IMT4551 – Selected topics in cryptology Exercise 4 Evaluate the
advertisement
IMT4551 – Selected topics in cryptology Exercise 4 1801 1. Evaluate the Jacobi symbol (8191), using the properties of the Jacobi symbol. The following theorem can be useful in the computation of the Jacobi symbol: Theorem Let n be an odd positive integer and let a,b0. Then the following identities hold 1. 0 1,if n 1 n 0 ,if n 1 2. 2 1,if n 1 mod 8 n 1,if n 3 mod 8 3. a b if ab (mod n) n n 4. ab a b n n n 5. n if a n 3 mod 4 a a n n , otherwise a We are going to check those properties in this order: 1, 5, 3, 4, 2 and thus reduce the complexity of the evaluation problem. 1801 5 8191 3 987 5 1801 3 8191 1801 1801 987 3 814 4 2 407 2 407 5 987 3 987 987 987 987 407 3 173 5 407 3 61 5 173 3 51 5 407 173 173 61 61 5 61 3 10 4 2 5 2 5 5 51 51 51 51 51 5 51 3 1 1 5 5 2. Check whether n=8633 is prime, by means of the Solovay-Strassen algorithm. Set a=7019 7019 We first have to compute the Jacobi symbol (8633). We use the properties of the Jacobi symbol. 7019 5 8633 3 1614 4 2 807 2 8633 7019 7019 7019 7019 2 807 5 7019 3 563 5 807 3 7019 807 807 563 2 3 244 4 2 61 2 61 5 563 3 14 4 563 563 563 563 61 61 4 2 7 2 7 5 61 3 5 5 61 61 61 7 7 5 7 3 2 2 1 5 5 Then we compare the computed value of the Jacobi symbol with 𝑦 = 𝑎 𝑦 = 7019 8633−1 2 𝑛−1 2 mod 𝑛 mod 8633 = 70194316 mod 8633 We use modular exponentiation. 431610=10000110111002 (use the arrow algorithm). Thus we have i 0 1 2 3 4 5 6 7 8 9 10 11 12 2𝑖 20 21 22 * 23 * 24 * 25 6 2 * 27 * 28 29 210 211 12 2 * 𝑖 70192 mod 8633 7019 6463 3915 3650 1781 3650 1781 3650 1781 3650 1781 3650 1781 So we have 70194316 mod 8633 = 3915 ∙ 3650 ∙ 1781 ∙ 1781 ∙ 3650 ∙ 1781 = 5784 (mod 8633) We conclude that 8633 is not prime. 3. Factorize the integer 8633 using Fermat’s factorization. Let n=a×b, where a and b are close together. Then n ab a 2 ab b 2 a 2 ab b 2 4 2 4 4 2 4 2 2 a b a b 2 2 t s t s t s 2 2 As a and b are close, s is small, so t is only slightly larger than √𝑛 . In that case we can find a and b by trying all values of t starting with ⌊√𝑛 + 1⌋, until we find one for which 𝑠 2 = 𝑡 2 − 𝑛 is a perfect square. We first compute the square root of 8633 √8633 = 92,91 That means that we should try the integers 92+1, 92+2, … 92+1=93 932-8633=16=42 Since 16 is a perfect square, we have 8633=932-42=(93-4)(93+4)=8997 4. Factorize the integer 82123 using the Pollard’s rho algorithm. Set x0=631 and f(x)=x2+1. We give the Pollard’s rho algorithm here: Let x0 be a random integer in Zn Let y0x0, i0 repeat ii+1; xif(xi-1) mod n; yif(f(yi-1)) mod n if 1<(xi-yi,n)<n then return (xi-yi,n) else if (xi-yi,n)=n then return “failure” In our case, n=82123, x0=631 and f(x)=x2+1. We set y0=x0=631, i=0. ii+1=1 x1=f(x0) mod n=6312+1 mod 82123 = 69670 y1=f(f(y0)) mod n = (6312+1)2+1 mod 82123 = 28986 By using Euclidean algorithm, we get that (69670-28986,82123)=(40684,82123)=1 ii+1=2 x2=f(x1) mod n=696702+1 mod 82123 = 28986 y2=f(f(y1)) mod n = (289862+1)2+1 mod 82123 = 13166 By using Euclidean algorithm, we get that (28986-13166,82123)=(15820,82123)=1 ii+1=3 x3=f(x2) mod n=289862+1 mod 82123 = 69907 y3=f(f(y2)) mod n = (131662+1)2+1 mod 82123 = 40816 By using Euclidean algorithm, we get that (69907-40816,82123)=(29091,82123)=1 ii+1=4 x4=f(x3) mod n=699072+1 mod 82123 = 13166 y4=f(f(y3)) mod n = (408162+1)2+1 mod 82123 = 20459 By using Euclidean algorithm, we get that (13166-20459,82123)=(-7923,82123)= =(-7923+82123,82123)=(74830,82123)=1 ii+1=5 x5=f(x4) mod n=131662+1 mod 82123 = 64027 y5=f(f(y4)) mod n = (204592+1)2+1 mod 82123 = 6685 By using Euclidean algorithm, we get that (64027-6685,82123)=(57342,82123)=1 ii+1=6 x6=f(x5) mod n=640272+1 mod 82123 = 40816 y6=f(f(y5)) mod n = (66852+1)2+1 mod 82123 = 75835 By using Euclidean algorithm, we get that (40816-75835,82123)=(-35019,82123)= =(-35019+82123,82123)=(47104,82123)=1 ii+1=7 x7=f(x6) mod n=408162+1 mod 82123 = 80802 y7=f(f(y6)) mod n = (758352+1)2+1 mod 82123 = 17539 By using Euclidean algorithm, we get that (80802-17539,82123)=(63263,82123)=41. The algorithm stops and 41 is a factor of 82123. Thus 82123=412003. 5. Apply the baby-step giant-step algorithm to find the discrete logarithm of 3 and ∗ 10 in 𝑍23 using the generator = 5. n=23, =5, =3. Then 𝑚 = ⌈√23⌉ = 5 We produce the table of powers of j, 0jm-1 first and then we sort it j 5j mod 23 0 1 1 5 2 2 3 10 4 4 j 5j mod 23 0 1 2 2 4 4 1 5 3 10 Then we compute -m=-5=(5)-1=(55)-1 mod 23=20-1. We use the extended Euclidean algorithm. 23=120+3 20=63+2 3=12+1 So we have 1=3-2=3-(20-63)=3-20+63=73-20=7(23-20)-20=723-720-20=723-820 If we take modulo 23 on both sides we get 1=-820=1520 That means -m=15. We set ==3 Now for i=0,1,2,3,4 we try whether -m can be found in the second row of the table. i=0, =3 i=1, =315 mod 23 = 22 i=2, =2215 mod 23 = 8 i=3, =815 mod 23 = 5 Since 5 can be found in the second row of the sorted table for j=1, we get log53=im+j=35+1=16 n=23, =5, =10. Then 𝑚 = ⌈√23⌉ = 5 We use the same tables from the first example, since they do not depend on . We see that ==10 can be found in the second row of the sorted table for i=0, j=3. Thus log510=im+j=05+3=3. ∗ 6. Let q=113, and =3 be a generator of 𝑍113 . Alice and Bob want to establish a common secret key by means of the Diffie-Hellman secret key exchange algorithm. If Alice generates a random number x=30 and Bob generates a random number y=59, show how they establish the common secret key. Alice computes a=x mod q=330 mod 113=91 and sends a to Bob. Bob computes b=y mod q =359 mod 113=86 and sends b to Alice. Then Alice computes bx mod q=(y )x mod q=xy mod q =8630 mod 113=87. Bob computes ay mod q=(x )y mod q=xy mod q =9159 mod 113=87.
