Wikipedia

Carmichael function: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Incorporate notion of primitive lambda-root into the introduction and numerical examples. Give more accurate title to subsection "Minimality". Slightly elaborate proof in subsection "Divisibility". Small wording changes and typo corrections,
Owen Reich (talk | contribs)
156 edits
Link suggestions feature: 3 links added.
 
(13 intermediate revisions by 10 users not shown)
Line 1:
{{Short description|Function in mathematical number theory}}
In [[File:carmichaelLambda.svg|thumb|upright=2|Carmichaelnumber {{mvartheory]], |a λ}}branch of [[mathematics]], the '''Carmichael function:''' {{math | ''λ''(''n'')}} forof a [[positive integer]] {{mathmvar | 1 ≤ ''n'' ≤ 1000}} (comparedis tothe Eulersmallest positive integer {{mvar | φm}} function)]]such that
In [[number theory]], a branch of [[mathematics]], the '''Carmichael function''' {{math | ''λ''(''n'')}} of a [[positive integer]] {{mvar | n}} is the smallest positive integer {{mvar | m}} such that
:<math>a^m \equiv 1 \pmod{n}</math>
holds for every integer {{mvar | a}} [[coprime]] to {{mvar | n}}. In algebraic terms, {{math | ''λ''(''n'')}} is the [[exponent of a group|exponent]] of the [[multiplicative group of integers modulo n|multiplicative group of integers modulo {{mvar | n}}]]. As this is a [[Abelian group#Finite abelian groups|finite abelian group]], there must exist an element whose [[Cyclic group#Definition and notation|order]] equals the exponent, {{math | ''λ''(''n'')}}. Such an element is called a '''primitive {{math | ''λ''}}-root modulo {{mvar | n}}'''.
 
[[File:carmichaelLambda.svg|thumb|upright=2|Carmichael {{mvar | λ}} function: {{math | ''λ''(''n'')}} for {{math | 1 ≤ ''n'' ≤ 1000}} (compared to Euler {{mvar | φ}} function)|none]]
 
The Carmichael function is named after the American mathematician [[Robert Daniel Carmichael|Robert Carmichael]] who defined it in 1910.<ref>
Line 9 ⟶ 10:
</ref> It is also known as '''Carmichael's λ function''', the '''reduced totient function''', and the '''least universal exponent function'''.
 
The order of the multiplicative group of integers modulo {{mvar | n}} is {{math | ''φ''(''n'')}}, where {{mvar | φ}} is [[Euler's totient function]]. Since the order of an element of a finite group divides the order of the group, {{math | ''λ''(''n'')}} divides {{math | ''φ''(''n'')}}. The following table compares the first 36 values of {{math | ''λ''(''n'')}} {{OEIS|id=A002322}} with [[Euler's totient function]]and {{mvarmath | ''φ''(''n'')}} (in '''bold''' if they are different; the values of{{mvar | n}}s such that they are different are listed in {{oeis|A033949}}).
 
{| class="wikitable" style="text-align: center;"
Line 59 ⟶ 60:
 
==Numerical examples==
# Carmichael's function at 5 is 4,* {{math | ''λn''(5) {{=}} 45}},. becauseThe forset anyof numbernumbers <math>0<a<5</math>less than and coprime to 5, i.e.is <{{math>a\in \| {1, 2, 3, 4\}~,</math>}}. thereHence isEuler's <math>a^mtotient \equivfunction 1has \,(\text{mod } 5)</math> with <math>m=4,</math> namely,value {{math | 1<sup>1⋅4</sup>''φ''(5) {{=}} 1<sup>4</sup> ≡ 1 (mod 5)}}, {{mathand |the 2<sup>4</sup>value {{=}}of 16Carmichael's ≡ 1 (mod 5)}}function, {{math | 3<sup>4</sup> {{=}} 81 ≡ 1 ''λ''(mod 5)}}, andmust {{mathbe |a 4<sup>2⋅2</sup>[[divisor]] {{=}}of 16<sup>2</sup> ≡ 1<sup>2</sup> (mod 5)}}4. The Anddivisor this1 {{mathdoes |not ''m'' {{=}} 4}} issatisfy the smallestdefinition exponentof withCarmichael's thisfunction property, becausesince <math>2a^2 =41 \not\equiv 1\pmod{5}</math> except for <math>a\,(equiv1\textpmod{mod } 5)}</math>. (andNeither does 2 since <math>2^2 \equiv 3^2 =\equiv 94 \not\equiv 1 \,(\textpmod{mod 5} 5)</math> as well.)<br />Moreover, Euler's [[totient function]] at 5 is 4,Hence {{math | ''φλ''(5) {{=}} 4}}. Indeed, because there are exactly <math>1^4 numbers less than and coprime to 5 (1,\equiv 2,^4\equiv 3, and^4\equiv 4). [[Euler's theorem]] assures that ^4\equiv1\pmod{{math | ''a''<sup>45}</supmath> ≡ 1 (mod 5)}} for all {{mvar | a}} coprime to 5, and 4 is the smallest such exponent. Both 2 and 3 are primitive {{mvar | λ}}-roots modulo 5 and also [[Primitive root modulo n|primitive roots]] modulo 5.
# Carmichael's function at 8 is 2,* {{math | ''λn''(8) {{=}} 28}},. becauseThe forset anyof numbernumbers {{mvarless |than a}}and coprime to 8, i.e.is <{{math>a\in \| {1, 3, 5, 7\}~,</math> it holds}}. thatHence {{math | ''aφ''<sup>2</sup> ≡ 1 (mod 8)}}. Namely, {{math | 1<sup>1⋅2</sup> {{=}} 1<sup>2</sup> ≡ 1 (mod 8)4}}, {{math | 3<sup>2</sup> {{=}} 9 ≡ 1 (mod 8)}},and {{math | 5<sup>2</sup> {{=}} 25 ≡ 1 ''λ''(mod 8)}} andmust {{mathbe |a 7<sup>2</sup>divisor {{=}}of 49 ≡ 1 (mod 8)}}4.<br />Euler'sIn [[totient function]] at 8 is 4,fact {{math | ''φλ''(8) {{=}} 42}}, becausesince there are exactly 4 numbers less than and coprime to 8 (<math>1,^2\equiv 3,^2\equiv 5, and^2\equiv 7). Moreover, [[Euler's theorem]] assures that ^2\equiv1\pmod{{math | ''a''<sup>48}</supmath> ≡ 1 (mod 8)}} for all {{mvar | a}} coprime to 8, but 4 is not the smallest such exponent. The primitive {{mvar | λ}}-roots modulo 8 are 3, 5, and 7. There are no primitive roots modulo 8.
 
== EvaluationRecurrence offor {{math | ''λ''(''n'')}} ==
The Carmichael lambda function of a [[prime power]] can be expressed in terms of the Euler totient. Any number that is not 1 or a prime power can be written uniquely as the product of distinct prime powers, in which case {{mvar | λ}} of the product is the [[least common multiple]] of the {{mvar | λ}} of the prime power factors. Specifically, {{math | ''λ''(''n'')}} is given by the recurrence
:<math>\lambda(n) = \begin{cases}
\varphi(n) & \text{if }n\text{ is 1, 2, 4, or an odd prime power,}\\
Line 73 ⟶ 74:
 
== Carmichael's theorems ==
{{anchor|Carmichael's theorem}}
Carmichael proved two theorems that, together, establish that if {{math | ''λ''(''n'')}} is considered as defined by the recurrence of the previous section, then it satisfies the property stated in the introduction, namely that it is the smallest positive integer {{mvar | m}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
{{Math theorem |name=Theorem 1|math_statement=If {{mvar | a}} is relatively prime to {{mvar | n}} then <math>a^{\lambda(n)}\equiv 1\pmod{n}</math>.<ref>CarmichaaelCarmichael (1914) p.40</ref>}}
This implies that the order of every element of the multiplicative group of integers modulo {{mvar | n}} divides {{math | ''λ''(''n'')}}. Carmichael calls an element {{mvar | a}} for which <math>a^{\lambda(n)}</math> is the least power of {{mvar | a}} congruent to 1 (mod {{mvar | n}}) a ''primitive λ-root modulo n''.<ref>Carmichael (1914) p.54</ref> (This is not to be confused with a [[primitive root modulo n|primitive root modulo {{mvar | n}}]], which Carmichael sometimes refers to as a primitive <math>\varphi</math>-root modulo {{mvar | n}}.)
{{Math theorem |name=Theorem 2|math_statement=For every positive integer {{mvar | n}} there exists a primitive {{mvar | λ}}-root modulo {{mvar | n}}. Moreover, if {{mvar | g}} is such a root, then there are <math>\varphi(\lambda(n))</math> primitive {{mvar | λ}}-roots that are congruent to powers of {{mvar | g}}.<ref>Carmichael (1914) p.55</ref>}}
If {{mvar | g}} is one of the primitive {{mvar | λ}}-roots guaranteed by the theorem, then <math>g^m\equiv1\pmod{n}</math> has no positive integer solutions {{mvar | m}} less than {{math | ''λ''(''n'')}}, showing that there is no positive {{math | ''m'' < ''λ''(''n'')}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
 
The second statement of Theorem 2 does not imply that all primitive {{mvar | λ}}-roots modulo {{mvar | n}} are congruent to powers of a single root {{mvar | g}}.<ref>Carmichael (1914) p.56</ref> For example, if {{math | ''n'' {{=}} 15}}, then {{math | ''λ''(''n'') {{=}} 4}} while <math>\varphi(n)=8</math> and <math>\varphi(\lambda(n))=2</math>. There are four primitive {{mvar | λ}}-roots modulo 15, namely 2, 7, 8, and 13 as <math>1\equiv2^4\equiv8^4\equiv7^4\equiv13^4</math>. The roots 2 and 8 are congruent to powers of each other and the roots 7 and 13 are congruent t to powers of each other, but neither 7 nor 13 is congruent to a power of 2 or 8 and vice versa. The other four elements of the multiplicative group modulo 15, namely 1, 4 (which satisfies <math>4\equiv2^2\equiv8^2\equiv7^2\equiv13^2</math>), 11, and 14, are not primitive {{mvar | λ}}-roots modulo 15.
 
For a contrasting example, if {{math | ''n'' {{=}} 9}}, then <math>\lambda(n)=\varphi(n)=6</math> and <math>\varphi(\lambda(n))=2</math>. There are two primitive {{mvar | λ}}-roots modulo 9, namely 2 and 5, each of which is congruent to the fifth power of the other. They are also both primitive <math>\varphi</math>-roots modulo 9.
Line 136 ⟶ 138:
 
:<math>a \equiv a^{\lambda(n)+1} \pmod n.</math>
 
===Extension for powers of two===
For {{mvar | a}} coprime to (powers of) 2 we have {{math | ''a'' {{=}} 1 + 2''h''}} for some {{mvar | h}}. Then,
:<math>a^2 = 1+4h(h+1) = 1+8C</math>
where we take advantage of the fact that {{math | ''C'' :{{=}} {{sfrac|(''h'' + 1)''h''|2}}}} is an integer.
So, for {{math | 1=''k'' = 3}}, {{mvar | h}} an integer:
 
:<math>\begin{align}
a^{2^{k-2}}&=1+2^k h \\
a^{2^{k-1}}&=\left(1+2^k h\right)^2=1+2^{k+1}\left(h+2^{k-1}h^2\right)
\end{align}</math>
 
By induction, when {{math | ''k'' ≥ 3}}, we have
:<math>a^{2^{k-2}}\equiv 1\pmod{2^k}.</math>
 
It provides that {{math | ''λ''(2<sup>''k''</sup>)}} is at most {{math | 2<sup>''k'' − 2</sup>}}.<ref>Carmichael (1914) pp.38–39</ref>
 
===Average value===
Line 259 ⟶ 242:
 
The Carmichael function is important in [[cryptography]] due to its use in the [[RSA (cryptosystem)|RSA encryption algorithm]].
 
==Proof of Theorem 1==
For {{math | ''n'' {{=}} ''p''}}, a prime, Theorem 1 is equivalent to [[Fermat's little theorem]]:
:<math>a^{p-1}\equiv1\pmod{p}\qquad\text{for all }a\text{ coprime to }p.</math>
For prime powers {{math | ''p''<sup>''r''</sup>}}, {{math | ''r'' > 1}}, if
:<math>a^2 = {p^{r-1+4h}(h+p-1) }= 1+8Chp^r</math>
holds for some integer {{mvar | h}}, then raising both sides to the power {{mvar | p}} gives
:<math>a^{p^r(p-1)}=1+h'p^{r+1}</math>
for some other integer <math>h'</math>. By induction it follows that <math>a^{\varphi(p^r)}\equiv1\pmod{p^r}</math> for all {{mvar | a}} relatively prime to {{mvar | p}} and hence to {{math | ''p''<sup>''r''</sup>}}. This establishes the theorem for {{math | ''n'' {{=}} 4}} or any odd prime power.
 
===ExtensionSharpening the result for higher powers of two===
For {{mvar | a}} coprime to (powers of) 2 we have {{math | ''a'' {{=}} 1 + 2''h''<sub>2</sub>}} for some integer {{mvarmath | ''h''<sub>2</sub>}}. Then,
:<math>a^2 = 1+4h_2(h_2+1) = 1+8\binom{h_2+1}{2}=:1+8h_3</math>,
where <math>h_3</math> is an integer. With {{math | 1=''r'' = 3}}, this is written
:<math>a^{2^{kr-2}}\equiv = 1\pmod{+2^k}r h_r.</math>
Squaring both sides gives
:<math>a^{2^{kr-1}}&=\left(1+2^kr hh_r\right)^2=1+2^{kr+1}\left(hh_r+2^{kr-1}hh_r^2\right)=:1+2^{r+1}h_{r+1},</math>
where <math>h_{r+1}</math> is an integer. It follows by induction that
:<math>a^{2^{r-2}}=a^{\frac{1}{2}\varphi(2^r)}\equiv 1\pmod{2^r}</math>
for all <math>r\ge3</math> and all {{mvar | a}} coprime to <math>2^r</math>.<ref>Carmichael (1914) pp.38–39</ref>
 
===Integers with multiple prime factors===
By the [[unique factorization theorem]], any {{math | ''n'' > 1}} can be written in a unique way as
:<math> n= p_1^{r_1}p_2^{r_2} \cdots p_{k}^{r_k} </math>
where {{math | ''p''<sub>1</sub> < ''p''<sub>2</sub> < ... < ''p<sub>k</sub>''}} are primes and {{math | ''r''<sub>1</sub>, ''r''<sub>2</sub>, ..., ''r<sub>k</sub>''}} are positive integers. The results for prime powers establish that, for <math>1\le j\le k</math>,
:<math>a^{\lambda\left(p_j^{r_j}\right)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n\text{ and hence to }p_i^{r_i}.</math>
From this it follows that
:<math>a^{\lambda(n)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n,</math>
where, as given by the recurrence,
:<math>\lambda(n) = \operatorname{lcm}\Bigl(\lambda\left(p_1^{r_1}\right),\lambda\left(p_2^{r_2}\right),\ldots,\lambda\left(p_k^{r_k}\right)\Bigr).</math>
From the [[Chinese remainder theorem]] one concludes that
:<math>a^{\lambda(n)}\equiv1 \pmod{n}\qquad\text{for all }a\text{ coprime to }n.</math>
 
==See also==
Retrieved from "https://en.wikipedia.org/wiki/Carmichael_function"