Math 319 Problem Set #7 Solution 18 April 2002

Similar documents
SOLUTIONS TO PROBLEM SET 5. Section 9.1

Solutions for the Practice Final

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Final exam. Question Points Score. Total: 150

CHAPTER 2. Modular Arithmetic

Public Key Encryption

Fermat s little theorem. RSA.

The Chinese Remainder Theorem

Discrete Square Root. Çetin Kaya Koç Winter / 11

The Chinese Remainder Theorem

Data security (Cryptography) exercise book

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Number Theory and Security in the Digital Age

DUBLIN CITY UNIVERSITY

Algorithmic Number Theory and Cryptography (CS 303)

L29&30 - RSA Cryptography

Assignment 2. Due: Monday Oct. 15, :59pm

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Math 127: Equivalence Relations

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

NUMBER THEORY AMIN WITNO

Number Theory and Public Key Cryptography Kathryn Sommers

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Cryptography, Number Theory, and RSA

Wilson s Theorem and Fermat s Theorem

Primitive Roots. Chapter Orders and Primitive Roots

University of British Columbia. Math 312, Midterm, 6th of June 2017

Application: Public Key Cryptography. Public Key Cryptography

Solution: Alice tosses a coin and conveys the result to Bob. Problem: Alice can choose any result.

MAT Modular arithmetic and number theory. Modular arithmetic

SOLUTIONS FOR PROBLEM SET 4

Number Theory. Konkreetne Matemaatika

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Introduction to Modular Arithmetic

The number theory behind cryptography

EE 418: Network Security and Cryptography

ON THE EQUATION a x x (mod b) Jam Germain

Solutions for the Practice Questions

Diffie-Hellman key-exchange protocol

x 8 (mod 15) x 8 3 (mod 5) eli 2 2y 6 (mod 10) y 3 (mod 5) 6x 9 (mod 11) y 3 (mod 11) So y = 3z + 3u + 3w (mod 990) z = (990/9) (990/9) 1

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

MATH 135 Algebra, Solutions to Assignment 7

Foundations of Cryptography

The Sign of a Permutation Matt Baker

SMT 2014 Advanced Topics Test Solutions February 15, 2014

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

1.6 Congruence Modulo m

Math 255 Spring 2017 Solving x 2 a (mod n)

MAT199: Math Alive Cryptography Part 2

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Practice Midterm 2 Solutions

Sheet 1: Introduction to prime numbers.

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

PT. Primarity Tests Given an natural number n, we want to determine if n is a prime number.

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

Algorithmic Number Theory and Cryptography (CS 303)

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

Modular Arithmetic. claserken. July 2016

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

TMA4155 Cryptography, Intro

MA 111, Topic 2: Cryptography

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

#A3 INTEGERS 17 (2017) A NEW CONSTRAINT ON PERFECT CUBOIDS. Thomas A. Plick

Discrete Math Class 4 ( )

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

ElGamal Public-Key Encryption and Signature

Distribution of Primes

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Math 1111 Math Exam Study Guide

Problem Set 6 Solutions Math 158, Fall 2016

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

Number Theory/Cryptography (part 1 of CSC 282)

Related Ideas: DHM Key Mechanics

Solutions for the 2nd Practice Midterm

The Chinese Remainder Theorem

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

Constructions of Coverings of the Integers: Exploring an Erdős Problem

1 = 3 2 = 3 ( ) = = = 33( ) 98 = = =

Introduction to Coding Theory

Yale University Department of Computer Science

#27: Number Theory, Part II: Modular Arithmetic and Cryptography May 1, 2009

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Massachusetts Institute of Technology 6.042J/18.062J, Spring 04: Mathematics for Computer Science April 16 Prof. Albert R. Meyer and Dr.

DUBLIN CITY UNIVERSITY

1 Introduction to Cryptology

ORDER AND CHAOS. Carl Pomerance, Dartmouth College Hanover, New Hampshire, USA

ON MODULI FOR WHICH THE FIBONACCI SEQUENCE CONTAINS A COMPLETE SYSTEM OF RESIDUES S. A. BURR Belt Telephone Laboratories, Inc., Whippany, New Jersey

Transcription:

Math 319 Problem Set #7 Solution 18 April 2002 1. ( 2.4, problem 9) Show that if x 2 1 (mod m) and x / ±1 (mod m) then 1 < (x 1, m) < m and 1 < (x + 1, m) < m. Proof: From x 2 1 (mod m) we get m (x 2 1). We factor x 2 1 to get m (x 1)(x + 1). We are given x / 1 (mod m) and x / 1 (mod m). This implies that m/ x 1 and m/ x + 1. From these, we can conclude immediately that (x 1, m) < m and (x + 1, m) < m. Moreover, if (x 1, m) = 1, then from m (x 1)(x+1) and Theorem 1.10, we conclude that m x + 1, contrary to hypothesis. Thus (x 1, m) > 1. Similarly, if (x + 1, m) = 1, then since m (x 1)(x + 1), we can conclude that m x 1, contrary to hypothesis. Thus (x + 1, m) > 1. 2. Remember to write in complete sentences. (a) ( 2.4, problem 2) Use the calculator to verify that 2 45 57 (mod 91). Explain why this proves that 91 is composite. Solution: According to the calculator, 2 45 is indeed congruent to 57 modulo 91. If 91 were prime, we d have 2 90 1 (mod 91), and since (2 45 ) 2 = 2 90 1 (mod 91), we d also have (by Lemma 2.10) 2 45 ±1 (mod 91). Since 2 45 57 / ±1 (mod 91), we can conclude that 91 is not prime.

(b) ( 2.4, problems 5 and 6) Show that 2047 is a strong probable prime to the base 2, but not to the base 3. Solution: We note that 2046 = 2 1023. Using the calculator, we deterime that and 2 2046 1 (mod 2047) 2 1023 1 (mod 2047). The first fact shows that 2047 is a probable prime to the base 2. The second fact shows that 2047 is a strong probable prime to the base 2, because 1023 is odd, so we can t take any more square roots. To show that 2047 is not a strong probably prime to the base 3, we use a calculator to find that 3 2046 1013 (mod 2047). Since 1013 / 1 (mod 2047), we can conclude that 2047 is not even a probable prime to the base 3, much less a strong probable prime. So we know 2047 is in fact composite. 3. (a) Universal Exports spymaster M wants her field agent, Jimmy, to send her a highly sensitive, top-secret telephone number via email. She decides to use public-key cryptography, and sends Jimmy the encoding keys m = 8228747 and k = 24919. Jimmy dutifully encrypts the secret phone number, and emails the result, 4100849, back to M. Members of spectrum, an idealistic group opposed to any kind of spying whatsoever, intercept the whole transaction, and discover that M has made a terrible mistake. The number 8228747 is prime! Using this information, they quickly discover the crucial phone number. What is it? Solution: Since m is prime, ϕ(m) = m 1, so by use of the Euclidean algorithm, we can easily find k modulo m 1. I wrote a little TI-85 program to do this; it tells me that 11290 8228746 3728181 24919 = 1 so that k 3728181 4500565 another TI-85 program, I get (mod 8228746). Using this decrypting k and 4100849 4500565 5682267 (mod 8228747).

This turns out to be the phone number of the automated weather observation station at the Westfield Barnes airport. (b) Not one to repeat her mistakes, the next day M sends Jimmy the encryption keys m = 8228743 (which is composite) and k = 1237, and asks him to send back the number of solutions he found to ϕ(x) = 48, the study of which is an important government project. Jimmy s encrypted response is 5166026. spectrum members once again monitor the whole exchange and manage to decrypt Jimmy s answer, but only because (1) they have access to a sophisticated hand calculator or personal computer and (2) M s m is too small to be secure. What do they do, and what answer do they get? Solution: They somehow manage to factor 8228743. Several computer algebra systems will do this the smallest device I found that could factor this number is a TI-89. It says 8228743 = 2411 3413. Both these factors are prime, so ϕ(8228743) = ϕ(2411)ϕ(3413) = 2410 3412 = 8222920. As before, we need to invert k modulo ϕ(m). My calculator program gives 438733 1237 66 8222920 = 1 so that we may take k = 438733. Using the calculator once again to decrypt Jimmy s answer, we get 5166026 438733 11 (mod 8228743). (c) Jimmy begins to have doubts about some of the instructions he s receiving from M. Assuming that M is the only person in the world who knows how to factor the number m = 8228743, what can Jimmy and M do (without compromising the security of m or M) to verify that Jimmy s orders are coming from M and not from some imposter? Solution: Jimmy asks for an encryption key k, which M supplies. He then randomly selects a number a relatively prime to m and sends that number to M. M knows ϕ(m), so she can easily find the number k such that kk 1 (mod ϕ(m)). She sends Jimmy the number a k. Jimmy raises this to the power k, reducing modulo m. If he gets back his original number a, then he knows he s talking to M.

4. Note that Lemma 2.22 requires that the number a (the message ) be relatively prime to m. Thus it appears that RSA encryption will fail for certain messages. (a) Suppose m = pq, where p and q are primes. We select an integer a at random from the set S = {0, 1, 2,..., m 1}. Find P ((a, m) > 1) that is, the probability that (a, m) > 1. (Give your answer in terms of p and q.) If p and q are both primes on the order of 10 100, what is the order of magnitude of P ((a, m) > 1)? Solution: There are m numbers in S, of which q numbers are divisble by p and p numbers are divisible by q. Only one number (zero) is divisible by both p and q, so the number of elements a of S satisfying (a, m) > 1 is p+q 1. The probability of selecting one of these numbers at random is p + q 1 m = p + q 1. pq If p and q are on the order of 10 100, then so is p + q 1. The number m = pq, on the other hand, will be on the order of 10 200, so we get P ((a, m) > 1) 10 100. This is approximately the probability of tossing a fair coin 332 times and having it come up heads every time. (b) ( 2.5, problem 4) In fact, as long as m is square-free, it turns out that RSA encryption and decryption will work for any value of a, whether or not it s relatively prime to m. Prove the following: Suppose m = p 1 p 2 p r is a product of the distinct primes p 1, p 2,..., p r. Suppose that k and k are positive integers such that kk 1 (mod ϕ(m)). Then a kk a (mod m) for all integers a. Solution: Suppose m, k, and k are as given in the theorem. Claim: If p i / a, then a kk a (mod p i ). Proof of claim: First we note that ϕ(p i ) = p i 1 and that ϕ(m) = (p 1 1)(p 2 1) (p r 1)

so that ϕ(p i ) ϕ(m). Thus by Theorem 2.1(5), we get kk 1 (mod ϕ(p i )). Since p i / a and p i is prime, we have (a, p i ) = 1, so by Lemma 2.22, we conclude that a kk a (mod p i ). Claim: If p i a, then a kk a (mod p i ). Proof of claim: In this case, a 0 (mod p i ), so that a kk 0 kk 0 (mod p i ). Then by transitivity (Theorem 2.1(2)), we get a kk a (mod p i ). Proof of theorem: Let a be any integer. For each i = 1,..., r, either p i a or p i / a. In either case, we can conclude from one of the two claims above that By Theorem 2.3(3), we get a kk a (mod p i ). a kk a (mod [p 1, p 2,..., p r ]), and since the p i are all distinct primes, we know they are relatively prime (in pairs), so that Thus we get for any integer a. [p 1, p 2,..., p r ] = p 1 p 2 p r = m. a kk a (mod m) (c) The hypothesis that m be square-free in part (4b) is necessary. Find an example of a modulus m, an integer a, and two positive integers k and k with kk 1 (mod ϕ(m)) such that a kk / a (mod m).

Explain how you found your example. Solution: Take m = 9, a = 6, and k = k = 5. We have ϕ(9) = 9 3 = 6 and kk = 25 1 (mod 6), so that k and k satisfy the conditions above. However, we know that 3 6, so the number a kk = 6 25 is divisible by 3 25, and in particular, it s divisible by 9. Thus we have a kk = 6 25 0 (mod 9). Since 6 / 0 (mod 9), we have an example wherein a kk / a (mod m). To find this example, I chose m = 9, a small modulus that is not square-free. Since ϕ(9) = 6, the only non-trivial choice for k was 5. I made up a table of fifth powers modulo 9, and noticed that 6 5 0 (mod 9). Since no power of 0 can be congruent to 6 modulo 9, this is an example of the phenomenon we re looking for.

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback