Period of the power generator and small values of Carmichael's function

Consider the pseudorandom number generator u(n) = u(n-1)(e) (mod m), 0 less than or equal to u(n) less than or equal to m - 1, n = 1, 2,..., where we are given the modulus m, the initial value u(0) = v and the exponent e. One case of particular interest is when the modulus m is of the form pl, where p,l are different primes of the same magnitude. It is known from work of the first and third authors that for moduli m = pl, if the period of the sequence (u(n)) exceeds M3/4+epsilon, then the sequence is uniformly distributed. We show rigorously that for almost all choices of p,l it is the case that for almost all choices of v, e, the period of the power generator exceeds (pl)(1-epsilon). And so, in this case, the power generator is uniformly distributed. We also give some other cryptographic applications, namely, to ruling-out the cycling attack on the RSA cryptosystem and to so-called time-release crypto. The principal tool is an estimate related to the Carmichael function lambda (m), the size of the largest cyclic subgroup of the multiplicative group of residues modulo m. In particular, we show that for any Delta greater than or equal to (log log N)(3), we have lambda (m) greater than or equal to N exp(-Delta) for all integers m with 1 < m <less than or equal to> m less than or equal to N, apart from at most N exp (- 0.69(Delta log Delta)(1/3)) exceptions.