MATH 145 Algebra, Solutions to Assignment 4

Transcription

1 MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then = s. The Euclidean Algorithm gives 365 = = = = = so gcd178, 365) = 1, then back substitution gives u k = 1, 3, 4, 79, 16, so 178)16) + 365) 79) = 1 and hence = 16. b) Solve the linear congruence 356 x = 8 mod 730. Solution: Notice that by dividing all terms by, we have 356 x = 8 mod x = 14 mod 375. Working in Z 365, we multiply both sides of the equation 178 x = 14 by = 16 to get x = = 68 = 78. Thus for x Z we have 356 x = 8 mod 730 x = 78 mod 365. c) Find mod 37. Solution: Note that 53 = 5 mod 37, so = mod 37. Since φ37) = 36, the list of powers of 5 modulo 37 repeats every 36 terms, and so we wish to find mod 36. Since 470 = mod 36 we have = 654 mod 36. We make a list of powers of modulo 36: k k The table shows that the list of powers of modulo 36 repeats every 6 terms beginning with the term = 4 this also follows from Part b) of Problem 3). Since 654 = 0 = 6 mod 6 we have 654 = 6 = 8 mod 36. Thus = = = 5 6 = 5 8 mod 37. We make a list of powers of 5 modulo 37: We remark that a calculator is not needed because k k = = = = 3)16) 4) = 16 1 = 3 6 = 5)6) = 30 = 7 mod 37. Thus = 5 8 = 7 mod 37. d) Solve the pair of congruences 5x = 9 mod 14 and 17x = 3 mod 30. Solution: We have 5x = 9 mod 14 5x {, 5, 9, 3, }. By inspection, one solution to the first congruence is given by x = 1 and, since gcd5, 14) = 1, the general solution is given by x = 1 mod 14. To get 17x = 3 mod 30 we need 17x + 30y = 3 for some y Z. The Euclidean Algorithm gives 30 = , 17 = , 13 = so that d = gcd17, 30) = 1, and then Back-Substitution gives the sequence 1, 3, 4, 7 so that 17 7)+304) = 1. Multiply by 3 to get 17 1)+301) = 3, and so one solution to the second congruence is x = 1 and the general solution is x = 1 = 9 mod 30. Thus the two given congruences are equivalent to the two congruences x = 1 mod 14 1) and x = 9 mod 30 ). To solve these two congruences we try to find k, l Z so that x = k = l. We need 14k 30l = 10. Divide by to get 7k 15l = 5. By inspection, one solution is given by k, l) = 10, 5). Put k = 10 into the equation x = k toget x = 141, and so x = 141 is one solution to the pair of congruences 1) and ). Since gcd14, 30) = so that lcm14, 30) = = 10, the general solution is x = 141 mod 10, or equivalently x = 69 mod 10.

2 : Let a, b and c be non-zero integers. The greatest common divisor d = gcda, b, c) is the largest positive integer d such that d a, d b and d c, and the least common multiple m = lcma, b, c) is the smallest m Z + such that a m, b m and c m. a) Show that gcda, b, c) = gcd gcda, b), c ) and lcma, b, c) = lcm lcma, b), c ). Solution: Let d = gcda, b, c), e = gcda, b) and f = gcde, c). Since d is a common divisor of a and b and e = gcda, b), we have d e. Thus d is a common divisor of e and c, so since f is the greatest common divisor of e and c) we must have d f. On the other hand, since f e and e a we have f a, and since f e and e b we have f b. Thus f is a common divisor of a and b, and f also divides c, so since d is the greatest common divisor of a, b and c), we must have f d. Thus d = f, that is gcda, b, c) = gcd gcda, b), c ). We claim that for nonzero integers a and b and for l = lcma, b), if m is a common multiple of a and b then l m I think we proved this in one of the two sections of the class, but here is an alternate proof. Let d = gcda, b) and recall that ab = ld and that