Practice Number Theory Problems

Similar documents
2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

2x 1 7. A linear congruence in modular arithmetic is an equation of the form. Why is the solution a set of integers rather than a unique integer?

Number Theory. Modular Arithmetic

Chuck Garner, Ph.D. May 25, 2009 / Georgia ARML Practice

2.3 In modular arithmetic, all arithmetic operations are performed modulo some integer.

COMP239: Mathematics for Computer Science II. Prof. Chadi Assi EV7.635

4 Powers of an Element; Cyclic Groups

Lecture 14: Hardness Assumptions

Basic elements of number theory

Basic elements of number theory

This is a recursive algorithm. The procedure is guaranteed to terminate, since the second argument decreases each time.

Winter Camp 2009 Number Theory Tips and Tricks

CHAPTER 6. Prime Numbers. Definition and Fundamental Results

An integer p is prime if p > 1 and p has exactly two positive divisors, 1 and p.

Lecture 11: Number Theoretic Assumptions

2301 Assignment 1 Due Friday 19th March, 2 pm

MTH 346: The Chinese Remainder Theorem

Solution Sheet (i) q = 5, r = 15 (ii) q = 58, r = 15 (iii) q = 3, r = 7 (iv) q = 6, r = (i) gcd (97, 157) = 1 = ,

Number Theory Proof Portfolio

CIS 6930/4930 Computer and Network Security. Topic 5.1 Basic Number Theory -- Foundation of Public Key Cryptography

Discrete Mathematics and Probability Theory Fall 2013 Vazirani Note 3

MATH 3240Q Introduction to Number Theory Homework 4

CPSC 467b: Cryptography and Computer Security

Integers and Division

Lecture notes: Algorithms for integers, polynomials (Thorsten Theobald)

Number Theory Alex X. Liu & Haipeng Dai

CHAPTER 3. Congruences. Congruence: definitions and properties

The Euclidean Algorithm and Multiplicative Inverses

a the relation arb is defined if and only if = 2 k, k

Modular Arithmetic Instructor: Marizza Bailey Name:

cse547, math547 DISCRETE MATHEMATICS Professor Anita Wasilewska

ALG 4.0 Number Theory Algorithms:

ALGEBRA. 1. Some elementary number theory 1.1. Primes and divisibility. We denote the collection of integers

Outline. Number Theory and Modular Arithmetic. p-1. Definition: Modular equivalence a b [mod n] (a mod n) = (b mod n) n (a-b)

NOTES ON SIMPLE NUMBER THEORY

ECE596C: Handout #11

MATH 433 Applied Algebra Lecture 4: Modular arithmetic (continued). Linear congruences.

1. multiplication is commutative and associative;

3 The fundamentals: Algorithms, the integers, and matrices

CPSC 467: Cryptography and Computer Security

1 Overview and revision

2 Arithmetic. 2.1 Greatest common divisors. This chapter is about properties of the integers Z = {..., 2, 1, 0, 1, 2,...}.

Ma/CS 6a Class 2: Congruences

Number Theory. CSS322: Security and Cryptography. Sirindhorn International Institute of Technology Thammasat University CSS322. Number Theory.

Number Theory Homework.

The Fundamental Theorem of Arithmetic

Elementary Number Theory Review. Franz Luef

CS March 17, 2009

Notes. Number Theory: Applications. Notes. Number Theory: Applications. Notes. Hash Functions I

Lecture 4: Number theory

M381 Number Theory 2004 Page 1

EUCLID S ALGORITHM AND THE FUNDAMENTAL THEOREM OF ARITHMETIC after N. Vasiliev and V. Gutenmacher (Kvant, 1972)

Some Facts from Number Theory

Chapter 4 Finite Fields

CMPUT 403: Number Theory

4 Number Theory and Cryptography

Congruence of Integers

An Algorithm for Prime Factorization

CIS 551 / TCOM 401 Computer and Network Security

ICS141: Discrete Mathematics for Computer Science I

Number Theory: Applications. Number Theory Applications. Hash Functions II. Hash Functions III. Pseudorandom Numbers

CS 5319 Advanced Discrete Structure. Lecture 9: Introduction to Number Theory II

Discrete Mathematics with Applications MATH236

MATH 501 Discrete Mathematics. Lecture 6: Number theory. German University Cairo, Department of Media Engineering and Technology.

Number Theory. Zachary Friggstad. Programming Club Meeting

Outline. Some Review: Divisors. Common Divisors. Primes and Factors. b divides a (or b is a divisor of a) if a = mb for some m

Outline. AIT 682: Network and Systems Security. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

Modular Arithmetic. Examples: 17 mod 5 = 2. 5 mod 17 = 5. 8 mod 3 = 1. Some interesting properties of modular arithmetic:

8 Primes and Modular Arithmetic

Topics in Cryptography. Lecture 5: Basic Number Theory

Proof 1: Using only ch. 6 results. Since gcd(a, b) = 1, we have

Introduction to Public-Key Cryptosystems:

Math 299 Supplement: Modular Arithmetic Nov 8, 2013

CSC 474 Network Security. Outline. GCD and Euclid s Algorithm. GCD and Euclid s Algorithm Modulo Arithmetic Modular Exponentiation Discrete Logarithms

7. Prime Numbers Part VI of PJE

Intermediate Math Circles February 29, 2012 Linear Diophantine Equations I

I Foundations Of Divisibility And Congruence 1

For your quiz in recitation this week, refer to these exercise generators:

Finite Fields. Mike Reiter

All variables a, b, n, etc are integers unless otherwise stated. Each part of a problem is worth 5 points.

Chapter 1 A Survey of Divisibility 14

Basic Algorithms in Number Theory

OWO Lecture: Modular Arithmetic with Algorithmic Applications

CS250: Discrete Math for Computer Science

Lecture 5: Arithmetic Modulo m, Primes and Greatest Common Divisors Lecturer: Lale Özkahya

Public Key Cryptography

Numbers. Çetin Kaya Koç Winter / 18

Elementary Properties of the Integers

Discrete Mathematics GCD, LCM, RSA Algorithm

Algorithmic number theory. Questions/Complaints About Homework? The division algorithm. Division

Ch 4.2 Divisibility Properties

MATH FINAL EXAM REVIEW HINTS

7.2 Applications of Euler s and Fermat s Theorem.

Foundations of Computer Science Lecture 10 Number Theory

Discrete Mathematics and Probability Theory Fall 2018 Alistair Sinclair and Yun Song Note 6

Homework #2 solutions Due: June 15, 2012

CSC 474 Information Systems Security

Lecture 17: Constructions of Public-Key Encryption

SOLUTIONS Math 345 Homework 6 10/11/2017. Exercise 23. (a) Solve the following congruences: (i) x (mod 12) Answer. We have

NUMBER SYSTEMS. Number theory is the study of the integers. We denote the set of integers by Z:

Transcription:

Massachusetts Institute of Technology Handout 9 6.857: Network and Computer Security March 21, 2013 Professor Ron Rivest Due: N/A Problem 3-1. GCD Practice Number Theory Problems (a) Compute gcd(85, 289) using Euclid s extended algorithm. Then compute x and y such that 85x + 289y = gcd(85, 289). Recall Euclid s extended algorithm:... a = bq 1 + r 1 b = r 1 q 2 + r 2 r n 1 = r n q n+1 + r n+1. We stop when we reach a remainder of 0, that is, when r n+1 = 0. We obtain gcd(a, b) = r n. Fact 1 For all a, b N, if gcd(a, b) = d, then there exists x, y Z such that ax + by = d. To compute x and y from Fact 1, we can use Euclid s extended algorithm above: starting from r n, we iterate backwards, by expressing r n in terms of r i, a and b, for i decreasing until r n is expressed in terms of a and b only, as in the example below. Let s apply Euclid s extended algorithm to compute gcd(289, 85). 289 = 85 4 + 34 85 = 34 2 + 17 34 = 17 2 + 0 The gcd is the last remainder, non-zero: 17. Let s now work backwards and compute x and y: 17 = 85 34 2 = 85 (289 85 4) 2 = 85 289 2 + 85 8 = 85 9 289 2, and thus x = 9 and y = 2. (b) Show that if k mn, but gcd(m, k) = 1 then k n. Let s first argue intuitively: since k divides m and n and k has no factors in common with m, it must be that all factors of k divide n and hence k divides n. Let s prove this statement formally: k mn implies that q s.t. mn = kq. (1) Since gcd(m, k) = 1, we know by Fact 1 that there exists x, y s.t. mx + ky = 1 and therefore m = (1 ky)/x. By replacing m in Eq. (1), we obtain n(1 ky) = xkq and thus n = nky + xkq = k(ny + xq) so k n. Someone asked me in recitation if it is ok that k is multiplied by a term containing n: the term (ny + xq). The reason this is fine is that all we need from ny + xq is to be an integer, which it is because all of n, y, x, q Z. Then, we get that n equals k times some integer, which means that n is a multiple of k.

2 6.857 : Handout 9: Practice Number Theory Problems (c) Show that if m > n then gcd(m, n) = gcd(m n, n). Let d = gcd(m, n). We know that d m and d n so d m n. Indeed, d is now a common divisor of m n and n. To show that d is the largest such divisor, assume by contradiction that it is not the largest divisor. That is, assume that there exists a divisor d > d such that d m n and d n. This means that d m and that gcd(m, n) d > d, which achieves a contradiction. (d) Show that gcd(m, n) is a linear combination of m and n. Write 1 as a linear combination of 18 and 31. The first part of this problem follows trivially from Fact 1. The second part just involves computing the Euler s extended algorithm: 31 = 18 1 + 13 18 = 13 1 + 5 13 = 5 2 + 3 5 = 3 1 + 2 3 = 2 1 + 1 2 = 1 2 + 0 Working backwards (the first equality of each line indicates a substitution from the equations above): 1 = 3 2 1 = 3 (5 3) = 3 2 5 = (13 5 2) 2 5 = 13 2 5 5 = 13 2 (18 13) 5 = 13 7 18 5 = (31 18) 7 18 5 = 31 7 18 12. (e) Show that if gcd(a, m) = 1 and gcd(a, n) = 1 then gcd(a, mn) = 1. Recall that Fact 2 For all a, b N, for all x, y Z, if ax + by = d, then gcd(a, b) d. Proof. The proof of this fact is easy. Let d = gcd(a, b). Since d a and d b, it means that d ax + by = d. Since gcd(a, m) = 1, by Fact 1, we have that there exists x, y such that ax+my = 1. Thus my = 1 ax. Similarly, there exists v and w such that av + nw = 1 and thus nw = 1 av. Therefore, we obtain that my nw = (1 ax)(1 av) and therefore mn yw + a(v + x avx) = 1, which by Fact 2, gives us that gcd(m, n) 1 so gcd(m, n) = 1. Problem 3-2. Modular arithmetic (a) Show that if a b mod n, then for all integers c, a + c b + c mod n. Since a b mod n, there exists q Z such that a = b + nq. This means that a + c = b + c + nq. If we compute mod n on both sizes, nq cancels out and we obtain a + c b + c mod n.

6.857 : Handout 9: Practice Number Theory Problems 3 (b) Show that if a b mod n, then for all positive integers c, ac bc mod n. Since a b mod n, there exists q Z such that a = b + nq. This means that ac = (b + nq)c. If we compute mod n on both sizes, nqc cancels out and we obtain ac bc mod n. (c) Show that if a and n are relatively prime, then there is an integer a such that aa 1 mod n. By Fact 1, we know that there exists x, y Z such that ax + ny = 1. Taking mod n on both sides, we obtain ax 1 mod n. (d) Show that if a and n are not relatively prime, then a has no multiplicative inverse modulo n. Let s proceed by contradiction: assume that a has an inverse mod n, denoted a. Then aa 1 mod n, which means that there exists q such that aa = nq + 1 and thus aa nq = 1. Let d 1 be a divisor of a and n. This means that d aa nq, but aa nq = 1, so d 1 which is a contradiction. Problem 3-3. Euclid s Algorithm, Inverses, and Fermat s Little Theorem Recall Theorem 1 (Fermat s Little Theorem)If p is prime, then for all a Z p, a p 1 1 mod p. (a) Find the gcd(13, 5) using Euclid s extended algorithm. 13 = 5 2 + 3 5 = 3 1 + 2 3 = 2 1 + 1 2 = 1 2 + 0. Thus gcd(13, 5) = 1, which is of no surprise, but we can use the equations above to determine: x and y such that 13x + 5y = 1. 1 = 3 2 = 3 (5 3) = 3 2 5 = (13 5 2) 2 5 (b) Using your results from (a), what is 5 1 modulo 13? = 13 2 5 5. (2) Therefore, 5 1 5 mod 13 because we can apply mod 13 in Eq. (2). We also know that 5 8 mod 13, so 5 1 8 mod 13. (c) Compute 3 61 mod 7 (use Fermat s Little Theorem). Using Fermat s little theorem, we know that 3 7 1 1 mod 7. Therefore, 3 6 1 mod 7 and hence 3 60 1 mod 7. Therefore, 3 61 3 60 3 3 mod 7. (d) Can you apply Fermat s Little Theorem to compute 4 61 mod 16? No, because Fermat s little theorem is only guaranteed to hold modulo a prime and 16 is not a prime. Problem 3-4. Order of Group Elements

4 6.857 : Handout 9: Practice Number Theory Problems (a) What is the order of 5 in Z 13? 5 1 = 5 5 2 = 12 mod 13 5 3 = 8 mod 13 5 4 = 1 mod 13 Order is thus 4. (b) Find an element of order 3 mod 7. Try out a few values 1 3 = 1, 2 3 mod 7 = 1: thus 2 has order 3 mod 7. Problem 3-5. Generators (a) Find a safe prime 20 and it s corresponding Sophie-Germain prime. Recall that a safe prime p is a prime such that p = 2q + 1 where q is a prime. q is called a Sophie- Germain prime. p = 23 and q = 11. (b) Find a generator of Z 11 - note that 11 is a safe prime, so you should be able to do this by hand! All you need to try is whether the generator to the power of the factors of p 1 (p = 11 here) is not one. If g x 1 mod p for x < p 1, g cannot be a generator because it has shorter cycles than p 1 and thus cannot generate all p 1 values. 2 5 = 32 1 mod 11. 2 2 4 1 mod 11. (c) Test 3 is a generator for Z 7 by computing only two exponentiations. 3 2 2 mod 7 1 3 3 6 mod 7 1. Problem 3-6. Discrete log and related assumptions (a) Compute the discrete log 3 2 mod 7. 3 x 2 mod 7. x = 2. (b) Prove that if the Computational Diffie-Hellman assumption is hard, then Discrete Log assumption is also hard. It is enough to prove the counterpositive: if we can break DL, then we can break CDH. To break CDH, we are given g a, g b and we need to compute ab. Since we know how to break DL, we can compute a and b and then we just multiply them. So we can break CDH. Problem 3-7. Quadratic Residue (a) Find Q 7, the set of quadratic residues mod 7.

6.857 : Handout 9: Practice Number Theory Problems 5 1 2 = 1 mod 7 2 2 = 4 mod 7 3 2 = 2 mod 7 4 2 = 2 mod 7 5 2 = 4 mod 7 6 2 = 1 mod 7 Therefore, Q 7 = {1, 2, 4}.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback