Content deleted Content added
Owen Reich (talk | contribs) Link suggestions feature: 3 links added. |
|||
| (48 intermediate revisions by 28 users not shown) | |||
Line 1:
{{Short description|Function in mathematical number theory}}
In [[number theory]], a branch of [[mathematics]], the '''Carmichael function'''
:<math>a^m \equiv 1 \pmod{n}</math>
holds for every integer {{mvar | a}}
[[File:carmichaelLambda.svg|thumb|upright=2|Carmichael {{mvar | λ}} function: {{math | ''λ''(''n'')}} for {{math | 1 ≤ ''n'' ≤ 1000}} (compared to Euler {{mvar | φ}} function)|none]]
The Carmichael function is named after the American mathematician [[Robert Daniel Carmichael|Robert Carmichael]] who defined it in 1910.<ref>
{{cite journal |first1=Robert Daniel |last1=Carmichael |year=1910 |title=Note on a new number theory function |journal=Bulletin of the American Mathematical Society |volume=16 |number=5 |pages=232–238 |doi=10.1090/S0002-9904-1910-01892-9|doi-access=free }}
</ref> It is also known as '''Carmichael's λ function''', the '''reduced totient function''', and the '''least universal exponent function'''.
The order of the multiplicative group of integers modulo {{mvar | n}} is {{math | ''φ''(''n'')}}, where {{mvar | φ}} is [[Euler's totient function]]. Since the order of an element of a finite group divides the order of the group, {{math | ''λ''(''n'')}} divides {{math | ''φ''(''n'')}}. The following table compares the first 36 values of {{math | ''λ''(''n'')}} {{OEIS|id=A002322}} and {{math | ''φ''(''n'')}} (in '''bold''' if they are different; the values of{{mvar | n}} such that they are different are listed in {{oeis|A033949}}).
{| class="wikitable" style="text-align: center;"
|-
! scope="col" | {{mvar | n}}
! scope="col" | 1
! scope="col" | 2
Line 48 ⟶ 52:
! scope="col" | 36
|-
! scope="row" | {{math | ''λ''(''n'')}}
| 1 || 1 || 2 || 2 || 4 || 2 || 6 || '''2''' || 6 || 4 || 10 || '''2''' || 12 || 6 || '''4''' || '''4''' || 16 || 6 || 18 || '''4''' || '''6''' || 10 || 22 || '''2''' || 20 || 12 || 18 || '''6''' || 28 || '''4''' || 30 || '''8''' || '''10''' || 16 || '''12''' || '''6'''
|-
! scope="row" | {{math | ''φ''(''n'')}}
| 1 || 1 || 2 || 2 || 4 || 2 || 6 || '''4''' || 6 || 4 || 10 || '''4''' || 12 || 6 || '''8''' || '''8''' || 16 || 6 || 18 || '''8''' || '''12''' || 10 || 22 || '''8''' || 20 || 12 || 18 || '''12''' || 28 || '''8''' || 30 || '''16''' || '''20''' || 16 || '''24''' || '''12'''
|}
==Numerical
* {{math | ''n'' {{=}} 5}}. The set of numbers less than and coprime to 5 is {{math | {1,2,3,4}}}. Hence Euler's totient function has value {{math | ''φ''(5) {{=}} 4}} and the value of Carmichael's function, {{math | ''λ''(5)}}, must be a [[divisor]] of 4. The divisor 1 does not satisfy the definition of Carmichael's function since <math>a^1 \not\equiv 1\pmod{5}</math> except for <math>a\equiv1\pmod{5}</math>. Neither does 2 since <math>2^2 \equiv 3^2 \equiv 4 \not\equiv 1\pmod{5}</math>. Hence {{math | ''λ''(5) {{=}} 4}}. Indeed, <math>1^4\equiv 2^4\equiv 3^4\equiv 4^4\equiv1\pmod{5}</math>. Both 2 and 3 are primitive {{mvar | λ}}-roots modulo 5 and also [[Primitive root modulo n|primitive roots]] modulo 5.
* {{math | ''n'' {{=}} 8}}. The set of numbers less than and coprime to 8 is {{math | {1,3,5,7} }}. Hence {{math | ''φ''(8) {{=}} 4}} and {{math | ''λ''(8)}} must be a divisor of 4. In fact {{math | ''λ''(8) {{=}} 2}} since <math>1^2\equiv 3^2\equiv 5^2\equiv 7^2\equiv1\pmod{8}</math>. The primitive {{mvar | λ}}-roots modulo 8 are 3, 5, and 7. There are no primitive roots modulo 8.
==
The Carmichael lambda function of a [[prime power]] can be expressed in terms of the Euler totient. Any number that is not 1 or a prime power can be written uniquely as the product of distinct prime powers, in which case {{mvar | λ}} of the product is the [[least common multiple]] of the {{mvar | λ}} of the prime power factors. Specifically, {{math | ''λ''(''n'')}} is given by the recurrence
:<math>\lambda(n) = \begin{cases}
\varphi(n) & \text{if }n\text{ is 1, 2, 4, or an odd prime power,}\\
\tfrac12\varphi(n) & \text{if }n=2^r,\ r\ge3,\\
\operatorname{lcm}\Bigl(\lambda(n_1),\lambda(n_2),\ldots,\lambda(n_k)\Bigr) & \text{if }n=n_1n_2\ldots n_k\text{ where }n_1,n_2,\ldots,n_k\text{ are powers of distinct primes.}
\end{cases}</math>
Euler's totient for a prime power, that is, a number {{math | ''p''<sup>''r''</sup>}} with {{math | ''p''}} prime and {{math | ''r'' ≥ 1}}, is given by
:<math>\varphi(p^r) {{=}} p^{r-1}(p-1).</math>
== Carmichael's theorems ==
{{anchor|Carmichael's theorem}}
Carmichael proved two theorems that, together, establish that if {{math | ''λ''(''n'')}} is considered as defined by the recurrence of the previous section, then it satisfies the property stated in the introduction, namely that it is the smallest positive integer {{mvar | m}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
{{Math theorem |name=Theorem 1|math_statement=If {{mvar | a}} is relatively prime to {{mvar | n}} then <math>a^{\lambda(n)}\equiv 1\pmod{n}</math>.<ref>Carmichael (1914) p.40</ref>}}
This implies that the order of every element of the multiplicative group of integers modulo {{mvar | n}} divides {{math | ''λ''(''n'')}}. Carmichael calls an element {{mvar | a}} for which <math>a^{\lambda(n)}</math> is the least power of {{mvar | a}} congruent to 1 (mod {{mvar | n}}) a ''primitive λ-root modulo n''.<ref>Carmichael (1914) p.54</ref> (This is not to be confused with a [[primitive root modulo n|primitive root modulo {{mvar | n}}]], which Carmichael sometimes refers to as a primitive <math>\varphi</math>-root modulo {{mvar | n}}.)
{{Math theorem |name=Theorem 2|math_statement=For every positive integer {{mvar | n}} there exists a primitive {{mvar | λ}}-root modulo {{mvar | n}}. Moreover, if {{mvar | g}} is such a root, then there are <math>\varphi(\lambda(n))</math> primitive {{mvar | λ}}-roots that are congruent to powers of {{mvar | g}}.<ref>Carmichael (1914) p.55</ref>}}
If {{mvar | g}} is one of the primitive {{mvar | λ}}-roots guaranteed by the theorem, then <math>g^m\equiv1\pmod{n}</math> has no positive integer solutions {{mvar | m}} less than {{math | ''λ''(''n'')}}, showing that there is no positive {{math | ''m'' < ''λ''(''n'')}} such that <math>a^m\equiv 1\pmod{n}</math> for all {{mvar | a}} relatively prime to {{mvar | n}}.
The second statement of Theorem 2 does not imply that all primitive {{mvar | λ}}-roots modulo {{mvar | n}} are congruent to powers of a single root {{mvar | g}}.<ref>Carmichael (1914) p.56</ref> For example, if {{math | ''n'' {{=}} 15}}, then {{math | ''λ''(''n'') {{=}} 4}} while <math>\varphi(n)=8</math> and <math>\varphi(\lambda(n))=2</math>. There are four primitive {{mvar | λ}}-roots modulo 15, namely 2, 7, 8, and 13 as <math>1\equiv2^4\equiv8^4\equiv7^4\equiv13^4</math>. The roots 2 and 8 are congruent to powers of each other and the roots 7 and 13 are congruent to powers of each other, but neither 7 nor 13 is congruent to a power of 2 or 8 and vice versa. The other four elements of the multiplicative group modulo 15, namely 1, 4 (which satisfies <math>4\equiv2^2\equiv8^2\equiv7^2\equiv13^2</math>), 11, and 14, are not primitive {{mvar | λ}}-roots modulo 15.
For a contrasting example, if {{math | ''n'' {{=}} 9}}, then <math>\lambda(n)=\varphi(n)=6</math> and <math>\varphi(\lambda(n))=2</math>. There are two primitive {{mvar | λ}}-roots modulo 9, namely 2 and 5, each of which is congruent to the fifth power of the other. They are also both primitive <math>\varphi</math>-roots modulo 9.
==Properties of the Carmichael function==
In this section, an [[integer]] <math>n</math> is divisible by a nonzero integer <math>m</math> if there exists an integer <math>k</math> such that <math>n = km</math>. This is written as
:<math>m \mid n.</math>
===A consequence of minimality of {{math | ''λ''(''n'')}}===
Suppose {{math | ''a<sup>m</sup>'' ≡ 1 (mod ''n'')}} for all numbers {{mvar | a}} coprime with {{mvar | n}}. Then {{math | ''λ''(''n'') {{!}} ''m''}}.
'''Proof:''' If {{math | ''m'' {{=}} ''kλ''(''n'') + ''r''}} with {{math | 0 ≤ ''r'' < ''λ''(''n'')}}, then
:<math>a^r = 1^k \cdot a^r \equiv \left(a^{\lambda(n)}\right)^k\cdot a^r = a^{k\lambda(n)+r} = a^m \equiv 1\pmod{n}</math>
for all numbers {{mvar | a}} coprime with {{mvar | n}}. It follows that {{math | 1=''r'' = 0}}
=== {{math | ''λ''(''n'')}} divides {{math | ''φ''(''n'')}} ===
This follows from elementary [[group theory]], because the exponent of any [[finite group]] must divide the order of the group. {{math | ''λ''(''n'')}} is the exponent of the multiplicative group of integers modulo {{mvar | n}} while {{math | ''φ''(''n'')}} is the order of that group. In particular, the two must be equal in the cases where the multiplicative group is cyclic due to the existence of a [[primitive_root_modulo_n|primitive root]], which is the case for odd prime powers.
We can thus view Carmichael's theorem as a sharpening of [[Euler's theorem]].
===Divisibility===
Line 119 ⟶ 106:
:<math> a\,|\,b \Rightarrow \lambda(a)\,|\,\lambda(b) </math>
'''Proof.'''
By definition, for any integer <math>k</math> with <math>\gcd(k,b) = 1</math> (and thus also <math>\gcd(k,a) = 1</math>), we have that <math> b \,|\, (k^{\lambda(b)} - 1)</math> , and therefore <math> a \,|\, (k^{\lambda(b)} - 1)</math>. This establishes that <math>k^{\lambda(b)}\equiv1\pmod{a}</math> for all {{mvar | k}} relatively prime to {{mvar | a}}. By the consequence of minimality proved above, we have <math> \lambda(a)\,|\,\lambda(b) </math>.
===Composition===
For all positive integers {{mvar | a}} and {{mvar | b}} it holds that
:<math>\lambda(\mathrm{lcm}(a,b)) = \mathrm{lcm}(\lambda(a), \lambda(b))</math>.
This is an immediate consequence of the
<!--
Proof goes as follows:
Line 146 ⟶ 131:
===Exponential cycle length===
If <math>r_{\mathrm{
:<math>a^r \equiv a^{
In particular, for [[Square-free integer|square-free]] {{mvar | n}} ({{math | ''r''<sub>max</sub> {{=}} 1}}), for all {{mvar | a}} we have
:<math>a \equiv a^{\lambda(n)+1} \pmod n.</math>
Line 156 ⟶ 141:
===Average value===
For any {{math | ''n'' ≥ 16}}:<ref>Theorem 3 in Erdős (1991)</ref><ref name=HBII194>Sándor & Crstici (2004) p.194</ref>
:<math>\frac{1}{n} \sum_{i \leq n} \lambda (i) = \frac{n}{\ln n} e^{B (1+o(1)) \ln\ln n / (\ln\ln\ln n) }</math>
Line 163 ⟶ 148:
:<math>B := e^{-\gamma} \prod_{p\in\mathbb P} \left({1 - \frac{1}{(p-1)^2(p+1)}}\right) \approx 0.34537 </math>
and {{math | ''γ'' ≈ 0.57721}}, the [[Euler–Mascheroni constant]].
The following table gives some overview over the first {{math | 1=2<sup>26</sup> – 1 = {{val|fmt=gaps|67108863}}}} values of the {{mvar | λ}} function, for both, the exact average and its Erdős-approximation.
Additionally given is some overview over the more easily accessible {{nowrap|“logarithm over logarithm” values}} {{math | 1=LoL(''n'') := {{sfrac|ln ''λ''(''n'')|ln ''n''}}}} with
* {{math | LoL(''n'') > {{sfrac|4|5}} ⇔ ''λ''(''n'') > ''n''<sup>{{sfrac|4|5}}</sup>}}.
There, the table entry in row number 26 at column
* {{math | % LoL > {{sfrac|4|5}}}} {{pad|1em}} → 60.49
indicates that 60.49% (≈ {{val|fmt=gaps|40000000}}) of the integers {{math | 1 ≤ ''n'' ≤ {{val|fmt=gaps|67108863}}}} have {{math | ''λ''(''n'') > ''n''<sup>{{sfrac|4|5}}</sup>}} meaning that the majority of the {{mvar | λ}} values is exponential in the length {{math | ''l'' :{{=}} log<sub>2</sub>(''n'')}} of the input {{mvar | n}}, namely
:<math>\left(2^\frac45\right)^l = 2^\frac{4l}{5} = \left(2^l\right)^\frac45 = n^\frac45.</math>
:{| class="wikitable" style="text-align:right"
|- style="vertical-align:top"
! {{mvar | ν}} || {{math | 1=''n'' = 2<sup>''ν''</sup> – 1}} || sum<br /><math>\sum_{i\le n} \lambda(i) </math> || average<br /><math>\tfrac1n \sum_{i\le n} \lambda(i) </math> || Erdős average || Erdős /<br>exact average || {{math | LoL}} average || % {{math | LoL}} > {{sfrac|4|5}} || % {{math | LoL}} > {{sfrac|7|8}}
|-
|5||31||270||8.709677||68.643||7.8813||0.678244||41.94 ||35.48
Line 224 ⟶ 209:
===Prevailing interval===
For all numbers {{mvar | N}} and all but {{math | ''o''(''N'')}}<ref>Theorem 2 in Erdős (1991) 3. Normal order. (p.365)</ref> positive integers {{math | ''n'' ≤ ''N''}} (a "prevailing" majority):
:<math>\lambda(n) = \frac{n} {(\ln n)^{\ln\ln\ln n + A + o(1)}}</math>
with the constant<ref name=HBII194/>
Line 232 ⟶ 217:
===Lower bounds===
For any sufficiently large number {{mvar | N}} and for any {{math | Δ ≥ (ln ln ''N'')<sup>3</sup>}}, there are at most
:<math>N\exp\left(-0.69(\Delta\ln\Delta)^\frac13\right)</math>
positive integers {{math | ''n'' ≤ N}} such that {{math | ''λ''(''n'') ≤ ''ne''<sup>−Δ</sup>}}.<ref>Theorem 5 in Friedlander (2001)</ref>
===Minimal order===
For any sequence {{math | ''n''<sub>1</sub> < ''n''<sub>2</sub> < ''n''<sub>3</sub> < ⋯}} of positive integers, any constant {{math | 0 < ''c'' < {{sfrac|1|ln 2}}}}, and any sufficiently large {{mvar | i}}:<ref name="Theorem 1 in Erdős (1991)">Theorem 1 in Erdős (1991)</ref><ref name=HBII193>Sándor & Crstici (2004) p.193</ref>
:<math>\lambda(n_i) > \left(\ln n_i\right)^{c\ln\ln\ln n_i}.</math>
===Small values===
For a constant {{mvar | c}} and any sufficiently large positive {{mvar | A}}, there exists an integer {{math | ''n'' > ''A''}} such that<ref name=HBII193/>
:<math>\lambda(n)<\left(\ln A\right)^{c\ln\ln\ln A}.</math>
Moreover, {{mvar | n}} is of the form
:<math>n=\mathop{\prod_{q \in \mathbb P}}_{(q-1)|m}q</math>
for some square-free integer {{math | ''m'' < (ln ''A'')<sup>''c'' ln ln ln ''A''</sup>}}.<ref name="Theorem 1 in Erdős (1991)"/>
===Image of the function===
The set of values of the Carmichael function has counting function<ref>{{cite journal | arxiv=1408.6506 | title=The image of Carmichael's ''λ''-function | first1=Kevin | last1=Ford | first2=Florian | last2=Luca | first3=Carl | last3=Pomerance | date=27 August 2014 | doi=10.2140/ant.2014.8.2009 | volume=8 | issue=8 | journal=Algebra & Number Theory | pages=2009–2026| s2cid=50397623 }}</ref>
:<math>\frac{x}{(\ln x)^{\eta+o(1)}} ,</math>
where
Line 256 ⟶ 241:
==Use in cryptography==
The Carmichael function is important in [[cryptography]] due to its use in the [[
==Proof of Theorem 1==
For {{math | ''n'' {{=}} ''p''}}, a prime, Theorem 1 is equivalent to [[Fermat's little theorem]]:
:<math>a^{p-1}\equiv1\pmod{p}\qquad\text{for all }a\text{ coprime to }p.</math>
For prime powers {{math | ''p''<sup>''r''</sup>}}, {{math | ''r'' > 1}}, if
:<math>a^{p^{r-1}(p-1)}=1+hp^r</math>
holds for some integer {{mvar | h}}, then raising both sides to the power {{mvar | p}} gives
:<math>a^{p^r(p-1)}=1+h'p^{r+1}</math>
for some other integer <math>h'</math>. By induction it follows that <math>a^{\varphi(p^r)}\equiv1\pmod{p^r}</math> for all {{mvar | a}} relatively prime to {{mvar | p}} and hence to {{math | ''p''<sup>''r''</sup>}}. This establishes the theorem for {{math | ''n'' {{=}} 4}} or any odd prime power.
