Notes on computing high powers mod n.

To run the primality tests based on Fermat’s Little Theorem and later on
for cryptography, you need to compute
a^k mod n
for large values of k efficiently. A fast way to do this is the method of squaring.
The idea is that it is very easy to compute the series of numbers
(1) a, a^2, a^4 = (a^2)^2, a^8 = (((a^2)^2)^2), ... mod n
where you keep squaring and reducing mod n at each step. The numbers involved
never get bigger than n^2. You could do this by hand or on a very primitive calculator.
Then, to compute a^k mod n, you write k in binary
k = 2^r1 + 2^r2 + ... + 2^rj
so that
a^k = a^(2^r1) x a^(2^r2) x ... x a^(2^rj)
is a product of numbers in the series in (1). These numbers are all less than n and
you can easily compute their product mod n.

The number of steps needed to compute a^k mod n by this method is approximately log base 2 of k.
Ref. Silverman, p.105. So the time needed, which of course depends on the equipment used,
grows logarithmically in k.

For example, if n= 541, a prime, say we want to compute

5^476 mod 541.
Using Mathematica we have the following table values of 5^(2^r):
��� ��� Tablek, Mod5 ^ 2 ^ k, 541, {k, 0, 10}
���� �� {{0, 5}, {1, 25}, {2, 84}, {3, 23}, {4, 529},
{5, 144}, {6, 178}, {7, 306}, {8, 43}, {9, 226}, {10, 222}}

Of course, with some patience you could compute these by hand.

(The idea here is to understand how this algorithm works. )
On the other hand, the binary expansion of 476 is
��� ��� BaseForm[476, 2]
���� ������������

1110111002

i.e., 476 = 2^8 + 2^7 + 2^6 + 2^4 + 2^3 + 2^2

and so 5^476 is congruent mod 541 to
��� ��� temp = 43 * 306 * 178 * 529 * 23 * 84
���� �� 2 393 716 307 472
2 ��� powers.nb

modulo 541. Of course, we could take the product in stages, reducing mod 541 to keep
the numbers small. In any case the answer is
��� ��� Mod[temp, 541]
���� �� 386

Of course, we could just use the built in function to get (or check)
��� ��� Mod5 ^ 476, 541
���� �� 386

but this gives no insight into how the answer is computed!

Note that the actual number 5^476 we are dealing with is quite large:
��� ��� 5 ^ 476
���� �� 512 533 272 366 873 836 653 973 815 074 937 982 907 899 642 895 738 880 627 025 615 766 166 343 
771 965 644 584 829 224 345 699 548 157 548 979 217 733 490 830 056 731 756 146 128 778 855 837 
910 457 014 668 325 988 238 397 699 424 366 651 710 333 124 714 317 354 779 422 877 368 941 874 
969 200 442 661 564 703 987 862 216 207 714 892 343 551 821 143 334 413 757 722 121 094 513 321 
516 196 457 938 718 822 333 612 479 269 504 547 119 140 625

This makes the interim value `temp’ look very reasonable.

Also note that, once we have our little table of powers of 5 mod 541, we can compute other powers
easily:
��� ��� BaseForm[391, 2]
���� ������������

1100001112

so we can compute 5^391 as (starting at the right of the binary this time)
��� ��� temp2 = 5 * 25 * 84 * 306 * 43
���� �� 138 159 000

��� ��� Mod[temp2, 541]

���� �� 43

We check using the built in function:

��� ��� Mod5 ^ 391, 541
���� �� 43

whereas
 powers.nb ��� 3

��� ��� 5 ^ 391

���� �� 1 982 767 060 402 850 955 682 831 684 242 612 145 955 952 226 328 980 923 129 734 625 968 341 170 
226 015 214 009 693 303 949 831 473 616 925 461 763 867 887 380 157 868 236 284 083 361 547 426 
841 934 515 451 905 247 265 418 511 771 002 077 203 647 065 474 094 494 396 234 984 930 508 892 
810 323 240 432 049 569 925 698 762 062 893 365 509 808 063 507 080 078 125

This is again a pretty big integer.

By the way, note that the number of digits is
Floor[ Log base 10 of 5^(391)]+1
but since Log base 10 of x is Log base 10 of 5 times Log base 5 of x, i.e.,
Log[10,x] = Log[10,5] * Log[5,x]
and Log[10,5] = 0.69897... , we see that the number of digits is
Floor[ 0.69897 *391]+1
This gives
�������� TT = Log[10, 5] // N
�������� 0.69897

�������� Floor[TT * 391] + 1

�������� 274

If you (tediously) count the blocks, you indeed get

�������� 78 * 3 + 1 + 13 * 3
�������� 274