Exam 2 Solutions. In class questions

Similar documents
Math 5330 Spring Notes Congruences

Elementary factoring algorithms

4.4 Solving Congruences using Inverses

1 Divisibility Basic facts about divisibility The Division Algorithm... 3

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Number Theory Math 420 Silverman Exam #1 February 27, 2018

Number theory (Chapter 4)

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

Math101, Sections 2 and 3, Spring 2008 Review Sheet for Exam #2:

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

A Guide to Arithmetic

LARGE PRIME NUMBERS (32, 42; 4) (32, 24; 2) (32, 20; 1) ( 105, 20; 0).

Basic elements of number theory

Basic elements of number theory

CHAPTER 3. Congruences. Congruence: definitions and properties

Chapter 1 Review of Equations and Inequalities

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Table of Contents. 2013, Pearson Education, Inc.

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Math 261 Spring 2014 Final Exam May 5, 2014

MATH 2112/CSCI 2112, Discrete Structures I Winter 2007 Toby Kenney Homework Sheet 5 Hints & Model Solutions

AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS

Take the Anxiety Out of Word Problems

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Winter Camp 2009 Number Theory Tips and Tricks

Solutions to Problem Set 4 - Fall 2008 Due Tuesday, Oct. 7 at 1:00

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Computing Quotient and Remainder. Prime Numbers. Factoring by Trial Division. The Fundamental Theorem of Arithmetic

MATH 310: Homework 7

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Chapter 8. Introduction to Number Theory

ORDERS OF ELEMENTS IN A GROUP

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

LARGE PRIME NUMBERS. In sum, Fermat pseudoprimes are reasonable candidates to be prime.

Math 131 notes. Jason Riedy. 6 October, Linear Diophantine equations : Likely delayed 6

Math 109 HW 9 Solutions

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

A Readable Introduction to Real Mathematics

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Discrete Mathematics and Probability Theory Summer 2014 James Cook Note 5

Applied Cryptography and Computer Security CSE 664 Spring 2018

Number Theory Homework.

Introduction to Number Theory

Quadratic Equations Part I

Part II. Number Theory. Year

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Number Theory Notes Spring 2011

Definition For a set F, a polynomial over F with variable x is of the form

You separate binary numbers into columns in a similar fashion. 2 5 = 32

MATH 25 CLASS 12 NOTES, OCT Contents 1. Simultaneous linear congruences 1 2. Simultaneous linear congruences 2

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

IRREDUCIBILITY TESTS IN F p [T ]

MATH 145 Algebra, Solutions to Assignment 4

4 Number Theory and Cryptography

Number Theory Proof Portfolio

Elementary Number Theory MARUCO. Summer, 2018

Math 31 Lesson Plan. Day 5: Intro to Groups. Elizabeth Gillaspy. September 28, 2011

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

22. The Quadratic Sieve and Elliptic Curves. 22.a The Quadratic Sieve

Homework #2 solutions Due: June 15, 2012

Lecture 11 - Basic Number Theory.

Modular Arithmetic Instructor: Marizza Bailey Name:

Some Review Problems for Exam 1: Solutions

MATH 115, SUMMER 2012 LECTURE 12

Introduction. What is RSA. A Guide To RSA by Robert Yates. Topics

Math Circles Cryptography

Ma/CS 6a Class 4: Primality Testing

Name: Mathematics 1C03

Exam 1 Solutions. Solution: The 16 contributes 5 to the total and contributes 2. All totaled, there are 5 ˆ 2 10 abelian groups.

ECEN 5022 Cryptography

EULER S THEOREM KEITH CONRAD

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

7.2 Applications of Euler s and Fermat s Theorem.

Senior Math Circles Cryptography and Number Theory Week 2

Ma/CS 6a Class 4: Primality Testing

Notes: Pythagorean Triples

A Few Primality Testing Algorithms

Transposition as a permutation: a tale of group actions and modular arithmetic

3 The fundamentals: Algorithms, the integers, and matrices

Discrete Mathematics and Probability Theory Fall 2014 Anant Sahai Homework 5. This homework is due October 6, 2014, at 12:00 noon.

base 2 4 The EXPONENT tells you how many times to write the base as a factor. Evaluate the following expressions in standard notation.

Math 016 Lessons Wimayra LUY

MATH 115, SUMMER 2012 LECTURE 4 THURSDAY, JUNE 21ST

Number Theory A focused introduction

SQUARE PATTERNS AND INFINITUDE OF PRIMES

1. multiplication is commutative and associative;

FERMAT S TEST KEITH CONRAD

PMA225 Practice Exam questions and solutions Victor P. Snaith

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

CPSC 467b: Cryptography and Computer Security

Algebra. Here are a couple of warnings to my students who may be here to get a copy of what happened on a day that you missed.

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Clock Arithmetic. 1. If it is 9 o clock and you get out of school in 4 hours, when do you get out of school?

Inference and Proofs (1.6 & 1.7)

3.2 Solving linear congruences. v3

Transcription:

Math 5330 Spring 2018 Exam 2 Solutions In class questions 1. (15 points) Solve the following congruences. Put your answer in the form of a congruence. I usually find it easier to go from largest to smallest modulus. (a) x 5 pmod 21q x 6 pmod 25q Solution: Starting with x 6 pmod 25q, we have x 6 ` 25k 5 pmod 21q, which reduces to 4k 1 20 pmod 21q, so k 5 pmod 21q. Next, k 5 ` 21m so x 6 ` 25p5 ` 21mq 131 ` 525m. Thus, x 131 pmod 525q. If we use the first congruence first, then x 5 ` 21k 6 pmod 25q and we can try to do something clever like write 21k as 4k or just convert to a Diophantine equation: 21k 1`25j so k j` 1`4j 1`4j. We can write y or 21y 1`4j Ñ 21 21 j 5y ` y 1. Setting y 1 gives j 5, k 6. More to the point, k 6 ` 25n 4 so x 5 ` 21p6 ` 25nq 131 ` 525n or x 131 pmod 525q. (b) x 5 pmod 7q x 2 pmod 12q x 8 pmod 13q Solution: Again, I ll start with the largest congruence. We have x 8`13k 2 pmod 12q, or k 6 6 pmod 12q. This means x 8 ` 13p6 ` 12jq 86 ` 156j 5 pmod 7q. Reducing, 2j 3 10 pmod 7q, or j 5 ` 7m. Thus, x 86 ` 156p5 ` 7mq 866 ` 1092m. We have x 866 pmod 1092q. As an aside, given an answer, you can check it. That is, you can check that x 866 is congruent to 5 modulo 7, 2 modulo 12, and 8 modulo 13. 2. (20 points) This problem considers the range of Euler s φ function. Note 1 is the only odd number in the range (φpnq 3 has no solutions, for example. It turns out not all even numbers are in the range either, with 14 being the smallest number with φpnq 14 having no solutions. Here, we show that 76 is not in the range. We proceed in steps. (a) Recall that if p n, then p 1 φpnq. For which primes p does p 1 divide 76? Solution: The divisors of 76 2 2 19 are 1, 2, 4, 19, 38 and 76. Adding 1 gives 2, 3, 5, 20, 39, 77. Selecting the primes gives p 2, 3, 5 as primes with p 1 dividing 76.

Page 2 (b) If p 2 n then ppp 1q φpnq. For which primes p does ppp 1q divide 76? Solution: Since we need p 1 to be a possible divisor of 76, the only choices are 2, 3, 5. Of these, 3 and 5 do not divide 76 leaving only 2. (c) Use parts (a) and (b) to show φpnq 76 has no solutions. There might still be several cases to check. Solution: One approach: By parts (a) and (b), we must have n 2 a 3 b 5 c where only a can be larger than 1, and b, c could possibly be 0. If c 1 then n 5m so φpnq 4φpmq 76 meaning φpmq 19, an odd number, so this can t happen, and n 2 a or n 3 2 a. In these cases, φpnq 2 a 1 or φpnq 2 2 a 1 2 a. Either way, φpnq is a power of 2 but 76 is not a power of 2 so there are no solutions. An alternative approach is to ask how 19 gets to be a factor of φpnq. There are only two ways: Either 19 2 divides n or p n for some p with p 1 being a multiple of 19. But the only primes that can divide n by part (a) are 2, 3, 5, and these don t have the desired property so again there are no solutions. A proof from the class that was very nice: Again by parts (a), (b), n 2 a 3 b 5 c with a ď 3, b, c ď 1. The largest φpnq could possibly be is φp2 3 3 5q 4 2 4 32 ă 76 so there are no solutions. (d) Find another even m different from 14 and 76 for which φpnq m has no solutions. Hint: m 2p sometimes works. Solution: In fact, if 2p ` 1 is not prime then φpnq 2p has no solution n. The reason: The divisors of 2p are 1, 2, p, 2p, which means the only possible prime divisors of n would be 2, 3, p ` 1, 2p ` 1. But p ` 1 is even, and if 2p ` 1 is not prime, this only leaves 2 and 3 as possible prime divisors of n. As in part (c), this means φpnq must be a power of 2 and 2p is not a power of 2 so there are no solutions n. Numbers of this form (where 2p ` 1 is not prime) are p 7 (giving the 14 mentioned above), 13, 17, 19, 31,... leading to m values of 14, 26 (the most common answer on the exam), 38, 62,...

Page 3 3. (15 points) Consider the number n 1199 11 ˆ 109. (a) How many steps of the p 1 method are needed to factor n? Why? Solution: If p 11 then p 1 10, a divisor of 5! so it should take 5 steps. One might ask about the other prime, q 109. In this case, 109 1 2 2 3 3. In order to pick up the second and third factors of 3, we would need k 9. that is, q 1 divides 9! but not 8! so we really should factor n in 5 steps. In fact, I did the calculation: 2 1! 2, 2 2! 4, 2 3! 64, 2 4! 808, 2 5! 826. If we subtract 1 from each of these and find the greatest common divisor of the result with 1111 we get 1, 1, 1, 1, 11, so we factor the number in 5 steps. (b) How many steps of Fermat s method are need to factor n? (Use x 0 r? 1199s 35.) Solution: We need px yqpx ` yq 11 ˆ 109 so x y 11, x ` y 109 Ñ 2x 120. Thus, x 60. We check x 35, x 36,..., x 60, so it takes 60-35 + 1 = 26 steps. One person actually applied Fermat s method, factoring 1199 in 26 steps. (c) Fill out the following table, where a k a 2 k 1 ` 1 pmod 11q for each k. k 1 2 3 4 5 6 7 8 9 10 11 12 a k 2 5 4 6 4 6 4 6 4 6 4 6 a k{2-2 - 5-4 - 6-4 - 6 a k a k{2-3 - 1-2 - 0-2 - 0 Based on the table, how many steps does the rho method take to factor n? Explain. Solution: Based on the 0 s in the bottom line the rho method takes 8 steps (or 4 if one does double steps or counts only the steps where a subtraction/gcd is performed). The reason what the table shows is that a 8 a 4 0 pmod 11q, so when calculating gcdpa 8 a 4, nq this number will be divisible by 11. I did check: Here is the table with entries modulo 1199 rather than 11: k 1 2 3 4 5 6 7 8 9 10 11 12 a k 2 5 26 677 312 226 719 193 81 567 158 985 a k{2-2 - 5-26 - 677-312 - 226 a k a k{2-3 - 672-200 - - 484-255 - 759 gcd - 1-1 - 1-11 - 1-11

Page 4 Extra credit. 4. (5 points) Find the largest number m for which p 4 1 pmod mq for all primes p ą 5. Solution: One person noted that 7 4 1 2400, 11 4 1 14640 240 ˆ 61. This puts 240 as the largest possibility for m. To actually prove that m 240 we need to prove that p 4 1 pmod 240q for every prime p ą 5. To that end, note that for p ą 5, p 5 1 1 pmod 5q by Fermat s Little Theorem. This means 5 m. Similarly, p 3 1 1 pmod 3q, so p 4 1 pmod 3q, and 3 m. Finally, p 4 1 pp 1qpp ` 1qpp 2 ` 1q, the product of three even numbers. Moreover, one of two consecutive even numbers is divisible by 4, giving another factor of 2. This means 16 m. Putting these together, m is divisible by 16, 3, and 5, so m is divisible by 240, showing that m 240. 5. (5 points) We call b the inverse of a modulo n if ab 1 pmod nq. (a) If a is relatively prime to n prove that the inverse of a is a φpnq 1 pmod nq. Solution: One of the easiest extra credit problems you will find! Let b a φpnq 1. Then ab a φpnq 1 pmod nq, as desired. (b) Use the binary squaring method and part a to find the inverse of 23 modulo 100. Solution: φp100q φp25qφp4q 20 ˆ 2 40, so by part (a), we want 23 39 pmod 100q. The calculation goes like this: exponent 1 2 4 8 16 32 value 23 29 41 81 61 21 so 23 39 23 1 ˆ 23 2 ˆ 23 4 ˆ 23 32 23 ˆ 29 ˆ 41 ˆ 21 87 pmod 100q. That is, the inverse of 23 is 87. 6. (6 points) Consider the first 10 odd primes: 3, 5,..., 31. (a) In what order do these primes appear when using the p 1 method? Hint: 3 appears first (after two steps). Solution: This was actually fairly straightforward. For each p, figure out k so p 1 divides k!. The only minor points: a prime like 17 has p 1 16 and it takes prime 3 7 5 13 11 31 17 19 29 23 till 6! to get enough 2 s. k-value 2 3 4 4 5 5 6 6 7 11

Page 5 (b) In what order do these primes appear when using the rho method? Hint: 3 still appears first (after two steps). Solution: This is more involved that for the p 1 method. I calculated the first several x-values: x 1 2, x 2 5, x 3 26, x 4 677, x 5 677 2 ` 1 and x 6 p677 2 ` 1q 2 ` 1. Now x 2 x 1 3, x 4 x 2 672 2 5 3 7 and x 6 x 3 p677 2`1q2 52 p677 2 22 qp677 2`6q 675 679 458335. I found divisors 5, 7, 31 and 97 here. For the rest of the primes, I just made out charts as in problem 3(c). prime 3 7 5 31 11 13 19 17 23 29 I got the following table. steps 2 4 6 6 8 8 8 12 12 16 7. (4 points) Prove that φpnq 2 32 has no odd solutions n, though there are even solutions. Hint: If p divides n, show that p must be a Fermat number. Also, the fifth Fermat number, F 5 is not prime. Solution: I think this is a cute problem. Since φpnq is a power of 2, the only possible prime divisors of n are primes with p 1 being a power of 2, or p 1 ` 2 k for some k. We talked about these in class a tiny bit they are called Fermat numbers, and for a Fermat number to be prime, you need the exponent to be a power of 2. The following are Fermat primes: 3 2 1 ` 1, 5 2 2 ` 1, 17 2 4 ` 1, 257 2 8 ` 1 and 65537 2 16 ` 1. Euler showd that the next one, 2 32 ` 1 is not prime. Next, n can t be divisible by the square of an odd prime because that prime would have to divide φpnq in that case, so these primes can only occur to the first power. But even if we multiply them all together, φp3 5 17 257 65537q 2 1 2 2 2 4 2 8 2 16 2 31 ă 2 32. Thus, there are no odd solutions. Note that there are lots of even solutions: n 2 33 works, as does various products of Fermat primes times appropriate powers of 2.

Page 6 Take Home Exam Questions 1. (15 points) This problem concerns numbers of the form T n 3 n 2 n. Have a look at the notes related to Mersenne numbers and the notes on congruences for help with this question. (a) How many vanes of n can you find for which T n is prime? Solution: I checked values of n ď 10, 000 and found the values n: 2, 3, 5, 17, 29, 31, 53, 59, 101, 277, 647, 1061, 2381, 2833, 3613, 3853, 3929, 5297, 7417. A student in the class mentioned that this sequence can be found in the On- Line Encyclopedia of Integer Sequences, which lists several more values: 90217, 122219, 173191, 256199, 336353, 485977, 591827, 1059503. That cite notes that these are really values for which T n is a probable prime, with T n proved to be prime for only those values of n ă 10000. That is, it has not been currently proven that T 90217 is prime. (b) Use the fact that 3 n 2 n pmod T n q to show that T n divides T m n for all positive integers m and n. Solution: Since T n 3 n 2 n, 3 n 2 n pmod T n q. Raising this to the m th power, 3 mn 2 mn pmod T n q, or 3 mn 2 mn T mn 0 pmod T n q. Thus, T n T mn. (c) Prove that T n is prime only when n is prime. Solution: If n is not prime, say n km with k, m ą 1 then T n T km is divisible by T m. We should rule out the possibility that T m 1 or T m T n. This follows from the fact that T m`1 3T m ` 2 m, showing that T m ě 3 m 1 ą 1 for all m ě 2. (d) Use paper/pen or pencil/calculator (Mathematica, Maple, etc not allowed) and the binary squaring algorithm to show that 2 T 7 1 ı 1 pmod T 7 q. (Showing T 7 is not prime.) Solution: We have T 7 2059 2048 ` 8 ` 2 ` 1. We have k 1 2 4 8 16 32 64 128 256 512 1024 2048 2 k 2 4 16 256 1707 364 720 1591 770 1967 228 509 with the bottom row being congruences modulo 2059. So 2 2058 2 2ˆ2 8ˆ2 2048 4 ˆ 256 ˆ 509 289 pmod 2059q. Since we did not get 1, T 7 is not prime.

Page 7 2. (20 points) This problem deals with the congruence x 2 1 pmod nq. (a) When p is an odd prime, prove that the congruence x 2 1 pmod pq has exactly two solutions. Solution: The key property is that if p is a prime and p mk then p m or p k. In our case, if x 2 1 pmod pq then p x 2 1, so p px 1qpx ` 1q. Thus, p x 1 or p x ` 1. In the first case, x 1 pmod pq, in the second, x 1 p 1 pmod pq, and we have exactly two solutions. (b) Use the Chinese Remainder Theorem and the fact that 451 11 ˆ 41 to solve the congruence x 2 1 pmod 451q. That is, use solutions to x 2 1 pmod 11q and x 2 1 pmod 41q to build solutions modulo 451. You should get 4 solutions, Mathematica, Maple, Excel, etc are not allowed. Solution: Since 451 11 ˆ 41, by the" Chinese Remainder * Theorem, x 2 1 x pmod 451q is equivalent to the system 2 1 pmod 11q x 2. By part (a), each 1 pmod 41q of these congruences has two solutions, so we get four systems: x 1 pmod 11q x 1 pmod 11q, x 1 pmod 41q x 1 pmod 41q, x 1 pmod 11q x 1 pmod 11q, x 1 pmod 41q x 1 pmod 41q. The first system has solution x 1 pmod 451q and the last one has solution x 1 450 pmod 451q. This leaves us with the middle two. For the second, if we start with x 1 pmod 41q, then we have x 1 ` 41k 1 pmod 11q, or 8k 9 pmod 11q. I rewrote this 3k 9 pmod 11q so k 3 8 pmod 11q. Thus, x 1`41p8`11mq 329`451m so x 329 pmod 305q. A cute trick for getting the last solution: If x is a solution, then x must be as well, so the other solution is x 329 122 pmod 451q. Without the trick, x 1 ` 41k 1 pmod 11q gives 8k 2 pmod 11q. I divided by 2 and then multiplied by 3 to get k 3 pmod 11q, so x 1 ` 41p3 ` 11mq 122 ` 451m, as expected. There are four solutions: 1, 122, 329, 451. I used tricks to solve these problems, but the tricks are not needed. For example, 8k 9 pmod 11q is equivalent to 8k ` 11j 9 so by Euler s method, k 1 j ` 1 3j which leads us to 8i ` 3j 1 or j 2i ` 1 2i. Selecting i 1 8 3 gives j 3 and k 3. That is, k 3 8 pmod 11q, as before.

Page 8 (c) How many solutions does the congruence x 2 1 pmod 4961q have? Justify your answer. Again, you are not allowed to use symbolic calculators or Excel. Solution: " As with* the previous problem, this one is equivalent to a system x 2 1 pmod 121q x 2. The bottom congruence has exactly two solutions; we 1 pmod 41q need to know how many solutions the top one has. If x 2 1 pmod 121q, then 121 x 2 1, or 121 px 1qpx ` 1q. This means 11 divides the product, so 11 x 1 or 11 x ` 1. Now 11 cannot divide both terms (if it did, then 11 would have to divide px ` 1q px 1q 2.) This means that which ever term is divisible by 11 is also divisible by 121. Thus, we have only two solutions to the congruence x 2 1 pmod 121q, and the original congruence will have 2 ˆ 2 4 solutions. There is one last issue: do these four solutions really have to be different? One way to check is to actually find them. Two are easy: 1 pmod 4961q or 1, 4960. The solution with x 1 pmod 121q, x 40 pmod 41q is not too hard to find: x 1 ` 121k 1 pmod 41q ñ 2k 2 pmod 41q so k 1 and x 122 The other will be its negative, -122 or 4839. Thus, we have 1, 122, 4839, 4960, four distinct solutions modulo 4961. Alternatively, we could give a proof as I do below. (d) Prove that if n km where m ą 2, k ą 2 and gcdpm, kq 1, then x 2 1 pmod nq has at least 4 solutions. Hint: use the Chinese Remainder Theorem. Solution: By the Chinese " Remainder* Theorem, then x 2 1 pmod nq is equivalent to the system 2 1 pmod kq x x 2. Since m ą 2, k ą 2, these congruences 1 pmod mq have at least two solutions: x 1. That is, 1 and -1 are not congruent modulo m or k because if they were, then their difference, 2, would have to be divisible by m or k. Thus, we have the solutions x 1 1 and x 2 km 1, which are different. What about x 3 with x 3 1 pmod mq, x 3 1 pmod kq or x 4 with x 4 1 pmod mq, x 4 1 pmod kq? In this case, x 3 x 1, x 2 because x 3 ı 1 pmod kq as x 1 is, and x 3 ı 1 pmod mq like x 2. Similarly, x 4 is distinct from both x 1 and x 2. Finally, x 3 x 4 because x 3 x 4 2 pmod mq so x 3 ı x 4 pmod mq. (e) If n 2p, where p is an odd prime, how many solutions does x 2 1 pmod nq have? What if n 4p? Solution: Since x 2 1 pmod 2q has a single solution x 1 pmod 2q (that is, x must be odd) and x 2 1 pmod pq has two, the Chinese Remainder Theorem says we have exactly 1 ˆ 2 2 solutions. They are 1 and 2p 1, of course.

Page 9 For x 2 1 pmod 4pq, we get two solutions from p and two more from 4: just trying x 0, 1, 2, 3, we see that only 1 and 3 are solutions x 2 1 pmod 4q, so we are back to 4 solutions. These solutions can be given explicitly: 1, 2p 1, 2p ` 1, 4p 1. I probably should have asked about x 2 1 pmod 8pq, which has 8 solutions, and x 2 1 pmod 2 k pq for k ą 3, which also has 8 solutions. That is, as k increases, we have two solutions for k 0, 1, four solutions for k 2 and 8 solutions for all k ě 3. 3. (15 points) This problem introduces a suped up version of Fermats Little theorem. It is the basis for the Miller-Rabin test (given in part c). Let p be an odd prime, and suppose that p 2 k m ` 1, where m is odd. For example, if p 47, then p 2 1 23 ` 1, if p 61, then p 2 2 15 ` 1, and if p 127, then p 2 7 1 ` 1. In these three cases, k 1, m 23 for 47, k 2, m 15 for 61, k 7, m 1 for 127. Given an integer a, with p ffl a, consider the sequence a m, a 2m, a 4m,, a 2km pmod pq. Here are some examples: Let p 41 2 3 5 ` 1. If a 2, then 2 5 32, 2 2 5 40 1 pmod 41q, 2 20 1 pmod 41q, 2 40 1 pmod 41q. The sequence is 32, -1, 1, 1. If we had used a 3, then a 5 38, a 10 9, a 20 1, a 40 1, and the sequence would be 38, 9, -1, 1. If we had picked a 10, the sequence would have been 1, 1, 1, 1. Note here that -1 means p 1. Also, one can calculate a m by the binary squaring algorithm, and all subsequent powers are obtained by squaring previous things in the sequence. (a) What is the sequence a m, a 2m, a 4m,, a 2km pmod pq if a 2, p 113? Solution: 113 1 ` 2 4 ˆ 7, so k 4, m 7. We have 2 7 128 15 pmod 113q, 2 14 112 1 pmod 113q, 2 28 2 56 2 112 1 pmod 113q. The sequence is 15, -1, 1, 1, 1. (b) What is the sequence a m, a 2m, a 4m,, a 2km pmod pq if a 3, p 113? Solution: Here, 3 7 40, 3 14 18, 3 28 98, 3 56 1 pmod 113q, so we get 40, 18, 98, -1, 1.

Page 10 (c) For general a and p with p ffl a, prove that either the sequence consists of all 1 s, or that the sequence has the form x 0, x 1,..., x j, 1, 1,..., 1. What this says is that the sequence a m, a 2m, a 4m,, a 2km pmod pq must end with 1, and if the sequence is not all 1 s, then it must contain -1. Hint: If we let the sequence be x 0, x 1,..., x k, then Fermat s Little Theorem tells us that x k 1. (Why?) Since each x i is x 2 i 1, we can use problem 2a and work backwards from x k. An alternative might be to use an extension of a factorization like a 40 1 pa 5 1qpa5`1qpa10`1qpa20`1q, which is divisible by 41 if gcdpa, 41q 1. Solution: Following the second hint, if A a m then a p 1 A 2k so a p 1 1 A 2k 1 pa 1qpA ` 1qpA 2 ` 1q pa 2k 1 ` 1q. Since p a p 1 1, p has to divide one of these terms. If it is the first term, then a m 1 pmod pq, and the sequence is all 1 s. If p A 2j ` 1, then x j 1 pmod pq, and the sequence becomes 1 s after that. Alternatively, x k 2 2k m 2 p 1 1 pmod pq, and x 2 k 1 x k pmod pq, so x 2 k 1 1 pmod pq. By problem 2 of the take home, this means x k 1 1 pmod pq. If x k 1 1, then our sequence is x 0,..., x k 2, 1, 1. The alternative is that x k 1 1 pmod pq. Now x 2 k 2 1 pmod pq, so x k 2 1 pmod pq. One possibility is that the sequence of x s is all 1 s. If this is not the case, then some last x j is 1, and the previous x j 1 is not 1. In this case, x 2 j 1 x j 1 pmod pq, so x j 1 1 pmod pq. Since we have said x j 1 ı 1 pmod pq, we are left with x j 1 1. (d) Any number n which does not have the property above for some a is not prime. For example, if n 341 2 2 85 ` 1, then 2 85 32 pmod 341q, 2 2 85 1 pmod 341q, so the sequence is 32, 1, 1, which does not pass through -1 to get to 1. This means 341 is not prime, even though it is a base 2 pseudoprime. It can be shown that for every composite number n, there is an a for which either x k ı 1 pmod nq or the sequences of x s does not pass through -1 to get to 1. Find the smallest values of a for the numbers n 561, a Carmichael number, and n 1373653. Solution: For n 561 2 4 ˆ 35 ` 1, we have 2 35 263, 2 70 166, 2 140 67, 2 280 1 pmod 561q. The sequence is 263, 166, 67, 1, 1, which does not pass through -1 so 561 can t be prime by this test, even though it is a base 2 pseudoprime. If n 1373653 2 2 ˆ 343413 ` 1, picking various values of a we have the table

Page 11 a x 0 x 1 x 2 2 890592-1 1 3 1 1 1 4-1 1 1 5 1199564 73782 1370388 so n passes the test for a 2, 3, 4 but fails for a 5. Some extra credit problems, if you are interested. 4. (3 points) With regard to question 1, prove that if q is a prime divisor of T p, where p is a prime, then q 1 pmod pq. 5. (10 points) Related to question 1, suppose we define R n 2 n ` 3 n and S n 2n ` 3 n, 5 when n is odd. How much of problem 1 can we do? That is, (a) How many n can you find with R n prime? With S n prime? Solution: I only found 1, 2, 4 for R n. With S n there are lots of examples. I found 10 with n ă 10000. These are n 3, 7, 11, 83, 149, 223, 599, 647, 1373, 8423. (b) Does R n or S n have a multiplicative property? That is, does R n always divide R mn? Does S n always divide S mn? Solution: I don t know of a divisibility property for R n but there is one for S n provided indices are odd numbers. (c) Can you give a necessary condition on n for R n to be prime? For S n to be prime? Solution: I won t prove anything here, but n must be a power of 2 for R n to be prime, and n must be prime for S n to be prime. (d) Must prime divisors of R p or S p congruent to 1 modulo p? 6. (2 points) With regard to problem 2, prove that if p is an odd prime then for all integers n ě 1, x 2 1 pmod p n q has exactly two solutions. You did the case n 1 in 2a. 7. (4 points) Related to problem 3 on the exam, if n pq, where p ą q are two odd primes, find conditions on p, q, and a so that n does not fail the compositeness test in question

Page 12 3, as described in 3d. That is, the sequences of x s is either all 1 s or passes through -1 on the way to 1. Use this to find numbers n pq for a 2, a 3, a 5. 8. (4 points) Possibly related to the previous question: (a) Suppose that p and q both divide 2 n 1 and that n p 1, n q 1. Prove that m pq is a base 2 pseudoprime. for example, 2 10 1 3 11 31, and 10 p11 1q, 10 p31 1q so 11 ˆ 31 341 is a base 2 pseudoprime. (b) How large of a base 2 pseudoprime can you find using this idea? You need m ą 341 for credit and I will give an extra point to the largest base 2 pseudoprime found by this method. 9. (8 points) This problem is related to our factoring homework. Let ωpnq be the number of distinct prime divisors of n. In class, I stated that on average, ωpnq «lnplnpnqq`.261, and this matched our results fairly well on our factoring homework. (a) Knowing how many distinct prime factors a random number has gives information on its largest prime divisor. Suppose that n is an average number with ωpnq distinct prime divisors. Let p be the largest prime divisor of n and suppose that n p n is also average. Then we should have ωpnq ω `1. If ωpnq lnplnpnqq`.261, p what does this tell us about the size of p? Your answer should be p «n α for some α. I have stated in class that α «.632. What I m looking for is the actual number. nÿ (b) To actually find ωpnq, first, show that tn{pu. k 1 ωpkq ÿ pďn (c) How bad of an approximation is it to replace tn{pu by n{p in the sum above? (d) There is a theorem that says ÿ 1 lnplnpnqq`.261`small error. Use this theorem p pďn and parts b, c to show that the average value of ωpkq for k ď n is approximately lnplnpnqq `.261.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback