The iterated Carmichael \lambda-function and the number of cycles of the power generator

Iteration of the modular l-th power function f(x) = x^l (mod n) provides a common pseudorandom number generator (known as the Blum-Blum-Shub generator when l=2). The period of this pseudorandom number generator is closely related to \lambda(\lambda(n)), where \lambda(n) denotes Carmichael's function, namely the maximal multiplicative order of any integer modulo n. In this paper, we show that for almost all n, the size of \lambda(\lambda(n)) is n/exp((1+o(1))(log log n)^2 log log log n). We conjecture an analogous formula for the k-th iterate of \lambda. We deduce that for almost all n, the psuedorandom number generator described above has at least exp((1+o(1))(log log n)^2 log log log n) disjoint cycles. In addition, we show that this expression is accurate for almost all n under the assumption of the Generalized Riemann Hypothesis for Kummerian fields. We also consider the number of iterations of \lambda it takes to reduce an integer n to 1, proving that this number is less than (1+o(1))(log log n)/log 2 infinitely often and speculating that log log n is the true order of magnitude almost always.Comment: 28 page

A Beta-splitting model for evolutionary trees

In this article, we construct a generalization of the Blum-Fran\c{c}ois Beta-splitting model for evolutionary trees, which was itself inspired by Aldous' Beta-splitting model on cladograms. The novelty of our approach allows for asymmetric shares of diversification rates (or diversification `potential') between two sister species in an evolutionarily interpretable manner, as well as the addition of extinction to the model in a natural way. We describe the incremental evolutionary construction of a tree with n leaves by splitting or freezing extant lineages through the Generating, Organizing and Deleting processes. We then give the probability of any (binary rooted) tree under this model with no extinction, at several resolutions: ranked planar trees giving asymmetric roles to the first and second offspring species of a given species and keeping track of the order of the speciation events occurring during the creation of the tree, unranked planar trees, ranked non-planar trees and finally (unranked non-planar) trees. We also describe a continuous-time equivalent of the Generating, Organizing and Deleting processes where tree topology and branch-lengths are jointly modeled and provide code in SageMath/python for these algorithms.Comment: 23 pages, 3 figures, 1 tabl

On formal verification of arithmetic-based cryptographic primitives

Cryptographic primitives are fundamental for information security: they are used as basic components for cryptographic protocols or public-key cryptosystems. In many cases, their security proofs consist in showing that they are reducible to computationally hard problems. Those reductions can be subtle and tedious, and thus not easily checkable. On top of the proof assistant Coq, we had implemented in previous work a toolbox for writing and checking game-based security proofs of cryptographic primitives. In this paper we describe its extension with number-theoretic capabilities so that it is now possible to write and check arithmetic-based cryptographic primitives in our toolbox. We illustrate our work by machine checking the game-based proofs of unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and semantic security of the public-key cryptographic scheme of Goldwasser and Micali.Comment: 13 page