download instant at

Similar documents
2.2 Inverses and GCDs

Introduction to Public-Key Cryptosystems:

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Basic elements of number theory

Basic elements of number theory

Discrete Mathematics GCD, LCM, RSA Algorithm

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Mathematical Foundations of Public-Key Cryptography

Number Theory A focused introduction

Simple Math: Cryptography

Encryption: The RSA Public Key Cipher

Mathematical Foundations of Cryptography

Number Theory Notes Spring 2011

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

CPSC 467b: Cryptography and Computer Security

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

CS483 Design and Analysis of Algorithms

Addition. Ch1 - Algorithms with numbers. Multiplication. al-khwārizmī. al-khwārizmī. Division 53+35=88. Cost? (n number of bits) 13x11=143. Cost?

Some Facts from Number Theory

Rings and modular arithmetic

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Number Theory. Modular Arithmetic

CS2800 Questions selected for fall 2017

Public Key Cryptography

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

ECE596C: Handout #11

Cryptosystem. Traditional Cryptosystems: The two parties agree on a secret (one to one) function f. To send a message M, thesendersendsthemessage

basics of security/cryptography

Modular Arithmetic and Elementary Algebra

CPSC 467b: Cryptography and Computer Security

Public Key Encryption

Linear Congruences. The equation ax = b for a, b R is uniquely solvable if a 0: x = b/a. Want to extend to the linear congruence:

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

CS March 17, 2009

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Lecture Notes, Week 6

Chapter 8 Public-key Cryptography and Digital Signatures

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

ECEN 5022 Cryptography

You separate binary numbers into columns in a similar fashion. 2 5 = 32

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Number theory (Chapter 4)

CPSC 467: Cryptography and Computer Security

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Cryptography. pieces from work by Gordon Royle

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Instructor: Bobby Kleinberg Lecture Notes, 25 April The Miller-Rabin Randomized Primality Test

8 Elliptic Curve Cryptography

Topics in Cryptography. Lecture 5: Basic Number Theory

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

ICS141: Discrete Mathematics for Computer Science I

Fall 2017 Test II review problems

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

CIS 551 / TCOM 401 Computer and Network Security

Greatest Common Divisor MATH Greatest Common Divisor. Benjamin V.C. Collins, James A. Swenson MATH 2730

OWO Lecture: Modular Arithmetic with Algorithmic Applications

Algorithms (II) Yu Yu. Shanghai Jiaotong University

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Public Key Algorithms

Cryptography and Number Theory

Remainders. We learned how to multiply and divide in elementary

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

CRYPTOGRAPHY AND NUMBER THEORY

Ma/CS 6a Class 2: Congruences

CSE 521: Design and Analysis of Algorithms I

CPSC 467: Cryptography and Computer Security

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

10 Public Key Cryptography : RSA

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

Carmen s Core Concepts (Math 135)

1 Overview and revision

Elementary Algebra Chinese Remainder Theorem Euclidean Algorithm

4 Powers of an Element; Cyclic Groups

CSE20: Discrete Mathematics

For your quiz in recitation this week, refer to these exercise generators:

9 Knapsack Cryptography

The next sequence of lectures in on the topic of Arithmetic Algorithms. We shall build up to an understanding of the RSA public-key cryptosystem.

Lecture 6: Introducing Complexity

CPSC 467b: Cryptography and Computer Security

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Number Theory and Group Theoryfor Public-Key Cryptography

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

Discrete mathematics I - Number theory

Introduction to Cryptography. Lecture 6

Private Key Cryptography. Fermat s Little Theorem. One Time Pads. Public Key Cryptography

8 Primes and Modular Arithmetic

Math.3336: Discrete Mathematics. Mathematical Induction

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Lecture 4: Number theory

Senior Math Circles Cryptography and Number Theory Week 2

Applied Cryptography and Computer Security CSE 664 Spring 2017

Numbers, Groups and Cryptography. Gordan Savin

Chapter 5. Number Theory. 5.1 Base b representations

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Transcription:

2 CRYPTOGRAPHY AND NUMBER THEORY 2.1 CRYPTOGRAPHY AND MODULAR ARITHMETIC Pages 54 to 56 Problem 1 Problem 2 Problem 3 Problem 4 14 mod 9 = 5; 1 mod 9 = 8; 11 mod 9 = 7. KHUH LV D PHVVDJH. EBOB FP X JBPPXDB. Five places. Problem 5 Problem 6 16 + 23 18 = 11; 16 23 18 = 12. Without knowledge of a, you could say essentially nothing, though you could observe that it has six or fewer letters. If you knew a, you could write the unique number that corresponds to the message. Because different sequences of letters could conceivably S16

give the same number when their codes are concatenated, you wouldn t know the message for sure; however, if it were a message in English, you could figure it out by experimenting with all combinations of letters that give the number you got. Problem 7 Problem 8 Problem 9 It would mean that (x 4) mod 9 = 1. Because 7 4 = 28, we have that (1/4) mod 9 = 7. There is no integer value that makes sense for (1/3) mod 9, because no multiple of 3is1plus a multiple of 9. The number is 2000. It is difficult to do by hand because without knowing how to divide by 487 in Z 30031, the only thing you might try is to multiply every number from some point on by 487 (for example, you wouldn t need to try 2 times 487 or 3 times 487 or even 10 times 487, but you might try 62, 63, etc., times 487) and then compute the result mod 30031. + 0 1 2 3 4 5 6 0 0 1 2 3 4 5 6 1 1 2 3 4 5 6 0 2 2 3 4 5 6 0 1 3 3 4 5 6 0 1 2 4 4 5 6 0 1 2 3 5 5 6 0 1 2 3 4 6 6 0 1 2 3 4 5 It is symmetric because addition is commutative. Every number appears in every row because adding a fixed number a to each entry of arow (where we add mod 7) is a one-to-one and onto function from {0, 1, 2, 3, 4, 5, 6} to itself. Problem 10 a. Yes, a = 2 and b = 5work. In particular, 2 12 x = 5 has no solutions because 2x will be even, so 2x mod 12 will be even. Thus, there is no integer x such that 2x mod 12 = 5. b. Yes, a = 5 has this property because 5 12 1 = 5, 5 12 2 = 10, 5 12 3 = 3, 5 12 4 = 8, 5 12 5 = 1, 5 12 6 = 6, 5 12 7 = 11, 5 12 8 = 4, 5 12 9 = 9, 5 12 10 = 2, and 5 12 11 = 7; so, for each b, with 1 b < 12, we have given an x so that 5 12 x = b. 2.1: Cryptography and Modular Arithmetic S17

Problem 11 The equation has a solution for Z 5, Z 7, and Z 11.ForZ 9,ifa is not 0, 3, or 6, the equation has a solution; otherwise, the answer depends on what b is. Problem 12 a. If 0 b 1 < b 2 p 1 such that a p b 1 = a p b 2, then a(b 2 b 1 ) = 0 mod p that is, a(b 2 b 1 ) = kp. Because a(b 2 b 1 ) 0, we have that k 0. Then p divides a(b 2 b 1 ). Thus, p divides a or b 2 b 1 ;but that is impossible because they are all greater than 0 and less than p. b. From part a, we know that the p terms a p b are different when b runs through the integers from 0 to p 1. Also, a p b must be one of the p numbers 0, 1,..., p 1. So there must be one and only one b such that a p b = 1. Thus, a has a unique multiplicative inverse in Z p. Problem 13 Let b = a mod n. Note that y i = { xi + b if x i + b < n, x i + b n if x i + b n. Thus, two y i s will be of the form x i + b or two will be of the form x i + b n. The difference of these two will be of the form x i x j. Problem 14 The universe is Z 7,sox and y can take values between 0 and 7 1 = 6 only. The table for x 7 y = (xy) mod 7 should look like the following: x y 0 1 2 3 4 5 6 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 2 0 2 4 6 1 3 5 3 0 3 6 2 5 1 4 4 0 4 1 5 2 6 3 5 0 5 3 1 6 4 2 6 0 6 5 4 3 2 1 S18 Chapter 2: Cryptography and Number Theory

Problem 15 By Theorem 2.1, for unique integers q 1 and q 2,wehavei = (i mod n) + q 1 n and j = ( j mod n) + q 2 n. Multiplying these two equations together, we get ij = (i mod n)( j mod n) + (i mod n)q 2 n + ( j mod n)q 1 n + q 1 nq 2 n. Taking both sides mod n gives us ij mod n = (i mod n)( j mod n) mod n because the remainder of the right hand side of the previous equation for ij is a multiple of n. Problem 16 x n (y n z) = (x n y) n z. For the proof, using Lemma 2.3, x n (y n z) = ( x(yz) ) mod n = ( (xy)z ) mod n = (x n y) n z. Problem 17 x n (y + n z) = x n y + n x n z and (y + n z) n x = y n x + n z n x. (We need prove only one of these because of commutativity.) For the proof, using Lemma 2.3, x n (y + n z) = ( x ( (y + z) mod n )) mod n = ( x(y + z) ) mod n = (xy + xz) mod n = ( (xy mod n) + (xz mod n) ) mod n = x n y + n x n z. 2.2 INVERSES AND GREATEST COMMON DIVISORS Pages 70 to 71 Problem 1 Yes, it is 133 mod m. Problem 2 Yes, it is 133 mod m. 2.2: Inverses and Greatest Common Divisors S19

Problem 3 One way to answer this problem is to try each multiple of 2. You would discover that 2 5 = 10; so, 2 does not have a multiplicative inverse in Z 10. Then you would compute the product of each pair of nonzero elements in Z 11 (this is 50 products) to show that each has a multiplicative inverse. It is easier to do the second part by noting that 11 is a prime, which means that all nonzero elements of Z 11 are relatively prime to it and thus have inverses. You could also do the first part by observing that 10 is not a prime, so not all elements of Z 10 would be relatively prime to it. Therefore, you would conclude that not all elements of Z 10 have multiplicative inverses. Problem 4 Problem 5 Problem 6 Problem 7 Problem 8 Problem 9 1; 0. The number of such elements is either zero or one, because if an element of Z n,inthis case b, has at least one inverse, then it has only one inverse. They are either 1 or 1. 210 = 126 + 84 and 126 = 84 + 42; 84 = 2 42. Therefore, 42 is the GCD of 210 and 126. If r = 0, then gcd(r, q) = q and gcd(q, k) = q. But if r 0, then any divisor of q and k is a divisor of r = k jq,soitisadivisor of gcd(r, q). Also, any divisor of r and q is a divisor of k = jq + r and thus of gcd(q, k). Therefore, the two GCDs are equal. For the wiretapper to compute the secret key in the first scheme, she only needs to compute q 1. (This can be done using the extended GCD algorithm, because she knows q and p.) Then she can compute the secret key by multiplying the three numbers qa, qb, and q 1, all of which she knows. So the first scheme isn t very good. The second one is harder to attack. The natural way to attack it is by exhaustive search. That is, the wiretapper, knowing q a and q but not a, tries all the powers of q i for i = 1 to i = p 1 until she finds one such that q i mod p = q a mod p. Then she computes S20 Chapter 2: Cryptography and Number Theory

(q b ) i. This is the secret key, because (q b ) i mod p = q bi mod p = (q i ) b mod p = (q a ) b mod p = q ab mod p. However, because p is a very large number, this method is computationally very intensive, which means the scheme is hard to crack this way. One might also think about taking the logarithm of q a in Z p with respect to the base q,but we don t know a very efficient way to compute logarithms in Z p. Problem 10 Method 1: GCD(n,k) // Returns an ordered triplet of numbers: the gcd, // and the x and y values such that x*n + y*k = gcd. // Line 6 assigns all three values to variables. // Assume k > n. (1) q = floor(k/n) (2) r = k q*n (3) if (r == 0) // This is the base case (4) return (n, 0, 1) (5) else (6) (gcd, x, y ) = GCD(r, n) (7) x = y (8) y = x q*y (9) return (gcd, x, y) Method 2: GCD(n,k) // Assume that gcd, x, and y are global variables. // Assume that k > n // Upon return gcd will hold GCD(n,k) and x*n + y*k = gcd (1) q = floor(k/n) (2) r = k q*n (3) if (r == 0) // Base case: n is the GCD (4) gcd = n (5) x = 0 (6) y = 1 (7) else (8) GDC(r,n) (9) x = y (10) y = x q*y (11) x = x 2.2: Inverses and Greatest Common Divisors S21

Problem 11 The first loop of the algorithm is shown in the table. i k[i] n[i] q[i] r[i] 0 576 486 1 90 1 486 90 5 36 2 90 36 2 18 3 36 18 2 0 This gives gcd(576, 486) = 18. The second loop of the algorithm is shown here (i is decreasing and the q[i]values were copied from the previous table for convenience): i q[i] x[i] y[i] 3 2 0 1 2 2 1 2 1 5 2 11 0 1 11 13 This gives x = 11 and y = 13. Indeed, kx + ny = 576 11 + 486 ( 13) = 6336 6318 = 18 = gcd(576, 486). Problem 12 Problem 13 Problem 14 Problem 15 16 103 x = 1, giving gcd(16, 103) = 1. We can find x and y such that 16x +103y = 1. Then x mod 103 is the inverse. Using the extended GCD algorithm, 16 ( 45) + 103 7 = 1. Then the multiplicative inverse of 16 mod 103 is ( 45) mod 103 = 58. In Problem 12, you computed that the multiplicative inverse of 16 mod 103 is 58. Thus, x = 58 21 mod 103 = 85. The numbers not relatively prime to 35 are 0, 5, 7, 10, 14, 15, 20, 21, 25, 28, and 30 numbers that are multiples of 5 or 7. Thus, these are the elements of Z 35 that do not have multiplicative inverses. If r = 0, then gcd(k, 0) = k,butgcd( j, k) = j.ifr 0, however, then any divisor of j and k is a divisor of r = k jq,soitisadivisor of gcd(r, k). Also, any divisor of r and k is a divisor of jq = k r.however, it is not necessarily a divisor of j. Thus, there is a relationship: The GCD of j and k is a divisor of the GCD of r and k, and if the GCD of r and k is relatively prime to q, then the two GCDs are equal. S22 Chapter 2: Cryptography and Number Theory

Problem 16 You may write m = qn r = qn n + n r = (q + 1)n + n r so that if you take q = (q + 1) and r = n r, then you have m = q n + r, with 0 r < n. Thus, you have proved the part of Theorem 2.1 not covered by Theorem 2.12. Problem 17 There are many different ways to answer this question correctly. Here is an outline of one complete solution. Using the GCD algorithm and noting that F i = 1 F i 1 + F i 2, you get that q is always 1 and r is always F i 2. Thus, gcd(f i, F i+1 ) = gcd(f i 1, F i ) = gcd(f i F i 1, F i 1 ) = gcd(f i 2, F i 1 ) = =gcd(f 2, F 3 ) = 1. Notice that 2F i 1 > F i > F i 1 for i > 3, so the extended GCD algorithm can be used in this way. When you do this recursively to compute x and y, you get 1 = gcd(f i, F i+1 ) = ( 1) i 1 F 2 i + ( 1) i F i 1 F i+1. Thus, x = ( 1) i 1 F i and y = ( 1) i F i 1. Problem 19 Problem 21 Problem 22 Problem 23 lcm(x, y) = xy/ gcd(x, y). Because 4 6 4 = 4, the equation 4 6 x = 4 has a solution in Z 6.Infact, it has at least two solutions, because 1 is also a solution. If you suppose that a and n are not relatively prime, then a and n have a common factor d greater than 0. Thus, a = a d and n = n d.ifa n x = b, then a n (x + n n ) = b. But you cannot have x = x + n n, because adding x mod n to both sides in Z n gives n mod n = 0. This is a contradiction, because if n = n d, you know that 0 < n < n. Thus, if a and n are not relatively prime and the equation a n x = b has a solution, it has more than one solution, so it does not have a unique solution. Therefore, a n x = b has a unique solution in Z n if and only if a and n are relatively prime. Assume j < k. Ifk = ji, then gcd( j, k) = j. Inthis case, j = j 1 + k 0, which gives x = 1 and y = 0. Otherwise, assume inductively that when k < k and j j, there are integers x and y such that gcd( j, k ) = j x + k y. Write k = qj + r with 0 r < j. ByLemma 2.13, you know that gcd(r, j) = gcd( j, k). But by the 2.2: Inverses and Greatest Common Divisors S23

inductive hypothesis, there are integers x and y such that gcd( j, k) = rx + jy. Substitution gives gcd( j, k) = (k qj)x + jy = j (y qx ) + kx. Thus, taking y = x and x = y qx gives gcd( j, k) = jx + ky. 2.3 THE RSA CRYPTOSYSTEM Pages 81 to 82 Problem 1 4, 2, 1, 4, 2, 1,...; 4, 6, 4, 6, 4,.... In both cases, there is a repeated pattern. The first case hasa1intherepeating pattern, and the second case does not. Problem 2 You get the numbers 5, 10, 4, 9, 3, 8, 2, 7, 1, 6, which is a permutation of {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}. ByLemma 2.20, you get a permutation of {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} no matter which nonzero element of Z 11 is used in place of 5. Problem 3 1 4 = 1; 2 4 mod 5 = 16 mod 5 = 1; 3 4 mod 5 = 81 mod 5 = 1; 4 4 mod 5 = 256 mod 5 = 1. Observe that each fourth power is 1. Fermat s Little Theorem explains why. Problem 4 Problem 5 1176; 1; 23; 23; 23. 1176; 1; 18; 19; 105. This shows that x ed mod p (which is y d mod p) need not determine x (and couldn t if x were greater than or equal to p). Problem 6 There is exactly one solution, and it is x = 19. Problem 7 97 and 73 are prime numbers. Use Fermat s Little Theorem to get the following: a. 15 96 mod 97 = 1. b. 67 72 mod 73 = 1. c. 67 73 mod 73 = 67 67 72 = 67 1 = 67. S24 Chapter 2: Cryptography and Number Theory