gcd a d, d) b = 1. Let m be a common multiple of a and b and choose integers s and t so that m = as = bt. Divide through by d to get a d s = b d t. Since a b d d t and gcd a d, ) b d = 1 it follows that a d t, say t = a d r. Then we have m = bt = b a d r = ab d r = lr and so l ) m, as required. The proof that lcma, b, c) = lcm lcma, b), c is now very similar to the proof that gcda, b, c) = gcd gcda, b), c ), and we omit it. b) Show that for any integers a, b, c, e, the linear diophantine equation ax + by + cz = e has a solution if and only if gcda, b, c) e. Solution: Suppose first that ax + by + cz = e has a solution, say as + bt + cu = e, and let d = gcda, b, c). Since d a, d b and d c, we can choose k, l and m so that a = dk, b = dl and c = dm. Then as + bt + cu = e = dks + dlt + dmu = e = dks + lt + mu) = e and so d e. Conversely, suppose that d e where again we let d = gcda, b, c). By Bézout s Lemma that is by the Euclidean Algorithm with Back-Substitution), we can choose integers s and t such that as + bt = gcda, b). Since d e, by Part a), we have gcd gcda, b), c) e, and so, by the Linear Diophantine Equation Theorem, we can choose integers u and v so that gcda, b)u + cv = e. Since as + bt = gcda, b) and gcda, b)u + cv = e, we have asu + btu + cv = e, so the diophantine equation ax + by + cz = e does indeed have a solution. c) Show that for any integers a 1, a, a 3 and for any positive integers n 1, n, n 3, the system of three congruences x = a k mod n k for k = 1,, 3 has a solution if and only if gcdn k, n l ) al a k ) for all k, l and that if x 0 is one solution then the general solution is x = x 0 mod lcmn 1, n, n 3 ). Solution: We shall need a formula. Let p be a prime. Let k i = e p n i ) for i = 1,, 3. Then e p gcd ) ) lcmn 1, n ), n 3 = min e p lcmn1, n ) ) ), k 3 = min ) maxk 1, k ), k 3 { } mink1, k 3 ) if k 1 k = = max mink 1, k 3 ), mink, k 3 ) ) mink, k 3 ) if k 1 k = max e p gcdn1, n 3 ) ), e p gcdn, n 3 ) )) = e p lcm gcdn 1, n 3 ), gcdn, n 3 ) )). Since this holds for all primes p, we obtain the formula gcd lcmn 1, n ), n 3 ) = lcm gcdn1, n 3 ), gcdn, n 3 ) ). 1) If the system of 3 congruences x = a i mod n i has a solution, then each pair of congruences x = a k mod n k and x = a l mod n l has a solution, and it follows from the version of the CRT that we proved in class that gcdn k, n l ) al a k ) for all k, l. Conversely, suppose that gcdn k, n l ) al a k ) for all k, l. By the version of the CRT that we proved in class, the pair of congruences x = a 1 mod n 1 and x = a mod n has a solution, say x = b, and the general solution is x = b mod lcmn 1, n ). Thus the original system of 3 congruences is equivalent to the pair of congruences x = b mod lcmn 1, n ) and x = a 3 mod n 3. Since b = a 1 mod n 1 we have a 3 b = a 3 a 1 mod n 1 and hence a 3 b = a 3 a 1 mod gcdn 1, n 3 ). Since gcdn 1, n 3 ) a3 a 1 ) we have a 3 b = a 3 a 1 = 0 mod gcdn 1, n 3 ) and so gcdn 1, n 3 ) a3 b). Similarly gcdn, n 3 ) a 3 b). Since a 3 b is a common multiple of gcdn 1, n 3 ) and gcdn, n 3 ) it follows that lcm gcdn 1, n 3 ), gcdn, n 3 ) ) a3 b). By Formula 1), we have gcd ) lcmn 1, n ), n a3 3 b). By the version of the CRT that we proved in class, the pair of congruences x = b mod lcmn 1, n ) and x = a 3 mod n 3, and hence the original system of 3 congruences, does have a solution, and if x 0 is one solution then the general solution is x = x 0 mod lcm ) lcmn 1, n ), n 3 = x0 mod lcmn 1, n, n 3 ).

3 3: a) Solve the following system of congruences. Solution: Modulo 10 we have x = x + 6 mod 10 x 3 = 7 mod 9 x = 11 mod 4 x x x so x = x + 6 mod 10 x = 3 or 8 mod 10 x = 3 mod 5. Modulo 9 we have x x x x so x 3 = 7 mod 9 x =, 5 or 8 mod 9 x = mod 3. Thus we need to solve the 3 equations x = 3 mod 5 x = mod 3 x = 11 mod 4 By inspection, one solution to the first two of these equations is x 0 = 8, so by the C.R.T. the complete solution is x = 8 mod 15. Thus we need to solve the pair of equations x = 8 mod 15 x = 11 mod 4 We need x = k = l 1) for some k, l, so we solve 15k 4l = 3. Divide this equation by 3 to get 5k 8l = 1. By inspection, one solution is k 0, l 0 ) = 3, ). Put k 0 or l 0 ) into 1) to get one solution x 0 = k 0 = 8 45 = 37. Also, lcm15, 4) = 10, so by the C.R.T the complete solution is x = 37 = 83 mod 10. k b) Let n = p 1 k k 1 p p r r where the p i are distinct primes and each k i 1. Let Show that a l+m = a m mod n for all a Z. l = lcm φ p 1 k 1 ),, φ pr k r )) and m = max { k1,, k r }. Solution: Let a Z. Fix an index i with 1 i r. If p i k a then p i i a ki k and hence p i i a m since m k i. Thus in this case we have a m k = 0 mod p i i and so a l+m = a l a m = 0 = a m k mod p i i. If p i a then by the Euler-Fermat Theorem we have a φpik i ) k = 1 mod p i i and so a c k = 1 mod p i k i for every multiple c of φp i i ). In particular a l k = 1 mod p i i and hence a l+m = a l a m = a m k mod p i i. In either case, we have a l+m = a m k mod p i i. Since a l+m = a m k mod p i i for every i with 1 i r, it follows from the Chinese Remainder Theorem that a l+m = a m mod n.

4 4: For n, b Z + with gcdb, n) = 1, if n is composite and b n 1 = 1 mod n, then we say b is a Fermat liar and we say n is a base b pseudo-prime. For n Z +, we say n is a Carmichael number when n is a base b pseudo-prime for every b Z + with gcdb, n) = 1. a) Show that 91 is a base 3 pseudo-prime. Solution: Note that 91 = 7 13, so 91 is composite. Since lcm φ7), φ13) ) = lcm6, 1) = 1, powers repeat every 1 terms modulo 91. Since 90 = 6 mod 1 we have 3 91 = 3 6 = 79 = 1 mod 91. b) Show that if n = p 1 p p l where l and the p i are distinct primes which satisfy p i 1) n 1) for all indices i, then n is a Carmichael number we remark that the converse is also true). Solution: Suppose that n = p 1 p p l where the p i are distinct primes with p i 1) n 1). Let b Z + with gcdb, n) = 1. Fix an index i. Since gcdb, n) = 1 we have p i b and so b p i 1 = 1 mod p i by Fermat s Little Theorem. Since b pi 1 = 1 mod p i and p i 1) n 1), we also have b n 1 = 1 mod p i. Since b n 1 = 1 mod p i for every index i, it follows from the Chinese Remainder Theorem that b n 1 = 1 mod n. Thus n is a base b pseudo prime. Since b was an arbitrary integer with gcdb, n) = 1, n is a Carmichael number. c) Show that if n = p 1 p p l where l and the p i are distinct primes which satisfy p i 1) n 1) for all indices i so that n is a Carmichael number, by Part b)) then n is odd and l 3. Solution: Since l, at least one of the primes p i is odd, say p k is odd. Since p k 1 is even and p k 1) n 1), it follows that n 1) is even and so n is odd. Suppose, for a contradiction, that n is a Carmichael number of the form n = pq where p and q are primes with p < q and we have p 1) n 1) and q 1) n 1). Note that n 1 = pq 1 = pq 1) + p 1). Since q 1) n 1) we have q 1) n 1) pq 1), that is p 1) p 1). But this implies that q p. d) Find distinct primes p and q such that 145 p and 145 q are both Carmichael numbers. Solution: We try to obtain n = 5 9 p with 4 n 1), 8 n 1) and p 1) n 1). Note that 4 n 1) = n = 1 mod 4 = 5 9 p = 1 mod 4 = p = 1 mod 4, and 8 n 1) = n = 1 mod 8 = 5 9 p = 1 mod 8 = 5p = 1 mod 8 = p = 17 mod 8 so we need to have p = 17 mod 8, that is p = 17, 45, 73, 101, 19,. By trying some of the primes in this list we find that p = 17 and p = 73 both satisfy p 1) n 1), so they both yield Carmichael numbers, so we can take p = 17 and q = 73. The corresponding Carmichael numbers are n = = 7395 and n = = 10585). Alternatively, rather than simply trying some of the infinitely many) primes in the list, we can be more selective as follows. Note that n 1 = 5 9 p 1 = 145 p 1 = 145p 1) and so p 1) n 1) p 1) 145p 1)+144 ) p 1) 144. Thus it is enough to test each of the finitely many) primes p = 17 mod 8 with p 145 = 5 9 to see whether p 1) 144. According to the remark at the end of Part b), this implies that p = 17 and q = 73 are the only two primes for which 145 p and 145 q are Carmichael numbers.

5 5: a) Let n = pq where p and q are large distinct primes. Recall that if we write n 1 = s k with k odd, then a Z is called a strong) witness for n when a k 1 mod n and a rk 1 mod n for all r with 0 r < s. i) Show that, given φn), we can find the values of p and q using an efficient algorithm). Solution: Using n = pq we have Also, assuming p > q, we have p 1)q 1) = φn) pq p q + 1 = φn) n p q + 1 = φn) q + p = n φn) + 1. q p) = q + p) 4pq p q = q + p) 4n Note that once we have determined the values of u = p + q and v = p q we have p = u+v and q = u v. ii) Show that, given that p q r for some fixed and fairly small value of r, we can find p and q. Solution: Suppose that p q = r with r fairly small. Since p + q) p q) = 4pq = 4n, it follows that p + q) is a perfect square between 4n and 4n + r, and that p q) = p + q) 4n. Since r is fairly small, there are not many such perfect squares. For each positive integer u with 4n < u 4r + r, we test to see if u 4n is a perfect square and if it is, say u 4n = v with v > 0, then we let p = u+v and q = u v and check to see whether pq = n. iii) Show that, given a Z with a = 1 mod n and a ±1 mod n, we can find p and q. Solution: Suppose we are given a Z with a = 1 mod n and a ±1 mod n. Since a = 1 mod n we have n a 1). Since p and q both divide n, and n divides a 1, it follows that p and q both divide a 1 = a + 1)a 1). Since p a + 1)a 1) and p is prime, either p a + 1) or p a 1). Similarly, either q a + 1) or q a 1). Note that p and q cannot both divide a + 1) because if we had p a + 1) and q a + 1) then we would have a = 1 mod p and a = 1 mod q and hence a = 1 mod n by the Chinese Remainder Theorem. Similarly, p and q cannot both divide a 1. Thus one of the primes p and q divides a + 1 and the other divides a 1. Let us say that p divides a + 1. Since p a + 1) and q a + 1) and n = pq it follows that p = gcda + 1, n), which we can calculate using the Euclidean Algorithm. Similarly, q = gcda 1, n). iv) Show that, given a Z which is a Fermat liar and a strong witness for n, we can find p and q. Solution: Suppose we are given a Fermat liar a which is a witness for n. Write n = s k with k odd. Since a is a Fermat liar we have a sk = a n 1 = 1 mod n. Since a is a witness for n we have a 0k = a k 1 mod n and a rk 1 mod n for all 0 r < s. Let t be the smallest positive integer such that a tk = 1 mod n and let b = a t 1k. Then b ±1 mod n and b = a tk = 1 mod n. Thus we can find p and q by the method of Part iii). b) Show that if many users choose a small value for their encryption key then the RSA scheme can be weak. To be specific, show that if A sends the same message m to three individuals B 1, B and B 3 who have public keys n i, e i ) which all use the same encryption key e i = 3, then an eavesdropper E who intercepts the three encrypted messages c i = m 3 mod n i can recover the original message m. Solution: Suppose that B 1, B and B have public keys n 1, e 1 ), n, e ) and n 3, e 3 ) with e 1 = e = e 3 = 3. Suppose, further, that the three numbers n 1, n and n 3 are distinct this additional assumption should have been indicated in the statement of the problem). Suppose that 0 m < n i for all i and that E knows the values of c i = m 3 mod n i for all i. Case 1: suppose that two of the numbers n i are not coprime, say gcdn 1, n ) 1. Since n 1 n and each of n 1 and n is a product of two primes, it follows that p = gcdn 1, n ) is a prime and that n 1 = pq 1 and n = pq where p, q 1, q are distinct primes. After finding p = gcdn 1, n ) using the Euclidean Algorithm, E obtains q 1 = n 1 /p and then E can calculate φ 1 = p 1)q 1 1), then d 1 = e 1 1 mod φ 1, then m = c 1 d 1 mod n 1. Case : suppose that all three of the numbers n 1, n and n 3 are coprime. Then E can solve the system of congruences x = c i mod n i, i = 1,, 3. If x = u is a solution then the general solution is x = u mod n 1 n n 3, so E can find the unique solution x = v with 0 v < n 1 n n 3. Since m 3 = c i mod n i for all i, we see that m 3 is a solution to the system, and since 0 m < n i for all i, we have 0 m 3 < n 1 n n 3, and so m 3 = v. Thus E can recover the message m by calculating the cubed root of v in Z say by using Newton s Method for finding cubed roots).