Garrett c 2006
Crypto Homework version 1
Unit 9
(9.1) Find a solution to the system
x = 4 mod 53
x = 2 mod 79
Use Sun-Ze’s theorem, of which the computationally effective version is achieved via the extended version
of the Euclidean algorithm. To solve a system x = a mod p and x = b mod q (with gcd(p, q) = 1), use the
extended Euclidean algorithm to find integers s, t so that sp + tq = 1. Then x = sp · b + tq · a is a solution
(and is the only solution modulo pq). In the case at hand, via the extended Euclidean algorithm we get
(3)53 + (−2)79 = 1. by the Euclidean algorithm. Thus, we have solution (from the formula above)
x = (3)53 · 2 + (−2)79 · 4 = 3873 mod 53 · 79
(9.2) Find four different square roots of 9 modulo 3379. Specifically, find two more in addition to the
‘obvious’ square roots ±3.
First, by trial division, for example, factor 3379 into primes: 3379 = 31 · 109. There are 2 ‘obvious’ square
roots ±3 of 32 modulo each of 31, 109, and we will use Sun-Ze’s theorem to create square roots modulo
the product 3379. The computationally effective version of Sun-Ze’s theorem is manifest via the extended
version of the Euclidean algorithm. That is, to solve a system of congruences x = a mod p and x = b mod q
(with gcd(p, q) = 1), use the extended Euclidean algorithm to find integers s, t so that sp + tq = 1. Then
x = sp · b + tq · a is a solution (and is the only solution modulo pq). In the case at hand, via the extended
Euclidean algorithm we get (−7)31 + (2)109 = 1. Thus, from the four different systems
x = ±3 mod 31
x = ±3 mod 109
(with independent choices of signs) the same sign choice in both cases will give the ‘obvious’ square roots
±3, while the opposite sign choices will give the ‘unobvious’ square roots. The latter will be a solution of
the system
x = 3 mod 31 x = −3 mod 109
and its negative, −x. From the formula just above, we find
x = (−7)31 · (−3) + (2)109 · 3 = 1305
Its negative (modulo 3379), the other non-obvious square root, is 2074.
(9.3) Consider the quadratic polynomial x2 − 5x + 6 as having coefficients in Z/299. In addition to the
‘obvious’ factorization x2 − 5x + 6 = (x − 2) · (x − 3) find another completely different factorization.
By trial division factor 299 = 13 · 23. Since 13 6= 23, equality mod 299 is equivalent to the corresponding
equalities mod both 13 and modulo 23. So in addition to the numbers 2 and 3 so that
x2 − 5x + 6 = (x − 2)(x − 3) mod 299
the numbers A, B so that A = 2 mod 13 and A = 3 mod 23, and B = 3 mod 13 and B = 2 mod 23 will also
have the property that A · B = 6 and A + B = 5. Thus
x2 − 5x + 6 = (x − A)(x − B) mod 13
x2 − 5x + 6 = (x − A)(x − B) mod 23
1
Garrett c 2006
Since 13 and 23 are relatively prime, (by unique factorization) this will give x2 − 5x + 6 = (x − A)(x −
B) mod 299 as desired. To compute A, B use Sun-Ze, computing via Euclid: to solve x = a mod p and
x = b mod q (with gcd(p, q) = 1), use Euclid to find s, t such that sp + tq = 1. Then x = sp · b + tq · a is a
solution (and unique mod pq). Here we get (−7)13 + (4)23 = 1. Thus, the system defining A
A = 2 mod 13
A = 3 mod 23
has solution (from the formula just above) A = (−7)13 · 3 + (4)23 · 2 = 210. The other system, defining B,
B = 3 mod 13
B = 2 mod 23
has solution (from the formula just above) B = (−7)13 · 2 + (4)23 · 3 = 94 (Actually, since A + B = 5,
B = 5 − A mod 299.) So in addition to x2 − 5x + 6 = (x − 2)(x − 3) also
x2 − 5x + 6 = (x − 210)(x − 94) mod 299
(9.4) Consider the quadratic equation x2 − 5x + 6 = 0 mod 299. In addition to the ‘obvious’ roots 2, 3 mod
299, find two other completely different roots mod 299.
First, by trial division, for example, factor 299 into primes: 299 = 13 · 23. Since 13 6= 23, an equality modulo
299 is equivalent to the corresponding equality modulo both 13 and modulo 23. That is, in addition to the
obvious pair of numbers 2 and 3 which are roots of
x2 − 5x + 6 = (x − 2)(x − 3) = 0 mod 299
we also find numbers A, B so that
A = 2 mod 13 A = 3 mod 23
B = 3 mod 13 B = 2 mod 23
which will certainly also be roots of
x2 − 5x + 6 = 0 mod 13
To compute the numbers A, B use Sun-Ze’s theorem, of which the computationally effective version is
achieved via the extended version of the Euclidean algorithm. That is, to solve a system of congruences
x = a mod p and x = b mod q (with gcd(p, q) = 1), use the extended Euclidean algorithm to find integers
s, t so that sp + tq = 1. Then x = sp · b + tq · a is a solution (and is the only solution modulo pq). In the case
at hand, via the extended Euclidean algorithm we get (−7)13 + (4)23 = 1. Thus, the system defining A
A = 2 mod 13
A = 3 mod 23
has solution (from the formula just above)
A = (−7)13 · 3 + (4)23 · 2 = 210
The other system, defining B,
B = 3 mod 13
B = 2 mod 23
has solution (from the formula just above)
A = (−7)13 · 2 + (4)23 · 3 = 94
That is, in addition to roots 2, 3 we also have the roots 210, 94 modulo 299.
(9.5) Noting that 27 is a cube root of 35 modulo the prime 307, find a cube root of 35 modulo 3072 .
2
Garrett c 2006
Use Hensel’s lemma (which is an analogue of Newton’s method in calculus). That is, let f (x) = x3 − 35.
Then for a solution b1 = 27 to f (x) = 0 mod p, a solution b2 modulo p2 is given by ‘sliding down the tangent’,
by the formula
b2 = b1 − f (b1 ) · f 0 (b1 )−1 mod p2
where f 0 (b1 )−1 is a multiplicative inverse of f 0 (b1 ) modulo p (found vie the extended Euclidean algorithm),
where f 0 (x) = 3x2 is the usual derivative of f (x). (We do not need an inverse modulo p2 , happily!) Thus,
the formula gives a cube root
b2 = 27 − (273 − 35) · (3 · 272 )−1 mod 3072
= 27 − (273 − 35) · 202 mod 3072
= 27 − 10438 mod 3072
= 83838 mod 3072
of 35 modulo 3072 .
3