Problem 8 You have n = ki + r, where k and r are integers. Then a n mod p = a ki+r mod p = (a ki mod p) p (a r mod p) = (a ki mod p) p (a n mod i mod p) = a n mod i mod p. Because you did not use the primality of p, the equation is true if p is not a prime. Problem 9 Problem 10 Problem 11 Because they are not relatively prime to p 2, the numbers 0, p, 2p, 3p,...,(p 1)p have no multiplicative inverses. But other elements in Z p 2 have a multiplicative inverse because they have no factor p; thus, they are relatively prime to p 2. So, there are p 2 p elements with multiplicative inverse in Z p 2. The elements x that have multiplicative inverses in Z p 2 are all relatively prime to p. By Fermat s Little Theorem, you have x p 1 ( = ) kp + 1, where k is an integer. This gives x p2 p = (x p 1 ) p = (kp + 1) p = 1 + p kp + p 2 C = D p 2 + 1, where C 1 and D are both integers. Therefore, x p2 p = 1 mod p 2. You can also use a method similar to the proof of Fermat s Little Theorem to prove that x p2 p mod p 2 = 1 when x has an inverse. For any element y with no multiplicative inverse, you can write y = cp, where c is an integer and 0 c p 1. So, y p2 p = (cp) p2 p = c p2 p p p2 p = 0 mod p 2, because p 2 p 2 for all primes p. pq (p + q 1):ByCorollary 2.16, a has an inverse if gcd(a, pq) = 1. Any a that is divisible by p has gcd(a, pq) = p. There are q such a s. Inasimilar way, any b that is divisible by q has gcd(b, pq) = q. There are p such b s. Together, there are p + q 1 elements in Z pq that do not have inverses. (We get p + q 1 because pq = 0 mod pq is counted twice: both as divisible by p and as divisible by q.) a. Euclid s algorithm gives an x and a z so that mx + nz = 1. b. Write k = kmx + knz = cnmx + bmnz and k = mn(cx + bz); so, k is a multiple of mn. Because two distinct primes are relatively prime, this justifies the assertion. Problem 12 a. Let [i] ={j Z j i (mod n)}. If[i] [ j] contains an element k, then i k (mod n) and j k (mod n) implies i j (mod n) and j i (mod n). Thus, [i] = [ j]. The sets i and j are either identical or disjoint. Further, i [i], so that the sets [i] partition the integers. Therefore, is an equivalence relation. 2.3: The RSA Cryptosystem S25

b. Because i mod n = i mod n, you know that is reflexive. If i mod n = j mod n, then j mod n = i mod n; so, is symmetric. If i mod n = j mod n and j mod n = k mod n, then i mod n = k mod n. Therefore, is transitive. Thus, is an equivalence relation. c. If m and n are relatively prime positive integers, then the congruences and x a (mod m) x a (mod n) have a solution. Further, if x 1 and x 2 are solutions, then x 1 x 2 (mod mn). Problem 14 Because x n 1 mod n = 1, you have x n (x n 2 mod n) = 1; so, x has a multiplicative inverse. Therefore, by Corollary 2.16, gcd(x, n) = 1. Thus, every number between 1 and n 1isrelatively prime to n, sothat n has no factors other than itself and 1. Therefore, n is prime. 2.4 DETAILS OF THE RSA CRYPTOSYSTEM Pages 89 to 90 Problem 1 Problem 2 4. Multiply a 32, a 16, a 4, and a. Problem 3 Problem 4 In 40 bits, which is the same as 5 bytes, you should be able to store any number with up to 12 digits. Now notice that in 50 bytes, you could store ten numbers, each of which has 12 digits; so, you should be able to store 120 digits. Similarly, each time you multiply the number of bytes by 10, you multiply the number of digits you can store by 10; so, in 5 billion bytes, you should be able to store a billion times as many digits, or 12 billion decimal digits. Similarly, in 5 trillion bytes, you should be able to store 12 trillion decimal digits (this is about 10 13, which is insignificant in comparison to 10 120 ). There are no other such numbers. S26 Chapter 2: Cryptography and Number Theory

Problem 5 The only such numbers are 10 and 23. Problem 6 (10 100 ) (10120) = ( 10 (102 ) ) (10 120) = 10 (102 10 120) = 10 (10122) ; so, it has 10 122 digits. Problem 7 Because a has the same number of digits as 10 100 and fewer digits than 10 101, the number of digits of a 10120 is about the number of digits of (10 100 ) (10120) = 10 100 (10120) = 10 10122. Thus, the number of digits is a lot closer to 10 120 than to 10 240,regardless of the value of a. Problem 8 The binary representation of 10 120 gives 10 120 = n b i 2 i, i=0 where n = log 2 10 120 and each b i is 0 or 1. Ifb i is 1, you have to include the b i th square of a in the product; otherwise, don t include it. Problem 9 Problem 10 It doesn t make sense to do this, because 2 2 3 mod 5 = 4, while 2 (2 3) mod 5 = 2. ModExp(a,x,n) (1) k = ceiling(log 2 n) (2) get the binary representation of x, let it be x k, x k 1,...,x 1,x 0 (3) y = a mod n (4) i = 0 (5) b = 1 (6) while (i k) (7) if (x i == 1) (8) b = (y*b) mod n (9) y = (y*y) mod n (10) i = i + 1 (11) return b 2.4: Details of the RSA Cryptosystem S27

Problem 11 If a has a multiplicative inverse, it would make sense to do so because, as in the proof of Fermat s Little Theorem, a ϕ(n) = 1. However, if a does not have an inverse, it would not. Problem 12 If m is not prime, it must have a factor n m. Thus, 0, n, 2n,...,(m/n 1) n are not relatively prime to m. Then, there are at least m/n factors that have no multiplicative inverse. Note that m/n m/ m m. Problem 13 Applying the extended GCD algorithm, you get d = e 1 mod (p 1)(q 1) = 7 1 mod 180 = 103. Applying the RSA algorithm, you encrypt the message as follows: y = x e mod n = 100 7 mod 209 = 111. You can then decrypt the message in the same way, using d instead of e: y d mod pq = 111 103 mod 209 = 100. Problem 14 n = pq = 253. Applying the extended GCD algorithm, or by experimenting, you see that d = 17. Then 100 13 mod 253 = 10 26 mod 253 = ( 12) 8 100 mod 253 = ( 100(12 4 mod 253)(12 4 mod 253) ) mod 253 = 133. To reverse the process, ( ((133 133 17 = 4 mod 253) 4 mod 253 ) ) 133 mod 253 = 210 133 mod 253 = 100. Problem 15 We use proof by contradiction within a proof by contradiction. Consider a prime p greater than 2. The number 1 passes the test x m 1 mod m = 1. Assume we have an element x 1 such that x m 1 mod m = 1 (we will eventually show this leads to a contradiction). Then, x p mod m = 1. We now show that x i mod m 1 for 1 i < p.for the sake of contradiction, suppose there is such an i < p. Let i be the smallest element that satisfies the equation x i mod m = 1. Write p = ki + r, with r = p mod i. We have x r mod m = x r x ki mod m = x p mod m = 1. This is a contradiction, because i is the smallest positive integer that satisfies x i mod m = 1. Thus, x i mod m 1 after all. We then have x i mod m x j mod m (1 i, j p), because otherwise x i j mod m = 1, assuming i j. But x has the multiplicative inverse x p 1. Thus, x, x 2, x 3,...,x p 1, x p mod m = 1 all have multiplicative inverses. We just showed that the powers of x are all distinct. So at most (p + 1) p = 1 elements have no inverse, which is contradictory to Problem 12, because p + 1 is not prime. Therefore, there can be no x 1 with x p mod m = 1. S28 Chapter 2: Cryptography and Number Theory

Problem 16 Bob can first use the RSA procedure to use his private key d to encrypt the document D and get a signature S. Others may then decrypt the signature using Bob s public key e and then compare the decryption with the document to see if they match. If the document is also secret, Bob should first encrypt it with the receiver s public key and send it both with and without his signature. Actually, the encryption and decryption are the same procedure except for the key used. Bob might or might not append his name to the document before encrypting it with his private key. 2.4: Details of the RSA Cryptosystem S29

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback