Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Quantum Physics

Mathematics 360 Homework (due Dec 11) A. Hulpke

advertisement 
Mathematics 360
A. Hulpke
Homework (due Dec 11)
67) Let p be a prime and q a divisor of p − 1 and 1 < a < p such that OrderMod p (a) = q. a) We know that
•
•
•
•
There are q different powers of a (including a 0 = 1) modulo p.
Any power of a has order dividing q.
Any element of order s dividing q can be obtained as power of a.
There are φ(s) elements of order s.
Conclude that q = ∑s∣q φ(s), i.e. the sum is over the divisors s of q.
p−1
b) Show that for an odd p there are at most 2 elements of odd order, i.e. at least half the elements modulo p are of
even order.
68) Factorize 9374251 using Pollard’s ρ-method (you do not need to group differences for Gcd calculations and may
choose to simply take differences instead of running a double-step loop).
You may use a computer for modulo arithmetic and for computing gcds and IsPrime for primality tests.
69) We consider the drawing of random elements (with repetition) from a set of p elements. Suppose that the first
repeated drawing occurs with the m-th (m ≥ 2) draw.
a) Using the inequality 1 − x ≤ e −x , show that for j ≥ 2, the probability
prob(m ≥ j) ≤ ∏ e −(i−1)/p ≤ e −( j−2)
2
/2 p
.
1≤i< j
b) The expected value for the number of choices m is defined as:
E(m) = ∑ j ⋅ prob(m = j)
= ∑ prob(m ≥ j)
j≥2
j≥2
(you do not need to show this). Show that:
E(m) ≤ 1 +
∫
0
∞
e −x
2
/2 p
dx ≤ 1 +
√
2p
∫
0
∞
2
e −x dx
(Hint: Riemann sum and substitution)
c) Assuming that the function f (x) = x 2 +1 produces “random” values, show that there is a constant c such that Pollard’s
√
ρ method will take in average c p steps to find a prime factor p.
70) Explain why it would not be a good idea to use the function f (x) = x + 1 in Pollard’s ρ method. (In the same way,
all linear functions will not work.)
71) Let n = pq be the product of two different primes and 1 < a < n with gcd(a, n) = 1, r = OrderModn (a) and
r
b ≡ a 2 ≡/ −1 (mod n). (Many such elements a exist – c.f. the Miller-Rabin primality test.)
We then know that b ≡/ 1 (mod n) and b 2 ≡ 1 (mod n), so b is one of the two other square roots of 1 we looked at when
analyzing the Miller-Rabin test. From this analysis we know (up to swapping the roles of p and q) that b ≡ −1 (mod p)
and b ≡ 1 (mod q).
Show that gcd(b − 1, n) =/ 1.
Note: You have thus shown that if you can determine OrderModn (a) cheaply, you can factor n cheaply. This is the basis
of Shor’s polynomial-time quantum algorithm for factorization.
Practice Problems:
3.23, 3.24, 3.25
Final
As announced in class the final will be given as a take-home final.
Related documents
Math 350 – Practice Exam 1
Math 350 – Practice Exam 1
Mathematics 400c Homework (due Apr. 7) 56) 57)
Mathematics 400c Homework (due Apr. 7) 56) 57)
Factorization of Quadratic Sieve
Factorization of Quadratic Sieve
MA342J: Introduction to Modular Forms Homework 5, due on March 28
MA342J: Introduction to Modular Forms Homework 5, due on March 28
Homework 8
Homework 8
> (1) (2) (3)
> (1) (2) (3)
Math 470 Exam 1 Sample Problems September 22, 2011
Math 470 Exam 1 Sample Problems September 22, 2011
COMPUTER PROBLEMS: DAY 9
COMPUTER PROBLEMS: DAY 9
2BA1: Mathematics for Students in Computer Science
2BA1: Mathematics for Students in Computer Science
Chapter17Math412note..
Chapter17Math412note..
Introduction to Cryptography Summer ’03 Homework #2 Assigned: Thursday, 6/19/03 Due: Thursday, 7/3/03
Introduction to Cryptography Summer ’03 Homework #2 Assigned: Thursday, 6/19/03 Due: Thursday, 7/3/03
Summer School - Number Theory for Cryptography F. Morain
Summer School - Number Theory for Cryptography F. Morain
Download
advertisement