Download MIDTERM 1 TUESDAY, FEB 23 SOLUTIONS 1.– (15 points

MIDTERM 1
TUESDAY, FEB 23
SOLUTIONS
1.– (15 points) Compute gcd(81, 237)
Solution: The answer is 3. There is many correct ways to prove it. For
example:
a) By the algorithm
237
81
75
12
=
=
=
=
81 × 2 + 75
75 × 1 + 6
6 × 12 + 3
3×4+0
Hence the gcd is 3.
b) Or: the decomposition as a product of primes of the numbers are 81 = 34
and 237 = 3 × 79, so the gcd is 3.
2.– (20 points) Shows that a|b implies φ(a)|φ(b). (Here φ is the Euler’s
function).
Solution: Write a as a product of prime a = pk11 . . . pkr r with the pi ’s
distincts prime and the ki ’e natural numbers. Since a|b, the decomposition
k0
k0
of b contains the same prime with equal or higher multiplicty: b = p11 . . . pr r
with ki0 ≥ ki for i = 1, . . . , r. Now we apply the formula for φ:
φ(a) = (pk11 −1 (p1 − 1)) . . . (pkr r −1 (pr − 1))
k0 −1
0
φ(b) = (p11 (p1 − 1)) . . . (pkr r −1 (pr − 1))
k0 −k1
Hence φ(b)/φ(a) = pi 1
Therefore φ(a)|φ(b).
k0 −kr
. . . pr r
which is an integer since ki0 ≥ ki for all i.
3.– (20 points) Let a be an integer, u, v, m be natural numbers, and assume
that au ≡ 1 (mod m) and that av ≡ 1 (mod m). Show that agcd(u,v) ≡ 1
(mod m).
1
2
MIDTERM 1 TUESDAY, FEB 23 SOLUTIONS
Solution: by Bezout, there exists two integers x, y such that xu + yv =
gcd(u, v). Hence
agcd(u,v) =
=
≡
≡
axu+bv
(au )x (av )y
1x 1y (mod m)
1 (mod m)
4.– The aim of this problem is to improve Euler’s theorem for a modulus
m = 8, 16, 32, 64, . . . ,, that is m = 2n+2 where n is a natural integer.
Let n be a natural number.
a.– (15 points) Show that
52
and that
n−1
≡ 1 + 2n+1
n
52 ≡ 1
(Hint: use induction over n)
(mod 2n+2 ),
(mod 2n+2 ).
b.– (15 points) Deduce that for any integer u = 1, . . . , 2n − 1, one has
5u 6≡ 1
(mod 2n+2 ).
(Hint: use the question a. and exercise 3)
c.– (15 points) Show that for any two distinct integers u, v in {0, . . . , 2n −1},
one has
5u 6≡ 5v (mod 2n+2 )
and
5u 6≡ −5v (mod 2n+2 ).
d.– (15 points) Show that for any odd integer a, there exists an u in
{0, . . . , 2n − 1} such that either a ≡ 5u (mod 2n+2 ) or a ≡ −5u (mod 2n+2 ).
n
e.– (15 points) let a be an odd number. Show that a2 ≡ 1 (mod 2n+2 ).
Why is that an improvement on Euler’s theorem for m = 2n+2 ? Is it possible
to improve Euler’s theorem further by finding a natural number u < 2n such
that au ≡ 1 (mod 2n+2 ) for every odd integer a?
Solution: a.– We prove the two formuals by induction over n. For n = 1,
they read respectively 5 ≡ 1 + 22 (mod 5) and 52 ≡ 1 (mod 8), both being
cleraly true (the latter since 25 = 3 × 8 + 1).
Assume that
n−1
52
≡ 1 + 2n+1 (mod 2n+2 ),
that is that
n−1
52
= 1 + 2n+1 + 2n+2 k for some integer k.
Taking the square, we get
n
52 = 1 + 2 × 2n+1 + 2 × 2n+2 k + (2n+1 (1 + 2k))2 22n+2 .
MIDTERM 1
TUESDAY, FEB 23
SOLUTIONS
3
In the right hand side of this equation, all terms except the first two are
clearly divisible by 2n+3 . Therefore
52
n+1
≡ 1 + 2n+2
(mod 2n+3 ),
which completes the induction step for the for the first formula.
The induction step of the second formula is similar, but actually simpler:
n
n
assume that 52 ≡ 1 (mod 2)n+2 , that is 52 = 1 + 2n+2 k for some integer k.
n+1
n+1
Taking squares of both side, one gets 52
= 1 + 2n+3 k + 22n+4 k 2 , so 52
≡1
(mod 22n+3 ) and we are done.
b.–
Assume first that u is a power of 2, that is u = 2l−1 with 1 ≤ l ≤ n, so by
question a.–, applied to l instead of n, one has
5u = 52
l−1
≡ 1 + 2l+1 6≡ 1
(mod 2l+2 )
so a fortiori 5u 6≡ 1 (mod 2n+2 ).
In the general case, assume by contraduction that 5u ≡ 1 (mod 2n+2 ). We
n
also have by question a.– that 52 ≡ 1 (mod 2n+2 ). By exercise 3, we then
n
get that 5gcd(u,2 ) ≡ 1 (mod 2n+2 ). But u0 := gcd(u, 2n ) is certainly a power
of 2, less or queal than u so less or equal than 2n−1 . And for such u0 we have
0
already seen 5u 6≡ 1 (mod 2n+2 ), a contradiction.
c.– Assume by contradiction that 5u ≡ 5v (mod 2n+2 ), with u 6= v. Up
to interchanging u and v we can assume that u > v. Since 5, hence 5v is
relatively prime to 2, hence to 2n+2 , we can simplify by 5v and get 5u−v ≡ 1
(mod 2n+2 ). The integer u − v is a natural integer between 1 and 2n − 1, so
the above congruence contradicts the preceding question. Therefore, we have
5u 6≡ 5v (mod 2n+2 ) if u 6= v.
Assume now by contradiction that 5u ≡ 5v (mod 2n+2 ), with u 6= v. Rea0
sonning as above, we get that 5u ≡ −1 (mod 2n+2 ) for some natural number
0
u0 . But since 4|2n+2 , this implies 5u ≡ −1 (mod 4) which is obviously absurd
since 5 ≡ 1 (mod 4).
d.– This is a counting argument: by the above question, the odd integers
5 and −5v for u, v running betweem 0 and 2n − 1 are all uncongruent modulo
2n+2 . That makes 2n+1 of them (2n for the 5u ’s and 2n for the −5v ).
On the other hand, there is exactly 2n+1 odd integers a between 1 and 2n+2 ,
all obviously incongruent. It follows that any odd integer a between 1 and
2n+2 must be congruent to either 5u or −5v modulo 2n+2 .
The same holds for any odd integer, because any odd integer is obviously
congruent to an odd integer between 1 and 2n+2 modulo 2n+2 .
u
n
e.– Let a be an odd integer. Then a ≡ (±5)u (mod 2n+2 ). Then a2 ≡
n
n
(5u )2 ≡ (52 )u ≡ 1u ≡ 1 (mod 2n ) by the first question.
This results is an improvment on Euler’s theorem: as φ(2n+2 ) = 2n+1 ,
n+1
≡ 1 (mod 2)n+2 for any odd integer a. Here
Euler’s theorem states that a2
we have proved the same result with a smaller exponent, 2n instead of 2n+1 ,
n
that is that a2 ≡ (mod 2n+2 ). That’s clearly better, since we can deduce
4
MIDTERM 1 TUESDAY, FEB 23 SOLUTIONS
Euler’s theorem by simply squaring our result, while there is no obvious way
to deduce our result form Euler’s theorem.
It is not possible to improve further, and get an even smaller exponent, by
question c.
RemarkL” Hence the smallest natural number u such that au ≡ 1 (mod 2n+2 )
for all odd a is 2n . In general, one can ask: for a fixed number m, what is the
smallest natural number u such that au ≡ 1 (mod m) for all a relatively prime
to m? Euler’s theorm implies that u ≤ φ(m), but the example of m = 2n+2
shows that this inequality may be strict. An other example is dealt with in
Problems set 3. In general, the answer to this question is called “Carmichael’s
theorem”. (You may google it to see what it says).
5.– (30 points)
You have intercepted the message 8 and you know this message was encoded
according to the RSA method with the exponent k = 7 and modulus m = 65
(in other words, you know that ak ≡ 8 (mod m)) where a was the original
message – an integer between 1 and m and relatively prime to m.). Break the
code to find the original message a.
Let b be the remainder in the division of the number of letters of your last
name by 4 (for example, for “BELLAICHE”, b = 1, while for “BERGDALL”,
b = 0). Let c = a + b − 1
You are asked to encode c using the RSA method (with the same m and k
as above), and write down the result (that is write down ck (mod m)).
(No justification necessary.)
Solution: You know that a7 ≡ 8 (mod 65). To “break the code”, we
have to factor 65 into a product of primes, which in this case is very easy:
m = 65 = 5 × 13. So φ(m) = 4 × 12 = 48. At this point, the RSA algorithm
suggests us to find a Bezout relation between k = 7 and φ(m) = 48, which
in this case is easy: 7 × 7 − 48 × 1 = 1. So we find, using Euler’s theorem
(a48 ≡ 1 (mod 65)), that a ≡ a49 ≡ (a7 )7 ≡ 87 (mod 65), and to find a we
just have to compute 87 using the method of succesive squarings. We find
82 ≡ 64 ≡ −1 (mod 65), and 84 ≡ (−1)2 ≡ 1 (mod 65). Finally a ≡ 87 ≡
84 × 82 × 81 ≡ −8 ≡ 57 (mod 65).
Now if b = 0, c = 56 ≡ −9 mod 65, c2 ≡ 81 ≡ 16 (mod 65), c4 ≡ 256 ≡
−4 (mod 65), so c7 ≡ (−9) × 16 × (−4) ≡ 36 × 16 ≡ 63, so the answer is 63.
If b = 1, c = 57 = −8, and c7 ≡ 8 (mod 65).
If b = 2, c = 58 ≡ −7 (mod 65), c2 ≡ 49 ≡ −16 (mod 65), c4 ≡ 256 ≡ −4
and c7 ≡ (−7) × (−16) × (−4) ≡ 7 (mod 65).
If b = 3, c = 59 ≡ −6 (mod 65), b2 ≡ 36, b4 ≡ 1296 ≡ −4 (mod 65), and
7
c ≡ 19 (mod 65).