MATH 3240Q Introduction to Number Theory Homework 5

Similar documents
St. Augustine, De Genesi ad Litteram, Book II, xviii, 37. (1) Note, however, that mathematici was most likely used to refer to astrologers.

Number Theory and Group Theoryfor Public-Key Cryptography

Homework #2 solutions Due: June 15, 2012

Math 324, Fall 2011 Assignment 7 Solutions. 1 (ab) γ = a γ b γ mod n.

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

A Readable Introduction to Real Mathematics

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

Ma/CS 6a Class 3: The RSA Algorithm

ICS141: Discrete Mathematics for Computer Science I

Congruence Classes. Number Theory Essentials. Modular Arithmetic Systems

Elementary Number Theory MARUCO. Summer, 2018

Example 2: Student work M ATHS COURSEWORK. Mathematics SL and HL teacher support material 1. Proving Euler s Totient Theorem

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Definition 6.1 (p.277) A positive integer n is prime when n > 1 and the only positive divisors are 1 and n. Alternatively

Senior Math Circles Cryptography and Number Theory Week 2

ECE596C: Handout #11

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Factoring Algorithms Pollard s p 1 Method. This method discovers a prime factor p of an integer n whenever p 1 has only small prime factors.

Homework Problems, Math 134, Spring 2007 (Robert Boltje)

Number Theory. Modular Arithmetic

Applied Cryptography and Computer Security CSE 664 Spring 2018

ASSIGNMENT Use mathematical induction to show that the sum of the cubes of three consecutive non-negative integers is divisible by 9.

MATH 310: Homework 7

Math 261 Spring 2014 Final Exam May 5, 2014

Number Theory and Algebra: A Brief Introduction

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

For your quiz in recitation this week, refer to these exercise generators:

Q 2.0.2: If it s 5:30pm now, what time will it be in 4753 hours? Q 2.0.3: Today is Wednesday. What day of the week will it be in one year from today?

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Basic elements of number theory

Theory of Numbers Problems

Basic elements of number theory

Chapter 8. Introduction to Number Theory

The RSA public encryption scheme: How I learned to stop worrying and love buying stuff online

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

The security of RSA (part 1) The security of RSA (part 1)

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

NUMBER THEORY FOR CRYPTOGRAPHY

CPSC 467b: Cryptography and Computer Security

Chapter 9 Mathematics of Cryptography Part III: Primes and Related Congruence Equations

Numbers. Çetin Kaya Koç Winter / 18

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

2 More on Congruences

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

D-MATH Algebra II FS18 Prof. Marc Burger. Solution 26. Cyclotomic extensions.

Wilson s Theorem and Fermat s Little Theorem

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

Public-Key Cryptosystems CHAPTER 4

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

Ma/CS 6a Class 4: Primality Testing

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

7. Prime Numbers Part VI of PJE

[Part 2] Asymmetric-Key Encipherment. Chapter 9. Mathematics of Cryptography. Objectives. Contents. Objectives

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

Public Key Cryptography

Part V. Chapter 19. Congruence of integers

Number Theory Homework.

THE RSA ENCRYPTION SCHEME

1 Structure of Finite Fields

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

EULER S THEOREM KEITH CONRAD

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

LECTURE NOTES IN CRYPTOGRAPHY

Euler s, Fermat s and Wilson s Theorems

Math.3336: Discrete Mathematics. Mathematical Induction

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

CIS 551 / TCOM 401 Computer and Network Security

Number Theory A focused introduction

Solution to Midterm Examination

Integers and Division

MATH 145 Algebra, Solutions to Assignment 4

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

A Guide to Arithmetic

Math 3140 Fall 2012 Assignment #3

Number Theory Math 420 Silverman Exam #1 February 27, 2018

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

Mathematical Foundations of Public-Key Cryptography

Beautiful Mathematics

Topics in Cryptography. Lecture 5: Basic Number Theory

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

WORKSHEET ON NUMBERS, MATH 215 FALL. We start our study of numbers with the integers: N = {1, 2, 3,...}

MATH /10/2008. The Setup. Archimedes and Quadrature

Part IA Numbers and Sets

Number Theory Alex X. Liu & Haipeng Dai

Iterated Encryption and Wiener s attack on RSA

Introduction to Cryptography. Lecture 6

Solutions to Practice Final 3

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

Encryption: The RSA Public Key Cipher

Number Theory Notes Spring 2011

Carmen s Core Concepts (Math 135)

Fall 2017 September 20, Written Homework 02

COMP4109 : Applied Cryptography

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Transcription:

The good Christian should beware of mathematicians, and all those who make empty prophecies. The danger already exists that the mathematicians have made a covenant with the devil to darken the spirit and to confine man in the bonds of Hell. (Quapropter bono christiano, sive mathematici (1), sive quilibet impie divinantium, maxime dicentes vera, cavendi sunt, ne consortio daemoniorum irretiant.) St. Augustine, De Genesi ad Litteram, Book II, xviii, 37. (1) Note, however, that mathematici was most likely used to refer to astrologers. Question 1. Calculate the least non-negative residue of 20! mod 23. Also, calculate the least non-negative residue of 20! mod 25. (Hint: Use Wilson s theorem.) Since 23 is a prime, by Wilson s theorem we know that 22! 1 mod 23. Therefore 20! (21 22) 1 mod 23. Moreover 21 22 ( 2)( 1) 2 mod 23. Thus: 20! 2 1 mod 23 and since the inverse of 2 is 12, we get 20! 12 11 mod 23. On the other hand 20! is divisible by 25, so 20! 0 mod 25. Question 2. Find the order of every non-zero element of Z/19Z Here is a list of congruence classes and their orders: class 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 order 1 18 18 9 9 9 3 6 9 18 3 6 18 18 18 9 9 2 You can calculate each one of these directly, but we will see better ways to calculate orders in Chapter 8, as follows: the modulus 19 is prime, thus, the order of any element must divide 18, so it must be 1, 2, 3, 6, 9 or 18. To finish the problem, simply go through the congruence classes 1, 2, 3,..., 18 and find their order by calculating a, a 2, a 3, a 6, a 9, a 18 mod 19 and stop once you find the first instance such that one of them is 1 mod 19. Notice that once you know that the order of 2 is 18, you can use the formula to find the order of every class. ord(2 n ) = 18 gcd(18, n) Question 3. Find the least non-negative residue of 2 47 mod 23. Since 23 is prime and 2 is not divisible by 23, FLT applies and 2 22 1 mod 23. Moreover, 47 = 2 22 + 3. Thus: 2 47 (2 22 ) 2 2 3 1 8 8 mod 23.

Question 4. Show that n 13 n is divisible by 2, 3, 5, 7 and 13 for all n 1. We will use repeatedly the fact that n p n mod p, for all n 1. In all cases we will show that n 13 n mod p for p = 2, 3, 5, 7 adn 13. By 2: n 13 (n 2 ) 6 n n 6 n (n 2 ) 3 n n 4 (n 2 ) 2 n 2 n mod 2. By 3: n 13 (n 3 ) 4 n n 5 n 3 n 2 n n 2 n 3 n mod 3. By 5: n 13 (n 5 ) 2 n 3 n 2 n 3 n 5 n mod 5. By 7: n 13 n 7 n 6 n n 6 n 7 n mod 7. By 13: n 13 n mod 13. Question 5. Show that n5 5 + n3 3 + 7n 15 is an integer for all n. If the number N = n5 5 + n3 3 + 7n 15 is an integer, then 15N = 3n5 + 5n 3 + 7n is an integer. Conversely, if 3n 5 + 5n 3 + 7n is an integer divisible by 15, then N is an integer. So let us prove that M = 3n 5 + 5n 3 + 7n is always divisible by 15. Since 15 = 3 5, it suffices to show that M is divisible by 3 and 5: By 3: M = 3n 5 + 5n 3 + 7n 2n 3 + n 2n + n 3n 0 mod 3. Notice that we used FLT to prove n 3 n mod 3 for all n. By 5: M = 3n 5 + 5n 3 + 7n 3n 5 + 2n 3n + 2n 0 mod 5. n 5 n mod 5, by FLT. Here we used Thus 3 and 5 divide M, so 15 divides M, and hence N = M/15 is an integer. Question 6. Let m = 2 15 1 = 32767. Prove the following: (a) The order of 2 mod m is 15. (b) The number 15 does not divide m 1 = 32766. (c) Use the previous parts to conclude that m is not prime (you are not allowed to find a factorization of m). The order of 2 mod m is 15. Indeed, 2 15 1 mod m because m = 2 15 1, and 2 d 1 mod m for any d < 15 because 2 d 1 < m for any d < 15. 15 does not divide m 1 = 32766. Indeed, m 1 = 32766 is clearly not divisible by 5, so it cannot be divisible by 15. Therefore, m cannot be prime because if m was prime, Fermat s Little theorem would imply that 2 m 1 1 mod m and, therefore, the order of 2 (which is 15) would divide m 1. Thus m cannot be prime.

Question 7. Prove that n 101 n is divisible by 33 for all n 1. We prove that n 101 n is divisible by 3 and 11. By 3: if n 0 mod 3 then n 101 0 n mod 3. If n 0 mod 3, then n 2 1 mod 3 and n 101 (n 2 ) 50 n n mod 3. By 11: if n 0 mod 11 then n 101 0 n mod 11. If n 0 mod 11 then n 10 1 mod 11 and n 101 (n 10 ) 10 n n mod 11. Thus, n 101 n is always divisible by 3 and 11, so it is divisible by 33. Question 8. Find the following values of Euler s phi function: φ(5), φ(6), φ(16), φ(11), φ(77), φ(10), φ(100), φ(100), φ(100 n ) for all n 1. Recall that φ(p n ) = p n 1 (p 1) if p is a prime and φ(ab) = φ(a)φ(b) if (a, b) = 1. The values are now a simple calculation. For example: φ(100 n ) = φ(2 2n 5 2n ) = φ(2 2n )φ(5 2n ) = 2 2n 1 (2 1)5 2n 1 (5 1) = 2 2n+1 5 2n 1. Question 9. Prove that ϕ(p n ) = p n 1 (p 1) = p n p n 1 if p is prime. By definition, ϕ(p n ) is the number of units in Z/p n Z. By definition, the units in Z/p n Z are those numbers between 1 and p n 1 which are relatively prime to p n, and thus relatively prime to p. Let s count the number of non-units instead, i.e. the elements of Z/p n Z which have a factor of p. These are: 0, p, 2p, 3p,..., p p, (p + 1)p, (p + 2)p,..., p n p = (p n 1 1)p. Therefore, Z/p n Z has p n elements and p n 1 non-units. Thus, the number of units must be: ϕ(p n ) = p n p n 1. Question 10. For each pair (a, b) below, calculate separately ϕ(ab), ϕ(a) and ϕ(b), and then verify that ϕ(ab) = ϕ(a)ϕ(b). (i) a = 3, b = 5, (ii) a = 4, b = 7, (iii) a = 5, b = 6, and (iv) a = 4, b = 6

a = 3, b = 5. Z/3Z has 2 units, Z/5Z has 4 units (see problem 7) and Z/15Z has 8 units: U 15 = {1, 2, 4, 7, 11, 13, 14}. a = 4,b = 7. Z/4Z has 2 units and Z/7Z has 6 units because 7 is prime. Z/28Z has 12 units: U 28 = {1, 3, 5, 9, 11, 13, 15, 17, 19, 23, 25, 27}. a = 5 and b = 6. Z/5Z has 4 units and Z/6Z has 2 units. Z/30Z has 8 units: U 30 = {1, 7, 11, 13, 17, 19, 23, 29}. If a = 4 and b = 6 then ϕ(24) ϕ(4) ϕ(6). Z/4Z has 2 units and Z/6Z has 2 units, but Z/24Z has 8 units: U 24 = {1, 5, 7, 11, 13, 17, 19, 23}. Question 11. The goal of this exercise is to provide an alternative proof of ϕ(ab) = ϕ(a)ϕ(b) if (a, b) = 1. 1. First, we will prove that ϕ(30) = ϕ(6)ϕ(5) as follows. Write down all the numbers 1 n 30 in 6 rows of 5 numbers 1 7 13 19 25 2 8 14 20 26 3 9 15 21 27 4 10 16 22 28 5 11 17 23 29 6 12 18 24 30 (a) Show that each row is a complete residue system modulo 5, hence each row has ϕ(5) numbers relatively prime to 5. (b) Show that each column is a complete residue system modulo 6, hence each column has ϕ(6) numbers relatively prime to 6. Show that all the numbers in each row are congruent modulo 6. (c) Show that if a number is relatively prime to 30, then there are in total ϕ(5) numbers in the same row that are relatively prime to 30. (d) Conversely, show that if a number is not relatively prime to 6, then none of the numbers in the same row are relatively prime to 30. (e) Conclude that ϕ(30) = ϕ(6)ϕ(5) = (ϕ(6) rows with units modulo 30)(ϕ(5) units in each row ). 2. Generalize the previous argument to prove that ϕ(ab) = ϕ(a)ϕ(b) if (a, b) = 1. We ll solve part (2) directly. Write the numbers ab in a table as follows:

Note that: 1 2 3... a a + 1 a + 2 a + 3... 2a 2a + 1 2a + 2 2a + 3... 3a....... (b 1)a + 1 (b 1)a + 2 (b 1)a + 3... ba Each row is congruent to 1, 2, 3,..., 0 mod a, thus, each row has exactly ϕ(a) elements relatively prime to a. Each column is a complete set of representatives modulo b. Why? Here is why. {0, 1, 2, 3,..., b 1} is a complete set of representatives modulo b. Since (a, b) = 1, a is a unit modulo b, and therefore {0, a, 2a, 3a,..., (b 1)a} is also a complete set of representatives modulo b. Finally, if we add a constant k to every number in a complete set of representatives, we obviously get back another complete set of representatives (we are simply shifting all numbers by k). Thus, {k, a+k, 2a+k, 3a+k,..., (b 1)a+k}, a column in our table, is a complete set of representatives mod b, for any k. Therefore, every column has exactly ϕ(b) elements relatively prime to b. Since a unit modulo ab is a number that is relatively prime to both a and b, there will be ϕ(a)ϕ(b) units modulo ab in the table: ϕ(a) columns relatively prime to a and ϕ(b) numbers in every column are relatively prime also to b. RSA: Public Key Cryptography Question 12. Read Section 7.5.2 in the book on RSA Public Key Cryptography. Question 13. Prove that RSA works and explain WHY it works (what theorem?), i.e. prove that with choices of p, q, n, d and e as above, if we form C M e mod n then M C d mod n. Notice that d and e are chosen so that d is the multiplicative inverse of e modulo ϕ(n). Hence, de = 1 + kϕ(n) for some k Z. Now one simply calculates: C d M ed M 1+kϕ(n) M (M ϕ(n) ) k M mod n because M ϕ(n) 1 mod n by Euler s Theorem. Notice that the message M needs to be relatively prime to n for this to work. But since n = pq, the gcd of n and M is 1 in most cases, so you only need to make sure to code your message in a way such that (M, n) = 1, which is easy to do. Question 14. Suppose there is a public key n = 2911 and e = 1867 and you intercept an encrypted message: 0785 0976 1594 0481 1560 2128 0917. 1. Can you crack the code and decipher the message?

2. Another message is sent with public key n = 54298697624741 and e = 1234567. Could you crack this code? How would you do it? In order to crack an RSA code, the fundamental problem is to be able to factor n. In this case, this is easily accomplished because n is small enough. Indeed: n = 41 71. Hence, we can calculate ϕ(n) = ϕ(41)ϕ(71) = 40 70 = 2800. Also, we can calculate d = e 1 modulo 2800: d (1867) 1 3 mod 2800. Now, we can start decoding the message, one block at a time: The full decoded message is: (0785) 3 1200 mod 2911, (0976) 3 1907 mod 2911,... 1200 1907 0818 0022 0418 1412 0423 When we translate the code back into letters (remember 00 = A, 01 = B,...) we get: MATHISAWESOMEX Hence, the original message was Math is awesome (and a letter X was added at the end to finish a four digit block). For the second part, one would first use a computer to factor n into primes, so that we can calculate ϕ(n): n = 54298697624741 = 7368743 7368787, ϕ(n) = ϕ(7368743 7368787) = 7368742 7368786 = 54298682887212. Next we would calculate the decoding exponent d as the solution of the linear congruence ed 1 mod ϕ(n), i.e., 1234567 d 1 mod 54298682887212. The solution is d = 47898735178447. Now, if we intercept a message M, then we just simply need to calculate M d mod n, i.e., again with the help of a computer. M d mod 54298697624741,

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback