0% found this document useful (0 votes)

13 views102 pages

Math 788 Lecture 15

The document discusses a polynomial time primality testing algorithm developed by M. Agrawal, N. Kayal, and N. Saxena. It outlines the algorithm's steps for determining whether a given integer n is composite or prime, including conditions involving prime factors and modular arithmetic. Additionally, it references important literature and provides lemmas related to prime distribution and cyclotomic polynomial factorization modulo a prime.

Uploaded by

swapnil bagde

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

13 views102 pages

Math 788 Lecture 15

Uploaded by

swapnil bagde

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

P RIMALITY T ESTING IN P OLYNOMIAL T IME

A Theorem of
M. AGRAWAL , N. K AYAL , AND N. S AXENA
Department of Computer Science & Engineering
Indian Institute of Technology in Kanpur
Two Important Papers in the Literature:
• Etienne Fouvry, Théorèm de Brun-Titchmarsh, appli-
cation au théorèm de Fermat, Invent. Math 79 (1985),
383–407.
• Leonard Adleman and D. Roger Heath-Brown, The first
case of Fermat’s Last Theorem, Invent. Math 79 (1985),
409–416.

Notation. ⇡(x) = p : p prime  x

⇡s (x) = p : p prime  x, P (p 1) > p2/3

| {z }
" "
“s” as in special P (n) is the largest prime factor of n
Two Important Papers in the Literature:
• Etienne Fouvry, Théorèm de Brun-Titchmarsh, appli-
cation au théorèm de Fermat, Invent. Math 79 (1985),
383–407.
• Leonard Adleman and D. Roger Heath-Brown, The first
case of Fermat’s Last Theorem, Invent. Math 79 (1985),
409–416.

Lemma 1. There is a constant c > 0 and x0 such that

x
⇡s(x) c for all x x0 .
log x
Two Important Papers in the Literature:
• Etienne Fouvry, Théorèm de Brun-Titchmarsh, appli-
cation au théorèm de Fermat, Invent. Math 79 (1985),
383–407.
• Leonard Adleman and D. Roger Heath-Brown, The first
case of Fermat’s Last Theorem, Invent. Math 79 (1985),
409–416.

2x
Classical. ⇡(x)  for x large
log x
Lemma 2. There are positive constants c1 and c2 such
6 6
that the interval I = (c1(log n) , c2(log n) ] contains
a prime r with r 1 having a prime factor q satisfying
p
q 4 r log n and q|ordr (n).
Input: integer n > 1

1. if ( n is of the form ab, b > 1 ) output COMPOSITE;

2. r = 2;
3. while ( r < n ) {
4. if ( gcd(n, r) 6= 1 ) output COMPOSITE;
5. if ( r is prime )
6. let q be the largest prime factor of r 1;
p
7. if ( q 4 r log n ) and ( n(r 1)/q 6⌘ 1 (mod r) )
8. break;
Note that n does not have
9. r ! r + 1;
any prime divisors < r.
10. }
p
11. for a = 1 to 2 r log n
12. if ( (x a)n 6⌘ xn a (mod xr 1, n) )Routput
⇡,P3 R⇡,P 2 R⇡,P1 =
COMPOSITE;
13. output PRIME;
Input: integer n > 1

1. if ( n is of the form ab, b > 1 ) output COMPOSITE;

2. r = 2;
3. while ( r < n ) {
4. if ( gcd(n, r) 6= 1 ) output COMPOSITE;
5. if ( r is prime )
6. let q be the largest prime factor of r 1;
p
7. if ( q 4 r log n ) and ( n(r 1)/q 6⌘ 1 (mod r) )
8. break;
9. r ! r + 1; P ROBLEM : Show that if n is composite, then the
10. } algorithm indicates it is.
p
11. for a = 1 to 2 r log n
12. if ( (x a)n 6⌘ xn a (mod xr 1, n) ) output COMPOSITE;
13. output PRIME;
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)
√
WANT: There is an integer a with 1 ≤ a ≤ 2 r log n
such that
n ! n " r
(x − a) ̸≡ x − a (mod x − 1 , n ).
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)
√
WANT: There is an integer a with 1 ≤ a ≤ !2 r"#log n$
such that
% & ℓ
n
(x − a) ̸≡ x − an r
(mod x − 1 , n ).
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)
√
WANT: There is an integer a with 1 ≤ a ≤ !2 r"#log n$
such that
% & ℓ
n
(x − a) ̸≡ x − an r
(mod x − 1 , !"#$
n ).

p with p|n
S ITUATION :
R(x) n
= ispR 1 (x) =q
composite, - n r is2(x)
ph(x)Q a prime
+ pR2(x)
√
q is a prime, q≥4 r log n
()
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)
factoring r 1 can be √
WANT: There isdone
an integer 41 ≤ a ≤ 2
in O (log n) steps ! r"#
a with log n$
such that
% & ℓ
n n
Note this
(x − a) ̸≡ x − a is not r
h(x).
(mod x − 1 , n ).
! "# $ !"#$
This is mod r(h(x), p). p with p|n
h(x) monic, where h(x)|(x − 1) mod p

(Comment: We really will work mod (xr 1, p).)

n n r
Rem ((x − a) − (x − a), x − 1, x) mod n = 0
⇓
n n r
Rem ((x − a) − (x − a), x − 1, x) mod p = 0
⇓ !
n n
Rem ((x − a) − (x − a), h(x), x) mod p = 0

n n r
(x − a) −(x − a) = (x − 1)Q(x) + R(x)
= h(x)u(x)Q(x) + pv(x)Q(x) + R(x)
= h(x)w
h(x)w(x)
1 (x)+
+R(x)
R(x)+ p w02(x)
+pR (x)
R(x) = pR1(x) = ph(x)Q2(x) + pR2(x)
Rem ((x = n
− a) − (x
h(x)w 1
n
(x) + R(x)r
− a), x +−p w
1,2(x)
x) mod
=) n =
/ 0

⇓
= n
Rem ((x − a) − (x
h(x)w 1
n
(x) + R(x)r
− a), x +−p w x) mod
1,2(x) =) p =
/ 0

⇓ !
= n
h(x)w (x) n
Rem ((x − a) −1 (x +− a),+h(x),
R(x) x) mod
p w2(x) =) p =
/ 0

n n r
(x − a) −(x − a) = (x − 1)Q(x) + R(x)
= h(x)u(x)Q(x) + pv(x)Q(x) + R(x)
= h(x)w
h(x)w(x)
1 (x)+
+R(x)
R(x)+ p w02(x)
+pR (x)
R(x) = pR1(x) = ph(x)Q2(x) + pR2(x)
S ITUATION :
n is q -
composite, n
R(x) = pR1(x) = ph(x)Q r is2(x)
a prime
+ pR2(x)
√
q is a prime, q ≥ 4 r log n
()
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)
factoring r 1 can be √
WANT: There isdone
an integer a with
in O (log ≤ a ≤ 2 r log n
n)41 steps
such that
n ! n "
(x − a) ̸≡ x this
Note −ais not(mod
h(x). h(x), p),

where p is a prime dividing n and h(x) is a monic factor

r This is mod (h(x), p).
of x − 1 modulo p (both of our choosing).
(Comment: We really will work mod (xr 1, p).)
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)

H OW TO C HOOSE p:
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r logn
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)

e1 e2 et
H OW TO C HOOSE p: If n = p1 p2 · · · pt , then
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)

e1 e2 et
H OW TO C HOOSE p: If n = p1 p2 · · · pt , then
d
d = ordr (p1) · · · ordr (pt) =⇒ n ≡1 (mod r).
S ITUATION :
q - n r is a prime
n is composite,
√
q is a prime, q ≥ 4 r log n
q - n, − 1), 1),
q|(r q|(r q|ordq|ord
r (n) r (n)

Note that n does not have

any prime divisors < r.

R⇡,P3 R⇡,P2 R⇡,P1 = R⇡,Q

= h(x)w1(x) + R(x) + p w2(x) =)

S ITUATION :
n is composite, r is a prime
√
q is a prime, q ≥ 4 r log n
q|(r − 1), p|n, q|ordr (p)

How do we choose h(x)?

T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.

r prime,
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.

r prime, k = 0 ,
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.

r prime, k = 0 , m = r,
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.
r
x −1
r prime, k = 0 , m = r, Φr (x) =
x−1
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.
r
x − 1 has a factor of degree ordr (p) modulo p
T HE FACTORIZATION OF C YCLOTOMIC
P OLYNOMIALS M ODULO A P RIME
Let r be a positive integer, and let p be a prime.
Write r = pk m where p ! m. Let f = ordm(p).
Then the r th cyclotomic polynomial Φr (x) factors
as a product of φ(m)/f incongruent irreducible
polynomials modulo p of degree f each raised to
k
the φ(p ) power.
= h(x)w1(x) + R(x) + p w2(x) =) /
r
x − 1 has a factor of degree ordr (p) modulo p

q-n h(x)
S ITUATION :
n is composite, r is a prime
√
q is a prime, q ≥ 4 r logn
q|(r − 1), p|n, q|ordr (p)
h(x) irreducible mod p, degh = ordr (p)
S ITUATION :
R(x) n
= ispR 1 (x) = ph(x)Q
composite, r is2(x) + pR2(x)
a prime
√
q ≥ 4 r logn
q is a prime, ()
q|(r − 1), p|n, q|ordr (p)
factoring r 1 can be
h(x) irreducible mod p, degh
4 =
done in O (log n) steps ordr (p)
√
WANT: There is an integer a with 1 ≤ a ≤ 2 r logn
Note this is not h(x).
such that
n ! n "
(x − a) This
̸≡ xis −moda (h(x),
(modp). h(x), p).

(Comment: We really will work mod (xr 1, p).)

S ITUATION :
R(x) n
= ispR 1 (x) = ph(x)Q
composite, r is2(x) + pR2(x)
a prime
√
q ≥ 4 r logn
q is a prime, ()
q|(r − 1), p|n, q|ordr (p)
factoring r 1 can be
h(x) irreducible mod p, degh
4 =
done in O (log n) steps ordr (p)
√
WANT: There is an integer a with 1 ≤ a ≤ !2 r"#logn$
Note this is not h(x).
such that
% & ℓ
n
(x − a) This n
̸≡ xis − a (h(x),
(mod
mod p). h(x), p).

(Comment: We really will work mod (xr 1, p).)

S ITUATION :
√
n is R(x) = pR1(x)
composite, r is=aph(x)Q
prime, 2(x)
ℓ= + 2pR2r(x)
log n
√
q is a prime, () q ≥ 4 r log n
q|(r − 1), p|n, q|ordr (p)
factoring r 1 can be
h(x) irreducible mod p, deg 4h = ordr (p)
done in O (log n) steps

WANT: There is an integer a with 1 ≤ a ≤ ℓ such that

Note this is!not h(x).
n
(x − a) ̸≡ x − a n (mod h(x), p).
This is mod (h(x), p).

(Comment: We really will work mod (xr 1, p).)

WANT: There is an integer a with 1 ≤ a ≤ ℓ such that

Note this is!not h(x).
n
(x − a) ̸≡ x − a n (mod h(x), p).
This is mod (h(x), p).

(Comment: We really will work mod (xr 1, p).)

A RITHMETIC M ODULO h(x), p
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

with p deg h elements which can be represented by the
polynomials of degree < deg h with coefficients from
{0 , 1 , . . . , p − 1 }.
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

with p deg h elements which can be represented by the
polynomials of degree < deg h with coefficients from
{0 , 1 , . . . , p − 1 }. As with any finite field, the non-
zero elements form a cyclic group under multiplication.
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

forms a subgroup of the multiplicative group of non-

zero elements of F (which necessarily is cyclic).
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

forms a subgroup of the multiplicative group of non-

zero elements of F (which necessarily is cyclic) of size
>2 ℓ
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

forms a subgroup of the multiplicative group of non-

zero elements of F (which necessarily is cyclic) of size
>2 ℓ
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

forms a subgroup of the multiplicative group of non-

zero elements
√ of F (which √
necessarily is cyclic) of size
ℓ
>2 =2 2 r log n =n2 r .
A RITHMETIC M ODULO h(x), p

Well-Known: Arithmetic modulo h(x), p forms a field F

forms a subgroup of the multiplicative group of non-

zero elements
√ of F (which √
necessarily is cyclic) of size
ℓ
>2 =2 2 r log n =n2 r .
Main Lemma: The set
e e e
G = {(x−1) (x−2) · · · (x−ℓ) ℓ : ej ≥ 0 }
1 2

forms a subgroup of the multiplicative group of non-

zero elements
√ of F (which √necessarily is cyclic) of size
ℓ
>2 =2 2 r log n =n2 r .
Main Lemma: The set
e e e
G = {(x−1) (x−2) · · · (x−ℓ) ℓ : ej ≥ 0 }
1 2

forms a subgroup of the multiplicative group of non-

zero elements
√ of F (which √necessarily is cyclic) of size
ℓ
>2 =2 2 r log n =n2 r .

We explain why this main lemma gives us what we want

Main Lemma: The set
e e e
G = {(x−1) (x−2) · · · (x−ℓ) ℓ : ej ≥ 0 }
1 2

forms a subgroup of the multiplicative group of non-

zero elements
√ of F (which √necessarily is cyclic) of size
ℓ
>2 =2 2 r log n =n2 r .

We explain why this main lemma gives us what we want

and then discuss why it is true.
S ITUATION :
√
n is R(x) = pR1(x)
composite, r is=aph(x)Q
prime, 2(x)
ℓ= + 2pR2r(x)
log n
√
q is a prime, () q ≥ 4 r log n
q|(r − 1), p|n, q|ordr (p)
factoring r 1 can be
h(x) irreducible mod p, deg 4h = ordr (p) ≥ 2 ℓ
done in O (log n) steps

WANT: There is an integer a with 1 ≤ a ≤ ℓ such that

Note this is!not h(x).
n
(x − a) ̸≡ x − a n (mod h(x), p).
This is mod (h(x), p).

(Comment: We really will work mod (xr 1, p).)

Notation:
Notation: Since G is cyclic, there is an element
e e
g(x) = (x−1) (x−2) · · · (x−ℓ) ℓ
1 2 e
√
in G (and, hence, in F ) of order |G| > n 2 r .
R(x) = pR1(x) = ph(x)Q2(x) + pR2(x)
Notation: Since G is cyclic, there is an element
()
e e
g(x) = (x−1) (x−2) · · · (x−ℓ) ℓ
1 2 e
√
factoring r 1 can
in G (and, hence, in F ) of order |G| > n be2 r . Define
4
donemin O (log
m
n) steps r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}.
Note this is not h(x).
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xm1r−1, p)

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xm1r−1, p)

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr −1, p)

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr−1, p)

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr−1, p)

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr−1, p)

m
g(x ) ≡ g(x)
1 m 1 r
(mod x −1, p)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x )m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr−1, p)

m
g(x ) ≡ g(x)
1 m 1 r
(mod x −1, p)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)

g(x)m 2 m r
≡ g(x ) (mod x −1, p)
2

=⇒ g(x) m 1 m 2 ≡ g(xm 1 m 2 ) (mod xr−1, p)

m
g(x ) ≡ g(x)
1 m 1 r
(mod x −1, p)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)
m
R(x) = pRm (x) = r
ph(x)Q
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1,
1 2 (x)p)}
+ pR2

()
P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ mfactoring
1m2 ∈ Ig(x)
r 1 can be
4
• m1, m2 ∈ Ig(x) and m1 ≡ m2 (mod r) steps
done in O (log n)
=⇒ m1 ≡ m2 (mod d) where d = order of g(x)
Note this is not h(x).

This is mod (h(x), p).

m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)
• m1, m2 ∈ Ig(x) and m1 ≡ m2 (mod r)
=⇒ m1 ≡ m2 (mod d) where d= order of g(x)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)
• m1, m2 ∈ Ig(x) and m1 ≡ m2 (mod r)
d
=⇒ m1 ≡ m2 (mod ) where d= order of g(x)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}

P ROPERTIES OF Ig(x) :
• m1, m2 ∈ Ig(x) =⇒ m1m2 ∈ Ig(x)
• m1, m2 ∈ Ig(x) and m1 ≡ m2 (mod r)
=⇒ m1 ≡ m2 (mod d) where d = order of g(x)
m m r
Ig(x) = {m : g(x) ≡ g(x ) (mod x −1, p)}