MATH 145 Algebra, Solutions to Assignment 4

Similar documents
The security of RSA (part 1) The security of RSA (part 1)

Number Theory and Group Theoryfor Public-Key Cryptography

Number Theory Proof Portfolio

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

Exercises Exercises. 2. Determine whether each of these integers is prime. a) 21. b) 29. c) 71. d) 97. e) 111. f) 143. a) 19. b) 27. c) 93.

Introduction to Public-Key Cryptosystems:

Homework #2 solutions Due: June 15, 2012

Applied Cryptography and Computer Security CSE 664 Spring 2017

Basic elements of number theory

Basic elements of number theory

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Elementary Number Theory MARUCO. Summer, 2018

4 Number Theory and Cryptography

PMA225 Practice Exam questions and solutions Victor P. Snaith

3 The fundamentals: Algorithms, the integers, and matrices

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

A Readable Introduction to Real Mathematics

Math 109 HW 9 Solutions

Integers and Division

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

Carmen s Core Concepts (Math 135)

4 Powers of an Element; Cyclic Groups

Notes on Systems of Linear Congruences

12x + 18y = 50. 2x + v = 12. (x, v) = (6 + k, 2k), k Z.

Ma/CS 6a Class 4: Primality Testing

Public Key Cryptography

1. Algebra 1.7. Prime numbers

MATH 145 Algebra, Solutions to Assignment 4

Chapter 2. Divisibility. 2.1 Common Divisors

INTEGERS. In this section we aim to show the following: Goal. Every natural number can be written uniquely as a product of primes.

CPSC 467b: Cryptography and Computer Security

Elementary Number Theory Review. Franz Luef

Know the Well-ordering principle: Any set of positive integers which has at least one element contains a smallest element.

Theory of RSA. Hiroshi Toyoizumi 1. December 8,

Iterated Encryption and Wiener s attack on RSA

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

Simultaneous Linear, and Non-linear Congruences

Number Theory Solutions Packet

Discrete Mathematics with Applications MATH236

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

LINEAR CONGRUENCES AND LINEAR DIOPHANTINE EQUATIONS

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Number Theory Marathon. Mario Ynocente Castro, National University of Engineering, Peru

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Math From Scratch Lesson 20: The Chinese Remainder Theorem

Number Theory Marathon. Mario Ynocente Castro, National University of Engineering, Peru

NUMBER THEORY AND CODES. Álvaro Pelayo WUSTL

CPSC 467: Cryptography and Computer Security

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

Ma/CS 6a Class 2: Congruences

ASSIGNMENT Use mathematical induction to show that the sum of the cubes of three consecutive non-negative integers is divisible by 9.

MATH 4400 SOLUTIONS TO SOME EXERCISES. 1. Chapter 1

Math 312/ AMS 351 (Fall 17) Sample Questions for Final

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

1 Overview and revision

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Number theory. Myrto Arapinis School of Informatics University of Edinburgh. October 9, /29

CISC-102 Fall 2017 Week 6

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

Some Facts from Number Theory

Mathematical Foundations of Public-Key Cryptography

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Chapter 3 Basic Number Theory

An Introduction to Mathematical Thinking: Algebra and Number Systems. William J. Gilbert and Scott A. Vanstone, Prentice Hall, 2005

Applied Cryptography and Computer Security CSE 664 Spring 2018

ECE596C: Handout #11

Generalized Splines. Madeline Handschy, Julie Melnick, Stephanie Reinders. Smith College. April 1, 2013

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Ma/CS 6a Class 4: Primality Testing

CPSC 467b: Cryptography and Computer Security

Number Theory A focused introduction

CMPUT 403: Number Theory

Number theory (Chapter 4)

Introduction to Number Theory

p = This is small enough that its primality is easily verified by trial division. A candidate prime above 1000 p of the form p U + 1 is

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Number Theory Math 420 Silverman Exam #1 February 27, 2018

CS2800 Questions selected for fall 2017

The Chinese Remainder Theorem

a the relation arb is defined if and only if = 2 k, k

SOLUTIONS TO PROBLEM SET 1. Section = 2 3, 1. n n + 1. k(k + 1) k=1 k(k + 1) + 1 (n + 1)(n + 2) n + 2,

1. multiplication is commutative and associative;

Chapter 8 Public-key Cryptography and Digital Signatures

LECTURE NOTES IN CRYPTOGRAPHY

Math Circle Beginners Group February 28, 2016 Euclid and Prime Numbers Solutions

Introduction to Number Theory

10 Problem 1. The following assertions may be true or false, depending on the choice of the integers a, b 0. a "

Number Theory Notes Spring 2011

ICS141: Discrete Mathematics for Computer Science I

Congruence of Integers

MATH 361: NUMBER THEORY FOURTH LECTURE

Math.3336: Discrete Mathematics. Mathematical Induction

1 Recommended Reading 1. 2 Public Key/Private Key Cryptography Overview RSA Algorithm... 2

Number theory (Chapter 4)

Solutions to Practice Final 3

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Ma/CS 6a Class 2: Congruences

PUTNAM TRAINING NUMBER THEORY. Exercises 1. Show that the sum of two consecutive primes is never twice a prime.

Transcription:

MATH 145 Algebra, Solutions to Assignment 4 1: a) Find the inverse of 178 in Z 365. Solution: We find s and t so that 178s + 365t = 1, and then 178 1 = s. The Euclidean Algorithm gives 365 = 178 + 9 178 = 19 9 + 7 9 = 1 7 + 7 = 3 + 1 = 1 + 0 so gcd178, 365) = 1, then back substitution gives u k = 1, 3, 4, 79, 16, so 178)16) + 365) 79) = 1 and hence 178 1 = 16. b) Solve the linear congruence 356 x = 8 mod 730. Solution: Notice that by dividing all terms by, we have 356 x = 8 mod 730 178 x = 14 mod 375. Working in Z 365, we multiply both sides of the equation 178 x = 14 by 178 1 = 16 to get x = 16 14 = 68 = 78. Thus for x Z we have 356 x = 8 mod 730 x = 78 mod 365. c) Find 53 470654 mod 37. Solution: Note that 53 = 5 mod 37, so 53 470654 = 5 470654 mod 37. Since φ37) = 36, the list of powers of 5 modulo 37 repeats every 36 terms, and so we wish to find 470 654 mod 36. Since 470 = mod 36 we have 470 654 = 654 mod 36. We make a list of powers of modulo 36: k 1 3 4 5 6 7 8 k 4 8 16 3 8 0 4 The table shows that the list of powers of modulo 36 repeats every 6 terms beginning with the term = 4 this also follows from Part b) of Problem 3). Since 654 = 0 = 6 mod 6 we have 654 = 6 = 8 mod 36. Thus 53 470654 = 5 470654 = 5 654 = 5 6 = 5 8 mod 37. We make a list of powers of 5 modulo 37: We remark that a calculator is not needed because k 1 4 8 16 8 5 k 5 5 33 16 34 7 5 8 = 5 16+8+4 = 5 16 5 8 5 4 = 34 16 33 = 3)16) 4) = 16 1 = 3 6 = 5)6) = 30 = 7 mod 37. Thus 53 470654 = 5 8 = 7 mod 37. d) Solve the pair of congruences 5x = 9 mod 14 and 17x = 3 mod 30. Solution: We have 5x = 9 mod 14 5x {, 5, 9, 3, }. By inspection, one solution to the first congruence is given by x = 1 and, since gcd5, 14) = 1, the general solution is given by x = 1 mod 14. To get 17x = 3 mod 30 we need 17x + 30y = 3 for some y Z. The Euclidean Algorithm gives 30 = 1 17 + 13, 17 = 1 13 + 4, 13 = 3 4 + 1 so that d = gcd17, 30) = 1, and then Back-Substitution gives the sequence 1, 3, 4, 7 so that 17 7)+304) = 1. Multiply by 3 to get 17 1)+301) = 3, and so one solution to the second congruence is x = 1 and the general solution is x = 1 = 9 mod 30. Thus the two given congruences are equivalent to the two congruences x = 1 mod 14 1) and x = 9 mod 30 ). To solve these two congruences we try to find k, l Z so that x = 1 + 14k = 9 + 30l. We need 14k 30l = 10. Divide by to get 7k 15l = 5. By inspection, one solution is given by k, l) = 10, 5). Put k = 10 into the equation x = 1 + 14k toget x = 141, and so x = 141 is one solution to the pair of congruences 1) and ). Since gcd14, 30) = so that lcm14, 30) = 14 30 = 10, the general solution is x = 141 mod 10, or equivalently x = 69 mod 10.

: Let a, b and c be non-zero integers. The greatest common divisor d = gcda, b, c) is the largest positive integer d such that d a, d b and d c, and the least common multiple m = lcma, b, c) is the smallest m Z + such that a m, b m and c m. a) Show that gcda, b, c) = gcd gcda, b), c ) and lcma, b, c) = lcm lcma, b), c ). Solution: Let d = gcda, b, c), e = gcda, b) and f = gcde, c). Since d is a common divisor of a and b and e = gcda, b), we have d e. Thus d is a common divisor of e and c, so since f is the greatest common divisor of e and c) we must have d f. On the other hand, since f e and e a we have f a, and since f e and e b we have f b. Thus f is a common divisor of a and b, and f also divides c, so since d is the greatest common divisor of a, b and c), we must have f d. Thus d = f, that is gcda, b, c) = gcd gcda, b), c ). We claim that for nonzero integers a and b and for l = lcma, b), if m is a common multiple of a and b then l m I think we proved this in one of the two sections of the class, but here is an alternate proof. Let d = gcda, b) and recall that ab = ld and that gcd a d, d) b = 1. Let m be a common multiple of a and b and choose integers s and t so that m = as = bt. Divide through by d to get a d s = b d t. Since a b d d t and gcd a d, ) b d = 1 it follows that a d t, say t = a d r. Then we have m = bt = b a d r = ab d r = lr and so l ) m, as required. The proof that lcma, b, c) = lcm lcma, b), c is now very similar to the proof that gcda, b, c) = gcd gcda, b), c ), and we omit it. b) Show that for any integers a, b, c, e, the linear diophantine equation ax + by + cz = e has a solution if and only if gcda, b, c) e. Solution: Suppose first that ax + by + cz = e has a solution, say as + bt + cu = e, and let d = gcda, b, c). Since d a, d b and d c, we can choose k, l and m so that a = dk, b = dl and c = dm. Then as + bt + cu = e = dks + dlt + dmu = e = dks + lt + mu) = e and so d e. Conversely, suppose that d e where again we let d = gcda, b, c). By Bézout s Lemma that is by the Euclidean Algorithm with Back-Substitution), we can choose integers s and t such that as + bt = gcda, b). Since d e, by Part a), we have gcd gcda, b), c) e, and so, by the Linear Diophantine Equation Theorem, we can choose integers u and v so that gcda, b)u + cv = e. Since as + bt = gcda, b) and gcda, b)u + cv = e, we have asu + btu + cv = e, so the diophantine equation ax + by + cz = e does indeed have a solution. c) Show that for any integers a 1, a, a 3 and for any positive integers n 1, n, n 3, the system of three congruences x = a k mod n k for k = 1,, 3 has a solution if and only if gcdn k, n l ) al a k ) for all k, l and that if x 0 is one solution then the general solution is x = x 0 mod lcmn 1, n, n 3 ). Solution: We shall need a formula. Let p be a prime. Let k i = e p n i ) for i = 1,, 3. Then e p gcd ) ) lcmn 1, n ), n 3 = min e p lcmn1, n ) ) ), k 3 = min ) maxk 1, k ), k 3 { } mink1, k 3 ) if k 1 k = = max mink 1, k 3 ), mink, k 3 ) ) mink, k 3 ) if k 1 k = max e p gcdn1, n 3 ) ), e p gcdn, n 3 ) )) = e p lcm gcdn 1, n 3 ), gcdn, n 3 ) )). Since this holds for all primes p, we obtain the formula gcd lcmn 1, n ), n 3 ) = lcm gcdn1, n 3 ), gcdn, n 3 ) ). 1) If the system of 3 congruences x = a i mod n i has a solution, then each pair of congruences x = a k mod n k and x = a l mod n l has a solution, and it follows from the version of the CRT that we proved in class that gcdn k, n l ) al a k ) for all k, l. Conversely, suppose that gcdn k, n l ) al a k ) for all k, l. By the version of the CRT that we proved in class, the pair of congruences x = a 1 mod n 1 and x = a mod n has a solution, say x = b, and the general solution is x = b mod lcmn 1, n ). Thus the original system of 3 congruences is equivalent to the pair of congruences x = b mod lcmn 1, n ) and x = a 3 mod n 3. Since b = a 1 mod n 1 we have a 3 b = a 3 a 1 mod n 1 and hence a 3 b = a 3 a 1 mod gcdn 1, n 3 ). Since gcdn 1, n 3 ) a3 a 1 ) we have a 3 b = a 3 a 1 = 0 mod gcdn 1, n 3 ) and so gcdn 1, n 3 ) a3 b). Similarly gcdn, n 3 ) a 3 b). Since a 3 b is a common multiple of gcdn 1, n 3 ) and gcdn, n 3 ) it follows that lcm gcdn 1, n 3 ), gcdn, n 3 ) ) a3 b). By Formula 1), we have gcd ) lcmn 1, n ), n a3 3 b). By the version of the CRT that we proved in class, the pair of congruences x = b mod lcmn 1, n ) and x = a 3 mod n 3, and hence the original system of 3 congruences, does have a solution, and if x 0 is one solution then the general solution is x = x 0 mod lcm ) lcmn 1, n ), n 3 = x0 mod lcmn 1, n, n 3 ).

3: a) Solve the following system of congruences. Solution: Modulo 10 we have x = x + 6 mod 10 x 3 = 7 mod 9 x = 11 mod 4 x 0 1 3 4 5 6 7 8 9 x 0 1 4 9 6 5 6 9 4 1 x + 6 6 7 8 9 0 1 3 4 5 so x = x + 6 mod 10 x = 3 or 8 mod 10 x = 3 mod 5. Modulo 9 we have x 0 1 3 4 5 6 7 8 x 0 1 4 0 7 7 0 4 1 x 3 0 1 8 0 1 8 0 1 8 x 3 0 7 0 7 0 7 so x 3 = 7 mod 9 x =, 5 or 8 mod 9 x = mod 3. Thus we need to solve the 3 equations x = 3 mod 5 x = mod 3 x = 11 mod 4 By inspection, one solution to the first two of these equations is x 0 = 8, so by the C.R.T. the complete solution is x = 8 mod 15. Thus we need to solve the pair of equations x = 8 mod 15 x = 11 mod 4 We need x = 8 + 15k = 11 + 4l 1) for some k, l, so we solve 15k 4l = 3. Divide this equation by 3 to get 5k 8l = 1. By inspection, one solution is k 0, l 0 ) = 3, ). Put k 0 or l 0 ) into 1) to get one solution x 0 = 8 + 15k 0 = 8 45 = 37. Also, lcm15, 4) = 10, so by the C.R.T the complete solution is x = 37 = 83 mod 10. k b) Let n = p 1 k k 1 p p r r where the p i are distinct primes and each k i 1. Let Show that a l+m = a m mod n for all a Z. l = lcm φ p 1 k 1 ),, φ pr k r )) and m = max { k1,, k r }. Solution: Let a Z. Fix an index i with 1 i r. If p i k a then p i i a ki k and hence p i i a m since m k i. Thus in this case we have a m k = 0 mod p i i and so a l+m = a l a m = 0 = a m k mod p i i. If p i a then by the Euler-Fermat Theorem we have a φpik i ) k = 1 mod p i i and so a c k = 1 mod p i k i for every multiple c of φp i i ). In particular a l k = 1 mod p i i and hence a l+m = a l a m = a m k mod p i i. In either case, we have a l+m = a m k mod p i i. Since a l+m = a m k mod p i i for every i with 1 i r, it follows from the Chinese Remainder Theorem that a l+m = a m mod n.

4: For n, b Z + with gcdb, n) = 1, if n is composite and b n 1 = 1 mod n, then we say b is a Fermat liar and we say n is a base b pseudo-prime. For n Z +, we say n is a Carmichael number when n is a base b pseudo-prime for every b Z + with gcdb, n) = 1. a) Show that 91 is a base 3 pseudo-prime. Solution: Note that 91 = 7 13, so 91 is composite. Since lcm φ7), φ13) ) = lcm6, 1) = 1, powers repeat every 1 terms modulo 91. Since 90 = 6 mod 1 we have 3 91 = 3 6 = 79 = 1 mod 91. b) Show that if n = p 1 p p l where l and the p i are distinct primes which satisfy p i 1) n 1) for all indices i, then n is a Carmichael number we remark that the converse is also true). Solution: Suppose that n = p 1 p p l where the p i are distinct primes with p i 1) n 1). Let b Z + with gcdb, n) = 1. Fix an index i. Since gcdb, n) = 1 we have p i b and so b p i 1 = 1 mod p i by Fermat s Little Theorem. Since b pi 1 = 1 mod p i and p i 1) n 1), we also have b n 1 = 1 mod p i. Since b n 1 = 1 mod p i for every index i, it follows from the Chinese Remainder Theorem that b n 1 = 1 mod n. Thus n is a base b pseudo prime. Since b was an arbitrary integer with gcdb, n) = 1, n is a Carmichael number. c) Show that if n = p 1 p p l where l and the p i are distinct primes which satisfy p i 1) n 1) for all indices i so that n is a Carmichael number, by Part b)) then n is odd and l 3. Solution: Since l, at least one of the primes p i is odd, say p k is odd. Since p k 1 is even and p k 1) n 1), it follows that n 1) is even and so n is odd. Suppose, for a contradiction, that n is a Carmichael number of the form n = pq where p and q are primes with p < q and we have p 1) n 1) and q 1) n 1). Note that n 1 = pq 1 = pq 1) + p 1). Since q 1) n 1) we have q 1) n 1) pq 1), that is p 1) p 1). But this implies that q p. d) Find distinct primes p and q such that 145 p and 145 q are both Carmichael numbers. Solution: We try to obtain n = 5 9 p with 4 n 1), 8 n 1) and p 1) n 1). Note that 4 n 1) = n = 1 mod 4 = 5 9 p = 1 mod 4 = p = 1 mod 4, and 8 n 1) = n = 1 mod 8 = 5 9 p = 1 mod 8 = 5p = 1 mod 8 = p = 17 mod 8 so we need to have p = 17 mod 8, that is p = 17, 45, 73, 101, 19,. By trying some of the primes in this list we find that p = 17 and p = 73 both satisfy p 1) n 1), so they both yield Carmichael numbers, so we can take p = 17 and q = 73. The corresponding Carmichael numbers are n = 5 9 17 = 7395 and n = 5 9 73 = 10585). Alternatively, rather than simply trying some of the infinitely many) primes in the list, we can be more selective as follows. Note that n 1 = 5 9 p 1 = 145 p 1 = 145p 1) + 144 and so p 1) n 1) p 1) 145p 1)+144 ) p 1) 144. Thus it is enough to test each of the finitely many) primes p = 17 mod 8 with p 145 = 5 9 to see whether p 1) 144. According to the remark at the end of Part b), this implies that p = 17 and q = 73 are the only two primes for which 145 p and 145 q are Carmichael numbers.

5: a) Let n = pq where p and q are large distinct primes. Recall that if we write n 1 = s k with k odd, then a Z is called a strong) witness for n when a k 1 mod n and a rk 1 mod n for all r with 0 r < s. i) Show that, given φn), we can find the values of p and q using an efficient algorithm). Solution: Using n = pq we have Also, assuming p > q, we have p 1)q 1) = φn) pq p q + 1 = φn) n p q + 1 = φn) q + p = n φn) + 1. q p) = q + p) 4pq p q = q + p) 4n Note that once we have determined the values of u = p + q and v = p q we have p = u+v and q = u v. ii) Show that, given that p q r for some fixed and fairly small value of r, we can find p and q. Solution: Suppose that p q = r with r fairly small. Since p + q) p q) = 4pq = 4n, it follows that p + q) is a perfect square between 4n and 4n + r, and that p q) = p + q) 4n. Since r is fairly small, there are not many such perfect squares. For each positive integer u with 4n < u 4r + r, we test to see if u 4n is a perfect square and if it is, say u 4n = v with v > 0, then we let p = u+v and q = u v and check to see whether pq = n. iii) Show that, given a Z with a = 1 mod n and a ±1 mod n, we can find p and q. Solution: Suppose we are given a Z with a = 1 mod n and a ±1 mod n. Since a = 1 mod n we have n a 1). Since p and q both divide n, and n divides a 1, it follows that p and q both divide a 1 = a + 1)a 1). Since p a + 1)a 1) and p is prime, either p a + 1) or p a 1). Similarly, either q a + 1) or q a 1). Note that p and q cannot both divide a + 1) because if we had p a + 1) and q a + 1) then we would have a = 1 mod p and a = 1 mod q and hence a = 1 mod n by the Chinese Remainder Theorem. Similarly, p and q cannot both divide a 1. Thus one of the primes p and q divides a + 1 and the other divides a 1. Let us say that p divides a + 1. Since p a + 1) and q a + 1) and n = pq it follows that p = gcda + 1, n), which we can calculate using the Euclidean Algorithm. Similarly, q = gcda 1, n). iv) Show that, given a Z which is a Fermat liar and a strong witness for n, we can find p and q. Solution: Suppose we are given a Fermat liar a which is a witness for n. Write n = s k with k odd. Since a is a Fermat liar we have a sk = a n 1 = 1 mod n. Since a is a witness for n we have a 0k = a k 1 mod n and a rk 1 mod n for all 0 r < s. Let t be the smallest positive integer such that a tk = 1 mod n and let b = a t 1k. Then b ±1 mod n and b = a tk = 1 mod n. Thus we can find p and q by the method of Part iii). b) Show that if many users choose a small value for their encryption key then the RSA scheme can be weak. To be specific, show that if A sends the same message m to three individuals B 1, B and B 3 who have public keys n i, e i ) which all use the same encryption key e i = 3, then an eavesdropper E who intercepts the three encrypted messages c i = m 3 mod n i can recover the original message m. Solution: Suppose that B 1, B and B have public keys n 1, e 1 ), n, e ) and n 3, e 3 ) with e 1 = e = e 3 = 3. Suppose, further, that the three numbers n 1, n and n 3 are distinct this additional assumption should have been indicated in the statement of the problem). Suppose that 0 m < n i for all i and that E knows the values of c i = m 3 mod n i for all i. Case 1: suppose that two of the numbers n i are not coprime, say gcdn 1, n ) 1. Since n 1 n and each of n 1 and n is a product of two primes, it follows that p = gcdn 1, n ) is a prime and that n 1 = pq 1 and n = pq where p, q 1, q are distinct primes. After finding p = gcdn 1, n ) using the Euclidean Algorithm, E obtains q 1 = n 1 /p and then E can calculate φ 1 = p 1)q 1 1), then d 1 = e 1 1 mod φ 1, then m = c 1 d 1 mod n 1. Case : suppose that all three of the numbers n 1, n and n 3 are coprime. Then E can solve the system of congruences x = c i mod n i, i = 1,, 3. If x = u is a solution then the general solution is x = u mod n 1 n n 3, so E can find the unique solution x = v with 0 v < n 1 n n 3. Since m 3 = c i mod n i for all i, we see that m 3 is a solution to the system, and since 0 m < n i for all i, we have 0 m 3 < n 1 n n 3, and so m 3 = v. Thus E can recover the message m by calculating the cubed root of v in Z say by using Newton s Method for finding cubed roots).

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback