Attacks on RSA The Rabin Cryptosystem Semantic Security of RSA Cryptology, Tuesday, February 27th, 2007 Nils Andersen. Complexity Theoretic Reduction
|
|
- Shonda Butler
- 6 years ago
- Views:
Transcription
1 Attacks on RSA The Rabn Cryptosystem Semantc Securty of RSA Cryptology, Tuesday, February 27th, 2007 Nls Andersen Square Roots modulo n Complexty Theoretc Reducton Factorng Algorthms Pollard s p 1 Pollard s ρ Dxon s Random Squares Fndng ϕ(n) Fndng the Decrypton Exponent Rabn s Cryptosystem Semantc Securty of RSA Stnson (thrd edton) Secton
2 Square Roots modulo p We know that for an odd prme p and an nteger a, p a, the congruence y 2 a (mod p) has no solutons f ( a p ) = 1, and two solutons (modulo p) f ( a p ) = 1, and we also know (Euler s crteron), that ( a p ) a p 1 2 (mod p). If p 3 (mod 4), the two solutons may be found as ±a p+1 4 (mod p). For odd p n general, there s a Las Vegasalgorthm by Tonell and Shanks (Neal Kobltz: A Course n Number Theory and Cryptography, p. 48 9). 2
3 Square Roots modulo n Theorem If p s an odd prme, e a postve nteger and a an nteger relatvely prme to p, the congruence y 2 a (mod p e ) has no solutons f ( ) a p = 1, and two solutons (modulo p e ) f ( a p ) = 1. Theorem If n = l =1 p e s the factorzaton of an odd nteger n > 1 (so that the p s are dstnct odd prmes), and a s an nteger relatvely prme to n, then the congruence y 2 a (mod n) has 2 l solutons modulo n f ( a p ) = 1 for all = 1,..., l, and no solutons otherwse. 3
4 Complexty Theoretc Reducton Suppose that G and H are (not necessarly decson) problems. G can be reduced to H, denoted G T H, f t s possble to solve G wth an algorthm that can call an oracle for H and takes polynomal tme (countng an oracle query as a sngle step). y = x b mod n RSA-problem: Gven n, b, y, fnd x. n = p q FACTORING: Gven n, fnd p and q. x 2 a (mod n) SQRROOT: Gven n, a, fnd x. 4
5 A problem herarchy RSA-problem s no harder than FACTORING: Knowng b and the factors of n reveals a decrypton exponent a, and x = y a mod n. FACTORING and SQRROOT are polynomaltme equvalent: To solve x 2 a (mod n), knowng how to factor n = p q, solve x 2 a (mod p) and x 2 a (mod q) wth Tonell-Shanks algorthm, and use the Chnese Remander Theorem. Conversely, to factor n, choose some y and solve x 2 y 2 (mod n), whch means n (x+y)(x y). If x ±y (mod n), reterate wth another y; otherwse p = gcd(x + y, n) s a non-trval factor of n. 5
6 Pollard s p 1 Algorthm (J. M. Pollard 1974:) factor d of n: To fnd a non-trval choose a small postve nteger a (e.g. 2) f gcd(a, n) = d > 1 then return d choose a lmt B for j from 2 to B do a a j mod n od f gcd(a 1, n) = d > 1 then return d falure Ths wll succeed, provded B q for each prme power q p 1. 6
7 Pollard s ρ Algorthm (J. M. Pollard 1975:) factor d of n: To fnd a non-trval choose a small nteger a (e.g. 1) def f(x) = (x 2 + a) mod n choose an ntal value x 0 x x x 0 do x f(x) x f(f(x )) d gcd(x x, n) untl d > 1 f d < n then return d falure Assume p n and x j0 x j0 +k (mod p) (probablty 100% for j 0 + k > p, 50% for j 0 + k > 1.17 p). Then x j x j+k (mod n) for j j 0, x j x j+mk (mod n) for j j 0 and all m, x Mk x Mk+Mk (mod n) for Mk j 0. 7
8 Dxon s Algorthm: Random Squares Obtan a collecton of equvalences z 2 l j=1 p e,j,j (mod n) for a large number of z s, where the prmes p all belong to a relatvely small base B. It may then be possble to fnd a product of the z 2 s whose prme decomposton has all ts prmes n even powers. If ths s z 2 ( p e ) 2 (mod n) gcd(z + p e, n) produces a non-trval factor of n. The desred product may be found lookng for lnear dependences among the rows of the matrx (e,j mod 2),j. 8
9 Fndng ϕ(n) FACTORING n s polynomal tme equvalent to fndng ϕ(n): Knowng n = p q obvously reveals ϕ(n) = (p 1)(q 1). On the other hand, p and q are the solutons of the quadratc equaton x 2 (n ϕ(n) + 1)x + n = 0 9
10 Ratonal approxmatons of a real number The best approxmatons p 1 q1, p 2 q2, p 3 q3,... of a number, usng enumerator and denomnator of a certan sze, are called the convergents of the number. For a real number α defne α 0 = α and for = 0, 1, 2,... (as long as a < α ) a = α α +1 = 1 α a Then α = α 0 = a α 1 = a a = a a a α 3 =... It can be shown that a 0 + α 2 1 a = p q a 1 are the convergents, and that ths rreducble fracton can be obtaned va p 2 = 0, p 1 = 1, p = a p 1 + p 2 for 0 q 1 = 0, q 0 = 1, q = a q 1 + q 2 for 1 10
11 Proofs: By nducton: p 1 q p q 1 = ( 1), so p q s n lowest terms. Defne r (j) j 2 = 0, r(j) j 1 = 1, r (j) = a r (j) 1 + r(j) 2 for j Then p = r (0), q = r (1), but by nducton t can be proved that r (j) = a j r (j+1) + r (j+2), and by another nducton for j =, 1,..., 1, 0 that r (j) r (j+1) = a j + 1 a j a Fact: If α p q 1 2q 2 for postve ntegers p and q, then p q s a convergent n the contnued fracton expanson of α. Example: π = Convergents: 3, 22 7, , ,... 11
12 Wener s attack on RSA Assume n = pq wth q < p < 2q and as usual ab 1 (mod (p 1)(q 1)). Ths means ab = 1+k(p 1)(q 1) for some k; gcd(a, k) = 1, and b < (p 1)(q 1), so k < a. If moreover a < n then 0 < n (p 1)(q 1) = p + q 1 < 3q < 3 n and we derve b n k a = ab kn an = ab k(p 1)(q 1) k(n (p 1)(q 1)) an < 3k n an = 3k a n < 4 n a n = 1 a 4 n < 1 3a 2 < 1 2a 2 snce 3k < 3a < 4 n. We know gcd(k, a) = 1, so k a convergents of b n. found by checkng (m b ) a m s among the The rght one could be (mod n) for some random value of m, or even by fndng p and q from (p 1)(q 1) = (ab 1)/k and pq = n. 12
13 The Rabn Cryptosystem For two large prmes p and q (for convenence, choose p, q 3 (mod 4)) let the publc key be n = pq and some nteger a (whch could be 0). Plantexts and cphertexts are Z n. Encode x as y = x(x + a) mod n. Knowng the factorzaton n = pq enables one to solve (x + 2 a )2 a2 4 + y (mod n) by means of the Chnese Remander Theorem. But there wll be four solutons! FACTORING s polynomal tme equvalent to Rabn decrypton. 13
14 Semantc Securty Potental adversaral goals: total break Determnng the secret key partal break Wth some non-neglgble probablty to determne some specfc nformaton about the plantext, gven the cphertext. dstngushablty of cphertexts Wth probablty exceedng 1 2 to dstngush between encryptons of two gven plantexts. 14
15 Partal nformaton on RSA plantexts In an RSA cryptosystem y = x b mod n, snce b s odd, ( ) y n = ( ) x b n = ( ( x n ) ) b = ( ) x n But fndng the hgh order bt of x or the low order bt of x s as dffcult as fndng the whole of x: party(y) = x{ mod 2 0 f 0 x < n/2 hgh(y) = 1 f n/2 < x n 1 Note (Stnson 3., exercse 5.34): hgh(y) = party(2 b y mod n) party(y) = hgh(2 b y mod n) 15
16 Bt securty of RSA z:=y; lo:=0; h:=n; whle (* lo = 2 kn x = ya mod n < h = +1 2 k n *) (* z = 2 kb y mod n, z a mod n = 2 k x n *) h-lo > 1 do md:=(h +lo)/2; f hgh(z) then lo:=md else h:=md; z:=2 b z modn od (* y a mod n = h *) 16
Algorithms for factoring
CSA E0 235: Crytograhy Arl 9,2015 Instructor: Arta Patra Algorthms for factorng Submtted by: Jay Oza, Nranjan Sngh Introducton Factorsaton of large ntegers has been a wdely studed toc manly because of
More information2.3 Nilpotent endomorphisms
s a block dagonal matrx, wth A Mat dm U (C) In fact, we can assume that B = B 1 B k, wth B an ordered bass of U, and that A = [f U ] B, where f U : U U s the restrcton of f to U 40 23 Nlpotent endomorphsms
More informationSection 3.6 Complex Zeros
04 Chapter Secton 6 Comple Zeros When fndng the zeros of polynomals, at some pont you're faced wth the problem Whle there are clearly no real numbers that are solutons to ths equaton, leavng thngs there
More informationCHALMERS GÖTEBORGS UNIVERSITET. TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00
CHALMERS GÖTEBORGS UNIVERSITET CRYPTOGRAPHY TDA352 (Chalmers) - DIT250 (GU) 12 Jan. 2017, 14:00-18:00 No extra materal s allowed durng the exam except for pens and a smple calculator (not smartphones).
More information18.781: Solution to Practice Questions for Final Exam
18.781: Soluton to Practce Questons for Fnal Exam 1. Fnd three solutons n postve ntegers of x 6y = 1 by frst calculatng the contnued fracton expanson of 6. Soluton: We have 1 6=[, ] 6 6+ =[, ] 1 =[,, ]=[,,
More informationCryptanalysis of a Public-key Cryptosystem Using Lattice Basis Reduction Algorithm
www.ijcsi.org 110 Cryptanalyss of a Publc-key Cryptosystem Usng Lattce Bass Reducton Algorthm Roohallah Rastagh 1, Hamd R. Dall Oskoue 2 1,2 Department of Electrcal Engneerng, Aeronautcal Unversty of Snce
More informationTHE CHINESE REMAINDER THEOREM. We should thank the Chinese for their wonderful remainder theorem. Glenn Stevens
THE CHINESE REMAINDER THEOREM KEITH CONRAD We should thank the Chnese for ther wonderful remander theorem. Glenn Stevens 1. Introducton The Chnese remander theorem says we can unquely solve any par of
More informationExample: (13320, 22140) =? Solution #1: The divisors of are 1, 2, 3, 4, 5, 6, 9, 10, 12, 15, 18, 20, 27, 30, 36, 41,
The greatest common dvsor of two ntegers a and b (not both zero) s the largest nteger whch s a common factor of both a and b. We denote ths number by gcd(a, b), or smply (a, b) when there s no confuson
More informationSome Consequences. Example of Extended Euclidean Algorithm. The Fundamental Theorem of Arithmetic, II. Characterizing the GCD and LCM
Example of Extended Eucldean Algorthm Recall that gcd(84, 33) = gcd(33, 18) = gcd(18, 15) = gcd(15, 3) = gcd(3, 0) = 3 We work backwards to wrte 3 as a lnear combnaton of 84 and 33: 3 = 18 15 [Now 3 s
More information5 The Rational Canonical Form
5 The Ratonal Canoncal Form Here p s a monc rreducble factor of the mnmum polynomal m T and s not necessarly of degree one Let F p denote the feld constructed earler n the course, consstng of all matrces
More informationFoundations of Arithmetic
Foundatons of Arthmetc Notaton We shall denote the sum and product of numbers n the usual notaton as a 2 + a 2 + a 3 + + a = a, a 1 a 2 a 3 a = a The notaton a b means a dvdes b,.e. ac = b where c s an
More informationa b a In case b 0, a being divisible by b is the same as to say that
Secton 6.2 Dvsblty among the ntegers An nteger a ε s dvsble by b ε f there s an nteger c ε such that a = bc. Note that s dvsble by any nteger b, snce = b. On the other hand, a s dvsble by only f a = :
More informationDISCRIMINANTS AND RAMIFIED PRIMES. 1. Introduction A prime number p is said to be ramified in a number field K if the prime ideal factorization
DISCRIMINANTS AND RAMIFIED PRIMES KEITH CONRAD 1. Introducton A prme number p s sad to be ramfed n a number feld K f the prme deal factorzaton (1.1) (p) = po K = p e 1 1 peg g has some e greater than 1.
More information(2mn, m 2 n 2, m 2 + n 2 )
MATH 16T Homewk Solutons 1. Recall that a natural number n N s a perfect square f n = m f some m N. a) Let n = p α even f = 1,,..., k. be the prme factzaton of some n. Prove that n s a perfect square f
More informationProblem Set 9 Solutions
Desgn and Analyss of Algorthms May 4, 2015 Massachusetts Insttute of Technology 6.046J/18.410J Profs. Erk Demane, Srn Devadas, and Nancy Lynch Problem Set 9 Solutons Problem Set 9 Solutons Ths problem
More informationMath 261 Exercise sheet 2
Math 261 Exercse sheet 2 http://staff.aub.edu.lb/~nm116/teachng/2017/math261/ndex.html Verson: September 25, 2017 Answers are due for Monday 25 September, 11AM. The use of calculators s allowed. Exercse
More informationInternational Mathematical Olympiad. Preliminary Selection Contest 2012 Hong Kong. Outline of Solutions
Internatonal Mathematcal Olympad Prelmnary Selecton ontest Hong Kong Outlne of Solutons nswers: 7 4 7 4 6 5 9 6 99 7 6 6 9 5544 49 5 7 4 6765 5 6 6 7 6 944 9 Solutons: Snce n s a two-dgt number, we have
More informationLinear Approximation with Regularization and Moving Least Squares
Lnear Approxmaton wth Regularzaton and Movng Least Squares Igor Grešovn May 007 Revson 4.6 (Revson : March 004). 5 4 3 0.5 3 3.5 4 Contents: Lnear Fttng...4. Weghted Least Squares n Functon Approxmaton...
More informationPRIME NUMBER GENERATION BASED ON POCKLINGTON S THEOREM
PRIME NUMBER GENERATION BASED ON POCKLINGTON S THEOREM Alexandros Papankolaou and Song Y. Yan Department of Computer Scence, Aston Unversty, Brmngham B4 7ET, UK 24 October 2000, Receved 26 June 2001 Abstract
More informationExpected Value and Variance
MATH 38 Expected Value and Varance Dr. Neal, WKU We now shall dscuss how to fnd the average and standard devaton of a random varable X. Expected Value Defnton. The expected value (or average value, or
More informationHash functions : MAC / HMAC
Hash functons : MAC / HMAC Outlne Message Authentcaton Codes Keyed hash famly Uncondtonally Secure MACs Ref: D Stnson: Cryprography Theory and Practce (3 rd ed), Chap 4. Unversal hash famly Notatons: X
More information= z 20 z n. (k 20) + 4 z k = 4
Problem Set #7 solutons 7.2.. (a Fnd the coeffcent of z k n (z + z 5 + z 6 + z 7 + 5, k 20. We use the known seres expanson ( n+l ( z l l z n below: (z + z 5 + z 6 + z 7 + 5 (z 5 ( + z + z 2 + z + 5 5
More informationLecture 5 Decoding Binary BCH Codes
Lecture 5 Decodng Bnary BCH Codes In ths class, we wll ntroduce dfferent methods for decodng BCH codes 51 Decodng the [15, 7, 5] 2 -BCH Code Consder the [15, 7, 5] 2 -code C we ntroduced n the last lecture
More informationFor now, let us focus on a specific model of neurons. These are simplified from reality but can achieve remarkable results.
Neural Networks : Dervaton compled by Alvn Wan from Professor Jtendra Malk s lecture Ths type of computaton s called deep learnng and s the most popular method for many problems, such as computer vson
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/8.40J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) Our focus: effcency of
More informationMTH 819 Algebra I S13. Homework 1/ Solutions. 1 if p n b and p n+1 b 0 otherwise ) = 0 if p q or n m. W i = rw i
MTH 819 Algebra I S13 Homework 1/ Solutons Defnton A. Let R be PID and V a untary R-module. Let p be a prme n R and n Z +. Then d p,n (V) = dm R/Rp p n 1 Ann V (p n )/p n Ann V (p n+1 ) Note here that
More informationCalculation of time complexity (3%)
Problem 1. (30%) Calculaton of tme complexty (3%) Gven n ctes, usng exhaust search to see every result takes O(n!). Calculaton of tme needed to solve the problem (2%) 40 ctes:40! dfferent tours 40 add
More informationProvable Security Signatures
Provable Securty Sgnatures UCL - Louvan-la-Neuve Wednesday, July 10th, 2002 LIENS-CNRS Ecole normale supéreure Summary Introducton Sgnature FD PSS Forkng Lemma Generc Model Concluson Provable Securty -
More informationBernoulli Numbers and Polynomials
Bernoull Numbers and Polynomals T. Muthukumar tmk@tk.ac.n 17 Jun 2014 The sum of frst n natural numbers 1, 2, 3,..., n s n n(n + 1 S 1 (n := m = = n2 2 2 + n 2. Ths formula can be derved by notng that
More informationA summation on Bernoulli numbers
Journal of Number Theory 111 (005 37 391 www.elsever.com/locate/jnt A summaton on Bernoull numbers Kwang-Wu Chen Department of Mathematcs and Computer Scence Educaton, Tape Muncpal Teachers College, No.
More informationChapter 5. Solution of System of Linear Equations. Module No. 6. Solution of Inconsistent and Ill Conditioned Systems
Numercal Analyss by Dr. Anta Pal Assstant Professor Department of Mathematcs Natonal Insttute of Technology Durgapur Durgapur-713209 emal: anta.bue@gmal.com 1 . Chapter 5 Soluton of System of Lnear Equatons
More informationPolynomials. 1 What is a polynomial? John Stalker
Polynomals John Stalker What s a polynomal? If you thnk you already know what a polynomal s then skp ths secton. Just be aware that I consstently wrte thngs lke p = c z j =0 nstead of p(z) = c z. =0 You
More informationLecture 20: Lift and Project, SDP Duality. Today we will study the Lift and Project method. Then we will prove the SDP duality theorem.
prnceton u. sp 02 cos 598B: algorthms and complexty Lecture 20: Lft and Project, SDP Dualty Lecturer: Sanjeev Arora Scrbe:Yury Makarychev Today we wll study the Lft and Project method. Then we wll prove
More informationFirst day August 1, Problems and Solutions
FOURTH INTERNATIONAL COMPETITION FOR UNIVERSITY STUDENTS IN MATHEMATICS July 30 August 4, 997, Plovdv, BULGARIA Frst day August, 997 Problems and Solutons Problem. Let {ε n } n= be a sequence of postve
More informationLecture 4: Universal Hash Functions/Streaming Cont d
CSE 5: Desgn and Analyss of Algorthms I Sprng 06 Lecture 4: Unversal Hash Functons/Streamng Cont d Lecturer: Shayan Oves Gharan Aprl 6th Scrbe: Jacob Schreber Dsclamer: These notes have not been subjected
More informationTransfer Functions. Convenient representation of a linear, dynamic model. A transfer function (TF) relates one input and one output: ( ) system
Transfer Functons Convenent representaton of a lnear, dynamc model. A transfer functon (TF) relates one nput and one output: x t X s y t system Y s The followng termnology s used: x y nput output forcng
More informationFinding Primitive Roots Pseudo-Deterministically
Electronc Colloquum on Computatonal Complexty, Report No 207 (205) Fndng Prmtve Roots Pseudo-Determnstcally Ofer Grossman December 22, 205 Abstract Pseudo-determnstc algorthms are randomzed search algorthms
More informationMath 217 Fall 2013 Homework 2 Solutions
Math 17 Fall 013 Homework Solutons Due Thursday Sept. 6, 013 5pm Ths homework conssts of 6 problems of 5 ponts each. The total s 30. You need to fully justfy your answer prove that your functon ndeed has
More informationProblem Solving in Math (Math 43900) Fall 2013
Problem Solvng n Math (Math 43900) Fall 2013 Week four (September 17) solutons Instructor: Davd Galvn 1. Let a and b be two nteger for whch a b s dvsble by 3. Prove that a 3 b 3 s dvsble by 9. Soluton:
More informationMin Cut, Fast Cut, Polynomial Identities
Randomzed Algorthms, Summer 016 Mn Cut, Fast Cut, Polynomal Identtes Instructor: Thomas Kesselhem and Kurt Mehlhorn 1 Mn Cuts n Graphs Lecture (5 pages) Throughout ths secton, G = (V, E) s a mult-graph.
More informationSection 8.3 Polar Form of Complex Numbers
80 Chapter 8 Secton 8 Polar Form of Complex Numbers From prevous classes, you may have encountered magnary numbers the square roots of negatve numbers and, more generally, complex numbers whch are the
More informationMath Review. CptS 223 Advanced Data Structures. Larry Holder School of Electrical Engineering and Computer Science Washington State University
Math Revew CptS 223 dvanced Data Structures Larry Holder School of Electrcal Engneerng and Computer Scence Washngton State Unversty 1 Why do we need math n a data structures course? nalyzng data structures
More informationFormulas for the Determinant
page 224 224 CHAPTER 3 Determnants e t te t e 2t 38 A = e t 2te t e 2t e t te t 2e 2t 39 If 123 A = 345, 456 compute the matrx product A adj(a) What can you conclude about det(a)? For Problems 40 43, use
More informationHMMT February 2016 February 20, 2016
HMMT February 016 February 0, 016 Combnatorcs 1. For postve ntegers n, let S n be the set of ntegers x such that n dstnct lnes, no three concurrent, can dvde a plane nto x regons (for example, S = {3,
More informationErrors for Linear Systems
Errors for Lnear Systems When we solve a lnear system Ax b we often do not know A and b exactly, but have only approxmatons  and ˆb avalable. Then the best thng we can do s to solve ˆx ˆb exactly whch
More informationDifference Equations
Dfference Equatons c Jan Vrbk 1 Bascs Suppose a sequence of numbers, say a 0,a 1,a,a 3,... s defned by a certan general relatonshp between, say, three consecutve values of the sequence, e.g. a + +3a +1
More informationSpeeding up Computation of Scalar Multiplication in Elliptic Curve Cryptosystem
H.K. Pathak et. al. / (IJCSE) Internatonal Journal on Computer Scence and Engneerng Speedng up Computaton of Scalar Multplcaton n Ellptc Curve Cryptosystem H. K. Pathak Manju Sangh S.o.S n Computer scence
More informationAPPENDIX A Some Linear Algebra
APPENDIX A Some Lnear Algebra The collecton of m, n matrces A.1 Matrces a 1,1,..., a 1,n A = a m,1,..., a m,n wth real elements a,j s denoted by R m,n. If n = 1 then A s called a column vector. Smlarly,
More informationHardening the ElGamal Cryptosystem in the Setting of the Second Group of Units
54 The Internatonal Arab Journal of Informaton Technology, Vol., o. 5, September 204 Hardenng the ElGamal Cryptosystem n the Settng of the Second Group of Unts Ramz Haraty, Abdulasser ElKassar, and Suzan
More informationExploring Naccache-Stern Knapsack Encryption
Explorng Naccache-Stern Knapsack Encrypton Érc Brer 1, Rém Géraud 2, and Davd Naccache 2 1 Ingenco Termnals 9 Avenue de la Gare f-26300 Alxan, France erc.brer@ngenco.com 2 École normale supéreure 45 rue
More informationRecover plaintext attack to block ciphers
Recover plantext attac to bloc cphers L An-Png Bejng 100085, P.R.Chna apl0001@sna.com Abstract In ths paper, we wll present an estmaton for the upper-bound of the amount of 16-bytes plantexts for Englsh
More informationNUMERICAL DIFFERENTIATION
NUMERICAL DIFFERENTIATION 1 Introducton Dfferentaton s a method to compute the rate at whch a dependent output y changes wth respect to the change n the ndependent nput x. Ths rate of change s called the
More informationPost-quantum Key Exchange Protocol Using High Dimensional Matrix
Post-quantum Key Exchange Protocol Usng Hgh Dmensonal Matrx Rchard Megrelshvl I. J. Tbls State Unversty rchard.megrelshvl@tsu.ge Melksadeg Jnkhadze Akak Tseretel State Unversty Kutas, Georga mn@yahoo.com
More informationTHERE ARE INFINITELY MANY FIBONACCI COMPOSITES WITH PRIME SUBSCRIPTS
Research and Communcatons n Mathematcs and Mathematcal Scences Vol 10, Issue 2, 2018, Pages 123-140 ISSN 2319-6939 Publshed Onlne on November 19, 2018 2018 Jyot Academc Press http://jyotacademcpressorg
More informationA property of the elementary symmetric functions
Calcolo manuscrpt No. (wll be nserted by the edtor) A property of the elementary symmetrc functons A. Esnberg, G. Fedele Dp. Elettronca Informatca e Sstemstca, Unverstà degl Stud della Calabra, 87036,
More informationNew modular multiplication and division algorithms based on continued fraction expansion
New modular multplcaton and dvson algorthms based on contnued fracton expanson Mourad Goucem a a UPMC Unv Pars 06 and CNRS UMR 7606, LIP6 4 place Jusseu, F-75252, Pars cedex 05, France Abstract In ths
More informationThe Fundamental Theorem of Algebra. Objective To use the Fundamental Theorem of Algebra to solve polynomial equations with complex solutions
5-6 The Fundamental Theorem of Algebra Content Standards N.CN.7 Solve quadratc equatons wth real coeffcents that have comple solutons. N.CN.8 Etend polnomal denttes to the comple numbers. Also N.CN.9,
More informationLearning Theory: Lecture Notes
Learnng Theory: Lecture Notes Lecturer: Kamalka Chaudhur Scrbe: Qush Wang October 27, 2012 1 The Agnostc PAC Model Recall that one of the constrants of the PAC model s that the data dstrbuton has to be
More informationA Novel Feistel Cipher Involving a Bunch of Keys supplemented with Modular Arithmetic Addition
(IJACSA) Internatonal Journal of Advanced Computer Scence Applcatons, A Novel Festel Cpher Involvng a Bunch of Keys supplemented wth Modular Arthmetc Addton Dr. V.U.K Sastry Dean R&D, Department of Computer
More informationU.C. Berkeley CS294: Beyond Worst-Case Analysis Handout 6 Luca Trevisan September 12, 2017
U.C. Berkeley CS94: Beyond Worst-Case Analyss Handout 6 Luca Trevsan September, 07 Scrbed by Theo McKenze Lecture 6 In whch we study the spectrum of random graphs. Overvew When attemptng to fnd n polynomal
More informationLecture 10: May 6, 2013
TTIC/CMSC 31150 Mathematcal Toolkt Sprng 013 Madhur Tulsan Lecture 10: May 6, 013 Scrbe: Wenje Luo In today s lecture, we manly talked about random walk on graphs and ntroduce the concept of graph expander,
More informationPh 219a/CS 219a. Exercises Due: Wednesday 12 November 2008
1 Ph 19a/CS 19a Exercses Due: Wednesday 1 November 008.1 Whch state dd Alce make? Consder a game n whch Alce prepares one of two possble states: ether ρ 1 wth a pror probablty p 1, or ρ wth a pror probablty
More informationn α j x j = 0 j=1 has a nontrivial solution. Here A is the n k matrix whose jth column is the vector for all t j=0
MODULE 2 Topcs: Lnear ndependence, bass and dmenson We have seen that f n a set of vectors one vector s a lnear combnaton of the remanng vectors n the set then the span of the set s unchanged f that vector
More informationComplex Numbers. x = B B 2 4AC 2A. or x = x = 2 ± 4 4 (1) (5) 2 (1)
Complex Numbers If you have not yet encountered complex numbers, you wll soon do so n the process of solvng quadratc equatons. The general quadratc equaton Ax + Bx + C 0 has solutons x B + B 4AC A For
More informationBasic Number Theory. Instructor: Laszlo Babai Notes by Vincent Lucarelli and the instructor. Last revision: June 11, 2001
Basc Number Theory Instructor: Laszlo Baba Notes by Vncent Lucarell and the nstructor Last revson: June, 200 Notaton: Unless otherwse stated, all varables n ths note are ntegers. For n 0, [n] = {, 2,...,
More informationLecture 2: Gram-Schmidt Vectors and the LLL Algorithm
NYU, Fall 2016 Lattces Mn Course Lecture 2: Gram-Schmdt Vectors and the LLL Algorthm Lecturer: Noah Stephens-Davdowtz 2.1 The Shortest Vector Problem In our last lecture, we consdered short solutons to
More informationarxiv: v1 [cs.cr] 22 Oct 2018
CRYPTOGRAPHIC ANALYSIS OF THE MODIFIED MATRIX MODULAR CRYPTOSYSTEM arxv:181109876v1 [cscr] 22 Oct 2018 VITALIĬ ROMAN KOV Abstract We show that the Modfed Matrx Modular Cryptosystem proposed by SK Rososhek
More informationSTAT 309: MATHEMATICAL COMPUTATIONS I FALL 2018 LECTURE 16
STAT 39: MATHEMATICAL COMPUTATIONS I FALL 218 LECTURE 16 1 why teratve methods f we have a lnear system Ax = b where A s very, very large but s ether sparse or structured (eg, banded, Toepltz, banded plus
More informationHomework 9 Solutions. 1. (Exercises from the book, 6 th edition, 6.6, 1-3.) Determine the number of distinct orderings of the letters given:
Homework 9 Solutons PROBLEM ONE 1 (Exercses from the book, th edton,, 1-) Determne the number of dstnct orderngs of the letters gven: (a) GUIDE Soluton: 5! (b) SCHOOL Soluton:! (c) SALESPERSONS Soluton:
More information1 Generating functions, continued
Generatng functons, contnued. Generatng functons and parttons We can make use of generatng functons to answer some questons a bt more restrctve than we ve done so far: Queston : Fnd a generatng functon
More informationModule 3 LOSSY IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur
Module 3 LOSSY IMAGE COMPRESSION SYSTEMS Verson ECE IIT, Kharagpur Lesson 6 Theory of Quantzaton Verson ECE IIT, Kharagpur Instructonal Objectves At the end of ths lesson, the students should be able to:
More informationPh 219a/CS 219a. Exercises Due: Wednesday 23 October 2013
1 Ph 219a/CS 219a Exercses Due: Wednesday 23 October 2013 1.1 How far apart are two quantum states? Consder two quantum states descrbed by densty operators ρ and ρ n an N-dmensonal Hlbert space, and consder
More informationU.C. Berkeley CS294: Beyond Worst-Case Analysis Luca Trevisan September 5, 2017
U.C. Berkeley CS94: Beyond Worst-Case Analyss Handout 4s Luca Trevsan September 5, 07 Summary of Lecture 4 In whch we ntroduce semdefnte programmng and apply t to Max Cut. Semdefnte Programmng Recall that
More informationIntroduction to Algorithms
Introducton to Algorthms 6.046J/18.401J Lecture 7 Prof. Potr Indyk Data Structures Role of data structures: Encapsulate data Support certan operatons (e.g., INSERT, DELETE, SEARCH) What data structures
More information1 GSW Iterative Techniques for y = Ax
1 for y = A I m gong to cheat here. here are a lot of teratve technques that can be used to solve the general case of a set of smultaneous equatons (wrtten n the matr form as y = A), but ths chapter sn
More informationAnti-van der Waerden numbers of 3-term arithmetic progressions.
Ant-van der Waerden numbers of 3-term arthmetc progressons. Zhanar Berkkyzy, Alex Schulte, and Mchael Young Aprl 24, 2016 Abstract The ant-van der Waerden number, denoted by aw([n], k), s the smallest
More informationChowla s Problem on the Non-Vanishing of Certain Infinite Series and Related Questions
Proc. Int. Conf. Number Theory and Dscrete Geometry No. 4, 2007, pp. 7 79. Chowla s Problem on the Non-Vanshng of Certan Infnte Seres and Related Questons N. Saradha School of Mathematcs, Tata Insttute
More informationSmarandache-Zero Divisors in Group Rings
Smarandache-Zero Dvsors n Group Rngs W.B. Vasantha and Moon K. Chetry Department of Mathematcs I.I.T Madras, Chenna The study of zero-dvsors n group rngs had become nterestng problem snce 1940 wth the
More informationMath 426: Probability MWF 1pm, Gasson 310 Homework 4 Selected Solutions
Exercses from Ross, 3, : Math 26: Probablty MWF pm, Gasson 30 Homework Selected Solutons 3, p. 05 Problems 76, 86 3, p. 06 Theoretcal exercses 3, 6, p. 63 Problems 5, 0, 20, p. 69 Theoretcal exercses 2,
More informationComputing Correlated Equilibria in Multi-Player Games
Computng Correlated Equlbra n Mult-Player Games Chrstos H. Papadmtrou Presented by Zhanxang Huang December 7th, 2005 1 The Author Dr. Chrstos H. Papadmtrou CS professor at UC Berkley (taught at Harvard,
More informationREDUCTION MODULO p. We will prove the reduction modulo p theorem in the general form as given by exercise 4.12, p. 143, of [1].
REDUCTION MODULO p. IAN KIMING We wll prove the reducton modulo p theorem n the general form as gven by exercse 4.12, p. 143, of [1]. We consder an ellptc curve E defned over Q and gven by a Weerstraß
More informationIntroduction to Vapor/Liquid Equilibrium, part 2. Raoult s Law:
CE304, Sprng 2004 Lecture 4 Introducton to Vapor/Lqud Equlbrum, part 2 Raoult s Law: The smplest model that allows us do VLE calculatons s obtaned when we assume that the vapor phase s an deal gas, and
More informationStanford University CS254: Computational Complexity Notes 7 Luca Trevisan January 29, Notes for Lecture 7
Stanford Unversty CS54: Computatonal Complexty Notes 7 Luca Trevsan January 9, 014 Notes for Lecture 7 1 Approxmate Countng wt an N oracle We complete te proof of te followng result: Teorem 1 For every
More informationfind (x): given element x, return the canonical element of the set containing x;
COS 43 Sprng, 009 Dsjont Set Unon Problem: Mantan a collecton of dsjont sets. Two operatons: fnd the set contanng a gven element; unte two sets nto one (destructvely). Approach: Canoncal element method:
More informationRestricted divisor sums
ACTA ARITHMETICA 02 2002) Restrcted dvsor sums by Kevn A Broughan Hamlton) Introducton There s a body of work n the lterature on varous restrcted sums of the number of dvsors of an nteger functon ncludng
More informationChristian Aebi Collège Calvin, Geneva, Switzerland
#A7 INTEGERS 12 (2012) A PROPERTY OF TWIN PRIMES Chrstan Aeb Collège Calvn, Geneva, Swtzerland chrstan.aeb@edu.ge.ch Grant Carns Department of Mathematcs, La Trobe Unversty, Melbourne, Australa G.Carns@latrobe.edu.au
More informationLECTURE V. 1. More on the Chinese Remainder Theorem We begin by recalling this theorem, proven in the preceeding lecture.
LECTURE V EDWIN SPARK 1. More on the Chnese Remander Theorem We begn by recallng ths theorem, proven n the preceedng lecture. Theorem 1.1 (Chnese Remander Theorem). Let R be a rng wth deals I 1, I 2,...,
More informationGlobal Sensitivity. Tuesday 20 th February, 2018
Global Senstvty Tuesday 2 th February, 28 ) Local Senstvty Most senstvty analyses [] are based on local estmates of senstvty, typcally by expandng the response n a Taylor seres about some specfc values
More informationJ. Number Theory 130(2010), no. 4, SOME CURIOUS CONGRUENCES MODULO PRIMES
J. Number Theory 30(200, no. 4, 930 935. SOME CURIOUS CONGRUENCES MODULO PRIMES L-Lu Zhao and Zh-We Sun Department of Mathematcs, Nanjng Unversty Nanjng 20093, People s Republc of Chna zhaollu@gmal.com,
More informationFinding Dense Subgraphs in G(n, 1/2)
Fndng Dense Subgraphs n Gn, 1/ Atsh Das Sarma 1, Amt Deshpande, and Rav Kannan 1 Georga Insttute of Technology,atsh@cc.gatech.edu Mcrosoft Research-Bangalore,amtdesh,annan@mcrosoft.com Abstract. Fndng
More informationThe optimal delay of the second test is therefore approximately 210 hours earlier than =2.
THE IEC 61508 FORMULAS 223 The optmal delay of the second test s therefore approxmately 210 hours earler than =2. 8.4 The IEC 61508 Formulas IEC 61508-6 provdes approxmaton formulas for the PF for smple
More informationOn a CCA2-secure variant of McEliece in the standard model
On a CCA2-secure varant of McElece n the standard model Edoardo Perschett Department of Mathematcs, Unversty of Auckland, New Zealand. e.perschett@math.auckland.ac.nz Abstract. We consder publc-key encrypton
More informationU.C. Berkeley CS294: Spectral Methods and Expanders Handout 8 Luca Trevisan February 17, 2016
U.C. Berkeley CS94: Spectral Methods and Expanders Handout 8 Luca Trevsan February 7, 06 Lecture 8: Spectral Algorthms Wrap-up In whch we talk about even more generalzatons of Cheeger s nequaltes, and
More informationSL n (F ) Equals its Own Derived Group
Internatonal Journal of Algebra, Vol. 2, 2008, no. 12, 585-594 SL n (F ) Equals ts Own Derved Group Jorge Macel BMCC-The Cty Unversty of New York, CUNY 199 Chambers street, New York, NY 10007, USA macel@cms.nyu.edu
More informationCryptanalysis of pairing-free certificateless authenticated key agreement protocol
Cryptanalyss of parng-free certfcateless authentcated key agreement protocol Zhan Zhu Chna Shp Development Desgn Center CSDDC Wuhan Chna Emal: zhuzhan0@gmal.com bstract: Recently He et al. [D. He J. Chen
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 1, July 2013
ISSN: 2277-375 Constructon of Trend Free Run Orders for Orthogonal rrays Usng Codes bstract: Sometmes when the expermental runs are carred out n a tme order sequence, the response can depend on the run
More informationExhaustive Search for the Binary Sequences of Length 2047 and 4095 with Ideal Autocorrelation
Exhaustve Search for the Bnary Sequences of Length 047 and 4095 wth Ideal Autocorrelaton 003. 5. 4. Seok-Yong Jn and Hong-Yeop Song. Yonse Unversty Contents Introducton Background theory Ideal autocorrelaton
More informationFeature Selection: Part 1
CSE 546: Machne Learnng Lecture 5 Feature Selecton: Part 1 Instructor: Sham Kakade 1 Regresson n the hgh dmensonal settng How do we learn when the number of features d s greater than the sample sze n?
More informationNotes on Frequency Estimation in Data Streams
Notes on Frequency Estmaton n Data Streams In (one of) the data streamng model(s), the data s a sequence of arrvals a 1, a 2,..., a m of the form a j = (, v) where s the dentty of the tem and belongs to
More information= = = (a) Use the MATLAB command rref to solve the system. (b) Let A be the coefficient matrix and B be the right-hand side of the system.
Chapter Matlab Exercses Chapter Matlab Exercses. Consder the lnear system of Example n Secton.. x x x y z y y z (a) Use the MATLAB command rref to solve the system. (b) Let A be the coeffcent matrx and
More information