} has dimension = k rank A > 0 over F. For any vector b!

Similar documents
Know the meaning of the basic concepts: ring, field, characteristic of a ring, the ring of polynomials R[x].

Homework Problems, Math 134, Spring 2007 (Robert Boltje)

MATH Examination for the Module MATH-3152 (May 2009) Coding Theory. Time allowed: 2 hours. S = q

Solutions of Exam Coding Theory (2MMC30), 23 June (1.a) Consider the 4 4 matrices as words in F 16

CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.

MATH3302 Cryptography Problem Set 2

Univ.-Prof. Dr. rer. nat. Rudolf Mathar. Written Examination. Cryptography. Tuesday, August 29, 2017, 01:30 p.m.

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Public-Key Cryptosystems CHAPTER 4

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.

The BCH Bound. Background. Parity Check Matrix for BCH Code. Minimum Distance of Cyclic Codes

Final Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.

MATH 158 FINAL EXAM 20 DECEMBER 2016

Candidates must show on each answer book the type of calculator used. Only calculators permitted under UEA Regulations may be used.

University of Regina Department of Mathematics & Statistics Final Examination (April 21, 2009)

CRYPTOGRAPHY AND NUMBER THEORY

MATH 433 Applied Algebra Lecture 22: Review for Exam 2.

Homework #2 solutions Due: June 15, 2012

ERROR CORRECTING CODES

10 Modular Arithmetic and Cryptography

Security of Networks (12) Exercises

Solutions to the Midterm Test (March 5, 2011)

Network Security Technology Spring, 2018 Tutorial 3, Week 4 (March 23) Due Date: March 30

Discrete Logarithm Problem

Introduction to Cryptography

Public Key Cryptography

Mathematics of Cryptography

Week 7 An Application to Cryptography

Math 512 Syllabus Spring 2017, LIU Post

Chapter 8 Public-key Cryptography and Digital Signatures

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Coding Theory and Applications. Solved Exercises and Problems of Cyclic Codes. Enes Pasalic University of Primorska Koper, 2013

MATH32031: Coding Theory Part 15: Summary

Solution to Midterm Examination

A 2-error Correcting Code

B. Cyclic Codes. Primitive polynomials are the generator polynomials of cyclic codes.

Cyclic codes: overview

MATH 433 Applied Algebra Lecture 21: Linear codes (continued). Classification of groups.

Coding Theory: Linear-Error Correcting Codes Anna Dovzhik Math 420: Advanced Linear Algebra Spring 2014

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

G Solution (10 points) Using elementary row operations, we transform the original generator matrix as follows.

The security of RSA (part 1) The security of RSA (part 1)

HOMEWORK 11 MATH 4753

EE512: Error Control Coding

Mathematical Foundations of Public-Key Cryptography

MATH 291T CODING THEORY

Notes for Lecture Decision Diffie Hellman and Quadratic Residues

Written examination. Tuesday, August 18, 2015, 08:30 a.m.

ELEC 519A Selected Topics in Digital Communications: Information Theory. Hamming Codes and Bounds on Codes

Practice Assignment 2 Discussion 24/02/ /02/2018

MATH 291T CODING THEORY

Cryptography and Security Final Exam

2 More on Congruences

One can use elliptic curves to factor integers, although probably not RSA moduli.

3. Coding theory 3.1. Basic concepts

Lemma 1.2. (1) If p is prime, then ϕ(p) = p 1. (2) If p q are two primes, then ϕ(pq) = (p 1)(q 1).

7.1 Definitions and Generator Polynomials

Error-correcting codes and Cryptography

Notes 10: Public-key cryptography

Math 430 Midterm II Review Packet Spring 2018 SOLUTIONS TO PRACTICE PROBLEMS

ECS 189A Final Cryptography Spring 2011

HOMEWORK 8 SOLUTIONS MATH 4753

RSA RSA public key cryptosystem

18.310A Final exam practice questions

Outline. MSRI-UP 2009 Coding Theory Seminar, Week 2. The definition. Link to polynomials

2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!

AN ALGEBRAIC PROOF OF RSA ENCRYPTION AND DECRYPTION

Proof: Let the check matrix be

Introduction to Cryptography. Lecture 8

SCHOOL OF MATHEMATICS AND STATISTICS

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

RSA. Ramki Thurimella

Mathematics Department

Simple Codes MTH 440

x n k m(x) ) Codewords can be characterized by (and errors detected by): c(x) mod g(x) = 0 c(x)h(x) = 0 mod (x n 1)

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.

CPSC 467b: Cryptography and Computer Security

Classical Cryptography

Introduction to Cybersecurity Cryptography (Part 4)

5.0 BCH and Reed-Solomon Codes 5.1 Introduction

Lecture Notes, Week 6

: Coding Theory. Notes by Assoc. Prof. Dr. Patanee Udomkavanich October 30, upattane

Tutorial on Quantum Computing. Vwani P. Roychowdhury. Lecture 1: Introduction

In fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.

Information Theory. Lecture 7

Introduction to Modern Cryptography. Benny Chor

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Name: Solutions Final Exam

Cryptography. pieces from work by Gordon Royle

Linear Cyclic Codes. Polynomial Word 1 + x + x x 4 + x 5 + x x + x f(x) = q(x)h(x) + r(x),

The number of ways to choose r elements (without replacement) from an n-element set is. = r r!(n r)!.

2. Cryptography 2.5. ElGamal cryptosystems and Discrete logarithms

ASSIGNMENT Use mathematical induction to show that the sum of the cubes of three consecutive non-negative integers is divisible by 9.

ENEE 457: Computer Systems Security 10/3/16. Lecture 9 RSA Encryption and Diffie-Helmann Key Exchange

Overview. Background / Context. CSC 580 Cryptography and Computer Security. March 21, 2017

Channel Coding for Secure Transmissions

Introduction to Cybersecurity Cryptography (Part 5)

An Introduction to Cryptography

ECEN 604: Channel Coding for Communications

Introduction to Cybersecurity Cryptography (Part 4)

Transcription:

FINAL EXAM Math 115B, UCSB, Winter 2009 - SOLUTIONS Due in SH6518 or as an email attachment at 12:00pm, March 16, 2009. You are to work on your own, and may only consult your notes, text and the class web page. It is very important that you write up your work in a clear and legible fashion. Problems 1-4 count 15 points each. Problems 5 and 6 count 20 points each. * * * * * 1. (Block Code) A non-invertible matrix A M k (F), F a finite field, is used to encipher vectors a "F (k) by the formula c " a A (mod n). Prove that every received ciphertext c can be deciphered as coming from at least two different plaintexts. [Hint: consider the null space of A.] Explain how to provide a precise count of how many different plaintext vectors a are enciphered as the same vector c. A is not invertible if and only if rank A < k. In this case, the null space of A = { b " F (k ) b A = 0 } has dimension = k rank A > 0 over F. For any vector b in the null space of A, ( a + b )A " a A + b A " c + 0 " c. Hence the number of plaintexts that give rise to the ciphertext c equals null space of A = F dimension of the null space of A = F k rank A " F " 2. 2. (RSA Cryptosystem) Suppose that the following 40 letter alphabet is used for all plaintexts and ciphertexts: A-Z have the usual numerical equivalents 0-25; _ = 26,. = 27,? = 28, = 29, the numerals 0 = 30, 1 = 31,, 9 = 39. Suppose that plaintext message units a 1 a 2 are digraphs and ciphertext message units are trigraphs c 1 c 2 c 3. (For example, the numerical equivalent of the digraph SE is 18(40) + 4; the numerical equivalent of the trigraph CDE is 2(40) 2 + 3(40) + 4.) (a) Encipher and send the message SEND 7500 to a user whose enciphering key is (n,e) = (2047,179). (b) Break the code by factoring n and computing the deciphering key. (a) SEND_7500 SE ND _ 75 00 (18(40)+4) (13(40)+3) (26(40)+29) (37(40)+35) (30(40)+30) 724 523 1069 1515 1230 (724) 179 (523) 179 (1069) 179 (1515) 179 (1230) 179 1906 1072 802 364 710 (mod 2047) 1(40) 2 +7(40)+26 0(40) 2 + 26(40)+32 0(40) 2 + 20(40)+2 0(40) 2 + 9(40)+4 0(40) 2 +17(40)+30 BH_ A_2 AUC AJE AR0. So the enciphered message is BH_A_2AUCAJEAR0. [The calculation of (724) 179 etc. can be accomplished by successive squaring; e.g., (724) 179 = (724) 128 (724) 32 (724) 16 (724) 2 (724) (1603)(1336)(179)(144)(724) 1906 (mod 2047). This is tedious but doable.] (b) By successively dividing 2047 by primes between 3 and 2047 < 46 we get 2047 = 23 89. The decryption exponent d satisfies ed 1 (mod ϕ(n)) or

179d 1 (mod 1936) since ϕ(2047) = ϕ(23)ϕ(89) = 22 88 = 1936. We apply the Euclidean algorithm to compute d e -1 (mod 1936) and get d 411 (mod 1936). Decryption of an enciphered message c is accomplished by computing c d (mod 2047). 3. (Discrete Logarithms/El Gamal Cryptosystem) Alice and Bob communicate using an El Gamal public key cryptosystem with the prime p = 47 and α = 5 (a primitive root mod 47). Bob chooses a secret integer b = 17 and publishes the information triple (p, α, α b reduced mod p). Alice chooses a secret integer a and sends Bob the ciphertext pair (α a, (α b ) a m), where m is a message between 0 and p-1, all reduced mod p. Bob receives the ciphertext (23, 25). Help him decipher to find m. [Hint: use the logarithm ( index ) table for p = 47 on the course website to minimize the computations.] Bob publishes (47, 5, 5 17 reduced mod 47) and Alice sends Bob (5 a, (5 17 ) a m) (23,25) (mod 47) where m is a message between 0 and 46. Thus 5 a 23 and 5 17a m 25 (mod 47). Applying discrete logarithms to the base 5, we have log 5 5 a log 5 23 and log 5 5 17a m log 5 25 (mod 46) since ϕ(47) = 46. Using the log ( index ) tables on the class webpage, we get a log 5 5 5 and 17a log 5 5 + log 5 m 2, so a 5 and 17a + log 5 m 2 (mod 46). Solving for log 5 m, we get log 5 m 9 (mod 46). Using the (inverse) log table again, we have m 40 (mod 47). 4. x 7 1 = (x + 1)(x 3 + x + 1)(x 3 + x 2 + 1). Show that the binary codes C 1 and C 2 with generating polynomials g 1 (X) = X 3 + X + 1 and g 2 (X) = X 3 + X 2 + 1, respectively, are equivalent to the Hamming [7,4]-code C defined by the parity check matrix H = " 0 0 0 1 1 1 1% 0 1 1 0 0 1 1. Which of the codes C, C 1, C 2 are cyclic? # 1 0 1 0 1 0 1& C 1 has parity check polynomial h 1 (x) = x 7 "1 g 1 (x) = (x +1)(x 3 + x 2 +1) = x 4 + x 2 + x +1, C 2 has parity check polynomial h 2 (x) = x 7 "1 g 2 (x) = (x +1)(x 3 + x +1) = x 4 + x 3 + x 2 +1. " 1 0 1 1 1 0 0% So parity check matrices for C 1 and C 2 are H 1 = 0 1 0 1 1 1 0 and # 0 0 1 0 1 1 1& " 1 1 1 0 1 0 0% H 2 = 0 1 1 1 0 1 0, respectively. Recall that the parity check matrix for # 0 0 1 1 1 0 1& " 0 0 0 1 1 1 1% the [7,4] Hamming Code is H = 0 1 1 0 0 1 1 which we write as columns # 1 0 1 0 1 0 1&

H = ( H (1) H (2)... H (7) ) where H (i) is the i th column of H. Both H 1 and H 2 can be obtained from H by a permutation of its columns; i.e., H 1 = ( H (4 ) H (2) H (5) H (6) H (7) H (3) H (1) ) and H 2 = ( H (4 ) H (6) H (7) H (3) H (5) H (2) H (1) ). It follows that a generator matrix G 1 for C 1 that satisfies the matrix equation G 1 H 1 T = 0 can be obtained from a generator matrix G for the Hamming Code that satisfies GH T = 0 by precisely the same permutation of columns. Hence G 1 = G (4 ) G (2) G (5) G (6) G (7) G (3) G (1) ( ) and G 2 = (G (4) G (6) G (7) G (3) G (5) G (2) G (1) ) where G = G (1) G (2) G (3) G (4) G (5) G (6) G (7) ( ). Since permuting the columns of G corresponds to a permutation of coordinates of the codewords of C, we conclude that C 1 and C 2 are equivalent to C. Since C 1 and C 2 are both codes with polynomial generators, a codeword c = c 1 c 2...c 7 " C 1 corresponds to f(x)g 1 (X) for some polynomial f(x). If we cyclically permute the coordinates of c to get c * = c 2 c 3...c 7 c 1, this codeword corresponds to the polynomial Xf(X)g 1 (X) because X 7 1 (mod X 7 1). Hence c * " C 1, proving that C 1 is cyclic. By the same reasoning, C 2 is cyclic. However, C is not cyclic since, for example, 1000011 " C but 1100001 " C. [Note that there are two distinct polynomial divisors of x 7-1 of degree =3. This implies that there are precisely two cyclic codes of length 7 and dimension 4, namely C 1 and C 2.] " 0 1 1 1 1 0% 5. H = 1 0 0 0 1 0 is the parity check matrix for a binary [n,k,d] linear code C. # 0 1 0 0 1 1& (a) Find n, k and d for C. (b) Find a generator matrix for C. Better yet, find a generator matrix in standard (i.e., systematic) form (I A). (c) What is the code rate of C? (d) Provide a standard array (see page 412 of the text) for the code C identifying each row of the array by its syndrome. (e) Which codewords in C are nearest neighbors to 111111? (f) Is C self-dual? (a) and (b) Since H is 3 x 6 and c " C if and only if c H T " 0 (mod 2), n = 6. Also, rank H = 3 (for example, the first, third and sixth columns of H are linearly independent, so rank H " 3; and since H has 3 rows, rank H = 3). The code C consists of the vectors in the null space of H, so the dimension of C is k = n rank H = 6-3 = 3. To compute the minimum distance of C we can examine all 8 codewords. We will do this but begin by providing a generating matrix for C in standard form. Now c = c 1 c 2 c 3 c 4 c 5 c 6 " C if and only if (c 1,c 4,c 5,c 6 )H T " 0 (mod 2). This gives a set of equations (c 2 + c 3 + c 4 + c 5, c 1 +c 5, c 2 + c 5 + c 6 ) (0,0,0) (mod 2).

Solving these for c 4, c 5, c 6 in terms of c 1, c 2, c 3, we conclude that C = {(c 1 + c 2 + c 3 + c 2 ) c 1 " {0,1}}. Successively taking c 1 =1 and the other c i =0; then c 2 =1 etc., we get 3 linearly independent vectors in C and " 1 0 0 1 1 1% a standard ( systematic ) generating matrix G = 0 1 0 1 0 1. The eight # 0 0 1 1 0 0& codewords correspond to sums of these rows, and by inspection of these codewords we conclude that d = 2; for example, the final row of G has weight=2. [Another approach is to apply elementary row operations to H to get it in the form " 1 1 1 1 0 0% # 1 0 0 1 1 1& % ( H = ( A I) = 1 0 0 0 1 0 and then G = ( I "AT ) = 0 1 0 1 0 1 % (.] # 1 1 0 0 0 1& 0 0 1 1 0 0 (c) The code rate of C is log 2 C n (d) = log 2 8 6 = 3 6 = 1 2. Syndrome Coset Leaders OOO C: OOOOOO 1OO111 O1O1O1 OO11OO 11OO1O 1O1O11 O11OO1 11111O O1O 1OOOOO OOO111 11O1O1 1O11OO O1OO1O OO1O11 111OO1 O1111O 1O1 O1OOOO 11O111 OOO1O1 O111OO 1OOO1O 111O11 OO1OO1 1O111O 1OO OO1OOO 1O1111 O111O1 OOO1OO 111O1O 1OOO11 O1OOO1 11O11O 111 OOOO1O 1OO1O1 O1O111 OO111O 11OOOO 1O1OO1 O11O11 1111OO OO1 OOOOO1 1OO11O O1O1OO OO11O1 11OO11 1O1O1O O11OOO 111111 O11 OOO11O 1OOOO1 O1OO11 OO1O1O 11O1OO 1O11OO O11111 111OOO 11O OOOO11 1OO1OO O1O11O OO1111 11O1O1 1O1OOO O11O1O 1111O1 (e) 111111 is in the column of the codeword 111110 which is its unique nearest neighbor codeword. (f) C = { a " Z (6) 2 c a = 0 for all c " C}. Since c =010101 C and c c 0, c C but c C. Hence C is not self-dual. 6. Over Z 2 [x] the irreducible factorization of x 15 1 is x 15 1 = (x + 1)(x 2 + x + 1)(x 4 + x + 1)(x 4 + x 3 + 1)(x 4 + x 3 + x 2 + x + 1). In Z 2 [X] modulo X 4 + X + 1, X 4 X + 1, and GF(2 4 ) = {a 0 + a 1 X + a 2 X 2 + a 3 X 3 a i Z 2 }. (a) Show that α = X is a primitive 15 th root of unity in GF(2 4 ). (b) Which powers α i of α are roots of g 1 (x) = X 4 + X + 1? Which are roots of g 2 (x) = X 4 + X 3 + X 2 + X + 1? (c) Set g(x) = g 1 (x)g 2 (x), with g i (x) as above, and let C be the [15,7]-BCH code generated by g(x). Provide a generating matrix and a parity check matrix for C. (d) Find the minimum distance of C. [Hint: Use the Theorems in Section 18.8.] How many errors can C detect? How many errors can C correct?

(a) (α 4 = α + 1) α 1 = α, α 2, α 3, α 4 = 1 + α, α 5 = α + α 2, α 6 = α 2 + α 3, α 7 = α 3 + α 4 = 1 + α + α 3, α 8 = α + α 2 + α 4 = 1 + α 2, α 9 = α + α 3, α 10 = α 2 + α 4 = 1 + α + α 2, α 11 = α + α 2 + α 3, α 12 = α 2 + α 3 + α 4 = 1 + α + α 2 + α 3, α 13 = α + α 2 + α 3 + α 4 = 1 + α 2 + α 3, α 14 = α + α 3 + α 4 = 1 + α 3, α 15 = α + α 4 = 1. So α is a primitive 15 th root of unity. [Actually, since the non-zero elements of Z 2 [X] modulo X 4 + X + 1 have order dividing 15, it suffices to show that α 3 1 (obvious) and α 5 1. But we have use for the complete list of powers of α for the next question. (b) α is one root of g 1 (x) = X 4 + X + 1, the others are α 2, α 4, α 8. For example, (α 8 ) 4 + (α 8 ) + 1 α 2 + (1 + α 2 ) + 1 = 0 (mod X 4 + X + 1). Similarly, we check that the roots of g 2 (x) = X 4 + X 3 + X 2 + X + 1 are α 3, α 6, α 9, α 12. (c) The coefficients of g(x) = 1 + x 4 + x 6 + x 7 + x 8 can be used to provide a generating matrix for C: " 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0% 0 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0 0 1 0 0 0 1 0 1 1 1 0 0 0 0 G = 0 0 0 1 0 0 0 1 0 1 1 1 0 0 0. 0 0 0 0 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0 0 1 0 0 0 1 0 1 1 1 0 # 0 0 0 0 0 0 1 0 0 0 1 0 1 1 1& Since C is a cyclic code with generating polynomial g(x), a parity check matrix H can be obtained from the coefficients of x15 "1 g(x) = (x +1)(x 2 + x +1)(x 4 + x 3 +1) " 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0% 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 = x 7 + x 6 + x 4 +1, H =. 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1 0 # 0 0 0 0 0 0 0 1 1 0 1 0 0 0 1& (d) We know from (b) that the roots of g(x) are α, α 2, α 4, α 8, α 3, α 6, α 9, α 12, of which α, α 2, α 3, α 4 are 4 successive powers of α. From the Theorem on page 433 of the text we know that the minimum distance d of C satisfies d " 5. Since each row of G is a codeword of weight = 5, we conclude that d = 5. Hence C can # 5 " 1& detect 5-1 = 4 errors and correct % 2 ( = 2 errors.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback