Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

MATH 470.200/501 Examination 2 Solutions November 3, 2011

advertisement 
MATH 470.200/501
Examination 2 Solutions
November 3, 2011
1. Alice and Bob are using RSA to communicate.
(a) Alice’s encryption key is (n1 , e1 ) = (187, 7). Alice wants to encode the plaintext ‘10’ to
send to Bob. What is the ciphertext that she sends?
(b) On another occasion, you intercept the ciphertext ‘5’ sent to Alice. Find Alice’s decryption
key and write down the expression that yields the plaintext. (You do not need to calculate
the plaintext completely.)
(c) Suppose that Bob’s encryption key is (n2 , e2 ) = (989, 12), and suppose that we have
discovered that φ(989) = 924. Use this information to factor 989.
Solution: (a) The ciphertext is c ≡ 107 (mod 187). We reduce this modulo 187 and find
c ≡ 175 (mod 187).
(b) The decryption exponent d is the multiplicative inverse of e = 7 modulo φ(187). We factor
187 = 11 · 17, so then φ(187) = 10 · 16 = 160. Therefore d ≡ 17 ≡ 23 (mod 160). There fore
the plaintext is m ≡ 523 (mod 187). This further reduces to 180, but it was not necessary
to calculate that far.
(c) If n = 989 = pq, we know that the quadratic polynomial x2 − (n − φ(n) + 1)x + n =
(x − p)(x − q). So we find the roots of x2 − 66x + 989 = 0: by the quadratic formula,
√
66 ± 400
66 ± 20
x=
=
= 23, 43.
2
2
Therefore, 989 = 23 · 43.
2. The following congruences hold:
789495 ≡ 8154
(mod 15841)
789990 ≡ 3039
7891980 ≡ 218
(mod 15841)
7893960 ≡ 1
789
7920
≡1
(mod 15841)
1231625 ≡ 4852
123
6500
15840
≡ 13000
789
≡1
(mod 15841)
(mod 15841)
(mod 15841)
1233250 ≡ 10094
(mod 13001)
13000
(mod 13001)
123
≡1
(mod 13001)
(mod 13001)
(1)
(2)
(3)
(4)
(5)
(a) Using the data in lines (1)–(3) above, apply the Miller-Rabin Primality Test to n = 15841.
What can you conclude about 15841? Explain.
(b) Using the data in lines (4)–(5) above, apply the Miller-Rabin Primality Test to n = 13001.
What can you conclude about 13001? Explain.
Solution: (a) n − 1 = 15840 = 25 · 495. We apply the Miller-Rabin Test with a = 789. From
the given data,
b0 ≡ 789495 ≡ 8154
6≡ ±1
(mod 15841),
b1 ≡ b20 ≡ 789990 ≡ 3039 6≡ −1
(mod 15841),
b2 ≡ b21 ≡ 7891980 ≡ 218 6≡ −1
(mod 15841),
2
3960
b3 ≡ b2 ≡ 789
≡1
6≡ −1
(mod 15841),
b4 ≡ b23 ≡ 7897920 ≡ 1
6≡ −1
(mod 15841).
1
Therefore, n = 15841 must be composite.
(b) n − 1 = 13000 = 23 · 1625. We apply the Miller-Rabin
data,
b0 ≡ 1231625 ≡ 4852
6≡ ±1
b1 ≡ b20 ≡ 1233250 ≡ 10094 6≡ −1
b2 ≡ b21 ≡ 1236500 ≡ 13000 ≡ −1
Test with a = 123. From the given
(mod 13001),
(mod 13001),
(mod 13001).
At this point, we stop since when we get to b2 we obtain −1 modulo n = 13001. Therefore
the Miller-Rabin Test is inconclusive or n = 13001 is ‘probably prime’.
3. Suppose that n = 1643 is being used for RSA encryption, and suppose that we have discovered
that the encryption exponent is e = 29 and that the decryption exponent is d = 269. Suppose
further that the following congruences hold:
2975 ≡ 1613
5975 ≡ 931
3975 ≡ 712
(mod 1643)
(mod 1643)
6975 ≡ 1642
(mod 1643)
(mod 1643).
Use the Universal Exponent Factorization Method to factor 1643. Show your work.
Solution: Because e = 29 and d = 269 are encryption and decryption exponents for RSA, we
know that r = de − 1 = 7800 is a universal exponent modulo n = 1643. Now 7800 = 23 · 975,
so the given data contains some potential first steps in the Universal Exponent Factorization
Method. So we try the first one, with a = 2, and we have
b0 ≡ 2975 ≡ 1613 ≡
6 ±1
b1 ≡ b20 ≡ 900
6 ±1
≡
b2 ≡ b21 ≡ 1
≡1
(mod 1643),
(mod 1643),
(mod 1643).
Since b2 ≡ 1 (mod 1643) but b1 6≡ ±1 (mod 1643), we conclude that b1 − 1 = 900 − 1 = 899
must share a nontrivial factor with 1643. So we use the Euclidean Algorithm to compute
gcd(899, 1643):
1643 = 899 + 744,
899 = 744 + 155,
744 = 4 · 155 + 124,
155 = 124 + 31,
124 = 4 · 31 + 0.
Therefore gcd(899, 1643) = 31 and 31 divides 1643.
1643 = 31 · 53.
Dividing 1643 by 31, we see that
4. Let n = 7991. We know that 7991 is the product of two distinct primes. Suppose in carrying
out the quadratic sieve that you have found that
752 − n = −2366,
792 − n = −1750,
842 − n = −935,
942 − n = 845,
1012 − n = 2210,
1032 − n = 2618.
Use this information to factor 7991. Show your work.
2
Solution: We first factor each of the following numbers:
−2366 = −2 · 7 · 132 ,
−1750 = −2 · 53 · 7,
−935 = −5 · 11 · 17,
845 = 5 · 132 ,
2210 = 2 · 5 · 13 · 17,
2618 = 2 · 7 · 11 · 17.
Therefore,
752 ≡ −2 · 7 · 132
(mod 7991),
792 ≡ −2 · 53 · 7
842 ≡ −5 · 11 · 17
(mod 7991),
942 ≡ 5 · 132
2
101 ≡ 2 · 5 · 13 · 17
(mod 7991),
(mod 7991),
2
103 ≡ 2 · 7 · 11 · 17
(mod 7991),
(mod 7991).
We now search for a subcollection of these congruences whose right-hand sides multiply together to give a perfect square. There are a few ways to do this, but here are two that
work:
752 · 792 · 942 ≡ 22 · 54 · 72 · 134
(mod 7991),
792 · 842 · 1032 ≡ 22 · 54 · 72 · 112 · 172
(mod 7991).
In the first case we take
x ≡ 75 · 79 · 94 ≡ 556950 ≡ 5571
(mod 7991),
2
y ≡ 2 · 5 · 7 · 13 ≡ 59150 ≡ 3213
(mod 7991).
We check easily that x 6≡ ±y (mod 7991), so we go ahead an compute gcd(x − y, 7991) =
gcd(2358, 7991):
7991 = 3 · 2358 + 917,
2358 = 2 · 917 + 524,
917 = 524 + 393,
524 = 393 + 131,
393 = 3 · 131 + 0.
Therefore gcd(2358, 7991) = 131 is a factor of 7991, and by division the other is 61, yielding
7991 = 61 · 131. Now in the second case (either one would suffice of course), we take
x ≡ 79 · 84 · 103 ≡ 683508 ≡ 4273
(mod 7991),
2
y ≡ 2 · 5 · 7 · 11 · 17 ≡ 65450 ≡ 1522
(mod 7991).
Again x 6≡ ±y (mod 7991), and we compute gcd(x − y, 7991) = gcd(2751, 7991):
7991 = 2 · 2751 + 2489,
2751 = 2489 + 262,
2489 = 9 · 262 + 131,
262 = 2 · 131 + 0.
So gcd(2751, 7991) = 131 and 131 divides 7991. Again we find that 7991 = 61 · 131.
3
5. Throughout this problem we work modulo p = 19, with chosen primitive root α = 3.
(a) Show that L3 (5) = 4.
(b) Use the Pohlig-Hellman algorithm to find L3 (2).
Solution: (a) We check easily that 34 ≡ 81 ≡ 5 (mod 19).
(b) We first calculate that p − 1 = 18 = 2 · 32 . We let x = L3 (2). First we calculate x modulo
2, so take q = 2. We need to find x0 ∈ {0, 1} so that 39x0 ≡ 29 ≡ 18 (mod 19), which requires
x0 = 1. Therefore x ≡ 1 (mod 2).
Now we calculate x modulo 32 = 9, taking q = 3. We need to find x0 ∈ {0, 1, 2} so that
36x0 ≡ 26 ≡ 7 (mod 19). We check that x0 = 1. Then set β1 = 3−1 · 2 ≡ 7 (mod 19), and
(p−1)/q 2
we need to find x1 ∈ {0, 1, 2} so that 36x1 ≡ β1
≡ 72 (mod 19). We check that x1 = 2,
and so x ≡ 1 + 2 · 3 ≡ 7 (mod 9). So all together we need x to satisfy
x≡1
(mod 2),
x≡7
(mod 9).
The Chinese Remainder Theorem states that this system has a unique solution modulo 18.
By inspection x ≡ 7 (mod 18) satisfies both congruences, and so L3 (2) = 7.
6. Alice and Bob are again using RSA to communicate. They are using the same modulus n, so
that Alice’s public encryption key is (n, eA ) and Bob’s is (n, eB ). Alice and Bob happen to
have chosen eA and eB that are relatively prime.
Now Charles wants to send the message m to both Alice and Bob. You may assume that
m < n.
(a) What does Charles send to Alice? What does he send to Bob?
(b) Suppose that Eve intercepts both of these transmissions. Show how Eve can recover m
without factoring n.
Solution: (a) Charles sends cA ≡ meA (mod n) to Alice and cB ≡ meB (mod n) to Bob.
(b) Eve intercepts cA and cB . Now since eA and eB are relatively prime (gcd(eA , eB ) = 1),
Eve can find s, t ∈ Z so that seA + teB = 1. Therefore, Eve calculates
csA · ctB ≡ mseA · mteB
seA +teB
≡m
≡ m1
(mod n),
(mod n),
(mod n).
Therefore csA · ctB ≡ m (mod n) yields m without ever factoring n.
4
Related documents
Applied Algebra
Applied Algebra
MATH 3360 Exam I July 25, 1994
MATH 3360 Exam I July 25, 1994
Applied Algebra
Applied Algebra
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
Document10389957 10389957
Document10389957 10389957
MOONEY N66ET SPECS
MOONEY N66ET SPECS
Variables Assessment
Variables Assessment
Math 4330, Homework 7, 3/10/2014 : Due 3/24/2014
Math 4330, Homework 7, 3/10/2014 : Due 3/24/2014
Download
advertisement