Wikipedia

Carmichael function: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Compress and consolidate the material on computing lambda to try to make it more accessible. Then expand on what Carmichael proved about these expressions, mentioning his notion of primitive lambda-roots. Remove some now-redundant sections.
Owen Reich (talk | contribs)
156 edits
Link suggestions feature: 3 links added.
 
(14 intermediate revisions by 10 users not shown)
Line 1:
{{Short description|Function in mathematical number theory}}
In [[File:carmichaelLambda.svg|thumb|upright=2|Carmichaelnumber {{mvartheory]], |a λ}}branch of [[mathematics]], the '''Carmichael function:''' {{math | ''λ''(''n'')}} forof a [[positive integer]] {{mathmvar | 1 ≤ ''n'' ≤ 1000}} (comparedis tothe Eulersmallest positive integer {{mvar | φm}} function)]]such that
In [[number theory]], a branch of [[mathematics]], the '''Carmichael function''' {{math | ''λ''(''n'')}} of a [[positive integer]] {{mvar | n}} is the smallest positive integer {{mvar | m}} such that
:<math>a^m \equiv 1 \pmod{n}</math>
holds for every integer {{mvar | a}} [[coprime]] to {{mvar | n}}. In algebraic terms, {{math | ''λ''(''n'')}} is the [[exponent of a group|exponent]] of the [[multiplicative group of integers modulo n|multiplicative group of integers modulo {{mvar | n}}]]. As this is a [[Abelian group#Finite abelian groups|finite abelian group]], there must exist an element whose [[Cyclic group#Definition and notation|order]] equals the exponent, {{math | ''λ''(''n'')}}. Such an element is called a '''primitive {{math | ''λ''}}-root modulo {{mvar | n}}'''.
 
[[File:carmichaelLambda.svg|thumb|upright=2|Carmichael {{mvar | λ}} function: {{math | ''λ''(''n'')}} for {{math | 1 ≤ ''n'' ≤ 1000}} (compared to Euler {{mvar | φ}} function)|none]]
 
The Carmichael function is named after the American mathematician [[Robert Daniel Carmichael|Robert Carmichael]] who defined it in 1910.<ref>
Line 9 ⟶ 10:
</ref> It is also known as '''Carmichael's λ function''', the '''reduced totient function''', and the '''least universal exponent function'''.
 
The order of the multiplicative group of integers modulo {{mvar | n}} is {{math | ''φ''(''n'')}}, where {{mvar | φ}} is [[Euler's totient function]]. Since the order of an element of a finite group divides the order of the group, {{math | ''λ''(''n'')}} divides {{math | ''φ''(''n'')}}. The following table compares the first 36 values of {{math | ''λ''(''n'')}} {{OEIS|id=A002322}} with [[Euler's totient function]]and {{mvarmath | ''φ''(''n'')}} (in '''bold''' if they are different; the values of{{mvar | n}}s such that they are different are listed in {{oeis|A033949}}).
 
{| class="wikitable" style="text-align: center;"
Line 59 ⟶ 60:
 
==Numerical examples==
# Carmichael's function at 5 is 4,* {{math | ''λn''(5) {{=}} 45}},. becauseThe forset anyof numbernumbers <math>0<a<5</math>less than and coprime to 5, i.e.is <{{math>a\in \| {1, 2, 3, 4\}~,</math>}}. thereHence isEuler's <math>a^mtotient \equivfunction 1has \,(\text{mod } 5)</math> with <math>m=4,</math> namely,value {{math | 1<sup>1⋅4</sup>''φ''(5) {{=}} 1<sup>4</sup> ≡ 1 (mod 5)}}, {{mathand |the 2<sup>4</sup>value {{=}}of 16Carmichael's ≡ 1 (mod 5)}}function, {{math | 3<sup>4</sup> {{=}} 81 ≡ 1 ''λ''(mod 5)}}, andmust {{mathbe |a 4<sup>2⋅2</sup>[[divisor]] {{=}}of 16<sup>2</sup> ≡ 1<sup>2</sup> (mod 5)}}4. The Anddivisor this1 {{mathdoes |not ''m'' {{=}} 4}} issatisfy the smallestdefinition exponentof withCarmichael's this property,function becausesince <math>2a^2 =41 \not\equiv 1 \,(\textpmod{mod 5}</math> except for <math>a\equiv1\pmod{5)}</math>. (andNeither does 2 since <math>2^2 \equiv 3^2 =\equiv 94 \not\equiv 1 \,(\textpmod{mod 5} 5)</math> as well.)<br />Moreover, Euler's [[totient function]] at 5 is 4,Hence {{math | ''φλ''(5) {{=}} 4}}. Indeed, because there are exactly <math>1^4 numbers less than and coprime to 5 (1,\equiv 2,^4\equiv 3, and^4\equiv 4). [[Euler's theorem]] assures that ^4\equiv1\pmod{{math | ''a''<sup>45}</supmath>. Both 12 (modand 5)}}3 forare allprimitive {{mvar | aλ}}-roots coprime tomodulo 5, and 4also is[[Primitive theroot smallestmodulo suchn|primitive exponentroots]] modulo 5.
# Carmichael's function at 8 is 2,* {{math | ''λn''(8) {{=}} 28}},. becauseThe forset anyof numbernumbers {{mvarless |than a}}and coprime to 8, i.e.is <{{math>a\in \| {1, 3, 5, 7\}~,</math> it}}. holds thatHence {{math | ''aφ''<sup>2</sup> ≡ 1 (mod 8)}}. Namely, {{math | 1<sup>1⋅2</sup> {{=}} 1<sup>2</sup> ≡ 1 (mod 8)4}}, {{math | 3<sup>2</sup> {{=}} 9 ≡ 1 (mod 8)}},and {{math | 5<sup>2</sup> {{=}} 25 ≡ 1 ''λ''(mod 8)}} andmust {{mathbe |a 7<sup>2</sup>divisor {{=}}of 49 ≡ 1 (mod 8)}}4.<br />Euler'sIn [[totient function]] at 8 is 4,fact {{math | ''φλ''(8) {{=}} 42}}, becausesince there are exactly 4 numbers less than and coprime to 8 (<math>1,^2\equiv 3,^2\equiv 5, and^2\equiv 7). Moreover, [[Euler's theorem]] assures that ^2\equiv1\pmod{{math | ''a''<sup>48}</supmath>. The 1 (mod 8)}} for allprimitive {{mvar | aλ}}-roots coprime tomodulo 8 are 3, but5, 4and is7. notThere theare smallestno suchprimitive exponentroots modulo 8.
 
== EvaluationRecurrence offor {{math | ''λ''(''n'')}} ==
The Carmichael lambda function of a [[prime power]] can be expressed in terms of the Euler totient. Any number that is not 1 or a prime power can be written uniquely as the product of distinct prime powers, in which case {{mvar | λ}} of the product is the [[least common multiple]] of the {{mvar | λ}} of the prime power factors. Specifically, {{math | ''λ''(''n'')}} is given by the recurrence
:<math>\lambda(n) = \begin{cases}
\varphi(n) & \text{if }n\text{ is 1, 2, 4, or an odd prime power,}\\
\tfrac12\varphi(n) & \text{if }n=2^r,\ r\ge3,\\
\operatorname{lcm}\Bigl(\lambda(n_1),\lambda(n_2),\ldots,\lambda(n_k)\Bigr) & \text{if }n=n_1n_2\ldots n_k\text{ where }n_1,n_2,\ldots,n_k\text{ are powers of distinct primes.}
\end{cases}</math>
Line 73 ⟶ 74:
 
== Carmichael's theorems ==
{{anchor|Carmichael's theorem}}
Carmichael proved two theorems that, together, establish that if {{math | ''λ''(''n'')}} is considered as defined by the expressionsrecurrence inof the previous section, then it satisfies the property stated in the introduction, namely that it is the smallest positive integer {{mvar | m}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
{{Math theorem |name=Theorem 1|math_statement=If {{mvar | a}} is relatively prime to {{mvar | n}} then <math>a^{\lambda(n)}\equiv 1\pmod{n}</math>.<ref>CarmichaaelCarmichael (1914) p.40</ref>}}
This implies that the order of every element of the multiplicative group of integers modulo {{mvar | n}} divides {{math | ''λ''(''n'')}}. Carmichael calls an element {{mvar | a}} for which <math>a^{\lambda(n)}</math> is the least power of {{mvar | a}} congruent to 1 (mod {{mvar | n}}) a ''primitive λ-root modulo n''.<ref>Carmichael (1914) p.54</ref> (This is not to be confused with a [[primitive root modulo n|primitive root modulo {{mvar | n}}]], which Carmichael sometimes refers to as a primitive <math>\varphi</math>-root modulo {{mvar | n}}.)
{{Math theorem |name=Theorem 2|math_statement=For every positive integer {{mvar | n}} there exists a primitive {{mvar | λ}}-root modulo {{mvar | n}}. Moreover, if {{mvar | g}} is such a root, then there are <math>\varphi(\lambda(n))</math> primitive {{mvar | λ}}-roots that are congruent to powers of {{mvar | g}}.<ref>Carmichael (1914) p.55</ref>}}
If {{mvar | g}} is one of the primitive {{mvar | λ}}-roots guaranteed by the theorem, thethen <math>g^m\equiv1\pmod{n}</math> has no positive integer solutions {{mvar | m}} less than {{math | ''λ''(''n'')}}, showing that there is no positive {{math | ''m'' < ''λ''(''n'')}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
 
The second statement of Theorem 2 does not imply that all primitive {{mvar | λ}}-roots modulo {{mvar | n}} are congruent to powers of a single root {{mvar | g}}.<ref>Carmichael (1914) p.56</ref> For example, if {{math | ''n'' {{=}} 15}}, then {{math | ''λ''(''n'') {{=}} 4}} while <math>\varphi(n)=8</math> and <math>\varphi(\lambda(n))=2</math>. There are four primitive {{mvar | λ}}-roots modulo 15, namely 2, 7, 8, and 13 as <math>1\equiv2^4\equiv8^4\equiv7^4\equiv13^4</math>. The roots 2 and 8 are congruent to powers of each other and the roots 7 and 13 are congruent t to powers of each other, but neither 7 nor 13 is congruent to a power of 2 or 8 and vice versa. The other four elements of the multiplicative group modulo 15, namely 1, 4 (which satisfies <math>4\equiv2^2\equiv8^2\equiv7^2\equiv13^2</math>), 11, and 14, are not primitive {{mvar | λ}}-roots modulo 15.
 
For a contrasting example, if {{math | ''n'' {{=}} 9}}, then <math>\lambda(n)=\varphi(n)=6</math> and <math>\varphi(\lambda(n))=2</math>. There are two primitive {{mvar | λ}}-roots modulo 9, namely 2 and 5, each of which is congruent to the fifth power of the other. They are also both primitive <math>\varphi</math>-roots modulo 9.
Line 87 ⟶ 89:
:<math>m \mid n.</math>
 
===A consequence of minimality of {{math | ''λ''(''n'')}}===
===Minimality===
 
Suppose {{math | ''a<sup>m</sup>'' ≡ 1 (mod ''n'')}} for all numbers {{mvar | a}} coprime with {{mvar | n}}. Then {{math | ''λ''(''n'') {{!}} ''m''}}.
Line 93 ⟶ 95:
'''Proof:''' If {{math | ''m'' {{=}} ''kλ''(''n'') + ''r''}} with {{math | 0 ≤ ''r'' < ''λ''(''n'')}}, then
:<math>a^r = 1^k \cdot a^r \equiv \left(a^{\lambda(n)}\right)^k\cdot a^r = a^{k\lambda(n)+r} = a^m \equiv 1\pmod{n}</math>
for all numbers {{mvar | a}} coprime with {{mvar | n}}. It follows that {{math | 1=''r'' = 0}}, since {{math | ''r'' < ''λ''(''n'')}} and {{math | ''λ''(''n'')}} is the minimal positive suchexponent numberfor which the congruence holds for all {{mvar | a}} coprime with {{mvar | n}}.
 
=== {{math | ''λ''(''n'')}} divides {{math | ''φ''(''n'')}} ===
Line 106 ⟶ 108:
'''Proof.'''
 
By definition, for any integer <math>k</math> with <math>\gcd(k,b) = 1</math> (and thus also <math>\gcd(k,a) = 1</math>), we have that <math> b \,|\, (k^{\lambda(b)} - 1)</math> , and therefore <math> a \,|\, (k^{\lambda(b)} - 1)</math>. This establishes that <math>k^{\lambda(b)}\equiv1\pmod{a}</math> for all {{mvar | k}} relatively prime to {{mvar | a}}. By the consequence of minimality propertyproved above, we have <math> \lambda(a)\,|\,\lambda(b) </math>.
 
===Composition===
Line 112 ⟶ 114:
For all positive integers {{mvar | a}} and {{mvar | b}} it holds that
:<math>\lambda(\mathrm{lcm}(a,b)) = \mathrm{lcm}(\lambda(a), \lambda(b))</math>.
This is an immediate consequence of the recursiverecurrence definition offor the Carmichael function.
<!--
Proof goes as follows:
Line 136 ⟶ 138:
 
:<math>a \equiv a^{\lambda(n)+1} \pmod n.</math>
 
===Extension for powers of two===
For {{mvar | a}} coprime to (powers of) 2 we have {{math | ''a'' {{=}} 1 + 2''h''}} for some {{mvar | h}}. Then,
:<math>a^2 = 1+4h(h+1) = 1+8C</math>
where we take advantage of the fact that {{math | ''C'' :{{=}} {{sfrac|(''h'' + 1)''h''|2}}}} is an integer.
So, for {{math | 1=''k'' = 3}}, {{mvar | h}} an integer:
 
:<math>\begin{align}
a^{2^{k-2}}&=1+2^k h \\
a^{2^{k-1}}&=\left(1+2^k h\right)^2=1+2^{k+1}\left(h+2^{k-1}h^2\right)
\end{align}</math>
 
By induction, when {{math | ''k'' ≥ 3}}, we have
:<math>a^{2^{k-2}}\equiv 1\pmod{2^k}.</math>
 
It provides that {{math | ''λ''(2<sup>''k''</sup>)}} is at most {{math | 2<sup>''k'' − 2</sup>}}.<ref>Carmichael (1914) pp.38–39</ref>
 
===Average value===
Line 259 ⟶ 242:
 
The Carmichael function is important in [[cryptography]] due to its use in the [[RSA (cryptosystem)|RSA encryption algorithm]].
 
==Proof of Theorem 1==
For {{math | ''n'' {{=}} ''p''}}, a prime, Theorem 1 is equivalent to [[Fermat's little theorem]]:
:<math>a^{p-1}\equiv1\pmod{p}\qquad\text{for all }a\text{ coprime to }p.</math>
For prime powers {{math | ''p''<sup>''r''</sup>}}, {{math | ''r'' > 1}}, if
:<math>a^2 = {p^{r-1+4h}(h+p-1) }= 1+8Chp^r</math>
holds for some integer {{mvar | h}}, then raising both sides to the power {{mvar | p}} gives
:<math>a^{p^r(p-1)}=1+h'p^{r+1}</math>
for some other integer <math>h'</math>. By induction it follows that <math>a^{\varphi(p^r)}\equiv1\pmod{p^r}</math> for all {{mvar | a}} relatively prime to {{mvar | p}} and hence to {{math | ''p''<sup>''r''</sup>}}. This establishes the theorem for {{math | ''n'' {{=}} 4}} or any odd prime power.
 
===ExtensionSharpening the result for higher powers of two===
For {{mvar | a}} coprime to (powers of) 2 we have {{math | ''a'' {{=}} 1 + 2''h''<sub>2</sub>}} for some integer {{mvarmath | ''h''<sub>2</sub>}}. Then,
:<math>a^2 = 1+4h_2(h_2+1) = 1+8\binom{h_2+1}{2}=:1+8h_3</math>,
where <math>h_3</math> is an integer. With {{math | 1=''r'' = 3}}, this is written
:<math>a^{2^{kr-2}}\equiv = 1\pmod{+2^k}r h_r.</math>
Squaring both sides gives
:<math>a^{2^{kr-1}}&=\left(1+2^kr hh_r\right)^2=1+2^{kr+1}\left(hh_r+2^{kr-1}hh_r^2\right)=:1+2^{r+1}h_{r+1},</math>
where <math>h_{r+1}</math> is an integer. It follows by induction that
:<math>a^{2^{r-2}}=a^{\frac{1}{2}\varphi(2^r)}\equiv 1\pmod{2^r}</math>
for all <math>r\ge3</math> and all {{mvar | a}} coprime to <math>2^r</math>.<ref>Carmichael (1914) pp.38–39</ref>
 
===Integers with multiple prime factors===
By the [[unique factorization theorem]], any {{math | ''n'' > 1}} can be written in a unique way as
:<math> n= p_1^{r_1}p_2^{r_2} \cdots p_{k}^{r_k} </math>
where {{math | ''p''<sub>1</sub> < ''p''<sub>2</sub> < ... < ''p<sub>k</sub>''}} are primes and {{math | ''r''<sub>1</sub>, ''r''<sub>2</sub>, ..., ''r<sub>k</sub>''}} are positive integers. The results for prime powers establish that, for <math>1\le j\le k</math>,
:<math>a^{\lambda\left(p_j^{r_j}\right)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n\text{ and hence to }p_i^{r_i}.</math>
From this it follows that
:<math>a^{\lambda(n)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n,</math>
where, as given by the recurrence,
:<math>\lambda(n) = \operatorname{lcm}\Bigl(\lambda\left(p_1^{r_1}\right),\lambda\left(p_2^{r_2}\right),\ldots,\lambda\left(p_k^{r_k}\right)\Bigr).</math>
From the [[Chinese remainder theorem]] one concludes that
:<math>a^{\lambda(n)}\equiv1 \pmod{n}\qquad\text{for all }a\text{ coprime to }n.</math>
 
==See also==
Retrieved from "https://en.wikipedia.org/wiki/Carmichael_function"