Results 1  10
of
18
Period of the power generator and small values of Carmichael’s function
 Math.Comp.,70
"... Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same ..."
Abstract

Cited by 18 (11 self)
 Add to MetaCart
Abstract. Consider the pseudorandom number generator un ≡ u e n−1 (mod m), 0 ≤ un ≤ m − 1, n =1, 2,..., where we are given the modulus m, the initial value u0 = ϑ and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p, l are different primes of the same magnitude. It is known from work of the first and third authors that for moduli m = pl, if the period of the sequence (un) exceeds m3/4+ε, then the sequence is uniformly distributed. We show rigorously that for almost all choices of p, l it is the case that for almost all choices of ϑ, e, the period of the power generator exceeds (pl) 1−ε. And so, in this case, the power generator is uniformly distributed. We also give some other cryptographic applications, namely, to rulingout the cycling attack on the RSA cryptosystem and to socalled timerelease crypto. The principal tool is an estimate related to the Carmichael function λ(m), the size of the largest cyclic subgroup of the multiplicative group of residues modulo m. In particular, we show that for any ∆ ≥ (log log N) 3,wehave λ(m) ≥ N exp(−∆) for all integers m with 1 ≤ m ≤ N, apartfromatmost N exp −0.69 ( ∆ log ∆) 1/3) exceptions. 1.
On the period of the linear congruential and power generators
 Acta Arith
"... We consider two standard pseudorandom number generators from number theory: the linear congruential generator and the power generator. For the former, we are given integers e, b, n (with e, n> 1) and a seed u0, and we compute the sequence ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
We consider two standard pseudorandom number generators from number theory: the linear congruential generator and the power generator. For the former, we are given integers e, b, n (with e, n> 1) and a seed u0, and we compute the sequence
The iterated Carmichael λ function and the number of cycles of the power generator
, 2005
"... A common pseudorandom number generator is the power generator: x ↦ → x ℓ (mod n). Here, ℓ, n are fixed integers at least 2, and one constructs a pseudorandom sequence by starting at some residue mod n and iterating this ℓth power map. (Because it is the easiest to compute, one often takes ℓ = 2; thi ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
A common pseudorandom number generator is the power generator: x ↦ → x ℓ (mod n). Here, ℓ, n are fixed integers at least 2, and one constructs a pseudorandom sequence by starting at some residue mod n and iterating this ℓth power map. (Because it is the easiest to compute, one often takes ℓ = 2; this case is known as the BBS generator, for Blum,
Squarefree Values of the Carmichael Function
 J. NUM. THEORY
, 2003
"... We obtain an asymptotic formula for the number of squarefree values among p 1; for primes ppx; and we apply it to derive the following asymptotic formula for LðxÞ; the number of squarefree values of the Carmichael function lðnÞ for 1pnpx; LðxÞ ðk þ oð1ÞÞ x ln 1 a x; where a 0:37395y is the Artin ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
We obtain an asymptotic formula for the number of squarefree values among p 1; for primes ppx; and we apply it to derive the following asymptotic formula for LðxÞ; the number of squarefree values of the Carmichael function lðnÞ for 1pnpx; LðxÞ ðk þ oð1ÞÞ x ln 1 a x; where a 0:37395y is the Artin constant, and k 0:80328y is another absolute constant.
Average Multiplicative Orders of Elements Modulo n
 Acta Arith
"... We study the average multiplicative order of elements modulo n and show that its behaviour is very close to the behaviour of the largest possible multiplicative order of elements modulo n given by the Carmichael function #(n). 2000 Mathematics Subject Classification: Primary 11N37, 11N64; Secondary ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
We study the average multiplicative order of elements modulo n and show that its behaviour is very close to the behaviour of the largest possible multiplicative order of elements modulo n given by the Carmichael function #(n). 2000 Mathematics Subject Classification: Primary 11N37, 11N64; Secondary 20K01 1
ON THE ORDER OF UNIMODULAR MATRICES MODULO INTEGERS
, 2002
"... Assuming the Generalized Riemann Hypothesis, we prove the following: If b is an integer greater than one, then the multiplicative order of b modulo N is larger than N 1−ǫ for all N in a density one subset of the integers. If A is a hyperbolic unimodular matrix with integer coefficients, then the ord ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
Assuming the Generalized Riemann Hypothesis, we prove the following: If b is an integer greater than one, then the multiplicative order of b modulo N is larger than N 1−ǫ for all N in a density one subset of the integers. If A is a hyperbolic unimodular matrix with integer coefficients, then the order of A modulo p is greater than p 1−ǫ for all p in a density one subset of the primes. Moreover, the order of A modulo N is greater than N 1−ǫ for all N in a density one subset of the integers.
Small Values of the Carmichael Function and Cryptographic Applications
"... . We outline some cryptographic applications of the recent results of the authors about small values of the Carmichael function and the period of the power generator of pseudorandom numbers. Namely, we show rigorously that almost all randomly selected RSA moduli are safe against the socalled cyclin ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
. We outline some cryptographic applications of the recent results of the authors about small values of the Carmichael function and the period of the power generator of pseudorandom numbers. Namely, we show rigorously that almost all randomly selected RSA moduli are safe against the socalled cycling attack and we also provide some arguments in support of the reliability of the timedrelease crypto scheme, which has recently been proposed by R. L. Rivest, A. Shamir and D. A. Wagner. 1. Introduction For an integer n # 1 we define the Carmichael function #(n) as the largest possible order of elements of the unit group in the residue ring modulo n. More explicitly, for a prime power p k we write # p k = p k1 (p  1), if p # 3 or k # 2; 2 k2 , if p = 2 and k # 3; and finally, #(n) = lcm # p k1 1 , . . . , # p k# # , where n = p k1 1 . . . p k# # is the prime number factorization of n. Various upper and lower bounds for #(n) have been...
Building Pseudoprimes With A Large Number Of Prime Factors
, 1995
"... We extend the method due originally to Loh and Niebuhr for the generation of Carmichael numbers with a large number of prime factors to other classes of pseudoprimes, such as Williams's pseudoprimes and elliptic pseudoprimes. We exhibit also some new Dickson pseudoprimes as well as superstrong Dicks ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We extend the method due originally to Loh and Niebuhr for the generation of Carmichael numbers with a large number of prime factors to other classes of pseudoprimes, such as Williams's pseudoprimes and elliptic pseudoprimes. We exhibit also some new Dickson pseudoprimes as well as superstrong Dickson pseudoprimes.
Idempotents and nilpotents modulo n
"... Abstract. We study asymptotic properties of periods and transient phases associated with modular power sequences. The latter are simple; the former are vaguely related to the reciprocal sum of squarefree integer kernels. Let Zn denote the ring of integers modulo n. Define S(x) to be the sequence {x ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
Abstract. We study asymptotic properties of periods and transient phases associated with modular power sequences. The latter are simple; the former are vaguely related to the reciprocal sum of squarefree integer kernels. Let Zn denote the ring of integers modulo n. Define S(x) to be the sequence {x k} ∞ k=0 for each x ∈ Zn. We wish to understand the periodicity properties of S(x), that is, the statistics of σ(x) = τ(x) = the period of S(x) = the least m ≥ 1 for which xk+m = x k for all sufficiently large k, the transient phase of S(x) = the least ℓ ≥ 0 for which xk+σ(x) = x k for all k ≥ ℓ. For example, the unique x with (σ, τ) = (1, 0) is x = 1. If (σ, τ) = (2, 0), then x is a square root of unity; if (σ, τ) = (3, 0), then x is a cube root of unity [1]. If τ = 0 (with no condition placed on σ), then x is relatively prime to n. Hence the number of such x is # { x ∈ Zn: x k = 1 for some k ≥ 1} = ϕ(n) where ϕ is the Euler totient function and, asymptotically [1, 2], n≤N ϕ(n) ∼ 3 π 2N2 = (0.303963550927...)N 2 as N → ∞. As another example, if (σ, τ) = (1, 1), then x is an idempotent. The number of such x, including 0 and 1, is # { x ∈ Zn: x 2 = x} = 2 ω(n) where ω(n) denotes the number of distinct prime factors of n and [1, 3] 2 ω(n) ∼ 6 π2N · lnN n≤N as N → ∞. More difficult examples appear in the following sections. As in [1], we make no claim of originality: Our purpose is only to gather relevant formulas in one place. 0