From this, we conclude that | L n | = 1 m | Z * n | ≤ 1 2 | Z * n | ≤ n- 1 2 . 2 Unfortunately, there are odd composite numbers n such that L n = Z * n . The smallest such number is 561 = 3 · 11 · 17 . Such numbers are called Carmichael numbers . They are extremely rare, but it is known that there are infinitely many of them, so we can not ignore them. The following theorem characterizes Carmichael numbers. Theorem 11.2 A positive odd integer n is a Carmichael number if and only if it is square-free of the form n = p 1 ··· p r , where ( p i- 1) | ( n- 1) for 1 ≤ i ≤ r . Proof. Suppose n = p e 1 1 ··· p e r r . By the Chinese Remainder Theorem, we have an isomorphism of Z * n with the group Z * p e 1 1 × ··· × Z * p e k k , and we know that each group Z * p e i i is cyclic of order p e i- 1 i ( p i- 1). Thus, the ( n- 1)-power map annihilates the group Z * n if and only if it annihilates each of the groups Z * p e i i , which occurs if and only if p e i- 1 i ( p i- 1) | ( n- 1). Now, on the one hand, n ≡ 0 (mod p i ). On the other hand, if e i > 1, we would have n ≡ 1 (mod p i ), which is clearly impossible. Thus, we must have e i = 1. 2 To obtain a good primality test, we need to define a different set L n , which we do as follows. Let n- 1 = 2 h m , where m is odd (and h ≥ 1 since n is assumed odd). Then α ∈ L n if and only if α m = 1 or α m 2 i = [- 1 mod n ] for some 0 ≤ i < h ....
View Full Document

{[ snackBarMessage ]}

Page71 / 74

To test n for primality we set an “error parameter” t...

This preview shows document pages 71 - 72. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online