===Sharpening the result for higher powers of two===
For {{mvar | a}} coprime to (powers of) 2 we have {{math | ''a'' {{=}} 1 + 2''h''<sub>2</sub>}} for some integer {{math | ''h''<sub>2</sub>}}. Then,
:<math>a^2 = 1+4h_2(h_2+1) = 1+8\binom{h_2+1}{2}=:1+8h_3</math>,
where <math>h_3</math> is an integer. With {{math | 1=''r'' = 3}}, this is written
:<math>a^{2^{r-2}} = 1+2^r h_r.</math>
Squaring both sides gives
:<math>a^{2^{r-1}}=\left(1+2^r h_r\right)^2=1+2^{r+1}\left(h_r+2^{r-1}h_r^2\right)=:1+2^{r+1}h_{r+1},</math>
where <math>h_{r+1}</math> is an integer. It follows by induction that
:<math>a^{2^{r-2}}=a^{\frac{1}{2}\varphi(2^r)}\equiv 1\pmod{2^r}</math>
for all <math>r\ge3</math> and all {{mvar | a}} coprime to <math>2^r</math>.<ref>Carmichael (1914) pp.38–39</ref>
===Integers with multiple prime factors===
By the [[unique factorization theorem]], any {{math | ''n'' > 1}} can be written in a unique way as
:<math> n= p_1^{r_1}p_2^{r_2} \cdots p_{k}^{r_k} </math>
where {{math | ''p''<sub>1</sub> < ''p''<sub>2</sub> < ... < ''p<sub>k</sub>''}} are primes and {{math | ''r''<sub>1</sub>, ''r''<sub>2</sub>, ..., ''r<sub>k</sub>''}} are positive integers. The results for prime powers establish that, for <math>1\le j\le k</math>,
:<math>a^{\lambda\left(p_j^{r_j}\right)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n\text{ and hence to }p_i^{r_i}.</math>
From this it follows that
:<math>a^{\lambda(n)}\equiv1 \pmod{p_j^{r_j}}\qquad\text{for all }a\text{ coprime to }n,</math>
where, as given by the recurrence,
:<math>\lambda(n) = \operatorname{lcm}\Bigl(\lambda\left(p_1^{r_1}\right),\lambda\left(p_2^{r_2}\right),\ldots,\lambda\left(p_k^{r_k}\right)\Bigr).</math>
From the [[Chinese remainder theorem]] one concludes that
:<math>a^{\lambda(n)}\equiv1 \pmod{n}\qquad\text{for all }a\text{ coprime to }n.</math>
==See also==
Line 268 ⟶ 285:
* {{cite journal |first1=John B. |last1=Friedlander |author1-link=John Friedlander |first2=Carl |last2=Pomerance |first3=Igor E. |last3=Shparlinski |year=2001 |title=Period of the power generator and small values of the Carmichael function |journal=Mathematics of Computation |volume=70 |number=236 |pages=1591–1605, 1803–1806 |mr=1836921 | zbl=1029.11043 | issn=0025-5718 |doi=10.1090/s0025-5718-00-01282-5|doi-access=free }}
* {{cite book | last1=Sándor | first1=Jozsef | last2=Crstici | first2=Borislav | title=Handbook of number theory II | ___location=Dordrecht | publisher=Kluwer Academic | year=2004 | isbn=978-1-4020-2546-4 | pages=32–36, 193–195 | zbl=1079.11001}}
* {{
{{Totient}}
| |||