Cryptography and Number Theory

Similar documents
Number theory (Chapter 4)

Cryptography. P. Danziger. Transmit...Bob...

Public Key Cryptography

10 Modular Arithmetic and Cryptography

THE RSA ENCRYPTION SCHEME

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

CRYPTOGRAPHY AND LARGE PRIMES *

RSA RSA public key cryptosystem

CRYPTOGRAPHY AND NUMBER THEORY

MODULAR ARITHMETIC KEITH CONRAD

Public Key Encryption

Cryptography. pieces from work by Gordon Royle

Simple Math: Cryptography

Lecture Notes, Week 6

Discrete Mathematics GCD, LCM, RSA Algorithm

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

CPSC 467b: Cryptography and Computer Security

An Introduction to Cryptography

17.1 Binary Codes Normal numbers we use are in base 10, which are called decimal numbers. Each digit can be 10 possible numbers: 0, 1, 2, 9.

Week 7 An Application to Cryptography

Lecture 1: Introduction to Public key cryptography

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Review. CS311H: Discrete Mathematics. Number Theory. Computing GCDs. Insight Behind Euclid s Algorithm. Using this Theorem. Euclidian Algorithm

19. Coding for Secrecy

CSE 311 Lecture 11: Modular Arithmetic. Emina Torlak and Kevin Zatloukal

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Public-Key Cryptosystems CHAPTER 4

Powers in Modular Arithmetic, and RSA Public Key Cryptography

2.2 Inverses and GCDs

Clock Arithmetic and Euclid s Algorithm

MEETING 6 - MODULAR ARITHMETIC AND INTRODUCTORY CRYPTOGRAPHY

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Theme : Cryptography. Instructor : Prof. C Pandu Rangan. Speaker : Arun Moorthy CS

download instant at

Classical Cryptography

CSCI3390-Lecture 16: Probabilistic Algorithms: Number Theory and Cryptography

( c ) E p s t e i n, C a r t e r a n d B o l l i n g e r C h a p t e r 1 7 : I n f o r m a t i o n S c i e n c e P a g e 1

Great Theoretical Ideas in Computer Science

Practice Assignment 2 Discussion 24/02/ /02/2018

Homework 4 for Modular Arithmetic: The RSA Cipher

10 Public Key Cryptography : RSA

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

CPSC 467b: Cryptography and Computer Security

Cryptography and Secure Communication Protocols

Public-key Cryptography and elliptic curves

The Hill Cipher A Linear Algebra Perspective

Cryptography and RSA. Group (1854, Cayley) Upcoming Interview? Outline. Commutative or Abelian Groups

An Introduction to Probabilistic Encryption

Notes 10: Public-key cryptography

6.080 / Great Ideas in Theoretical Computer Science Spring 2008

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrosky. Lecture 4

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

A Quick Look at some Mathematics and Cryptography A Talk for CLIR at UConn

ICS141: Discrete Mathematics for Computer Science I

9 Knapsack Cryptography

NUMBER THEORY AND CRYPTOGRAPHY

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Solutions to the Midterm Test (March 5, 2011)

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

CPSC 467: Cryptography and Computer Security

Math Circles Cryptography

AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM

Hans Delfs & Helmut Knebl: Kryptographie und Informationssicherheit WS 2008/2009. References. References

MATHEMATICS EXTENDED ESSAY

MODULAR ARITHMETIC. Suppose I told you it was 10:00 a.m. What time is it 6 hours from now?

Number Theory in Cryptography

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Introduction to Cryptography. Lecture 8

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Implementation Tutorial on RSA

MATH 158 FINAL EXAM 20 DECEMBER 2016

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Elliptic Curve Cryptography

Private Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography

Solutions for week 1, Cryptography Course - TDA 352/DIT 250

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security

COMP424 Computer Security

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Introduction to Modern Cryptography. Benny Chor

OWO Lecture: Modular Arithmetic with Algorithmic Applications

For your quiz in recitation this week, refer to these exercise generators:

8 Elliptic Curve Cryptography

Public-key Cryptography and elliptic curves

Eindhoven University of Technology MASTER. Kleptography cryptography with backdoors. Antheunisse, M. Award date: 2015

Chapter 2. A Look Back. 2.1 Substitution ciphers

The RSA cryptosystem and primality tests

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Lecture Notes. Advanced Discrete Structures COT S

Mathematical Foundations of Public-Key Cryptography

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Transcription:

Chapter 2 Cryptography and Number Theory 2.1 Cryptography and Modular Arithmetic 2.1.1 Introduction to Cryptography For thousands of years people have searched for ways to send messages in secret. For example, in ancient times a king desired to send a secret message to his general in battle. The king took a servant, shaved his head, and wrote the message on his head. He then waited for the servant s hair to grow back and then sent the servant to the general. The general then shaved the servant s head and read the message. If the enemy had captured the servant, they presumably would not have known to shave his head, and the message would have been safe. Cryptography is the study of methods to send and receive secret messages; it is also concerned with methods used by the adversary to decode messages. In general, we have a sender who is trying to send a message to a receiver. There is also an adversary, who wants to steal the message. We are successful if the sender is able to communicate a message to the receiver without the adversary learning what that message was. In traditional cryptography, the sender and receiver agree in advance on a secret code, and then send messages using that code. For example, one of the oldest types of code is known as a Caesar cipher. In this code, the letters of the alphabet are shifted by some fixed amount. Typically, we call the original message the plaintext and the encoded text the ciphertext. Then an example of a Caesar cipher would be the following code plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ciphertext E F G H I J K L M N O P Q R S T U V W X Y Z A B C D Thus if we wanted to send the plaintext message we would send the ciphertext ONE IF BY LAND AND TWO IF BY SEA SRI MJ FC PERH ERH XAS MJ FC WIE 25

26 CHAPTER 2. CRYPTOGRAPHY AND NUMBER THEORY Note that it is easy for the sender to encode the message, and for the receiver to decode the message. The disadvantage of this scheme is that it is also easy for the adversary to just try the 26 different possible Caesar ciphers and decode the message (only one will decode into plain English, with very high probability). Of course, there is no reason to use such a simple code; we can use any arbitrary permutation of the alphabet as the ciphertext, e.g. plaintext A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ciphertext H D I E T J K L M X N Y O P F Q R U V W G Z A S B C If we encode a short message with a code like this, it would be hard for the adversary to decode it. However, with a message of any reasonable length (greater than about 50 letters), an adversary with a knowledge of the statistics of the English language can easily crack the code. There is no reason that we have to use simple mappings of letters to letters. For example, our coding algorithm can be to take three consecutive letters, reverse their order, interpret each as a base 26 integer (with A=0;B=1, etc.) multiply that number by 37, add 95 and then convert that number to base 8. Continue with each three letters, appending as we go along, using 8 s and 9 s to separate the numbers. When we are done, we reverse the number, and replace each digit 5 by two 5 s. Here is an example of this method: plaintext: ONEIFBYLANDTWOIFBYSEA block and reverse: ENO BFI ALY TDN IOW YBF AES base 26 integer: 3056 814 310 12935 5794 16255 122 *37 +95 base 8: 335017 73005 26455 1646742 642711 2226672 11001 appended : 33501787300592645591646742964271182226672811001 reverse, 5rep : 10011827662228117246924764619555546295500378710533 Now, we can verify that it is possible for the receiver, who knows the code, to decode this message, and that the casual reader of the message will have no hope of decoding it. So it seems that with a complicated enough code, we can have secure cryptography. Unfortunately, there are at least two flaws with this method. The first is that if the adversary learns, somehow, what the code is, then she can easily decode it. Second, if this coding scheme is repeated often enough, and if the adversary has enough time, money and computing power, this code could be broken. In the field of cryptography, there are definitely players who have all these resources (such as a government, or a large corporation). The infamous German Enigma is an example of a much more complicated coding scheme, yet it was broken and this helped the Allies win World War II. (The reader might be interested in looking up more details on this.) In general, any scheme that uses a codebook, a secretly agreed upon (possibly complicated) code, suffers from these drawbacks. These codes are also called one-time pads, as the communicating parties agree on using the same pad or page in a codebook. A public-key cryptosystem overcomes the problems mentioned above. In a public key cryptosystem, the sender and receiver (often called Alice and Bob respectively) don t have to agree in advance on a secret code. In fact, they each publish part of their code in a public directory. Further, the adversary can intercept the message, and can have the public directory, and these will not be able to help him decode the message.

2.1. CRYPTOGRAPHY AND MODULAR ARITHMETIC 27 More precisely, Alice and Bob will each have two keys, a public key and a secret key. W e will denote Alice s public and secret keys as P A and S A and Bob s as P B and S B. They each keep their secret keys to themselves, but can publish their public keys and make them available to anyone, including the adversary. For convenience, we will think of these keys as functions; in particular we require that they each be one-to-one functions from the set D of possible messages onto itself. The public and secret keys are chosen to be inverses of each other, i.e for any M D we have that M = S A (P A (M)) = P A (S A (M)). (2.1) We also assume that, for Alice, S A and P A are easily computable. However, it is essential that for everyone except Alice, S A is hard to compute, even if you know P A. At first glance, this may seem to be an impossible task, Alice creates a function P A, that is public and easy to compute for everyone, yet this function has an inverse, S A, that is hard to compute for everyone except Alice. It is not at all clear how to design such a function. The first such cryptosystem is the now-famous RSA cryptosystem, widely used in many contexts. To understand how such a cryptosystem is possible will rely on some knowledge of number theory and on computational complexity. We will develop the necessary number theory in the next few sections. Before doing so, let us just assume that we have such a function and see how we can make use of it. Suppose Alice wants to send Bob a message M, she takes the following two steps: Alice obtains Bob s public key P B. Alice applies Bob s public key to M to create ciphertext C = P B (M). Alice then sends C to Bob. Bob can decode the message by using his secret key to compute S B (C) which is identical to S B (P B (M)), which by (2.1) is identical to M the original message. The beauty of the scheme is that even if the adversary has C and knows P B, she cannot decode the message without S B.ButS B is a secret that only Bob has. And even though the adversary knows that S B is the inverse of P B, the nature of P B is such that the adversary cannot easily compute its inverse. 2.1.2 Congruence modulo m The RSA encryption scheme is built upon the idea of congruence mod n. The symbolism m mod n means the remainder we get when we divide m by n. A bit more precisely, for integers m and n, m mod n is the smallest nonnegative integer r such that for some integer q. 1 m = nq + r (2.2) 1 In an unfortunate historical evolution of terminology, the fact that for every nonnegative integer m and positive integer n, there exist unique nonnegative integers q and r such that m = nq + r and r<nis called Euclid s algorithm. In modern language we would call this Euclid s Theorem instead. While it seems obvious that there is such a smallest nonnegative integer r and that there is exactly one such pair q, r with r<n, a technically complete study would derive these facts from the basic axioms of number theory, just as obvious facts of geometry are derived form the basic axioms of geometry. The reasons why mathematicians take the time to derive such obvious facts from basic axioms is so that everyone can understand exactly what we are assuming as the foundations of our subject; as the rules of the game in effect.

28 CHAPTER 2. CRYPTOGRAPHY AND NUMBER THEORY 1 2.1-1 Compute 10 mod 7, -10 mod 7, 10 mod 7. The last one has two possible interpretations. We are looking for the one that is an integer. 2.1-2 Compute 21 mod 9, 38 mod 9, 21 38 mod 9, (21 mod 9) (38 mod 9), 21 +38 mod 9, (21 mod 9) + (38 mod 9), 21 mod 9 + 38 mod 9. 2.1-3 Show that 16 mod 9 = 34 mod 9. Is the same true of the pairs 16+1 and 34+1? 16+2 and 34+2? 16+7 and 34+7? What about 16 + k and 34 + k for an arbitrary integer k? In Exercise 2.1-1, 10 mod 7 is 3, while 10 mod 7 is 4. Note that 3 mod 7 is 4 also. Also, 10 + 3 mod 7 = 0, suggesting that -10 is essentially the same as -3 when we are considering integers mod 7. We will be able to make this idea more precise in a few paragraphs. What do we mean by 1 10 mod 7? In algebra, 1 10 means the number that we multiply by 10 in order to get one. If we try multiplying ten by the numbers 1,2,3,4,5,6,etc., and taking the result mod n, weseethat5 10 = 50 and 50 mod 7 = 1, so that so it is natural to say that 1 10 mod 7 = 5. In Exercise 2.1-2, the point to notice is that and 5 10 mod 7 = 1, 21 38 mod 9 = (21 mod 9)(38 mod 9) 21 + 38 mod 9 = (21 mod 9) + (38 mod 9). These equations are very suggestive, though the general equations that they first suggest aren t true! Some closely related equations are true; the idea of congruence modulo n that we explore below allows us to discover these equations. Closely related to the operation m mod n is the relationship of congruence modulo n. Wesay that p and q are congruent modulo n if p mod n = q mod n. Another way to say this is to say that p and q are congruent mod n if p q is an integer multiple of n. The usual way of writing the statement that p and q are congruent mod n is p q (mod n). The congruence class of m mod n, denoted by m when the n is clear from context, is the set of all numbers congruent to m mod n. Thus every number is in some congruence class mod n. Two different congruence classes mod n cannot have any numbers in common, because if k were both i and j, then i mod n = k mod n = j mod n, so that i and j are congruent. However i and j are arbitrary members of their classes, so what we can conclude is that every member of i is congruent to every member of j. Thus the classes i and j have exactly the same members and are thus the same set. Therefore different congruence classes must be disjoint. This proves our next theorem: Theorem 2.1.1 Congruence mod n is an equivalence relation.

2.1. CRYPTOGRAPHY AND MODULAR ARITHMETIC 29 Proof: Given above. Exercise 2.1-3 is really a statement about congruence modulo n. All the pairs given in Exercise 2.1-3 have the same mods, and the last pair corresponds to the fact that if i j (mod n), then for any integer k, i + k j + k (mod n). While we can think about (and define rigorously) modular arithmetic via congruences and congruence classes, a slightly different approach will turn out to be more closely related to what we do computationally. We will pull the smallest positive number out of each congruence class, and use that instead of the class itself. Thus, if we are doing arithmetic mod n, we will restrict ourselves to using the numbers 0, 1,...,n 1. We will redefine addition to be addition modulo n, and multiplication to be multiplication modulo n. We will use the notation Z n to represent the integers 0, 1,...,n 1 together with a redefinition of addition, which we denote by + n,and a redefinition of multiplication, which we denote n. The redefinitions are: i + n j = (i + j) modn (2.3) i n j = (i j) modn (2.4) We must now verify that all the usual rules of arithmetic normally apply to addition and multiplication still apply with + n and n. In particular, we wish to verify the commutative, associative and distributive laws. The intuition behind why these laws will hold is that as we are doing addition and multiplication on integers, if the final result is going to be expressed mod n, then at any point in the computation, we can take any partial sum or product mod n. Thiscan be formalized in the following lemma. Lemma 2.1.1 (i + j) modn =(i mod n + j mod n) modn. (2.5) Proof: Using (2.2), we can write i as k 1 n + r 1,wherer 1 <n,andcanwritej as k 2 n + r 2, where r 2 <n. Then we can rewrite the left side of (2.5) as (i + j) modn = (k 1 n + r 1 + k 2 n + r 2 )modn = ((k 1 + k 2 )n +(r 1 + r 2 )) mod n = (r 1 + r 2 )modn, where the last line follows because any integral multiple of n is 0 mod n. Wecanrewritethe right side of (2.5) as (i mod n + j mod n) modn = ((k 1 n + r 1 )modn +(k 2 n + r 2 )modn) modn = (r 1 mod n + r 2 mod n) modn = (r 1 + r 2 )modn, where the last line follows because r 1 <nand r 2 <n. Similarly, we can show that (i + j) modn =(i + j mod n) modn =(i mod n + j) modn. (2.6) We now turn to verifying the various laws of addition and multiplication. First, the fact that + n is commutative follows immediately from the definition. We will now prove that it is also associative.

30 CHAPTER 2. CRYPTOGRAPHY AND NUMBER THEORY Lemma 2.1.2 For any x, y, z Z n, (x + n y)+ n z = x + n (y + n z) Proof: following We will repeatedly use the definition of + n and equations 2.5 and 2.6 to get the (x + n y)+ n z = ((x + n y)+z) modn = ((x + n y)+z mod n) modn = ((x + y) modn + z mod n) modn = ((x mod n + y mod n) modn + z mod n) modn = (x mod n + y mod n + z mod n) modn = (x mod n +(y mod n + z mod n) modn) modn = (x mod n +(y + z) modn) modn = (x +(y + z) modn) modn = (x + y + n z)modn = x + n (y + n z). We can also show that a version of Equation 2.5 and Equation 2.6 holds with addition replaced by multiplication, i.e. that (i j) modn =(i mod n j mod n) modn =(i j mod n) modn =(i mod n j) modn. (2.7) The proof of this will be an exercise. Using this we can show that n is associative. (The proof of this is also an exercise.) Given these, we can show that the distributive law also holds, i.e. Lemma 2.1.3 For any x, y, z Z n, x n (y + n z)=(x n y)+ n (x n z). Proof: Using (2.5), (2.6) and (2.7), x n (y + n z) = (x(y + n z)) mod n = (x((y + z) modn)) mod n = (x((y mod n + z mod n) modn)) mod n = ((x mod n)((y mod n + z mod n) modn)) mod n = ((x mod n)(y mod n + z mod n)) mod n = ((x mod n)(y mod n)+(x mod n)(z mod n)) mod n = (((x mod n)(y mod n)) mod n +((x mod n)(z mod n)) mod n) modn = ((xy) modn +(xz) modn) modn = ((x n y)+(x n z)) mod n = (x n y)+ n (x n z))

2.1. CRYPTOGRAPHY AND MODULAR ARITHMETIC 31 We conclude this section by observing that repeated applications of Lemma 2.1.1 are useful when computing sums in which the numbers are large. For example, suppose you had m integers x 1,...,x m and you wanted to compute m j=1 x i mod m. One natural way to do so would be to compute the sum, and take the result modulo m. However, it is possible that, on the computer that you are using, even though m j=1 x i mod m is a number that can be stored in an integer, and each x i can be stored in an integer, m j=1 x i mightbetoolargetobestoredinaninteger. (Recall that integers are typically stored as 4 or 8 bytes, and thus have a maximum value of roughly 2 10 9 or 9 10 18.) Another way to say this is that if we are computing a result mod n, we should do all our calculations in Z n using + n and n. Cryptography Revisited One natural way to use addition of a number m mod n in encryption is to first convert the message to a sequence of digits say concatenating all the ASCII codes for all the symbols in the message and then simply add m to the message mod n. Ifn happens to be larger than the message in numerical value, then it is simple for someone who knows m to decode the encrypted message. However an adversary who sees the encrypted message has no special knowledge and so unless m was ill chosen (for example m = 1 would be a silly choice) the adversary who knows what system you are using, even including the value of n, but does not know m, is essentially reduced to trying all possible m values. This is an example of a one time pad, discussed in Section 2.1.1, because if you use m only once, there is no way for the adversary to collect any data that will aid in guessing m. Thus, if only you and your intended recipient know m, this kind of encryption is quite secure: guessing m is just as hard as guessing the message. It is possible that once n has been chosen, you will find you have a message which translates to a larger number than n. Normally you would then break the message into segments, each with no more digits than n, and send the segments individually. So long as you were not sending a large number of segments, it would still be quite difficult for your adversary to guess m by observing the encrypted information. In fact, it would not be unusual to use the same value of m for a day, say, (or for one session on the internet) and then to change it. However, if you used the value often enough, the adversary could collect enough information to be able to break the code. 2.1.3 Multiplication Mod n 2.1-4 Show that (i j) modn =(i mod n)(j mod n) modn. 2.1-5 Would it make sense to encode a message by multiplying it by a key mod n? When we encoded a message by adding m mod n, we could decode the message simply by subtracting m mod n. By analogy, if we encode by multiplying by m mod n, we would expect to decode by dividing by m mod n. However division mod n can be problematic for some values of n. Let us do a trivial example. Suppose your value of n was 12 and the value of m was 4. You send the message 3 as 3 4 0 (mod 12). Thus you send the encoded message 0. Now your partner sees 0, and says the message might have been 0; after all, 0 4 0 (mod 12). On the

32 CHAPTER 2. CRYPTOGRAPHY AND NUMBER THEORY other hand, 3 4 0 (mod 12), 6 4 0 (mod 12), and 9 4 0 (mod 12) as well. Thus your partner has four different choices for the original message, which is almost as bad as having to guess the original message itself! You might think that 0 would present special problems for division, so let s look at another example. Suppose that m =3andn = 12. Now we encode the message 6 by computing 6 3 6 (mod 12). Simple calculation show that 2 3 6 (mod 12), 6 3 6 (mod 12), and 10 3 6 (mod 12). Thus in this case, there are three possible ways to decode the message. Let s look at one more example that will provide some hope. Let m =5andn = 12, and let s encode the message 7 as 7 5 11 (mod 12). This time, simple calculation shows that 7 is the unique solution (mod 12) to the equation x 5 11 (mod 12). Thus in this case we can correctly decode the message. As we shall see in the next section, the kind of problem we had happens only when m is a factor of n. Thus all our receiver needs to know, in our cases, is how to divide by m mod n, and she can decrypt our message. If you don t now know how to divide by m, then you can begin to understand the idea of public key cryptography. The message is there for anyone who knows how to divide by m to find, but if nobody but our receiver can divide by m, we can tell everyone what m is and our messages will still be secret. As we shall soon see, dividing by m is not particularly difficult, so a better trick is needed for public key cryptography to work. Exercises E2.1-1 State and prove the commutative and associative law for n. E2.1-2 It is obvious how to solve any equation of the form x + n a = b in Z n, and that the result will be a unique value of x. On the other hand we saw that 0, 3, 6, and 9 are all solutions to the equation 4 n x =0 in Z 12. Are there any equations of the form a n x = b that don t have any solutions at all in Z 12? If so, give one, and find out whether there are any numbers a such that each equation of the form a n x = b does have a solution. On the other hand if each equation of the form a n x = b has a solution in Z 12, give a proof of this. (Note that having a solution is different from having a unique solution.) E2.1-3 Does every equation of the form a n x = b have a solution in Z 5?inZ 7?inZ 9?in Z 11? E2.1-4 Recall that if a prime number divides a product of two integers, then it divides one of the factors. a) Use this to show that as b runs though the integers from 0 to p 1, with p prime, the products a n b are all different (for each fixed choice of a between 1 and p 1). b) Explain why every integer greater than 0 has a unique multiplicative inverse mod p, ifp is prime.

2.1. CRYPTOGRAPHY AND MODULAR ARITHMETIC 33 E2.1-5 Modular arithmetic is used in generating psuedo-random numbers. One basic algorithm (still used on many machines!) is by linear congruential random number generation. The following piece of code generates a sequence of numbers that may appear random to an unaware user. seed := x := 0 /* set seed */ repeat x := (ax + b) modn print x until x = seed Execute the loop for a =3,b=7,n = 11. E2.1-6 Write down the 7 multiplication table for Z 7.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback