Finding totient using discrete logarithm

vector · 2007-11-20, 03:14

I am posting this here because I think there might be a serious flaw with this technique. Given composite N, generator g, and prime q. find a generator g that is a primitive root to a composite N and some prime q. raise the generator to the power N. now (g^N) mod N = g^(N-totient(N)) mod N = k. Then mod the expression to a prime q so that g^(x mod totient(q)) mod q = k mod q. Now just solve for x and totient(N)= N-x Here is an example: (I am making these values and results up, they are not correct ) base=2, n=77,q=13. 2^77 mod 77 = 2^17 mod 77 = 19. 2^(17 mod 12)=19 mod 13=6. find the exponent by solving discrete logarithm 2^x mod 13 = 6. So the solution will be something like 5 or 5+12*x and one of the exponents should be correct (not in this case, I was to lazy to look up the correct calculations because my calculator died :(

R.D. Silverman · 2007-11-20, 12:03

Quote:

Originally Posted by vector

I am posting this here because I think there might be a serious flaw with this technique. Given composite N, generator g, and prime q. find a generator g that is a primitive root to a composite N

As with all proposals, reading stops at the first major mistake.

Composites do not have primitive roots.

I did not read the rest of your post.

vector · 2007-11-20, 18:14

I never knew that a composite modulus does not have any primitive roots.

Maybe this can be used to make a new deterministic primality test. (A prime is a provable prime if there is a primitive root mod the probable prime).
Anyway, I figured out that what was happening was just coincidence that occurs commonly for small numbers but almost never happens for larger moduli. So this discrete logarithm mod N lift to discrete logarithm mod P would never work.

akruppa · 2007-11-20, 18:50

Sorry about that, but this is the exact basis for classical (you might almost say: ancient) deterministic primality tests that don't divide by all primes <= sqrt(P).

I.e. for the original P-1 primality test, you factor P-1 into primes p, then look for an element a so that a^(P-1) == 1 (mod P) but a^((P-1)/p) != 1 (mod P). This proves that p divides the order of a. If you do it for all p|P-1, you know the ord(a) = P-1, so it is a generator, so P is prime.

The Lucas-Lehmer tests works similarly, except you work in an extension ring and check that an element has order P+1 iff P=Mp is prime. The arithmetic in the extension ring is hidden by the use of Lucas sequences, so it still uses only arithmetic in Z/PZ.

Alex

2007-11-20, 03:14	#1
vector Nov 2007 home 5² Posts	Finding totient using discrete logarithm I am posting this here because I think there might be a serious flaw with this technique. Given composite N, generator g, and prime q. find a generator g that is a primitive root to a composite N and some prime q. raise the generator to the power N. now (g^N) mod N = g^(N-totient(N)) mod N = k. Then mod the expression to a prime q so that g^(x mod totient(q)) mod q = k mod q. Now just solve for x and totient(N)= N-x Here is an example: (I am making these values and results up, they are not correct ) base=2, n=77,q=13. 2^77 mod 77 = 2^17 mod 77 = 19. 2^(17 mod 12)=19 mod 13=6. find the exponent by solving discrete logarithm 2^x mod 13 = 6. So the solution will be something like 5 or 5+12x and one of the exponents should be correct (not in this case, I was to lazy to look up the correct calculations because my calculator died :( Last fiddled with by vector on 2007-11-20 at 03:24*

2007-11-20, 18:14	#3
vector Nov 2007 home 25₁₀ Posts	I never knew that a composite modulus does not have any primitive roots. Maybe this can be used to make a new deterministic primality test. (A prime is a provable prime if there is a primitive root mod the probable prime). Anyway, I figured out that what was happening was just coincidence that occurs commonly for small numbers but almost never happens for larger moduli. So this discrete logarithm mod N lift to discrete logarithm mod P would never work. Last fiddled with by vector on 2007-11-20 at 18:31

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Help with discrete logarithm	pinnn	Information & Answers	43	2021-03-18 15:40
GDLOG discrete logarithm usage example	xkyve	Information & Answers	38	2014-07-14 15:59
Discrete logarithm software	Unregistered	Information & Answers	39	2012-04-27 20:08
Solving discrete logarithm in 2 variables	Coffenator	Information & Answers	16	2007-10-03 21:01
Discrete logarithm mod Mersenne primes?	Unregistered	Information & Answers	0	2006-08-27 15:32

2007-11-20, 18:50	#4
akruppa "Nancy" Aug 2002 Alexandria 2,467 Posts	Sorry about that, but this is the exact basis for classical (you might almost say: ancient) deterministic primality tests that don't divide by all primes <= sqrt(P). I.e. for the original P-1 primality test, you factor P-1 into primes p, then look for an element a so that a^(P-1) == 1 (mod P) but a^((P-1)/p) != 1 (mod P). This proves that p divides the order of a. If you do it for all p\|P-1, you know the ord(a) = P-1, so it is a generator, so P is prime. The Lucas-Lehmer tests works similarly, except you work in an extension ring and check that an element has order P+1 iff P=Mp is prime. The arithmetic in the extension ring is hidden by the use of Lucas sequences, so it still uses only arithmetic in Z/PZ. Alex