* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Cryptography Midterm Solutions
Survey
Document related concepts
Elementary algebra wikipedia , lookup
Cubic function wikipedia , lookup
Root of unity wikipedia , lookup
Quadratic equation wikipedia , lookup
History of algebra wikipedia , lookup
Factorization wikipedia , lookup
Quartic function wikipedia , lookup
Chinese remainder theorem wikipedia , lookup
Factorization of polynomials over finite fields wikipedia , lookup
Fundamental theorem of algebra wikipedia , lookup
System of polynomial equations wikipedia , lookup
Transcript
Cryptography Midterm Solutions 1. Show that 223 ≡ 10 mod 29. Solution I thought this one was free marks. Sorry that it caused people so much trouble. Everything mod 29: 223 = (25 )4 · 23 ≡ 324 · 23 ≡ 34 · 23 ≡ 27 · 24 ≡ (−2) · (−5) ≡ 10 2. Show the following for positive real functions f, g, and h. If g(x) = O(2x ), h(x) = O(x2 ), and f (x) = g(x) + h(x) for all x, then f (x) = O(2x ). Solution As g(x) = O(2x ), there is cg such that limx→∞ g(x)/2x < cg . Similarily there is ch such that limx→∞ h(x)/x2 < ch . Also, by l’hopital we have that lim x→∞ x2 2x 2 = lim = lim = 0. x→∞ ln 2 · 2x x→∞ (ln 2)2 2x 2x So lim f (x)/2x x→∞ = = = = g(x) + h(x) 2x lim g(x)/2x + lim h(x)/2x lim x→∞ x→∞ x→∞ lim g(x)/2x + lim h(x)/x2 · lim x2 /2x x→∞ x→∞ x→∞ cg + ch · 0 = cg This gives us that that f (x) = O(2x ). 3. Use the Chinese Remainder theorem to find a solution to x2 ≡ 52 mod 136. Observe that 136 = 8 × 17) Solution Modulo 8 the equation is x2 ≡ 4 so has 2 as a solution. Modulo 17 the equation is x2 ≡ 1 so has 1 as a solution. We lift these solutions to a solution modulo 136. x1 = 2 is a solution to the first equation x ≡ 2 mod 8. So x2 = 2 + 8c where c = (1 − 2)8−1 mod 17. Mod 17, 2 · 8 ≡ −1 so 15 · 8 ≡ (−2) · 8 = 1. Thus 8−1 = 15, and so c = −15 ≡ 2. Thus x2 = 2 + 8(2) = 18 is the solution to our equation. 4. Write pseudo-code for a program that determines whether or not g is a generator modulo a prime p. Solution Let D be a list of the divisors of p − 1 that are less than p − 1. FOR d in D DO: IF g d = 1 modulo p THEN OUTPUT ’g is not a generator’ and STOP END (DO loop) OUTPUT ’g is a generator’ and STOP. Even better: Let D be the list of p/q for prime divisors q < p of p. And then continue as above. OR (for two out of 3 points) Decide if 3 is a primitive element modulo 37. Solution Since 37 − 1 = 36 = 9 · 4 we must evaluate 312 and 318 . Modulo 37 we have 36 = 272 = −102 = 100 = 26 = −11 so 312 = (36 )2 = −112 = 132 = −16 6= 1 and 318 = 312 · 36 = −11 · −16 = 176 = 1. So no, 3 is not a primitive element. 5. Let (u1 , v1 ) and (u2 , v2 ) be two integer solutions to au + bv = 1. Prove that a divides v2 − v1 . Solution As there is a solution, we have that gcd(a, b) = 1. As they are both solutions au1 + bv1 = 1 = au2 + bv2 . Collecting terms, a(u1 − u2 ) = b(v2 − v1 ). So a|b(v2 − v1 ). As gcd(a, b) = 1 this gives us that a|(v2 − v1 ). 6. (a) What is the El Gamal Problem (EGP) for a prime p and a generator g of F∗p . Solution Given p, g, A = g a , c1 = g b and c2 = mAb where a, b and m are secret, find m. (Every thing is modulo p.) (b) Give a polynomial reduction of the EGP to the discrete log problem (DLP) for p and g. (Give the reduction and argue that it is polynomial.) Solution Solving the DLP logg A we get a. Then we can solve the El Gamal problem −ab mg ab = m. This algorithm for input as Alice would: compute c−a 1 c2 = g of k bits requires DLP (k) plus inversion O(k3 ) powering O(k3 ) and a product O(k2 ). So it has running time O(DLP (k) + k3 ). This is a polynomial reduction to DLP . 7. Prove that φ(m) = m − 1 implies that m is prime. Solution As φ(m) is the number of integers in 1, . . . , m that are relatively prime to m, and m is never one of these, φ(m) = m − 1 implies that all numbers 1, . . . , m − 1 are prime to m. This means that m is prime. 8. Let p be an odd prime and let g be a primitive root modulo p. An integer a has a square root modulo p if there is some integer b such that b2 = a modulo p. Prove that a has a square root modulo p if and only if logg (a) modulo p is even. Solution If logg (a) is even, so 2e for some integer e, then g 2e = a and so b = g e is a square root of a. On the other hand, if b2 = a modulo p then where e = logg (b), (so 1 ≤ e ≤ p − 1), we have that g 2e = b2 = a. Write 2e = c(p − 1) + r for some r with 1 ≤ r ≤ p − 1. Then g r = g 2e−c(p−1) = g 2e · g (p−1)·c ≡ g 2e ≡ a. So logg (a) = r, but r = 2e − c(p − 1), so because e and p − 1 are even, so is r.