Carmichael function explained

In number theory, a branch of mathematics, the Carmichael function of a positive integer is the smallest member of the set of positive integers having the property that

am\equiv1\pmod{n}

holds for every integer coprime to . In algebraic terms, is the exponent of the multiplicative group of integers modulo . As this is a finite abelian group, there must exist an element whose order equals the exponent, . Such an element is called a primitive -root modulo .

The Carmichael function is named after the American mathematician Robert Carmichael who defined it in 1910.[1] It is also known as Carmichael's λ function, the reduced totient function, and the least universal exponent function.

The order of the multiplicative group of integers modulo is, where is Euler's totient function. Since the order of an element of a finite group divides the order of the group, divides . The following table compares the first 36 values of and (in bold if they are different; the s such that they are different are listed in).

123456789101112131415161718192021222324252627282930313233343536
1 1 2 2 4 2 6 2 6 4 10 2 12 6 4 4 16 6 18 4 6 10 22 2 20 12 18 6 28 4 30 8 10 16 12 6
1 1 2 2 4 2 6 4 6 4 10 4 12 6 8 8 16 6 18 8 12 10 22 8 20 12 18 12 28 8 30 16 20 16 24 12

Numerical examples

a1\not\equiv1\pmod{5}

except for

a\equiv1\pmod{5}

. Neither does 2 since

22\equiv32\equiv4\not\equiv1\pmod{5}

. Hence . Indeed,

14\equiv24\equiv34\equiv44\equiv1\pmod{5}

. Both 2 and 3 are primitive -roots modulo 5 and also primitive roots modulo 5.

12\equiv32\equiv52\equiv72\equiv1\pmod{8}

. The primitive -roots modulo 8 are 3, 5, and 7. There are no primitive roots modulo 8.

Recurrence for

The Carmichael lambda function of a prime power can be expressed in terms of the Euler totient. Any number that is not 1 or a prime power can be written uniquely as the product of distinct prime powers, in which case of the product is the least common multiple of the of the prime power factors. Specifically, is given by the recurrence

λ(n)=\begin{cases} \varphi(n)&ifnis1,2,4,oranoddprimepower,\\ \tfrac12\varphi(n)&

r,r\ge3,\\ \operatorname{lcm}l(λ(n
ifn=2
1),λ(n

2),\ldots,λ(nk)r)&ifn=n1n2\ldotsnkwheren1,n2,\ldots,nkarepowersofdistinctprimes. \end{cases}

Euler's totient for a prime power, that is, a number with prime and, is given by

\varphi(pr){{=}}pr-1(p-1).

Carmichael's theorems

Carmichael proved two theorems that, together, establish that if is considered as defined by the recurrence of the previous section, then it satisfies the property stated in the introduction, namely that it is the smallest positive integer such that

am\equiv1\pmod{n}

for all relatively prime to .This implies that the order of every element of the multiplicative group of integers modulo divides . Carmichael calls an element for which

aλ(n)

is the least power of congruent to 1 (mod) a primitive λ-root modulo n.[2] (This is not to be confused with a primitive root modulo , which Carmichael sometimes refers to as a primitive

\varphi

-root modulo .)If is one of the primitive -roots guaranteed by the theorem, then

gm\equiv1\pmod{n}

has no positive integer solutions less than, showing that there is no positive such that

am\equiv1\pmod{n}

for all relatively prime to .

The second statement of Theorem 2 does not imply that all primitive -roots modulo are congruent to powers of a single root .[3] For example, if, then while

\varphi(n)=8

and

\varphi(λ(n))=2

. There are four primitive -roots modulo 15, namely 2, 7, 8, and 13 as

1\equiv24\equiv84\equiv74\equiv134

. The roots 2 and 8 are congruent to powers of each other and the roots 7 and 13 are congruent to powers of each other, but neither 7 nor 13 is congruent to a power of 2 or 8 and vice versa. The other four elements of the multiplicative group modulo 15, namely 1, 4 (which satisfies

4\equiv22\equiv82\equiv72\equiv132

), 11, and 14, are not primitive -roots modulo 15.

For a contrasting example, if, then

λ(n)=\varphi(n)=6

and

\varphi(λ(n))=2

. There are two primitive -roots modulo 9, namely 2 and 5, each of which is congruent to the fifth power of the other. They are also both primitive

\varphi

-roots modulo 9.

Properties of the Carmichael function

n

is divisible by a nonzero integer

m

if there exists an integer

k

such that

n=km

. This is written as

m\midn.

A consequence of minimality of

Suppose for all numbers coprime with . Then .

Proof: If with, then

ar=1kar\equiv\left(aλ(n)\right)kar=akλ(n)+r=am\equiv1\pmod{n}

for all numbers coprime with . It follows that since and is the minimal positive exponent for which the congruence holds for all coprime with .

divides

This follows from elementary group theory, because the exponent of any finite group must divide the order of the group. is the exponent of the multiplicative group of integers modulo while is the order of that group. In particular, the two must be equal in the cases where the multiplicative group is cyclic due to the existence of a primitive root, which is the case for odd prime powers.

We can thus view Carmichael's theorem as a sharpening of Euler's theorem.

Divisibility

a|bλ(a)|λ(b)

Proof.

By definition, for any integer

k

with

\gcd(k,b)=1

(and thus also

\gcd(k,a)=1

), we have that

b|(kλ(b)-1)

, and therefore

a|(kλ(b)-1)

. This establishes that

kλ(b)\equiv1\pmod{a}

for all relatively prime to . By the consequence of minimality proved above, we have

λ(a)|λ(b)

.

Composition

For all positive integers and it holds that

λ(lcm(a,b))=lcm(λ(a),λ(b))

.This is an immediate consequence of the recurrence for the Carmichael function.

Exponential cycle length

If

rmax=maxi\{ri\}

is the biggest exponent in the prime factorization

n=

r1
p
1
r2
p
2

rk
p
k

of, then for all (including those not coprime to) and all,

ar\equivaλ(n)+r\pmodn.

In particular, for square-free, for all we have

a\equivaλ(n)+1\pmodn.

Average value

For any :[4] [5]

1
n

\sumiλ(i)=

n
lnn

eB

(called Erdős approximation in the following) with the constant

B:=e-\gamma\prodp\inP\left({1-

1
(p-1)2(p+1)
}\right) \approx 0.34537 and, the Euler–Mascheroni constant.

The following table gives some overview over the first values of the function, for both, the exact average and its Erdős-approximation.

Additionally given is some overview over the more easily accessible with

There, the table entry in row number 26 at column

indicates that 60.49% (≈) of the integers have meaning that the majority of the values is exponential in the length of the input, namely

45\right)
l
\left(2

=

4l
5
2

=\left(2l\right)

45
=
45.
n
sum

\sumi\leλ(i)

average

\tfrac1n\sumi\leλ(i)

Erdős average Erdős /
exact average 		average % > % >
5312708.70967768.6437.88130.67824441.94 35.48
66396415.30158761.4144.01360.69989138.10 30.16
7127357428.14173286.6053.07740.71729138.58 27.56
82551299450.956863138.1902.71190.73033138.82 23.53
95114803293.996086233.1492.48040.74049840.90 25.05
101023178816174.795699406.1452.32350.74848241.45 26.98
112047662952323.865169722.5262.23090.75488642.84 27.70
1240952490948608.2901101304.8102.14500.76102743.74 28.11
13819193827641145.4967652383.2632.08060.76657144.33 28.60
1416383355045862167.1602274392.1292.02670.77169546.10 29.52
15327671347368244111.9670408153.0541.98280.77643747.21 29.15
16655355137587967839.45671815225.431.94220.78106449.13 28.17
17131071196441359214987.4006628576.971.90670.78540150.43 29.55
18262143752921820828721.7976853869.761.87560.78956151.17 30.67
195242872893564434255190.46694101930.91.84690.79353652.62 31.45
201048575111393101150106232.8409193507.11.82150.79735153.74 31.83
212097151429685077652204889.9090368427.61.79820.80101854.97 32.18
2241943031660388309120395867.5158703289.41.77660.80454356.24 33.65
2383886076425917227352766029.118713456331.75660.80793657.19 34.32
2416777215249068726559901484565.38625800701.73790.81120458.49 34.43
2533554431966665958654302880889.14049563721.72040.81435159.52 35.76
26671088633756190480865765597160.06695378631.70410.81738460.49 36.73

Prevailing interval

For all numbers and all but [6] positive integers (a "prevailing" majority):

λ(n)=

n
(lnn)lnlnln
with the constant[5]

A:=-1+\sump\inP

lnp
(p-1)2

0.2269688

Lower bounds

For any sufficiently large number and for any, there are at most

13\right)
N\exp\left(-0.69(\Deltaln\Delta)
positive integers such that .[7]

Minimal order

For any sequence of positive integers, any constant, and any sufficiently large :[8] [9]

λ(ni)>\left(ln

clnlnlnni
n
i\right)

.

Small values

For a constant and any sufficiently large positive, there exists an integer such that[9]

λ(n)<\left(lnA\right)clnlnln.

Moreover, is of the form
n=\prodq
(q-1)|m

q

for some square-free integer .[8]

Image of the function

The set of values of the Carmichael function has counting function[10]

x
(lnx)η+o(1)

,

where
η=1-1+lnln2
ln2

0.08607

Use in cryptography

The Carmichael function is important in cryptography due to its use in the RSA encryption algorithm.

Proof of Theorem 1

For, a prime, Theorem 1 is equivalent to Fermat's little theorem:

ap-1\equiv1\pmod{p}    forallacoprimetop.

For prime powers,, if
pr-1(p-1)
a

=1+hpr

holds for some integer, then raising both sides to the power gives
pr(p-1)
a

=1+h'pr+1

for some other integer

h'

. By induction it follows that
\varphi(pr)
a

\equiv1\pmod{pr}

for all relatively prime to and hence to . This establishes the theorem for or any odd prime power.

Sharpening the result for higher powers of two

For coprime to (powers of) 2 we have for some integer . Then,

a2=1+4h2(h2+1)=1+8\binom{h2+1}{2}=:1+8h3

,where

h3

is an integer. With, this is written
2r-2
a

=1+2rhr.

Squaring both sides gives
2r-1
a

=\left(1+2r

2=1+2
h
r\right)

r+1

r-1
\left(h
r+2
2\right)=:1+2
h
r

r+1hr+1,

where

hr+1

is an integer. It follows by induction that
2r-2
a
1\varphi(2r)
2
=a

\equiv1\pmod{2r}

for all

r\ge3

and all coprime to

2r

.[11]

Integers with multiple prime factors

By the unique factorization theorem, any can be written in a unique way as

n=

r1
p
1
r2
p
2

rk
p
k

where are primes and are positive integers. The results for prime powers establish that, for

1\lej\lek

,
rj
λ\left(p\right)
j
a

\equiv1

rj
\pmod{p
j
}\qquad\texta\textn\textp_i^.From this it follows that

aλ(n)\equiv1

rj
\pmod{p
j
}\qquad\texta\textn,where, as given by the recurrence,

λ(n)=

r1
\operatorname{lcm}l(λ\left(p
1
r2
\right),λ\left(p
2
rk
\right),\ldots,λ\left(p
k

\right)r).

From the Chinese remainder theorem one concludes that

aλ(n)\equiv1\pmod{n}    forallacoprimeton.

See also

Notes

  1. Robert Daniel . Carmichael . 1910 . Note on a new number theory function . Bulletin of the American Mathematical Society . 16 . 5 . 232–238 . 10.1090/S0002-9904-1910-01892-9. free .
  2. Carmichael (1914) p.54
  3. Carmichael (1914) p.56
  4. Theorem 3 in Erdős (1991)
  5. Sándor & Crstici (2004) p.194
  6. Theorem 2 in Erdős (1991) 3. Normal order. (p.365)
  7. Theorem 5 in Friedlander (2001)
  8. Theorem 1 in Erdős (1991)
  9. Sándor & Crstici (2004) p.193
  10. 1408.6506 . The image of Carmichael's λ-function . Kevin . Ford . Florian . Luca . Carl . Pomerance . 27 August 2014 . 10.2140/ant.2014.8.2009 . 8 . 8 . Algebra & Number Theory . 2009–2026. 50397623 .
  11. Carmichael (1914) pp.38–39

References

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "Carmichael function".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2024, A B Cryer, All Rights Reserved. Cookie policy.