Revision as of 06:40, 21 August 2006 edit 81.165.67.238 (talk) Link to "congruence" ← Previous edit		Revision as of 12:22, 28 August 2006 edit undo WinBot (talk \| contribs) 39,167 edits m BOT - Unicodifying Next edit →
Line 4: :'''Input''' Integers ''p'', ''g'', ''e''. :'''Output''' Integer ''x'', such that ''e ~~≡~~≡ g<sup>x</sup> (mod p)''. :#Use [[Euler's totient function]] to determine the prime factorization of the order of the group : <br><center><math>\varphi(p)= p_0\cdot p_1 \cdot \ldots \cdot p_n</math></center> Line 12: & \equiv & (g^{\varphi(p)/p_1})^{b_1} \pmod{p} \end{matrix} </math> (using [[Euler's theorem]])</center><br>Note that if <math>g^{\varphi(p)/p_1} \equiv 1 \pmod{p}</math> then the order of ''g'' is less than ~~φ~~φ(''p'') and <math>e^{\varphi(p)/p_1} \mod p</math> must be 1 for a solution to exist. In this case there will be more than one solution for ''x'' less than ~~φ~~φ(''p''), but since we are not looking for the whole set, we can require that ''b''<sub>1</sub>=0.<br><br>The same operation is now performed for ''p<sub>2</sub>'' up to ''p<sub>n</sub>''.<br><br>A minor modification is needed where a prime number is repeated. Suppose we are seeing ''p<sub>i</sub>'' for the ''k+1''-th time. Then we already know ''c<sub>i</sub>'' in the equation ''x = a<sub>i</sub> p<sub>i</sub><sup>k+1</sup> + b<sub>i</sub> p<sub>i</sub><sup>k</sup>+c<sub>i</sub>'', and we find ''b<sub>i</sub>'' the same way as before. :#We end up with enough simultaneous [[congruence\|congruences]] so that ''x'' can be solved using the [[Chinese remainder theorem]].

Pohlig–Hellman algorithm: Difference between revisions