This preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: To test n for primality, we set an “error parameter” t , and choose random elements α 1 ,...,α t ∈ Z + n . If α i ∈ L n for all 1 ≤ i ≤ t , then we output “prime”; otherwise, we output “composite.” It is easy to see that if n is prime, this algorithm always outputs “prime,” and if n is composite this algorithm outputs “composite” with probability at least 1 2 t . If t is chosen large enough, say t = 100, then the probability that the output is wrong is so small that for all practical purposes, it is “just as good as zero.” We now make a first attempt at defining a suitable set L n . Let us define L n = { α ∈ Z + n : α n 1 = 1 } . Note that L n ⊂ Z * n , since if α n 1 = 1, then α has a multiplicative inverse, namely, α n 2 . Using a repeatedsquaring algorithm, we can test if α ∈ L n in time O (lg( n ) 3 ). Theorem 11.1 If n is prime, then L n = Z * n . If n is composite and L n ( Z * n ,  L n  ≤ ( n 1) / 2 . Proof. Note that L n is the kernel of the ( n 1)power map on Z * n , and hence is a subgroup of Z * n . If n is prime, then we know that Z * n is a group of order n 1. Hence, α n 1 = 1 for all α ∈ Z * n . That is, L n = Z * n . Suppose that n is composite and L n ( Z * n . Since the order of a subgroup divides the order of the group, we have  Z * n  = m  L n  for some integer m > 1. From this, we conclude that  L n  = 1 m  Z * n  ≤ 1 2  Z * n  ≤ n 1 2 . 2 Unfortunately, there are odd composite numbers n such that L n = Z * n . The smallest such number is 561 = 3 · 11 · 17 . Such numbers are called Carmichael numbers . They are extremely rare, but it is known that there are infinitely many of them, so we can not ignore them. The following theorem characterizes Carmichael numbers. Theorem 11.2 A positive odd integer n is a Carmichael number if and only if it is squarefree of the form n = p 1 ··· p r , where ( p i 1)  ( n 1) for 1 ≤ i ≤ r . Proof. Suppose n = p e 1 1 ··· p e r r . By the Chinese Remainder Theorem, we have an isomorphism of Z * n with the group Z * p e 1 1 × ··· × Z * p e k k , and we know that each group Z * p e i i is cyclic of order p e i 1 i ( p i 1). Thus, the ( n 1)power map annihilates the group Z * n if and only if it annihilates each of the groups Z * p e i i , which occurs if and only if p e i 1 i ( p i 1)  ( n 1). Now, on the one hand, n ≡ 0 (mod p i ). On the other hand, if e i > 1, we would have n ≡ 1 (mod p i ), which is clearly impossible. Thus, we must have e i = 1. 2 To obtain a good primality test, we need to define a different set L n , which we do as follows. Let n 1 = 2 h m , where m is odd (and h ≥ 1 since n is assumed odd). Then α ∈ L n if and only if α m = 1 or α m 2 i = [ 1 mod n ] for some 0 ≤ i < h ....
View
Full Document
 Spring '13
 MRR
 Math, Algebra, Number Theory

Click to edit the document details