MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Similar documents
Final exam. Question Points Score. Total: 150

Data security (Cryptography) exercise book

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Algorithmic Number Theory and Cryptography (CS 303)

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Solutions for the Practice Final

MA/CSSE 473 Day 9. The algorithm (modified) N 1

Math 319 Problem Set #7 Solution 18 April 2002

Cryptography, Number Theory, and RSA

DUBLIN CITY UNIVERSITY

Public Key Encryption

CHAPTER 2. Modular Arithmetic

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Algorithmic Number Theory and Cryptography (CS 303)

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Sheet 1: Introduction to prime numbers.

University of British Columbia. Math 312, Midterm, 6th of June 2017

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

DUBLIN CITY UNIVERSITY

Assignment 2. Due: Monday Oct. 15, :59pm

Cryptography. 2. decoding is extremely difficult (for protection against eavesdroppers);

Modular Arithmetic. Kieran Cooney - February 18, 2016

Wilson s Theorem and Fermat s Theorem

Number Theory/Cryptography (part 1 of CSC 282)

Practice Midterm 2 Solutions

ElGamal Public-Key Encryption and Signature

Application: Public Key Cryptography. Public Key Cryptography

Diffie-Hellman key-exchange protocol

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

EE 418: Network Security and Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

The number theory behind cryptography

Multiples and Divisibility

The Chinese Remainder Theorem

L29&30 - RSA Cryptography

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Number Theory and Public Key Cryptography Kathryn Sommers

MATH 135 Algebra, Solutions to Assignment 7

Math 127: Equivalence Relations

SOLUTIONS FOR PROBLEM SET 4

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Written Exam Information Transmission - EIT100

TMA4155 Cryptography, Intro

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

PT. Primarity Tests Given an natural number n, we want to determine if n is a prime number.

Primitive Roots. Chapter Orders and Primitive Roots

Cryptography Lecture 1: Remainders and Modular Arithmetic Spring 2014 Morgan Schreffler Office: POT 902

ON SPLITTING UP PILES OF STONES

NUMBER THEORY AMIN WITNO

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Secure Distributed Computation on Private Inputs

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

Fermat s little theorem. RSA.

Introduction to Modular Arithmetic

Solutions for the Practice Questions

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Number Theory and Security in the Digital Age

CMath 55 PROFESSOR KENNETH A. RIBET. Final Examination May 11, :30AM 2:30PM, 100 Lewis Hall

Number Theory. Konkreetne Matemaatika

Grade 6 Math Circles. Divisibility

UNIVERSITY OF MANITOBA DATE: December 7, FINAL EXAMINATION TITLE PAGE TIME: 3 hours EXAMINER: M. Davidson

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

Self-Scrambling Anonymizer. Overview

MAT Modular arithmetic and number theory. Modular arithmetic

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

Simple And Efficient Shuffling With Provable Correctness and ZK Privacy

MAT199: Math Alive Cryptography Part 2

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Generic Attacks on Feistel Schemes

Math 1111 Math Exam Study Guide

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Q(173)Q(177)Q(188)Q(193)Q(203)

Classical Cryptography

Generic Attacks on Feistel Schemes

CPSC 467: Cryptography and Computer Security

Cryptography s Application in Numbers Station

Discrete Mathematics and Probability Theory Spring 2018 Ayazifar and Rao Midterm 2 Solutions

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Problem Set 6 Solutions Math 158, Fall 2016

MA 111, Topic 2: Cryptography

Discrete Square Root. Çetin Kaya Koç Winter / 11

Number-Theoretic Algorithms

Xor. Isomorphisms. CS70: Lecture 9. Outline. Is public key crypto possible? Cryptography... Public key crypography.

The Chinese Remainder Theorem

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

MATH 13150: Freshman Seminar Unit 15

Public-key Cryptography: Theory and Practice

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Math 1111 Math Exam Study Guide

Applications of Fermat s Little Theorem and Congruences

CS70: Lecture 8. Outline.

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Modular Arithmetic and Doomsday

Implementation and Performance Testing of the SQUASH RFID Authentication Protocol

A C E. Answers Investigation 4. Applications. Dimensions of 39 Square Unit Rectangles and Partitions. Small Medium Large

Best of luck on the exam!

SMT 2013 Advanced Topics Test Solutions February 2, 2013

Transcription:

MAT 302: ALGEBRAIC CRYPTOGRAPHY Department of Mathematical and Computational Sciences University of Toronto, Mississauga February 27, 2013 Mid-term Exam INSTRUCTIONS: The duration of the exam is 100 minutes. The exam is worth a total of 100 marks. This booklet has 14 pages (excluding the title page) and 5 questions. Please use the workspace at the end of this booklet for calculations. Ask for extra sheets of paper if needed. You are allowed to bring one 3 5 cue ( index ) card to the exam with writing on both sides. No other written notes are permitted. No Calculators, Cellphones, Laptops or other electronic devices. Good luck!

QUESTIONS Problem 1 (10 Marks) Please circle the correct answer. You don t have to show your work, although that might fetch you partial marks. How many solutions does the equation x 2 = 1 (mod 30) have? (A) 1 (B) 2 (C) 4 (D) 8 (E) None of the above Answer: (C). The number of solutions to x 2 = 1 (mod 2) is 1. The number of solutions to x 2 = 1 (mod 3) is 2. The number of solutions to x 2 = 1 (mod 5) is 2. By Chinese remaindering, any combination of solutions mod 2, 3 and 5 gives us a distinct solution mod 30. Thus, there are 4 solutions. How many elements of Z 29 are generators? (A) 28 (B) 6 (C) 12 (D) 14 (E) None of the above Answer: (C). The number of generators of Z p is φ(p 1) if p is prime. Thus, we have φ(28) = 12 generators. 1

Problem 2 (20 Marks) Compute the last two digits of 99 523425. Show your work. Answer: We have to compute 99 523425 (mod 100) = ( 1) 523425 (mod 100). Since the exponent is clearly odd, this is 1 (mod 100) = 99 (mod 100). The last two digits are 99. 2

3

Problem 3: Crypto (25 Marks) 1. (15 Marks) Write down the El Gamal encryption scheme. Make sure to specify what the public and secret keys are, and how the encryption and decryption algorithms work. [If you don t know the answer to this and still want to attempt part (2), you can get ask Serge for the answer to part (1), but then of course you won t get any points for part (1).] Answer: Refer to your course notes. 4

5

2. (10 Marks) Show that the El Gamal scheme is multiplicatively homomorphic. That is, given encryptions of two messages M 1 and M 2, you can construct an encryption of their product M 1 M 2 (without knowing the secret key, of course). Answer: The El Gamal ciphertext of a message M using public key P K = (g, g x, p) and randomness r is the pair (g r (mod p), g rx M (mod p)). Note that every time you encrypt a message under public key P K, you choose a new random number r for encryption. Given a ciphertext (g r 1 (mod p), g r 1x M 1 (mod p)) of message M 1 and a ciphertext (g r 2 (mod p), g r 2x M 2 (mod p)) of message M 2, compute their element-wise product, namely, [ (g r1 g r 2, (g r 1x M 1 ) (g r 2x M 2 ) ] = [ g r 1+r 2, g (r 1+r 2 )x (M 1 M 2 ) ] which is an encryption of the product M 1 M 2 (using randomness r 1 + r 2.) The point is that when you decrypt this new ciphertext using the secret key x, what you get is exactly the product M 1 M 2. 6

Problem 4: Fermat, Witnesses and Liars (20 Marks) 1. (5 Marks) Let N be a natural number. What is the definition of the set of Fermat Witnesses mod N? How about Fermat Liars? Answer: For a composite number N, the Fermat Liars F L N are defined as follows: F L N = {x {0, 1,..., N 1} : gcd(x, N) = 1 and x N 1 = 1 (mod N)} the set of Fermat Witnesses F W N is defined as follows: F W N = {x {0, 1,..., N 1} : gcd(x, N) = 1 and x N 1 1 (mod N)} 7

2. (10 Marks) What are the Fermat Witnesses and Liars mod 15? Answer: 1 and 1 (mod 15) = 14 (mod 15) are clearly Fermat Liars. By computation, we find that 4 and 4 (mod 15) = 11 (mod 15) are also Fermat Liars since 4 14 = 11 14 = 1 (mod 15). 8

3. (5 Marks) What are the Miller-Rabin Liars mod 15? [Hint: Solve Part (2) first] Answer: Clearly, the Miller Rabin Liars are a subset of the Fermat Liars. The Miller Rabin liars are those x which are Fermat Liars and in addition, x 2 1 (mod N). Since 4 2 = 11 2 = 1 (mod 15), 4 and 11 are both Miller Rabin witnesses. The MR liars are 1 and 14. 9

Problem 5: Generators (25 Marks) Let p > 3 be prime, and let g 1,..., g m be the generators of Z p. Prove that their product is 1 mod p. That is, prove that m g i = 1 (mod p) i=1 Answer: We prove two claims. First, we claim that if g is a generator of Z p, then so is g 1. For if (g 1 ) k = 1 (mod p), then g k = 1 (mod p) as well, meaning that the powers of g 1 that evaluate to 1 are precisely the power of g that evaluate to 1. Since the smallest non zero power of g that evaluates to 1 is p 1, the smallest non zero power of g 1 that evaluates to 1 is also p 1 meaning that g 1 is a generator as well. Secondly, we claim that g g 1. If not, that would mean that g 2 = 1 (mod p). This contradicts the fact that g is a generator for any p > 3. Put together, we can partition the set of generators into pairs (g i, gi 1 ) where the two elements in each pair are distinct. Thus, m i=1 g i = (g i g 1 i ) = 1 (mod p) 10

11

WORK SHEET 12

WORK SHEET 13

WORK SHEET 14

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback