Add to collection(s) Add to saved
  1. No category

Solutions 7

advertisement 
c
Garrett 2006
Crypto Homework version 1
Unit 7
(7.1) Find a square root b of 57 modulo 107 so that b itself is a square modulo 107.
Since 107 is a prime (by trial division, since 107 is pretty small), and since 107 = 3 mod 4, the simple
little formula derived from Fermat’s little theorem can be applied: if 57 is a square modulo 107, then
the (principal) square root of 57 mod 107 (meaning the square root which is itself a square) is given
by the formula 57(107+1)/4 % 107. We compute this by the fast exponentiation algorithm, initializing
(X, E, Y ) = (57, (107 + 1)/4, 1): the sequence of values is (57, 27, 1), (57, 26, 57), (39, 13, 57), (39, 12, 83),
(23, 6, 83), (101, 3, 83), (101, 2, 37), (36, 1, 37), (36, 0, 48). The algorithm terminates when E = 0, so the
square root is 48. We must check that 482 % 107 = 57, and a bit of arithmetic verifies that this is so. Thus,
57 really is a square modulo 107, and 48 is its principal square root. The proof that this formula gives a
square root if there is one shows that (as a bonus) the expression given by the formula is itself a square, so
without further computation we know that the square root 48 is itself a square modulo 107.
(7.2) Try to find a square root of 52 modulo 59.
Here p = 59 is prime, and 59 = 3 mod 4 so that square-root-taking formula applies (but requiring a
check to be sure that the original 52 is actually a square, and that the output of the formula is a
p+1
square root): for any b, b1/2 = b 4 mod p if b is a square (otherwise the formula produces garbage).
We must check to be sure that the algorithm does not simply produce garbage. The exponentiation
should be done via the fast exponentiation algorithm. Here b = 52 and p = 59, and we want to
p+1
p+1
59+1
compute b 4 % p = b 4 % p = 52 4 % 59. Using the fast modular exponentiation algorithm, initialize
(X, E, Y ) = (52, (59+1)/4, 1), and run the algorithm: (52, 15, 1), (52, 14, 52), (49, 7, 52), (49, 6, 11), (41, 3, 11),
(41, 2, 38), (29, 1, 38), (29, 0, 40)Thus, if 52 is a square mod 59, then a square root of 52 mod 59 is 40. Checking
is relatively easy: square 40 and reduce modulo 59 to see that you get 7, which is not 52 mod 59. Thus, 40
is not a square root of 52, but is garbage instead, and we conclude that 52 does not have a square root.
(7.3) Try to find a cube root of 32 mod 137.
Here p = 137 is prime, and 137 = 2 mod 3 so everything modulo 137 is a cube, and the simple cube-roottaking formulas applies: for any y (here y = 32), y 1/3 = y r mod p, where r = 3−1 mod (p − 1). Here the
modulus is p = 137. This multiplicative inverse can be found fooling around (because 3 is so little) or by
the Euclidean algorithm. Then the exponentiation should be done via the fast exponentiation algorithm
(adjusting the r so that it’s positive, of course, since otherwise fast exp won’t work right.)
136 − 45 · 3 = 1
3−3·1
= 0
1
= (1)136 + (−45)3
So here r = 91 is the multiplicative inverse of 3 mod p−1 = 137−1. Then initialize (X, E, Y ) = (32, 91, 1), and
run the fast modular exponentiation algorithm: (32, 91, 1), (32, 90, 32), (65, 45, 32), (65, 44, 25), (115, 22, 25),
(73, 11, 25), (73, 10, 44), (123, 5, 44), (123, 4, 69), (59, 2, 69), (56, 1, 69), (56, 0, 28)Thus, the cube root of 32
mod 137 is 28. (Since p = 137 is 2 mod 3, the formula above definitely works, so there is no necessity of
checking by cubing 28 to see if you get 32 mod 137, but it is surely wise to check since we’re doing the
computations by hand. Cube 28 and reduce modulo 137 to see that you do indeed get 32).
(7.4) Find a cube root of 40 modulo 211.
Here p = 211 is prime, and 211 = 1 mod 3 but 3 does not divide (211−1)/3. Therefore, the more complicated
of the cube-root-taking formulas applies: for any y, if y is a cube modulo p, y 1/3 = y r mod p, where
r = 3−1 mod (p − 1)/3. Here p = 211 and y = 40. Since p = 211 is 1 mod 3, not everything is a cube, so
we must check to be sure that the algorithm does not simply produce garbage. The multiplicative inverse
1
c
Garrett 2006
of 3 mod 211 can be found by brute force (because 3 is so little) or by the Euclidean algorithm. Then the
exponentiation should be done via the fast exponentiation algorithm (adjusting the r so that it’s positive,
of course, since otherwise fast exp won’t work right.)
70 − 23 · 3 = 1
3−3·1
= 0
1
= (1)70 + (−23)3
So r = 47 is the multiplicative inverse of 3 mod (211 − 1)/3. Then initialize (X, E, Y ) = (40, 47, 1), and run
the algorithm: (40, 47, 1), (40, 46, 40), (123, 23, 40), (123, 22, 67), (148, 11, 67), (148, 10, 210), (171, 5, 210),
(171, 4, 40), (123, 2, 40), (148, 1, 40), (148, 0, 12). Thus, if 40 is a cube mod 211, then the cube root of 40 mod
211 is 12. We must check. Checking is relatively easy: just cube 12 and reduce modulo 211 and you really
get 40.
(7.5) Try to find a cube root of 12 modulo 61.
Here p = 61 is prime, and 61 = 1 mod 3 but 3 does not divide (61 − 1)/3. Therefore, the more complicated
of the cube-root-taking formulas applies: for any y, y 1/3 = y r mod 61, where r = 3−1 mod (61 − 1)/3.
And in this case we must check to be sure that the algorithm does not simply produce garbage. This
multiplicative inverse can be found fooling around (because 3 is so little) or by the Euclidean algorithm.
Then the exponentiation should be done via the fast exponentiation algorithm (adjusting the r so that it’s
positive, of course, since otherwise fast exp won’t work right.)
20 − 6 · 3 =
3−1·2 =
2−2·1 =
1
=
=
2
1
0
(1)3 + (−1)2 = (1)3 + (−1)(20 − 6 · 3)
(−1)20 + (7)3
So 7 is the multiplicative inverse of 3 mod (61-1)/3. Then initialize (X, E, Y ) = (12, 7, 1), and run the
algorithm: (12, 7, 1), (12, 6, 12), (22, 3, 12), (22, 2, 20), (57, 1, 20), (57, 0, 42). Thus, a cube root of 12 mod 61
is 42, if 42 is not garbage. Checking is relatively easy: cube 42 and reduce modulo 61 to see that you get
34, which is not 12. Thus, 42 is not a cube root of 12, but is garbage instead, and we conclude that 12 does
not have a cube root.
2
Related documents
The Existence of a Multiplicative Inverse Consider the field, Zp
The Existence of a Multiplicative Inverse Consider the field, Zp
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
CMPSYSENG 1&2 PC PRO LESSON PLAN 6TH PER WEEK OF
MOONEY N66ET SPECS
MOONEY N66ET SPECS
Numerical/Alphabetic Lookup Table Multiplicative Functions
Numerical/Alphabetic Lookup Table Multiplicative Functions
Variables Assessment
Variables Assessment
178603 - BrainMass
178603 - BrainMass
INSTRUCTIONAL POLICY - Tennessee School for the Blind
INSTRUCTIONAL POLICY - Tennessee School for the Blind
Chapter17Math412note..
Chapter17Math412note..
Exercise-skr5200
Exercise-skr5200
question_3-corrections1
question_3-corrections1
Download
advertisement