IMT4551 – Selected topics in cryptology
Exercise 1
1. Determine all the generators of Z6.
Z6={0,1,2,3,4,5}
The neutral element e=0, since the operation * of the group is the addition.
We try 1 first
10=e=0
11=1
12=1+1 mod 6 = 2
13=2+1 mod 6 = 3
14=3+1 mod 6 = 4
15=4+1 mod 6 = 5
16=5+1 mod 6 = 0
Since all of the elements of Z6 were generated by powering 1, 1 is a generator of Z6.
We proceed similarly with the other elements of Z6.
20=e=0
21=2
22=2+2 mod 6 = 4
23=4+2 mod 6 = 0
This means that 2 is not a generator of Z6.
30=e=0
31=3
32=3+3 mod 6 = 0
3 is not a generator of Z6
40=e=0
41=4
42=4+4 mod 6 = 2
43=2+4 mod 6=0
4 is not a generator of Z6.
50=e=0
51=5
52=5+5 mod 6 = 4
53=4+5 mod 6 = 3
54=3+5 mod 6 = 2
55=2+5 mod 6 = 1
56=1+5 mod 6 = 0
That means that 5 is a generator of Z6.
2. Find (x8+x6+x3+x2+1, x5+x3+1). The coefficients are in GF(2).
(x8+x6+x3+x2+1):(x5+x3+1)=x3
x8+x6+x3
x2+1
(x5+x3+1):( x2+1)=x3
x5+x3
1
(x2+1):1= x2+1
0
which means that (x8+x6+x3+x2+1, x5+x3+1)=1.
3. Find (x9+x8+ x7+x6+ x+1, x8+x7+ x6+x5+ x4+ x3+ x+1). The coefficients are in GF(2).
(x9+x8+ x7+x6+ x+1):(x8+x7+ x6+x5+ x4+ x3+ x+1)=x
x9+x8+x7+x6+x5+x4+x2+x
x5+x4+x2+1
(x8+x7+ x6+x5+ x4+ x3+ x+1): (x5+x4+x2+1)=x3+x+1
x8+x7+x5+x3
x6+ x4+ x+1
x6+x5+x3+x
x5+ x4+ x3+1
x5+x4+x2+1
x3+ x2
(x5+x4+x2+1): (x3+ x2)=x2
x5+x4
x2+1
(x3+ x2):(x2+1)=x+1
x3+x
x2+x
x2+1
x+1
(x2+1):(x+1)=x+1
x2+x
x+1
x+1
0
which means that (x9+x8+ x7+x6+ x+1, x8+x7+ x6+x5+ x4+ x3+ x+1)=x+1
4. Check the polynomial f(x)= x6+x3+x+1 for irreducibility in GF(2).
f(x)= x6+x3+x+1, n=6k=1,2,3
k=1
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 2 + 𝑥) mod (𝑥 6 + 𝑥 3 + 𝑥 + 1) = 𝑥 2 + 𝑥
So we have to compute
(x2+x, x6+x3+x+1)
We apply the Euclidean algorithm
(x6+x3+x+1):(x2+x)=x4+x3+x2
x6+x5
x5+x3+x+1
x5+x4
x4+x3+x+1
x4+x3
x+1
(x2+x):(x+1)=x
x2+x
0
which means that (x2+x, x6+x3+x+1)=x+11 and because of that the polynomial f(x) is not
irreducible.
5. Check the polynomial f(x)= x6+x5+ 1 for irreducibility in GF(2).
f(x)= x6+x5+ 1, n=6k=1,2,3
k=1
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 2 + 𝑥) mod (𝑥 6 + 𝑥 5 + 1) = 𝑥 2 + 𝑥
So we have to compute
(x2+x, x6+x5+ 1)
We apply the Euclidean algorithm
(x6+x5+ 1):(x2+x)=x4
x6+x5
1
(x2+x):1=x2+x
x2+x
0
which means that (x2+x, x6+x5+1)=1.
k=2
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 4 + 𝑥) mod (𝑥 6 + 𝑥 5 + 1) = 𝑥 4 + 𝑥
(x6+x5+ 1):(x4+x)=x2+x
x6+x3
x5+x3+1
x5+x2
x3+x2+1
(x4+x):(x3+x2+1)=x+1
x4+x3+x
x3
x3+x2+1
x2+1
(x3+x2+1):(x2+1)=x+1
x3+x
x2+x+1
x2+1
x
(x2+1):x=x
x2
1
x:1=x
x
0
which means that (x4+x, x6+x5+1)=1.
k=3
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 8 + 𝑥) mod (𝑥 6 + 𝑥 5 + 1) = 𝑥 5 + 𝑥 2 + 1
(x8+x):(x6+x5+ 1)=x2+x+1
x8+x7+x2
x7+x2+x
x7+x6+x
x6+x2
x6+x5+1
x5+x2+1
(x6+x5+ 1):(x5+x2+1)=x+1
x6+x3+x
x5+x3+x+1
x5+x2+1
x3+x2+x
(x5+x2+1): (x3+x2+x)=x2+x
x5+x4+x3
x4+x3+x2+1
x4+x3+x2
1
(x3+x2+x):1= x3+x2+x
x3+x2+x
0
which means that (x5+x2+1, x6+x5+1)=1.
That means that x6+x5+1 is irreducible.
6. Check whether f(x)=x4+x3+1 is primitive. The coefficients are in GF(2).
First we check whether f(x)=x4+x3+1 is irreducible.
n=4k=1,2
k=1
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 2 + 𝑥) mod (𝑥 4 + 𝑥 3 + 1) = 𝑥 2 + 𝑥
(x4+x3+1): (x2+x)=x2
x4+x3
1
(x2+x):1= x2+x
x2+x
0
which means that (x2+x, x4+x3+1)=1.
k=2
𝑘
(𝑥 2 + 𝑥) mod 𝑓(𝑥) = (𝑥 4 + 𝑥) mod (𝑥 4 + 𝑥 3 + 1) = 𝑥 3 + 𝑥 + 1
(x4+x): (x4+x3+1)=1
x4+x3+1
x3+x+1
(x4+x3+1):(x3+x+1)=x+1
x4+x2+x
x3+x2+x+1
x3+x+1
x2
(x3+x+1):x2=x
x3
x+1
x2:(x+1)=x+1
x2+x
x
x+1
1
(x+1):1=x+1
x+1
0
which means that (x3+x+1, x4+x3+1)=1.
That means that x4+x3+1 is irreducible.
Now we check whether f(x) is primitive. We have to show that f(x) does not divide the
polynomials xk+1, k=n,…,2n-1-1.
n=4 k= 4,…,14
k=4
(x4+1):(x4+x3+1)=1
x4+x3+1
x3
k=5
(x5+1):(x4+x3+1)=x+1
x5+x4+x
x4+x+1
x4+x3+1
x3+x
k=6
(x6+1):(x4+x3+1)=x2+x+1
x6+x5+x2
x5+x2+1
x5+x4+x
x4+x2+x+1
x4+x3+1
x3+x2+x
k=7
(x7+1):(x4+x3+1)=x3+x2+x+1
x7+x6+x3
x6+x3+1
x6+x5+x2
x5+x3+x2+1
x5+x4+x
x4+x3+x2+x+1
x4+x3+1
x2+x
k=8
(x8+1):(x4+x3+1)=x4+x3+x2+x
x8+x7+x4
x7+x4+1
x7+x6+x3
x6+x4+x3+1
x6+x5+x2
x5+x4+x3+x2+1
x5+x4+x
x3+x2+x+1
k=9
(x9+1):(x4+x3+1)=x5+x4+x3+x2+1
x9+x8+x5
x8+x5+1
x8+x7+x4
x7+x5+x4+1
x7+x6+x3
x6+x5+x4+x3+1
x6+x5+x2
x4+x3+x2+1
x4+x3+1
x2
k=10
(x10+1):(x4+x3+1)=x6+x5+x4+x3+x
x10+x9+x6
x9+x6+1
x9+x8+x5
x8+x6+x5+1
x8+x7+x4
x7+x6+x5+x4+1
x7+x6+x3
x5+x4+x3+1
x5+x4+x
x3+x+1
k=11
(x11+1):(x4+x3+1)=x7+x6+x5+x4+x2+1
x11+x10+x7
x10+x7+1
x10+x9+x6
x9+x7+x6+1
x9+x8+x5
x8+x7+x6+x5+1
x8+x7+x4
x6+x5+x4+1
x6+x5+x2
x4+x2+1
x4+x3+1
x3+x2
k=12
(x12+1):(x4+x3+1)=x8+x7+x6+x5+x3+x+1
x12+x11+x8
x11+x8+1
x11+x10+x7
x10+x8+x7+1
x10+x9+x6
x9+x8+x7+x6+1
x9+x8+x5
x7+x6+x5+1
x7+x6+x3
x5+x3+1
x5+x4+x
x4+x3+x+1
x4+x3+1
x
k=13
(x13+1):(x4+x3+1)=x9+x8+x7+x6+x4+x2+x
x13+x12+x9
x12+x9+1
x12+x11+x8
x11+x9+x8+1
x11+x10+x7
x10+x9+x8+x7+1
x10+x9+x6
x8+x7+x6+1
x8+x7+x4
x6+x4+1
x6+x5+x2
x5+x4+x2+1
x5+x4+x
x2+x+1
k=14
(x14+1):(x4+x3+1)=x10+x9+x8+x7+x5+x3+x2
x14+x13+x10
x13+x10+1
x13+x12+x9
x12+x10+x9+1
x12+x11+x8
x11+x10+x9+x8+1
x11+x10+x7
x9+x8+x7+1
x9+x8+x5
x7+x5+1
x7+x6+x3
x6+x5+x3+1
x6+x5+x2
x3+x2+1
Since f(x) does not divide any of the polynomials xk+1, k=n,…,2n-1-1, it is primitive.
Another way to check whether f(x) is primitive is to use the Alanen-Knuth-Herlestam’s
theorem.
1. The weight of f(x)=x4+x3+1 is odd.
4
2. 𝑥 2 : (𝑥 4 + 𝑥 3 + 1) =
=x16:(x4+x3+1)=x12+x11+x10+x9+x7+x5+x4+x
x16+x15+x12
x15+x12
x15+x14+x11
x14+x12+x11
x14+x13+x10
x13+x12+x11+x10
x13+x12+x9
x11+x10+x9
x11+x10+x7
x9+x7
x9+x8+x5
x8+x7+x5
x8+x7+x4
x5+x4
x5+x4+x
x
3. 24-1=15=35
𝑥 (2
4 −1)/3
= 𝑥5
x5:(x4+x3+1)=x+1
x5+x4+x
x4+x
x4+x3+1
x3+x+1  1
𝑥 (2
4 −1)/5
= 𝑥3
x3:(x4+x3+1)=0
x3  1
Since all the three conditions of the theorem are satisfied, the polynomial f(x) is
primitive.
7. Check whether f(x)=x4+x3+x2+x+1 is primitive. The coefficients are from GF(2).
We first check whether f(x) is irreducible. Since n=4, k=1,2.
k=1
1
(𝑥 2 + 𝑥) mod (x4+x3+x2+x+1) = x2+x
(x2+x, x4+x3+x2+x+1)=1
(x4+x3+x2+x+1):(x2+x)=x2+1
x4+x3
x2+x+1
x2+x
1
(x2+x):1=x2+x
x2+x
0
k=2
2
(𝑥 2 + 𝑥) mod (x4+x3+x2+x+1) = (x4+x) mod (x4+x3+x2+x+1) = x3+x2+1
(x4+x): (x4+x3+x2+x+1)=1
x4+x3+x2+x+1
x3+x2+1
(x3+x2+1, x4+x3+x2+x+1)=1
(x4+x3+x2+x+1):(x3+x2+1)=x
x4+x3+x
x2+1
(x3+x2+1):(x2+1)=x+1
x3+x
x2+x+1
x2+1
x
(x2+1):x=x
x2
1
x:1=x
x
0
That means that x4+x3+x2+x+1 is irreducible.
Now we check whether f(x) is primitive. We have to show that f(x) does not divide the
polynomials xk+1, k=n,…,2n-1-1.
n=4 k= 4,…,14
k=4
(x4+1):(x4+x3+x2+x+1)=1
x4+x3+x2+x+1
x3+x2+x
k=5
(x5+1):(x4+x3+x2+x+1)=x+1
x5+x4+x3+x2+x
x4+x3+x2+x+1
x4+x3+x2+x+1
0
This means that the polynomial f(x)= x4+x3+x2+x+1 is not primitive.
Another way of proceeding is to apply the Alanen-Knuth-Herlestam’s theorem.
1. The weight of f(x) is odd.
4
2. 𝑥 2 : (𝑥 4 + 𝑥 3 + 𝑥 2 + 𝑥 + 1) =
x16:(x4+x3+x2+x+1)=x12+x11+x7+x6+x2+x
x16+x15+x14+x13+x12
x15+x14+x13+x12
x15+x14+x13+x12+x11
x11
x11+x10+x9+x8+x7
x10+x9+x8+x7
x10+x9+x8+x7+x6
x6
x6+x5+x4+x3+x2
x5+x4+x3+x2
x5+x4+x3+x2+x
x
3. 24-1=15=35
𝑥 (2
4 −1)/3
= 𝑥5
x5:(x4+x3+x2+x+1)=x+1
x5+x4+x3+x2+x
x4+x3+x2+x
x4+x3+x2+x+1
1
Since the condition of the theorem is not satisfied, the polynomial f(x)=x4+x3+x2+x+1 is
not primitive.
8. Find the reciprocal polynomial f*(x) of f(x)=x6+x5+1. The coefficients are from GF(2).
f(x)=x6+x5+1
1
1
𝑓 ∗ (𝑥) = 𝑥 6 ( 6 + 5 + 1) = 1 + 𝑥 + 𝑥 6
𝑥
𝑥
9. Find the reciprocal polynomial f*(x) of f(x)=x4+x3+1. The coefficients are from GF(2).
f(x)=x4+x3+1
1
1
𝑓 ∗ (𝑥) = 𝑥 4 ( 4 + 3 + 1) = 1 + 𝑥 + 𝑥 4
𝑥
𝑥
10. How many primitive polynomials of degree 4 are there?
n=4
𝜙(2𝑛 − 1) 𝜙(24 − 1)
=
𝑛
4
𝜙(15) = (31 − 30 )(51 − 50 ) = 2 ∙ 4 = 8
𝑁=
Then N=8/4=2. There are only 2 primitive polynomials of degree 4.
11. The output sequence of the LFSR with the characteristic polynomial f(x)=x5+x4+x3+x2+1
(coefficients from GF(2)) is 11110… Find the initial state of the LFSR by solving the system of
linear equations assigned to this LFSR. The output is taken from the 1st (MSB) position of the
LFSR.
f(x)=x5+x4+x3+x2+1
S=11110…
The output bits:
y0=1
y1=1
y2=1
y3=1
y4=0
The equations:
y0=y-2+y-3+y-4+y-5
y1=y-1+y-2+y-3+y-4
y2=y0+y-1+y-2+y-3
y3=y1+y0+y-1+y-2
y4=y2+y1+y0+y-1
The solution:
1= y-2+y-3+y-4+y-5
1= y-1+y-2+y-3+y-4
1= 1+y-1+y-2+y-3
1= 1+1+y-1+y-2
0=1+1+1+ y-1
 y-1=1, y-2=0, y-3=1, y-4=1, y-5=1.
12. Find the linear complexity and the characteristic polynomial of the minimum LFSR that
generates the sequence S=001101110 in GF(2). Draw the LFSR after processing each bit of S.
S=s0s1s2s3s4s5s6s7s8=001101110,
N=9
C(D)1, C*(D) 1, L0, j1, n0
s0=0
=s0+0=0
jj+1=2
nn+1=1
The register:

s1=0
=s1+0=0
jj+1=3
nn+1=2
The register:

s2=1
=s2+0=1
 T(D) C(D)=1
C(D) C(D)+D3C*(D)=1+D3
c3=1
Since 2Ln, we set Ln+1-L=3
j=1
C*(D) T(D)=1
nn+1=3
The register:
s3=1
=s3+c1s2+c2s1+c3s0=1+0+0+10=1
 T(D) C(D)=1+D3
C(D) C(D)+D1C*(D)=1+D+D3
c1=1, c3=1
Since it is not the case that 2Ln, we set jj+1=2
nn+1=4
The register:
s4=0
=s4+c1s3+c2s2+c3s1=0+11+0+10=1
 T(D) C(D)=1+D+D3
C(D) C(D)+D2C*(D)=1+D+D2+D3
c1=1, c2=1, c3=1
Since it is not the case that 2Ln, we set jj+1=3
nn+1=5
The register:
s5=1
=s5+c1s4+c2s3+c3s2=1+10+11+11=1
 T(D) C(D)=1+D+D2+D3
C(D) C(D)+D3C*(D)=1+D+D2
c1=1, c2=1, c3=0
Since it is not the case that 2Ln, we set jj+1=4
nn+1=6
The register:
s6=1
=s6+c1s5+c2s4+c3s3=1+11+10+0=0
jj+1=5
nn+1=7
The register:
s7=1
=s7+c1s6+c2s5+c3s4=1+11+11+0=1
 T(D) C(D)=1+D+D2
C(D) C(D)+D5C*(D)=1+D+D2+D5
c1=1, c2=1, c5=1
Since 2Ln, we set Ln+1-L=5
j=1
C*(D) T(D)=1+D+D2
nn+1=8
The register:
s8=0
=s8+c1s7+c2s6+c3s5+c4s4+c5s3=0+11+11+0+0+11=1
 T(D) C(D)=1+D+D2+D5
C(D) C(D)+D1C*(D)=1+D+D2+D5+D(1+D+D2)= 1+D+D2+D5+D+D2+D3=1+D3+D5
c1=0, c2=0, c3=1, c4=0, c5=1
Since it is not the case that 2Ln, we set jj+1=2
nn+1=9
Since n=N, the algorithm stops.
The register: