A Course in Cryptography

Citation preview

Sally

The

SERIES

Pure and Applied UNDERGRADUATE TEXTS

A Course in Cryptography Heiko Knospe

40

A Course in Cryptography Heiko Knospe

Sally

The

Pure and Applied UNDERGRADUATE TEXTS • 40

SERIES

A Course in Cryptography Heiko Knospe

EDITORIAL COMMITTEE Gerald B. Folland (Chair) Jamie Pommersheim

Steven J. Miller Serge Tabachnikov

2010 Mathematics Subject Classification. Primary 94A60; Secondary 68P25, 81P94, 11T71.

For additional information and updates on this book, visit www.ams.org/bookpages/amstext-40

Library of Congress Cataloging-in-Publication Data Names: Knospe, Heiko, 1966– author. Title: A course in cryptography / Heiko Knospe. Description: Providence, Rhode Island: American Mathematical Society, [2019] | Series: Pure and applied undergraduate texts; volume 40 | Includes bibliographical references and index. Identifiers: LCCN 2019011732 | ISBN 9781470450557 (alk. paper) Subjects: LCSH: Cryptography–Textbooks. | Coding theory–Textbooks. | Ciphers–Textbooks. | AMS: Information and communication, circuits – Communication, information – Cryptography. msc | Computer science – Theory of data – Data encryption. msc | Quantum theory – Axiomatics, foundations, philosophy – Quantum cryptography. msc | Number theory – Finite fields and commutative rings (number-theoretic aspects) – Algebraic coding theory; cryptography. msc Classification: LCC QA268 .K5827 2019 | DDC 005.8/24–dc23 LC record available at https://lccn.loc.gov/2019011732

Copying and reprinting. Individual readers of this publication, and nonprofit libraries acting for them, are permitted to make fair use of the material, such as to copy select pages for use in teaching or research. Permission is granted to quote brief passages from this publication in reviews, provided the customary acknowledgment of the source is given. Republication, systematic copying, or multiple reproduction of any material in this publication is permitted only under license from the American Mathematical Society. Requests for permission to reuse portions of AMS publication content are handled by the Copyright Clearance Center. For more information, please visit www.ams.org/publications/pubpermissions. Send requests for translation rights and licensed reprints to [email protected]. c 2019 by the author. All rights reserved.  Printed in the United States of America. ∞ The paper used in this book is acid-free and falls within the guidelines 

established to ensure permanence and durability. Visit the AMS home page at https://www.ams.org/ 10 9 8 7 6 5 4 3 2 1

24 23 22 21 20 19

wp nz qaseout, eooe eoiua aod nasmheio{

Contents

sseface

yiii

jeuuiog vuasued xiuh vagepauh . . lotuammauipo . . vagepauh gpnnaod oioe . . fspxtes qpuebpplt . . gpnqvuauipot xiuh vagepauh ghaques . Fvodaneouamt . . veut, uemauipot aod Fvocuipot . . gpnbioaupsict . . gpnqvuauipoam gpnqmeyiuz . . hitcseue sspbabimiuz . . uaodpn qvnbest . . vvnnasz iyescitet ghaques . iocszquipo vchenet aod heioiuipot pf vecvsiuz . . iocszquipo vchenet . . sesfecu vecsecz . . gpnqvuauipoam vecvsiuz . . lodituiogvithabme iocszquipot . . iawetdspqqiog euuaclt wii

wiii

gpoueout

. . ghpteo smaioueyu euuaclt . . ghpteo giqhesueyu euuaclt . . stevdpsaodpn jeoesaupst . . stevdpsaodpn Fvocuipot . . fmpcl giqhest aod rqesauipo ppdet . . vvnnasz iyescitet ghaques . imeneouasz qvnbes whepsz . . louegest . . gpogsveocet . . ppdvmas iyqpoeouiauipo . . vvnnasz iyescitet ghaques . emgebsaic vusvcuvset . . jspvqt . . uiogt aod Fiemdt . . Fioiue Fiemdt . . oioeas aod eioe paqt . . vvnnasz iyescitet ghaques . fmpcl giqhest . . gpotusvcuipot pf fmpcl giqhest . . edwaoced iocszquipo vuaodasd . . vvnnasz iyescitet ghaques . vusean giqhest . . heioiuipo pf vusean giqhest . . oioeas Feedbacl vhifu uegituest . . ug . . vamta

aod ghagha

. . vvnnasz iyescitet

gpoueout

iy

ghaques . kath Fvocuipot . . heioiuipot aod vecvsiuz uerviseneout . . eqqmicauipot pf kath Fvocuipot . . peslme-hangåsd gpotusvcuipo . . vke. . vke. . vke. . vvnnasz iyescitet ghaques . pettage evuheouicauipo gpdet . . heioiuipot aod vecvsiuz uerviseneout . . gfg peg . . kpeg . . evuheouicaued iocszquipo . . vvnnasz iyescitet ghaques . svbmic-nez iocszquipo aod uhe uve gszquptztuen . . svbmic-nez gszquptztuent . . smaio uve . . uve vecvsiuz . . jeoesauipo pf ssinet . . iicieocz pf uve . . sadded uve . . Facupsiog . . vvnnasz iyescitet ghaques

. nez ituabmithneou

. . nez hitusibvuipo . . nez iychaoge sspupcpmt . . hiie-kemmnao vtiog vvbgspvqt pf ℤ∗ . . hiie-kemmnao nez iychaoge . . hitcseue opgasiuhn . . nez iocaqtvmauipo . . kzbsid iocszquipo

y

gpoueout

. . vvnnasz iyescitet ghaques

. higiuam vigoauvset

. . heioiuipot aod vecvsiuz uerviseneout . . smaio uve vigoauvse . . sspbabimituic vigoauvse vchene . . vvnnasz iyescitet ghaques

. immiquic gvswe gszqupgsaqhz

. . zeiestusatt irvauipot aod immiquic gvswet . . immiquic gvswe hiie-kemmnao . . iicieocz aod vecvsiuz pf immiquic gvswe gszqupgsaqhz . . immiquic gvswe Facupsiog peuhpd . . vvnnasz iyescitet ghaques

. tvaouvn gpnqvuiog

. . tvaouvn fiut . . pvmuiqme tvbiu vztuent . . tvaouvn emgpsiuhnt . . tvaouvn Fpvsies wsaotfpsn . . vhps’t Facupsiog emgpsiuhn . . tvaouvn nez hitusibvuipo . . vvnnasz iyescitet ghaques

. oauuice-bated gszqupgsaqhz

. . oauuicet . . oauuice emgpsiuhnt . . jjk gszquptztuen . . qwux . . oeasoiog xiuh isspst . . vvnnasz iyescitet

gpoueout

ghaques

yi

. gpde-bated gszqupgsaqhz

. . oioeas gpdet . . fpvodt po gpdet . . jpqqa gpdet . . pcimiece gszquptztuen . . vvnnasz iyescitet fibmipgsaqhz lodey

Preface

zhz it cszqupgsaqhz iouesetuiog? Fistumz, cszqupgsaqhz it a cmatticam tvbkecu xiuh a fatcioauiog hitupsz. iocszquipo uechoirvet hawe beeo vted tioce aocieou uinet, bvu uhe qspuecuipo agaiotu eyqptvse xat tpneuinet dvbipvt aod naoz ciqhest xese bspleo. whe detigo pf oex ciqhest aod uhe caqabimiuz up aoamz{e aod bseal uhen cp-ewpmwed pwes uine. vioce uheo, uhe uechoirvet hawe beeo adaqued up qspgsett io cszquaoamztit aod up uhe cpnqvuiog qpxes awaimabme. ppdeso cszqupgsaqhz gpet bezpod cpoideouiamiuz, amtp addsettiog atqecut tvch at daua iouegsiuz, avuheouicauipo, opo-seqvdiauipo aod puhes tecvsiuz pbkecuiwet. whe tvbkecu opx iocmvdet amm nauhenauicam uechoirvet semauiog up iofpsnauipo tecvsiuz. vecpodmz, cszqupgsaqhz it cmptemz cpooecued up tewesam iemdt pf nauhenauict aod cpnqvues tcieoce, qspwidiog iouesetuiog aqqmicauipot fps naoz uhepseuicam setvmut aod tuinvmauiog nauhenauicam seteasch. gszqupgsaqhz, xhich xe vte at ao vnbsemma uesn fps uhe iemd iocmvdiog cszquaoamztit, it mioled up atqecut pf ditcseue nauhenauict, ovnbes uhepsz, amgebsa, qspbabimiuz uhepsz, tuauituict, iofpsnauipo aod cpdiog uhepsz. whisdmz, cszqupgsaqhz hat becpne a lez uechopmpgz uhau it vted vbirviupvtmz io cpnqvues tztuent fspn tnamm dewicet up masge teswest aod oeuxpslt. whe nvmuiuvde pf tecvsiuz uhseaut it dsiwiog uhe useod up qspuecu daua xheoewes qpttibme, be iu fps tupsage ps dvsiog usaotnittipo pwes oeuxpslt. whe seades thpvmd be xasoed, hpxewes, uhau seam-xpsmd tecvsiuz it a cpnqmey qspcett io xhich cszqupgsaqhz cpousibvuet “pomz” uhe qsiniuiwet, amgpsiuhnt aod tchenet. lo qsacuice, auuaclt pfueo eyqmpiu qspupcpm ps inqmeneouauipo laxt, xeal qattxpsdt ps oegmigeou vtest. Fvsuhesnpse, uhe tecvsiuz gvasaoueet pfesed bz cszqupgsaqhz caoopu be vocpodiuipoam. whe tecvsiuz qspwided deqeodt po uhe qpxes pf adwestasiet, uheis cpnqvuiog setpvscet aod uhe uine awaimabme fps ao auuacl, at xemm at po vodesmziog cpnqvuauipoam qspbment xhich ase bemiewed up be hasd. yiii

yiw

sseface

whe ain pf uhit bppl it up eyqmaio uhe cvsseou cszqupgsaqhic qsiniuiwet aod tchenet aod up pvumioe uhe etteouiam nauhenauict servised up vodestuaod uhe bvimdiog bmpclt aod attett uheis tecvsiuz. ze cpwes uhe xidetqsead tchenet, bvu xe amtp xaou up addsett tpne pf uhe seceou dewempqneout io qptu-rvaouvn cszqupgsaqhz. whe nauhenauicam aod, io qasuicvmas, amgebsaic aod ovnbes-uhepseuicam fpvodauipot pf cszqupgsaqhz ase eyqmaioed io deuaim. whe nauhenauicam uhepsz it qseteoued xiuh a fpcvt po cszqupgsaqhic aqqmicauipot aod xe dp opu tusiwe fps nayinam geoesamiuz. ze mppl au a temecuipo pf cszqupgsaqhic amgpsiuhnt accpsdiog up uheis cvsseou aod tvqqpted fvuvse semewaoce, xhime meawiog pvu tewesam hitupsic tchenet. vioce cszqupgsaqhz it a wesz acuiwe iemd, tpne vocesuaiouz segasdiog fvuvse dewempqneout ximm pf cpvste senaio. zhz xsiue zeu aopuhes ueyubppl po cszqupgsaqhz? ze hpqe up cpowioce qpueouiam seadest bz mituiog tpne pf uhe voirve feauvset pf uhit bppl: • whe fvodaneouamt pf cszqupgsaqhz ase qseteoued xiuh sigpspvt deioiuipot xhime beiog accettibme up vodesgsadvaue tuvdeout io tcieoce, eogioeesiog aod nauhenauict; • Fpsnam deioiuipot pf tecvsiuz at vted io uhe npdeso miuesauvse po cszqupgsaqhz; • Fpcvt po xidemz vted neuhpdt aod po qsptqecuiwe cszqupgsaqhic tchenet; • louspdvcuipo up rvaouvn cpnqvuiog aod qptu-rvaouvn cszqupgsaqhz; • qvnesicam eyanqmet aod vagepauh (szuhpo) cpde.

gszqupgsaqhz cao eatimz be vodesetuinaued bz nauhenauiciaot. vewesam ueyubpplt cpouaio eycemmeou detcsiquipot pf uhe nauhenauicam uhepsz, bvu famm thpsu pf eyqmaioiog hpx up vte uhete amgpsiuhnt io qsacuice. lo facu, uhe naio qvsqpte pf cszqupgsaqhz it up achiewe tecvsiuz pbkecuiwet tvch at cpoideouiamiuz aod iouegsiuz io uhe qseteoce pf qpxesfvm adwestasiet. zemm-lopxo tchppmbppl amgpsiuhnt mile uve cao be iotecvse xiuhpvu adaquauipot, fps eyanqme, bz iocpsqpsauiog saodpn daua. whit bppl fpmmpxt uhe qspwabme tecvsiuz aqqspach xhich it adpqued io uhe npdeso miuesauvse. zemm-deioed eyqesineout (ganet) ase vted io xhich uhe tvccett qspbabimiuz pf qpueouiam auuaclest deuesnioet uhe tecvsiuz. vecvse tchenet hawe uhe qspqesuz uhau ao adwestasz xiuh setusicued setpvscet cao dp miuume beuues uhao saodpnmz gvett uhe tecseu iofpsnauipo. xtiog uhit aqqspach, uhe tecvsiuz it sedvced up tuaodasd attvnquipot uhau ase geoesammz bemiewed up be usve. lo uhit bppl, xe giwe eyacu tecvsiuz deioiuipot aod tpne qsppft, bvu sefes up uhe miuesauvse fps npse adwaoced qsppft aod uechoirvet, fps eyanqme, vtiog uhe terveoce pf ganet aqqspach. ze iod uhau eyanqmet ase wesz hemqfvm aod iocmvde cpnqvuauipot vtiog uhe pqeo tpvsce nauhenauict tpfuxase vagepauh (ala vage) [vag ]. vagepauh cpouaiot naoz amgebsaic aod ovnbes uhepseuic fvocuipot xhich cao be eatimz vted aod eyueoded. emuhpvgh uhe tpfuxase nighu be beuues lopxo anpog nauhenauiciaot uhao tcieouitut aod eogioeest, iu it eatimz accettibme aod wesz tviuabme fps cszqupgsaqhic cpnqvuauipot. vagepauh it bated po szuhpo aod cpouaiot puhes pqeo tpvsce tpfuxase at, fps eyanqme, viogvmas, payina, seul, jes, qvnsz, vcisz, vznsz aod u. lo seceou zeast, szuhpo

sseface

yw

hat gaioed inneote qpqvmasiuz anpog tcieouitut. roe pf iut adwaouaget it uhau setvmut cao be pbuaioed rviclmz xiuhpvu nvch qspgsanniog pweshead. lo uhit bppl, xe pqu fps vagepauh iotuead pf qmaio szuhpo tioce vagepauh hat nvch beuues tvqqpsu fps amgebsaic cpnqvuauipot, xhich ase pfueo oeeded io npdeso cszqupgsaqhz. vagepauh amtp hat a cpoweoieou vtes iouesface aod tvqqpsut uhe qpqvmas mvqzues bspxtes opuebpplt. qvnesicam eyanqmet cao be vted up hemq vodestuaod cszqupgsaqhic cpotusvcuipot aod uheis vodesmziog uhepsz. wpz eyanqmet, io xhich uhe ovnbest aod biu-meoguht ase upp tnamm fps aoz seam-xpsmd tecvsiuz, cao tuimm be vtefvm io uhit setqecu. whe seades it eocpvsaged up qesfpsn cpnqvuauipot aod up xsiue uheis pxo vagepauh fvocuipot. ze amtp qspwide eyescitet xiuh bpuh uhepseuicam aod ovnesicam qspbment. whe bppl thpvmd be accettibme up nauhenauict, tcieoce ps eogioeesiog tuvdeout afues cpnqmeuiog a istu zeas’t vodesgsadvaue cpvste io nauhenauict (camcvmvt aod mioeas amgebsa). whe nauesiam psigioauet fspn tewesam cpvstet po cszqupgsaqhz fps cpnqvues tcieouitut aod cpnnvoicauipo eogioeest xhich uhe avuhps hat uavghu. vioce uhe qsewipvt lopxmedge cao be rviue heuespgeoepvt, xe decided up iocmvde tewesam emeneouasz upqict. lo uhe avuhps’t ueachiog eyqesieoce, abtusacu amgebsa at xemm at mioeas amgebsa pwes geoesam iemdt deteswet tqeciam auueouipo. oioeas naqt pwes ioiue iemdt qmaz ao inqpsuaou spme io naoz cszqupgsaqhic cpotusvcuipot. whit bppl thpvmd be masgemz temfcpouaioed aod serviset op qsewipvt lopxmedge pf ditcseue nauhenauict, amgebsa, ovnbes uhepsz ps cszqupgsaqhz. ze dp opu tusiwe fps gseauetu geoesamiuz aod fserveoumz sefes up npse tqeciami{ed ueyubpplt ps asuicmet. gszqupgsaqhz cao be uavghu au difeseou mewemt aod up difeseou avdieocet. whit bppl cao be vted io bachemps’t aod natues’t cpvstet, at xemm at bz qsacuiuipoest, aod it tviuabme fps a geoesam avdieoce xaouiog up vodestuaod uhe fvodaneouamt pf npdeso cszqupgsaqhz. paoz nauhenauict aod cpnqvues tcieoce tuvdeout naz amseadz hawe uhe oecettasz baclgspvod io ditcseue nauhenauict, emeneouasz ovnbes uhepsz aod qspbabimiuz aod cao uhesefpse tliq ghaquest aod . ghaques qspwidet uhe oecettasz amgebsaic cpotusvcuipot aod it secpnneoded up amm seadest xiuhpvu tpmid lopxmedge pf abtusacu amgebsa. Fspn nz ueachiog eyqesieoce, amgebsa cao be a nakps tuvnbmiog bmpcl aod thpvmd opu be vodesetuinaued. ghaquest , aod uhvt qspwide uhe nauhenauicam baclgspvod pf cszqupgsaqhz. ze decided up begio xiuh uhe cpse cszqupgsaqhic cpoueou at easmz at qpttibme, tp ghaques deamt xiuh eocszquipo tchenet aod uhe npdeso deioiuipot pf tecvsiuz. whit chaques serviset pomz batic ditcseue nauhenauict, cpnqmeyiuz aod qspbabimiuz uhepsz aod it secpnneoded fps nptu seadest, eweo if uhez hawe tpne qsips lopxmedge pf cszqupgsaqhz. xodestuaodiog uhe qspwabme tecvsiuz aqqspach it csvciam fps uhe tvbterveou chaquest pf uhit bppl. ghaques deamt xiuh bmpcl ciqhest aod eiv io qasuicvmas, xhich it a csvciam qasu pf ewesz npdeso cpvste po cszqupgsaqhz. ghaques eyqmpset tusean ciqhest, xhich fpsn a oauvsam cpnqmeneou, bvu iu it amtp qpttibme up pniu uhit chaques if zpv ase thpsu po uine. ze hawe amseadz neouipoed uhau npdeso cszqupgsaqhz gpet bezpod eocszquipo. louegsiuz qspuecuipo it aopuhes nakps pbkecuiwe, aod hath fvocuipot

ywi

sseface

aod nettage avuheouicauipo cpdet qmaz a csvciam spme io uhit. whete upqict ase addsetted io ghaquest aod . ghaquest , aod , xhich ase po qvbmic-lez eocszquipo, lez etuabmithneou aod tigoauvset, iouspdvce uhe fvodaneouamt pf qvbmic-lez cszqupgsaqhz. ze eyqmaio uve aod hiie-kemmnao io qasuicvmas aod ditcvtt uheis tecvsiuz, xhich it bated po hasd ovnbes-uhepseuic qspbment. ze uhesefpse uhiol uhau ghaquest , , , , , aod , ampog xiuh uhe oecettasz nauhenauicam qseqasauipot (ghaquest , aod ), thpvmd be cpwesed io ewesz istu cpvste po cszqupgsaqhz. e poe-tenetues bachemps’t npdvme nighu eod afues ghaques , bvu xheoewes qpttibme, xe secpnneod iocmvdiog ghaques po emmiquic cvswe cszqupgsaqhz. whit hat beeo uhe upqic pf ioueotiwe seteasch io uhe matu fex decadet bvu hat opx becpne qasu pf xemm-etuabmithed cszqupgsaqhz aod it inqmeneoued bz ewesz louesoeu bspxtes, fps eyanqme. ze bemiewe uhe batict pf emmiquic cvswet ase accettibme up seadest afues uhe qseqasaupsz xpsl io ghaquest aod . whese ase, hpxewes, npse adwaoced upqict io emmiquic cvswet uhau ase opu useaued hese. ghaquest , aod qspwide ao iouspdvcuipo up uhe oex iemd pf qptu-rvaouvn cszqupgsaqhz. lo ghaques , xe eyqmpse uhe batict pf rvaouvn cpnqvuiog aod eyqmaio xhz rvaouvn cpnqvuest cao bseal cmattic qvbmic-lez tchenet mile uve. ghaquest aod deam xiuh uxp nakps uzqet pf qptu-rvaouvn tztuent uhau ase bated po mauuicet aod essps-cpssecuiog cpdet, setqecuiwemz. ze fpcvt po uhe fpvodauipot aod tewesam temecued eocszquipo tchenet. qpue uhau uhese ase puhes qptu-rvaouvn tztuent, fps eyanqme, cszquptztuent fspn itpgeoiet pf emmiquic cvswet ps nvmuiwasiaue-rvadsauic-ervauipot tigoauvset, xhich ase opu cpwesed io uhit bppl. ghaquest – ase npse chammeogiog xiuh setqecu up uhe mewem pf camcvmvt aod abtusacu amgebsa. kpxewes, xe tqeod tpne uine po eyanqmet (naoz pf uhen vtiog vagepauh) aod xe hpqe uhau uhe cpoueou pf uhete uhsee chaquest it accettibme fps natues’t ps adwaoced bachemps’t tuvdeout. ze eyqecu uhau rvaouvn cpnqvuiog aod qptu-rvaouvn tchenet ximm becpne iocseatiogmz inqpsuaou io uhe fvuvse. l xpvmd be haqqz up seceiwe feedbacl aod tvggetuipot fps inqspweneou. smeate enaim zpvs cpnneout up [email protected]. xqdauet aod addiuipoam nauesiam, fps eyanqme, tpmvuipot up temecued eyescitet aod vagepauh cpde, ase awaimabme po uhe fpmmpxiog xebtiue: https://github.com/cryptobook. Fioammz, l xpvmd mile up uhaol nz cpmmeagvet aod nz tuvdeout fps uheis wamvabme feedbacl po nz cszqupgsaqhz cpvste aod po easmies westipot pf uhe naovtcsiqu.

sseface

ywii

ghaques ghaques

ghaques

ghaques ghaques ghaques

ghaques ghaques ghaques ghaques ghaques ghaques

ghaques

ghaques

ghaques

heqeodeoce semauipothiq beuxeeo uhe chaquest.

Getting Started with SageMath

vagepauh (ala vage) it ao pqeo tpvsce nauhenauict tpfuxase xhich it ideammz tviued fps cszqupgsaqhz. vagepauh tvqqpsut a mpu pf amgebsaic cpotusvcuipot vted io cszqupgsaqhz, aod setvmut cao be achiewed xiuh semauiwemz fex mioet pf cpde. paoz eyqesut io uhe iemd vte vagepauh fps uheis seteasch aod fps qspupuzqiog befpse ioammz txiuchiog up fatues qspgsanniog maogvaget mile g aod g++. whit bppl cpouaiot a masge ovnbes pf eyanqmet aod eyescitet xhich vte vagepauh, aod seadest ase eocpvsaged up dp uheis pxo eyqesineout. whe ain pf uhit chaques it up giwe a bsief iouspdvcuipo up vagepauh. Fvsuhes iofpsnauipo aod miolt up pomioe dpcvneouauipo cao be fpvod po http://www.sagemath.org/help.html. ze amtp secpnneod uhe bppl [fas ].

0.1. Installation whe iotuammauipo pf vagepauh it eatz vtiog qse-bvimu bioasiet xhich ase awaimabme fspn http://www.sagemath.org/download.html fps tewesam uzqet pf gsx aod pqesauiog tztuent iocmvdiog oiovy (xbvouv, hebiao), nacrv aod picsptpfu ziodpxt. e hpcles cpouaioes it amtp awaimabme. vioce vage . , ziodpxt vtest cao vte a bioasz iotuammes (iotuead pf a wisuvam nachioe) aod svo eiuhes uhe vagepauh themm ps uhe bspxtes-bated iouesface bz cmicliog po uhe setqecuiwe icpo. nacrv vtest cao iotuamm uhe app.dmg qaclage, npwe uhe tpfuxase up uhe Applications fpmdes aod tuasu vagepauh eiuhes fspn uhe cpnnaod mioe ps bz cmicliog po uhe aqq icpo. ro oiovy, uhe dpxompaded qaclage hat up be vocpnqsetted (vtiog bunzip2 aod tar). whe SageMath disecupsz cpouaiot ao eyecvuabme ime uhau cao be tuasued fspn uhe cpnnaod mioe. whe disecupsz cao be npwed if

jeuuiog vuasued xiuh vagepauh

detised. lu it adwitabme up add uhe disecupsz up uhe mpcam PATH wasiabme ps puhesxite tqecifz uhe fvmm qauh xheo sage it eyecvued. whe sage eyecvuabme tuasut a themm aod sage -notebook=jupyter svot uhe mvqzues opuebppl teswes aod pqeot a bspxtes xiodpx. whe qaclaget aod uhe iotuammed tpfuxase servise tewesam gigabzuet pf fsee ditl tqace. whe vagepauh ditusibvuipo iocmvdet a mpog mitu pf pqeo tpvsce tpfuxase aod iu it opu vtvammz oecettasz up iotuamm addiuipoam qaclaget.

0.2. SageMath Command Line vagepauh hat tewesam vtes iouesfacet: uhe vagepauh cpnnaod mioe themm aod bspxtesbated opuebppl iouesfacet. whe sage cpnnaod (po nacrv aod oiovy) aod uhe vagepauh themm icpo (fps ziodpxt) tuasut uhe cpnnaod mioe iouesface xiuh accett up amm pf iut caqabimiuiet, iocmvdiog gsaqhict. sage$ /Applications/SageMath-8.5.app/sage SageMath version 8.5, Release Date: 2018-12-22 Using Python 2.7.15. Type "help()" for help. sage: vagepauh cao be vted at a camcvmaups xhich tvqqpsut naoz amgebsaic aod tznbpmic cpnqvuauipot. fz defavmu, vagepauh xpslt pwes uhe iouegest ℤ, bvu uhe naoz puhes bate siogt (fps eyanqme qpmzopniam siogt) aod iemdt (io qasuicvmas ℚ, ℝ, ℂ aod ioiue iemdt) ase amtp tvqqpsued. vagepauh cao facupsi{e semauiwemz masge ovnbest: sage: factor (2^128 -1) 3 * 5 * 17 * 257 * 641 * 65537 * 274177 * 6700417 * 67280421310721

lo uhe fpmmpxiog eyanqme, xe deioe a × nausiy pwes uhe iouegest aod cpnqvue uhe deuesnioaou aod uhe ioweste nausiy. sage: sage: -1 sage: [ -1 [-11 [ 8

A= matrix ([[1 ,2 ,3] ,[ -1 ,3 ,4] ,[2 ,2 ,3]]) det(A) 1/A 0 1] 3 7] -2 -5]

0.3. Browser Notebooks fspxtes-bated opuebpplt ase a cpoweoieou vtes iouesface aod ase secpnneoded fps xpsliog po uhe eyanqmet aod eyescitet io uhit bppl. whe cpnnaod sage -notebook=jupyter (ps cmicliog uhe vagepauh icpo) tuasut a mpcam opuebppl teswes aod pqeot a bspxtes

. . gpnqvuauipot xiuh vagepauh

xiodpx. lo uhe fpmmpxiog, xe vte mvqzues opuebpplt xhich ase wesz qpqvmas io uhe szuhpo cpnnvoiuz. emuesoauiwemz, a megacz vagepauh opuebppl teswes cao be tuasued xiuh sage -notebook=sagenb.

Figvse . . gseauiog a oex bspxtes opuebppl.

e oex opuebppl it cseaued bz cmicliog po uhe ‘qex’ bvuupo io uhe vqqes sighu cpsoes aod chpptiog vagepauh (tee Figvse . ). whe cpnnaodt aod uhe cpde ase xsiuueo io ioqvu cemmt aod a cemm it ewamvaued bz qsettiog ‘vhifu + ioues’ ps bz cmicliog po uhe qmaz tznbpm io uhe uppmbas. whe ‘ioues’ lez dpet opu iouesqseu uhe cpde, bvu sauhes cseauet a oex mioe. lu it a gppd qsacuice opu up xsiue upp nvch ioup a tiogme cemm, amuhpvgh a cemm cao cpouaio tewesam mioet at xemm at nvmuiqme cpnnaodt io poe mioe (teqasaued bz a tenicpmpo). hp opu fpsgeu up seoane ao vouiumed opuebppl aod up tawe (aod checlqpiou) zpvs xpsl wia uhe ‘Fime’ neov. whe cpde thpxo io Figvse . inqmeneout a mppq. Fps each ≤ < uhe facupsiam ! it qsioued pvu vtiog uhe szuhpo fpsnau tqeciicauipo. Ypv naz be vofanimias xiuh uhe xaz szuhpo tusvcuvset uhe cpde, tioce iu difest fspn maogvaget mile g aod mawa. whe cpmpo io uhe istu mioe aod uhe iodeouauipo pf uhe tecpod mioe ase wesz inqpsuaou.

0.4. Computations with SageMath vagepauh cao qesfpsn amm liodt pf cpnqvuauipot, bvu iut tznbpmic aod amgebsaic caqabimiuiet ase qasuicvmasmz vtefvm fps cszqupgsaqhz. vagepauh cao xpsl xiuh wasiabmet: it qsedeioed aod puhes wasiabmet cao be decmased bz var('...'). vpne cpotusvcuipot, fps eyanqme PolynomialRing, oane uhe wasiabme vted. whe fpmmpxiog eyanqme thpxt a cpnqvuauipo io uhe qpmzopniam siog = ℤ[ ]. sage: S. = PolynomialRing (ZZ) sage: (1+x)^10 x^10 + 10*x^9 + 45*x^8 + 120*x^7 + 210*x^6 + 252*x^5 + 210*x^4 + 120*x^3 + 45*x^2 + 10*x + 1

jeuuiog vuasued xiuh vagepauh

Figvse . . vagepauh cpde up qsiou pvu uhe facupsiamt.

qpx xe qesfpsn uhe tane cpnqvuauipo io uhe qpmzopniam siog = ( )[ ] pwes uhe bioasz iemd ( ). whe seades it adwited up sefes up ghaquest aod fps uhe nauhenauicam baclgspvod pf uhe fpmmpxiog eyanqmet. sage: R. = PolynomialRing (GF (2)) sage: (1+t)^10 t^10 + t^8 + t^2 + 1

ze cao amtp cpotusvcu uhe setidve cmatt siog = /( +

+

+ + )=

( )[ ]/( +

+

+ + )

xhich deioet uhe iemd ( ) xiuh = emeneout. whe wasiabme seqseteout uhe setidve cmatt pf npdvmp + + + + . emm opo{esp emeneout io ( ) ase iowesuibme aod xe cpnqvue uhe nvmuiqmicauiwe ioweste pf + . sage: F.=R. quotient_ring (t^8+t^4+t^3+t+1) sage: 1/(a+1) a^7 + a^6 + a^5 + a^4 + a^2 + a

. . gpnqvuauipot xiuh vagepauh

ze wesifz uhe setvmu bz nvmuiqmziog uhe setidve cmattet. qpue uhe difeseoce up uhe nvmuiqmicauipo io = ( )[ ]. sage: (a +1)*( a^7 + a^6 + a^5 + a^4 + a^2 + a) 1 sage: (t +1)*( t^7 + t^6 + t^5 + t^4 + t^2 + t) t^8 + t^4 + t^3 + t

ze deioe a × nausiy pwes

(

) aod meu vagepauh cpnqvue uhe ioweste:

sage: M= matrix (F ,[[a,a+1 ,1 ,1] ,[1 ,a,a+1 ,1] ,[1 ,1 ,a,a+1] , [a+1,1,1,a]]) sage: 1/M [a^3 + a^2 + a a^3 + a + 1 a^3 + a^2 + 1 a^3 [ a^3 + 1 a^3 + a^2 + a a^3 + a + 1 a^3 + a^2 [a^3 + a^2 + 1 a^3 + 1 a^3 + a^2 + a a^3 + a [ a^3 + a + 1 a^3 + a^2 + 1 a^3 + 1 a^3 + a^2

lo ghaques , xe ximm tee uhau uhe iemd bmpcl ciqhes.

(

) aod uhe nausiy

+ + + +

1] 1] 1] a]

ase vted io uhe eiv

Chapter 1

Fundamentals

ppdeso cszqupgsaqhz semiet po nauhenauicam tusvcuvset aod neuhpdt, aod uhit chaques cpouaiot uhe nauhenauicam baclgspvod fspn ditcseue nauhenauict, cpnqvuauipoam cpnqmeyiuz aod qspbabimiuz uhepsz. ze secaqiuvmaue emeneouasz tusvcuvset mile teut, semauipot, erviwameoce cmattet aod fvocuipot io vecuipo . . Fvodaneouam cpnbioaupsiam facut ase pvumioed io vecuipo . aod uhe atznqupuic opuauipo it eyqmaioed. vecuipo . ditcvttet cpnqmeyiuz aod uhe fig-r opuauipo. vecuipo . uheo deamt xiuh batic qspbabimiuz uhepsz. uaodpn ovnbest aod uhe bisuhdaz qspbmen ase addsetted io vecuipo . . Fps a geoesam iouspdvcuipo up vodesgsadvaue nauhenauict uhe seades naz, fps eyanqme, sefes up uhe ueyubppl [WmW+ ]. hitcseue nauhenauict aod iut aqqmicauipot ase ditcvtted io [upt ].

1.1. Sets, Relations and Functions whe nptu emeneouasz nauhenauicam tusvcuvse it teut. heioiuipo . (gaoups’t deioiuipo pf teut). e teu it a xemm-deioed cpmmecuipo pf dituiocu pbkecut. lf uhe pbkecu it a nenbes pf , xsiue ∈ ps puhesxite ∉ . roe xsiuet ⊂ if it a tvbteu pf , i.e., if amm emeneout pf ase amtp emeneout pf .

iyanqme . . fatic eyanqmet pf ioiue teut ase { } = ∅ (uhe enquz teu), { } (a teu xiuh poe emeneou), { , } (uhe bioasz ovnbest) aod { , , , … , } (uhe teu pf caqiuam meuuest). whe tuaodasd teut pf ovnbest ℕ ⊂ ℤ ⊂ ℚ ⊂ ℝ ⊂ ℂ (qptiuiwe iouegest, iouegest, sauipoam ovnbest, seam aod cpnqmey ovnbest) ase eyanqmet pf ioioiue teut. heioiuipo . . whe casdioamiuz ps ti{e pf a ioiue teu aod it deopued bz | |.

it uhe ovnbes pf iut emeneout ♢

. Fvodaneouamt

qpue uhau uhese ase puhes opuipot pf ti{e (tee zasoiog . bempx): uhe ti{e pf ao ioueges it uhe ovnbes pf biut oeeded up seqseteou iu aod uhe ti{e pf a bioasz tusiog it iut meoguh. veut cao be deioed eyqmiciumz, fps eyanqme bz eovnesauipo ps bz ioueswamt pf seam ovnbest, ps inqmiciumz bz fpsnvmat.

iyanqme . . = { ∈ ℤ| < } inqmiciumz detcsibet uhe teu pf iouegest xhich < hpmdt. whit teu cao amtp be detcsibed eyqmiciumz: = {− , − , , , }.

fps ♢

∪ (voipo), (iouestecuipo), ( -asz qspdvcu) aod �( ) (qpxes

whese ase tewesam emeneouasz teu pqesauipot: ⧵ (teu difeseoce), × (gasuetiao qspdvcu), teu).

iyanqme . . = { , } it uhe teu pf bioasz tusiogt pf meoguh . imeneout io cao be xsiuueo io uhe fpsn … ps ( , , … , ) io wecupsiam opuauipo. eo emeneou pf cpvmd, fps eyanqme, seqseteou poe bmpcl pf qmaioueyu ps ciqhesueyu daua. whe casdioamiuz pf it wesz masge: | |=

≈ . ⋅

sage: 2^128 340282366920938463463374607431768211456

uenasl . . lu it vtefvm up hemq vodestuaod uhe difeseoce beuxeeo tnamm, big aod ioaccettibme ovnbest io qsacuicam cpnqvuauipot. Fps eyanqme, poe cao eatimz tupse poe uesabzue ( bzuet, i.e., aspvod biut) pf daua. ro uhe puhes haod, a masge anpvou pf setpvscet ase servised up tupse poe eyabzue (poe nimmipo uesabzuet) ps biut, aod npse uhao biut ase pvu pf seach. whe ovnbes pf cpnqvuiog tueqt it amtp bpvoded: mett uhao tueqt (taz gsx cmpclt) ase eatimz qpttibme, pqesauipot servise a mpu pf cpnqvuiog setpvscet aod uale a tigoiicaou anpvou pf uine, aod npse uhao pqesauipot ase vofeatibme. lu it fps eyanqme inqpttibme up uetu difeseou lezt xiuh cpoweouipoam (opo-rvaouvn) cpnqvuest.

heioiuipo . . e fvocuipo, naqqiog ps naq ∶ → cpotitut pf uxp teut (uhe dpnaio aod uhe cpdpnaio ) aod a svme xhich attigot ao pvuqvu emeneou (ao inage) = ( ) ∈ up each ioqvu emeneou ∈ . whe teu pf amm ( ) it a tvbteu pf cammed uhe saoge ps uhe inage � ( ). eoz ∈ xiuh ( ) = it cammed a qseinage pf . oeu ⊂ ; uheo xe taz uhau − ( ) = { ∈ | ( ) ∈ } it uhe qseinage ps ioweste inage pf vodes . iyanqme . . oeu

( ,

∶ { , } → { , } be deioed bz ,

,

)=

⊕

⊕(

⋅

)=

⊕

⊕

.

. . veut, uemauipot aod Fvocuipot uefes up wabme . fps uhe deioiuipo pf Xru (⊕) aod eqh (⋅). Fps eyanqme, ( , , , ) it a qseinage pf aod ( , , , ) it aopuhes qseinage pf . ( , , , ) it a qseinage pf aod uhe inage pf it � ( ) = { , }. whe fvocuipo it tvskecuiwe, bvu opu iokecuiwe (tee heioiuipo . bempx). ⊕

wabme . . Xru aod eqh pqesauipot.

⋅

Wasoiog . . e nauhenauicam fvocuipo it opu uhe tane at ao amgpsiuhn. eo amgpsiuhn it a tueq-bz-tueq aod qpttibmz secvstiwe qspcedvse xhich qspdvcet pvuqvu fspn giweo ioqvu. whese cao be difeseou amgpsiuhnt (ps op lopxo amgpsiuhn au amm) fps a giweo nauhenauicam fvocuipo. Fvsuhesnpse, amgpsiuhnt cao amtp vte saodpn daua at ioqvu aod cao hawe difeseou behawipst po difeseou svot. lo cpnqvues tcieoce, a fvocuipo it a qiece pf cpde io tpne qspgsanniog maogvage uhau qesfpsnt a tqeciic uatl.

iwesz teu hat ao ideouiuz fvocuipo � ∶ → , xhich naqt each ∈ up iutemf. Fvocuipot cao be cpnqpted if uhe saoge pf uhe istu fvocuipo miet xiuhio uhe dpnaio pf uhe tecpod fvocuipo. oeu ∶ → aod ∶ → be fvocuipot. wheo uhese it a cpnqptiue fvocuipo ∘ ∶ → xiuh ( ∘ )( ) = ( ( )) (tee Figvse . ). ∘

Figvse . . gpnqptiuipo pf fvocuipot.

heioiuipo . . oeu •

∶

→

be a fvocuipo.

it iokecuiwe if difeseou emeneout pf uhe dpnaio naq up difeseou emeneout pf uhe saoge: fps amm , ∈ xiuh ≠ xe hawe ( ) ≠ ( ). irviwameoumz, it iokecuiwe if fps amm , ∈ : ( )= ( )⇒

=

.

. Fvodaneouamt • •

it tvskecuiwe ps poup if ewesz emeneou pf uhe cpdpnaio it cpouaioed io uhe inage pf , i.e., fps ewesz ∈ uhese eyitut ao ∈ (a qseinage) xiuh ( ) = . lo puhes xpsdt, it tvskecuiwe if � ( )= .

it bikecuiwe if iu it bpuh iokecuiwe aod tvskecuiwe. fikecuiwe fvocuipot qpttett ao ioweste naq − ∶ → tvch uhau − ∘ = � aod ∘ − = � (tee Figvse . ). vvch fvocuipot ase amtp cammed iowesuibme. −

∘

=�

∘

−

=�

−

Figvse . . loweste naq aod iut qspqesuiet.

∶ { , } → { , } be deioed bz

iyanqme . . oeu

( ,

)=(

⊕

,

).

vioce ( , ) = ( , ), ( , ) = ( , ), ( , ) = ( , ) aod ( , ) = ( , ), uhe naq it bikecuiwe. whe ioweste naq − ∶ { , } → { , } it giweo bz roe hat

−

( , ) = ( , ),

−

−

( ,

)=( ,

( , ) = ( , ),

−

⊕

).

( , ) = ( , ) aod

−

( , ) = ( , ). ♢

lowesuibme (bikecuiwe) naqt qmaz ao inqpsuaou spme io ciqhesiog. eo eocszquipo naq nvtu hawe a cpssetqpodiog decszquipo naq tvch uhau ∘ = � (uhe ideouiuz naq po uhe qmaioueyu tqace). iocszquipo naqt ase pfueo bikecuiwe, amuhpvgh a tmighumz xeales qspqesuz it tvicieou ( hat up be iokecuiwe aod nvtu be tvskecuiwe). giqhesiog it pfueo deioed at a cpnqptiuipo pf tewesam pqesauipot. whete pqesauipot ase opu oecettasimz bikecuiwe, eweo if uheis cpnqptiuipo it vmuinauemz bikecuiwe. ro uhe puhes haod, a cpnqptiuipo pf bikecuiwe naqt it pf cpvste bikecuiwe. oenna . . oeu ( ) lf ( ) lf ( ) lf

∶

→

be a naq beuxeeo ioiue teut; uheo:

it iokecuiwe uheo | | ≤ | |.

it tvskecuiwe uheo | | ≥ | |. it bikecuiwe uheo | | = | |.

♢

. . veut, uemauipot aod Fvocuipot

qpue uhau uhe abpwe cpodiuipot ase pomz oecettasz aod opu tvicieou. uenasl . . whe cpousaqptiuipo pf oenna . ( ) it cammed uhe qigepohpme qsiociqme: if | | > | | uheo it opu iokecuiwe. vvqqpte it a teu pf qigepot aod a teu pf hpmet. lf uhese ase npse qigepot uhao hpmet, uheo poe hpme hat npse uhao poe qigepo. heioiuipo . . e teu

it taid up be cpvouabmz ioioiue if uhese it a bikecuiwe naq ∶

→ℕ

fspn up uhe teu pf oauvsam ovnbest. ze taz uhau a teu cpvouabmz ioioiue.

it cpvouabme if iu it ioiue ps

iyanqme . . ℕ aod ℤ ase cpvouabmz ioioiue teut. whe teut ℤ (fps ∈ ℕ) aod ℚ ase amtp cpvouabme (tee iyescite ). kpxewes, a fanpvt setvmu pf gaoups tazt uhau uhe teu ℝ pf amm seam ovnbest it vocpvouabme. ♢ whe lpps, ceimiog aod spvodiog fvocuipot ase pfueo vted io ovnesicam cpnqvuauipot. heioiuipo . . oeu

∈ ℝ.

( ) ⌊ ⌋ it uhe gseauetu ioueges mett uhao ps ervam up .

( ) ⌈ ⌉ it uhe meatu ioueges gseaues uhao ps ervam up . ( ) ⌊ ⌉ = ⌊ + ⌋ it spvodiog

up uhe oeasetu ioueges (spvod hamf vq).

iyanqme . . ⌊ . ⌋ = , ⌈− . ⌉ = − aod ⌊ . ⌉ = . Fvocuipot fspn

up

♢

ase qasuicvmas catet pf semauipot beuxeeo

heioiuipo . . e bioasz semauipo (ps semauipo) beuxeeo ⊂

keoce a semauipo it a teu pf qaist ( , ) xiuh a (bioasz) semauipo po . e fvocuipo

∶

→

× .

aod

∈ . lf

deioet a semauipo beuxeeo

aod :

= {( , ) ∈

∈

aod

×

|

aod :

it a tvbteu =

uheo

it cammed ♢

= ( )}.

cpouaiot amm uvqmet ( , ( )) xiuh ∈ . whit semauipo it amtp cammed uhe gsaqh pf . kpxewes, a semauipo beuxeeo aod dpet opu oecettasimz deioe a fvocuipo. e semauipo deioet a fvocuipo if aod pomz if each ∈ pccvst eyacumz poce at a istu cpnqpoeou io uhe semauipo . irviwameoce semauipot po a teu ase pf tqeciam inqpsuaoce. eo erviwameoce semauipo iodvcet a tegneouauipo pf a teu ioup ditkpiou tvbteut. whe cpmmecuipo pf uhete tvbteut deioet a oex teu aod emeneout io uhe tane tvbteu ase taid up be erviwameou.

. Fvodaneouamt

heioiuipo . . oeu be a semauipo po . wheo tauitiet uhe fpmmpxiog cpodiuipot: ( ) ( ) ( )

it seleyiwe, i.e., ( , ) ∈

fps amm

it tznneusic, i.e., if ( , ) ∈ it usaotiuiwe, i.e., if ( , ) ∈

it cammed ao erviwameoce semauipo if iu

∈ , aod

uheo ( , ) ∈ , aod

aod ( , ) ∈

uheo ( , ) ∈ .

♢

lf it ao erviwameoce semauipo aod ( , ) ∈ , uheo aod ase cammed erviwameou aod xe xsiue ∼ . Fps ∈ , uhe tvbteu = { ∈ | ∼ } ⊂ it cammed uhe erviwameoce cmatt pf aod amm emeneout io ase seqseteouauiwet pf uhau cmatt. whe abpwe cpodiuipot pf ao erviwameoce semauipo eotvse uhau uhe erviwameoce cmattet ase ditkpiou aod uheis voipo it . whe teu pf erviwameoce cmattet it taid up be uhe rvpuieou teu / ∼ .

qpue: uhe emeneout pf / ∼ ase teut. fz abvte pf opuauipo, uhe tane wiexed at ao emeneou pf aod pf / ∼ . iyanqme . . ze deioe ao erviwameoce semauipo = {( , ) ∈ ℤ × ℤ |

−

po

it tpneuinet

= ℤ:

∈ ℤ}.

saist ( , ) ∈ hawe uhe qspqesuz uhau uheis difeseoce − it eweo, i.e., diwitibme bz . Fps eyanqme, uhe uvqmet ( , ), ( , ) aod (− , ) ase amm emeneout pf , bvu ( , ) ∉ aod (− , ) ∉ . roe cao eatimz checl uhau it ao erviwameoce semauipo. whe erviwameoce cmatt pf ∈ ℤ it = {… ,

− ,

− , ,

whese ase pomz uxp difeseou erviwameoce cmattet: = {… , − , − , , , , … } aod

+ ,

+ , … }.

= {… , − , − , , , , … }.

Fps eyanqme, poe hat − = = aod − = = . keoce uhe rvpuieou teu ℤ/ ∼ pomz hat uxp emeneout. whit teu it deopued bz ℤ , ℤ/( ), ( ) ps � , aod xe camm iu uhe iemd pf setidve cmattet npdvmp . lu cao be ideouiied xiuh uhe bioasz teu { , }. ♢ e geoesami{auipo pf uhe abpwe eyanqme ziemdt uhe setidve cmattet npdvmp :

iyanqme . . oeu po = ℤ:

∈ ℕ aod

≥ . gpotides uhe fpmmpxiog erviwameoce semauipo

= {( , ) ∈ ℤ × ℤ |

−

∈

ℤ}.

saist ( , ) ∈ hawe uhe qspqesuz uhau uheis difeseoce − it diwitibme bz , i.e., − it a nvmuiqme pf . Fps eyanqme, meu = . wheo uhe uvqmet ( , ) aod (− , ) ase emeneout pf , bvu ( , ) ∉ aod (− , ) ∉ . pf

vinimas up uhe eyanqme abpwe, ∈ ℤ it uhe teu = {… ,

−

it ao erviwameoce semauipo. whe erviwameoce cmatt

,

− , ,

+ ,

+

, … }.

. . veut, uemauipot aod Fvocuipot qpx xe hawe difeseou erviwameoce cmattet aod uhe rvpuieou teu ℤ/ ∼ hat emeneout. ze camm uhit teu uhe setidve cmattet npdvmp ps iouegest npdvmp aod deopue iu bz ℤ ps ℤ/( ). iach setidve cmatt hat a tuaodasd seqseteouauiwe io uhe teu { , , … , − } aod emeneout io uhe tane setidve cmatt ase cammed cpogsveou npdvmp . ♢ wxp iouegest ase cpogsveou npdvmp if uhez hawe uhe tane senaiodes xheo uhez ase diwided bz . lo naoz qspgsanniog maogvaget, uhe senaiodes pf uhe ioueges diwitipo ∶ it cpnqvued bz % , bvu opue uhau uhe setvmu naz be oegauiwe fps < , xheseat uhe tuaodasd seqseteouauiwe pf npdvmp it opo-oegauiwe.

iyanqme . . oeu = . wheo ℤ = { , , … , } hat emeneout. roe hat − = tioce − − = − it a nvmuiqme pf . whe iouegest aod − ase cpogsveou npdvmp aod poe xsiuet − ≡ npd . whe tuaodasd seqseteouauiwe pf uhit setidve cmatt it , aod − , − , … at xemm at , , … ase puhes seqseteouauiwet pf uhe tane setidve cmatt. kese it ao eyanqme vtiog vagepauh: sage: mod ( -892342322327 ,11) 6

whe ditcvttipo pf setidve cmattet ximm be cpouioved io vecuipo . .

heioiuipo . . e naq ∶ { , } → { , } it cammed ao -wasiabme fppmeao fvocuipo aod a naq ∶ { , } → { , } it cammed ao ( , )-wecupsiam fppmeao fvocuipo. e wecupsiam fppmeao fvocuipo cao be xsiuueo at ao -uvqme pf -wasiabme fppmeao fvocuipot: = ( , , … , ). ♢ fppmeao fvocuipot cao be seqseteoued bz uheis usvuh uabme. vioce uhe uabme pf ao wasiabme fppmeao fvocuipo hat eousiet, uhit it pomz seatpoabme fps tnamm . eopuhes inqpsuaou seqseteouauipo it uhe amgebsaic opsnam fpsn (eqF). whit fpsn vtet Xru (⊕) aod eqh (⋅) cpnbioauipot pf uhe bioasz wasiabmet. eo -wasiabme fppmeao fvocuipo hat a voirve seqseteouauipo at a qpmzopniam io wasiabmet, taz , , … , : ( ,

whe cpeicieout ase eiuhes wasiabmet, fps eyanqme ( ,

,

,…,

ps

)=

aod

)=

⋅∏

⨁

�∈

⊂{ ,…, }

�.

it a tvn (Xru) pf qspdvcut (eqh) pf uhe

⊕

⊕

⊕

.

roe cao wiex at a qpmzopniam io wasiabmet xiuh cpeicieout io ℤ (setidve cmattet npdvmp ) aod xsiue + iotuead pf ⊕, e.g., ( ,

,

)=

+

+

+

npd .

. Fvodaneouamt

whe amgebsaic degsee pf it uhe nayinam meoguh pf uhe qspdvcut xhich aqqeas (xiuh opo{esp cpeicieou) io uhe abpwe seqseteouauipo. lf it a cpotuaou fvocuipo, uheo uhe degsee it . lo uhe abpwe eyanqme, uhe degsee it .

ze opue uhau highes qpxest pf a wasiabme � ase opu oeeded tioce � = � fps amm ≥ aod � ∈ { , }. fppmeao fvocuipot pf degsee ≤ ase cammed aioe. lf uhe degsee it ≤ aod uhe cpotuaou qasu it , uheo uhe fvocuipo it mioeas. eo -wasiabme mioeas fppmeao fvocuipo it a mioeas naqqiog fspn ( ) up ( ). oioeas naqt ase ditcvtted io vecuipo . .

whe degsee pf a wecupsiam fppmeao fvocuipo it uhe nayinam degsee pf iut cpnqpoeou fvocuipot. e wecupsiam fppmeao fvocuipo it cammed aioe if amm cpnqpoeou fvocuipot ase aioe. iyanqme . . ( ) ( , , ) = fvocuipo pf amgebsaic degsee . ( )

+

+

+ npd

it a -wasiabme fppmeao

( , , , ) = ( , + , + ) npd it a ( , )-wecupsiam fppmeao fvocuipo. whe amgebsaic degsee it aod uhe fvocuipo it mioeas tioce amm cpotuaout ase .

( ) oeu

= (

,

) be a -wasiabme fppmeao fvocuipo giweo bz uhe fpmmpxiog uabme: ( )

ze vte vagepauh up deuesnioe uhe amgebsaic opsnam fpsn: sage: B = BooleanFunction ([1 ,1 ,0 ,1]) sage: B. algebraic_normal_form () x0*x1 + x1 + 1

ze iod uhau ( , ) = oeiuhes mioeas ops aioe.

+

+

npd . whe amgebsaic degsee it aod

it

1.2. Combinatorics gpnbioaupsict iowetuigauet ioiue ps cpvouabme ditcseue tusvcuvset. ze ase iouesetued io qspqesuiet pf ioiue teut mile { , , … , } ps { , } xhich pfueo pccvs io cszqupgsaqhic pqesauipot. heioiuipo . . whe facupsiam pf a opo-oegauiwe ioueges != {

⋅ ⋯

fps fps

= , ≥ .

it deioed at fpmmpxt:

. . gpnbioaupsict

whe biopniam cpeicieout hawe uhe fpmmpxiog fpsnvma: ( )=

! fps iouegest ! ( − )!

≤

≤

whe facupsiam iocseatet wesz fatu, fps eyanqme !=

.

!≈ .

aod

♢

⋅

.

eo eicieou xaz up cpnqvue uhe biopniam cpeicieout it uhe sedvced fpsnvma ( )=(

−

)=

iyanqme . . roe hat ( ) = ( ) =

( − ) ⋯ ( − ( − )) . ! ⋅

⋅

⋅

!

⋅

⋅

iog vagepauh cpde cpnqvuet amm biopniamt ( ) fps

⋅

=

≤

≤

:

=

. whe fpmmpx-

sage: for n in range (0 ,16): print binomial (15 ,n), 1 15 105 455 1365 3003 5005 6435 6435 5005 3003 1365 455 105 15 1

whe biopniam cpeicieout aqqeas fps eyanqme io uhe ovnbes pf tvbteut pf a giweo ioiue teu aod io eyqaotipot pf uesnt mile ( + ) . sspqptiuipo . . oeu

aod

( ) | × | = | | ⋅ | | aod |

be ioiue teut. wheo

| = | | fps

( ) oeu = | | be uhe casdioamiuz pf casdioamiuz it ( ).

aod

∈ ℕ.

≤ . wheo uhe ovnbes pf tvbteut pf

pf ♢

qpue uhau uhese it a difeseoce beuxeeo -uvqmet aod tvbteut pf casdioamiuz . lo uhe istu cate, uhe psdes pf emeneout it inqpsuaou aod io uhe tecpod cate iu it opu.

= difeseou bioasz xpsdt pf meoguh iyanqme . . whese ase ( ) = xiuh eyacumz uxp poet aod {espt. lodeed, each tvbteu pf = { , , … , } xiuh uxp emeneout giwet uhe uxp qptiuipot xhese uhe digiu it ervam up . ♢ ⋅

sesnvuauipot pf ioiue teut ase pf gseau inqpsuaoce io cszqupgsaqhz. heioiuipo . . oeu .

be a ioiue teu. e qesnvuauipo � pf

it a bikecuiwe naq � ∶

→ ♢

. Fvodaneouamt

sesnvuauipot pf a ioiue teu cao be xsiuueo vtiog a uxp-mioe nausiy opuauipo. whe istu spx mitut uhe emeneout pf aod uhe inage pf each emeneou it giweo bempx io uhe tecpod spx. whe istu spx cao be pniuued if it giweo aod uhe emeneout ase oauvsammz psdesed. iyanqme . . oeu uauipo pf :

= { , , , , , , , }; uheo uhe fpmmpxiog spx detcsibet a qesnv(

sspqptiuipo . . oeu

).

be a ioiue teu aod | | = ; uheo uhese ase ! qesnvuauipot pf .

ssppf. zsiue = { , , … , } aod meu � be a qesnvuauipo pf . whese ase difeseou chpicet fps �( ). vioce � it iokecuiwe, uhese senaio − qpttibme inaget fps �( ), uheo − qpttibimiuiet fps �( ), euc. whe matu inage �( ) it iyed bz uhe puhes chpicet. keoce poe hat ( − )( − ) ⋯ = ! difeseou qesnvuauipot fps � ∶ → . □

gszqupgsaqhic pqesauipot ase pfueo bated po qesnvuauipot. lodeed, a saodpnmz chpteo fanimz pf qesnvuauipot pf a teu mile = { , } xpvmd cpotuiuvue ao ideam bmpcl ciqhes. xofpsuvoauemz, iu it inqpttibme up xsiue dpxo ps up tupse a geoesam qesnvuauipo tioce hat emeneout (tee iyanqme . ). pvch tinqmes ase mioeas naqt (tee vecuipo . ) aod io qasuicvmas biu qesnvuauipot, xhich qesnvue pomz uhe qptiuipo pf uhe biut. Fps eyanqme, xe nighu uale uhe qesnvuauipo ( ) pf = { , , , , , , , } io iyanqme . up deioe a qesnvuauipo po uhe teu = { , } . e bzue ( , , … , ) ∈ it naqqed up ( , , , , , , , ) ∈ . vvch biu qesnvuauipot ase vted xiuhio ciqhesiog pqesauipot, bvu poe hat up uale ioup accpvou uhe facu uhau biu qesnvuauipot ase (io cpousatu up geoesam qesnvuauipot) mioeas naqt.

1.3. Computational Complexity roe pfueo oeedt up aoamz{e uhe cpnqvuauipoam cpnqmeyiuz pf amgpsiuhnt, i.e., uhe oecettasz uine aod tqace semauiwe up uhe ioqvu ti{e. whe qsecite wamvet, fps eyanqme uhe ovnbes pf tueqt ps gsx-cmpclt aod uhe servised nenpsz io bzuet, deqeod po uhe qmaufpsn, uhe inqmeneouauipo aod uhe chpteo neatvseneou voiut, bvu uhe gspxuh pf uine ps tqace (io uesnt pf uhe ioqvu ti{e) it pfueo iodeqeodeou pf uhe pqesauipoam eowisponeou aod uhe qasaneuest chpteo. whe fig-r opuauipo detcsibet uhe gspxuh pf fvocuipot aod it vted up etuinaue uhe cpnqmeyiuz pf amgpsiuhnt io uesnt pf uhe ioqvu ti{e. heioiuipo . (fig-r opuauipo). oeu , ∶ ℕ → ℝ be uxp fvocuipot po ℕ. wheo xe taz uhau it ao atznqupuic vqqes bpvod fps if uhese eyitut a seam ovnbes ∈ ℝ aod ao ioueges ∈ ℕ tvch uhau aod poe xsiuet

=

( ) ps

| ( )| ≤ ∈

( ).

| ( )| fps amm

≥

,

♢

. . gpnqvuauipoam gpnqmeyiuz eo atznqupuic vqqes bpvod ( ) it vtvammz chpteo up be at tinqme aod at tnamm at qpttibme. ze taz uhau hat mioeas, rvadsauic, cvbic ps qpmzopniam gspxuh io if = ( ), = ( ), = ( ) ps = ( ) fps tpne ∈ ℕ, setqecuiwemz.

iyanqme . . ( ) oeu ( ) = + + + . vioce ≤ , ≤ aod ≤ fps ≥ , poe hat ( ) ≤ ( + + + ) . veu = aod = . whvt = ( ) aod hat cvbic gspxuh io . ( ) oeu ( ) = + . veu = aod = . vioce ≤ fps + + hawe = ( ). keoce it atznqupuicammz bpvoded bz a cpotuaou.

( ) oeu ( ) = √ .

+

+

−

; uheo

=

(

/

) tp uhau

≥

, xe

gspxt eyqpoeouiammz io ♢

whe fig-r opuauipo it pfueo vted up attett uhe svooiog uine pf ao amgpsiuhn io a xpstu-cate tceoasip. eo atznqupuic vqqes bpvod dpet opu deqeod po uhe neatvsiog voiu ps uhe qmaufpsn, tioce uhe wamvet xpvmd difes pomz bz a nvmuiqmicauiwe cpotuaou. lf uhe svooiog uine fvocuipo ( ) hat qpmzopniam gspxuh io uhe ioqvu meoguh , i.e., = ( ), uheo ( ) it bpvoded bz fps cpotuaout , aod masge . Fps eyanqme, if it dpvbmed, uheo uhe vqqes bpvod it nvmuiqmied pomz bz uhe cpotuaou . emgpsiuhnt xiuh qpmzopniam svooiog uine io uesnt pf uhe ioqvu ti{e ase cpotidesed up be eicieou ps fatu. paoz tuaodasd amgpsiuhnt, fps eyanqme addiog ps nvmuiqmziog uxp ovnbest, ase qpmzopniam. ro uhe puhes haod, ao amgpsiuhn uhau mppqt pwes ewesz iotuaoce pf a teu xiuh emeneout it eyqpoeouiam io . e qspbmen it cammed hasd if op eicieou, i.e., qpmzopniam-uine, amgpsiuhn eyitut uhau tpmwet uhe qspbmen. e decitipo qspbmen hat pomz uxp qpttibme aotxest, zet ps op. hecitipo qspbment fps xhich a qpmzopniam uine amgpsiuhn eyitut ase taid up bempog up uhe cpnqmeyiuz cmatt s. whe cmatt Ns (opodeuesnioituic qpmzopniam) it uhe teu pf decitipo qspbment xhich cao be wesiied io qpmzopniam-uine. ghecliog uhe cpssecuoett pf a qsppf it aqqaseoumz eaties uhao tpmwiog a qspbmen. zheuhes uhe cmatt Ns it tusicumz masges uhao s it a nakps vosetpmwed qspbmen io cpnqvues tcieoce. lo cpnqvues tcieoce, poe it vtvammz iouesetued io uhe xpstu-cate cpnqmeyiuz pf ao amgpsiuhn xhich tpmwet a cesuaio qspbmen. kpxewes, uhe xpstu-cate cpnqmeyiuz it hasdmz semewaou fps auuaclt agaiotu cszqupgsaqhic tztuent. e cszquptztuen it cesuaiomz iotecvse if auuaclt ase ioeicieou io cesuaio bad catet bvu eicieou io puhes catet. lotuead, uhe awesage-cate cpnqmeyiuz pf amgpsiuhnt uhau bseal a tchene thpvmd be masge. e tecvse tchene thpvmd qspwide qspuecuipo io amnptu amm catet aod uhe qspbabimiuz uhau a qpmzopniam uine amgpsiuhn bsealt uhe cszquptztuen thpvmd be wesz tnamm. qpue uhau uhese it opu pomz uhe uine cpnqmeyiuz bvu amtp uhe tqace cpnqmeyiuz pf ao amgpsiuhn. whe tqace cpnqmeyiuz neatvset uhe nenpsz ps tupsage serviseneout io uesnt pf uhe ioqvu ti{e.

. Fvodaneouamt

Wasoiog . . whe cpnqmeyiuz it neatvsed io uesnt pf uhe ioqvu ti{e, opu uhe ioqvu wamve! whe fpmmpxiog fpsnvma giwet uhe semauipo beuxeeo a qptiuiwe ioueges aod iut ti{e: ⎱iz⎢( ) = ⌊⎪⎭g ( )⌋ + . whe ti{e pf ao ioueges it uhe ovnbes pf biut uhau it oeeded up seqseteou iu. Fps a giweo bioasz tusiog , uhe biu-meoguh it amtp cammed ti{e aod deopued bz | |.

lo cszqupgsaqhic aqqmicauipot, uhe lez ti{e it vtvammz bpvoded bz tewesam hvodsed ps uhpvtaod biut, bvu uhe ovnbest seqseteoued cao be wesz masge. iyanqme . . oeu = . wheo ⎱iz⎢( ) = ⌊ ⋅ ⎪⎭g ( )⌋ + ase oeeded fps uhe bioasz seqseteouauipo pf .

=

. keoce

biut

iyanqme . . oeu ∈ ℕ aod = … be uhe voasz tusiog pf poet. rbwipvtmz, ⎱iz⎢( ) = . eo amgpsiuhn uhau ualet at ioqvu it qpmzopniam if uhe svooiog uine it qpmzopniam io . rf cpvste, it a wesz ioeicieou xaz up seqseteou a qptiuiwe ioueges , bvu iu ammpxt vt up teu uhe ioqvu ti{e up . whit ximm be vted io ghaques , xhese amgpsiuhnt ase pfueo eyqecued up be qpmzopniam io a tecvsiuz qasaneues , fps eyanqme uhe lez meoguh.

iyanqme . . vvqqpte xe xaou up cpnqvue uhe qsine diwitpst pf ao ioueges . e semaued decitipo qspbmen it up deuesnioe xheuhes ps opu it a qsine ovnbes.

rvs amgpsiuhn vtet usiam diwitipot bz amm pdd qptiuiwe iouegest ≤ √ . whe ovnbes

pf diwitipot (i.e., a nvmuiqme pf uhe svooiog uine) it au nptu ⌊ √ ⌋. vioce √ =

l

,

) aod uhesefpse eyqpoeouiam. ro uhe uhe xpstu-cate svooiog uine fvocuipo it ( puhes haod, pvs amgpsiuhn hat qpmzopniam tqace cpnqmeyiuz, tioce xe pomz oeed up tupse aod a tnamm ovnbes pf avyimiasz wasiabmet. qpue uhau uhe facups io uhe eyqpoeou pf uhe svooiog uine fvocuipo nvtu opu be pniuued io uhe fig-r opuauipo! ♢ iz ( )

roe thpvmd vodestuaod uhe miniuauipot pf uhe atznqupuic opuauipo. Fistu, uhe vqqes bpvod aqqmiet pomz if it masges uhao tpne volopxo ioiuiam wamve . Fvsuhesnpse, uhe nvmuiqmicauiwe cpotuaou cao be masge. Fps a giweo ioqvu wamve, ao amgpsiuhn xiuh qpmzopniam svooiog uine naz eweo be tmpxes uhao ao eyqpoeouiam-uine amgpsiuhn! kpxewes, fps masge uhe qpmzopniam-uine amgpsiuhn ximm eweouvammz be fatues. fpvoded fvocuipot ase pf uzqe ( ) aod fvocuipot pf uzqe ( ) cpowesge up . qeg-

migibme fvocuipot aqqspach {esp fatues uhao

aod aoz puhes ioweste qpmzopniam:

heioiuipo . . oeu ∶ ℕ → ℝ be a fvocuipo. roe tazt uhau it oegmigibme io = ( ) fps amm qpmzopniamt , ps erviwameoumz if = ( � ) fps amm > . ( )

if ♢

keoce oegmigibme fvocuipot ase eweouvammz tnammes uhao aoz ioweste qpmzopniam. whit neaot uhau ( ) aqqspachet {esp fatues uhao aoz pf uhe fvocuipot , , , euc.

. . hitcseue sspbabimiuz

iyanqme . .

( )=

opu oegmigibme tioce ( ) =

−

(

aod

−√

), bvu

ase oegmigibme io , xheseat ( ) =

≠

(

).

Fioammz, xe deioe uhe tpfu-r opuauipo xhich igopset mpgasiuhnic facupst.

heioiuipo . . oeu , ∶ ℕ → ℝ be fvocuipot. wheo tvch uhau = (⎪⎬( ) ( )). ( ) = ⎪⎭g ( ). wheo ( ) = ⎪⎭g ( ) . wheo = ̃ ( ).

iyanqme . . ( ) oeu ( ) oeu

= ̃ ( ).

= ̃ ( ) if uhese eyitut

+

it ♢ ∈ℕ

1.4. Discrete Probability sspbabimiuz uhepsz it ao inqpsuaou fpvodauipo pf npdeso cszqupgsaqhz. ze pomz cpotides ditcseue qspbabimiuz tqacet. heioiuipo . . oeu Ω be a cpvouabme teu, � = �(Ω) uhe qpxes teu pf Ω aod [ , ] a fvocuipo xiuh uhe fpmmpxiog qspqesuiet: ( )

( ) lf

[Ω] = . ,

,

∶�→

, … ase qaisxite ditkpiou tvbteut pf , uheo [ ⋃ �

�]

=∑ �

[ � ].

whe usiqme (Ω, �, ) it cammed a ditcseue qspbabimiuz tqace. Ω it cammed uhe tanqme tqace aod xe taz uhau it a ditcseue qspbabimiuz ditusibvuipo po Ω. whe tvbteut ⊂ Ω ase taid up be eweout aod [ ] it uhe qspbabimiuz pf . lf Ω it ioiue, uheo (Ω, �, ) it cammed a ioiue qspbabimiuz tqace. ♢ qpue uhau uhe fanimz pf teut io ( ) it eiuhes ioiue ps cpvouabmz ioioiue. vioce amm qspbabimiuiet ase opo-oegauiwe aod uhe tvn it bpvoded bz , uhe tesiet cpowesget aod it amtp iowasiaou vodes a sepsdesiog pf uesnt.

uenasl . . lo neatvse uhepsz, a usiqme (Ω, �, ), xhese it a �-addiuiwe fvocuipo po a teu � ⊂ �(Ω) pf neatvsabme teut tvch uhau [Ω] = , it cammed a qspbabimiuz tqace. ze pomz cpotides uhe cate pf a cpvouabme tanqme tqace Ω aod attvne uhau amm tvbteut (eweout) ase neatvsabme, i.e., � = �(Ω). e ditcseue qspbabimiuz ditusibvuipo it fvmmz deuesnioed bz uhe wamvet po uhe tiogmeupot { } (uhe emeneouasz eweout). ze deioe uhe fvocuipo ( ) = [{ }] aod pbuaio fps amm eweout

⊂ Ω:

[ ] = ∑ ( ). �∈

. Fvodaneouamt

keoce a ditcseue qspbabimiuz ditusibvuipo it fvmmz deuesnioed bz a fvocuipo Ω → [ , ] xiuh ∑�∈Ω ( ) = . iyanqme . . oeu Ω = ℕ aod po ℕ bz


it ao eyanqme pf a qpmzamqhabeuic tvbtuiuvuipo ciqhes. emuhpvgh uhe lez cao be mpog, each ciqhesueyu meuues pomz deqeodt po a tiogme qmaioueyu chasacues. iyanqme . . e wsaotqptiuipo giqhes pwes ao asbiusasz amqhabeu eocszqut a qmaioueyu bmpcl pf meoguh bz sepsdesiog uhe chasacuest. nezt ase giweo bz a saodpn qesnvuauipo pf { , , … , }. fiu qesnvuauipot ase usaotqptiuipo ciqhest pwes uhe bioasz amqhabeu. ze pbteswe uhau uhe fserveocz pf chasacuest it qseteswed bz usaotqptiuipo ciqhest. ♢ whe abpwe eyanqmet amm vte mioeas ps aioe usaotfpsnauipot. oaues xe ximm tee uhau aioe ciqhest ase pfueo wvmoesabme up lopxo qmaioueyu auuaclt xhich pomz servise tuaodasd mioeas amgebsa (tee sspqptiuipo . ). whese ase amtp cmatticam opomioeas npop- ps qpmzamqhabeuic tvbtuiuvuipo ciqhest. lf uhe qmaioueyu cpouaiot ueyu fspn a lopxo maogvage, uheo tvch ciqhest cao pfueo be bspleo bz a fserveocz aoamztit. lu it amtp qpttibme up seweam ao volopxo meoguh pf a qpmzamqhabeuic ciqhes.

. . sesfecu vecsecz

iyanqme . . eopuhes eyanqme pf a qpmzamqhabeuic tvbtuiuvuipo ciqhes it uhe ioigna spups ciqhes nachioe uhau xat vted tioce uhe t aod io qasuicvmas bz qa{i jesnaoz dvsiog uhe vecpod zpsmd zas. whe ioigna it ao emecusp-nechaoicam ciqhes nachioe uhau qspdvcet poe ciqhesueyu meuues qes leztusple. whe lez tqace it rviue masge aod deqeodt po ioiuiam spups qptiuipot, siog teuuiogt aod qmvg cpooecuipot pf uhe nachioe. whe spups qptiuipot chaoge xiuh each chasacues. ziuh cpotidesabme efpsu aod cszqupaoamzuicam nachioet, uhe ioigna xat eweouvammz bspleo. ze secpnneod uhe bppl [gp ] fps npse deuaimt abpvu uhe ioigna tztuen.

2.2. Perfect Secrecy roe nighu xaou a cszquptztuen uhau it vobsealabme fps aoz uzqe pf adwestasz, eweo if uhez hawe vominiued cpnqvuiog qpxes. vvch a tchene xpvmd qspwide vocpodiuipoam tecvsiuz. gmavde vhaoopo deioed uhe opuipo pf qesfecu tecsecz [vha ]. heioiuipo . . eo eocszquipo tchene it qesfecumz tecseu if fps amm qmaioueyut ℳ aod amm ciqhesueyut ∈ �: [ℰ (

)= ]=

[ℰ (

) = ].

whe qspbabimiuiet ase cpnqvued pwes saodpnmz geoesaued lezt

∈ �.

,

∈

♢

sesfecu tecsecz neaot uhau amm qmaioueyut hawe uhe tane qspbabimiuz fps a giweo ciqhesueyu. whit qspqesuz it amtp cammed qesfecu iodituiogvithabimiuz: xiuhpvu uhe tecseu lez, iu it inqpttibme up iod pvu xhich qmaioueyu xat eocszqued. eo eawetdspqqes usvmz measot opuhiog abpvu uhe qmaioueyu fspn uhe ciqhesueyu, qspwided uhau aoz lez it qpttibme. lo puhes xpsdt: giweo aoz ciqhesueyu , ewesz qmaioueyu nettage it eyacumz at milemz up be uhe vodesmziog qmaioueyu. qpue uhau uhe deioiuipo serviset a iyed qmaioueyu meoguh tioce eocszquipo vtvammz dpet opu hide uhe meoguh pf a qmaioueyu nettage. whe fpmmpxiog menna qspwidet ao amuesoauiwe deioiuipo pf qesfecu tecsecz. oenna . . eo eocszquipo tchene it qesfecumz tecseu if aod pomz if fps ewesz qspbabimiuz ditusibvuipo pwes ℳ, ewesz qmaioueyu aod ewesz ciqhesueyu fps xhich [ ] > , uhe qspbabimiuz pf aod uhe cpodiuipoam qspbabimiuz pf giweo cpiocide: [ | ]=

[ ].

♢

emuhpvgh qesfecu tecsecz it a wesz tuspog serviseneou, uhese it a wesz tinqme ciqhes xhich achiewet uhit mewem pf tecvsiuz: uhe poe-uine qad (tee iyanqme . ). whepsen . . whe poe-uine qad it qesfecumz tecseu if uhe lez it geoesaued bz a saodpn biu geoesaups (tee heioiuipo . ) aod it pomz vted poce. ssppf. oeu be a tecvsiuz qasaneues pf uhe poe-uine qad. vvqqpte , ase qmaioueyut aod it a ciqhesueyu pf meoguh . wheo uhese it eyacumz poe lez pf meoguh xhich eocszqut ioup aod io facu = ⊕ . vioce xe attvned ao voifpsn ditusibvuipo

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

pf lezt, xe hawe whepsen.

[ℰ (

)= ]=

. whe tane hpmdt usve fps

, xhich qspwet uhe □

iyanqme . . vvqqpte a yigeoèse ciqhes pf lez meoguh it vted up eocszqu fpvs chasacuest. oeu = ( , , , ) be aoz ciqhesueyu pf meoguh fpvs, = ( , , , ) uhe cpssetqpodiog qmaioueyu aod = ( , , ) uhe lez. wheo ≡

+

,

≡

+

,

≡

+

,

≡

+

npd

.

whe difeseoce beuxeeo uhe fpvsuh ciqhesueyu aod qmaioueyu chasacues it cpogsveou up uhe difeseoce beuxeeo uhe istu ciqhesueyu aod qmaioueyu chasacues: ≡

−

≡

−

npd

.

whit fpsnt a cpodiuipo fps amm wamid qmaioueyu/ciqhesueyu qaist. lf = ( , , , ) it giweo, uheo uhese ase naoz vofeatibme qmaioueyut , i.e., ℰ ( ) ≠ fps amm ∈ �, aod uhesefpse [ℰ ( ) = ] = . ro uhe puhes haod, qmaioueyut = ( , , , ) uhau tauitfz uhe cpogsveoce − ≡ − npd ase qpttibme aod uheis qspbabimiuz it

if ∈ ℤ tecsecz.

[ℰ (

)= ]=

it chpteo voifpsnmz au saodpn. keoce uhe ciqhes dpet opu hawe qesfecu ♢

lf uhe lez it thpsues uhao uhe nettage, uheo ao eocszquipo tchene caoopu be qesfecumz tecseu: a lopxo ciqhesueyu nettage chaoget uhe qptuesips qspbabimiuz pf a qmaioueyu nettage. ro uhe puhes haod, adwestasiet xiuh miniued setpvscet nighu opu be abme up eyqmpiu uhit tiuvauipo tp uhau uhe tchene it tuimm cpnqvuauipoammz tecvse. whit it ditcvtted io uhe oeyu tecuipo.

2.3. Computational Security ssacuicam tecvsiuz thpvmd uale uhe cpnqvuiog qpxes pf ao adwestasz ioup accpvou, sauhes uhao attvniog vominiued setpvscet. Fvsuhesnpse, iu it seatpoabme up accequ a tnamm chaoce pf tvccett, tioce ao adwestasz nighu gvett uhe cpssecu qmaioueyu ps lez. whe cpnqvuauipoam aqqspach etuinauet uhe qspbabimiuz pf tvccett io uesnt pf uine aod cpnqvuiog setpvscet. ze cpotides a tchene up be bspleo if ao adwestasz cao measo tpneuhiog abpvu uhe qmaioueyu fspn uhe ciqhesueyu, i.e., if uhez pbuaio uhe pvuqvu pf aoz fvocuipo pf uhe qmaioueyu, fps eyanqme a qmaioueyu biu ps a tvn pf tewesam qmaioueyu biut. lo uhe oeyu tecuipo, bsealiog a tchene it deioed io uhe cpoueyu pf ao eyqesineou, xhese ao adwestasz hat up aotxes a chammeoge. heioiuipo . . e tchene it ( , �)-tecvse if aoz adwestasz svooiog io uine (neatvsed io gsx czcmet) cao bseal uhe tchene xiuh qspbabimiuz pf � au nptu.

. . lodituiogvithabme iocszquipot

iyanqme . . ettvne uhau uhe betu-lopxo auuacl agaiotu a tchene it eyhavtuiwe lez teasch (bsvue fpsce) aod uhau uhe lez hat meoguh . lf uetuiog a tiogme lez ualet gsx czcmet aod io upuam gsx czcmet ase eyecvued, uheo lezt cao be uetued aod uhe qspba-

, if ≪ . keoce uhe tchene it ( , )-tecvse. bimiuz pf tvccett it aqqspyinauemz vvqqpte ao adwestasz vtet a cpnqvues xiuh poe jk{ gsx aod qesfpsnt a bsvue fpsce auuacl agaiotu a tchene xiuh -biu lez meoguh pwes uhe cpvste pf a zeas. oeu’t attvne uhau = . wheo spvghmz lezt cao be uetued aod uhe tchene it ( , − )-tecvse. qpue uhau ao eweou xiuh a qspbabimiuz pf − ximm oewes pccvs io qsacuice. ♢

ze tee uhau cpocseue wamvet deqeod po uhe hasdxase vted, e.g., uhe uzqe pf gsx, at xemm at po uhe inqmeneouauipo pf auuaclt. qpx xe giwe ao atznqupuic westipo pf a deioiuipo pf tecvsiuz. lo uhit aqqspach, uhe svooiog uine aod uhe qspbabimiuz pf bsealiog a tchene ase cpotidesed at fvocuipot pf uhe tecvsiuz qasaneues (tee uenasl . ), aod poe aoamz{et uhe behawips fps tvicieoumz masge wamvet pf . heioiuipo . . eo eocszquipo tchene it cammed cpnqvuauipoam tecvse if ewesz qspbabimituic amgpsiuhn xiuh qpmzopniam svooiog uine cao pomz bseal uhe tchene xiuh oegmigibme qspbabimiuz io uhe tecvsiuz qasaneues . ♢ gpnqvuauipoam tecvsiuz pomz qspwidet ao atznqupuic tecvsiuz gvasaouee, i.e., if uhe tecvsiuz qasaneues (tee uenasl . ) it tvicieoumz masge. iyanqme . . lf uhe betu qpttibme auuacl it a bsvue-fpsce teasch pf a lez pf meoguh (tee iyanqme . ) aod uhe svooiog uine it bpvoded bz = ( ), xhese it a qpmzop( ) ( ) niam, uheo uhe tchene it ( ( ), )-tecvse, xhese it a cpotuaou. whe qspbabimiuz ⋅ ⋅ decseatet eyqpoeouiammz up {esp at gpet up ioioiuz aod it uhvt oegmigibme. whesefpse, uhe tchene it cpnqvuauipoammz tecvse.

2.4. Indistinguishable Encryptions lo vecuipo . xe tax uhau qesfecu tecsecz serviset qesfecu iodituiogvithabimiuz: fps a giweo ciqhesueyu, ao adwestasz cao pomz gvett xhich qmaioueyu xat eocszqued aod amm qmaioueyut (pf a giweo meoguh) pccvs xiuh eyacumz uhe tane qspbabimiuz. qpx xe xaou up semay uhe serviseneout pf qesfecu tecsecz fps a npse qsacuicam deioiuipo. Fistumz, xe cpotides pomz eicieou adwestasiet svooiog io qpmzopniam uine. vecpodmz, xe ammpx a wesz tnamm, i.e., oegmigibme adwaouage pwes saodpn gvettet xheo ao adwestasz usiet up dituiogvith beuxeeo uxp catet. lodituiogvithabimiuz (lqh) neaot uhau eicieou adwestasiet ase voabme up iod uhe cpssecu qmaioueyu pvu pf uxp qpttibimiuiet if uhe ciqhesueyu it giweo. whe qesfpsnaoce pf adwestasiet it opu opuiceabmz beuues uhao saodpn gvettiog. Fvsuhesnpse, xe xaou up deioe tecvsiuz vodes difeseou uzqet pf auuaclt. ze tqecifz a uhseau npdem aod cpotides auuaclest xiuh cesuaio caqabimiuiet: iu it vtvammz attvned uhau adwestasiet ase abme up eawetdspq po ciqhesueyu nettaget, bvu xe amtp mppl au adwestasiet xhp hawe accett up qmaioueyu/ciqhesueyu qaist (nopxo smaioueyu euuacl) ps cao

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

chppte qmaioueyut (ghpteo smaioueyu euuacl, gse). lf uhe adwestasz cao eweo chppte ciqhesueyut aod pbuaio uhe cpssetqpodiog qmaioueyut, uheo xe camm uhit a ghpteo giqhesueyu euuacl (gge). ze cpotides eyqesineout (ps ganet) beuxeeo uxp amgpsiuhnt, a qpmzopniam-uine adwestasz aod a chammeoges. ze deopue uhe adwestasz bz aod uhe chammeoges bz . whe chammeoges ualet at ioqvu a tecvsiuz qasaneues aod teut vq uhe eyqesineou, fps eyanqme bz geoesauiog qasaneuest aod lezt. svot uhe eyqesineou aod iouesacut xiuh . lo uhe eyqesineou, hat cesuaio chpicet aod caqabimiuiet. Fioammz, hat up aotxes a chammeoge aod pvuqvut a tiogme biu. whe chammeoges wesiiet uhe aotxes aod pvuqvut ( xat tvccettfvm aod xpo uhe gane) ps ( faimed). rbwipvtmz, hat a % chaoce pf saodpnmz gvettiog uhe cpssecu aotxes, bvu nighu amtp vte a npse efecuiwe tusauegz. whe gane it seqeaued naoz uinet tp uhau a tvccett qspbabimiuz aod ao adwaouage (cpnqased up saodpn gvettet) cao be cpnqvued. vvch eyqesineout naz mppl asuiiciam au istu, bvu uhez aotxes uhe rvetuipo at up xheuhes ao adwestasz cao pbuaio au meatu poe biu pf tecseu iofpsnauipo bz aqqmziog ao eicieou amgpsiuhn. e tchene it cpotidesed bspleo if uhe qspbabimiuz pf tvccett it tigoiicaoumz highes uhao %. lo naoz tecvsiuz eyqesineout, chpptet a voifpsn saodpn tecseu biu aod pbuaiot a chammeoge uhau deqeodt po . Fioammz, pvuqvut a biu ′ aod xiot uhe gane if = ′ . vioce uhe eyqesineou it seqeaued naoz uinet, bpuh aod ′ cao be cpotidesed at saodpn wasiabmet. whe fpmmpxiog wabme . cpouaiot uhe fpvs cpnbioauipot pf aod ′ aod uheis kpiou qspbabimiuiet:

wabme . . mpiou qspbabimiuiet pf aod

= =

[ [

′ ′

′

=

=

=

lf uhe adwestasz saodpnmz gvettet uhe puhes haod, if

= ] = ] ′

[ [

′ ′

′

= =

=

′.

= ] = ]

, uheo amm fpvs qspbabimiuiet ase cmpte up . ro

it dpiog a gppd kpb, uheo uhe diagpoam eousiet ase gseaues uhao

aod uhe puhes uxp ase tnammes uhao . ze deioe ’t adwaouage pwes saodpn gvettet at uhe difeseoce beuxeeo uhe qspbabimiuz pf tvccett (pvuqvu pf uhe eyqesineou it ) aod uhe qspbabimiuz pf faimvse (pvuqvu pf

. . iawetdspqqiog euuaclt

uhe eyqesineou it ):

⎢⎡v( ) = |

−

=|

=|

[

[

[

[

′ ′

=

′

=

= ]−

= ]+

= ]− [

′

( )= ]−

[

≠ ]| [

[

′

=

′

=

= ]

( ) = ] |.

= ]|

whe difeseoce cpvmd be oegauiwe, tp xe uale uhe abtpmvue wamve. e oegauiwe adwaouage xpvmd aozxaz inqmz a qptiuiwe adwaouage fps ao ioweste adwestasz ′ xhp pvuqvut if pvuqvut aod wice westa. if

whe adwaouage it cmpte up − = if saodpnmz gvettet ′ aod cmpte up − = (ps uhe ioweste adwestasz) pfueo tvcceedt io iodiog uhe cpssecu aotxes. ⎢⎡v( ) = ⋅ ||| [ ′ = ] − ||| = ⋅ ||| [ ( ) = ] − ||| , ⎢⎡v( ) = | [ ′ = | = ] − [ ′ = | = ] |.

uenasl . . whe fpmmpxiog deioiuipot ase amtp vted io uhe miuesauvse:

whete fpsnvmat giwe uhe tane adwaouage ⎢⎡v( ) at abpwe (tee iyescite ). whe istu fpsnvma it amtp vted io uhe miuesauvse xiuhpvu uhe tcamiog facups .

2.5. Eavesdropping Attacks Fistumz, xe attvne a qattiwe eawetdspqqes xhp pomz pbteswet uhe ciqhesueyu. whit cao be fpsnami{ed bz ao eyqesineou, xhese ao adwestasz chpptet uxp qmaioueyut aod geut uhe ciqhesueyu pf poe pf uhen. gao uhe adwestasz iod uhe cpssecu qmaioueyu aod geu ao adwaouage pwes saodpn gvettet? heioiuipo . . vvqqpte a tznneusic eocszquipo tchene it giweo aod cpotides uhe fpmmpxiog iodituiogvithabimiuz eyqesineou (tee Figvse . ). e chammeoges ualet uhe tecvsiuz qasaneues at ioqvu, geoesauet a lez ∈ � bz svooiog ( ) aod chpptet a

saodpn biu ← { , }. e qspbabimituic qpmzopniam-uine adwestasz it giweo , bvu oeiuhes ops ase lopxo up . whe adwestasz chpptet uxp qmaioueyut aod uhau ase ervam io meoguh. whe chammeoges seuvsot uhe ciqhesueyu ℰ ( ) pf poe pf uhen. usiet up gvett (i.e., usiet up iod pvu xhich pf uhe uxp qmaioueyut xat eocszqued) aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. whe iey adwaouage pf it deioed at av ⎢⎡v ( ) = | [ ′ = ] − [ ′ ≠ ] | . whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe lez , biu , eocszquipo ℰ aod saodpnoett pf . ♢ $

e tchene it iotecvse vodes ao iey auuacl if uhe adwaouage pf a tnasu adwestasz it opu oegmigibme, tp uhau ao adwestasz cao tvccettfvmmz desiwe tpne iofpsnauipo abpvu uhe qmaioueyu fspn uhe ciqhesueyu.

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

ghammeoges

edwestasz

ghppte , | |=| vemecu ps

( (

′

′

|

= ) = )

← $

, ′

( ), ←ℰ (

←{ , } $

)

gpnqase aod pvuqvu ps

′

,

Figvse . . lodituiogvithabimiuz eyqesineou io uhe qseteoce pf ao eawetdspqqes.

heioiuipo . . eo eocszquipo tchene hat iodituiogvithabme eocszquipot io uhe qseteoce pf ao eawetdspqqes (lqh-iey tecvse ps iey-tecvse) if fps ewesz qspbabimituic av qpmzopniam-uine adwestasz , uhe adwaouage ⎢⎡v ( ) it oegmigibme io uhe tecvsiuz qasaneues . ♢ whe deioiuipo cao amtp be vted up thpx uhau a qasuicvmas tchene dpet opu hawe iey tecvsiuz. lo uhit cate, iu tvicet up giwe poe eyanqme pf a qpmzopniam-uine amgpsiuhn xhich achiewet a opo-oegmigibme adwaouage io uhe iey eyqesineou. iyanqme . . vvqqpte a tchene dpet opu eocszqu uhe istu biu, i.e., uhe istu qmaioueyu biu aod uhe istu ciqhesueyu biu cpiocide. wheo uhe tchene dpet opu hawe iey tecvsiuz: ao adwestasz cpvmd chppte uxp qmaioueyut uhau difes io uheis istu biu. lo uhit xaz uhez ase abme up ideouifz uhe cpssecu qmaioueyu fspn uhe chammeoge ciqhesueyu. uenasl . . lu naz teen tvsqsitiog uhau uhe adwestasz cao chppte uhe qmaioueyut io ao eawetdspqqiog auuacl. lu xpvmd be cpoceiwabme up meu uhe chammeoges temecu uhe qmaioueyut. kpxewes, eawetdspqqiog tecvsiuz thpvmd eotvse uhau eocszquipo qspuecut ewesz qmaioueyu, opu kvtu temecued ps saodpn qmaioueyut.

Fvsuhesnpse, uhese ase seam-xpsmd tiuvauipot xhese uhe qmaioueyu tqace it sauhes tnamm, taz { , } ps {Yiv, qr}. vvch qmaioueyut amtp deteswe qspuecuipo. whe iey eyqesineou it qesfecu fps npdemiog uhit tiuvauipo. ♢ ze naz amtp adpqu a cpocseue aqqspach up eawetdspqqiog tecvsiuz (tee vecuipo . ):

heioiuipo . . eo eocszquipo tchene it ( , �)-tecvse io uhe qseteoce pf ao eawetdspqqes if fps ewesz qspbabimituic adwestasz svooiog io uine , uhe adwaouage pf it mett uhao �: av ⎢⎡v ( ) < �. ♢

. . ghpteo smaioueyu euuaclt

ℰ

←ℰ (

)

Figvse . . lodituiogvithabimiuz: op eicieou amgpsiuhn cao uemm uhe uxp catet aqasu if aod ase tecseu.

uenasl . . whit it uhe istu io a tesiet pf tinimas eyqesineout aod uhe seades it iowiued up uhiol uhspvgh uhe deioiuipot. whe adwestasz chpptet uxp qmaioueyut pf uhe tane meoguh. whe chammeoges eocszqut poe pf uhe qmaioueyut aod giwet uhe ciqhesueyu up uhe adwestasz. wheo hat up dituiogvith beuxeeo uhe uxp catet, i.e., iod pvu xhich qmaioueyu xat eocszqued (tee Figvse . ). whe rvetuipo it xheuhes iodt a cmewes xaz up uaclme uhe chammeoge, ps emte fammt bacl po saodpn gvettet. whe adwaouage it ioammz cpnqvued pwes naoz ganet xiuh tanqme lezt , saodpn biut , ciqhesueyut aod puhes saodpnoett vted bz uhe adwestasz. lo qsacuice, poe xpvmd opu seammz cpodvcu a masge ovnbes pf tvch eyqesineout. lo qasuicvmas, npdemiog uhe qpttibme tusauegiet pf ao adwestasz teent sauhes diicvmu, bvu uhe abpwe deioiuipo it vtefvm tioce iu cmeasmz tuauet uhe serviseneout fps eawetdspqqiog tecvsiuz aod deioet vodes xhich cpodiuipo a tchene it cpotidesed bspleo. uenasl . . rvs tecvsiuz deioiuipo it bated po iodituiogvithabimiuz. roe cao thpx uhau uhit it erviwameou up tenaouic tecvsiuz: ao adwestasz caoopu measo aoz qasuiam iofpsnauipo abpvu uhe qmaioueyu fspn uhe ciqhesueyu. whit neaot uhau aoz fvocuipo pf uhe qmaioueyu, taz eyusacuiog poe biu, it hasd up cpnqvue aod qpmzopniam-uine adwestasiet caoopu dp aoz beuues uhao saodpn gvettiog. ze sefes up uhe miuesauvse fps npse deuaimt po tenaouic tecvsiuz ([no ], [Gpm ]).

2.6. Chosen Plaintext Attacks qpx xe uvso up a npse qpxesfvm adwestasz xhp hat leyibme accett up ao eocszquipo psacme: uhez cao fseemz chppte qmaioueyut aod pbuaio uhe cpssetqpodiog ciqhesueyut. whit nighu hemq up decszqu a chammeoge ciqhesueyu, au meatu if uhese ase pomz uxp qmaioueyu caodidauet. gao uhez dp beuues uhao saodpnmz gvettiog uhe cpssecu qmaioueyu? whit it neatvsed bz uhe lqh-gse adwaouage, xhich it deioed aoampgpvtmz up uhe iey-adwaouage abpwe. heioiuipo . . vvqqpte a tznneusic eocszquipo tchene it giweo aod ao adwestasz hat accett up ao eocszquipo psacme. gpotides uhe fpmmpxiog eyqesineou (tee Figvse . ). e chammeoges ualet uhe tecvsiuz qasaneues at ioqvu, geoesauet a lez ∈ � aod

. iocszquipo vchenet aod heioiuipot pf vecvsiuz chpptet a voifpsn saodpn biu ← { , }. e qspbabimituic qpmzopniam-uine adwestasz it giweo , bvu aod ase opu lopxo up . whe adwestasz cao chppte asbiusasz qmaioueyut aod geu uhe cpssetqpodiog ciqhesueyu fspn ao eocszquipo psacme. whe adwestasz uheo chpptet uxp difeseou qmaioueyut aod pf uhe tane meoguh. whe chammeoges seuvsot uhe ciqhesueyu ℰ ( ) pf poe pf uhen. whe adwestasz cpouiovet up hawe accett up uhe eocszquipo psacme. Fioammz, usiet up gvett aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. whe lqh-gse adwaouage pf it deioed at $

⎢⎡v

i

−

a

( )=|

[

′

= ]−

[

′

≠ ]|.

whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe lez , biu , eocszquipo ℰ aod saodpnoett pf .

heioiuipo . . e tchene hat iodituiogvithabme eocszquipot vodes chpteo qmaioueyu auuacl (lqh-gse tecvse ps gse-tecvse) if fps ewesz qspbabimituic qpmzopniam-uine adi − a westasz , uhe adwaouage ⎢⎡v ( ) it oegmigibme io . ♢ ghammeoges/rsacme

edwestasz

ghppte qmaioueyu

ghppte , | |=| ghppte qmaioueyu

vemecu ps

( (

′

′

′

| ″

= ) = )

′

′

⋮

,

″

″

⋮ ′

←

( ),

$

←ℰ (

′

←ℰ ( ″

←ℰ (

←{ , } $

′

)

) ″

)

gpnqase aod pvuqvu ps

Figvse . . gse iodituiogvithabimiuz eyqesineou. whe adwestasz naz seqeauedmz atl fps uhe eocszquipo pf chpteo qmaioueyut ′ , ″ .

′

,

. . ghpteo giqhesueyu euuaclt

vecvsiuz vodes chpteo qmaioueyu auuacl it rviue a tuspog cpodiuipo. lu baticammz tazt uhau ao adwestasz it opu abme up pbuaio a tiogme biu pf iofpsnauipo fspn a giweo ciqhesueyu, eweo if uhez cao atl fps uhe eocszquipo pf asbiusasz qmaioueyut. uenasl . . whe deioiuipo innediauemz inqmiet uhau a deuesnioituic eocszquipo tchene caoopu be tecvse vodes lqh-gse. eo adwestasz cao, io facu, atl uhe psacme fps uhe eocszquipo pf uhe chpteo qmaioueyut aod . wheo uhez pomz oeed up cpnqase uhe seuvsoed ciqhesueyu xiuh uhe chammeoge ciqhesueyu. lf uhe tchene it deuesnioituic, uhe lqh-gse adwaouage it ervam up , bvu fps a opo-deuesnioituic tchene, each eocszquipo pf a iyed qmaioueyu cao ziemd aopuhes ciqhesueyu. whesefpse, a tinqme cpnqasitpo caoopu be vted io uhe opo-deuesnioituic cate. iyanqme . . vvqqpte ao eocszquipo tchene it qspbabimituic, bvu uhe istu ciqhesueyu biu deqeodt pomz po uhe qmaioueyu aod uhe lez aod opu po uhe saodpnoett pf uhe eocszquipo amgpsiuhn. lf uhe istu ciqhesueyu biu it opu cpotuaou, uheo uhe tchene it opu tecvse vodes lqh-gse, eweo if uhe neuhpd it wesz tuspog puhesxite. eo adwestasz xpvmd geoesaue nvmuiqme qmaioueyut pf uhe tane meoguh aod atl fps eocszquipo, vouim uhez iod uxp qmaioueyut , tvch uhau uhe cpssetqpodiog ciqhesueyut difes io uheis istu biu. wheo uhez chppte aod io uhe gse eyqesineou. whe istu biu pf uhe chammeoge ciqhesueyu seweamt xhich pf uhe uxp qmaioueyut xat eocszqued bz uhe chammeoges. uenasl . . gpotuaou qauuesot io uhe ciqhesueyu dp opu wipmaue lqh-gse (ps lqhiey) tecvsiuz, aod iu it opu servised uhau uhe ciqhesueyu mpplt mile a saodpn terveoce. lo facu, ao adwestasz caoopu mewesage cpotuaou qasut pf uhe ciqhesueyu io psdes up pbuaio iofpsnauipo abpvu uhe qmaioueyu. ♢ lo qsacuice, poe xaout up eocszqu nvmuiqme nettaget xiuh uhe tane lez. whit it opu disecumz addsetted io uhe iey aod gse eyqesineout, xhese ao adwestasz hat up iod uhe qmaioueyu fps a tiogme ciqhesueyu nettage. whe geoesami{auipo pf uhete ganet fps nvmuiqme eocszquipot ammpxt uhe adwestasz up qspwide nvmuiqme qaist pf qmaioueyu nettaget. e mefups-sighu psacme eocszqut eiuhes uhe mefu ps uhe sighu qmaioueyu pf each qais (deqeodiog po uhe tecseu biu ) aod seuvsot uhe ciqhesueyut. lo facu, iey tecvsiuz fps nvmuiqme nettaget it tuspoges uhao iey tecvsiuz fps a tiogme nettage (tee iyescite ). ro uhe puhes haod, gse-tecvse tchenet senaio tecvse xheo uhe adwestasz hat accett up a mefu-ps-sighu eocszquipo psacme: sspqptiuipo . . lf ao eocszquipo tchene it gse-tecvse (tee heioiuipo . ), uheo iu it gse-tecvse fps nvmuiqme eocszquipot.

2.7. Chosen Ciphertext Attacks efues ditcvttiog iey aod gse tecvsiuz, xe opx cpotides eweo npse qpxesfvm auuaclest. vecvsiuz vodes a chpteo ciqhesueyu auuacl it deioed io a tinimas xaz up lqh-gse tecvsiuz, bvu addiuipoammz giwet uhe adwestasz uhe qpxes up servetu uhe decszquipo pf aoz chpteo ciqhesueyu eycequ uhe chammeoge ciqhesueyu.

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

heioiuipo . . vvqqpte a tznneusic eocszquipo tchene it giweo. gpotides uhe fpmmpxiog eyqesineou (tee Figvse . ). ro ioqvu a chammeoges geoesauet a saodpn lez

∈ � aod a saodpn biu ← { , }. e qspbabimituic qpmzopniam-uine adwestasz it giweo , bvu aod ase opu lopxo up . whe adwestasz cao atl ao psacme up eocszqu asbiusasz qmaioueyut aod up decszqu ciqhesueyut. whe adwestasz chpptet uxp diffeseou qmaioueyut aod pf uhe tane meoguh. whe chammeoges seuvsot uhe ciqhesueyu = ℰ ( ) pf poe pf uhen. whe adwestasz cpouiovet up hawe accett up uhe eocszquipo aod decszquipo psacme, pomz decszquipo pf uhe chammeoge ciqhesueyu it opu qesniuued. Fioammz, usiet up gvett aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. wheo uhe lqh-gge adwaouage pf it deioed bz $

⎢⎡v

i

−

a

( )=|

[

′

= ]−

[

′

≠ ]|.

whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe lez , biu , eocszquipo ℰ aod saodpnoett pf . ♢ ghammeoges/rsacme

edwestasz

ghppte qmaioueyu ps ciqhesueyu

ghppte , | |=|

′

′

|

ghppte qmaioueyu ″ ps ciqhesueyu ″ ≠ vemecu ps

( (

′

′

= ) = )

′

′

ps ps ⋮

′

′

, ″

ps ″ ps ⋮ ′

″ ″

← $

( ),

←{ , } $

← ℰ ( ′) ps ′ ← � ( ′ ) ′

←ℰ (

)

← ℰ ( ″) ps ″ ← � ( ″ ) ″

gpnqase aod pvuqvu ps

Figvse . . gge iodituiogvithabimiuz eyqesineou. whe adwestasz naz seqeauedmz atl fps uhe eocszquipo pf chpteo qmaioueyut ′ , ″ aod fps uhe decszquipo pf chpteo ciqhesueyut ′ , ″ eycequ uhe chammeoge .

′

,

. . stevdpsaodpn jeoesaupst

heioiuipo . . e tchene hat iodituiogvithabme eocszquipot vodes adaquiwe chpteo ciqhesueyu auuacl (lqh-gge tecvse ps gge -tecvse) if fps ewesz qspbabimituic qpmzi − a opniam-uine adwestasz , uhe adwaouage ⎢⎡v ( ) it oegmigibme io . ♢

lo uhe miuesauvse, poe dituiogvithet beuxeeo lqh-gge aod lqh-gge . lo uhe lqh-gge eyqesineou, uhe auuacl it opu adaquiwe aod uhe adwestasz naz vte uhe decszquipo psacme pomz befpse beiog giweo uhe chammeoge. lo cpousatu, uhe abpwe lqh-gge eyqesineou ammpxt uhe adwestasz up adaqu uheis rvesiet up uhe chammeoge. gge tecvsiuz it tuspoges uhao gge tecvsiuz, aod gge tecvsiuz nptumz sefest up uhe gge eyqesineou. gge -tecvsiuz serviset opo-nammeabimiuz. ze taz a ciqhesueyu it nammeabme if ao adwestasz cao qspdvce a wamid ciqhesueyu ′ ≠ tvch uhau uhe cpssetqpodiog qmaioueyut aod ′ ase semaued. qpue uhau uanqesiog xiuh uhe ciqhesueyu dpet opu servise decszquipo. vuaodasd eyanqmet pf nammeabimiuz ase eocszquipo tchenet xhese liqqiog poe ciqhesueyu biu chaoget pomz poe qmaioueyu biu, e.g., a bmpcl ciqhes io gwu npde (tee heioiuipo . bempx).

2.8. Pseudorandom Generators uaodpnoett aod qtevdpsaodpnoett qmaz a fvodaneouam spme io cszqupgsaqhz, etqeciammz fps eocszquipo, bvu amtp fps puhes cszqupgsaqhic pqesauipot. e qtevdpsaodpn tusiog mpplt mile a voifpsn tusiog xiuhpvu beiog uhe pvuqvu pf a saodpn biu geoesaups (cpnqase vecuipo . ). e qtevdpsaodpn geoesaups it a deuesnioituic amgpsiuhn uhau tuseuchet a thpsu usvmz saodpn teed aod pvuqvut a mpog pvuqvu terveoce uhau aqqeast up be voifpsn saodpn. stevdpsaodpn geoesaupst ase batic bvimdiog bmpclt fps naoz cszqupgsaqhic cpotusvcuipot. heioiuipo . . oeu be a deuesnioituic qpmzopniam-uine amgpsiuhn uhau ualet ao ioqvu teed ∈ { , } aod pvuqvut a tusiog ( ) ∈ { , } ( ) , xhese (.) it a qpmzopniam aod ( ) > fps amm ∈ ℕ. wheo it cammed a qtevdpsaodpn geoesaups (qsg) if uhe pvuqvu caoopu be dituiogvithed fspn a voifpsn saodpn terveoce io qpmzopniam uine. gpotides uhe fpmmpxiog eyqesineou (tee Figvse . ): po ioqvu

a teed

← { , } $

aod a biu ← { , } ase chpteo voifpsnmz au saodpn. e qspbabimituic qpmzopniam-uine adwestasz pbuaiot , bvu lopxt oeiuhes ops . e chammeoges chpptet a voifpsn $

saodpn tusiog ← { , } ( ) . lf = uheo = it giweo up . ruhesxite, seceiwet = ( ). whe adwestasz usiet up dituiogvith beuxeeo uhe uxp catet aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. wheo uhe qsg-adwaouage pf it deioed at ⎢⎡v ( ) = | [ ′ = ] − [ ′ ≠ ] | . $

whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe teed , biu , tusiog aod saodpnoett pf .

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

it cammed a qtevdpsaodpn geoesaups if fps amm qspbabimituic qpmzopniam-uine dituiogvithes , uhe qsg-adwaouage it oegmigibme io .

ghammeoges

edwestasz

hituiogvith

′

←{ , } , $

← { , } ( ), = { $

←{ , } $

()

gpnqase aod pvuqvu ps

′

if if

,

= =

Figvse . . hituiogvithabimiuz eyqesineou fps a qtevdpsaodpn geoesaups .

uenasl . . e qtevdpsaodpn geoesaups it oewes a usvmz saodpn biu geoesaups! fecavte pf uhe eyqaotipo fspn meoguh up ( ) > , uhe ditusibvuipo pf pvuqvu wamvet caoopu be voifpsn. lo facu, naoz tusiogt pf meoguh ( ) dp opu pccvs io uhe inage pf tioce uhe dpnaio { , } it upp tnamm, bvu xiuh miniued setpvscet, uhe pvuqvu pf mpplt saodpn aod caoopu be dituiogvithed fspn a usvmz saodpn terveoce (tee Figvse . ).♢ whe cpotusvcuipo pf a qtevdpsaodpn geoesaups it a opo-usiwiam uatl. rbwipvt cpotusvcuipot, mile Xruiog tpne teed biut io psdes up qspdvce oex biut, dp opu xpsl tioce uhe geoesaued terveoce cao eatimz be dituiogvithed fspn a usvmz saodpn terveoce. whe pvuqvu nvtu be voqsedicuabme, i.e., a qpmzopniam-uine adwestasz xhp it giweo uhe istu � biut pf uhe pvuqvu, it voabme up qsedicu uhe (� + )tu biu xiuh a qspbabimiuz opuiceabmz highes uhao %. lo puhes xpsdt, uhe geoesaups nvtu qatt uhe oeyu-biu uetu. roe cao thpx uhe fpmmpxiog whepsen (tee [Gpm ], whepsen . . ): whepsen . . e geoesaups it qtevdpsaodpn if aod pomz if iu it voqsedicuabme io qpmzopniam uine. ♢ sspwiog uhau a qtevdpsaodpn geoesaups it voqsedicuabme it tusaighufpsxasd (tee iyescite ), bvu uhe pqqptiue disecuipo it hasdes. uenasl . . eo voqsedicuabme geoesaups it amtp cammed a cszqupgsaqhicammz tecvse qtevdpsaodpn ovnbes geoesaups (gvsuqj ps gsuqj). whese it a tuauituicam uetu tviue fps qtevdpsaodpn geoesaupst qspdvced bz uhe enesicao qlvw [uvN+ ], bvu opue uhau qattiog uhe cpnqmeue uetu bauuesz dpet opu qspwe uhe qtevdpsaodpnoett. ro uhe puhes haod, faimiog poe pf uhe uetut iodicauet uhau uhe geoesaups it opu qtevdpsaodpn (vomett uhe dewiauipo fspn uhe eyqecued setvmu it io uvso saodpn). ♢

. . stevdpsaodpn jeoesaupst

= ?

()

wsve

←{ , }( $

Famte

)

Figvse . . stevdpsaodpnoett: adwestasiet caoopu uemm uhe uxp catet aqasu if ase tecseu.

aod

whe pvuqvu pf a qtevdpsaodpn geoesaups cao be vted at a leztusean. oile uhe poeuine qad, Xruiog uhe qmaioueyu aod uhe leztusean deioet a iyed-meoguh eocszquipo tchene. whit uzqe pf tchene it cammed a tusean ciqhes. Fvsuhes deuaimt po tusean ciqhest cao be fpvod io ghaques . heioiuipo . . oeu (.) be a qpmzopniam. e qtevdpsaodpn geoesaups , xhich po ioqvu ∈ { , } qspdvcet ao pvuqvu terveoce ( ) ∈ { , } ( ) , deioet a iyed-meoguh eocszquipo tchene bz uhe fpmmpxiog cpotusvcuipo: whe lez geoesauipo amgpsiuhn

( ) ualet uhe tecvsiuz qasaneues

at ioqvu

aod pvuqvut a voifpsn saodpn lez ← { , } pf meoguh . veu ℳ = � = { , } ( ) . iocszquipo ℰ aod decszquipo � ase ideouicam aod ase deioed bz Xruiog uhe pvuqvu tusean ( ) xiuh uhe ioqvu daua: =ℰ ( )=

⊕ ( )

$

aod

= � ( ) = ⊕ ( ).

♢

whepsen . . lf it a qtevdpsaodpn geoesaups, uheo uhe attpciaued eocszquipo tchene hat iodituiogvithabme eocszquipot io uhe qseteoce pf ao eawetdspqqes (iey-tecvse). ssppf. ze pomz tleuch a qsppf bz sedvcuipo. Fps npse deuaimt xe sefes uhe seades up [no ].

vvqqpte uhe eocszquipo tchene it opu iey-tecvse; uheo uhese it a qpmzopniam-uine av amgpsiuhn xiuh a opo-oegmigibme adwaouage ⎢⎡v ( ) io uhe iey eyqesineou (tee heioiuipo . ). ze cpotusvcu ao adwestasz io uhe qsg dituiogvithabimiuz eyqesineou xhich vtet at a tvbspvuioe. pbuaiot a chammeoge tusiog pf meoguh ( ) aod hat up deuesnioe xheuhes xat geoesaued bz ps chpteo voifpsnmz. qpx svot , chpptet

a voifpsn biu ← { , } aod pbuaiot a qais , pf nettaget pf meoguh ( ) fspn . vvbterveoumz, giwet uhe chammeoge ⊕ up . Fioammz, pvuqvut ′ aod pbteswet xheuhes ps opu tvcceedt. uenenbes uhau xe attvned uhau dpet a gppd kpb io uhe $

. iocszquipo vchenet aod heioiuipot pf vecvsiuz iey eyqesineou, aod tp a cpssecu pvuqvu pf iodicauet uhau xat qspdvced bz uhe geoesaups . whesefpse, pvuqvut , i.e., gvettet uhau = ( ) if tvcceedt ( = ′ ). ruhesxite, pvuqvut , i.e., gvettet uhau it a saodpn tusiog.

lf ⎢⎡v ( ) it opo-oegmigibme, uheo ⎢⎡v ( ) it opo-oegmigibme, upp. Fvsuhesnpse, svot io qpmzopniam uine. whit cpousadicut pvs attvnquipo uhau it a qtevdpsaodpn geoesaups aod qspwet uhe uhepsen. □ av

qpx xe lopx uhau uhe cpotusvcuipo detcsibed io heioiuipo . hat a tecvsiuz gvasaouee, bvu a ditadwaouage it uhau uhe nettage meoguh ( ) it iyed fps a giweo tecvsiuz qasaneues . Fvsuhesnpse, uhe abpwe eocszquipo tchene it opu gse-tecvse (tioce iu it deuesnioituic) aod opu iey-tecvse fps nvmuiqme eocszquipot xiuh uhe tane teed ps lez (tee iyescite ). oile uhe poe-uine qad, uhe tane leztusean nvtu opu be se-vted fps uxp ps npse qmaioueyut. lo ghaques , xe ximm deam xiuh wasiabme-meoguh qtevdpsaodpn geoesaupst aod tusean ciqhest. whez uale a teed (ps lez) aod ao ioiuiami{auipo wecups at ioqvu, vte ao iouesoam tuaue aod secvstiwemz geoesaue at naoz pvuqvu biut at servised.

2.9. Pseudorandom Functions gse-tecvse tchenet ase pfueo bated po qtevdpsaodpn fvocuipot aod qesnvuauipot. fempx, xe mppl au uhe deioiuipo pf tvch a fanimz pf fvocuipot. gpotusvcuiog qtevdpsaodpn fvocuipot aod qesnvuauipot it a diicvmu uatl aod xe ximm hawe up xaiu vouim vecuipo . fps a cpocseue iotuaoce (eiv). ze cpotides a fanimz pf fvocuipot:

= ( )∶ � ×

→

,

xhese it a tecvsiuz qasaneues, � = { , } uhe teu pf lezt, = { , } ( ) uhe dpnaio, ( ) ={ , } uhe saoge aod (.), (.) ase qpmzopniamt io . ze tvqqpte uhau cao be cpnqvued io qpmzopniam uine. Fiyiog ∈ � ziemdt a fvocuipo ∶ → .

whe fanimz it cammed qtevdpsaodpn if uhe fvocuipot ∶ → aqqeas up be saodpn fps a qpmzopniam-uine adwestasz xhp lopxt uhe ioqvu-pvuqvu behawips pf , bvu it opu giweo uhe tecseu lez . lo puhes xpsdt, a qpmzopniam-uine adwestasz it opu abme up dituiogvith a qtevdpsaodpn fvocuipo fspn a usvmz saodpn fvocuipo.

wp tinqmifz uhe opuauipo xe attvne uhau uhe lez meoguh it (uhe tecvsiuz qasaneues) aod uhau uhe ioqvu aod pvuqvu meoguht ase ervam. ze xsiue ( ) = ( ) = aod beas io niod uhau deqeodt po . wheo = = { , } aod heioiuipo . . oeu

∶{ , } ×{ , } →{ , } .

be a qvbmic fanimz pf fvocuipot at pvumioed abpwe. gpotides uhe

fpmmpxiog eyqesineou (tee Figvse . ): po ioqvu

a saodpn lez

← � pf meoguh

aod a saodpn biu ← { , } ase chpteo. e qpmzopniam-uine adwestasz $

$

pbuaiot

, bvu

. . stevdpsaodpn Fvocuipot

lopxt oeiuhes ops . Fvsuhesnpse, a chammeoges chpptet a voifpsn saodpn fvocuipo ∶ { , } → { , } aod teut = if = aod = if = . whe adwestasz hat psacme accett up , i.e., cao chppte ioqvu wamvet aod pbuaio uhe pvuqvu pf . whe adwestasz usiet up iod pvu xhich fvocuipo xat vted aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. whe qsf-adwaouage pf it deioed at ⎢⎡v

( )=|

[

′

= ]−

[

′

≠ ] |.

whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe lez , biu , fvocuipo aod saodpnoett pf . ♢ lf uhe adwestasz it opu abme up dituiogvith beuxeeo uhete fvocuipot, uheo uhe adwaouage it cmpte up . stevdpsaodpn fvocuipot hawe uhe qspqesuz uhau uhe qsf-adwaouage it oegmigibme io . heioiuipo . . e lezed fvocuipo fanimz at detcsibed abpwe it cammed a qtevdpsaodpn fvocuipo (qsf) if, fps ewesz qspbabimituic qpmzopniam uine adwestasz , uhe qsfadwaouage ⎢⎡v ( ) it oegmigibme io . ♢ ghammeoges/rsacme

edwestasz

←{ , } , $

={ saodpn

ghppte

hituiogvith

⋮ ′

←{ , } $

= ( )

if if

= =

gpnqase aod pvuqvu ps

′

,

Figvse . . hituiogvithabimiuz eyqesineou fps a qtevdpsaodpn fvocuipo. whe adwestasz cao atl fps nvmuiqme wamvet pf .

stevdpsaodpnoett it a tuspog qspqesuz uhau caoopu be achiewed bz tinqme cpotusvcuipot. lo ghaques xe ximm tee uhau mioeas ps aioe fanimiet pf fvocuipot caoopu be qtevdpsaodpn (sspqptiuipo . ). uenasl . . e qtevdpsaodpn geoesaups cao be desiwed fspn a qtevdpsaodpn fvocuipo bz uhe fpmmpxiog cpotusvcuipo: chppte a voifpsn saodpn cpvoues aod teu ( ) = ( + ) ‖ ( + ) ‖ ( + ) ‖ …,

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

xhese it wiexed at ao ioueges aod addiuipo it dpoe npdvmp . locseneouiog uhe cpvoues ammpxt zpv up geoesaue pvuqvu pf (amnptu) asbiusasz meoguh. whe pqqptiue, i.e., cpotusvcuiog a qtevdpsaodpn fvocuipo fspn a qtevdpsaodpn geoesaups, it amtp qpttibme bvu npse emabpsaue. lo qsacuice, poe qsefest qtevdpsaodpn fvocuipot at a batic bvimdiog bmpcl. ♢ stevdpsaodpn qesnvuauipot ase ao inqpsuaou tqeciam cate pf qtevdpsaodpn fvocuipot. whez ase giweo bz a lezed fanimz pf qesnvuauipot: = ( )∶� ×

→

.

Fps aoz ∈ �, uhe fvocuipo ∶ → it a qesnvuauipo, i.e., it bikecuiwe. et abpwe, xe attvne uhau uhe lez meoguh it aod uhe tusiogt io ase pf meoguh ( ) = , i.e. � = { , } , = { , } aod ∶{ , } ×{ , } →{ , } .

e fanimz pf qesnvuauipot it cammed qtevdpsaodpn if qpmzopniam-uine adwestasiet ase opu abme up dituiogvith fspn a usvmz saodpn qesnvuauipo. whe fpmmpxiog deioiuipo it aoampgpvt up heioiuipo . . heioiuipo . . oeu

be a qvbmic fanimz pf qesnvuauipot. gpotides uhe fpmmpxiog

eyqesineou: po ioqvu a saodpn lez ← � pf meoguh aod a saodpn biu ← { , } ase geoesaued. e qpmzopniam-uine adwestasz pbuaiot , bvu lopxt oeiuhes ops . Fvsuhesnpse, a chammeoges chpptet a voifpsn saodpn qesnvuauipo pf { , } aod teut = if = . whe adwestasz hat psacme accett up , i.e., if = aod = cao chppte ioqvu wamvet aod pbuaio uhe pvuqvu pf . whe adwestasz usiet up iod pvu xhich fvocuipo xat vted aod pvuqvut a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. whe qsq-cqa-adwaouage pf it deioed at ⎢⎡v

$

−

a

( )=|

[

$

′

= ]−

[

′

≠ ]|.

whe qspbabimiuz it ualeo pwes amm saodpn wasiabmet io uhit eyqesineou, i.e., uhe lez , biu , qesnvuauipo aod saodpnoett pf . ♢ ze naz amtp giwe uhe adwestasz addiuipoam accett up uhe ioweste qesnvuauipo. heioiuipo . . e fanimz pf qesnvuauipot , at detcsibed abpwe, it cammed a qtevdpsaodpn qesnvuauipo (qsq) if, fps ewesz qspbabimituic qpmzopniam uine adwestasz , uhe − a qsq-cqa-adwaouage ⎢⎡v ( ) it oegmigibme io . lf adwestasiet amtp hawe psacme accett up uhe ioweste fvocuipo − (tee Figvse . ) aod uhe adwaouage it oegmigibme, uheo it taid up be a tuspog qtevdpsaodpn qesnvuauipo. ♢ uenasl . . e qtevdpsaodpn qesnvuauipo it amtp a qtevdpsaodpn fvocuipo. whe qsq aod qsf adwaouaget ase amnptu ideouicam if dpnaio aod saoge cpiocide, bvu uhese it poe ittve: tvqqpte xe xaou up vte a qtevdpsaodpn qesnvuauipo at a qtevdpsaodpn fvocuipo. vioce qesnvuauipot dp opu hawe aoz cpmmitipot (difeseou ioqvut nvtu

. . stevdpsaodpn Fvocuipot

ghammeoges/rsacme

edwestasz

←{ , } , $

={ saodpn

′

hituiogvith

$

if if

= ( )

ghppte

ghppte

←{ , }

′

′

′

⋮ ′

=

−

= =

( ′)

gpnqase aod pvuqvu ps

′

,

Figvse . . hituiogvithabimiuz eyqesineou fps a tuspog qtevdpsaodpn qesnvuauipo. whe adwestasz cao atl fps nvmuiqme wamvet pf aod − .

hawe difeseou pvuqvut), ao adwestasz nighu dituiogvith uhe qesnvuauipo fspn a saodpn fvocuipo bz cpnqvuiog naoz ioqvu-pvuqvu qaist aod teaschiog fps cpmmitipot. vvqqpte uhau uhe dpnaio it = { , } . fz uhe fisuhdaz sasadpy (tee sspqptiuipo . ), a saodpn fvocuipo ximm qspbabmz hawe cpmmitipot afues aspvod / tanqmet. kpxewes, a qpmzopniam-uine adwestasz it opu abme up checl ao eyqpoeouiam ovnbes pf wamvet. lo facu, uhe qsq/qsf txiuchiog menna [fu ] tuauet uhau uhe difeseoce beuxeeo uhe qsq aod qsf adwaouaget it oegmigibme. uenasl . . lo uhe eyqesineout fps qtevdpsaodpn fvocuipot aod qesnvuauipot, uhe tecseu lez it iyed aod ao adwestasz cao pomz pbuaio ioqvu-pvuqvu eyanqmet fps uhau lez. qpx, vodes a semaued-lez auuacl (une) uhez cao amtp tuvdz uhe ioqvu-pvuqvu behawips fps lezt , , … semaued up . lo ao une eyqesineou poe hat up tqecifz xhich lezt ase semaued. iyanqmet iocmvde lezt xiuh a iyed difeseoce Δ up , i.e. + Δ, ps uhe cpnqmeneoued lez , xhese amm lez biut ase liqqed. qpue uhau aod iut semaued lezt ase tuimm volopxo up ao adwestasz, bvu opx uhez cao atl uhe psacme up vte a semaued lez iotuead pf . whit giwet uhe adwestasz npse qpxes aod qtevdpsaodpnoett xiuh setqecu up a semaued-lez auuacl it tuspoges uhao uhe vtvam opuipo pf a qsq ps qsf. ze sefes uhe seades up [fn ] fps deuaimt. iyanqme . . vvqqpte a fvocuipo fanimz hat uhe fpmmpxiog cpnqmeneouauipo qspqesuz fps amm lezt aod ioqvu : ( )=

( ).

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

lf uhe psacme accequt uhe cpnqmeneoued lez at semaued up , uheo ao adwestasz cao eatimz dituiogvith fspn a saodpn fvocuipo tinqmz bz checliog uhe abpwe ervauipo. lu it lopxo uhau uhe fpsnes haua iocszquipo vuaodasd (hiv) hat uhe cpnqmeneouauipo qspqesuz aod uhe ciqhes it uhvt wvmoesabme up semaued-lez auuaclt. ♢ lo uhe oeyu tecuipo, xe eyqmaio hpx a qtevdpsaodpn qesnvuauipo cao be uvsoed ioup ao eocszquipo tchene. lo qsacuice, poe temecut a bmpcl ciqhes, fps eyanqme eiv (tee vecuipo . ), aod cpnbioet iu xiuh ao pqesauipo npde io psdes up pbuaio ao eocszquipo tchene. whe bmpcl ciqhes it npdemed up behawe at a qtevdpsaodpn qesnvuauipo. lu thpvmd be opued hpxewes uhau uhese it op hasd qsppf ps gvasaouee (bated po xemm-lopxo attvnquipot) uhau tvch a bmpcl ciqhes seammz it a qtevdpsaodpn qesnvuauipo. qvnbesuhepseuic poe-xaz qesnvuauipot cao be vted up deioe qtevdpsaodpn qesnvuauipot, bvu uhez ase mett eicieou aod ase pomz vted io qvbmic-lez cszqupgsaqhz (tee ghaques ).

2.10. Block Ciphers and Operation Modes fmpcl ciqhest ase a wesz inqpsuaou bvimdiog bmpcl pf npdeso eocszquipo tchenet. heioiuipo . . e fanimz pf qesnvuauipot

= ( )∶ { , } ×{ , } →{ , }

it taid up be a bmpcl ciqhes. it uhe tecvsiuz qasaneues aod uhe lez meoguh, aod { , } it uhe lez tqace. = ( ) it cammed uhe bmpcl meoguh. ♢

fmpcl ciqhest cao be uhpvghu pf at cpocseue iotuaocet pf fanimiet pf qtevdpsaodpn qesnvuauipot. iach lez ∈ { , } ziemdt a bikecuiwe fvocuipo ∶ { , } →{ , },

i.e., a qesnvuauipo pf { , } . nez aod bmpcl meoguht ase pfueo iyed ps setusicued up a fex wamvet, fps eyanqme = aod ∈ { , , }. qewesuhemett, tecvse bmpcl ciqhest thpvmd behawe at qtevdpsaodpn qesnvuauipot. e tqeciic eyanqme pf ao inqpsuaou bmpcl ciqhes (eiv) it tuvdied io vecuipo . . fmpcl ciqhest pomz eocszqu nettaget pf a iyed bmpcl meoguh , bvu uhe cpnbioauipo pf a bmpcl ciqhes aod ao pqesauipo npde deioet a wasiabme-meoguh eocszquipo tchene. fempx, xe qseteou igf, gfg aod gpvoues (gwu) npdet (tee [hxp ]). eddiuipoam npdet ase deamu xiuh io tvbterveou chaquest: rFf aod gFf npdet io vecuipo . aod uhe jgp npde io vecuipo . . heioiuipo . . (igf aod gfg npde) oeu

∶{ , } ×{ , } →{ , }

be a bmpcl ciqhes. ze deioe uxp wasiabme-meoguh tznneusic eocszquipo tchenet bated po . lo bpuh catet, uhe lez geoesauipo amgpsiuhn ( ) pvuqvut a voifpsn saodpn

lez

← { , } pf meoguh . e bioasz qmaioueyu nettage $

it tqmiu ioup bmpclt pf meoguh

. . fmpcl giqhest aod rqesauipo ppdet = ( ) aod a qaddiog nechaoitn it aqqmied, if uhe nettage meoguh it opu a nvmuiqme pf . e nettage pf meoguh cao be qadded bz aqqeodiog a fpmmpxed bz uhe oecettasz ovnbes pf {espt: … … . =

ze xsiue

‖

‖…‖

, xhese each

�

it a bmpcl pf meoguh .

• (igf npde) iach bmpcl it eocszqued teqasauemz vtiog �

=

(

�)

fps � = , , … ,

hecszquipo xpslt io a tinimas xaz: �

=

−

( � ) fps � = , , … ,

, aod = ℰ ( ) =

, aod

=� ( )=

• (uaodpni{ed gfg npde) eo ioiuiami{auipo wecups fpsnmz au saodpn fps each nettage. wheo deioe �

=

,

=

(

�

⊕

=ℰ ( )=

hecszquipo it deioed bz �

(tee Figvse . ).

=

−

�−

( �) ⊕

) fps � = , , … ,

‖ ‖ ‖…‖

=� ( )=

�−

‖

.

, tp uhau

‖ ‖…‖ ‖

‖…‖

.

.

← { , } it chpteo voi$

, aod

fps � = , , … , ‖…‖

aod ♢

Figvse . . iocszquipo aod decszquipo io gfg npde.

ze cao eatimz wesifz uhau uhe gfg npde hat cpssecu decszquipo: −

( �) ⊕

�−

=

−

(

(

�

⊕

�−

)) ⊕

�−

=

�

⊕

�−

⊕

�−

=

�.

whe igf npde hat a tusaighufpsxasd deioiuipo, bvu uhe npde uvsot pvu up be iotecvse aod thpvmd be awpided. whe tchene it deuesnioituic aod uhvt caoopu be gsetecvse. qeiuhes it uhe tchene iey-tecvse, tioce qmaioueyu qauuesot ase qseteswed. vvqqpte, fps eyanqme, uhau = ‖ ‖ ‖ ; uheo uhe ciqhesueyu hat uhe tane qauueso: = ‖ ‖ ‖ .

. iocszquipo vchenet aod heioiuipot pf vecvsiuz

gfg it a qpqvmas npde, xhich cao be gse-tecvse xheo qspqesmz aqqmied (tee whepsen . ). whe addiuipoam cpnqvuauipoam mpad, cpnqased up uhe igf npde, it wesz mpx. ro uhe puhes haod, eocszquipo io gfg npde caoopu be qasammemi{ed. iocszquipo tchenet cao amtp be bated po a fanimz pf fvocuipot xhich ase opu oecettasimz bikecuiwe. whe cpvoues npde detcsibed bempx it pfueo vted io qsacuice aod effecuiwemz uvsot a bmpcl ciqhes ioup a tusean ciqhes (tee ghaques ). heioiuipo . . (uaodpni{ed gwu npde) oeu

∶{ , } ×{ , } →{ , }

be a fanimz pf fvocuipot. ze deioe a wasiabme-meoguh tznneusic eocszquipo tchene bated po . whe lez geoesauipo amgpsiuhn ( ) pvuqvut a voifpsn saodpn lez

← { , } pf meoguh . e qmaioueyu nettage xhese uhe matu bmpcl cao be thpsues: $

=

‖

it tqmiu ioup bmpclt pf meoguh = ( ),

‖…‖

.

e voifpsn saodpn cpvoues ← { , } it chpteo aod wiexed at ao ioueges. Fps each bmpcl io uhe nettage, uhe cpvoues it iocseneoued (xhese addiuipo it dpoe npdvmp ) aod it aqqmied up uhe cpvoues. whe pvuqvu it vted at a leztusean aod uhe ciqhesueyu it pbuaioed bz Xruiog qmaioueyu aod uhe leztusean (tee Figvse . ): $

�

=

(

+ �) ⊕

=ℰ ( )=

�

fps � = , , … ,

‖ ‖ ‖…‖

.

aod

.

aod

hecszquipo it deioed bz Xruiog uhe ciqhesueyu aod uhe tane leztusean: �

=

(

+ �) ⊕

=� ( )=

‖

romz uhe istu (nptu tigoiicaou) biut pf uhe matu bmpcl it thpsues uhao biut.

�

fps � = , , … ,

(

‖…‖

+

) ase vted fps uhe Xru pqesauipo if ♢

Figvse . . iocszquipo io gwu npde. hecszquipo it amnptu ideouicam, xiuh qmaioueyu aod ciqhesueyu txaqqed.

whe abpwe gfg aod gwu npdet deioe saodpni{ed eocszquipo tchenet. whe ly vted io uhe gfg npde nvtu be chpteo voifpsnmz, xheseat uhe wamve io uhe gwu

. . fmpcl giqhest aod rqesauipo ppdet

npde cao amtp be a opoce wamve (ovnbes vted poce). ze opue uhau ly aod wamvet ase opu tecseu aod (xiuhpvu eocszquipo) becpne qasu pf uhe ciqhesueyu. whe fvmm ciqhesueyu cao pomz be secpwesed xiuh uhe ly ps wamve. uenasl . . whe gwu npde uvsot a bmpcl ciqhes ioup a tzochspopvt tusean ciqhes (tee heioiuipo . ). whe eocszqued cpvoues wamvet ase vted at a leztusean. Fps eocszquipo aod decszquipo, uhe qmaioueyu aod uhe ciqhesueyu it Xrued xiuh uhe leztusean. whese ase uxp puhes pqesauipo npdet, uhe giqhes Feedbacl ppde (gFf) aod uhe rvuqvu Feedbacl ppde (rFf) uhau amtp geoesaue a leztusean. whete uxp npdet aod tusean ciqhest io geoesam ase ditcvtted io ghaques . ♢ whe fpmmpxiog uxp whepsent . aod . tuaue uhau gwu aod gfg npdet achiewe tecvsiuz vodes gse if uhe tchene vtet a qtevdpsaodpn fanimz pf fvocuipot ps qesnvuauipot. whepsen . . lf it a qtevdpsaodpn fvocuipo fanimz, uheo uhe saodpni{ed gwu npde hat iodituiogvithabme eocszquipot vodes a chpteo qmaioueyu auuacl, i.e., uhe eocszquipo tchene it lqh-gse tecvse.

ssppf. whe attesuipo hat a qsppf bz sedvcuipo. oeu be ao adwestasz io uhe gse ioditi − a uiogvithabimiuz eyqesineou (tee heioiuipo . ). ze xaou up thpx uhau ⎢⎡v ( ) it oegmigibme if it a qtevdpsaodpn qesnvuauipo. ze cpotusvcu ao amgpsiuhn svooiog io uhe qsf eyqesineou (tee heioiuipo . ), xhich vtet at a tvbspvuioe. vinimasmz at io uhe qsppf pf whepsen . , ualet uhe

spme pf ’t chammeoges io uhe gse eyqesineou. geoesauet a saodpn biu ← { , } aod setqpodt up ’t eocszquipo rvesiet. vp oeedt up eocszqu nettaget io gwu npde. qpx, tioce svot io uhe qsf eyqesineou, hat accett up a fvocuipo ∶ { , } → { , } xhich it eiuhes uhe qtevdpsaodpn fvocuipo ps a saodpn fvocuipo. vtet up eocszqu nettaget pf asbiusasz meoguh io gwu npde, aod xe deopue uhe attpciaued saodpni{ed eocszquipo fvocuipo bz ℰ . lf teodt uhe psacme rvesz , uheo setqpodt xiuh ℰ ( ). hvsiog uhe eyqesineou, teodt a qais ( , ) pf qmaioueyut aod seuvsot uhe chammeoge ciqhesueyu ℰ ( ). Fioammz, pvuqvut ′ aod pbteswet xheuhes ps opu tvcceedt. whe setvmu it vted up aotxes uhe chammeoge io uhe qsf eyqesineou: pvuqvut if = ′ , aod puhesxite. $

whe svooiog uine pf it qpmzopniam aod it giweo bz uhe tvn pf ’t svooiog uine aod uhe uine up eocszqu uhe qmaioueyut chpteo bz . qpue uhau ’t tusauegz it up pbteswe aod up pvuqvu , i.e., up gvett uhau it uhe qtevdpsaodpn fvocuipo if xat tvccettfvm.

⎢⎡v

qpx xe xaou up qspwe uhau ’t adwaouage it cmptemz semaued up ’t adwaouage, tp uhau − a ( ) it oegmigibme if ⎢⎡v ( ) it oegmigibme.

i

. iocszquipo vchenet aod heioiuipot pf vecvsiuz vioce it ao adwestasz io uhe qsf eyqesineou, dpet opu lopx xheuhes iut chammeoges hat chpteo = saodpn ps = . ze cpotides bpuh catet:

( ) lf it a saodpn fvocuipo, uheo tvcceedt, i.e., pvuqvut if aod pomz if faimt. whe tigo it opu semewaou aod uhe adwaouaget pf aod ase ideouicam. whe gwu npde eocszquipo it tinimas up a poe-uine qad aod uhe adwaouage pf aod it , vomett uhe cpvoues wamvet pwesmaq, i.e., a cpvoues wamve vted up cpnqvue uhe chammeoge ciqhesueyu pwesmaqt xiuh au meatu poe cpvoues io uhe setqpotet up ’t rvesiet. lo uhit cate, uhe adwestasz lopxt a leztusean bmpcl aod cao eatimz aotxes uhe chammeoge. oeu be ao vqqes bpvod po uhe ovnbes pf bmpclt io ’t chpteo qmaioueyut aod , uhe ovnbes pf rvesiet aod uhe ovnbes pf bmpclt io uhe rvesiet. oeu be uhe ioiuiam cpvoues wamve vted up cpnqvue uhe chammeoge ciqhesueyu. Fps a tiogme rvesz aod a chpteo qmaioueyu pf au nptu bmpclt, pomz ioiuiam cpvoues wamvet ′ xiuh | − ′ | < cao setvmu io ao pwesmaq. whit ioervamiuz it tauitied fps − wamvet pf ′ . lf uhe ovnbes pf rvesiet it au nptu , uheo ao pwesmaq pccvst fps mett uhao wamvet. vioce uhe ioiuiam cpvoues wamvet ase chpteo voifpsnmz fspn { , } , xe pbuaio [rwesmaq]
. iach tueq pf uhe xhime mppq hat svooiog uine (⎱iz⎢( ) ⎱iz⎢( )), xhese

. . gpogsveocet

it uhe cvsseou ioueges rvpuieou. vioce uhe qspdvcu pf amm rvpuieout it mett uhao ps ervam up , uhe amgpsiuhn svot io uine (⎱iz⎢( ) ). e npse seioed asgvneou thpxt uhau uhe svooiog uine it (⎱iz⎢( ) ⎱iz⎢( )).

3.2. Congruences gpogsveocet aod setidve cmattet npdvmp xese amseadz deamu xiuh io ghaques (tee iyanqme . ). oeu ≥ be a qptiuiwe ioueges. uecamm uhe deioiuipo pf uhe fpmmpxiog erviwameoce semauipo po ℤ: = {( , ) ∈ ℤ × ℤ |

−

∈

ℤ}.

keoce ( , ) ∈ if uhe difeseoce − it diwitibme bz . irviwameou emeneout aod ase cammed cpogsveou npdvmp aod xe xsiue = ps ≡ npd . whe teu pf erviwameoce cmattet it deopued bz ℤ ps ℤ/( ) aod cpouaiot emeneout. ℤ it amtp cammed uhe teu pf setidve cmattet npd ps iouegest npd (tee Figvse . ). −

Figvse . . uetidve cmattet npdvmp .

wxp iouegest aod ase cpogsveou npd if uhez hawe uhe tane senaiodes xheo uhez ase diwided bz . rbwipvtmz, if = + aod = + xiuh , ∈ { , , … , − }, uheo − = ( − ) + ( − ). keoce aod ase cpogsveou npd if aod pomz if − = . lo puhes xpsdt, ≡ npd hpmdt if uhe ioueges diwitipot ∶ aod ∶ hawe uhe tane senaiodes. qpue uhau ao ioueges ∈ ℤ it pomz poe seqseteouauiwe pf uhe setidve cmatt ∈ ℤ , xhich cpouaiot ioioiuemz naoz cpogsveou emeneout. whe tuaodasd seqseteouauiwet pf ℤ ase , , … , − , bvu puhes seqseteouauiwet ase amtp qesniuued. imeneout io ℤ cao

. imeneouasz qvnbes whepsz be added, tvbusacued aod nvmuiqmied bz chpptiog ao asbiusasz seqseteouauiwe io ℤ. lu it pfueo seatpoabme up chppte uhe tuaodasd seqseteouauiwe befpse aod afues each tueq pf a cpnqvuauipo io psdes up sedvce uhe ti{e pf ovnbest. iyanqme . . ( )

⋅

( ) eo eyanqme vtiog vagepauh:

⋅

npd

≡ ⋅ ⋅ ≡

npd .

sage: mod (782637846 ,8927289) 5963703

( ) kpx xpvmd zpv cpnqvue npd xiuh a tinqme qpcleu camcvmaups? whe seam diwitipo ∶ giwet aqqspyinauemz . , aod tp uhe ioueges rvpuieou it . ze cpnqvue − ⋅ aod geu uhe senaiodes . emuesoauiwemz, xe nvmuiqmz uhe fsacuipoam qasu . bz aod amtp pbuaio , vq up a tnamm spvodiog essps. ♢ ppdvmas addiuipo, tvbusacuipo aod nvmuiqmicauipo it tusaighufpsxasd vtiog aoz ioueges seqseteouauiwe, aod uheo thpxiog uhau uhe setvmu dpet opu deqeod po uhe chpteo seqseteouauiwe. whe diwitipo pf setidve cmattet it npse usiclz. vioce npd nighu be cpofvted xiuh uhe sauipoam ovnbes , xe sauhes xsiue if ( npd

( npd

) ⋅ ( npd

)− eyitut. e opo{esp ioueges ≡

)−

it iowesuibme npdvmp npd

hat a tpmvuipo ∈ ℤ. lo uhit cate, it a seqseteouauiwe pf ( npd uhau uhe npdvmas ioweste, if iu eyitut, it voirvemz deuesnioed. iyanqme . . hpet uhe setidve cmatt ( npd ibme npdvmp ? vioce uhe ervauipo ≡

if uhe ervauipo )− . roe cao thpx

)− eyitu ? lo puhes xpsdt, it iowesu-

npd

it tpmwed bz = , xe iod uhau ( npd )− ≡ npd . qpue uhau uhe setvmu it oeiuhes ∈ ℚ ops uhe ioueges rvpuieou ps senaiodes pf ∶ . ♢

zheo dpet uhe nvmuiqmicauiwe ioweste npdvmp cpnqvue iu?

eyitu aod hpx cao xe eicieoumz

sspqptiuipo . . oeu ≥ be a qptiuiwe ioueges aod ∈ ℤ a opo{esp ioueges. wheo npd hat a nvmuiqmicauiwe ioweste if aod pomz if g⎠⎡( , ) = . e seqseteouauiwe pf ( npd )− cao be eicieoumz cpnqvued vtiog uhe iyueoded ivcmideao emgpsiuhn.

ssppf. uvooiog uhe iyueoded ivcmideao emgpsiuhn po ioqvu aod giwet uhe pvuqvu iouegest g⎠⎡( , ), aod tvch uhau g⎠⎡( , ) =

+

.

. . ppdvmas iyqpoeouiauipo lf g⎠⎡( , ) = , uheo ≡ npd , aod tp it a seqseteouauiwe pf ( npd )− . gpowestemz, if it iowesuibme npdvmp , uheo = + ⇔ − = fps tpne , ∈ ℤ. whit inqmiet g⎠⎡( , ) ∣ , xhich it pomz qpttibme if g⎠⎡( , ) = . □

heioiuipo . . whe iowesuibme iouegest npdvmp ase cammed voiut npd . whe tvbteu pf voiut pf ℤ it deopued bz ℤ∗ . ivmes’t -fvocuipo (ps �-fvocuipo) it deioed bz uhe casdioamiuz pf uhe voiut npd , i.e., ( ) = |ℤ∗ |. iyanqme . . ( ) ℤ∗ = { , , , } aod ( ) = fpmmpxt: −

= ,

−

= ,

−

= ,

. whe ioweste emeneout ase at

−

= .

whe iowestet cao be cpnqvued xiuh uhe iyueoded ivcmideao emgpsiuhn. lf xe uale uhe ioqvu wamvet = aod = , uheo xe pbuaio g⎠⎡( , ) = , = − aod = , tauitfziog uhe ervauipo = ⋅ (− ) + ⋅ . keoce ( npd )− ≡ − ≡ npd . ( ) oeu

be a qsine ovnbes; uheo ℤ∗ = { , , … ,

− } aod ( ) =

− .

3.3. Modular Exponentiation whe eyqpoeouiauipo pf setidve cmattet qmazt ao inqpsuaou spme io tewesam cszqupgsaqhic amgpsiuhnt. whe eyqpoeou cao be wesz masge aod naz hawe io qsacuice npse uhao bioasz digiut. e tusaighufpsxasd cpnqvuauipo pf npdvmas qpxest it ioeicieou ps eweo cpnqmeuemz inqpttibme. fempx, xe eyqmaio uhe fatu eyqpoeouiauipo amgpsiuhn fps setidve cmattet. whe amgpsiuhn it bated po uhe fpmmpxiog pbteswauipo: meu = be a qpxes pf . wheo npd

= ((((

npd

) npd

) npd

) … ) npd

,

) xhese uhe trvasiog it iuesaued uinet. Fps eyanqme, ( npd cao be cpnqvued xiuh pomz npdvmas trvasiog pqesauipot, eweo uhpvgh it a hvge ovnbes. efues each trvasiog, poe ualet uhe setvmu npdvmp io psdes up sedvce uhe ti{e pf iouegest.

Wasoiog . . fspn ( ) = .

it opu uhe tane at

. lo facu,

=

(

)

, aod uhit it difeseou ♢

lf uhe eyqpoeou it opu a qpxes pf , uheo iu cao tuimm be xsiuueo at a tvn pf qpxest pf . whit giwet a qspdvcu pf facupst . whe bioasz seqseteouauipo pf uhe eyqpoeou deuesnioet xheuhes ps opu a facups it qseteou io uhe qspdvcu.

. imeneouasz qvnbes whepsz

iyanqme . . npd terveoce pf trvaset:

≡

≡

≡

whe iouesnediaue setvmu

=

. ze hawe

≡

=

≡

≡

npd ≡

≡

+

+

npd

,

,

npd

≡

npd

≡

npd

,

,

aod cpnqvue uhe fpmmpxiog

.

thpvmd be tupsed xheo cpnqvuiog ⋅

⋅ ≡

⋅ ⋅ ≡

npd

.

. wheo

keoce iwe rvadsauvset aod uxp npdvmas nvmuiqmicauipot ase oeeded. vagepauh vtet uhe fvocuipo power_mod: sage: power_mod (6 ,41 ,59) 8

sspqptiuipo . . oeu , , ∈ ℕ. whe cpnqvuauipo pf uhe npdvmas qpxes npd serviset au nptu ⎱iz⎢( ) − rvadsauvset aod ⎱iz⎢( ) − nvmuiqmicauipot npdvmp , if uhe fatu eyqpoeouiaupo amgpsiuhn it vted. whe upuam ovnbes pf npdvmas nvmuiqmicauipot it bpvoded abpwe bz ⎱iz⎢( ). whe cpnqmeyiuz pf npdvmas eyqpoeouiauipot it (⎱iz⎢( ) ). ♢

vioce uhe cpnqmeyiuz pf a tiogme npdvmas nvmuiqmicauipo it (⎱iz⎢( ) ), uhe cpnqmeyiuz pf a npdvmas eyqpoeouiauipo it (⎱iz⎢( ) ). whit it qpmzopniam io ⎱iz⎢( ), bvu tigoiicaoumz tmpxes uhao amgpsiuhnt xiuh mioeas ps rvadsauic svooiog uine. whesefpse, poe usiet up awpid upp naoz eyqpoeouiauipot io qsacuice. emgpsiuhnt uhau vte npdvmas qpxest (fps eyanqme uve aod hiie-kemmnao) ase opu aqqmied up bvml daua tioce uhez ase upp tmpx.

Wasoiog . . zheo cpnqvuiog npd , uhe eyqpoeou nvtu opu be sedvced npd . Fps eyanqme = ≡ npd , xhich it difeseou fspn = npd . kpxewes, xe ximm maues tee (sspqptiuipo . ) uhau a sedvcuipo npd ( ) it qpttibme (i.e., npd io uhit eyanqme tp uhau ≡ = npd ) aod hemqt up sedvce uhe ti{e pf uhe eyqpoeou. Fvsuhesnpse, a sedvcuipo pf uhe bate npd it ammpxed. Fps eyanqme, ≡ = npd . ♢ whe fatu eyqpoeouiauipo cao be tmighumz pquini{ed xiuh uhe trvase-aod-nvmuiqmz amgpsiuhn (tee emgpsiuhn . ).

iyescitet iyanqme . . = (((( ) ⋅ ) ) ) ⋅ . whe cpnqvuauipo it a terveoce pf trvasiogt (vt) aod nvmuiqmicauipot (pxow): vt, vt, pxow, vt, vt, vt, pxow. et abpwe, xe oeed rvadsauvset aod nvmuiqmicauipot, bvu io a difeseou psdes. whe eyacu psdes deqeodt po uhe bioasz seqseteouauipo pf uhe eyqpoeou. eo adwaouage pf uhit amgpsiuhn it uhau iouesnediaue setvmut dp opu oeed up be tupsed. emgpsiuhn . vrvase-aod-pvmuiqmz emgpsiuhn loqvu: fate ∈ ℕ aod eyqpoeou rvuqvu: npd loiuiamitauipo: = : fps � = − dpxoup dp : = npd : if ℎ� = uheo : = ⋅ npd : eod if : eod fps : seuvso

= ∑�= ℎ�

�

xiuh ℎ� ∈ { , } aod

3.4. Summary

≥ .

• iwesz opo{esp ioueges cao be decpnqpted ioup a qspdvcu pf qsine ovnbest aod a tigo. • whe iyueoded ivcmideao emgpsiuhn ualet uxp iouegest at ioqvu aod pvuqvut uheis gseauetu cpnnpo diwitps aod uxp puhes vtefvm iouegest. • whese ase difeseou setidve cmattet npdvmp . whez ase amtp cammed iouegest npdvmp . • uetidve cmattet cao be added, tvbusacued aod nvmuiqmied. eo ioueges cao be iowesued npdvmp if uhe gseauetu cpnnpo diwitps pf uhau ioueges aod it ervam up . • whese eyitu eicieou amgpsiuhnt fps uhe emeneouasz asiuhneuic pqesauipot (addiuipo, nvmuiqmicauipo, diwitipo, euc.) po iouegest aod setidve cmattet. • Fatu eyqpoeouiauipo aod trvase-aod-nvmuiqmz ase eicieou amgpsiuhnt up cpnqvue a npdvmas qpxes.

Exercises

. zhich pf uhe fpmmpxiog setidve cmattet ase ideouicam io ℤ : , , − ,

,

?

. imeneouasz qvnbes whepsz . iovnesaue uhe emeneout pf ℤ∗ aod giwe ( ). Fiod uhe ioweste pf each emeneou io ℤ∗ .

. sesfpsn tpne emeneouasz npdvmas pqesauipot xiuh vagepauh. oeu = , = aod = . (a) Fiod uhe qsine facups decpnqptiuipo pf , aod . xte uhe factor cpnnaod. (b) gpnqvue + npd , npd , npd , vtiog mod(..,..) aod power_mod(..,..,..). (c) ese ps iowesuibme npdvmp ? zhz ps xhz opu? gpnqvue ( npd )− ps ( npd )− , vtiog mod(1/..,..). (d) ese aod semauiwemz qsine? zhz ps xhz opu? . uvo uhe iyueoded ivcmideao emgpsiuhn po ioqvu

=

aod

=

) aod (

).

.

. xte uhe iyueoded ivcmideao emgpsiuhn up cpnqvue uhe nvmuiqmicauiwe ioweste pf ∈ ℤ∗ . . oeu

be a qsine ovnbes aod

∈ ℕ. Fiod (

), (

. zsiue a fvocuipo xhich eyanioet uhe qsinamiuz pf amm pesteooe ovnbest

fps


at tnamm at qpttibme tvch uhau aod ( ) ase semauiwemz qsine. (c) gpnqvue uhe qsiwaue uve lez = ( npd ( ))− . (d) vvqqpte uhau = + + it a giweo qmaioueyu. gpnqvue uhe uve ciqhesueyu = npd . (e) hecszqu uhe ciqhesueyu bz cpnqvuiog npd aod cpnqase uhe setvmu xiuh uhe qmaioueyu . wiq: vagepauh dituiogvithet beuxeeo setidve cmattet aod iouegest. xte ZZ(d) up usaotfpsn fspn a setidve cmatt ioup ao ioueges.

. zsiue a vagepauh fvocuipo xhich geoesauet , pdd saodpn iouegest mett uhao , checlt uheis qsinamiuz aod cpvout uhe ovnbes pf qsinet. xte uhe vagepauh fvocuipo ZZ.random_element(N) up geoesaue a qptiuiwe saodpn ioueges mett uhao . gpnqase uhe ovnbes pf qsinet xiuh uhe eyqecued ovnbes vtiog uhe ssine qvnbes whepsen. wiq: eo pdd saodpn ioueges mett uhao cao be geoesaued bz ∗(ZZ.random_element( ))+ . wetu uhe qsinamiuz xiuh uhe fvocuipo is_pseudoprime.

iyescitet

. gpnqvue npd (a) vtiog fatu eyqpoeouiauipo aod (b) vtiog uhe trvase-aod-nvmuiqmz amgpsiuhn. kpx naoz npdvmas trvasiogt aod nvmuiqmicauipot ase oecettasz?

. heuesnioe uhe nayinvn ovnbes pf npdvmas trvasiogt aod nvmuiqmicauipot uhau ase oeeded up cpnqvue npd if ⎱iz⎢( ) = ⎱iz⎢( ) = .

Chapter 4

Algebraic Structures

ppdeso cszqupgsaqhz vtet opu pomz ditcseue nauhenauict aod emeneouasz ovnbes uhepsz, bvu amtp amgebsaic tusvcuvset tvch at abemiao gspvqt, qpmzopniam siogt, rvpuieou siogt aod ioiue iemdt. xodestuaodiog ioiue abemiao gspvqt aod ioiue iemdt it csvciam, aod uhete amgebsaic upqict thpvmd opu be vodesetuinaued. vecuipo . deamt xiuh gspvqt aod, io qasuicvmas, ioiue abemiao gspvqt. ze ximm tee uhau ioiue abemiao gspvqt ase qspdvcut pf czcmic gspvqt. uiogt aod iemdt ase ditcvtted io vecuipo . . Fioiue iemdt ase vted io naoz cszqupgsaqhic cpotusvcuipot, aod io vecuipo . , xe cpotusvcu iemdt xiuh emeneout. ze add a secaqiuvmauipo pf mioeas aod aioe naqt io vecuipo . . whe cpoueout pf uhit chaques cao be fpvod io aoz ueyubppl po abtusacu amgebsa, aod xe sefes uhe seades fps eyanqme up [vhp ].

4.1. Groups jspvqt ase anpog uhe nptu fvodaneouam nauhenauicam tusvcuvset. e gspvq it a teu xiuh a bioasz pqesauipo xhich tauitiet tewesam qspqesuiet. heioiuipo . . e gspvq

it a teu upgeuhes xiuh a max pf cpnqptiuipo ∘∶

×

→

tvch uhau uhe fpmmpxiog qspqesuiet ase tauitied: • Fps amm , ,

∈

poe hat ( ∘ ) ∘ =

• whese it ao ideouiuz emeneou ∈ emeneou).

∘ ( ∘ ) (attpciauiwe max).

tvch uhau ∘ = ∘ = fps amm ∈

(ideouiuz

. emgebsaic vusvcuvset • Fps ewesz ∈ emeneout).

uhese it ao ioweste emeneou

∈

whe gspvq it cammed abemiao ps cpnnvuauiwe if fps amm , (cpnnvuauiwe max).

xiuh ∘ ∈

=

∘

, poe hat

= (ioweste ∘

=

∘

♢

whe abpwe deioiuipo vtet ∘ fps uhe cpnqptiuipo pf emeneout. lo pvs aqqmicauipot, uhe cpnqptiuipo it eiuhes addiuipo ps nvmuiqmicauipo, aod xe xsiue + (qmvt) ps ⋅ (dpu). whe ideouiuz emeneou it deopued bz (addiuiwe cate) ps (nvmuiqmicauiwe cate). eccpsdiogmz, uhe ioweste emeneou pf it deopued bz − io uhe addiuiwe cate aod bz − io uhe nvmuiqmicauiwe cate. iyanqme . . ( ) (ℤ, +) it ao addiuiwe abemiao gspvq. ( ) (ℝ ⧵ { }, ⋅) it a nvmuiqmicauiwe abemiao gspvq. ( ) (ℤ , +) it ao addiuiwe abemiao gspvq xiuh

emeneout.

( ) (ℤ , ⋅) it a nvmuiqmicauiwe abemiao gspvq xiuh ( ) emeneout (tee heioiuipo . ). ze senpwed amm opo-voiut fspn ℤ up eotvse uhau amm emeneout ase iowesuibme. qpue uhau uhe iowestet ase agaio setidve cmattet, opu sauipoam ovnbest ! ∗

( ) oeu be a qsine. wheo (ℤ∗ , ⋅) it a nvmuiqmicauiwe abemiao gspvq xiuh − emeneout (tee iyanqme . ).

( ) oeu aod be gspvqt; uheo uhe disecu qspdvcu × it amtp a gspvq, cpotituiog pf amm uvqmet ( , ) xiuh ∈ aod ∈ . whe gspvq pqesauipo it deioed cpnqpoeou-xite. ppse geoesammz, poe hat uhe qspdvcu gspvqt ×⋯×

aod

=

×⋯× .

uenasl . . iyanqmet pf opo-cpnnvuauiwe gspvqt iocmvde uhe gspvq pf qesnvuauipot pf a teu (xiuh cpnqptiuipo pf naqqiogt) aod uhe gspvq pf iowesuibme nausicet (xiuh nausiy nvmuiqmicauipo). whe tusvcuvse pf uhete gspvqt cao be wesz cpnqmicaued. ♢ ze xaou up semaue difeseou gspvqt aod cpotides naqt uhau setqecu uhe gspvq tusvcuvse.

heioiuipo . . oeu ∶ → be a naq beuxeeo uxp gspvqt , . wheo it cammed a gspvq hpnpnpsqhitn if ( ∘ ′ ) = ( ) ∘ ( ′ ) fps amm , ′ ∈ . e bikecuiwe gspvq hpnpnpsqhitn it cammed ao itpnpsqhitn. wheo xe taz uhau it itpnpsqhic up aod xsiue ≅ . ♢ lu it eatz up thpx uhau uhe ioweste naq hpnpnpsqhitn aod heoce ao itpnpsqhitn.

−

pf ao itpnpsqhitn

it amtp a gspvq

Wasoiog . . e bikecuipo beuxeeo uxp gspvqt dpet opu inqmz uhau uhez ase itpnpsqhic! Fps eyanqme, uhese it a bikecuipo beuxeeo ℤ × ℤ aod ℤ (tioce bpuh gspvqt hawe emeneout), bvu uhez ase opu itpnpsqhic (tee iyanqme . bempx).

. . jspvqt

iyanqme . . ( ) whe oauvsam qspkecuipo naq a gspvq hpnpnpsqhitn, tioce (

rbwipvtmz,

+

)=(

+

) npd

=(

∶ ℤ → ℤ xiuh ( ) = npd

)+(

).

npd

it opu iokecuiwe aod uhesefpse opu ao itpnpsqhitn.

( ) whe seweste naq ∶ ℤ → ℤ xiuh ( ) = , xhese ∈ { , , … , tuaodasd seqseteouauiwe, it opu a hpnpnpsqhitn, tioce fps eyanqme bvu ( +

( ) oeu

( )+ ( − )= +( − )= ,

− )= ( )= .

= (ℤ , +) = { , , , } aod ∶

→

npd

it

− } it uhe

= (ℤ∗ , ⋅) = { , , , }. whe naq

, ( npd ) =

npd

it xemm deioed, tioce ≡ ≡ npd tp uhau uhe setvmu dpet opu deqeod po a seqseteouauiwe pf npdvmp . lu deioet a hpnpnpsqhitn, tioce ((

npd ) + (

npd )) =

+

npd

=(

npd ) ⋅ (

npd ).

whe eyqmiciu naqqiog it giweo bz ( ) = , ( ) = , ( ) = aod ( ) = . keoce it a bikecuipo aod deioet a gspvq itpnpsqhitn (ℤ , +) ≅ (ℤ∗ , ⋅).

heioiuipo . . oeu be a gspvq. e tvbgspvq pf it a tvbteu pf , xhich cpouaiot uhe ideouiuz emeneou aod it cmpted vodes uhe max pf cpnqptiuipo aod ioweste. ♢ whit cao be cpnbioed ioup poe erviwameou cpodiuipo: sspqptiuipo . .

it a tvbgspvq pf a gspvq

if aod pomz if

−

∈

fps amm , ∈

.

iyanqme . . ( ) oeu = (ℝ ⧵ { }, ⋅). wheo uhe teu pf tusicumz qptiuiwe ovnbest = (ℝ+ , ⋅) fpsnt a tvbgspvq pf tioce uhe nvmuiqmicauiwe ioweste pf a qptiuiwe emeneou it qptiuiwe aod uhe qspdvcu pf uxp qptiuiwe ovnbest it agaio qptiuiwe. whe opo{esp iouegest (ℤ⧵{ }, ⋅) dp opu fpsn a tvbgspvq pf , becavte uhe ioweste emeneout (xiuh uhe eycequipo pf aod − ) ase opu iouegest. ( ) oeu = (ℤ, +) aod = ℤ be uhe teu pf amm ioueges nvmuiqmet pf ao addiuiwe tvbgspvq pf .

. wheo

it ♢

whe fpmmpxiog tuaueneou it eatz up thpx.

sspqptiuipo . . oeu ∶ → be a gspvq hpnpnpsqhitn. whe lesoem pf , i.e., uhe teu { ∈ | ( ) = }, xhese it uhe ideouiuz emeneou io , it a tvbgspvq pf . Fvsuhesnpse, uhe inage � ( ) it a tvbgspvq pf . ♢ iach gspvq emeneou geoesauet a tvbgspvq:

heioiuipo . . oeu be a gspvq aod ∈ ; uheo uhe teu ⟨ ⟩ = { | ∈ ℤ} it cammed uhe tvbgspvq geoesaued bz . qpue uhau xe vted uhe nvmuiqmicauiwe opuauipo. Fps ao addiuiwe gspvq, xe xpvmd xsiue ⟨ ⟩ = { ⋅ | ∈ ℤ} iotuead. ♢

. emgebsaic vusvcuvset whe tvbgspvq ⟨ ⟩ it io facu a czcmic gspvq (tee heioiuipo . deioe uhe psdes pf a gspvq aod uhe psdes pf emeneout:

bempx). qeyu, xe

heioiuipo . . oeu be a gspvq; uheo uhe psdes pf uhe gspvq it deioed up be uhe ovnbes | | pf emeneout io (ps ioioiuz) aod deopued bz ⎭⎰⎡( ). qpx meu ∈ . wheo uhe psdes pf uhe emeneou it deioed bz uhe psdes pf uhe tvbgspvq ⟨ ⟩ geoesaued bz , i.e., ⎭⎰⎡( ) = ⎭⎰⎡(⟨ ⟩). ♢ ze sefes up [vhp ] fps a qsppf pf uhe fpmmpxiog uhepsen.

whepsen . . (oagsaoge) vvqqpte uhe psdes pf diwidet uhe psdes pf :

lf

it a ioiue gspvq aod

⎭⎰⎡( ) ∣ ⎭⎰⎡( ).

be a ioiue gspvq aod

∈

⎭⎰⎡( ) ∣ ⎭⎰⎡( ).

ze pbuaio ivmes’t whepsen:

whepsen . . (ivmes’t whepsen) oeu

♢

; uheo uhe gspvq psdes it diwitibme bz ♢

be a ioiue gspvq aod ( )

= .

ssppf. oeu be uhe tnammetu qptiuiwe ioueges tvch uhau ⎭⎰⎡( ), tioce ⟨ ⟩ hat eyacumz ⎭⎰⎡( ) emeneout. keoce (

) =

( )

=

∈

; uheo

= . lu fpmmpxt uhau

∈ ℕ. wheo uhe attesuipo fpmmpxt fspn gpspmmasz . .

ivmes’t whepsen it pfueo tuaued fps . ), xe pbuaio fps aoz

it a tvbgspvq. wheo

= ⟨ ⟩, uheo uhe whepsen pf oagsaoge inqmiet:

gpspmmasz . . oeu uhe emeneou psdes:

fps aoz

⊂

∈ ℤ xiuh g⎠⎡( , ) = . lf

fps aoz ioueges

�( )

≡

= □

= ℤ∗ . vioce ⎭⎰⎡(ℤ∗ ) = ( ) (tee heioiuipo npd

it a qsine ovnbes , uheo poe hat

−

≡

npd

xhich it opu a nvmuiqme pf . whit inqmiet Fesnau’t oiuume whepsen: ≡

npd

.

whit npdvmas ervauipo hpmdt fps aoz qsine ovnbes

aod ioueges .

ivmes’t whepsen thpxt hpx uhe eyqpoeou cao be sedvced io a npdvmas eyqpoeouiauipo.

. . jspvqt

sspqptiuipo . . oeu

ssppf. fz attvnquipo, − ≡ npd .

∈ ℤ, , −

,

∈ ℕ aod attvne uhau

≡

npd

≡

.

( ). wheo

npd

it a nvmuiqme pf ( ). wheo ivmes’t whepsen inqmiet □

qpue uhau uhe eyqpoeou cao be sedvced npdvmp ( ), bvu opu npdvmp zasoiog . ). . vioce ( ) =

iyanqme . . gamcvmaue npd pbuaio ≡ = ≡ npd .

≡

aod

(cpnqase

npd

, xe ♢

qpx xe ximm tuvdz ao inqpsuaou uzqe pf gspvq, uhe czcmic gspvqt. ∈

heioiuipo . . oeu be a gspvq aod gspvq aod xe taz it a geoesaups pf .

. lf ⟨ ⟩ =

whe emeneout pf a czcmic gspvq xiuh geoesaups ase ⟨ ⟩ = {… ,

−

,

−

, , ,

,

, …,

−

lf a czcmic gspvq hat ioiue psdes , uheo = , − = − , − = − , … (tee Figvse . ). keoce ⟨ ⟩ ={ , , −

=

Figvse . . gzcmic gspvq pf psdes

+

}.

, uheo

, … }. = ,

geoesaued bz .

+

it cammed a czcmic ♢

=

, … aod amtp

. emgebsaic vusvcuvset iyanqme . . ( ) (ℤ , +) it geoesaued bz , i.e., ℤ = ⟨ ⟩. keoce ℤ it a czcmic gspvq pf psdes . ( ) (ℤ, +) it a czcmic gspvq pf ioioiue psdes aod ℤ = ⟨ ⟩ = ⟨− ⟩.

♢

lo facu, poe cao thpx uhau amm czcmic gspvqt ase itpnpsqhic up eiuhes (ℤ , +) ps (ℤ, +). sspqptiuipo . . oeu be a czcmic gspvq. lf ⎭⎰⎡( ) = , uheo ⎭⎰⎡( ) = ∞, uheo it itpnpsqhic up ℤ.

it itpnpsqhic up ℤ . lf

ssppf. oeu = ⟨ ⟩. ze vte uhe nvmuiqmicauiwe opuauipo fps . lf hat ioioiue psdes, uheo ∶ ℤ → xiuh ( ) = deioet ao itpnpsqhitn fspn uhe addiuiwe gspvq (ℤ, +) up . lf ⎭⎰⎡( ) = , uheo ∶ ℤ → , ( npd ) = giwet ao itpnpsqhitn. □

iyanqme . . (ℤ∗ , ⋅) it geoesaued bz npd aod it czcmic pf psdes . ze hawe teeo abpwe (iyanqme . ) uhau ( npd ) = npd giwet ao itpnpsqhitn beuxeeo uhe addiuiwe gspvq ℤ aod uhe nvmuiqmicauiwe gspvq ℤ∗ . keoce uxp gspvqt uhau mppl difeseou naz tuimm be itpnpsqhic. ♢ kpx cao poe iod ps wesifz geoesaupst pf a ioiue czcmic gspvq? lf uhe gspvq it masge, uheo iu it ioeicieou ps eweo cpnqvuauipoammz inqpttibme up cpnqvue uhe terveoce pf qpxest , , , … aod up checl xheuhes amm emeneout pf pccvs. ze cao vte uhe fpmmpxiog pbteswauipo up giwe a npse eicieou neuhpd: tvqqpte uhau ⎭⎰⎡( ) = . lf it opu a geoesaups, uheo ⎭⎰⎡( ) it tusicumz mett uhao aod diwidet fps tpne qsine facups pf . lo uhit cate, xe hawe / = . keoce xe pomz oeed up checl uhe qpxest / fps amm qsine facupst pf . lf amm qpxest ase difeseou fspn uhe ideouiuz emeneou, uheo ⎭⎰⎡( ) = aod it a geoesaups.

whe fpmmpxiog emgpsiuhn . ualet a ioiue czcmic gspvq , uhe gspvq psdes aod ao emeneou ∈ at ioqvu aod pvuqvut wuxi if it a geoesaups aod puhesxite Feovi. emgpsiuhn . jeoesaups pf a gzcmic jspvq

loqvu: gzcmic gspvq pf psdes ∈ ℕ, ideouiuz emeneou aod rvuqvu: wuxi, if ⎭⎰⎡( ) = . ruhesxite, seuvso Feovi. loiuiamitauipo: setvmu=wuxi : fps each qsine facups pf dp : = / : if = uheo : setvmu=Feovi : bseal : eod if : eod fps : seuvso setvmu

∈

.

. . jspvqt iyanqme . . oeu = ℤ∗ . ze xaou up checl xheuhes = npd it a geoesaups pf . vioce it a qsine, xe hawe ⎭⎰⎡( ) = . whe facupsi{auipo = ⋅ ziemdt uhe qsine facupst aod . roe cpnqvuet / = = npd aod / = ≡ npd . ze cpocmvde uhau uhau = it a geoesaups pf . lu amtp fpmmpxt uhau = hat psdes aod uhe psdes pf = it .

qpx cpotides ℎ = npd ; uheo ≡ npd aod ℎ ≡ npd . keoce it opu a geoesaups pf . vioce ⎭⎰⎡(ℎ) diwidet ⎭⎰⎡( ) = , uhe psdes pf ℎ nvtu be , , ps . fecavte ℎ ≡ npd aod ℎ ≡ npd ase opu cpogsveou up , xe cpocmvde uhau ⎭⎰⎡(ℎ) = .

heioiuipo . . e geoesaups pf uhe nvmuiqmicauiwe gspvq ℤ∗ it cammed a qsiniuiwe sppu npdvmp . ♢ whe fpmmpxiog whepsen tuauet uhau qsiniuiwe spput npdvmp qsine ovnbest eyitu.

whepsen . . oeu be a qsine; uheo ℤ∗ it a czcmic gspvq pf psdes pf qsiniuiwe spput it ( − ).

− . whe ovnbes ♢

whese ase tewesam (opo-usiwiam) qsppft pf uhit uhepsen. qpue uhau uhese ase cesuaio cpnqptiue ovnbest, fps eyanqme = , tvch uhau ℤ∗ dpet opu qpttett a qsiniuiwe sppu. iyanqme . . oeu = . ze vte vagepauh up cpnqvue emeneou psdest io ℤ∗ aod up iod a qsiniuiwe sppu. Fistu, xe wesifz uhau it qsine aod facupsi{e − . sage: p =2535301200456458802993406412663; is_prime (p); factor (p -1) True 2 * 1267650600228229401496703206331

whe qsine facupst pf − ase aod = . keoce ⎭⎰⎡( ) ∈ { , , , − } fps amm ∈ ℤ∗ . rbwipvtmz, pomz ≡ hat psdes aod pomz ≡ − hat psdes . whe puhes setidve cmattet hawe eiuhes qsine psdes ps nayinam psdes = − . lf ≡ npd , uheo ⎭⎰⎡( ) = . ruhesxite, ⎭⎰⎡( ) = − aod it a qsiniuiwe sppu. Fps eyanqme, ⎭⎰⎡( npd ) = aod ⎭⎰⎡( npd ) = − . sage: q =1267650600228229401496703206331 power_mod (3,q,p) 1 sage: power_mod (7,q,p) 2535301200456458802993406412662

whe ghioete uenaiodes whepsen qspwidet a decpnqptiuipo pf czcmic gspvqt.

whepsen . . (ghioete uenaiodes whepsen) oeu , g⎠⎡( , ) = . veu = . wheo uhe oauvsam naq

∈ ℕ be semauiwemz qsine, i.e., ∶ ℤ → ℤ × ℤ , giweo bz

. emgebsaic vusvcuvset ( npd ) = ( npd , diuiwe gspvqt:

npd ), it xemm deioed aod giwet ao itpnpsqhitn pf adℤ ≅ℤ ×ℤ .

whe setusicuipo pf uhit naq up uhe gspvq pf voiut ziemdt ao itpnpsqhitn pf nvmuiqmicauiwe gspvqt: ℤ∗ ≅ ℤ∗ × ℤ∗ . ssppf. ze qspwe uhe itpnpsqhitn pf uhe addiuiwe gspvqt. vioce aod diwide , uhe naq it xemm deioed. lu fpmmpxt fspn uhe deioiuipo pf uhau uhe naq it a hpnpnpsqhitn. vioce ℤ aod ℤ × ℤ bpuh cpouaio = emeneout, iu tvicet up qspwe uhe tvskecuiwiuz. oeu ( npd , npd ) ∈ ℤ ×ℤ . ze oeed up iod ao emeneou ∈ ℤ tvch uhau ≡ npd aod ≡ npd . vioce g⎠⎡( , ) = , uhe iyueoded ivcmideao emgpsiuhn giwet , ∈ ℤ tvch uhau + = . whit ervauipo inqmiet ≡ npd aod ≡ npd . qpx xe teu wheo lf

≡

≡

npd

aod

=

≡

+

≡

aod ase difeseou qsine ovnbest aod

.

npd , at detised. =

□

, uheo

ℤ ≅ ℤ × ℤ aod ℤ∗ ≅ ℤ∗ × ℤ .

Fvsuhesnpse, xe pbuaio ( ) = ( ) ( ) = ( − )( − ). whete gspvqt qmaz ao inqpsuaou spme io uhe uve amgpsiuhn (tee vecuipo . ). uenasl . . whe ghioete uenaiodes whepsen amtp hpmdt usve fps npse uhao uxp facupst if uhe facupst ase qaisxite semauiwemz qsine. iyanqme . . oeu = = ⋅ ⋅ . wheo uhe ghioete uenaiodes whepsen giwet uhe fpmmpxiog decpnqptiuipot pf ℤ : ℤ

≅ℤ ×ℤ

≅ℤ ×ℤ ×ℤ .

fvu opue uhau ℤ it opu itpnpsqhic up ℤ × ℤ . fpuh gspvqt hawe psdes , bvu uhe istu gspvq it czcmic xhime uhe tecpod it opu. ♢

gzcmic gspvqt fpsn uhe naio bvimdiog bmpcl io uhe cmattiicauipo pf asbiusasz ioiue abemiao gspvqt. whepsen . . (Fvodaneouam whepsen pf ebemiao jspvqt) oeu be a ioiue abemiao gspvq. wheo it itpnpsqhic up a disecu qspdvcu pf czcmic gspvqt ℤ pf psdes , xhese it a qsine ovnbes aod ∈ ℕ. whe tane qsine cao aqqeas io tewesam facupst. ssppf. eccpsdiog up sspqptiuipo . , czcmic gspvqt pf psdes vvqqpte = ⋯

ase itpnpsqhic up ℤ .

. . uiogt aod Fiemdt

it uhe qsine facupsi{auipo pf . wheo uhe ghioete uenaiodes whepsen inqmiet ℤ ≅ℤ

×⋯×ℤ

.

lu senaiot up thpx uhau ewesz ioiue abemiao gspvq it a qspdvcu pf czcmic gspvqt (tee fps iotuaoce [vhp ]). □ iyanqme . . ( ) oeu be ao abemiao gspvq pf psdes itpnpsqhic up ℤ aod it czcmic.

. wheo

≅ ℤ ×ℤ .

it

( ) vvqqpte it ao abemiao gspvq pf psdes . wheo it eiuhes itpnpsqhic up ℤ × ℤ ps up ℤ × ℤ × ℤ . qpue uhau uhete uxp gspvqt ase opu itpnpsqhic. whe istu gspvq it czcmic aod uhe tecpod gspvq it opu czcmic.

4.2. Rings and Fields uiogt ase teut xiuh uxp pqesauipot: heioiuipo . . e siog (ps, npse qsecitemz, a cpnnvuauiwe siog xiuh voiuz) it a teu xiuh uxp pqesauipot (addiuipo + aod nvmuiqmicauipo ⋅) aod uhe fpmmpxiog qspqesuiet: • ( , +) it ao abemiao gspvq xiuh uhe addiuiwe ideouiuz emeneou .

• ( , ⋅) tauitiet uhe attpciauiwe max, it cpnnvuauiwe aod hat ao ideouiuz emeneou deopued bz . whe eyitueoce pf ao ioweste emeneou it opu servised.

•

⋅ ( + ) = ( ⋅ ) + ( ⋅ ) fps amm , , ∈

(ditusibvuiwiuz).

iyanqme . . whe iouegest ℤ aod ℤ , uhe iouegest npdvmp , fpsn a siog xiuh setqecu up addiuipo aod nvmuiqmicauipo pf iouegest aod setidve cmattet, setqecuiwemz. ♢ paqt beuxeeo siogt uhau ase cpnqauibme xiuh addiuipo aod nvmuiqmicauipo ase cammed siog hpnpnpsqhitnt.

heioiuipo . . oeu ∶ → cammed a siog hpnpnpsqhitn if ( ) ( ) ( )

be a naq beuxeeo uhe siogt

aod

. wheo

it

( + ) = ( ) + ( ) fps amm , ∈ , aod ( ⋅ ) = ( ) ⋅ ( ) fps amm , ∈ , aod

( )= .

e bikecuiwe siog hpnpnpsqhitn it cammed ao itpnpsqhitn, aod poe xsiuet iyanqme . . oeu , ∈ ℕ be semauiwemz qsine aod naiodes whepsen . giwet a siog itpnpsqhitn ℤ ≅ℤ ×ℤ .

=

≅

.

. wheo uhe ghioete ue-

heioiuipo . . oeu be a siog. wheo uhe tvbteu pf iowesuibme emeneout xiuh setqecu up nvmuiqmicauipo it cammed uhe voiut pf aod it deopued bz ∗ . whe voiut fpsn ao abemiao gspvq. ♢

. emgebsaic vusvcuvset

heioiuipo . geoesami{et heioiuipo . iouegest npdvmp .

xhese xe deioed uhe voiut ℤ∗ pf uhe

iyanqme . . ℤ∗ = {− , }. whit gspvq it itpnpsqhic up uhe addiuiwe gspvq ℤ .

♢

gmeasmz, uhe addiuiwe ideouiuz emeneou ∈ it opu nvmuiqmicauiwemz iowesuibme, bvu if amm puhes emeneout pf ase iowesuibme, uheo it cammed a iemd.

heioiuipo . . e iemd ⧵ { }.

it a siog xhese amm opo{esp emeneout ase voiut, i.e.,

iyanqme . . ℚ, ℝ aod ℂ ase iemdt, bvu ℤ it opu a iemd.

∗

=

heioiuipo . . oeu be a iemd aod ⊂ . lf it a iemd xiuh setqecu up uhe iemd pqesauipot iohesiued fspn , uheo xe taz uhau it a tvbiemd pf ps it a iemd eyueotipo pf . ♢ lu it ewideou uhau a iemd eyueotipo . po wecups tqacet).

pf

it amtp a wecups tqace pwes

(tee vecuipo

heioiuipo . . oeu be a iemd eyueotipo pf . lf uhe dineotipo pf pwes (at a -wecups tqace) it ioiue aod ervam up , uheo it cammed uhe degsee pf uhe iemd eyueotipo aod xe xsiue [ ∶ ] = . iyanqme . . ( ) ℝ it a tvbiemd pf ℂ. Fvsuhesnpse, ℂ it a wecups tqace pwes ℝ aod [ℂ ∶ ℝ] = . e batit it giweo bz aod �, xhese � ∈ ℂ it uhe inagioasz voiu. ( ) ℝ it a iemd eyueotipo pf ℚ, bvu uhe degsee it ioioiue.

♢

whe fpmmpxiog tecuipo deamt xiuh ioiue iemdt aod uheis eyueotipot.

4.3. Finite Fields ze ase qasuicvmasmz iouesetued io ioiue iemdt. e oauvsam caodidaue it uhe siog pf iouegest npdvmp , bvu uhit pomz giwet a iemd if it a qsine ovnbes: sspqptiuipo . . oeu

≥ . wheo (ℤ , +, ⋅) it a iemd if aod pomz if it a qsine ovnbes.

ssppf. vvqqpte it qsine. wheo uhe iouegest , , … , − ase semauiwemz qsine up aod heoce iowesuibme npdvmp (tee sspqptiuipo . ). gpowestemz, if uhete ovnbest ase iowesuibme aod uhesefpse semauiwemz qsine up , uheo hat op opo-usiwiam diwitpst aod nvtu be a qsine ovnbes. □

Wasoiog . . lo amgebsaic ovnbes uhepsz, uhe siog pf -adic iouegest it deopued bz ℤ . whit ioioiue siog it uhe -adic cpnqmeuipo pf ℤ aod opu oeeded io pvs cpoueyu. lo cszqupgsaqhz, ℤ tuaodt fps uhe ioiue czcmic gspvq pf psdes aod ℤ it uhe ioiue czcmic gspvq pf qsine psdes . kpxewes, ℤ/( ) = ℤ/ ℤ aod ℤ/( ) = ℤ/ ℤ it a cmeases opuauipo.

. . Fioiue Fiemdt

heioiuipo . . oeu be a qsine ovnbes; uheo xe xsiue (ℤ , +, ⋅) xiuh emeneout.

( ) ps � fps uhe iemd

iyanqme . . whe bioasz digiut { , } fpsn a iemd xhich it itpnpsqhic up xhese addiuipo it Xru aod nvmuiqmicauipo it eqh (tee wabme . io ghaques ).

( ), ♢

whese ase siogt pf aoz ioiue psdes (fps eyanqme ℤ ), bvu uhit it opu uhe cate fps iemdt: sspqptiuipo . . oeu qpxes.

be a ioiue iemd pf psdes ; uheo it a qsine ovnbes ps a qsine-

ssppf. oeu be uhe nvmuiqmicauiwe ideouiuz emeneou io . fz attvnquipo, ⎭⎰⎡( ) = aod uhesefpse ⋅ = io . eu meatu poe qsine facups pf nvtu be {esp io , i.e., ⋅ = io , becavte puhesxite amm qsine facupst ase iowesuibme, xhich it inqpttibme tioce uheis qspdvcu it . whit inqmiet uhau ( ) it a tvbiemd pf . lo facu, ( ) it uhe inage pf uhe siog hpnpnpsqhitn ℤ → uhau teodt ∈ ℤ up ∈ . fz heioiuipo . , it a iemd eyueotipo aod uhvt a wecups tqace pwes ( ). vioce it a ioiue iemd, uhe degsee pf pwes ( ) nvtu be ioiue, taz [ ∶ ( )] = . keoce ⎭⎰⎡( ) = , xhich qspwet uhe attesuipo. □ heioiuipo . . oeu be a iemd. whe chasacuesituic pf it deioed up be uhe tnammetu qptiuiwe ioueges tvch uhau ⋅ = io . lf ⋅ ≠ io fps amm opo{esp iouegest , uheo it taid up hawe chasacuesituic . whe chasacuesituic pf a iemd it deopued bz ℎ ( ).

iyanqme . . ℎ (ℚ) = ℎ (ℝ) = ℎ (ℂ) = . Fps a qsine ovnbes , ℎ ( = .

( )) ♢

kpxewes, ( ) it opu uhe pomz iemd pf chasacuesituic , aod io uhe fpmmpxiog xe cpotusvcu iemdt pf psdes fps qsinet aod iouegest ≥ . xofpsuvoauemz, uhe oaiwe cpotusvcuipot dp opu xpsl: emeneout, bvu opu a iemd (cpnqase sspqptiuipo . ). Fps • ℤ it a siog xiuh eyanqme, it opo{esp bvu opu iowesuibme npdvmp tioce g⎠⎡( , ) = .

• ℤ = ℤ × ⋯ × ℤ xiuh cpnqpoeou-xite addiuipo aod nvmuiqmicauipo it a siog xiuh emeneout, bvu opu a iemd (tee iyescite ). ♢ (

lo facu, uhe cpotusvcuipo pf a iemd serviset qpmzopniam siogt.

) pf psdes

it a biu npse iowpmwed aod

heioiuipo . . oeu be a iemd. wheo [ ] it cammed uhe teu (ps siog) pf qpmzopniamt pwes aod cpotitut pf amm fpsnam eyqsettipot ( )=∑ �=

�

�

=

+

+

+⋯+

,

. emgebsaic vusvcuvset xhese � ∈ aod ≥ it ao ioueges. whe degsee ⎡⎢g( ) pf it ervam up whe degsee pf cpotuaou qpmzopniamt it . e qpmzopniam it cammed npoic if spmzopniamt cao be added aod nvmuiqmied io uhe pbwipvt xaz.

sspqptiuipo . . whe qpmzopniamt ( [ ], +, ⋅) pwes iyanqme . . oeu , cpnqvue ( )+ ( )=( + ( )⋅ ( )=( + =

+

+

+

+

∈

( )[ ] xiuh ( ) =

)+( + )( + +

+

)

)= + +

=

+

+

+ ,

+

fpsn a siog. +

+

aod ( ) = .

qpue uhau [ ] it opu a iemd, tioce qpmzopniamt pf degsee ≥ nvmuiqmicauiwemz.

if ≠ . = . ♢ +

. ze

♢ caoopu be iowesued

fvu xe hawe a diwitipo xiuh senaiodes. oeu ( ), ( ) ∈ [ ] xiuh ( ) ≠ . wheo uhe diwitipo ( ) ∶ ( ) giwet a rvpuieou ( ) ∈ [ ] aod a senaiodes ( ) ∈ [ ] tvch uhau ( ) = ( ) ( ) + ( ) aod ⎡⎢g( ) < ⎡⎢g( ). rbwipvtmz, ( ) diwidet ( ) if aod pomz if uhe senaiodes it .

iyanqme . . oeu ( ) = + + + + + aod ( ) = + + be qpmzopniamt io ( )[ ]. whe rvpuieou pf ( ) ∶ ( ) it ( ) = , uhe senaiodes it ( ) = + + aod xe hawe ao ervauipo +

+

+

+

+ =

vagepauh cao dp uhete camcvmauipot: sage: sage: sage: sage: sage: sage: x^2

(

+

+ )+(

+

+ ).

R. = PolynomialRing (GF (2) ,x) f = x^6+x^5+x^3+x^2+x+1 g = x^4+x^3+1 q= f // g r= f % g print q, r, q*g+r x^3 + x + 1 x^6 + x^5 + x^3 + x^2 + x + 1

heioiuipo . . oeu ( ), ( ) ∈ [ ] be opo{esp qpmzopniamt. wheo uhe gseauetu cpnnpo diwitps g⎠⎡( , ) it uhe npoic qpmzopniam pf highetu qpttibme degsee uhau diwidet ( ) aod ( ). ♢

whe gseauetu cpnnpo diwitps (gcd) pf qpmzopniamt cao be eicieoumz cpnqvued vtiog uhe iyueoded ivcmideao emgpsiuhn, aoampgpvt up uhe g⎠⎡ pf iouegest (tee emgpsiuhn . io ghaques ). whe ioueges diwitipo it seqmaced bz uhe diwitipo pf qpmzopniamt xiuh

. . Fioiue Fiemdt

senaiodes. whe iyueoded ivcmideao emgpsiuhn ualet uxp qpmzopniamt aod at ioqvu aod pvuqvut ( , ) ampog xiuh uxp qpmzopniamt ( ) aod ( ) tvch uhau ( , ) = ( ) ( ) + ( ) ( ).

whe g⎠⎡ pf aod hat uhe fpmmpxiog qspqesuz: if ℎ( ) diwidet ( ) aod ( ), uheo ℎ( ) diwidet g⎠⎡( , ). iyanqme . . ze cpnqvue g⎠⎡( g⎠⎡(

( (

+ ,

+ )=

+ ,

+ ) pwes

+ = ⋅(

wabme . . gpnqvuauipo pf g⎠⎡(

+ ) ∶ ( + ) = sen. + + ) ∶ ( + ) = ( + ) sen.

+ )−

+ ,

( (

( ) (tee wabme . ) aod pbuaio

+ )=

⋅(

+ .

+ ).

+ )= ⋅( + )+( + ) + )=( + )⋅( + )+

whese it a fpsnam desiwauiwe pf qpmzopniamt:

heioiuipo . . whe fpsnam desiwauiwe it a naq ∶ [ ] → [ ] deioed bz ( − , aod a -mioeas eyueotipo up asbiusasz qpmzopniamt: (

+

−

−

=

io

+

∈ ℕ aod ( ) =

iyanqme . . oeu tioce

+⋯+

( )=

( ).

)=

−

+

−

∈

+( − )

−

( )[ ]. wheo

−

+⋯+

+ = ,

.

♢

roe cao thpx uhau uhe desiwauiwe tauitiet uhe qspdvcu svme (tee iyescite ( ⋅ )=

)=

⋅ ( )+ ( )⋅ .

):

qpue uhau dpet opu hawe a gepneusic iouesqseuauipo at io uhe seam cate. kpxewes, uhe desiwauiwe cao deuecu dpvbme spput pf qpmzopniamt.

sspqptiuipo . . oeu ( ) ∈ [ ] aod attvne uhau g⎠⎡( , ( )) = . wheo ( ) it trvase-fsee, i.e., iu it opu diwitibme bz uhe trvase pf aoz qpmzopniam pf degsee au meatu . lo qasuicvmas, ( ) it opu diwitibme bz ( − ) fps aoz ∈ aod dpet opu hawe dpvbme spput. ssppf. vvqqpte uhau xiuh ⎡⎢g( ) ≥ ; uheo

it opu trvase-fsee aod

( )=

( )ℎ +

keoce it a cpnnpo facups pf

(ℎ) =

=

ℎ fps qpmzopniamt , ℎ ∈

( )ℎ +

(ℎ).

aod ( ), a cpousadicuipo up g⎠⎡( , ( )) = .

[ ]

iyanqme . . oeu ∈ ℕ aod ( ) = + ∈ ( )[ ] (tee abpwe). vioce g⎠⎡( , ( )) = , uhe qpmzopniam dpet opu hawe nvmuiqme spput. ♢ □

. emgebsaic vusvcuvset

qpx xe deioe setidve cmattet pf qpmzopniam siogt:

heioiuipo . . oeu ∈ [ ] be a qpmzopniam xiuh ⎡⎢g( ) ≥ . wheo ( ) deioet ao erviwameoce semauipo po [ ]: ( )∼

( ) if

( )−

( ) = ( ) ( ) fps tpne ( ) ∈ [ ].

irviwameou qpmzopniamt aod ase cammed cpogsveou npdvmp ( ) aod xe xsiue ( ) ≡ ( ) npd ( ). whe teu pf erviwameoce cmattet ps setidve cmattet npdvmp ( ) it deopued bz [ ]/( ( )). ♢

wxp qpmzopniamt aod ase cpogsveou npdvmp if aod pomz if uhez hawe uhe tane senaiodes xheo diwided bz ( ). qpue uhau uhe deioiuipo it tinimas up setidve cmattet npdvmp ao ioueges , bvu hese uhe cpotusvcuipo it bated po uhe qpmzopniam siog [ ] iotuead pf uhe siog pf iouegest ℤ. whe setidve cmattet npdvmp ( ) fpsn opu pomz a teu, bvu amtp a siog:

sspqptiuipo . . oeu ∈ [ ] aod = ⎡⎢g( ) ≥ . wheo [ ]/( ( )) it agaio a siog cammed a rvpuieou siog, facups siog ps setidve cmatt siog, xiuh uhe pqesauipot iodvced bz [ ]. iach setidve cmatt hat a voirve tuaodasd seqseteouauiwe pf degsee mett uhao . ssppf. whe siog tusvcuvse cao be eatimz wesiied. whe tuaodasd seqseteouauiwe cao be fpvod bz diwitipo xiuh senaiodes. oeu ( ) ∈ [ ] be aoz seqseteouauiwe pf a setidve cmatt. ze diwide ( ) bz ( ) aod pbuaio qpmzopniamt ( ), ( ) tvch uhau ( ) = ( ) ( ) + ( ),

xhese ⎡⎢g( ) < . whe ervauipo inqmiet ( ) ≡ ( ) npd ( ), xhese ( ) it uhe tuaodasd seqseteouauiwe. □ iyanqme . . ze cpouiove iyanqme . . whe diwitipo xiuh senaiodes inqmiet +

+

+

+

whesefpse, uhe cmattet pf + + cmatt siog ( )[ ]/( + + ).

+ ≡

+

+

+

+ + aod

npd

+

+ .

+ + ase ervam io uhe setidve

uenasl . . whe cpotusvcuipo pf setidve cmattet cao be tuvdied io a npse geoesam cpoueyu. oeu be a siog. eo ideam ⊂ it ao addiuiwe tvbgspvq xiuh uhe qspqesuz uhau ⋅ ∈ fps amm ∈ aod ∈ . Fps aoz ideam pf a siog poe hat uhe rvpuieou siog / . wxp emeneout , ∈ ase erviwameou aod ideouiied io / if − ∈ .

ze cpotidesed qpmzopniam siogt = [ ] aod qsiociqam ideamt = ( ( )) geoesaued bz a tiogme qpmzopniam ( ) ∈ [ ]. lf = ℤ aod = ( ), uheo uhe rvpuieou / deioet uhe iouegest npdvmp , i.e., ℤ/( ) = ℤ . sspqptiuipo . . oeu be a qsine aod ∈ ( )[ ] a qpmzopniam pf degsee ; uheo uhe rvpuieou siog ( )[ ]/( ( )) hat emeneout.

. . Fioiue Fiemdt ssppf. whe emeneout pf ( )[ ]/( ( )) ase io bikecuipo xiuh uhe qpmzopniamt io ( )[ ] pf degsee mett uhao (tee sspqptiuipo . ). vvch qpmzopniamt ase giweo bz cpeicieout io ( ). keoce uhe ovnbes pf emeneout io uhe rvpuieou siog it . □

whe qpmzopniam siog [ ] hat tinimas qspqesuiet up ℤ xiuh setqecu up facupsi{auipo. spmzopniamt cao be decpnqpted ioup a qspdvcu pf qpmzopniamt aod uhe facupsi{auipo it etteouiammz voirve. whe qsine ovnbest io ℤ cpssetqpod up issedvcibme qpmzopniamt io [ ]. heioiuipo . . e qpmzopniam ( ) ∈ [ ] it cammed issedvcibme, if iu caoopu be facupsed ioup uxp qpmzopniamt pf tnammes degsee. ruhesxite, uhe qpmzopniam it cammed sedvcibme. ♢

lssedvcibme qpmzopniamt io [ ] dp opu qpttett aoz {espt ∈ , tioce puhesxite a mioeas facups ( − ) cao be tqmiu pf. whe cpoweste tuaueneou pomz hpmdt fps degsee ≤ . whese ase qpmzopniamt pf degsee ≥ xiuhpvu {espt xhich ase sedvcibme (tee iyanqme . ( ) bempx). iyanqme . . ( )

( )

( ) ( )

( )=

( ) it amtp sedvcibme pwes

+ it issedvcibme io ℝ[ ], bvu sedvcibme io ℂ[ ]: + = ( − �)( + �). ( ), tioce

+ = ( + ) io

( )[ ].

( ) = + + it issedvcibme io ( )[ ]. ettvne uhau ( ) it sedvcibme. wheo ( ) facupsi{et ioup uxp mioeas facupst pf uzqe ( − ), xhich it inqpttibme tioce ( ) dpet opu hawe a sppu io ( ) (opue uhau ( ) = aod ( ) = ).

( ) = + it issedvcibme pwes npdvmp .

( ) = + + hat op {espt pwes keoce ( ) it sedvcibme.

( )[ ], tioce ( ), ( ) aod ( ) ase opo{esp ( ), bvu ( ) = (

wabme . mitut uhe issedvcibme qpmzopniamt pwes

+ + ) io

( ) pf degsee vq up .

( )[ ].

iyanqme . . oeu ( ) = + + + + ∈ ( )[ ]. whit qpmzopniam it vted bz uhe eiv bmpcl ciqhes (tee vecuipo . ). ze vte vagepauh up wesifz uhau ( ) it issedvcibme: sage: R. = PolynomialRing (GF (2) ,x) sage: g=x^8+x^4+x^3+x+1 sage: g. is_irreducible () True

eo inqpsuaou facu it uhau qpmzopniam siogt npdvmp issedvcibme qpmzopniamt ase iemdt: sspqptiuipo . . oeu ( ) ∈ [ ] be ao issedvcibme qpmzopniam. wheo uhe rvpuieou siog [ ]/( ( )) it a iemd. ♢

. emgebsaic vusvcuvset

wabme . . lssedvcibme qpmzopniamt pwes

hegsee

spmzopniamt + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

( ).

whit setvmu nighu mppl tvsqsitiog, tioce [ ] it fas fspn beiog a iemd: op qpmzopniam pf degsee ≥ it nvmuiqmicauiwemz iowesuibme io [ ]. kpxewes, ao iowestipo npdvmp ( ) it pfueo qpttibme, tioce uxp seqseteouauiwet aod ase nvmuiqmicauiwe iowestet npd ( ) if ( ) ( )= + ( ) ( ) fps tpne ( ) ∈ [ ].

whe qsppf pf sspqptiuipo . vtet uhe iyueoded ivcmideao emgpsiuhn fps qpmzopniamt. ze bsielz tleuch uhe qsppf: meu ( ) be a opo{esp qpmzopniam pf degsee mett uhao ⎡⎢g( ). wheo uhese ase qpmzopniamt ℎ aod ℎ tvch uhau whit thpxt uhau

= ℎ ( ) ( ) + ℎ ( ) ( ).

≡ ℎ ( ) ( ) npd ( ) tp uhau ( ) it iowesuibme npdvmp ( ).

heioiuipo . . oeu ( ) ∈ ( )[ ] be ao issedvcibme qpmzopniam pf degsee . wheo uhe setidve iemd ( )[ ]/( ( )) deioet uhe jampit Fiemd ( ) = � pf psdes . ♢

lu fpmmpxt fspn sspqptiuipo . uhau uhe iemd ( ) iodeed cpouaiot emeneout; each setidve cmatt hat a voirve seqseteouauiwe pf degsee mett uhao , i.e., each cmatt it seqseteoued bz a qpmzopniam ( ) = + + ⋯ + − − xiuh � ∈ ( ).

qpue uhau uhe deioiuipo pf ( ) deqeodt po ao issedvcibme qpmzopniam pf degsee aod iu it opu cmeas xheuhes tvch a qpmzopniam eyitut. ze xaou up thpx uhau a ioiue iemd pf psdes eyitut aod it etteouiammz voirve. lf

(

) eyitut, uheo ⎭⎰⎡(

(

)∗ ) =

−

=

− aod uhvt

. . Fioiue Fiemdt ∈

(

)∗ . whit inqmiet

= fps amm ∈ ( ), i.e., iocmvdiog uhe {esp emeneou. lo puhes xpsdt, uhe emeneout pf ( ) ase eyacumz uhe spput pf uhe qpmzopniam fps amm

oeu , , … , facupst io (

( )=

deopue uhe emeneout pf )[ ], i.e., −

=( −

(

− .

). whe qpmzopniam ( ) tqmiut ioup mioeas

)⋅( −

)⋯( −

).

whit pbteswauipo cao be vted up cpotusvcu ( ). e geoesam uhepsen io iemd uhepsz tuauet uhau a iemd cao be eyueoded tvch uhau aoz giweo qpmzopniam pf degsee ≥ cpnqmeuemz facupsi{et pwes uhe eyueotipo iemd.

whepsen . . oeu be a iemd aod ( ) ∈ [ ] a qpmzopniam pf qptiuiwe degsee. whese eyitut ao eyueotipo iemd ⊃ tvch uhau ( ) tqmiut ioup mioeas facupst pwes . whe tnammetu iemd xiuh uhit qspqesuz it cammed uhe tqmiuuiog iemd pf pwes . eoz uxp tqmiuuiog iemdt ase itpnpsqhic. uenasl . . ze sefes up uhe miuesauvse (fps eyanqme [vhp ]) fps a qsppf pf uhe abpwe whepsen. lu it uenquiog up cpotusvcu at uhe rvpuieou iemd pf [ ] npdvmp ( ), bvu uhit dpet opu xpsl io geoesam. Fistumz, tqmiuuiog iemdt eyitu fps aoz qpmzopniam aod opu pomz fps issedvcibme poet. vecpodmz, eweo if ( ) it issedvcibme tp uhau = [ ]/( ( )) giwet ao eyueotipo iemd pf , uhe iemd nighu opu cpouaio amm spput pf ( ). lo uhit cate, fvsuhes eyueotipot pf ase oecettasz io psdes up pbuaio uhe tqmiuuiog iemd. iyanqme . . ( ) whe iemd ℂ pf cpnqmey ovnbest it uhe tqmiuuiog iemd pf ( ) = + pwes ℝ.

( ) oeu = ℚ aod ( ) = − . whe qpmzopniam it issedvcibme pwes ℚ aod = ℚ[ ]/( − ) = ℚ( √ ) it ao eyueotipo iemd pf degsee pwes ℚ, bvu it opu uhe tqmiuuiog iemd pf ( ). lo facu, it a tvbiemd pf ℝ aod ( ) hat uxp cpnqmey spput betide uhe seam sppu √ . roe cao thpx uhau uhe degsee pf uhe tqmiuuiog iemd pf ( ) pwes ℚ it .

uenasl . . whe amgebsaic cmptvse pf a iemd hat uhe qspqesuz uhau amm qpmzopniamt cpnqmeuemz facups pwes . roe cao thpx uhau ao amgebsaic cmptvse pf a iemd eyitut aod it voirve vq up itpnpsqhitn. Fps eyanqme, ℂ it uhe amgebsaic cmptvse pf ℝ. lo uhit cate, ao eyueotipo pf degsee tvicet, bvu io geoesam, uhe amgebsaic cmptvse pf a iemd hat ioioiue degsee. whit it, fps eyanqme, usve fps uhe iemdt ℚ aod ( ). ze opue uhau uhese ase amtp usaotceodeou eyueotipot xhich ase opu amgebsaic, i.e., opu deioed bz adkpioiog spput pf qpmzopniamt, fps eyanqme uhe iemd ℚ( ) pf sauipoam fvocuipot io poe wasiabme pwes ℚ. ♢ ze seuvso up uhe cpotusvcuipo pf a ioiue iemd pf psdes . eu uhit qpiou xe lopx uhau if ( ) eyitut, uheo iu it itpnpsqhic up uhe tqmiuuiog iemd pf ( ) = − pwes

. emgebsaic vusvcuvset ( ). qpx xe thpx uhau uhe tqmiuuiog iemd pf hat emeneout, xhich qspwet uhau ( ) eyitut (fps amm ∈ ℕ) aod it voirve vq up itpnpsqhitn.

sspqptiuipo . . oeu ( ) = − ∈ ( ) hat emeneout aod deioet uhe iemd

(

( )[ ]. whe tqmiuuiog iemd pf ( ) pwes ).

ssppf. Fistumz, xe thpx uhau ( ) dpet opu hawe nvmuiqme spput. whe fpsnam desiwauiwe − it ( ) = − = − aod uhvt g⎠⎡( , ( )) = . fz sspqptiuipo . , dpet opu hawe nvmuiqme spput aod tp uhe tqmiuuiog iemd pf ( ) pwes ( ) cpouaiot au meatu uhe dituiocu spput pf − . kpxewes, cpvmd cpouaio npse emeneout. oeu = } be uhe teu pf spput. qpue uhau ( ) ⊂ tioce ≡ npd fps amm { , …, ∈ ( ). qeyu, xe thpx uhau fpsnt a iemd xhich nvtu be ervam up , tioce it uhe tnammetu iemd eyueotipo pf ( ) xhese ( ) tqmiut ioup mioeas facupst. ze uhvt oeed up qspwe uhau − ∈ fps amm , ∈ aod − ∈ fps amm , ∈ ⧵ { } (tee sspqptiuipo . po cpodiuipot fps a tvbgspvq). ze thpx uhau ( − ) = aod ( − ) = if ( ) = aod ( ) = . wp uhit eod, xe pbteswe uhau ( − )

=

))

(

+ (− )

=

−

tioce uhe puhes uesnt giweo bz uhe fiopniam whepsen ase nvmuiqmet pf aod uhesefpse {esp io ( ). ze opue uhau (− ) = − if ≠ aod − = fps = . whit giwet ( − ) = . Fvsuhesnpse, ( (

−

=

−

)

=

(

)− =

−

,

aod tp ( − ) = . vvnnasi{iog, uhe spput pf ( ) = − fpsn uhe tqmiuuiog iemd = ( ), aod uhit iemd pf emeneout it voirve vq up itpnpsqhitn. □

iyanqme . . ( ) it uhe tqmiuuiog iemd pf ( ) = − pwes ( ). whit qpmzopniam facupsi{et ioup ( + )( + + ) pwes ( ). whe istu uxp facupst cpssetqpod up uhe emeneout aod pf uhe bate iemd ( ). whe qpmzopniam + + it issedvcibme pwes ( ) aod ( )= ( )[ ]/( + + ). ( ) it seqseteoued bz uhe qpmzopniamt { , , , + }.

eddiuipo it pbwipvt (npdvmp ), aod nvmuiqmicauipo amtp fpmmpxt uhe vtvam svmet, bvu uhe setvmu it sedvced npdvmp + + . Fps eyanqme: ( + )=

+

≡

= ,

npd (

wabme . thpxt addiuipo aod nvmuiqmicauipo io

whe nvmuiqmicauiwe iowestet ase ( + )− ≡ npd ( + + ).

sspqptiuipo . . oeu , Figvse . ).

−

∈ ℕ. wheo

(

−

( ).

≡

) ⊂

+

+

+ ).

npd (

(

+

+ ) aod

) if aod pomz if

∣

(tee

. . Fioiue Fiemdt

wabme . . eddiuipo aod nvmuiqmicauipo uabmet fps

+ +

+

+

+

+ +

⋅

+

( ).

+

+

+ +

ssppf. vvqqpte uhau ( ) ⊂ ( ) aod uhe degsee pf uhe iemd eyueotipo it [ ( ) ∶ ( )] = . lu fpmmpxt uhau uhe psdes pf ( ) it = ( ) = aod uhvt ∣ . wp qspwe uhe pqqptiue disecuipo, meu ∈ ( ) aod = fps tpne ∈ ℕ. wheo vioce

=

=

(

)

= (((

)

)…)

=

io each tueq, xe pbuaio (

)

(

)

(

)

(

(

( -fpmd eyqpoeouiauipo).

aod uhesefpse

)

)

( )

(

)

(

)

∈

(

Figvse . . vvbiemd semauipo fps tewesam eyueotipo iemdt pf

uenasl . . et ao addiuiwe gspvq,

(

) it itpnpsqhic up

(

).

□

) ( ).

(ℤ ) = ℤ × ⋯ × ℤ .

kpxewes, uhe nvmuiqmicauipo io ( ) it opu deioed cpnqpoeou-xite (cpnqase iyescite ), bvu sauhes bz a nvmuiqmicauipo pf qpmzopniamt. Fiyiog ao issedvcibme qpmzopniam pf degsee ziemdt a voirve seqseteouauipo pf emeneout io ( ) at -dineotipoam wecupst pwes ( ).

iyanqme . . oeu ( ) = + + + + ∈ ( )[ ] (tee iyanqme . ). wheo ( )[ ]/( ( )) deioet uhe iemd ( ) xiuh emeneout. fz iyiog ( ), uhe emeneout io ( ) ase io bikecuipo up qpmzopniamt pf degsee mett uhao , xhich io uvso cpssetqpod uhe -biu xpsdt. whe istu biu (nptu tigoiicaou biu, pvf) cpssetqpodt up uhe cpeicieou pf , uhe tecpod biu up , euc., aod uhe matu biu (meatu tigoiicaou biu, ovf) up = . whe bmpcl ciqhes eiv (tee vecuipo . ) vtet uhit seqseteouauipo pf emeneout io ( ) at -biu xpsdt. whe emeneout pf uhit iemd cao amtp be xsiuueo io heyadecinam

. emgebsaic vusvcuvset

opuauipo. eddiuipo po uhe -biu xpsdt it giweo bz a tinqme Xru pqesauipo, bvu uhe nvmuiqmicauipo it mett pbwipvt aod deioed bz a nvmuiqmicauipo pf qpmzopniamt, fpmmpxed bz a sedvcuipo npdvmp ( ). ze cao vte vagepauh fps cpnqvuauipot io ( ). vvqqpte xe xaou up cpnqvue ( + ) npd ( ) aod uhe nvmuiqmicauiwe ioweste pf + npd ( ).

sage: sage: sage: sage: a^7 + a^7 +

R. = PolynomialRing (GF (2) ,x) g=x^8+x^4+x^3+x+1 K.=R. quotient_ring (g) a^7 * (a+1) ; 1/(a+1) a^4 + a^3 + a + 1 a^6 + a^5 + a^4 + a^2 + a

lo heyadecinam opuauipo, uhe abpwe cpnqvuauipot cao be xsiuueo at 80 ⋅ 03 = 9B aod 03− = F6.

whe vagepauh wasiabme a seqseteout uhe setidve cmatt pf npd ( ). ze cpvmd amtp deioe uhe rvpuieou siog bz K=R.quotient_ring(g), i.e., xiuhpvu sefeseoce up a oex wasiabme a. lo uhit cate, vagepauh xsiuet xbar fps uhe setidve cmatt pf .

4.4. Linear and Affine Maps yecups tqacet, mioeas naqt aod aioe naqt pwes ioiue iemdt qmaz ao inqpsuaou spme io cszqupgsaqhz, aod xe secaqiuvmaue tpne facut fspn mioeas amgebsa. heioiuipo . . oeu be a iemd. wheo a -wecups tqace it ao abemiao gspvq upgeuhes xiuh a tcamas nvmuiqmicauipo, xhich attigot a wecups � ⋅ � ∈ up a uvqme (�, �) ∈ × tvch uhau uhe fpmmpxiog svmet ase tauitied: ( ) � ⋅ (� + �) = � ⋅ � + � ⋅ � fps amm � ∈ , �, � ∈ ( ) (� + �) ⋅ � = � ⋅ � + � ⋅ � fps amm �, � ∈ , � ∈ ( ) � ⋅ (� ⋅ �) = (��) ⋅ � fps amm �, � ∈ , � ∈ ( )

⋅ � = � fps amm � ∈

. .

.

.

♢

lo uhe fpmmpxiog, xe attvne uhau uhe seades lopxt uhe deioiuipot pf mioeas iodeqeodeoce, batit aod dineotipo pf a wecups tqace (tee [WmW+ ] ps aoz puhes ueyubppl po mioeas amgebsa). iyanqme . . ( ) oeu be aoz iemd; uheo tipoam -wecups tqace.

it uhe tuaodasd eyanqme pf a -dineo-

( ) whe bioasz tusiogt pf meoguh ∈ ℕ fpsn uhe ( )-wecups tqace ( ) . whe gspvq pqesauipo it deioed bz biuxite Xruiog. whe tcamas nvmuiqmicauipo it usiwiam, tioce uhe pomz facupst ase aod . qpue uhau uhese it op oauvsam siog tusvcuvse po . ( ) oeu

be a qsine ovnbes aod

∈ ℕ. wheo

(

) it a wecups tqace pwes

( ).

. . oioeas aod eioe paqt

( )

( ) it a ( )-wecups tqace pf dineotipo . kese uhe tcamas nvmuiqmicauipo it deioed pwes uhe iemd ( ). lu it amtp a ( )-wecups tqace, bvu pf dineotipo .

paqt beuxeeo wecups tqacet uhau ase cpnqauibme xiuh addiuipo aod tcamas nvmuiqmicauipo ase cammed mioeas: heioiuipo . . oeu -mioeas naq if: ( ) ( )

∶

→

be a naq beuxeeo uxp -wecups tqacet. wheo

(� + � ) = (� ) + (� ) fps amm � , � ∈ (� ⋅ �) = � ⋅ (�) fps amm � ∈ , � ∈

it a

aod

.

( )-wecups tqacet; uheo ∶ → iyanqme . . oeu aod be it mioeas if (� + � ) = (� ) + (� ) fps amm � , � ∈ . whe tecpod cpodiuipo it avupnauicammz tauitied tioce uhe pomz tcamast ase aod . uenasl . . roe thpvmd vodestuaod uhau mioeasiuz it a wesz tuspog serviseneou, aod saodpn naqt ase nptumz fas fspn mioeas! kpxewes, mioeas naqt qmaz ao inqpsuaou spme io naoz aqqmicauipot at xemm at io cszqupgsaqhz. pausicet ase a lez uppm fps uhe detcsiquipo pf mioeas naqt. ze secaqiuvmaue uhe fpmmpxiog facu fspn mioeas amgebsa: sspqptiuipo . . whese it a poe-up-poe cpssetqpodeoce beuxeeo × nausicet pwes aod mioeas naqt ∶ → . eoz nausiy pwes xiuh spxt aod cpmvnot giwet a mioeas naq ∶ → bz teuuiog (�) = �, xhese xe wiex � at a cpmvno wecups.

gpowestemz, a mioeas naq ∶ → deioet a nausiy bz xsiuiog uhe inaget pf uhe tuaodasd batit, i.e., ( ), ( ), … , ( ), ioup uhe cpmvnot pf a × nausiy: | =( ( ) |

| ( ) |

…

(

|

|

)) .

♢

whe abpwe cpotusvcuipo cao be geoesami{ed fspn uhe tuaodasd batit up ao asbiusasz batit. lo facu, a mioeas naq it cpnqmeuemz deuesnioed bz iut wamvet po a batit.

heioiuipo . . e -mioeas naq ∶ → it taid up be ao itpnpsqhitn if iowesuibme, i.e., if uhese it ao ioweste -mioeas naq − ∶ → .

it ♢

eo itpnpsqhitn beuxeeo aod inqmiet = , bvu uhese ase mioeas naqt ∶ → xhich ase oeiuhes iokecuiwe ops tvskecuiwe. it ao itpnpsqhitn if aod pomz if uhe cpssetqpodiog × nausiy it iowesuibme, i.e., if ao ioweste × nausiy − eyitut. whese ase tewesam erviwameou cpodiuipot fps up be iowesuibme, fps eyanqme uhau uhe deuesnioaou ⎡⎢⎲( ) it opo{esp io .

. emgebsaic vusvcuvset

iyanqme . . oeu

∶

( ,

( ) → ,

)=(

( ) be deioed bz +

it mioeas aod uhe cpssetqpodiog nausiy it =(

,

+

,

+

).

).

whe deuesnioaou it ⎡⎢⎲( ) = ≡ npd . keoce it opu iowesuibme pwes ( ). ro uhe puhes haod, uhe cpssetqpodiog naq pwes uhe seam ovnbest ℝ it iowesuibme. ♢

gszqupgsaqhz qsinasimz cpotidest naqt pwes ioiue iemdt, bvu npse seceou adwaocet (mauuice-bated cszqupgsaqhz aod rvaouvn cpnqvuiog) amtp servise seam aod cpnqmey wecups tqacet. heioiuipo . . eo

×

pwes ℝ it cammed psuhpgpoam if

nausiy

=

.

♢

kese deopuet uhe usaotqpte nausiy aod it uhe × ideouiuz nausiy. rsuhpgpoam nausicet ase iowesuibme, uhe ioweste nausiy it − = aod ⎡⎢⎲( ) it eiuhes ps − . whe spxt aod uhe cpmvnot ase psuhpopsnam wecupst. whe attpciaued mioeas naq ( ) = pf seam wecups tqacet it amtp cammed psuhpgpoam aod qseteswet meoguht aod aogmet. iyanqme . . whe spuauipo pf uxp-dineotipoam wecupst bz tcsibed bz uhe fpmmpxiog psuhpgpoam nausiy: =(

aspvod uhe psigio it de-

⎠⎭⎱( ) − ⎱i⎬( ) ). ⎱i⎬( ) ⎠⎭⎱( )

roe eatimz wesiiet uhau = . whe cpmvnot pf ase pbuaioed bz spuauiog uhe tuaodasd voiu wecupst aod bz cpvoues-cmpclxite aspvod uhe psigio. ♢ whe cpssetqpodiog opuipo fps cpnqmey nausicet it voiuasz. heioiuipo . . e cpnqmey xhese

∗

×

nausiy

pwes ℂ it taid up be voiuasz if

deopuet uhe cpokvgaue usaotqpte pf , i.e.,

∗

=

.

∗

=

, ♢

whe ioweste pf a voiuasz nausiy it ∗ aod | ⎡⎢⎲( )| = | ⎡⎢⎲( ∗ )| = . whe spxt aod cpmvnot pf fpsn ao psuhpopsnam batit pf ℂ xiuh setqecu up uhe kesniuiao iooes qspdvcu. whe attpciaued mioeas naq pwes ℂ it amtp cammed voiuasz. e tmighu geoesami{auipo pf mioeas naqt ase aioe naqt. whez difes fspn mioeas naqt pomz bz a cpotuaou usaotmauipo. ze senasl uhau aioe naqt ase tpneuinet amtp cammed mioeas, amuhpvgh uhit it opu fvmmz qsecite. Fvsuhesnpse, opomioeas vtvammz neaot uhau a naq it oeiuhes mioeas ops aioe.

. . oioeas aod eioe paqt heioiuipo . . e naq ∶ → beuxeeo -wecups tqacet aod it cammed aioe if uhese eyitut a mioeas naq ∶ → aod a wecups ∈ tvch uhau fps amm � ∈

∈

eioe naqt :

∶

(�) = (�) + .

→

♢

cao be detcsibed bz ao (�) =

�+ .

×

nausiy

+

) be a naq pwes

aod a wecups

eioe naqt fspn ( ) up ( ) cpssetqpod up ( , )-wecupsiam fppmeao naqt pf amgebsaic degsee (tee heioiuipo . ). iyanqme . . oeu ( , wheo

,

,

=(

)=(

detcsibet uhe aioe naq , tioce ( ) =

+

+

) ,

+ ,

=( )

+ fps amm

∈

( ) .

( ).

♢

ppse eyanqmet pf mioeas, aioe aod opomioeas fppmeao fvocuipot ase giweo io iyanqme . . oioeas aod aioe naqt qmaz ao inqpsuaou spme io cszqupgsaqhz. whit hat tewesam seatpot: • whez cao be eicieoumz detcsibed bz a nausicet aod wecupst, eweo fps masge dineotipot. • pausiy cpnqvuauipot ase eicieou, aod uhe svooiog uine it qpmzopniam io uhe ovnbes pf spxt aod cpmvnot.

• whe lesoem aod uhe inage pf a mioeas naq at xemm at uhe qseinage pf aoz emeneou cao be eicieoumz cpnqvued bz javttiao eminioauipo. emtp, iu cao be eatimz wesiied xheuhes a mioeas ps aioe naq it bikecuiwe. lf ao ioweste naq eyitut, uheo iu cao be eicieoumz cpnqvued aod uhe ioweste naq it amtp mioeas ps aioe. • oioeas aod aioe naqt pwes ( ) cao qspdvce difvtipo aod uhe tp-cammed awamaoche efecu: chaogiog poe ioqvu biu chaoget naoz pvuqvu biut, if uhe nausiy it aqqspqsiauemz chpteo. lo facu, liqqiog uhe -uh ioqvu biu addt uhe -uh cpmvno wecups up uhe pvuqvu.

kpxewes, mioeas naqt amtp hawe a nakps dsaxbacl xheo vted io cszqupgsaqhz: uhese ase eicieou auuaclt agaiotu eocszquipo tchenet uhau ase tpmemz bated po mioeas ps aioe pqesauipot. whez dp opu qspuecu agaiotu chpteo qmaioueyu auuaclt. Fps uhit seatpo, mioeas aod opomioeas pqesauipot ase cpnbioed io uhe cpotusvcuipo pf tecvse ciqhest. sspqptiuipo . . oeu ∶ → be ao aioe naq. vvqqpte uhe qasaneuest pf (i.e., uhe cpssetqpodiog nausiy aod qpttibmz a usaotmauipo wecups) ase tecseu, bvu ao adwestasz lopxt + ioqvu wecupst � , � , … , � aod uhe cpssetqpodiog pvuqvu wecupst �� = (�� ),

. emgebsaic vusvcuvset xhese � = , , … , . lf � − � , � − � , … , � − � ase mioeasmz iodeqeodeou, uheo uhe adwestasz cao eicieoumz cpnqvue uhe nausiy aod uhe usaotmauipo wecups tvch uhau (�) = � + hpmdt fps amm � ∈ . ssppf. oeu (�) = � + , xhese

aod ase volopxo. vioce �� +

(�� − � ) = �� − �

= �� , poe hat

fps amm � = , , … , . qpx xsiue uhe wecupst �� − � aod �� − � ioup uhe cpmvnot pf nausicet aod , setqecuiwemz. whe × nausiy it segvmas tioce xe attvned uhau uhe wecupst �� − � ase mioeasmz iodeqeodeou. keoce =

⟹

=

−

,

aod uhit qspwidet ao eicieou nausiy fpsnvma fps . lu senaiot up cpnqvue uhe usaotmauipo wecups ; up uhit eod xe vte uhe ervauipo = � − � . whit qspwet uhe attesuipo. □

iyanqme . . oeu ∶{ , } → { , } be uhe ciqhesiog fvocuipo pf a bmpcl ciqhes xiuh bmpcl meoguh . ze ideouifz { , } xiuh ( ) aod tvqqpte uhau it aioe. wheo sspqptiuipo . thpxt uhau ao adwestasz, xhp dpet opu lopx , cao iod uhe nausiy, uhe usaotmauipo wecups aod heoce aod − xiuh pomz lopxo qmaioueyu/ciqhesueyu qaist, if uhe abpwe iodeqeodeocz cpodiuipo it tauitied. keoce ⋅ = , qmaioueyu/ciqhesueyu biut ase tvicieou, ps tmighumz npse if uhe wecupst ase mioeasmz deqeodeou. qpue uhau xe nade op attvnquipot cpocesoiog aod hpx uhe lez deuesnioed uhe nausiy aod uhe usaotmauipo wecups. whit cpvmd eweo be a opomioeas semauipothiq. lo facu, uhe lez it opu cpnqvued dvsiog uhit auuacl. sspqptiuipo . . oeu be a lezed fanimz pf fvocuipot aod tvqqpte uhau amm naqt ase aioe; uheo it opu a qtevdpsaodpn fvocuipo. vinimasmz, if it a lezed fanimz pf qesnvuauipot aod amm naqt ase aioe, uheo it opu a qtevdpsaodpn qesnvuauipo. ssppf. sspqptiuipo . thpxt hpx ao adwestasz cao eyqmiciumz cpnqvue uhe qasaneuest pf ao aioe naq, i.e., uhe nausiy aod uhe usaotmauipo wecups, vtiog a ovnbes pf lopxo ioqvu/pvuqvu wamvet. lo uhe dituiogvithabimiuz eyqesineout (tee heioiuipot . aod . ), ao adwestasz cao uheo qsedicu ( ) fps aoz ioqvu aod cpnqase uhe setvmu xiuh uhe setqpote uhez pbuaio fspn uhe chammeoges. lf uhez cpiocide, uheo uhe fvocuipo it qspbabmz aioe aod uhe adwestasz pvuqvut ′ = . ruhesxite, it saodpn aod uhe adwestasz pvuqvut ′ = . emuesoauiwemz, ao adwestasz cao uetu xheuhes aod aod atliog fps ( ), ( ), ( ), ( (

+

)+ ( )= (

it aioe, bz chpptiog ioqvu wamvet + ). lf it aioe, uheo

)+ (

).

eo adwestasz pvuqvut = if uhit ervauipo it tauitied, aod puhesxite. wheis adwaouage it cmpte up , aod tp aioe fvocuipot caoopu be qtevdpsaodpn. □ ′

iyescitet

uenasl . . whe abpwe auuacl xpvmd etteouiammz tuimm xpsl if cao be aqqspyinaued bz a mioeas ps aioe naq , i.e., if aod cpiocide tigoiicaoumz npse pfueo uhao bz chaoce. whesefpse, qtevdpsaodpn fvocuipot aod qesnvuauipot nvtu be highmz opomioeas.

4.5. Summary

• Fioiue czcmic gspvqt pf psdes ase itpnpsqhic up uhe addiuiwe gspvq pf iouegest npdvmp . • Fioiue abemiao gspvqt cao be decpnqpted ioup a qspdvcu pf czcmic gspvqt pf qsine-qpxes psdes. • whe iouegest npdvmp a qsine ovnbes deioe uhe iemd ( ). • whe qpmzopniamt pwes a iemd fpsn uhe siog [ ]. • whe iemd ( ) xiuh emeneout it ao eyueotipo iemd pf ( ). lu cao be deioed at uhe rvpuieou pf uhe qpmzopniam siog pwes ( ) npdvmp ao issedvcibme qpmzopniam pf degsee . − pwes ( ). • ( ) it uhe tqmiuuiog iemd pf uhe qpmzopniam • oioeas naqt beuxeeo ioiue-dineotipoam wecups tqacet pwes ao asbiusasz iemd cao be detcsibed bz nausicet. • eioe naqt ase deioed bz a mioeas naq qmvt a cpotuaou usaotmauipo. • nezed fvocuipo ps qesnvuauipo fanimiet pf mioeas ps aioe naqt caoopu be qtevdpsaodpn.

Exercises

. Fiod amm tvbgspvqt pf (ℤ , +), (ℤ , +) aod (ℤ∗ , ⋅). . oeu

be a gspvq pf psdes

. oitu uhe qpttibme psdest pf emeneout io .

. gpotides uhe naq ∶ ℤ → ℤ deioed bz ( ) = gspvq hpnpnpsqhitn aod eweo ao itpnpsqhitn.

npd

. vhpx uhau

it a

. oeu aod be difeseou qsine ovnbest aod = . oeu aod be iouegest tvch uhau ≡ npd ( − )( − ). vhpx uhau ≡ npd fps aoz ∈ ℤ . wiq: xte ivmes’t whepsen up thpx uhe tuaueneou fps ∈ ℤ∗ . . gpotides uhe nvmuiqmicauiwe gspvq = ℤ∗ . gpnqvue uhe psdes pf it uhe nayinvn psdes pf emeneout io ? Fiod a geoesaups pf . . ghecl xheuhes npd aod npd ℤ∗ aod deuesnioe uheis psdes.

npd

. zhau

ase geoesaupst pf uhe nvmuiqmicauiwe gspvq

. vhpx uhau ℤ × ℤ it opu czcmic fps ≥ . wiq: yesifz uhau ⎭⎰⎡( ) ∣ fps amm ∈ ℤ × ℤ .

. Fiod amm abemiao gspvqt pf psdes , vq up itpnpsqhitn. zhich pf uhen ase czcmic?

. emgebsaic vusvcuvset . heuesnioe uhe decpnqptiuipot pf ℤ∗ aod ℤ∗ at a qspdvcu pf addiuiwe czcmic gspvqt.

. zhich setidve cmattet ase geoesaupst pf uhe addiuiwe gspvq ℤ ?

. oeu = eocet =

= . Fiod uhe facupst aod aod tpmwe uhe tinvmuaoepvt cpogsvnpd aod = npd vtiog uhe ghioete uenaiodes whepsen.

. oeu aod be siogt. zhz it uhe qspdvcu siog × oewes a iemd, eweo if aod ase iemdt? wiq: gpotides uhe idenqpueou emeneout ( , ) aod ( , ). . oeu ,

∈ [ ]. vhpx uhe qspdvcu svme

( ⋅ )= ( )⋅ +

wiq: xte uhe mioeasiuz pf uhe desiwauiwe

⋅ ( ).

up sedvce up uhe cate

=

aod =

.

. heuesnioe uhe ovnbes pf emeneout pf uhe fpmmpxiog setidve cmatt siogt. zhich pf uhe siogt ase iemdt? (a) ( )[ ]/( + + ), (b) ( )[ ]/( + ), (c) ( )[ ]/( − ), xhese ∈ ℕ. . oeu

( )= ( )[ ]/( + ( ) pf degsee mett uhao .

+ ). Fiod seqseteouauiwet pf

,

,

,

io

( ) it uhe tqmiuuiog iemd pf ( ) = − . xte vagepauh up facups ( ) pwes ( ) aod ideouiuz uhe issedvcibme facups ( ) = + + + + vted up deioe uhe eiv iemd.

. Fiod ao issedvcibme qpmzopniam pwes .

( ) pf degsee .

,

(

).

. heioe ( ) vtiog ( ) at abpwe. zhich qpmzopniam ( ) cpssetqpodt up uhe bzue 02 (heyadecinam opuauipo)? heuesnioe a qpmzopniam ℎ( ) xhich it ioweste up ( ) npd ( ) aod giwe iut heyadecinam seqseteouauipo.

. Fiod eyqmiciu detcsiquipot pf amm tvbiemdt pf

. gpotides uhe biu qesnvuauipo ∶ ( ) → ( ) detcsibed bz ( ). heuesnioe uhe ioweste biu-qesnvuauipo − aod uhe nausicet xhich seqseteou aod − .

. vhpx uhau uhe fpmmpxiog nausiy

=

it voiuasz aod iod uhe ioweste nausiy (

+� −�

−� ). +�

−

:

. oeu be ao aioe naq giweo bz ( ) = + . jiwe a oecettasz aod tvicieou cpodiuipo fps beiog bikecuiwe aod a fpsnvma fps − .

. zhz it uhe fpmmpxiog naq ( ,

,

)=(

∶

+

( ) → +

+ ,

( ) aioe aod iowesuibme: +

,

+

+ )?

heuesnioe uhe nausiy aod uhe usaotmauipo wecups. gpnqvue uhe ioweste naq

−

.

iyescitet . oeu ∶ ( ) → ( ) be a mioeas naq xiuh uhe fpmmpxiog ioqvu wecupst �� aod pvuqvu wecupst �� = (�� ). heuesnioe uhe nausiy xhich cpssetqpodt up . � = ( ), � = ( ), � = ( ), � = ( ), � = ( ), � = ( ).

. oeu = ( ). kpx cao zpv detcsibe a) ( )-mioeas naqt aod b) naqt po ? kpx naoz difeseou naqt eyitu io cate a) aod io cate b) ?

( )-mioeas

. vvqqpte amm naqt pf a lezed fvocuipo fanimz ase mioeas. kpx cao ao adwestasz eatimz xio uhe qsf dituiogvithabimiuz eyqesineou? whit thpxt uhau it opu a qtevdpsaodpn fvocuipo. wiq: ghppte ao amm-{esp ioqvu.

Chapter 5

Block Ciphers

e bmpcl ciqhes it a fanimz pf qesnvuauipot xhich it detigoed up behawe mile a qtevdpsaodpn qesnvuauipo. fmpcl ciqhest pqesaue po bioasz tusiogt pf iyed meoguh, bvu io cpnbioauipo xiuh ao pqesauipo npde uhez deioe a wasiabme-meoguh eocszquipo tchene. lo vecuipo . pf uhit chaques, xe tuvdz uxp inqpsuaou cpotusvcuipo neuhpdt pf bmpcl ciqhest: tvbtuiuvuipo-qesnvuauipo oeuxpslt aod Feituem ciqhest. vecuipo . deamt xiuh uhe uikodaem bmpcl ciqhes, xhich hat beeo adpqued at uhe edwaoced iocszquipo vuaodasd (eiv). fmpcl ciqhest aod uhe eiv amgpsiuhn ase deamu xiuh io amm npdeso cszqupgsaqhz ueyubpplt, fps eyanqme [ss ]. e deuaimed detcsiquipo pf uhe detigo pf eiv cao be fpvod io [hu ].

5.1. Constructions of Block Ciphers e bmpcl ciqhes it a lezed fanimz pf qesnvuauipot (tee heioiuipo . ): ∶ { , } ×{ , } →{ , } .

gvsseoumz, a bmpcl meoguh pf = biut aod lez meoguht beuxeeo = aod = biut ase xidemz vted. whe lez tqace it masge eopvgh up qseweou bsvue-fpsce auuaclt agaiotu voifpsn saodpn lezt. Fps each lez , a qesnvuauipo pf { , } hat up be deioed. fecavte pf cpnqvuiog aod tupsage miniuauipot, iu it inqpttibme up vte a uabme pf wamvet aod thpvmd sauhes be deioed bz ao eicieou amgpsiuhn. lo qsacuice, poe cpnbioet uhe fpmmpxiog uxp uzqet pf pqesauipot: mioeas ps aioe niyiog naqt po fvmm bmpclt pf meoguh aod opomioeas v-fpyet po thpsu tegneout pf a bmpcl.

• piyiog naqt qesnvue amm biut pf a bmpcl. wzqicammz, biu qesnvuauipot ase vted xhich ase wesz eicieou aod tqsead ioqvu chaoget uhspvghpvu a bmpcl. jeoesam

. fmpcl giqhest

mioeas ps aioe niyiog naqt ase amtp vted. whe servised qspqesuiet (io qasuicvmas bikecuiwiuz) cao eatimz be checled aod uhe cpnqvuauipot ase wesz eicieou. Fvsuhesnpse, mioeas aod aioe naqt cao achiewe difvtipo if uhe naq it aqqspqsiauemz chpteo: tnamm ioqvu chaoget, taz pomz poe biu, afecu a xhpme bmpcl aod setvmu io masge pvuqvu chaoget. qpue uhau difvtipo it a oecettasz qspqesuz pf qtevdpsaodpn qesnvuauipot: uhe pvuqvu thpvmd cpnqmeuemz chaoge, eweo if pomz a fex ioqvu biut ase npdiied. ruhesxite, ao adwestasz cpvmd dituiogvith fspn a saodpn qesnvuauipo.

• v-fpyet ase opomioeas, saodpn mppliog naqt xhich ase aqqmied io qasammem up thpsu tegneout pf a bmpcl. Fps a tnamm ovnbes pf ioqvu wamvet, fps eyanqme biut xiuh = wamvet, uhe v-fpy usaotfpsnauipo cao be deioed eyqmiciumz bz a uabme. whe v-fpy oeedt up be casefvmmz deioed aod nvtu be highmz opomioeas.

whe cpnbioauipo pf mioeas niyiog naqt aod opomioeas v-fpyet, aqqmied io tewesam spvodt, cao achiewe cpofvtipo, xhich nalet uhe semauipothiq beuxeeo uhe ciqhesueyu aod uhe lez cpnqmey aod iowpmwed. gpofvtipo nalet iu wesz hasd up iod uhe lez ps uhe decszquipo fvocuipo, eweo if naoz qmaioueyu/ciqhesueyu qaist ase lopxo up ao adwestasz. whe qspqesuiet pf cpofvtipo aod difvtipo aod uheis spme io uhe cpotusvcuipo pf tecvse ciqhest xese istu detcsibed bz gmavde vhaoopo io [vha ]. gpofvtipo aod difvtipo cao be achiewed bz a tvbtuiuvuipo-qesnvuauipo oeuxpsl. vvch a oeuxpsl cpotitut pf a ovnbes pf spvodt io xhich a qmaioueyu bmpcl it usaotfpsned ioup a ciqhesueyu bmpcl. iach spvod cpotitut pf uhe fpmmpxiog pqesauipot (tee Figvse . ): ( ) edd a spvod lez up uhe daua bmpcl. whe spvod lez it desiwed fspn uhe eocszquipo lez aod eotvset uhau uhe usaotfpsnauipo deqeodt po uhe lez. ( ) vqmiu uhe bmpcl ioup tnammes tegneout aod aqqmz a opomioeas v-fpy (tvbtuiuvuipo) up each pf uhe tegneout. ( ) eqqmz a biu qesnvuauipo ps, npse geoesammz, a mioeas ps aioe niyiog naq up uhe fvmm daua bmpcl. iach pqesauipo io a tvbtuiuvuipo-qesnvuauipo oeuxpsl hat up be iowesuibme tp uhau a voirve decszquipo naq eyitut. wzqicam oeuxpslt hawe au meatu ueo spvodt. eopuhes xidemz vted cpotusvcuipo it Feituem oeuxpslt. whez ase amtp bated po opomioeas v-bpyet aod mioeas niyiog pqesauipot, bvu tqmiu a bmpcl ioup a mefu aod sighu hamf. Feituem oeuxpslt vte a spvod fvocuipo uhau deqeodt po a spvod lez aod pqesauet po poe hamf pf uhe daua bmpcl (tee Figvse . ). oeu (

,

) be qmaioueyu bmpcl pf meoguh ( �,

�)

=(

�−

,

�−

⊕

�

(

. heioe �−

))

fps � = , , … , .

. . gpotusvcuipot pf fmpcl giqhest

Figvse . . vvbtuiuvuipo-qesnvuauipo oeuxpsl: add a spvod lez aod uhe qesnvuauipo io spvodt.

� , aqqmz uhe v-fpy

efues spvodt aod a ioam qesnvuauipo poe pbuaiot uhe ciqhesueyu pf uhe Feituem ciqhes: qpx meu (

,

(

,

)=(

,

) be a ciqhesueyu bmpcl. wheo deioe

(

�−

,

�−

) = ( �,

�

⊕

(

,

�

( � ))

).

fps � = , − , … , .

qpue uhau eocszquipo aod decszquipo vte uhe tane usaotfpsnauipo. eqqmziog spvodt pf uhe Feituem oeuxpsl aod a ioam qesnvuauipo secpwest uhe qmaioueyu: )=(

,

).

whe spvod fvocuipo deqeodt po a spvod lez � , aod � it vtvammz deioed bz vbpyet aod biu qesnvuauipot (ps aioe pqesauipot), tinimas up a tvbtuiuvuipo-qesnvuauipo oeuxpsl. kpxewes, uhe spvod fvocuipo pomz pqesauet po poe hamf pf a bmpcl aod, dve up uhe Feituem oeuxpsl cpotusvcuipo, dpet opu hawe up be bikecuiwe. roe cao thpx uhau

. fmpcl giqhest

a Feituem ciqhes xiuh au meatu spvodt it a qtevdpsaodpn qesnvuauipo if uhe vodesmziog spvod fvocuipo it a qtevdpsaodpn fvocuipo. wzqicam Feituem ciqhest hawe spvodt.

Figvse . . Feituem oeuxpsl xiuh spvodt.

paoz bmpcl ciqhest ase bated po Feituem oeuxpslt, fps eyanqme uhe fpsnes eocszquipo tuaodasd hiv, bvu amtp npdeso bmpcl ciqhest tvch at wxpith.

5.2. Advanced Encryption Standard efues a -zeas tuaodasdi{auipo qspcett, uhe enesicao qauipoam lotuiuvue pf vuaodasdt aod wechopmpgz (qlvw) adpqued uhe bmpcl ciqhes uikodaem (detigoed bz m. haeneo aod y. uikneo) at uhe edwaoced iocszquipo vuaodasd (eiv) io [Fls ]. whe ciqhes it opx xidemz vted bz tecvsiuz aqqmicauipot aod oeuxpsl qspupcpmt. uikodaem it fatu po bpuh tpfuxase aod hasdxase (amtp po -biu qspcettpst), eatz up inqmeneou aod serviset miuume nenpsz. whspvghqvut pf tewesam hvodsed pfiu/t io tpfuxase aod tewesam jfiu/t io hasdxase ase eatimz qpttibme. whese ase a ovnbes pf amuesoauiwet, fps eyanqme wxpith, vesqeou, ganemmia aod puhest, bvu au uhe uine pf uhit xsiuiog eiv it uhe dpnioauiog bmpcl ciqhes. whe tuaodasdi{ed eiv ciqhes hat a bmpcl meoguh pf biut aod a -, - ps biu lez meoguh. whe psigioam uikodaem ciqhes tvqqpsut addiuipoam bmpcl meoguht aod lez meoguht. whe ciqhes it a tvbtuiuvuipo-qesnvuauipo oeuxpsl, aod uhe ovnbes pf spvodt deqeodt po uhe lez ti{e; uhe ciqhes hat eiuhes (fps -biu lezt), (fps -biu lezt), ps spvodt (fps -biu lezt). whete teuuiogt ammpx fps a wesz eicieou pqesauipo. Fvsuhesnpse, uhe bmpcl aod lez meoguht qseweou tinqme bsvue-fpsce auuaclt aod mpplvq uabmet. ze deopue uhe eiv eocszquipo fvocuipo bz ∶ { , } → { , } . whe eocszquipo fvocuipo pqesauet po uhe -biu tuaue. whe tuaue it assaoged io a × nausiy pwes ( ) bz xsiuiog uhe bzuet , , … , ioup uhe cpmvnot pf a nausiy: ⎟. ⎟ ⎠

. . edwaoced iocszquipo vuaodasd

iach bzue it iouesqseued at ao emeneou pf uhe iemd ( )=

( )[ ]/(

+

+

+

+ )

(cpnqase iyanqme . ). whe bzue ( … ) cpssetqpodt up uhe setidve cmatt ⋯+ + npd ( + + + + ).

+

iyanqme . . oeu = … be a -biu ioqvu bmpcl. whe bzue 80 = cpssetqpodt up npd + + + + . rbwipvtmz, uhe {esp bzue cpssetqpodt up uhe {esp qpmzopniam. whvt, it seqseteoued bz uhe fpmmpxiog × nausiy pwes ( ): ⎟. ⎟ ⎠

♢

whe eiv eocszquipo fvocuipo ualet uhe qmaioueyu at ioqvu tuaue aod usaotfpsnt uhe tuaue io tvccettiwe spvodt. iach spvod cpotitut pf tewesam tueqt: uhe opomioeas tvbtuiuvuipo tueq (SubBytes), uxp mioeas niyiog tueqt (ShiftRows, MixColumns) aod uhe aioe AddRoundKey tueq. whe ioam tuaue it pvuqvu. iach tueq it iowesuibme aod uhe decszquipo fvocuipo − it giweo bz cpnqptiog uhe ioweste tueqt io seweste psdes. whe fpmmpxiog qtevdpcpde giwet a high-mewem detcsiquipo pf . whe SubBytes, ShiftRows, MixColumns pqesauipot aod uhe KeyExpansion tueq ase detcsibed bempx. Rijndael(State, CipherKey) { KeyExpansion(CipherKey, ExpandedKey) AddRoundKey(State,ExpandedKey[0]) for(i = 1; i < Nr ; i++) { // Nr is either 10, 12 or 14 // Round i SubBytes(State) ShiftRows(State) MixColumns(State) AddRoundKey(State,ExpandedKey[i]) } // Final Round SubBytes(State) ShiftRows(State) AddRoundKey(State,ExpandedKey[Nr]) } Fistu, xe cpotides uhe v-fpy SubBytes xhich it uhe pomz opo-aioe cpnqpoeou pf eiv. whe v-fpy fvocuipo ∶ ( )→ ( ) it aqqmied up each bzue pf uhe tuaue

. fmpcl giqhest

iodiwidvammz (tee Figvse . ). ⎟ −−−−−→ ⎟ ⎠ vvbfzuet

( ) ( ) ( ) ( )

( ) ( ) ( ) ( )

( ( ( (

) ) ) )

( ( ( (

) ) ⎟ )⎟ )⎠

Figvse . . whe opomioeas v-fpy pqesauet po each bzue pf uhe tuaue assaz iodiwidvammz.

it deioed bz nvmuiqmicauiwe iowestipo io uhe iemd usaotfpsnauipo pf uhe wecups tqace ( ) . whe deioiuipo ( )=

( )[ ]/(

+

+

+

fps fps

≠ , = ,

( ) fpmmpxed bz ao aioe

+ )

giwet a ( )-mioeas itpnpsqhitn beuxeeo ( ) aod ( ) , tp uhau emeneout io ( ) cpssetqpod up a bioasz xpsd pf meoguh (poe bzue). ( )={

=

−

+

⎟ ⎟ ⎟ ⎟, ⎟ ⎟ ⎟ ⎠

=

⎟ ⎟ ⎟ ⎟. ⎟ ⎟ ⎟ ⎠

vioce ∈ ( ) it opu iowesuibme, poe eyueodt uhe iowestipo bz naqqiog up . whe eyueoded iowestipo naq it a bikecuipo po ( ) aod cao amtp be detcsibed bz uhe npopniam naq �( ) = . lo facu, ivmes’t whepsen cao be aqqmied up uhe nvmuiqmicauiwe gspvq ( )∗ pf voiut. whit ziemdt = aod heoce − = fps amm ≠ . whe

. . edwaoced iocszquipo vuaodasd cpnqptiuipo pf uhe iowestipo naq � aod uhe aioe usaotfpsnauipo ( ) = be seqseteoued bz a qpmzopniam pwes ( ) (tee [hu ]): ( ) = (�( )) = 05 ⋅

+ 01 ⋅

+ 09 ⋅

+ B5 ⋅

+ F9 ⋅

+ 8F ⋅

+ 25 ⋅

+ 63.

+ F4 ⋅

+

cao

whit thpxt uhau hat a cpnqmey amgebsaic eyqsettipo pwes ( ). roe cao amtp cpotides at ao ( , )-wecupsiam fppmeao fvocuipo aod cpnqvue uhe amgebsaic opsnam fpsn (tee vecuipo . ) pf each pf iut cpnqpoeout. whe amgebsaic degsee pf uhe fppmeao fvocuipot it , xhich denpotusauet a high amgebsaic cpnqmeyiuz pwes ( ). qpue uhau inqmeneouauipot pf eiv dp opu vte uhe amgebsaic deioiuipo pf a mpplvq uabme iotuead. whit serviset pomz bzuet pf nenpsz.

, bvu

iyanqme . . ze vte vagepauh, cpotusvcu ao eiv pbkecu cammed sr aod qsiou pvu uhe heyadecinam v-fpy wamvet: sage: sr = mq.SR(10, 4, 4, 8, star=True , allow_zero_inversions =True , sage: S=sr.sbox () sage: for i in range (0 ,256): print "{:02X}".format(S[i]), 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76 CA 82 C9 7D FA 59 47 AD D4 A2 AF 9C A4 72 C0 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75 09 83 2C 1A 1B 6E 5A 52 3B D6 B3 29 E3 2F 84 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8 51 A3 40 8F 92 9D 38 BC B6 DA 21 10 FF F3 D2 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB E0 32 3A 0A 49 06 24 C2 D3 AC 62 91 95 E4 79 E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A 70 3E B5 66 48 03 F6 61 35 57 B9 86 C1 1D 9E E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16

Fps eyanqme,

(00) =

= 63 aod

(01) = 7C.

aes_mode=True)

F0 15 A0 CF F5 73 5C 08 0E DF

♢

roe pf uhe naio detigo csiuesia pf uhe v-fpy it iut opomioeasiuz. ze hawe teeo abpwe uhau it opomioeas aod iut amgebsaic degsee it high. lo addiuipo, iu it inqpttibme up aqqspyinaue bz aioe fvocuipot. roe cao thpx uhau aoz mioeas cpnbioauipo (Xru) pf ioqvu aod pvuqvu biut pf uhe v-fpy giwet uhe cpssecu wamve fps au meatu aod au nptu pf ioqvu wamvet. qpue uhau uhe eyqecued ovnbes pf nauchet fps a saodpn Xru cpnbioauipo it . whe cpssemauipo beuxeeo uhe v-fpy aod amm aioe fvocuipot it uhesefpse mpx, xhich qspuecut uhe ciqhes agaiotu a mioeas cszquaoamztit. eopuhes detigo atqecu it uhe difeseouiam qspqesuiet pf uhe v-fpy. lu cao be thpxo uhau fps aoz iyed qais pf ioqvu-pvuqvu difeseocet, au nptu pvu pf wamvet qspqagaue uhe giweo difeseocet. whit qseweout a difeseouiam cszquaoamztit pf uhe ciqhes.

qeyu, xe mppl au uhe difvtipo mazes, xhich it inqmeneoued bz uhe mioeas niyiog naqt vhifuupxt aod piygpmvnot. fpuh ase ( )-mioeas pqesauipot po uhe tuaue nausiy.

vhifuupxt it a biu qesnvuauipo aod spuauet uhe bzuet io uhe tecpod, uhisd aod fpvsuh spx up uhe mefu. whe istu spx it mefu vochaoged, uhe bzuet io uhe tecpod spx ase spuaued

. fmpcl giqhest

bz poe qptiuipo, bzuet io uhe uhisd spx ase spuaued bz uxp qptiuipot aod bzuet io uhe fpvsuh spx ase spuaued bz uhsee qptiuipot (tee Figvse . ). gmeasmz, vhifuupxt cao be iowesued bz a cpssetqpodiog ciscvmas sighu thifu.

Figvse . . vhifuupxt spuauet uhe bzuet io uhe spxt bz {esp, poe, uxp aod uhsee qptiuipot, setqecuiwemz.

⎟ −−−−−−→ ⎟ ⎠ vhifuupxt

⎟. ⎟ ⎠

piygpmvnot usaotfpsnt uhe cpmvnot pf uhe tuaue nausiy bz a ( )-mioeas naq. roe nvmuiqmiet a cpotuaou × nausiy pwes ( ) bz uhe cpmvno wecupst pf uhe tuaue (tee Figvse . ). whe nausiy it segvmas tp uhau uhe pqesauipo cao be iowesued (tee vecuipo . xhese uhe ioweste nausiy it cpnqvued). whe piygpmvnot nausiy xat casefvmmz chpteo up hawe gppd difvtipo qspqesuiet. lf � ∈ ( ) it a opo{esp cpmvno wecups, uheo uhe ovnbes pf opo{esp bzuet pf � qmvt uhe ovnbes pf opo{esp bzuet pf � it au meatu . whit cao be thpxo vtiog mioeas cpdet (tee iyanqme . ( )). ⎟ −−−−−−−−→ ⎟⋅ ⎟ ⎟ ⎠ ⏟⎵⎵⎵⎵⎵⏟⎵⎵⎵⎵⎵⏟⎠ piygpmvnot

⎟ ⎟ ⎠

lo uhe eddupvodnez tueq, ewesz biu pf uhe tuaue nausiy it Xrued xiuh uhe spvod lez � . whe spvod lezt hawe uhe tane meoguh at uhe tuaue ( biut) aod ase cpnqvued io uhe neziyqaotipo tueq, at eyqmaioed bempx.

. . edwaoced iocszquipo vuaodasd

⋅

⋅

⋅

⋅

Figvse . . whe piygpmvnot pqesauipo: each cpmvno it usaotfpsned bz a iyed nausiy

⎟ ⎟⨁ ⎠

⎟ −−−−−−−−−→ ⎟ ⎠ eddupvodnez

.

�.

whe pqesauipot xese detigoed tvch uhau uxp uikodaem spvodt (vvbfzuet, vhifuupxt, piygpmvnot, eddupvodnez) amseadz qspwide tvicieou difvtipo. efues uxp spvodt, ewesz pvuqvu biu deqeodt po amm ioqvu biut, aod a chaoge io poe ioqvu biu chaoget abpvu hamf pf amm pvuqvu biut. Fioammz, xe eyqmaio eiv lez tchedvmiog. whe naio detigo csiuesia fps uhe lez eyqaotipo tueq xese eicieocz, tznneusz eminioauipo, difvtipo pf uhe lez aod opomioeasiuz. whe opomioeasiuz it ioueoded up qspuecu uhe ciqhes agaiotu semaued-lez auuaclt (cpnqase uenasl . ).

ze begio xiuh -biu lezt (tee Figvse . ). lo uhit cate, uhe eiv amgpsiuhn hat ueo spvodt, aod emeweo -biu spvod lezt , , … , ase servised. whe tvblezt ase tupsed io xpsdt , , … , ∈ ( ) pf meoguh biut. oeu ℎ∶

( ) →

( )

be uhe spuauipo bz poe bzue qptiuipo up uhe mefu, i.e., ℎ( , , , ) = ( , , , ). ze xsiue � fps uhe fvocuipo xhich aqqmiet uhe v-fpy up amm fpvs cpnqpoeout pf a wecups io ( ) . whit fvocuipo eotvset uhau uhe lez tchedvme it opomioeas. whe tznneusz pf � it eminioaued bz spvod cpotuaout: �

=

�−

npd

+

+

+

+ ∈

whe -biu eiv lez deioet uhe ioiuiam spvod lez = spvod lez = ‖ ‖ ‖ it cpnqvued at fpmmpxt: = =

⊕ �( ℎ( ⊕ ,

)) ⊕ (

, , , ),

( ) fps � ≥ . =

= =

‖

⊕ ⊕

‖

‖

, .

. whe oeyu

. fmpcl giqhest

k

W0

W1

W2

W3

k

W5

W6

W7

k1

W9

W 10

W 11

k

0

T

W4 T

W8

2

Figvse . . whe istu uxp spvodt pf -biu eiv lez tchedvmiog. naqt uhe xpsd �− up �( ℎ( �− )) ⊕ ( � , , , ). whit it baticammz a bzue-xite vvbfzuet pqesauipo, bvu iowpmwet ao addiuipoam spuauipo aod a usaotmauipo bz a spvod cpotuaou.

whe fpmmpxiog spvod lezt ase cpotusvcued aoampgpvtmz (iocseneou uhe iodey pf bz aod iocseate amm puhes iodicet bz ). Fps � = , … , poe deioet: �

=

�+

=

�−

⊕ �( ℎ( �− )) ⊕ ( �− ⊕ �+ ,

whe spvod lezt ase giweo bz �

=

�‖

�+

‖

�+

�,

‖

, , ),

�+

�+

�+

= =

fps � = , , … ,

�−

�−

⊕ ⊕

�,

�+

.

.

qpue uhau uhe cpotusvcuipo pf uhe istu xpsd pf each spvod lez vtet uhe opomioeas v-fpy, xhime uhe puhes uhsee xpsdt ase deioed bz Xruiog uxp qsecediog xpsdt. ze tliq -biu lezt aod mppl au -biu lezt. lo uhit cate, ifueeo , , …, ase oeeded. whe lez tchedvme geoesauet xpsdt , ( ) aod uhe spvod lezt ase giweo bz �

=

�‖

�+

‖

�+

‖

�+

fps � = , , … ,

.

-biu tvblezt , …, io

iyescitet

e xpsdt

,

-biu eiv lez deioet uhe istu eighu xpsdt , …, ase cpnqvued at fpmmpxt: = = = =

⊕ �( ℎ( )) ⊕ ( ⊕ , ⊕ �( ), ⊕ ,

, , , ),

,

= = = =

, …,

⊕ ⊕ ⊕ ⊕

. whe oeyu eighu ,

, , .

whe fpmmpxiog eighu xpsdt ase deioed aoampgpvtmz (iocseneou uhe iodey pf bz aod iocseate amm puhes iodicet bz ), vouim amm xpsdt hawe beeo deioed. egaio, uhe istu xpsd pf each spvod lez it deioed bz a opomioeas pqesauipo, xhich io uvso afecut amm tvbterveou xpsdt.

5.3. Summary

• e bmpcl ciqhes it a fanimz pf qesnvuauipot. lu thpvmd hawe gppd difvtipo aod cpofvtipo qspqesuiet. • whe naio bvimdiog bmpclt pf bmpcl ciqhest ase mioeas ps aioe niyiog naqt aod opomioeas v-fpyet. • vvbtuiuvuipo-qesnvuauipo oeuxpslt aod Feituem oeuxpslt ase uhe nptu inqpsuaou neuhpdt fps cpotusvcuiog bmpcl ciqhest. • whe uikodaem bmpcl ciqhes xat adpqued at uhe edwaoced iocszquipo vuaodasd (eiv) aod it xidemz vted io qsacuice. • eiv it a tvbtuiuvuipo-qesnvuauipo oeuxpsl xiuh a bmpcl meoguh pf biut. whe ciqhes pqesauet po a × tuaue nausiy pwes ( ) aod it deioed bz a terveoce pf neziyqaotipo, eddupvodnez, vvbfzuet, vhifuupxt aod piygpmvnot tueqt. • whe eiv vvbfzuet v-fpy it uhe pomz opomioeas pqesauipo. lu it deioed bz a nvmuiqmicauiwe iowestipo io ( ), fpmmpxed bz ao aioe naq pwes ( ). • whe eiv lez tchedvme ualet a -, - ps -biu lez at ioqvu aod geoesauet -biu spvod lezt bz mioeas aod opomioeas pqesauipot. • eiv it setituaou up wasipvt auuaclt aod npdemed at a fanimz pf qtevdpsaodpn qesnvuauipot.

Exercises . gpotides Feituem ciqhest. xte uhe fpsnvmat io vecuipo . up thpx uhau uhe qmaioueyu. . yesifz uhe fpmmpxiog iowestet io −

01

wheo cpnqvue

(00),

( ) (io heyadecinam opuauipo):

= 01, 02− = 8D, 03− = F6. (01),

(02) aod

(03).

secpwest

. fmpcl giqhest . oeu ∈ ℕ. vhpx uhau ( ) = ( )= it opu mioeas. . hetcsibe uhe ioweste v-fpy

−

(

)

it a

( )-mioeas naq po

( ), xheseat

.

. kpx cao uhe nvmuiqmicauipo pf -biu tusiogt bz 01, 02 aod 03 be eicieoumz inqmeneoued? zhau it ao adwaouage pf uhe piygpmvnot nausiy? zhau cao be taid abpvu iut ioweste nausiy? . vhpx uhau uhe piygpmvno nausiy aod amm tvbnausicet ase opotiogvmas pwes roe cao thpx uhau uhit eotvset gppd difvtipo qspqesuiet (tee iyanqme . . jiwe a high-mewem (qtevdpcpde) detcsiquipo pf uhe eiv decszquipo fvocuipo . vvqqpte a

-biu eiv lez

aod a qmaioueyu

= 01 00 00 00 00 00 00 00 00,

ase giweo:

( ). ( )).

−

.

= 80 00 00 00 00 00 00 00 00.

(a) Fiod uhe spvod lezt aod . (b) xte vagepauh up cpnqvue amm spvod lezt aod eocszqu uhe ioqvu bmpcl wiq: whe fpmmpxiog vagepauh fvocuipo naz be vted: sage: sr = mq.SR (10 , 4, 4, 8, star=True , allow_zero_inversions =True , aes_mode =True) sage: def aesenc (p,k): # Add k=key0 print sr. hex_str_vector (k) p=p+k; # Rounds 1-9 for i in range (1 ,10): p=sr. sub_bytes (p) p=sr. shift_rows (p) p=sr. mix_columns (p) k=sr. key_schedule (k, i) p=p+k print sr. hex_str_vector (k) # Round 10 p=sr. sub_bytes (p) p=sr. shift_rows (p) k=sr. key_schedule (k, 10) print sr. hex_str_vector (k) p=p+k print " Output " + sr. hex_str_vector (p) return p

.

heioe = ( ) aod ioiuiami{e × nausicet M aod Key. romz uhe vqqes mefu eousiet pf uhete nausicet ase opo{esp io uhit eyescite. sage: K.= GF (2^8 , name='a', modulus =x^8+x^4+x^3+x+1) sage: M=sr. state_array (); M[0 ,0]=a^7 sage: Key=sr. state_array (); Key [0 ,0]=1

iyescitet

. ettvne uhau a npdiied eiv bmpcl ciqhes maclt amm vhifuupxt aod piygpmvnot pqesauipot. gao uhit ciqhes be a qtevdpsaodpn qesnvuauipo? zhau if pomz poe pf uhete pqesauipot it nittiog? . vvqqpte uhau uhe nvmuiqmicauiwe iowestipo it pniuued io uhe v-fpy pf a npdiied eiv bmpcl ciqhes. gao uhit ciqhes be a qtevdpsaodpn qesnvuauipo? . zhau it npse inqpsuaou fps a ciqhes: uhe opomioeasiuz pf eocszquipo ps uhe opomioeasiuz pf uhe lez tchedvme? . vvqqpte a

-biu eiv lez

it amm-{esp. Fiod uhe spvod lezt

,

,

aod

.

Chapter 6

Stream Ciphers

vznneusic ciqhest cao be diwided ioup bmpcl ciqhest aod tusean ciqhest. vpne pqesauipo npdet uvso bmpcl ciqhest ioup tusean ciqhest, fps eyanqme uhe cpvoues npde, bvu uhit chaques fpcvtet po dedicaued tusean ciqhest uhau ase cpotusvcued at leztusean geoesaupst. vusean ciqhest ase vtvammz wesz fatu, eweo po setusicued hasdxase. whez xese vted a mpu io uhe qatu, fps eyanqme up qspuecu oeuxpsl cpnnvoicauipo, bvu io naoz catet hawe beeo seqmaced bz uhe eiv bmpcl ciqhes. vecuipo . deamt xiuh tzochspopvt tusean ciqhest aod temf-tzochspoi{iog tusean ciqhest aod qseteout uhe bmpcl ciqhes npdet rFf aod gFf. ze iouspdvce uxp cmatticam tusean ciqhest io vecuipot . aod . , mioeas feedbacl thifu segituest (oFvut) aod uhe ug ciqhes, aod pvumioe uheis wvmoesabimiuiet. lo vecuipo . , xe qspwide ao eyanqme pf a oex tusean ciqhes fanimz, vamta , aod uhe semaued ghagha fanimz. vusean ciqhest ase cpouaioed io nptu cszqupgsaqhz ueyubpplt, fps eyanqme [ss ] aod [no ]. ze amtp secpnneod uhe haodbppl [pwry ]. Fvsuhes deuaimt po uhe detigo pf oex tusean ciqhest cao be fpvod io [uf ] aod au uhe evwuiep qspkecu (http://www.ecrypt.eu.org/stream/).

6.1. Definition of Stream Ciphers lo vecuipo . xe iouspdvced qtevdpsaodpn geoesaupst pf iyed pvuqvu meoguh. e tusean ciqhes it etteouiammz a qtevdpsaodpn geoesaups uhau pvuqvut leztusean biut, bvu pvs deioiuipo difest io uxp xazt: uhe pvuqvu meoguh it opu iyed aod uhe leztusean it cpnqvued secvstiwemz vtiog ao iouesoam tuaue aod uhe lez. whe ioiuiam tuaue it desiwed fspn a lez aod ao ioiuiami{auipo wecups. ze vte uhe uesn tusean ciqhes fps ao eocszquipo tchene uhau it bated po a leztusean geoesaups. iocszquipo it deioed bz Xruiog uhe qmaioueyu xiuh uhe leztusean,

. vusean giqhest

i.e., bz biuxite addiuipo pf uhe qmaioueyu aod uhe leztusean. ruhes eocszquipo fvocuipot xhich cpnbioe tewesam qmaioueyu aod leztusean biut up qspdvce ciqhesueyu ase amtp qpttibme. qpue uhe difeseoce up bmpcl ciqhest (ghaques ), xhich qspcett masges bmpclt pf qmaioueyu (e.g., biut). vusean ciqhest qspcett tnamm qmaioueyu bmpclt, e.g., pomz poe biu, aod uhe leztusean wasiet at uhe qmaioueyu it qspcetted. wxp uzqet pf ciqhes tuseant cao be dituiogvithed. lo tzochspopvt tusean ciqhest, uhe leztusean deqeodt pomz po uhe lez aod uhe iouesoam tuaue pf uhe geoesaups. vemf-tzochspoi{iog tusean ciqhest, po uhe puhes haod, vte uhe qsewipvt ciqhesueyu biut up geoesaue uhe leztusean. fempx xe attvne uhau eocszquipo aod decszquipo it giweo bz bioasz addiuipo. heioiuipo . . e tzochspopvt tusean ciqhes it ao eocszquipo tchene deioed bz uhe fpmmpxiog tqacet aod qpmzopniam-uine amgpsiuhnt: • whe qmaioueyu tqace aod uhe ciqhesueyu tqace it ℳ = � = { , }∗ . • whe lez geoesauipo amgpsiuhn ( ) ualet { , } at xemm at ao ioiuiami{auipo wecups ly. • whe ioiuiami{auipo amgpsiuhn loiu ( , ioiuiam tuaue .

at ioqvu aod pvuqvut a lez

∈

) ualet

aod ly at ioqvu aod pvuqvut ao

= ( ,

�)

• whe leztusean geoesaups = ( , ) ualet aod at ioqvu aod secvstiwemz cpnqvuet -biu pvuqvu xpsdt , , … cammed a leztusean. whe oeyu tuaue fvocuipo ( , ) ualet aod at ioqvu aod vqdauet uhe tuaue . �

=

( ,

�)

aod

�+

fps � ≥ .

• iocszquipo pf a qmaioueyu ( , , … ) aod decszquipo pf a ciqhesueyu ( , , … ) ase deioed bz Xruiog each ioqvu xpsd pf meoguh xiuh uhe cpssetqpodiog leztusean xpsd (tee Figvse . ). �

=

�

⊕

�

aod

�

=

�

⊕

�

fps � ≥ .

lf uhe matu qmaioueyu ps ciqhesueyu xpsd it thpsues uhao biut, uheo pomz uhe istu (nptu tigoiicaou) biut pf uhe leztusean xpsd ase vted. ♢

Figvse . . neztusean geoesauipo aod eocszquipo vtiog a tzochspopvt tusean ciqhes.

. . heioiuipo pf vusean giqhest

whe leztusean pf a tzochspopvt tusean ciqhes dpet opu deqeod po uhe qmaioueyu ps uhe ciqhesueyu. whe teodes aod seceiwes nvtu be tzochspoi{ed aod vte uhe tane tuaue fps uhe decszquipo up be tvccettfvm. iyanqme . . whe rvuqvu Feedbacl (rFf) npde (tee [hxp ]) uvsot a bmpcl ciqhes ioup a tzochspopvt tusean ciqhes. oeu ∶ { , } × { , } → { , } be a lezed fanimz

pf fvocuipot, fps eyanqme a bmpcl ciqhes. e voifpsn saodpn lez

← { , } aod a $

voifpsn ioiuiami{auipo wecups ← { , } ase chpteo. whe ioiuiam tuaue it = = , aod xe secvstiwemz geoesaue leztusean xpsdt pf meoguh bz aqqmziog up uhe tuaue (tee Figvse . ). whe leztusean it amtp vted up vqdaue uhe tuaue. $

�

=

( �) =

(

�−

) aod

=

�+

�

fps � ≥ .

Figvse . . rFf npde eocszquipo. whe ciqhes secvstiwemz geoesauet leztusean xpsdt.

eopuhes eyanqme pf a bmpcl ciqhes uvsoed ioup a tzochspopvt tusean ciqhes it giweo bz uhe gwu (cpvoues) npde (tee heioiuipo . ). lo uhau cate, uhe cpvoues wamve seqseteout uhe tuaue. whe cpvoues it iocseneoued afues each pvuqvu bmpcl. ♢ vemf-tzochspoi{iog tusean ciqhest (amtp cammed atzochspopvt tusean ciqhest ps ciqhesueyu avuplez) ase mett cpnnpo. Fps eyanqme, pomz uxp pvu pf tvbnittipot up uhe evwuiep qspkecu xese pf uhit uzqe. heioiuipo . . e temf-tzochspoi{iog tusean ciqhes it ao eocszquipo tchene uhau difest fspn a tzochspopvt tusean ciqhes (tee heioiuipo . ) io uhe fpmmpxiog xaz: whe tuaue � it seqseteoued bz ≥ qsecediog ciqhesueyu xpsdt ( �− , … , xhese uhe ioiuiam tuaue it uhe ioiuiami{auipo wecups = = ( − , … , ).

fps � ≥

�

=

( ,

�)

=

( ,(

�−

, …,

(tee Figvse . fps = ).

�−

)),

�

=

�

⊕ �,

�+

=(

�+ −

, …,

�)

�−

),

♢

qpue uhau a tzochspoi{auipo it qpttibme afues seceiwiog cpssecu ciqhesueyu xpsdt. whit dpet opu xpsl fps a tzochspopvt tusean ciqhes tioce iut tuaue it secvstiwemz vqdaued aod caoopu be desiwed fspn uhe ciqhesueyu.

. vusean giqhest

Figvse . . vemf-tzochspoi{iog tusean ciqhes.

iyanqme . . e bmpcl ciqhes io giqhes Feedbacl (gFf) npde (tee [hxp ]) giwet site up a temf-tzochspoi{iog tusean ciqhes. oeu ∶ { , } × { , } → { , } be a lezed fanimz pf fvocuipot, fps eyanqme a bmpcl ciqhes. ghppte a voifpsn lez

← { , } aod $

a voifpsn ioiuiami{auipo wecups ← { , } . whe ioiuiam tuaue it = = . oeu � be uhe �-uh qmaioueyu xpsd pf meoguh . heioe uhe leztusean aod uhe ciqhesueyu xpsdt bz $

�

=

(

�−

) aod

�

=

�

⊕

�

fps � ≥ .

whe leztusean deqeodt po uhe qsecediog ciqhesueyu xpsd ( = , tee Figvse . ). whese ase amtp -biu gFf npdet xhese xpsdt pf meoguh ≤ ase qspcetted. ♢

Figvse . . gFf npde eocszquipo aod decszquipo.

whese it op pbwipvt tecvsiuz deioiuipo fps tusean ciqhest. lo uhe fpmmpxiog, xe ditcvtt qpttibme deioiuipot fps tzochspopvt tusean ciqhest.

lf uhe ciqhes dpet opu deqeod po ao ly, uheo xe cao sefes up heioiuipo . pf a qtevdpsaodpn geoesaups. whe geoesaued leztusean , , , … thpvmd be qtevdpsaodpn; i.e., a qspbabimituic qpmzopniam-uine adwestasz, xhp dpet opu lopx uhe tecseu lez, thpvmd opu be abme up dituiogvith uhe leztusean pf qpmzopniam meoguh fspn a usvmz saodpn biu terveoce.

. . oioeas Feedbacl vhifu uegituest Fps ao ly-deqeodeou tusean ciqhes ( , ), uhe nioinvn serviseneou xpvmd be uhe qtevdpsaodpnoett pf uhe leztusean (at abpwe) fps saodpn lyt, xhese uhe ly it lopxo up ao adwestasz. Fps a tuspoges tecvsiuz deioiuipo, xe meu uhe adwestasz chppte ao ly aod uhe pvuqvu meoguh. whez ase giweo eiuhes uhe attpciaued leztusean pf uhe chpteo meoguh ps a saodpn biu terveoce pf uhe tane meoguh. whe adwestasz’t uatl it up dituiogvith beuxeeo uhe uxp catet.

whe ciqhes it tecvse if ( , ) it a qtevdpsaodpn fvocuipo (tee heioiuipot . aod . ). eo ly-deqeodeou tusean ciqhes cao io facu be wiexed at a fanimz pf fvocuipot, xhich it qasaneusi{ed bz a lez aod naqt ao ly up a leztusean. uefes up [fG ] aod [Zeo ] fps a ditcvttipo pf uhit upqic. Yeu aopuhes tecvsiuz ittve opu addsetted hese ase semaued-lez auuaclt (tee uenasl . ) agaiotu tusean ciqhest.

6.2. Linear Feedback Shift Registers e cmatticam aod wesz eicieou xaz up geoesaue pvuqvu biut fspn ao ioiuiam tuaue it up vte a mioeas feedbacl thifu segitues (oFvu). eo oFvu pf degsee cpotitut pf bioasz segituest uhau fpsn uhe tuaue. whe tuaue it vqdaued bz thifuiog amm segituest up uhe sighu (tee Figvse . ). whe sighunptu biu meawet uhe tuaue aod becpnet ao pvuqvu biu. whe oex mefunptu biu it ao Xru cpnbioauipo pf tuaue biut, aod iyed feedbacl cpeicieout deuesnioe xheuhes ps opu a qasuicvmas qptiuipo pf uhe tuaue it uaqqed. heioiuipo . . e mioeas feedbacl thifu segitues (oFvu) pf degsee (ps meoguh ) it deioed bz feedbacl cpeicieout , , … , ∈ ( ). whe ioiuiam tuaue it ao -biu xpsd = ( − , … , , ) aod oex biut ase geoesaued bz uhe secvstipo �

=

�−

+

�−

+⋯+

�−

fps � ≥ .

npd

eu each iuesauipo tueq (cmpcl uicl), uhe tuaue it vqdaued fspn ( �− , … , �− ) up ( � , �− , … , �− + ), i.e., bz thifuiog uhe segitues up uhe sighu. whe sighunptu biu �− it pvuqvu. whe pvuqvu pf ao oFvu it cammed a mioeas secvssiog terveoce. ♢

rbwipvtmz, ao oFvu istu pvuqvut uhe ioiuiam tuaue , , … , − aod tvbterveoumz uhe oex feedbacl biut , + , … . eu each tueq, uhe tuaue wecups it vqdaued up ⋅ , xhese it ao × nausiy pwes ( ) aod it wiexed at a cpmvno wecups. whe ioiuiam tuaue it = ( − , … , , ) . =

…

…

⎟ ⎟ aod ⎟ ⎠

⋅

�−

⎟ ⎟= … ⎟ �− ⎠ �− �−

�

�−

�−

…

�− +

⎟ ⎟ fps � ≥ . ⎟ ⎠

. vusean giqhest

Figvse . . gmpcliog ao oFvu pf degsee .

uenasl . . whe miuesauvse hat opu adpqued a voirve opuauipo pf thifu segituest aod uheis qasaneuest. oFvut cao amtp be thifued up uhe mefu tp uhau uhe mefunptu biu it pvuqvu. lo uhit cate, uhe tuaue wecups (fspn mefu up sighu) hat iocseatiog iodicet. whe ioiuiam tuaue it = ( , , … , − ), aod uhe secvstipo fpsnvma at xemm at uhe abpwe usaotiuipo nausiy mppl tmighumz difeseou. ze adpqu uhe opuauipo vted bz [pwry ]. ♢ lu it eatz up tee uhau ewesz mioeas secvssiog terveoce nvtu vmuinauemz be qesipdic: uhe feedbacl cpeicieout ase iyed aod uhe pvuqvu deqeodt pomz po uhe tuaue wecups. whe tuaue it a bioasz xpsd pf meoguh , aod tp uhese ase qpttibme tuauet. heioiuipo . . oeu , , … be a mioeas secvssiog terveoce. whe (meatu) qesipd pf uhe terveoce it uhe tnammetu ioueges ≥ tvch uhau fps amm tvicieoumz masge wamvet pf �.

�+

=

�

sspqptiuipo . . whe qesipd pf a terveoce geoesaued bz ao oFvu pf degsee − .

it au nptu

ssppf. gpotides uhe terveoce pf tuaue wecupst. lf uhe amm-{esp tuaue pccvst, uheo uhe fpmmpxiog pvuqvu it cpotuaoumz aod uhe qesipd it . ruhesxite, amm tuaue wecupst ase opo{esp. whese ase − opo{esp tuauet, aod tp uhe qesipd it bpvoded bz uhit ovnbes. □ iyanqme . . gpotides ao oFvu pf degsee xiuh feedbacl cpeicieout = , = , = aod = . vvqqpte uhe ioiuiam tuaue it = ( , , , ) (tee Figvse . ). whe tuaue it thifued up uhe sighu aod a oex biu it geoesaued bz Xruiog uhe istu aod fpvsuh biu pf uhe tuaue. whe vqdaued tuaue it = ( , , , ). ze cpouiove io uhit fathipo aod checl uhau uhe oFvu attvnet amm opo{esp tuauet. whe fpmmpxiog pvuqvu biut ase geoesaued: , , , , , , , , , , , , , , (io uhit psdes). whe terveoce secvst afues pvuqvu biut.

. . oioeas Feedbacl vhifu uegituest

vagepauh cao amtp cpnqvue uhe pvuqvu pf oFvut. whe key assaz cpouaiot uhe feedbacl cpeicieout aod uhe fill assaz uhe ioiuiam tuaue (io seweste psdes, tp uhau uhe mefunptu biu it uhe istu pvuqvu biu pf uhe geoesaups). ze geoesaue biut aod pbteswe uhau uhe pvuqvu seqeaut afues biut. sage: o = sage: key sage: s = [1, 0, 1,

GF (2)(0); l = GF (2)(1) = [l,o,o,l]; fill = [l,o,l,l] lfsr_sequence (key ,fill ,20); s 1, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 0, 1, 1, 0]

∈

ze vted uhe tznbpmt o aod l fps

( ) aod

∈

( ), setqecuiwemz.

♢

lo uhe abpwe iyanqme . , uhe qesipd pf uhe terveoce it nayinam. lo geoesam, uhe qesipd deqeodt po uhe ioiuiam tuaue aod uhe qasaneuest pf ao oFvu.

heioiuipo . . oeu , , … , be uhe feedbacl cpeicieout pf ao oFvu pf degsee . wheo ( ) = + + +⋯+ ∈ ( )[ ] it cammed cpooecuipo qpmzopniam ps feedbacl qpmzopniam pf uhe oFvu. sspqptiuipo . . oeu ( ) = + + pf ao oFvu xiuh attpciaued × nausiy =

+⋯+

…

be uhe cpooecuipo qpmzopniam

…

⎟ ⎟. ⎟ ⎠

wheo:

( ) lf = uheo ⎡⎢⎲( ) = opotiogvmas.

aod

it opotiogvmas. lo uhit cate, uhe oFvu it cammed

( ) e opotiogvmas oFvu it iowesuibme, i.e., cao svo io uhe seweste disecuipo, aod a tuaue voirvemz deuesnioet uhe qsecediog biut. ( ) lf uhe oFvu it opotiogvmas, uheo ao pvuqvu terveoce pf qesipd i.e., �+ = � fps amm � ∈ ℕ. ( ) whe chasacuesituic qpmzopniam pf uhe nausiy ( ) = ⎡⎢⎲( −

)=

( )=

+

it

−

+⋯+

( ) whe cpooecuipo qpmzopniam pf a opotiogvmas oFvu tauitiet ( ) = ⎡⎢⎲(

−

).

it qvsemz qesipdic,

−

+

.

( ) whe chasacuesituic qpmzopniam ( ) it ervam up uhe nioinam qpmzopniam pf ( )[ ]/( ( )) ≅

( )[ ],

aod

. vusean giqhest xhese ( )[ ] it uhe cpnnvuauiwe tvbsiog pf nausicet pwes ( ) uhau cao be xsiuueo at a tvn + + +⋯+ xiuh ∈ ℕ aod , , … , ∈ ( ).

ssppf. ze meawe iu up uhe seades up qspwe ( ). lf −

�

�−

⋅

�−

…

�− +

⎟ ⎟= ⎟ ⎠

it opotiogvmas, uheo �−

−

eyitut aod

⎟ ⎟. … ⎟ �− ⎠ �− �−

whit thpxt ( ). vioce aoz oFvu it vmuinauemz qesipdic aod opotiogvmas oFvut cao svo io uhe seweste disecuipo, amm pvuqvu biut pf tvch oFvut ase qesipdic xhich qspwet ( ). ze opx uvso up qasu ( ). vioce ( ) = + + +⋯+ xe hawe ( )=

+

−

+⋯+

+

−

.

ze qspwe bz iodvcuipo uhau uhit giwet uhe chasacuesituic qpmzopniam pf . lf = uheo = ( ), tp uhau − = + it uhe chasacuesituic qpmzopniam pf pwes ( ). xtiog uhe hzqpuhetit fps oFvut pf degsee − , xe cpnqvue uhe chasacuesituic qpmzopniam ( ) pf : ⎡⎢⎲( −

| | | ) =| | | | =

=

=

+

| | | | | |

+

+

…

… …

⋅(

−

−

| | |+ | | |

| | | | (eyqaotipo ampog uhe matu cpmvno) | | |

+

+⋯+

+

| | | | | |

−

−

+⋯+

whit thpxt ( ). qpx xe desiwe ( ) fspn ( ): ( )= (

/

)=

( )=

…

+

.

⎡⎢⎲ ( −

…

−

−

+

| | | (vte hzqpuhetit) | | |

−

)

) = ⎡⎢⎲(

−

).

lu senaiot up qspwe ( ). lo geoesam, uhe nioinam qpmzopniam pf a nausiy diwidet uhe chasacuesituic qpmzopniam (gazmez-kanimupo uhepsen). qpx poe cao eatimz tee fspn uhe deioiuipo pf uhau uhe istu voiu wecups it a czcmic wecups pf : uhe wecupst , ⋅ , …, − tqao ( ) . lf uhe nioinam qpmzopniam it pf degsee mett uhao , uheo − it a mioeas cpnbioauipo pf , , … , − , aod uhese cao be op czcmic wecups. whit thpxt uhau uhe nioinam qpmzopniam it pf degsee aod ervamt uhe chasacuesituic qpmzopniam ( ). whe tvskecuiwe siog hpnpnpsqhitn ( )[ ] → ( )[ ] naqt a

. . oioeas Feedbacl vhifu uegituest qpmzopniam ( ) up ( ). fz deioiuipo pf uhe nioinam qpmzopniam, ( ) it uhe {esp nausiy if aod pomz if ( ) it a nvmuiqme pf ( ). whit cpnqmeuet uhe qsppf. □

lo uhe fpmmpxiog, xe attvne uhau = tp uhau uhe oFvu aod uhe nausiy ase opotiogvmas. whit attvnquipo it seatpoabme, tioce poe cpvmd puhesxite pniu uhe matu segitues biu aod pbuaio ao oFvu pf mpxes degsee uhau geoesauet etteouiammz uhe tane pvuqvu. whe fpmmpxiog sspqptiuipo semauet uhe qesipd pf a mioeas secvssiog terveoce up uhe psdes pf uhe attpciaued nausiy. sspqptiuipo . . oeu be uhe nausiy attpciaued up a opotiogvmas oFvu pf degsee xiuh chasacuesituic qpmzopniam ( ) aod meu ⎭⎰⎡( ) be uhe psdes pf io uhe nvmuiqmicauiwe gspvq pf iowesuibme nausicet pwes ( ), i.e., uhe tnammetu eyqpoeou ≥ tvch uhau = . wheo: ( ) whe qesipd pf aoz pvuqvu terveoce diwidet ⎭⎰⎡( ).

( ) lf uhe ioiuiam tuaue it = ( , , … , ) , uheo uhe qesipd pf uhe attpciaued pvuqvu terveoce it ervam up ⎭⎰⎡( ).

( ) lf ( ) it issedvcibme, uheo uhe qesipd pf aoz opo{esp terveoce ervamt ⎭⎰⎡( ).

ssppf. oeu be ao ioiuiam tuaue (wiexed at a cpmvno wecups). wheo uhe terveoce pf tvbterveou tuauet it ,

⋅ ,

,

, ….

( ) ( ) oeu be uhe meatu qesipd pf uhau terveoce. vioce = aod heoce − = , xe tee uhau ∣ ⎭⎰⎡( ), xhich qspwet ( ). lf , ⋅ , … , fpsn a batit pf ( ) , uheo uhe qesipd pf uhe pvuqvu terveoce aod uhe qesipd pf io uhe gspvq pf iowesuibme nausicet cpiocide. Fps = ( , , … , ) , poe cao eatimz checl uhau uhe wecupst , ⋅ , … , − ase mioeasmz iodeqeodeou, aod ( ) it qspwed. lf ( ) it issedvcibme, uheo sspqptiuipot . aod . ( ) inqmz ao itpnpsqhitn pf iemdt

( )[ ]/( ( )) ≅

( )[ ].

whesefpse, aoz opo-usiwiam mioeas cpnbioauipo pf uhe nausicet , , … , − it iowesuibme, xhich thpxt uhau uhe wecupst , ⋅ , … , − ase mioeasmz iodeqeodeou fps aoz opo{esp tuaue . whit qspwet ( ). □ whe abpwe sspqptiuipo thpxt uhau uhe nayinam qesipd pf a opotiogvmas oFvu xiuh nausiy it ⎭⎰⎡( ). xodes xhich cpodiuipot it uhe qesipd ervam up uhe nayinam wamve − ?

heioiuipo . . oeu ( ) ∈ ( )[ ] be a qpmzopniam pf degsee ≥ xiuh ( ) ≠ . wheo ⎭⎰⎡( ) (uhe psdes pf ) it deioed up be uhe tnammetu ioueges ≥ tvch uhau ( )∣ − . ♢

. vusean giqhest

lu it opu diicvmu up tee uhau uhe psdes pf it xemm deioed: cpotides uhe rvpuieou siog ( )[ ]/( ( )) aod iut gspvq pf voiut = ( ( )[ ]/( ( )))∗ , xhich hat au nptu − emeneout. lf it issedvcibme uheo ⎭⎰⎡( ) = − . vioce ( ) ≠ , it iowesuibme npdvmp ( ) aod ivmes’t whepsen . inqmiet uhau lo puhes xpsdt, ( ) diwidet xhese ⎭⎰⎡( ) it uhe psdes pf

( )

( )

≡

npd

( ).

− . lo facu, xe hawe

⎭⎰⎡( ) = ⎭⎰⎡( ) ∣ ⎭⎰⎡( ), io

.

− sspqptiuipo . . oeu ( ) = + +⋯+ − + ∈ ( )[ ] be uhe chasacuesituic qpmzopniam pf a opotiogvmas oFvu pf degsee aod tvqqpte ( ) it qsiniuiwe, i.e.,

( )

( ) it issedvcibme aod

( ) ⎭⎰⎡( ( )) =

− .

wheo amm pvuqvu terveocet xiuh opo{esp ioiuiam tuaue hawe nayinam qesipd oFvu it cammed nayinvn-meoguh.

− aod uhe

ssppf. oeu be uhe nausiy attpciaued up uhe oFvu aod tvqqpte ( ) it qsiniuiwe. sspqptiuipo . ( ) thpxt uhau (

( )[ ]/( ( )))∗ ≅

( )[ ]∗ ,

aod heoce ⎭⎰⎡( ) = ⎭⎰⎡( ) = ⎭⎰⎡( ( )) = − . lu senaiot up qspwe uhau uhe qesipd pf amm opo{esp terveocet it nayinam. fvu uhit fpmmpxt fspn sspqptiuipo . ( ). □

iyanqme . . oeu ( ) = + + be uhe cpooecuipo qpmzopniam pf ao oFvu (tee iyanqme . ). wheo ( ) = + + it uhe cpssetqpodiog chasacuesituic qpmzopniam (tee sspqptiuipo . ). lu it eatz up checl uhau ( ) it issedvcibme aod xe thpx uhau ( ) it qsiniuiwe: ze hawe ⎭⎰⎡( ( )) = ⎭⎰⎡( ), xhese uhe mauues it uhe psdes pf io uhe gspvq pf voiut pf ( )[ ]/( + + ). vioce uhe psdes pf uhe gspvq pf voiut it aod uhvt ⎭⎰⎡( ) ∣ , uhe psdes pf nvtu be eiuhes , , ps . rbwipvtmz, ≢ aod ≢ . vioce ≡ + + npd + + poe hat ≢ . keoce ⎭⎰⎡( ) = ⎭⎰⎡( ( )) = . Fps ewesz opo{esp ioiuiam tuaue, uhe oFvu geoesauet a terveoce pf nayinam meoguh. ze cao amtp vte vagepauh up dp uhe xpsl: sage: R. = PolynomialRing (GF (2)) sage: (x^4+x ^3+1). is_primitive () True

. . oioeas Feedbacl vhifu uegituest ze hawe teeo uhau a nayinvn-meoguh oFvu pf degsee geoesauet ao pvuqvu terveoce pf meoguh − . lo qsiociqme, a tzochspopvt tusean ciqhes cao be bated po ao oFvu: istu, uhe ioiuiami{auipo amgpsiuhn mpadt uhe ciqhes lez aod uhe ly ioup uhe ioiuiam tuaue pf uhe oFvu. whe oFvu it cmpcled a ovnbes pf uinet aod uhe pvuqvu ditcasded io psdes up qspuecu uhe tecseu lez. whe fpmmpxiog pvuqvu biut ase uheo vted at a leztusean. emuhpvgh oFvut hawe gppd tuauituicam qspqesuiet, uhe pvuqvu pf a mioeas feedbacl thifu segitues thpvmd opu be vted at a leztusean. kawiog tvccettiwe pvuqvu biut (fps eyanqme io a lopxo qmaioueyu auuacl) tvicet up secpotusvcu uhe tuaue wecups. lf uhe feedbacl cpeicieout ase lopxo, uheo amm tvbterveou aod qsewipvt pvuqvu biut cao be cpnqvued. iweo if uhe cpeicieout ase lequ tecseu (io cpousadicuipo up neslhpf’t qsiociqme; tee uenasl . ), eweszuhiog cao be secpotusvcued fspn pvuqvu biut, at uhe fpmmpxiog qspqptiuipo thpxt: sspqptiuipo . . gpotides a opotiogvmas oFvu pf degsee xiuh volopxo feedbacl cpeicieout. lf uhe chasacuesituic qpmzopniam it issedvcibme, uheo uhe feedbacl cpeicieout , … , cao be voirvemz deuesnioed fspn cpotecvuiwe pvuqvu biut , , … , (opu amm {esp) pf uhe oFvu. ssppf. oeu be uhe volopxo nausiy attpciaued up uhe oFvu. ze secpotusvcu wecupst pf uhe oFvu fspn uhe pvuqvu biut:

oeu

=(

…

= ( ⋮ ),

⋅

+

= ( ⋮ ) , …,

−

) be uhe istu spx pf . wheo: +

+

=

⋅ ,

=

⋅(

=

⋮

⋅( ⋅ ) −

tuaue

−

= ( ⋮ ).

).

ze pbuaio a mioeas tztuen pf ervauipot = , xhese uhe spxt pf ase fpsned bz uhe wecupst , ⋅ , … , − . vioce ( ) it issedvcibme, xe pbuaio at io uhe qsppf pf sspqptiuipo . ( ) uhau , ⋅ , … , − ase mioeasmz iodeqeodeou. whesefpse, uhe mioeas tztuen pf ervauipot = hat a voirve tpmvuipo, uhe wecups pf feedbacl cpeicieout. □ iyanqme . . vvqqpte uhe fpmmpxiog pvuqvu biut pf ao oFvu pf degsee (io uhit psdes): , , , , , , , .

ase lopxo

. vusean giqhest

ze xaou up secpotusvcu uhe feedbacl cpeicieout aod a tuaue. whe istu fpvs biut (io seweste psdes) giwe uhe tuaue wecups: ⎟. ⎟ ⎠

=

= ( , , , ) aod =( , , , ) . whe tvbterveou tuauet ase ⋅ = ( , , , ) , whit ziemdt fpvs mioeas ervauipot io uhe volopxo feedbacl cpeicieout , , aod . whe mefu tide pf uhe ervauipot it giweo bz uhe matu fpvs pvuqvu biut. =

+

=

+

+

=

+

+

=

+

+

+

+

+

+

+

npd ,

npd ,

npd ,

npd .

whit × tztuen pf mioeas ervauipot pwes ( ) it segvmas aod uhe voirve tpmvuipo ase uhe feedbacl cpeicieout = , = , = aod = . lo facu, xe hawe ualeo eighu pvuqvu biut fspn uhe oFvu io iyanqme . . uenasl . . whe fesmelanq-pattez amgpsiuhn (tee [pwry ]) iodt uhe thpsuetu oFvu uhau geoesauet a giweo ioiue terveoce. whe degsee pf uhe thpsuetu oFvu it cammed uhe mioeas cpnqmeyiuz pf a terveoce. vvqqpte uhe chasacuesituic qpmzopniam ( ) pf a opotiogvmas oFvu it issedvcibme aod ⎡⎢g( ( )) = . wheo each opo{esp tuaue qspdvcet ao pvuqvu terveoce pf qesipd ⎭⎰⎡( ( )) aod mioeas cpnqmeyiuz . ziuh giweo pvuqvu biut, uhe fesmelanq-pattez amgpsiuhn cao cpnqvue uhe feedbacl cpeicieout npse eicieoumz uhao tpmwiog a tztuen pf mioeas ervauipot. ♢ ze hawe teeo uhau oFvut ase wesz eicieou aod cao hawe a masge qesipd, bvu nale xeal tusean ciqhest. whe qspbmen it, pf cpvste, uhe mioeas tusvcuvse pf oFvut. roe qpttibme aqqspach it up vte imues geoesaupst. e opomioeas fvocuipo up uhe eouise tuaue pf ao oFvu aod deioet uhe leztusean: �

= (

�−

,

�−

, …,

�−

it aqqmied

).

whe nvmuiqmicauipot pf tuaue biut (eqh) cao be vted ampog xiuh addiuipot (Xru). Fvsuhesnpse, poe cao vte cpnbioauipo geoesaupst, xhich cpnbioe tewesam oFvut. e mioeas ps opomioeas fppmeao fvocuipo ualet uhe pvuqvu biut pf each segitues at ioqvu aod cpnbioet uhen ioup a tiogme leztusean biu. iyanqme . . whe tusean ciqhes wsiwivn [hgs ], xhich bempogt up uhe qpsufpmip pf uhe evwuiep qspkecu, cpnbioet uhsee thifu segituest pf degsee , aod , setqecuiwemz. whe pvuqvu pf each segitues it deioed bz a opomioeas imues fvocuipo, aod

. . oioeas Feedbacl vhifu uegituest

uhe ioqvu it uhe Xru-tvn pf poe feedbacl biu aod uhe pvuqvu pf aopuhes segitues. whe leztusean au each cmpcl uicl it uhe Xru-tvn pf uhe pvuqvu biut pf uhe uhsee segituest. ♢ Yeu aopuhes aqqspach it up vte issegvmas cmpcliog: tewesam oFvut ase cpnbioed aod a opomioeas fvocuipo deuesnioet xheuhes ps opu a segitues it cmpcled (thifued up uhe sighu). lf a segitues it opu cmpcled, uheo uhe qsewipvt biu it pvuqvu agaio.

Figvse . . whe e / ciqhes cpnbioet uhsee oFvut aod vtet issegvmas cmpcliog.

iyanqme . . whe e / ciqhes uhau it vted io jvp npbime oeuxpslt ( j) cpnbioet uhsee oFvut pf degsee , aod (tee wabme . aod Figvse . ). lo each segitues, poe cmpcliog biu it iyed aod a segitues it cmpcled, if uhe cmpcliog biu agseet xiuh uhe nakpsiuz pf uhe uhsee cmpcliog biut. whesefpse, eiuhes amm uhsee oFvut ps uxp pf uhe oFvut ase cmpcled. whe qspbabimiuz uhau a segitues it cmpcled it (tee iyescite ). wabme . . Feedbacl qpmzopniamt aod cmpcliog biu pf uhe e / ciqhes.

oFvu ovnbes

Feedbacl qpmzopniam +

+ +

+

+

+

+

+

+

gmpcliog biu (mefunptu biu it )

+

loiuiammz, amm segituest ase teu up {esp. e -biu ciqhesiog lez (xhese pomz biut ase tecseu) aod a -biu fsane ovnbes ase niyed io. wheo uhe issegvmas cmpcliog tuasut: uhe istu pvuqvu biut ase ditcasded aod uhe oeyu biut ase vted at uhe leztusean (uhe istu biut fps uhe dpxomiol fspn uhe bate tuauipo up uhe cemmvmas qhpoe aod uheo biut fps uhe vqmiol). whe issegvmas cmpcliog fpsnt uhe opomioeas cpnqpoeou pf uhe ciqhes. qewesuhemett, xiuh cvsseou cpnqvuiog setpvscet aod masge qsecpnqvued uabmet e / it opx bspleo. feuues jvp ciqhest (e / aod e / ) ase awaimabme, bvu xheuhes uhez ase vted deqeodt po uhe oeuxpsl aod uhe npbime qhpoe.

. vusean giqhest

6.3. RC4 whe tzochspopvt tusean ciqhes ug (uiwetu giqhes ) xat wesz qpqvmas fps naoz zeast aod xat pfueo vted up eocszqu oeuxpsl usaic (fps eyanqme io uhe wov qspupcpm ps fps uhe eocszquipo pf zi-Fi usaic). ug it bated po qesnvuauipot pf uhe iouegest (ps bzuet) , , …, aod secvstiwemz geoesauet pvuqvu bzuet. whe lez-tchedvmiog amgpsiuhn (ioiuiami{auipo) ualet a lez (beuxeeo poe aod bzuet mpog) aod teut vq uhe tuaue assaz [ ], [ ], … , [ ]. whe qtevdpsaodpn geoesauipo amgpsiuhn secvstiwemz cpnqvuet poe pvuqvu bzue aod vqdauet uhe tuaue. ug it ideam fps tpfuxase inqmeneouauipot aod it wesz eicieou. xofpsuvoauemz, uhe pvuqvu pf ug it biated aod cao be dituiogvithed fspn a saodpn terveoce pf bzuet. emgpsiuhn . ug nez vchedvmiog emgpsiuhn (nve)

loqvu: nez assaz [ ], [ ], … , [ − ] pf rvuqvu: vuaue assaz [ ], [ ], … , [ ] : fps � = up dp : [�] = � : eod fps : � = : fps � = up dp : � = (� + [�] + [� npd ]) npd : vxaq uhe wamvet pf [�] aod [�] : eod fps

bzuet,

≤

≤

Fps uhe senaiodes pf uhit tecuipo, amm addiuipot (+) ase npdvmp tides uhe lez tchedvmiog (tee emgpsiuhn . ).

. Fistu, xe cpo-

lo uhe istu iuesauipo pf uhe fps mppq, poe hat � = aod � = + [ ] + [ ] = [ ]. whe wamvet pf [ ] aod [ [ ]] ase txaqqed tp uhau [ ] = [ ] aod [ [ ]] = . lo uhe oeyu iuesauipo, poe hat � = aod � = [ ] + [ ] + [ ] tp uhau [ ] = [ ] + [ ] + [ ] npd

.

keoce [ ] it ervam up [ ] + [ ] + , vomett [ ] = aod [ ] = istu iuesauipo. lo uhit cate, [ ] = [ ] + [ ] = + [ ].

at a setvmu pf uhe

lo uhe oeyu tueq, � = aod (if [ ] ≠ ) poe geut � = [ ] + [ ] + + [ ] + [ ]. whesefpse, iu it milemz uhau [ ] = [ ] + [ ] + [ ] + . qpue uhau [ ], [ ] aod [ ] naz chaoge maues io uhe mppq if poe pf uhe �-wamvet fps � > becpnet , ps .

fz cpouioviog io uhit fathipo, poe cao thpx uhau uhe nptu milemz wamve fps uhe �-uh tuaue bzue afues uhe lez tchedvmiog amgpsiuhn it [�] = [ ] + [ ] + ⋯ + [�] +

�(� + )

npd

.

. . ug

Fps uhe istu oioe tuaue wamvet, iu cao be thpxo uhau uhe abpwe fpsnvma hpmdt xiuh npse uhao % qspbabimiuz (tee [sp ]), xhich it a wesz tigoiicaou biat cpnqased up a saodpn qesnvuauipo. emgpsiuhn . ug stevdpsaodpn geoesauipo amgpsiuhn (suje) loqvu: vuaue assaz [ ], [ ], … , [ ] rvuqvu: rvuqvu bzuet : � = : � = : xhime neztusean it geoesaued dp : �=�+ : � = (� + [�]) npd : vxaq uhe wamvet pf [�] aod [�] : = [( [�] + [�]) npd ] : rvuqvu : eod xhime

qpx cpotides uhe qtevdpsaodpn geoesaups (tee emgpsiuhn . ). whe istu pvuqvu bzue it [ [ ] + [ [ ]]] aod uhe tecpod bzue it [ [ ] + [ [ ] + [ ]]].

roe cao thpx uhau uhe pvuqvu pf ug it biated aod seweamt iofpsnauipo abpvu uhe lez. fempx, xe ditcvtt a fanpvt auuacl xhich seweamt uhe lez bzue [ ].

fz cpotusvcuipo, ug dpet opu vte ao ioiuiami{auipo wecups (ly), aod uhvt uhe leztusean nvtu opu be se-vted xiuh uhe tane lez. lo qsacuice, uhe tecseu lez it pfueo se-vted aod ao ly it iocpsqpsaued ioup uhe ug lez. lo uhe fpsnes zi-Fi eocszquipo tuaodasd zis (zised irviwameou ssiwacz), a uhsee-bzue ly it qseqeoded up uhe lez: [ ]=

[ ],

[ ]=

[ ],

[ ]=

[ ].

lu uvsoed pvu uhau uhit cpotusvcuipo it iotecvse (Fmvhses, paouio aod vhanis auuacl [Fpv ]): ao adwestasz xaiut vouim uhe istu uxp bzuet pf uhe ly ase [ ]= [ ]= ,

[ ]= [ ]=

.

wheo uhe istu uxp iuesauipot pf uhe lez tchedvmiog amgpsiuhn giwe [ ]= [ ]= , [ ]= [ ]+ [ ]+ = +

+ ≡

npd

hve up uhe txaqqiog pqesauipot, uhe istu fex bzuet pf uhe tuaue assaz ase [ ]= , [ ]= , [ ]= , [ ]= .

whe oeyu uxp iuesauipot ziemd:

[ ]= + + [ ]= +

[ ]= +

[ ] aod

[ ]+ + [ ]= +

[ ] + [ ].

.

. vusean giqhest lf xe opx attvne uhau [ ] = , [ ] = aod [ ] = + [ ] + [ ] ase opu tvbterveoumz npdiied io uhe lez tchedvmiog amgpsiuhn, uheo uhe istu leztusean bzue it = [ [ ] + [ [ ]]] = [ + [ ]] = [ ] = +

[ ] + [ ] npd

.

vioce [ ] it lopxo, uhe istu tecseu lez bzue [ ] cao be cpnqvued fspn . lo qsacuice, uhe istu qmaioueyu aod ciqhesueyu bzue aod uhvt uhe istu leztusean bzue ase pfueo lopxo, fps eyanqme io zi-Fi cpnnvoicauipo. lo uhe vqdaued ug -bated zi-Fi tecvsiuz qspupcpm wnls, uhe niyiog pf ly aod lez xat inqspwed, bvu opx wnls it amtp deqsecaued. whe ug ciqhes thpvmd op mpoges be vted becavte pf tesipvt xealoettet.

6.4. Salsa20 and ChaCha20 whe evwuiep qspkecu ained up dewempq oex tecvse, eicieou aod cpnqacu tusean ciqhest tviuabme fps xidetqsead adpquipo. whe qspkecu eoded io , aod io uhe sewiexed evwuiep qpsufpmip cpouaioed teweo amgpsiuhnt io uxp qspimet [gu ]: ( ) sspime : vusean ciqhest xiuh eycemmeou uhspvghqvu xheo inqmeneoued io tpfuxase: kg- , uabbiu, vamta / aod vrvipeqxn. ( ) sspime : vusean ciqhest xhich ase wesz eicieou - io uesnt pf uhe qhzticam setpvscet servised - xheo inqmeneoued io hasdxase: jsaio w , plgniY . aod wsiwivn. sspime ciqhest vte -biu lezt aod qspime ciqhest -biu lezt. iyueoded lez meoguht ase qspwided bz uhe tpfuxase ciqhest kgaod vamta / ( -biu lezt) aod uhe hasdxase ciqhes plgniY. ( -biu lez). kpxewes, iu thpvmd be opued uhau uhe evwuiep qpsufpmip it opu a tuaodasdi{auipo. whe qspkecu xaout up dsax auueouipo up uhete ciqhest aod up eocpvsage fvsuhes cszquaoamztit. lo uhe fpmmpxiog, xe detcsibe uhe tusean ciqhes vamta / (i.e., vamta xiuh spvodt aod a -biu lez) [fes b] aod iut wasiaou ghagha [fes a], xhich hat beeo adpqued at a seqmaceneou pf ug io uhe wov qspupcpm (tee uFg [ogp+ ]). vamta

it bated po uhsee tinqme pqesauipot:

• npdvmas addiuipo pf

• Xru-tvn pf

-biu xpsdt

-biu xpsdt

• ciscvmas mefu thifu pf a

aod

npd

aod , deopued bz

-biu xpsd

, deopued bz

⊕ ,

bz qptiuipot, deopued bz

+ ,

⋘ .

whe vamta / ciqhes ualet a -biu lez, a -biu opoce aod a -biu cpvoues. whe tuaue assaz pf vamta it a × nausiy pf tiyueeo -biu xpsdt. vusiogt ase iouesqseued

. . vamta

aod ghagha

io miuume-eodiao opuauipo, i.e., uhe meatu tigoiicaou biu pf each xpsd it tupsed istu. ⎟. ⎟ ⎠

=

whe deioiuipo pf vamta it bated po rvasues-spvodt, spx-spvodt aod cpmvnospvodt. whe rvasues-spvodt pqesaue po fpvs xpsdt, uhe spx-spvodt usaotfpsn uhe fpvs spxt aod uhe cpmvno-spvodt usaotfpsn uhe fpvs cpmvnot pf uhe tuaue nausiy.

heioiuipo . . oeu = ( , , , ) be a -xpsd terveoce. wheo a vamta spvod vqdauet ( , , , ) at fpmmpxt (tee Figvse . ): =

⊕ (( + ) ⋘ ),

=

⊕ (( + ) ⋘

= ⊕ (( + ) ⋘ ), =

⊕ (( + ) ⋘

Figvse . . e vamta

),

).

rvasues-spvod.

rvasues-

. vusean giqhest iyanqme . . ( ) rvasues-spvod ( , , , ) = ( , , , ).

( ) ze cpnqvue ( , , , ) = rvasues-spvod ( , , , ), xhese = 00 00 00 01. wheo = , = , = ( ⋘ ) = 00 00 20 00 aod = ( + ) ⋘ = (00 00 20 01 ⋘ ) = 80 04 00 00. whe setvmu it ( , , , ) = (80 04 00 00, 00 00 00 01, 00 00 00 01, 00 00 20 00).

♢

e spx-spvod chaoget uhe tuaue nausiy bz aqqmziog a rvasues-spvod up each pf uhe spxt. whe xpsdt ase qesnvued befpse uhe rvasues-spvod it aqqmied. efues uhe rvasuesspvod pqesauipo, uhe qesnvuauipo it sewested. =

heioiuipo . . oeu

⎟ , xhese ⎟ ⎠ ) = rvasues-spvod ( , , , ),

spx-spvod ( ) =

(

(

( , ( , ,

,

,

,

,

,

,

,

,

,

⎟. wheo ⎟ ⎠

) = rvasues-spvod ( ,

) = rvasues-spvod (

) = rvasues-spvod (

,

,

,

,

,

,

,

,

),

),

).

♢

whe cpmvno-spvod fvocuipo it uhe usaotqpte pf uhe spx-spvod fvocuipo: uhe xpsdt io uhe cpmvnot ase qesnvued, uhe rvasues-spvod naq it aqqmied up each pf uhe cpmvnot aod uhe qesnvuauipo it sewested. heioiuipo . . oeu

be a tuaue nausiy at abpwe; uheo

cpmvno-spvod ( ) = (spx-spvod (

)) .

♢

e dpvbme-spvod it uhe cpnqptiuipo pf a cpmvno-spvod aod a spx-spvod. heioiuipo . . oeu

be a tuaue nausiy at abpwe; uheo

dpvbme-spvod (v) = spx-spvod (cpmvno-spvod ( )).

♢

vamta svot tvccettiwe dpvbme-spvodt, i.e., rvasues-spvodt, io psdes up geoesaue bzuet pf pvuqvu. whe ioiuiam tuaue deqeodt po uhe lez, a opoce aod a cpvoues.

heioiuipo . . whe vamta / tusean ciqhes ualet a -biu lez = ( , … , ) aod a voirve -biu nettage ovnbes = ( , ) (opoce) at ioqvu. e -biu bmpcl cpvoues

. . vamta

aod ghagha

= ( , ) it ioiuiammz teu up {esp. whe ioiuiami{auipo amgpsiuhn cpqiet , , fpvs -biu cpotuaout = 61707865,

ioup uhe tiyueeo

= 3320646E,

-biu xpsdt pf uhe vamta

= 79622D32,

tuaue nausiy:

aod uhe

= 6B206574

⎟. ⎟ ⎠

=

whe leztusean geoesaups cpnqvuet uhe pvuqvu tuaue bz ueo dpvbme-spvod iuesauipot aod a ioam addiuipo npd pf uhe ioiuiam tuaue nausiy: vamta

( , )=

+ dpvbme-spvod ( ).

whe bmpcl cpvoues it iocseneoued aod uhe tuaue it oexmz ioiuiami{ed fps addiuipoam -bzue pvuqvu bmpclt. whe vamta leztusean it uhe tesiami{auipo pf a terveoce pf bzue pvuqvu bmpclt: vamta

( , ), vamta

( , ), vamta

( , ), … .

uenasl . . vamta useaut tusiogt at miuume-eodiao iouegest. Fps eyanqme, if uhe istu fpvs lez bzuet ase , , aod , uheo uhe cpssetqpodiog ioueges it = 04030201 io heyadecinam opuauipo. rvuqvu xpsdt ase tesiami{ed; uhe ioueges 04030201 ziemdt uhe pvuqvu bzuet , , aod (io uhit psdes).

iyanqme . . vamta ( , ) it a {esp bmpcl if aod ase {esp. whit thpvmd opu haqqeo xheo vamta it vted at a tusean ciqhes, tioce uhe opoce nvtu pomz be vted poce. uenasl . . qpue uhau uhe tuaue it se-ioiuiami{ed fps each -bzue pvuqvu bmpcl aod uhese it op chaioiog fspn poe bmpcl up aopuhes. keoce uhe vamta leztusean cao be accetted saodpnmz aod uhe cpnqvuauipo pf -bzue bmpclt cao be dpoe io qasammem. ♢

ze uvso up uhe ghagha fanimz pf ciqhest [fes a] aod detcsibe uhe ghagha wasiaou detcsibed io uFg [No ]. ghagha it a npdiicauipo pf vamta aod xe eyqmaio uhe difeseocet up vamta . heioiuipo . . oeu = ( , , , ) be a terveoce pf fpvs rvasues-spvod vqdauet ( , , , ) at fpmmpxt: ) ) ) )

= + = + = + = +

; ; ; ;

= ⊕ = ⊕ = ⊕ = ⊕

; ; ; ;

-biu xpsdt. wheo a ghagha ⋘ ⋘ ⋘ ⋘

; ; ; .

♢

. vusean giqhest

e ghagha rvasues-spvod vqdauet each xpsd uxice aod vtet difeseou spuauipo dituaocet uhao vamta . ghagha amtp svot ueo dpvbme-spvodt. kpxewes, a ghagha dpvbme-spvod cpotitut pf a cpmvno-spvod aod a diagpoam-spvod, xhich chaoget xpsdt ampog uhe naio aod tecpodasz diagpoamt. heioiuipo . . e ghagha dpvbme-spvod it deioed bz uhe eighu ghagha rvasuesspvodt io wabme . . wabme . . e cpmvno-spvod aod diagpoam-spvod fpsn a ghagha dpvbme-spvod.

cpmvno-spvod

diagpoam-spvod

rvasues-spvod( rvasues-spvod( rvasues-spvod( rvasues-spvod( rvasues-spvod( rvasues-spvod( rvasues-spvod( rvasues-spvod(

, , , ) , , , ) , , , ) , , , ) , , , ) , , , ) , , , ) , , , )

whe uFg westipo pf ghagha detcsibed bempx vtet a -bzue opoce aod a -bzue bmpcl cpvoues. whe psigioam ciqhes ualet ao -bzue opoce aod ao -bzue cpvoues.

heioiuipo . . whe ghagha tusean ciqhes ualet a -biu lez = ( , … , ) aod a voirve -biu nettage ovnbes = ( , , ) (opoce) at ioqvu. e -biu bmpcl cpvoues it ioiuiammz teu up {esp. whe ioiuiami{auipo amgpsiuhn cpqiet , , aod uhe fpvs -biu cpotuaout = 61707865,

ioup uhe tiyueeo

= 3320646E,

-biu xpsdt pf uhe ghagha

= 79622D32, tuaue nausiy:

= 6B206574

⎟. ⎟ ⎠ whe ghagha leztusean geoesaups xpslt aoampgpvtmz up uhe vamta vtet ghagha dpvbme-spvodt: =

ghagha ( , ) =

+ dpvbme-spvod ( ).

geoesaups, bvu

whe bmpcl cpvoues it iocseneoued aod uhe tuaue it oexmz ioiuiami{ed fps each pvuqvu bmpcl. whe ghagha leztusean it uhe tesiami{auipo pf a terveoce pf pvuqvu bmpclt: ghagha ( , ), ghagha ( , ), ghagha ( , ), … .

-bzue -bzue

uenasl . . vamta / aod ghagha ase wesz fatu (amtp io cpnqasitpo xiuh eiv) aod eocszquipo serviset mett uhao gsx czcmet qes bzue po npdeso qspcettpst.

iyescitet

6.5. Summary

• e tusean ciqhes it a tznneusic eocszquipo tchene uhau vtet ao iouesoam tuaue aod secvstiwemz geoesauet leztusean. whe qmaioueyu it eocszqued aod uhe ciqhesueyu it decszqued, setqecuiwemz, bz Xruiog ioqvu xpsdt aod leztusean. • whese ase tzochspopvt aod temf-tzochspoi{iog tusean ciqhest. • fmpcl ciqhest cao be uvsoed ioup tusean ciqhest bz aqqmziog uhe gwu, rFf ps gFf npde. • oioeas Feedbacl vhifu uegituest (oFvut) geoesaue pvuqvu biut bz a mioeas secvstipo po uhe tuaue biut. whez nale xeal tusean ciqhest becavte pf secpotusvcuipo auuaclt, bvu poe cao inqspwe uhe tecvsiuz bz vtiog opomioeas imues fvocuipot aod cpnbioauipot pf tewesam thifu segituest. • whe tusean ciqhes ug xat io xidetqsead vte pwes naoz zeast, bvu it opx deqsecaued becavte pf tuauituicam xealoettet. • vamta aod ghagha ase eyanqmet pf qspnitiog oex tusean ciqhest.

Exercises . vvqqpte uhe meoguh pf uhe ly pf a tzochspopvt tusean ciqhes it tecvsiuz pf uhe ciqhes.

biut. hitcvtt uhe

. ghecl xheuhes ( ) = + + + + ∈ ( )[ ] it a qsiniuiwe qpmzopniam. vvqqpte ( ) it uhe chasacuesituic qpmzopniam pf ao oFvu. Fiod uhe qesipdt pf pvuqvu terveocet geoesaued bz uhit oFvu. . oeu ( ) be uhe cpooecuipo qpmzopniam pf a opotiogvmas oFvu aod meu ( ) be uhe cpssetqpodiog chasacuesituic qpmzopniam. vhpx uhau ( ) it issedvcibme if aod pomz if ( ) it issedvcibme. Fvsuhesnpse, thpx uhau ( ) it qsiniuiwe if aod pomz if ( ) it qsiniuiwe.

. vvqqpte ao oFvu pf degsee it vted at a tusean ciqhes aod uhe fpmmpxiog qmaioueyu aod ciqhesueyu it lopxo: =

,

=

.

gpnqvue uhe feedbacl qpmzopniam, uhe chasacuesituic qpmzopniam, uhe qesipd aod uhe cpnqmeue leztusean. kiou: whe istu iwe biut pf ⊕ giwe a tuaue (seweste uhe psdes). whe oeyu iwe biut ziemd mioeas ervauipot io uhe volopxo feedbacl cpeicieout. . yesifz uhau uhe nakpsiuz fvocuipo pf uhsee biut =

vhpx uhau [ = ditusibvued.

�( , �]

=

,

)=(

fps � = , , if

)⊕( ,

,

,

,

it giweo bz

)⊕(

).

ase iodeqeodeou aod voifpsnmz

. vusean giqhest

. xte vagepauh up wesifz uhau uhe feedbacl qpmzopniamt pf uhe e / oFvut (tee iyanqme . ) ase qsiniuiwe. jiwe ao vqqes bpvod fps uhe qesipd pf uhe e / leztusean geoesaups. . vvqqpte ao ug lez tauitiet [ ] + [ ] ≡ npd . vhpx uhau xiuh iocseated qspbabimiuz uhe istu pvuqvu bzue it [ ] + npd . . vhpx uhau uhe rvasues-spvod pqesauipo io vamta pf uhe ioweste naq.

it iowesuibme. jiwe a detcsiquipo

. jiwe ao eyqmiciu detcsiquipo pf uhe cpmvno-spvod pqesauipo io vamta rvasues-spvod naq. . eqqmz a vamta 00 00 00 01.

vtiog uhe

rvasues-spvod up ( , , , ), ( , , , ) aod ( , , , ), xhese

. vamta cao be teeo at a naq po uhe wecups tqace uipot ase opu ( )-mioeas? iyqmaio zpvs aotxes.

( )

. zhich vamta

=

pqesa-

. lo vamta aod ghagha , uhe ioiuiam tuaue nausiy it added up uhe setvmuiog tuaue nausiy afues qesfpsniog ueo dpvbme-spvodt. zhz it uhit ioam tueq inqpsuaou fps uhe tecvsiuz pf uhe ciqhes? . vvqqpte uhe diagpoam spvodt io ghagha ase pniuued. hitcvtt uhe cpoterveocet pf uhit npdiicauipo po uhe tecvsiuz pf uhe ciqhes.

Chapter 7

Hash Functions

kath fvocuipot fpsn ao inqpsuaou cszqupgsaqhic qsiniuiwe. whez uale a nettage pf asbiusasz meoguh at ioqvu aod pvuqvu a thpsu digetu, xhich thpvmd voirvemz ideouifz uhe ioqvu daua. lo vecuipo . , xe ditcvtt uhe naio serviseneout aod qspqesuiet pf hath fvocuipot. whe xidemz vted peslme-hangåsd cpotusvcuipo it eyqmaioed io vecuipo . , xhime vecuipot . , . aod . deam xiuh uhe vke- hath fvocuipo, uhe vke- fanimz aod uhe oex tuaodasd hath fvocuipo vke- , setqecuiwemz. ze sefes up [pwry ], [ss ], [no ] aod [fes ] fps addiuipoam seadiog po hath fvocuipot.

7.1. Definitions and Security Requirements lo geoesam, a cszqupgsaqhic hath fvocuipo cpotitut pf a qpmzopniam-uine lez geoesaups aod a hath amgpsiuhn. whe lez geoesauipo amgpsiuhn ualet a tecvsiuz qasaneues at ioqvu aod pvuqvut a lez . e lezed hath fvocuipo ∶ { , }∗ → { , } (

)

ualet a lez aod a bioasz tusiog at ioqvu aod pvuqvut a hath wamve pf meoguh ( ). lf uhe ioqvu meoguh it setusicued up ′ ( ) > ( ), uheo it cammed a cpnqsettipo fvocuipo.

vioce hath wamvet ase vted at nettage digetut ps voirve ideouiiest, uheis naio serviseneou it cpmmitipo setituaoce. e cpmmitipo it giweo bz uxp ioqvu wamvet ≠ ′ tvch uhau ( ) = ( ′ ).

heioiuipo . . e fvocuipo = ∶ → , xhese , , aod deqeod po a tecvsiuz qasaneues , it cammed cpmmitipo setituaou if uhe qspbabimiuz uhau a qspbabimituic qpmzopniam-uine adwestasz iodt a cpmmitipo ( ) = ( ′ ), xhese , ′ ∈ aod ≠ ′ , it oegmigibme io . ♢

. kath Fvocuipot

lf uhe dpnaio it masges uhao uhe saoge , uheo caoopu be iokecuiwe aod cpmmitipot nvtu uhesefpse eyitu. kpxewes, uhe qspbabimiuz pf iodiog cpmmitipot xiuh miniued cpnqvuiog setpvscet naz be wesz tnamm. whese ase uxp semaued serviseneout xhich ase xeales uhao cpmmitipo setituaoce. ze pomz giwe iofpsnam deioiuipot: • vecpod-qseinage setituaoce ps xeal cpmmitipo setituaoce neaot uhau ao adwestasz, xhp it giweo a voifpsn ∈ , it opu abme up iod a tecpod qseinage ′ ∈ xiuh ≠ ′ tvch uhau ( ) = ( ′ ).

• sseinage setituaoce ps poe-xazoett neaot uhau ao adwestasz, xhp it giweo a voifpsn ∈ , it opu abme up iod a qseinage ∈ tvch uhau ( ) = .

roe cao thpx uhau cpmmitipo setituaoce inqmiet tecpod-qseinage setituaoce aod qseinage setituaoce (tee iyescite ).

lo qsacuice, hath fvocuipot ase vtvammz volezed ps uhe lez it iyed. xolezed hath fvocuipot ∶ { , }∗ → { , } hawe a uhepseuicam ditadwaouage: uhez ase iyed fvocuipot aod a cpmmitipo cao be fpvod io cpotuaou uine. kpxewes, uhit cao be ioaccettibme if it masge. whesefpse, poe serviset uhau iu it cpnqvuauipoammz iofeatibme up qspdvce a cpmmitipo. lo qasuicvmas, opu eweo a tiogme cpmmitipo thpvmd be lopxo.

uenasl . . eo ideam volezed hath fvocuipo it cammed a saodpn psacme. whe pvuqvu pf a saodpn psacme it voifpsnmz saodpn, vomett uhe tane ioqvu it rvesied uxice, io xhich cate uhe psacme seuvsot uhe tane pvuqvu. roe cao cpotusvcu a qtevdpsaodpn geoesaups (tee heioiuipo . ) aod a qtevdpsaodpn fvocuipo (heioiuipo . ) fspn a saodpn psacme (tee [no ]). kpxewes, inqmeneouauipot pf a saodpn psacme ase inqpttibme: iu nvtu hawe tpne cpnqacu detcsiquipo, aod heoce uhe pvuqvu pf aoz seam-xpsmd iotuaoce it deuesnioituic aod opu saodpn. whe saodpn psacme npdem it vted io tpne tecvsiuz qsppft, aod poe hpqet uhau cpocseue iotuaouiauipot pf hath fvocuipot ase tvicieoumz cmpte up uhau attvnquipo. e tecvsiuz gvasaouee io uhe saodpn psacme npdem cao pomz be semauiwe: a tchene it tecvse attvniog uhau uhe hath fvocuipo hat op xealoettet aod qspdvcet voifpsn pvuqvu. ♢ whe pvuqvu meoguh pf a hath fvocuipo thpvmd opu be upp thpsu. lo facu, uhe fisuhdaz sasadpy thpxt uhau cpmmitipot pccvs tvsqsitiogmz pfueo (tee sspqptiuipo . ): sspqptiuipo . . oeu be uhe ovnbes pf iodeqeodeou tanqmet dsaxo fspn a voifpsn ditusibvuipo po a teu pf ti{e . lf ≈ . √ , uheo uhe qspbabimiuz pf a cpmmitipo it aspvod %. ♢ lf xe cpotides hath wamvet pf meoguh aod attvne a voifpsn ditusibvuipo, uheo cpmmitipot pccvs afues hathiog aspvod √ nettaget. Fps eyanqme, if = uheo aspvod hath wamvet ase milemz up hawe a cpmmitipo, aod uhit cao be dpoe po a tuaodasd sg. lo psdes up nioini{e uhe sitl pf saodpn cpmmitipot, hath wamvet thpvmd be au meatu biut mpog.

. . eqqmicauipot pf kath Fvocuipot

whe cpotusvcuipo pf a tecvse hath fvocuipo it opu eatz, aod naoz pbwipvt deioiuipot dp opu giwe cpmmitipo-setituaou fvocuipot (tee iyescitet aod ).

7.2. Applications of Hash Functions kath fvocuipot hawe naoz aqqmicauipot. Fistumz, uhe hath wamve cao be vted at a thpsu ideouiies pf daua. whe ideouiies it voirve at mpog at uhe hath fvocuipo it cpmmitipo setituaou. kathet cao be vted up wesifz uhe iouegsiuz pf nettaget aod imet if uhe wesiies hat accett up uhe avuheouic nettage digetu. kath uabmet cao tqeed vq teaschiog. kathet cao amtp qspuecu qattxpsdt: naoz pqesauiog tztuent aod aqqmicauipot tupse qattxpsd hathet iotuead pf qmaioueyu qattxpsdt. zheo a vtes mpgt io xiuh uheis vtesoane aod qattxpsd, uhe qattxpsd it hathed aod cpnqased up uhe tupsed qattxpsd hath fps uhau vtes. rfueo, uhe qattxpsd aod a tamu wamve it hathed io psdes up inqede uhe vte pf mpplvq uabmet. kathet qmaz ao inqpsuaou spme io tigoauvse tchenet, xhich ase eyqmpsed io ghaques . Fvsuhesnpse, nettage avuheouicauipo cpdet, qtevdpsaodpn fvocuipot aod lez desiwauipo fvocuipot ase pfueo bated po hath fvocuipot (tee ghaques ). kathet cao amtp teswe at ao ideouiies pf a terveoce ewes, uhe pbwipvt aqqspach up cpnqvue ( ‖ ‖…‖ )

,

,…,

pf nettaget. kpx-

it opu wesz eicieou, tioce uhe wesiicauipo serviset amm daua bmpclt. lo uhe eyanqme bempx, xe ximm tee uhau peslme useet ase npse eicieou au haodmiog a masge ovnbes pf bmpclt. iyanqme . . e bmpclchaio it a terveoce pf mioled bmpclt. iach bmpcl cpouaiot uhe hath wamve pf uhe qsewipvt bmpcl (tee Figvse . ). e bmpclchaio cao be vted at a ditusibvued medges, xhich secpsdt usaotacuipot io ao eicieou aod wesiiabme xaz. wsaotacuipot io a bmpcl caoopu be npdiied xiuhpvu chaogiog amm tvbterveou hath wamvet.

Figvse . . whsee mioled bmpclt pf a bmpclchaio.

. kath Fvocuipot whe hathet pf usaotacuipot , , , … fpsn uhe meawet pf a bioasz usee cammed uhe peslme usee. whe opdet fvsuhes vq ase hathet pf uxp chimdseo opdet aod uhe sppu pf uhe peslme it uhe upq hath wamve (tee Figvse . ).

=

( )

=

( ( )‖ ( )) ( )

(

‖

=

)

( )

( ( )‖ ( )) ( )

Figvse . . peslme usee.

whit xpslt xiuh aoz eweo ovnbes pf usaotacuipot. whe sppu hath fpsnt ao ideouiies fps amm usaotacuipot io a bmpcl, aod chaogiog a tiogme usaotacuipo xpvmd cpnqmeuemz chaoge uhe sppu hath. lodiwidvam usaotacuipot cao be wesiied bz uheis hath qauh fspn uhe meaf up uhe sppu. vvqqpte xe xaou up qspwe uhau a usaotacuipo ′ it iocmvded io uhe bmpclchaio; uheo xe pomz oeed up qspwide uhe hathet = ( ) aod ampog xiuh ′ . whe wes′ ′ = = ( ( ′ )‖ ) aod ′ iies checlt uhe hath qauh bz cpnqvuiog ( ), ′ ′ ( ‖ ). Fioammz, uhez wesifz if cpiocidet xiuh uhe sppu hath xhich it tupsed io uhe bmpclchaio. whit it wesz eicieou, eweo fps masges useet xiuh uhpvtaodt pf meawet, aod peslme useet hawe naoz aqqmicauipot bezpod bmpclchaiot.

fmpclchaiot ase vted bz naoz cszqupcvsseociet. whe bmpclchaio secpsdt uhe usaotacuipot pf qsewipvtmz votqeou czbescpiot fspn poe ps npse ioqvu addsettet up poe ps npse pvuqvu addsettet. iach oex bmpcl cpouaiot a qsppf-pf-xpsl; bz adaquiog uhe opoce wamve, a nioes hat up iod a hath wamve pf uhe oex bmpcl uhau it tnammes uhao uhe oeuxpsl’t diicvmuz uasgeu. whit naz servise a hvge ovnbes pf hathiog pqesauipot aod cpotvne tigoiicaou cpnqvuiog setpvscet at xemm at a mpu pf eoesgz. whe nioes it sexasded xiuh oex czbescpiot. whe qsppf pf xpsl qspuecut uhe bmpclchaio agaiotu naoiqvmauipot aod cpnqmicauet fpslt.

7.3. Merkle-Damgård Construction e cpnnpo aqqspach up uhe cpotusvcuipo pf hath fvocuipot it uhe peslme-hangåsd usaotfpsn. whit cpotusvcuipo hat fpvod xidetqsead vte, iocmvdiog uhe ph-vke fanimz. whe pesle-hangåsd usaotfpsn it bated po a cpnqsettipo fvocuipo, xhich naqt + ioqvu biut up pvuqvu biut. whe cpnqsettipo fvocuipo it aqqmied secvstiwemz. Fistu, uhe nettage it qadded aod tegneoued ioup bmpclt pf meoguh . wheo uhe istu bmpcl it cpnqsetted. whe pvuqvu aod uhe oeyu ioqvu bmpcl ase cpnqsetted agaio aod uhit it seqeaued vouim uhe matu bmpcl it qspcetted. whe hath wamve it deioed bz uhe pvuqvu pf uhe matu cpnqsettipo pqesauipo (tee Figvse . ).

. . peslme-hangåsd gpotusvcuipo heioiuipo . . oeu , ∈ ℕ aod meu ∶ { , } + → { , } be a cpnqsettipo fvocuipo. oeu ∈ { , } be ao ioiuiami{auipo wecups. eo ioqvu nettage pf asbiusasz meoguh it qadded bz a , a terveoce pf {esp biut aod uhe meoguh = | |, eocpded at a -biu bioasz tusiog. whe qadded nettage it ′

=

‖ ‖ … ‖ .

whe ovnbes pf {espt it chpteo tvch uhau uhe meoguh pf ′ it a nvmuiqme pf . ze tqmiu ′ ioup bmpclt pf meoguh : ′ = ‖ ‖…‖ . whe peslme-hangåsd hath fvocuipo = ∶ { , }∗ → { , } it deioed bz secvstiwe aqqmicauipo pf uhe cpnqsettipo fvocuipo (tee Figvse . ). whe matu pvuqvu wamve deioet uhe hath: ( )=

ℎ =

,

ℎ� = (ℎ�− ,

( )=ℎ .

�)

fps � = , … ,

,

whe ioiuiami{auipo wecups ly cao be segasded at a lez, bvu io qsacuice, ly it a qse-deioed cpotuaou. ♢ ′

=

ℎ =

ℎ

ℎ

⋯

ℎ

( )

Figvse . . peslme-hangåsd cpotusvcuipo

whe tecvsiuz pf a peslme-hangåsd hath fvocuipo cao be sedvced up uhe cpmmitiposetituaoce pf uhe vodesmziog cpnqsettipo fvocuipo. e cpmmitipo io a peslme-hangåsd hath fvocuipo ziemdt a cpmmitipo io uhe cpnqsettipo fvocuipo (tee [no ], [fu ]). whepsen . . lf uhe cpnqsettipo fvocuipo it cpmmitipo-setituaou, uheo tp it uhe attpciaued peslme-hangåsd hath fvocuipo . ♢ whe cpnqsettipo fvocuipo cao be bated po a bmpcl ciqhes, amuhpvgh uhit cpotusvcuipo it sasemz vted io qsacuice. heioiuipo . . (hawiet-pezes) oeu be uhe eocszquipo fvocuipo pf a bmpcl ciqhes xiuh lez meoguh aod bmpcl meoguh . wheo a cpnqsettipo fvocuipo cao be deioed at fpmmpxt:

∶{ , }

( , )=

+

→{ , }

( )⊕

.

♢

. kath Fvocuipot

roe cao thpx uhau uhit cpotusvcuipo deioet a cpmmitipo-setituaou cpnqsettipo fvocuipo io uhe ideam ciqhes npdem. e bmpcl ciqhes uhau it chpteo voifpsnmz au saodpn fspn amm bmpcl ciqhest xiuh -biu lezt aod -biu ioqvu/pvuqvu tusiogt it cammed ao ideam ciqhes. eo ideam ciqhes it a fanimz pf iodeqeodeou qesnvuauipot. whit it tuspoges uhao uhe tuaodasd opuipo pf qtevdpsaodpnoett aod iocmvdet qspuecuipo agaiotu semaued-lez auuaclt (tee uenasl . ). emuhpvgh ideam ciqhest caoopu be inqmeneoued aod iu it vocmeas xheuhes seam-xpsd bmpcl ciqhest (fps eyanqme eiv) behawe mile ao ideam ciqhes, tecvsiuz qsppft io uhe ideam ciqhes npdem cao tuimm be vtefvm: a tchene cao be qspweo up be tecvse (fps eyanqme, uhe abpwe hawiet-pezes cpotusvcuipo), vomett ao adwestasz eyqmpiut xealoettet pf uhe vodesmziog bmpcl ciqhes.

7.4. SHA-1 xouim seceoumz, vke- xat a xidemz vted peslme-hangåsd hath fvocuipo, aod io uhe fpmmpxiog xe detcsibe iut cpnqsettipo fvocuipo . et ioqvu, uhe fvocuipo ualet a biu tuauvt wecups aod a -biu nettage bmpcl aod pvuqvut ao vqdaued -biu tuauvt: ∶{ , }

→{ , }

+

.

et detcsibed io uhe peslme-hangåsd cpotusvcuipo, uhe nettage it tqmiu ioup bmpclt. whe matu bmpcl it qadded bz a bioasz , a terveoce pf {espt aod uhe bioasz seqseteouauipo pf uhe meoguh pf uhe nettage. whe ioiuiam

-biu tuauvt wecups it ℎ = = = = = =

=

67452301, EFCDAB89, 98BADCFE, 10325476, C3D2E1F0.

‖

‖

‖

‖

-biu -biu

, xhese:

whe cpnqsettipo fvocuipo (ℎ, ) it deioed bz a cpnbioauipo pf wesz eicieou mioeas aod opomioeas pqesauipot (Xru, biu-spuauipot, qrw, ru, eqh, npdvmas addiuipot), xhich ase aqqmied io cpotecvuiwe spvodt. e -biu nettage bmpcl = ‖ ‖ … ‖ it tvbdiwided ioup xpsdt pf meoguh biut. fz Xru pqesauipot aod a ciscvmas mefu thifu bz poe qptiuipo, addiuipoam xpsdt , …, ase geoesaued: �

=(

�−

⊕

�−

⊕

�−

whe -biu ioqvu wecups ℎ = ‖ ‖ aod cpqied up uhe ioiuiam tuauvt wecups:

‖ ‖ ‖ ‖ ←

⊕ ‖

‖

�−

‖

‖

)⋘

≤�≤

fps

.

it tvbdiwided ioup iwe ‖

‖

.

-biu xpsdt

. . vke-

Figvse . . roe spvod pf uhe vke- cpnqsettipo fvocuipo . whe -biu tuauvt xpsdt , , , , ase vqdaued. lo each spvod, a -biu chvol pf uhe ioqvu nettage it qspcetted. it a opomioeas biu-fvocuipo, a -biu cpotuaou (bpuh deqeodiog po uhe spvod ovnbes) aod + deopuet addiuipo npdvmp .

wheo, spvodt pf uhe vke- cpnqsettipo fvocuipo ase qesfpsned (tee Figvse . ), xhich vqdaue uhe tuauvt xpsdt ‖ ‖ ‖ ‖ . lo spvod �, uhe -biu nettage xpsd � it qspcetted. e biu-fvocuipo (deioed bz eqh, ru, qrw aod Xru pqesauipot) aod a cpotuaou ase vted. whe fvocuipo aod uhe cpotuaou chaoge ewesz spvodt (tee wabme . ). � ≤�≤ ≤�≤ ≤�≤ ≤�≤

wabme . . nezt aod biu fvocuipot io vke- .

5A827999 6ED9EBA1 8F1BBCDC CA62C1D6

efues cpnqmeuiog

ℎ( , , ) = ( � ( , , ) = ⊕ �( , , ) = ( � ( , , ) = ⊕

) ⊕ (¬ ⊕ )⊕( ⊕

spvodt, uhe cpnqsettipo fvocuipo pvuqvut

(ℎ, ) = ( +

‖

xhese + deopuet addiuipo npdvmp

+ .

‖

+

‖

+

‖

+

)

)⊕(

)

),

whe tecvsiuz pf vke- hat beeo ioueotiwemz tuvdied aod iu hat beeo aouiciqaued uhau cpmmitipot cao be fpvod xiuh awaimabme cpnqvuiog setpvscet. lo Febsvasz ,a istu cpmmitipo xat aoopvoced [vfn+ ]. whe auuacl servised vke- cammt aod uppl aqqspyinauemz gsx zeast aod jsx zeast. whez chpte a qseiy aod fpvod uxp difeseou -biu nettaget ( ) aod ( ) tvch uhau ( ‖

( )

)=

( ‖

( )

).

vioce xat chpteo up be a qseanbme fps shF dpcvneout (tee iyanqme . ), uhe cpmmitipo nalet iu qpttibme up fabsicaue uxp difeseou shF imet xiuh uhe tane vke- hath

. kath Fvocuipot wamve, aod inqsettiwe eyanqmet hawe beeo qvbmithed. ( ) aod ( ) each cpotitu pf uxp -biu bmpclt. whe peslme-hangåsd iuesauipo uhau ualet uhe istu bmpcl pf (�) at ioqvu qspdvcet a oeas cpmmitipo, aod uhe tecpod bmpcl uheo giwet a fvmm cpmmitipo. vioce bpuh nettaget hawe uhe tane meoguh, aqqeodiog uhe qaddiog daua iocmvdiog uhe meoguh qseteswet uhe cpmmitipo.

iyanqme . . ze checl uhe cpmmitipo fpvod bz [vfn+ uhe nettaget.

]. Fistu, deioe uhe qseiy aod

sage: prefix='255044462 d312e330a25e2e3cfd30a0a0a312030206f626a0a3c3c2f57696474 682032203020522 f4865696768742033203020522f547970652034203020522f53756274 7970652035203020522 f46696c7465722036203020522f436f6c6f725370616365203720 3020522 f4c656e6774682038203020522f42697473506572436f6d706f6e656e7420383e 3 e0a73747265616d0affd8fffe00245348412d3120697320646561642121212121852fec 092339759 c39b1a1c63c4c97e1fffe01 '

kese it uhe qseiy

io evgll chasacuest:

%PDF-1.3.%.......1 0 obj..stream......$SHA-1 is dead!!!!!./..#9u.9... . fz uhe bisuhdaz qasadpy, aspvod (√ ) = ( / ) iuesauipot thpvmd be tvicieou up iod a cpmmitipo npdvmp . iyanqme . . oeu teu = .

=

. ze chppte uhe fvocuipo ( ) =

+

npd

aod

sage: N =108371 sage: def f(x): return (x*x+1) sage: x=mod (1,N); y=mod (1,N) x=f(x) y=f(f(y)) k=1 while (gcd(x-y,N )==1): x=f(x) y=f(f(y)) k=k+1 print "k =",k,"x= ",x,"y= ",y,"p =",gcd(x-y,N) k = 18 x= 21473 y= 67523 p = 307

ze pbuaio uhe facups = afues = npd aod xe wesifz uhau

iuesauipot. whe amgpsiuhn iodt uhe cpmmitipo ≡ ≡ npd . ♢

Fesnau facupsi{auipo vtet a seqseteouauipo pf =

−

at a difeseoce pf trvaset:

= ( + )( − ).

wp iod aod , zpv begio xiuh uhe ioueges = ⌈√ ⌉ aod iocseate bz vouim it trvase, taz , tp uhau = − . Fesnau facupsi{auipo amxazt xpslt, tioce be xsiuueo at a difeseoce pf uxp trvaset: = ( ( + )) − ( ( − )) =

−

− cao

.

kpxewes, Fesnau’t neuhpd it pomz eicieou if uhe qsine facupst ase cmpte up poe aopuhes, i.e., if it tnamm. lo geoesam, uhe svooiog uine it (√ ).

iyanqme . . oeu = ; uheo √ ≈ − = , xhich it opu a trvase. qeyu, meu −

=

. . ze begio xiuh = aod opx =

=

aod pbuaio

. . Facupsiog

it a trvase. whvt

=

aod

= ( + )( − ) = (

−

)(

−

)=

⋅

.

♢

whe rvadsauic tiewe geoesami{et Fesnau facupsi{auipo aod it cvsseoumz uhe fatuetu amgpsiuhn fps ovnbest xiuh mett uhao aspvod decinam digiut. roe mpplt fps iouegest aod tvch uhau ≡ npd , bvu ≢ ± npd . whit inqmiet diwidet

−

= ( + )( − ),

bvu diwidet oeiuhes + ops − . keoce g⎠⎡( − , ) nvtu be a opo-usiwiam diwitps pf aod ervam eiuhes ps . whe rvadsauic tiewe usiet up iod tviuabme ovnbest aod . lu it seatpoabme up chppte iouegest cmpte up √ , tp uhau − it semauiwemz tnamm. Fesnau facupsi{auipo serviset uhau − it a trvase ovnbes, bvu uhit it vtvammz opu uhe cate. qpx uhe idea it up nvmuiqmz tewesam (opo-rvadsauic) ovnbest − xiuh tnamm qsine facupst (tnppuh pwes a facups bate). whe diicvmu uatl pf uhe rvadsauic tiewe it up iod tnppuh ovnbest. wheo poe mpplt fps a tvbteu pf tnppuh ovnbest tvch uhau uheis qspdvcu it a trvase. e tpmvuipo cao be fpvod vtiog mioeas amgebsa pwes ( ), tioce a ovnbes it a trvase if uhe eyqpoeou pf each qsine facups it {esp npdvmp . whe svooiog uine pf uhe rvadsauic tiewe it (

( + ( ))√l ( ) l (l ( ))

(tee [spn ]), xhese ( ) it cpowesgiog up at uiam, bvu opu qpmzopniam.

)

→ ∞. whe amgpsiuhn it tvb-eyqpoeo-

. . ze cpnqvue − fps a cpviyanqme . . oeu = ; uheo √ ≈ qme pf iouegest ≥ aod facupsi{e uhe setvmu. lo geoesam, cpnqmeue facupsi{auipo it ioeicieou aod tiewiog thpvmd be vted iotuead.

vvqqpte pvs facups bate cpouaiot uhe qsinet , , , . wheo = , , , ase iouesetuiog fps uhit facups bate, tioce − it tnppuh, i.e., diwitibme pomz bz qsinet io uhe facups bate. sage: N =10441 sage: for x in range (103 ,110): s= factor (x^2-N) print x, x^2 - N, "=", s 103 104 105 106 107 108 109

168 = 2^3 * 3 * 7 375 = 3 * 5^3 584 = 2^3 * 73 795 = 3 * 5 * 53 1008 = 2^4 * 3^2 * 7 1223 = 1223 1440 = 2^5 * 3^2 * 5

. svbmic-nez iocszquipo aod uhe uve gszquptztuen emuhpvgh − it opu a trvase fps aoz pf uhete aqqmied, uheis qspdvcu it a trvase: (

−

)⋅(

qpx xe teu = ⋅ hawe ≡ , ≡ it io facu a diwitps pf

⋅

−

)⋅(

−

)⋅(

aod Fesnau’t neuhpd caoopu be −

)=

⋅

⋅ aod = ⋅ ⋅ ⋅ aod pbuaio npdvmp aod geu g⎠⎡( − , = ⋅ .

⋅

≡

⋅

.

npd . ze )= , xhich ♢

eu uhe uine pf xsiuiog, uhe ovnbes iemd tiewe it uhe nptu eicieou amgpsiuhn fps facupsiog masge iouegest. ziuh nattiwe cpnqvuiog setpvscet, ovnbest xiuh npse uhao digiut aod fps eyanqme uhe uve ghammeoge xiuh biut cpvmd be facupsed vtiog uhit neuhpd. emgebsaic ovnbes iemdt ase eyueotipo iemdt ℚ( ) pf ℚ, xhese it a sppu pf a qpmzopniam pwes ℚ. whe ovnbes iemd tiewe vtet uhe siogt ℤ[ ] iotuead pf uhe iouegest ℤ, bvu uhit upqic gpet bezpod uhe tcpqe pf uhit bppl. whe hevsituic cpnqmeyiuz pf uhe ovnbes iemd tiewe it

xhese = √

≈ .

(

( + ( )) l ( )

/

l (l ( ))

/

),

(tee [spn ]).

iyanqme . . vvqqpte uhe tiewe amgpsiuhn serviset ( ) = l ( ) l (l wheo uhe efecuiwe lez meoguh (uhe biu tuseoguh) pf uve it ⎪⎭g ( ( )). Fps i.e., fps ≈ aod ≈ . , poe pbuaiot ‘pomz’ ⎪⎭g ( ( )) ≈ . biut. /

( ))

/

tueqt. -biu uve, ♢

spmmasd’t − neuhpd cao be aqqmied fps facupsiog = , if − ps − decpnqpte ioup a qspdvcu pf tnamm qsinet. lo uhit cate, xe cao gvett nvmuiqmet pf − . roe deioet at a qspdvcu pf tvicieoumz masge qpxest pf tnamm qsinet. lf ( − ) ∣ , uheo ivmes’t whepsen . inqmiet ≡

npd

fps amm iouegest xiuh g⎠⎡( , ) = . roe chpptet a tnamm ioueges > aod cpnqvuet npd . vioce cao be wesz masge, fatu eyqpoeouiauipo ps uhe trvase-aod-nvmuiqmz amgpsiuhn thpvmd be vted. Fioammz, g⎠⎡( − , ) giwet eiuhes (neuhpd tvccettfvm) ps (faimvse).

. . Facupsiog

iyanqme . . oeu

=

=

⋅

. veu

=

⋅ ⋅ ⋅

aod usz ⋅

=

.

rf cpvste, puhes qspdvcut ase amtp qpttibme. ze cpnqvue npd Fioammz, xe hawe

g⎠⎡( =

=

− , ) = g⎠⎡(

whe neuhpd it tvccettfvm aod xe iod whe qsine

≡

=

⋅

it wvmoesabme up spmmasd’t

it a qspdvcu pf tnamm qsinet.

− =

.

npd ,

)=

.

− neuhpd tioce .

= ⋅ ⋅ ⋅

♢

whe immiquic cvswe facupsi{auipo neuhpd (igp) it aopuhes iouesetuiog facupsiog amgpsiuhn xiuh tvb-eyqpoeouiam svooiog uine. igp it tviuabme fps iodiog qsine facupst xiuh vq up abpvu decinam digiut, bvu iu it mett eicieou uhao uhe rvadsauic tiewe ps uhe ovnbes iemd tiewe neuhpd fps masges diwitpst. ze pvumioe igp io vecuipo . . vioce op qpmzopniam-uine amgpsiuhn it lopxo, uhe facupsiog attvnquipo it cvsseoumz xemm-fpvoded, bvu io uhe fvuvse, rvaouvn cpnqvuest ximm qspbabmz be abme up facupsi{e masge iouegest. tvaouvn cpnqvuiog aod vhps’t facupsiog amgpsiuhn ase eyqmpsed io ghaques . whe semauiwe tvccett pf uhe lopxo facupsiog amgpsiuhnt thpx uhau tuaodasd lez meoguht pf tznneusic ciqhest, i.e., up biut, ase opu tvicieou fps uve (tee iyanqme . ). ziuh masge setpvscet, a npdvmvt xiuh vq up aspvod biut cao be facupsed. eu uhe uine pf uhit xsiuiog, uhe vte pf -biu iouegest it secpnneoded fps mpog-uesn tecvsiuz agaiotu (opo-rvaouvn cpnqvuiog) auuaclt (tee [fvl ]). whe qsine facupst aod thpvmd hawe aspvod uhe tane ti{e ( biut) aod uheis difeseoce − thpvmd be masge.

Fvsuhesnpse, uhe vte pf tuspog qsinet it tpneuinet secpnneoded. e qsine it cammed tuspog if iu it tvicieoumz masge aod tauitiet addiuipoam cpodiuipot − io qasuicvmas uhau − aod + cpouaio a masge qsine facups. whit thpvmd qspwide qspuecuipo agaiotu cesuaio facupsiog neuhpdt, fps eyanqme spmmasd’t − neuhpd. kpxewes, uhe ti{e, saodpnoett aod iodeqeodeoce pf qsinet ase npse inqpsuaou aod iu it cvsseoumz attvned uhau uetut po tuspog qsinet dp opu tigoiicaoumz iocseate uhe tecvsiuz pf uve.

. svbmic-nez iocszquipo aod uhe uve gszquptztuen

9.8. Summary

• svbmic-lez cszquptztuent vte a qvbmic lez fps eocszquipo aod a qsiwaue lez fps decszquipo. lodituiogvithabme eocszquipot vodes a chpteo qmaioueyu auuacl (gse tecvsiuz) ps vodes ao adaquiwe chpteo ciqhesueyu auuacl (gge tecvsiuz) ase inqpsuaou serviseneout. • whe qmaio uve cszquptztuen vtet uhe qspdvcu pf uxp masge qsine ovnbest aod uhe tecvsiuz semiet po uhe diicvmuz up facupsi{e a giweo qspdvcu. • whe qspbabimituic pimmes-uabio amgpsiuhn cao eicieoumz uetu uhe qsinamiuz pf masge iouegest. • whe qmaio uve cszquptztuen hat xealoettet aod uhe qadded aod saodpni{ed uve-reis tchene thpvmd be vted iotuead. reis cao achiewe gge tecvsiuz vodes cesuaio attvnquipot. • Facupsiog amgpsiuhnt xiuh tvb-eyqpoeouiam svouine eyitu, bvu op qpmzopniamuine amgpsiuhnt ase lopxo. uve it cpotidesed up be tecvse agaiotu oporvaouvn cpnqvuest, if uhe qsine facupst ase saodpnmz chpteo aod ase npse uhao biut mpog.

Exercises . iyqmaio xhz a deuesnioituic qvbmic-lez eocszquipo tchene it iotecvse if uhe ovnbes pf qpttibme qmaioueyut it tnamm. . vvqqpte uhau it a qsine. heioe a qvbmic-lez tchene xiuh uhe eocszquipo fvocuipo ℰ ( ) = npd fps a qvbmic lez = ( , ) aod a qmaioueyu ∈ ℤ∗ . jiwe uhe qsiwaue lez aod uhe decszquipo fvocuipo. vhpx uhau uhit tchene it iotecvse.

. gpotides a qmaio uve cszquptztuen xiuh npdvmvt = aod qvbmic eyqpoeou = . (a) iocszqu = . (b) Facupsi{e aod deuesnioe uhe qsiwaue lez . (c) hecszqu uhe ciqhesueyu aod checl uhau uhe setvmu it = . . vvqqpte uhau ∈ ℤ it chpteo voifpsnmz au saodpn, xhese = ⎱iz⎢( ) = . vhpx uhau uhe qspbabimiuz pf ∉ ℤ∗ it oegmigibme.

aod ⎱iz⎢( ) =

. gpotides iyanqme . . zhich ciqhesueyut cao be decszqued bz a mpx-eyqpoeou auuacl? qpx tvqqpte uhau ⎱iz⎢( ) = aod = + . zhich qmaioueyut ase wvmoesabme up a mpx-eyqpoeou auuacl? . fpb’t qvbmic uve lez it ( = tchene: (a) iocszqu uhe qmaioueyu = uipo neuhpd.

,

=

). eqqmz uhe qmaio uve eocszquipo

xiuh fpb’t qvbmic lez. xte uhe fatu eyqpoeouia-

iyescitet (b) pammpsz eawetdspqt uxp ciqhesueyut = aod = , xhich xese teou up fpb, bvu he dpet opu lopx uhe qmaioueyut aod . kpx cao pammpsz cpnqvue uhe ciqhesueyut cpssetqpodiog up uhe qmaioueyut npd aod − npd xiuhpvu cassziog pvu ao auuacl? (c) pammpsz chpptet = aod cpnqvuet = npd ≡ . ke xaout up iod pvu uhe qmaioueyu cpssetqpodiog up uhe ciqhesueyu = . ke atlt fpb up ′ decszqu uhe ‘ioopceou’ ciqhesueyu = npd ≡ aod geut uhe qmaioueyu ′ = . zhz it pammpsz opx abme up deuesnioe xiuhpvu cpnqvuiog uhe qsiwaue eyqpoeou ? heuesnioe uhe qmaioueyu . (d) qpx cpodvcu ao auuacl agaiotu uhit uve lez. Facupsi{e aod cpnqvue .

. e qmaioueyu it eocszqued xiuh uhsee difeseou uve npdvmi = , = aod = vtiog uhe qvbmic eyqpoeou = . whe ciqhesueyut ase = , = , = . gpodvcu katuad’t bspadcatu auuacl aod deuesnioe uhe qmaioueyu . wiq: veu = aod iod npd tvch uhau = � npd � fps � = , , ; uheo cpnqvue = √ .

. vide-chaooem auuaclt agaiotu uve vte uhe qpxes cpotvnquipo pf ao inqmeneouauipo up desiwe uhe qsiwaue lez. vvqqpte a nicspqspcettps vtet uhe trvase-aodnvmuiqmz amgpsiuhn up decszqu a ciqhesueyu xiuh a qsiwaue lez . eo auuacles aoamz{et uhe qpxes usace aod cpocmvdet uhau uhe decszquipo vtet uhe fpmmpxiog terveoce pf npdvmas trvasiogt (vt) aod nvmuiqmicauipot (pxow): vt, vt, vt, vt, vt, pxow, vt, pxow, vt, vt, vt, vt, pxow, vt, pxow. (a) heuesnioe uhe qsiwaue lez . wiq: xte uhe cpotusvcuipo pf uhe trvase-aod-nvmuiqmz amgpsiuhn giweo io ghaques . (b) whe qvbmic lez it ( = , = ). gamcvmaue ( ), aod fspn , aod aod wesifz zpvs setvmu.

. whe Fesnau qsinamiuz uetu pf ∈ ℕ chpptet a voifpsn saodpn ioueges ∈ { , … , − }, cpnqvuet − npd aod pvuqvut it cpnqptiue, if uhe setvmu it opu cpogsveou up . ruhesxite, uhe uetu pvuqvut it qspbabmz qsine. vhpx uhau uhe uetu it cpssecu. kpxewes, uhese ase cpnqptiue ovnbest xhich ase ideouiied at qpttibme qsinet fps amm ∈ ℤ∗ . whez ase cammed gasnichaem ovnbest. vhpx uhau = it a gasnichaem ovnbes. . ghecl uhe qsinamiuz pf at = .

=

vtiog uhe pimmes-uabio amgpsiuhn aod

= at xemm

. iocszqu = xiuh uhe qmaio uve ciqhes aod uhe qvbmic lez ( = , = ). Facupsi{e vtiog Fesnau’t neuhpd. zhz it = ao adnittibme eyqpoeou, xheseat = it opu qesniuued? heuesnioe uhe cpssetqpodiog qsiwaue lez . hecszqu uhe ciqhesueyu aod checl uhe setvmu. xte uhe ghioete uenaiodes whepsen up sedvce uhe ti{e pf uhe eyqpoeout.

. svbmic-nez iocszquipo aod uhe uve gszquptztuen . wxp uve npdvmi ase giweo: = aod = . whez hawe a cpnnpo qsine facups. vhpx uhau bpuh uve lezt ase iotecvse aod cpnqvue uhe facupsi{auipo pf aod . . eo adwestasz it abme up npdifz a uve ciqhesueyu. whez xaou up trvase uhe volopxo qmaioueyu npdvmp . zhz it uhit auuacl qpttibme fps qmaio uve, bvu opu if uve-reis it vted? . oeu ( = , = ) be uhe qvbmic lez pf ao uve cszquptztuen. iocszqu uhe nettage = vtiog uhe qmaio uve tchene. Facupsi{e aod iod uhe decszquipo eyqpoeou .

. ettvne uhau uve xiuh a npdvmvt pf meoguh biut aod uhe eocszquipo eyqpoeou = + it vted. kpx naoz npdvmas nvmuiqmicauipot ase oeeded, au nptu, fps eocszquipo aod fps decszquipo? . Facupsi{e = vtiog uhe rvadsauic tiewe neuhpd. uenasl: whit eyanqme it ditcvtted io [spn ].

. Facupsi{e = xiuh spmmasd’t − neuhpd. ghppte = aod usz uheo giwe seatpot xhz uhit auuacl it tvccettfvm fps uhe giweo ioueges .

=

;

. hetcsibe ao auuacl agaiotu uve eocszquipo xiuh saodpn qaddiog if uhe qaddiog tusiog it thpsu aod uhe ovnbes pf qpttibme qmaioueyut it tnamm.

Chapter 10

Key Establishment

nezt qmaz a csvciam spme io cszqupgsaqhz aod uhe etuabmithneou pf tecseu lezt beuxeeo uxp (ps npse) qasuiet it a opo-usiwiam uatl. e lez etuabmithneou neuhpd thpvmd qsefesabmz opu servise a tecvse chaooem aod qspwide qspuecuipo agaiotu adwestasiet. nez ditusibvuipo bz a usvtued avuhpsiuz it bsielz ditcvtted io vecuipo . . nez eychaoge ps lez agseeneou it a neuhpd xhese uhe qasuiet eychaoge nettaget aod kpioumz geoesaue a tecseu lez. ze eyqmaio lez eychaoge qspupcpmt aod ditcvtt uheis tecvsiuz serviseneout io vecuipo . . e xidemz vted neuhpd it uhe hiie-kemmnao lez eychaoge, xhich it deamu xiuh io vecuipo . . hiie-kemmnao it a qvbmic-lez tchene, xhich vtet a masge czcmic gspvq io xhich uhe ditcseue mpgasiuhn it hasd up cpnqvue. whe nptu inqpsuaou eyanqme it uhe nvmuiqmicauiwe gspvq ℤ∗ pf iouegest npdvmp a qsine ovnbes, aod uhit it eyqmaioed io vecuipo . . eopuhes qpttibimiuz it uhe gspvq pf qpiout po ao emmiquic cvswe pwes a ioiue iemd xhich it ditcvtted io vecuipo . . lo vecuipo . , xe qseteou amgpsiuhnt up tpmwe uhe ditcseue mpgasiuhn qspbmen aod ditcvtt uheis cpnqmeyiuz. nez eocaqtvmauipo fpsnt ao amuesoauiwe up lez eychaoge aod it cpwesed io vecuipo . . whese it amtp ao eocaqtvmauipo wasiaou pf uhe hiie-kemmnao lez eychaoge. whe cpnbioauipo pf lez eocaqtvmauipo aod tznneusic eocszquipo giwet hzbsid qvbmic-lez eocszquipo tchenet, xhich ase pvumioed io vecuipo . . nez etuabmithneou, uhe hiie-kemmnao lez eychaoge aod uhe ditcseue mpgasiuhn qspbmen ase tuaodasd upqict io naoz cszqupgsaqhz ueyubpplt, fps eyanqme [ss ]. e ditcvttipo pf wasipvt neuhpdt fps lez ditusibvuipo aod lez naoageneou cao be fpvod io [Gf ]. uefes up [no ] fps fvsuhes deuaimt po tecvsiuz deioiuipot aod qsppft pf lez eychaoge, lez eocaqtvmauipo aod hzbsid eocszquipo tchenet.

. nez ituabmithneou

10.1. Key Distribution whe tecvse etuabmithneou pf tecseu lezt it a nakps qseservitiue pf tznneusic cszqupgsaqhz. xouim uhe t, iu xat attvned uhau ao ioiuiam cpoideouiam aod avuheouicaued chaooem xat oecettasz fps lez ditusibvuipo. whe chaooem it vted up etuabmith a mpoguesn tecseu lez beuxeeo uxp qasuiet io a lez qseditusibvuipo tchene. efues uhe ioiuiam teuvq, uhe mpog-uesn lez cao be vted up eocszqu a thpsu-uesn tettipo lez uhau it teou pwes a chaooem uhau naz be iotecvse.

�

o

ip

ib tus di qs e-

( )

vu

( )

ib

Figvse

nhg ←{ , } $

tus

( )

�

di

vu

ip

eqs

o

whe ditusibvuipo pf lezt cao be demegaued up a usvtued uhisd qasuz ps a ceousam iotuaoce. ziuh aqqspqsiaue qspupcpmt, iu it tvicieou up thase a mpog-uesn tecseu lez xiuh a nez hitusibvuipo geoues (nhg). faticammz, uhe nhg geoesauet aod eocszqut a saodpn tettipo lez vodes uhe mpog-uesn tecseu lez pf uhe iowpmwed qasuiet. wheo uhe nhg teodt uhe eocszqued tettipo lez up uhe detuioauipo (tee Figvse . ). whe qasuiet decszqu uhe tettipo lez aod mewesage iu up qspuecu uheis cpnnvoicauipo.

. . nez ditusibvuipo vtiog a usvtued uhisd qasuz.

ze opue uhau uhe batic qspupcpm detcsibed abpwe it pomz tecvse agaiotu eawetdspqqiog aod opu agaiotu acuiwe auuaclt. nesbespt it ao eyanqme pf a npse adwaoced aod xidemz vted lez ditusibvuipo qspupcpm (tee [Gf ] aod uFg [NYku ]). whe rvetuipo pf hpx up bpputusaq uhe lez ditusibvuipo aod etuabmith mpog-uesn tecseu lezt senaiot. lo uhe fpmmpxiog tecuipo, xe deioe uhe tecvsiuz serviseneout pf lez eychaoge qspupcpmt uhau dp opu attvne a tecvse chaooem ahead pf uine. lo vecuipo . , xe ximm tee uhau uhe hiie-kemmnao lez eychaoge it ao inqpsuaou eyanqme pf tvch a qspupcpm.

10.2. Key Exchange Protocols e lez eychaoge (ps lez agseeneou) qspupcpm it a ditusibvued amgpsiuhn beuxeeo uxp (ps npse) qasuiet xhp eychaoge nettaget aod ioammz cpnqvue a tecseu lez. qpx, xe dp

. . nez iychaoge sspupcpmt

opu attvne a qse-ditusibvuipo pf lezt ps a tecvse chaooem beuxeeo uhe qasuiet. qewesuhemett, uhe qspupcpm thpvmd be tecvse agaiotu eawetdspqqiog auuaclt. heioiuipo . . vvqqpte a lez eychaoge qspupcpm it giweo. gpotides uhe fpmmpxiog eyqesineou (tee Figvse . ). wxp cpnnvoicauipo qasuiet (emice aod fpb) hpmd , eychaoge uhe nettaget aod desiwe a lez pf meoguh . e chammeoges chpptet a saodpn biu ← { , }. lf = teu ′ = , aod puhesxite ′ ← { , } it chpteo voifpsnmz au saodpn. eo adwestasz it giweo , uhe usaotcsiqu aod uhe chammeoge ′ . whez usz up gvett , i.e., up dituiogvith beuxeeo uhe tecseu lez aod a saodpn tusiog, aod pvuqvu a biu ′ . whe chammeoges pvuqvut if = ′ , aod puhesxite. whe lez eychaoge (ni) adwaouage pf it deioed at $

$

⎢⎡v

KE− av

( )=|

[

′

= ]−

[

′

≠ ]|.

whe lez eychaoge qspupcpm it tecvse io uhe qseteoce pf ao eawetdspqqes (iey-tecvse) if, KE− av fps ewesz qspbabimituic qpmzopniam uine adwestasz , uhe adwaouage ⎢⎡v ( ) it oegmigibme io . ♢ emice

fpb

hesiwe

hesiwe

edwestasz

ghammeoges

, ′

′

hituiogvith

Figvse

′

← { , }, ← { , } $

={

if if

$

= =

gpnqase aod pvuqvu ps

′

,

. . nez dituiogvithabimiuz eyqesineou.

whe abpwe deioiuipo pf iey tecvsiuz serviset uhau uhe qspupcpm nettaget dp opu seweam a tiogme biu pf iofpsnauipo po uhe lez up ao eawetdspqqes. ruhesxite, uhe adwestasz xpvmd be abme up dituiogvith beuxeeo aod a saodpn tusiog. uenasl . . qpue uhau uhe abpwe eyqesineou attvnet a qattiwe auuacles xhp it voabme up chaoge ps iokecu aoz nettaget. whe qseteoce pf acuiwe adwestasiet serviset ao avuheouicaued lez eychaoge (eni) qspupcpm, xhese uhe cpnnvoicauipo qasuoest ase abme up wesifz uhe avuheouiciuz pf nettaget. Yeu aopuhes upqic it qesfecu fpsxasd tecsecz (sFv), xhich gvasaoueet uhe tecvsiuz pf qatu tettipo lezt if mpog-miwed lezt ase eyqpted.

. nez ituabmithneou

10.3. Diffie-Hellman Key Exchange whe hiie-kemmnao qspupcpm xat a bsealuhspvgh io cszqupgsaqhz, becavte iu tpmwed uhe qspbmen pf tecvse lez eychaoge pwes ao iotecvse chaooem xiuhpvu qse-ditusibvuipo pf tecseu lezt. whe qspupcpm xat uhe istu qvbmithed qvbmic-lez amgpsiuhn [hk ] aod uhe tuasuiog qpiou pf a oex uzqe pf cszqupgsaqhz. lo uhit tecuipo, xe eyqmaio uhe qspupcpm fps ao asbiusasz czcmic gspvq . e tuaodasd chpice pf ase (tvbgspvqt pf) uhe nvmuiqmicauiwe gspvq ℤ∗ pf iouegest npdvmp a qsine ovnbes (tee vecuipo . ). whe nvmuiqmicauiwe gspvqt ( )∗ cao amtp be vted, bvu ∗ seteasch hat thpxo uhau uhez ase mett tecvse uhao gspvqt ℤ pf uhe tane ti{e. eopuhes pquipo it uhe gspvq pf qpiout po ao emmiquic cvswe pwes a ioiue iemd. ze eyqmpse uhe emmiquic cvswe hiie-kemmnao lez eychaoge io vecuipo . .

whe hiie-kemmnao lez eychaoge qspupcpm serviset a czcmic gspvq pf psdes aod a geoesaups ∈ . whe qasaneuest ( , , ) ase qvbmic aod hawe up be eychaoged beuxeeo uhe cpnnvoicauipo qasuiet emice aod fpb if uhez ase opu lopxo io adwaoce. emice geoesauet a qsiwaue voifpsn saodpn ovnbes ∈ ℤ , i.e., a qptiuiwe ioueges mett uhao , aod teodt = ∈ up fpb. fpb amtp chpptet a qsiwaue voifpsn emeneou ∈ ℤ aod teodt = ∈ up emice. whe cpnnvoicauipo chaooem beuxeeo emice aod fpb cao be qvbmic. emice desiwet uhe thased tecseu lez bz cpnqvuiog = ∈ aod fpb cpnqvuet = ∈ (cpnqase Figvse . ). whe tchene it cpssecu, tioce aod ase bpuh ervam up ∈ . , ,

emice ←ℤ , $

Figvse

=

fpb ←ℤ , $

=

=

=

. . hiie-kemmnao lez eychaoge beuxeeo emice aod fpb.

qpue uhau uhe setvmu pf uhe hiie-kemmnao lez eychaoge it a gspvq emeneou, opu a bioasz tusiog. lo qsacuice, poe aqqmiet a lez desiwauipo fvocuipo up , xhich usaotfpsnt uhe gspvq emeneou ioup a bioasz tusiog.

whe tecvsiuz pf uhe hiie-kemmnao lez eychaoge it cmptemz semaued up uhe ditcseue mpgasiuhn (ho) qspbmen. lf it a geoesaups pf aod ⎭⎰⎡( ) = ⎭⎰⎡( ) = , uheo ={ ,

, …,

−

}.

. . hiie-kemmnao nez iychaoge ze uhesefpse hawe a bikecuipo beuxeeo uhe emeneout pf aod uhe eyqpoeout , , … , − . Fps each ℎ ∈ , xe camm uhe cpssetqpodiog eyqpoeou uhe ditcseue mpgasiuhn pf ℎ up uhe bate aod xsiue ⎪⎭g (ℎ). roe hat l

� (ℎ)

= ℎ.

lo uhe hiie-kemmnao qspupcpm, uhe eyqpoeout = ⎪⎭g ( ) aod = ⎪⎭g ( ) ase lequ tecseu. roe attvnet uhau ao eawetdspqqes it opu abme up eicieoumz cpnqvue ditcseue mpgasiuhnt pf . rf cpvste, tpne ditcseue mpgasiuhnt, fps eyanqme ⎪⎭g ( ) = aod ⎪⎭g ( ) = , ase pbwipvt aod qse-cpnqvued uabmet pf qpxest cao amtp be vted. whe ditcseue mpgasiuhn qspbmen it cammed hasd semauiwe up uhe geoesaued qasaneuest if fps aoz qspbabimituic qpmzopniam-uine adwestasz , uhese it pomz a oegmigibme qspbabimiuz (io uesnt pf uhe gspvq ti{e) uhau ao adwestasz iodt uhe ditcseue mpgasiuhn ⎪⎭g ( ) pf a voifpsn gspvq emeneou . whe gpnqvuauipoam hiie-kemmnao (ghk) qspbmen it up cpnqvue uhe hiiekemmnao thased tecseu = = = fps giweo voifpsn emeneout , ∈ . whe ghk qspbmen it opu hasdes uhao uhe ditcseue mpgasiuhn (ho) qspbmen. lo puhes xpsdt, a tpmvuipo up uhe ho qspbmen amtp tpmwet uhe ghk qspbment. qpx, uhe tecvsiuz pf uhe hiie-kemmnao qspupcpm semiet po uhe hecitipoam hiiekemmnao (hhk) qspbmen deioed bempx. whe hhk qspbmen it opu hasdes uhao uhe ghk aod uhe ho qspbmen. heioiuipo . . gpotides uhe fpmmpxiog eyqesineou (tee Figvse . ): po ioqvu , a czcmic gspvq = ⟨ ⟩ pf psdes it geoesaued xhese ⎱iz⎢( ) = . ghppte saodpn ovnbest biu

←ℤ , $

← ℤ , cpnqvue $

=

,

← { , }. eo adwestasz pbuaiot , , , , $

=

,

aod

(if

emeneou ← (if = ). whe adwestasz usiet up gvett pvuqvu pf uhe eyqesineou it if ′ = , aod puhesxite. $

whe hhk-adwaouage pf ⎢⎡v

it

DDH

( )=|

[

′

= ]−

[

′

=

aod chppte a saodpn

= ) ps a voifpsn saodpn aod pvuqvut a biu

′

. whe

≠ ] |.

whe hhk qspbmen it hasd semauiwe up uhe geoesauipo pf gspvq qasaneuest, if fps ewesz DDH qspbabimituic qpmzopniam uine adwestasz , uhe adwaouage ⎢⎡v ( ) it oegmigibme io uesnt pf . ♢ lf uhe ho qspbmen ps uhe ghk qspbmen it eatz, uheo uhe hhk qspbmen it eatz, upp, bvu uhe cpoweste it opu lopxo. whe hhk attvnquipo it uhesefpse tuspoges uhao uhe ho attvnquipo. whepsen . . lf uhe hhk qspbmen it hasd semauiwe up uhe geoesauipo pf gspvq qasaneuest, uheo uhe hiie-kemmnao lez eychaoge qspupcpm it tecvse io uhe qseteoce pf ao eawetdspqqes (iey-tecvse).

. nez ituabmithneou

ghammeoges

edwestasz

, ←ℤ ,

, , , , ′

hituiogvith

Figvse

′

′

$

=

← { , }, ← $

={

if if

$

= =

gpnqase aod pvuqvu ps

,

′

=

,

. . hecitipoam hiie-kemmnao (hhk) eyqesineou.

uenasl . . lu it opu diicvmu up thpx uhau tpmwiog uhe abpwe hhk eyqesineou aod dituiogvithiog a hiie-kemmnao thased tecseu fspn a voifpsn saodpn emeneou ase erviwameou qspbment (tee [no ]). qpue uhau it ao emeneou pf gspvq . whe abpwe whepsen uhesefpse serviset a tmighumz npdiied lez dituiogvithabimiuz eyqesineou: uhe lez aod uhe saodpn emeneou ase fspn gspvq iotuead pf ao -biu tusiog. emuesoauiwemz, poe aqqmiet a lez desiwauipo fvocuipo up usaotfpsn uhe thased tecseu lez ioup a bioasz tusiog. uenasl . . lu it inqpsuaou up pbteswe uhau uhe qmaio hiie-kemmnao qspupcpm dpet opu qspuecu agaiotu acuiwe adwestasiet. lf ao auuacles it abme up seqmace aod xiuh uheis pxo qasaneuest, uheo uhez cao qesfpsn a pao-io-uhe-piddme auuacl. whe qspbmen pf uhe qmaio hiie-kemmnao qspupcpm it uhe macl pf avuheouiciuz (tee uenasl . ). lo qsacuice, poe pfueo tigot uhe qvbmic lezt io psdes up qspwe uheis avuheouiciuz. vigoauvset ase cpwesed io ghaques . kpxewes, tpne ittvet senaio, becavte au tpne qpiou a usvtued qvbmic lez (a usvtu aochps) it oeeded.

10.4. Diffie-Hellman using Subgroups of ℤ∗

whe nvmuiqmicauiwe gspvq ℤ∗ aod iut tvbgspvqt ase pfueo vted io a hiie-kemmnao lez eychaoge. lo facu, uhe psigioam cpotusvcuipo io [hk ] xat bated po uhit uzqe pf gspvq. whe idea it uhau uhe npdvmas qpxes fvocuipo ( ) = npd it a poe-xaz qesnvuauipo, xhich it eatz up cpnqvue bvu it hasd up iowesu if uhe qasaneuest aod ase qspqesmz chpteo.

lf it a qsine, uheo ℤ∗ = ( )∗ it a czcmic gspvq pf psdes − (tee whepsen ∗ . ). eoz ∈ ℤ geoesauet a czcmic tvbgspvq pf psdes = ⎭⎰⎡( ) ∣ − aod cpvmd be vted io uhe qspupcpm, bvu tioce uhe ditcseue mpgasiuhn qspbmen nvtu be hasd, thpvmd be masge. kpxewes, uhit cpodiuipo it opu tvicieou if cao be facupsi{ed ioup

. . hiie-kemmnao vtiog vvbgspvqt pf ℤ∗ a qspdvcu pf tnamm qsinet. Fps uhe hasdoett pf uhe ditcseue mpgasiuhn aod uhe hhk qspbmen, iu it adwitabme fps up be a masge qsine. vvqqpte uhau ℎ it a geoesaups pf ℤ∗ , i.e., ⎭⎰⎡(ℎ) =

− , aod − =

a masge qsine. wheo ⎭⎰⎡(ℎ ) = = aod = ⟨ℎ ⟩ it a czcmic gspvq pf qsine psdes . ze meu = ℎ aod uhvt pbuaio hiie-kemmnao qasaneuest. −

, xhese it

Fvsuhesnpse, tafe qsinet ase vtefvm io uhe geoesauipo pf hiie-kemmnao qasane− uest. e qsine it cammed tafe if = it qsine. wheo − = aod uhe psdes pf aoz ∗ emeneou ∈ ℤ xiuh ≢ ± it eiuhes − ps .

iyanqme . . oeu = . rf cpvste, it nvch upp tnamm up be tecvse. roe hat ⎭⎰⎡(ℤ∗ ) = − = ⋅ , tp it a tafe qsine. ze ase mppliog fps a geoesaups pf ℤ∗ aod usz ℎ = npd . lo facu, ⎭⎰⎡(ℎ) = , i.e., ℎ it a qsiniuiwe sppu npd , tioce ℎ =

≢

aod ℎ

≡

≢

npd

(tee emgpsiuhn . ). keoce ℎ geoesauet uhe fvmm nvmuiqmicauiwe gspvq pf psdes = ℎ geoesauet a tvbgspvq pf qsine psdes .

aod

( ) ze qesfpsn a hiie-kemmnao lez eychaoge xiuh uhe qasaneuest = ℤ∗ , ℎ = npd aod ⎭⎰⎡(ℎ) = . emice temecut = aod teodt = npd ≡ up fpb. fpb chpptet = aod usaotniut = npd ≡ up emice. emice cpnqvuet = = npd ≡ aod fpb pbuaiot uhe tane lez = = npd ≡ . ( ) veu = ℎ = npd aod = eychaoge vtiog , aod = ⎭⎰⎡( ) npd ≡ up fpb. fpb chpptet emice cpnqvuet = npd ≡

⟨ ⟩ ⊂ ℤ∗ aod qesfpsn a hiie-kemmnao = . emice temecut = aod teodt = = aod teodt npd ≡ up emice. aod fpb geut = npd ≡ . ♢

lo qsacuice, tuaodasdi{ed qasaneuest , aod ase vted. e teu pf qse-deioed qasaneuest it cammed a hiie-kemmnao gspvq. qpue uhau – io cpousatu up uve – uhe hiiekemmnao qasaneuest , aod cao be se-vted. kpxewes, ewesz lez eychaoge thpvmd vte fseth voifpsn saodpn eyqpoeout aod (tee iyescite ). iyanqme

. . uFg

p = FFFFFFFF D8B9C583 7D2FE363 2433F51F 984F0C70 30ACCA4F B96ADAB7 0B07A7C8 9172FE9C 3BB5FCBC 886B4238 g = 2

FFFFFFFF CE2D3695 630C75D8 5F066ED0 E0E68B77 483A797A 60D7F468 EE0A6D70 E98583FF 2EC22005 61285C97

[Gim ] deioet a ADF85458 A9E13641 F681B202 85636555 E2A689DA BC0AB182 1D4F42A3 9E02FCE1 8E4F1232 C58EF183 FFFFFFFF

A2BB4A9A 146433FB AEC4617A 3DED1AF3 F3EFE872 B324FB61 DE394DF4 CDF7E2EC EEF28183 7D1683B2 FFFFFFFF

-biu hiie-kemmnao gspvq: AFDC5620 CC939DCE D3DF1ED5 B557135E 1DF158A1 D108A94B AE56EDE7 C03404CD C3FE3B1B C6F34A26

273D3CF1 249B3EF9 D5FD6561 7F57C935 36ADE735 B2C8E3FB 6372BB19 28342F61 4C6FAD73 C1B2EFFA

. nez ituabmithneou

whe gspvq psdes it

=

−

.

♢

Fioammz, xe bsielz ditcvtt uhe eicieocz pf hiie-kemmnao. whe hiie-kemmnao lez eychaoge serviset uxp eyqpoeouiauipot bz each cpnnvoicauipo qasuoes. whe qvbmic lezt = aod = cao be qse-cpnqvued if uhe gspvq aod uhe geoesaups ase lopxo io adwaoce. wheo uhe thased tecseu cao be deuesnioed xiuh pomz poe eyqpoeouiauipo bz each qasuz. whe npdvmvt it , bvu uhe eyqpoeou it bpvoded bz . whesefpse, uhe svooiog uine pf uhe npdvmas eyqpoeouiauipot it (⎱iz⎢( ) ⎱iz⎢( )).

10.5. Discrete Logarithm

ze hawe teeo uhau tpmwiog uhe ditcseue-mpgasiuhn (ho) qspbmen bsealt uhe hiiekemmnao lez eychaoge. lo uhe fpmmpxiog, xe giwe a bsief pweswiex pf eyituiog amgpsiuhnt up cpnqvue ditcseue mpgasiuhnt. vvqqpte uhau a czcmic gspvq (opu oecettasimz a tvbgspvq pf ℤ∗ ), a geoesaups pf psdes , = ⎱iz⎢( ) aod = ase giweo. ze ase mppliog fps amgpsiuhnt cpnqvuiog uhe eyqpoeou . qpue uhau xe vte uhe nvmuiqmicauiwe opuauipo fps uhe gspvq .

rbwipvtmz, poe cao cpnqvue ∈ fps amm eyqpoeout ≤ < aod cpnqase uhe setvmu xiuh . whe cpnqmeyiuz pf uhit aqqspach it ( ) = ( ) (io uhe xpstu cate) aod heoce eyqpoeouiam. whit cao be sedvced up (√ ) = ( / ), xhich it tuimm eyqpoeouiam, vtiog vhaol’t fabztueq-jiaoutueq amgpsiuhn: meu = ⌊√ ⌋; uheo uhe volopxo eyqpoeou cao be xsiuueo at =

+ , xhese
. ze enqhati{e uhau a neatvseneou pvuqvut pomz poe bioasz xpsd pf meoguh aod uhe qspbabimiuz pf beiog neatvsed it | | .

13.3. Quantum Algorithms gmatticam fppmeao ciscviut usaotfpsn ioqvu biut ioup pvuqvu biut. qpu tvsqsitiogmz, rvaouvn ciscviut qspcett rvbiut. whe batic bvimdiog bmpclt pf rvaouvn ciscviut ase rvaouvn mpgic gauet, xhich inqmeneou voiuasz (aod uhesefpse sewestibme) usaotfpsnauipot po

. tvaouvn gpnqvuiog

rvbiut. whit it a nakps difeseoce up cmatticam ciscviut, xhich ase pfueo opu sewestibme, fps eyanqme uhe emeneouasz eqh ps ru gauet. kpxewes, uhit dpet opu qpte a tesipvt setusicuipo, tioce uhese ase iowesuibme aoampgvet pf uhe cmatticam gauet. lu uvsot pvu uhau ewesz cmatticam ciscviu hat a rvaouvn aoampgve, giwiog uhe tane pvuqvu po uhe batit tuauet, bvu amtp qspcettiog tvqesqptiuipot pf uhe batit tuauet. heioiuipo . . whe cpouspmmed-qrw pqesauipo tuauet | ⟩ aod | ⟩ it giweo bz

| , ⟩=| , ⊕ ⟩

po uxp ioqvu rvbiut xiuh batit

(tee Figvse . ). whit usaotfpsnauipo acut po uhe batit tuauet at fpmmpxt: uhe istu biu (uhe cpouspm biu) it vochaoged aod uhe tecpod biu (uhe uasgeu biu) it liqqed if uhe cpouspm biu it . whe tuauet | ⟩ aod | ⟩ ase uhvt vochaoged, | ⟩ it naqqed up | ⟩ aod | ⟩ up | ⟩. whe gqrw gaue it seqseteoued bz uhe voiuasz nausiy ⎟, ⎟ ⎠

=

tioce uhe istu uxp batit tuauet senaio vochaoged, xhime uhe uhisd aod uhe fpvsuh batit tuaue ase txaqqed. ♢ | ⟩

| ⟩

| ⟩⊕| ⟩

| ⟩

Figvse

. . gpouspmmed qrw gaue.

gqrw cao qspdvce eouaogmed tuauet aod uhit uxp-biu gaue it opu uhe ueotps qspdvcu pf uxp tiogme-rvbiu gauet. Fps eyanqme, uxp rvbiut ase usaotfpsned ioup uhe femm tuaue: (

√

(| ⟩ + | ⟩)) =

√

(| ⟩ + | ⟩) .

gqrw it ao eyanqme pf a uxp rvbiu cpouspmmed gaue (tee Figvse . ): if uhe istu (cpouspm) rvbiu it | ⟩, uheo a tiogme rvbiu pqesauipo it qesfpsned po uhe tecpod (uasgeu) rvbiu. lf uhe cpouspm rvbiu it | ⟩, uheo uhe uasgeu rvbiu it vochaoged (tee Figvse . ). whe cpouspmmed gaue it seqseteoued bz a × nausiy pf fpvs × bmpclt, xhese it uhe × ideouiuz nausiy: (

).

gqrw it a cpouspmmed gaue xiuh = (savmi- ). whe gqrw gaue it etqeciammz inqpsuaou, tioce tiogme rvbiu aod gqrw gauet ase voiwestam.

. . tvaouvn emgpsiuhnt

Figvse

. . gpouspmmed

gaue.

whepsen . . viogme rvbiu gauet aod uhe gqrw gaue ase tvicieou up inqmeneou ao asbiusasz voiuasz pqesauipo po rvbiut. ssppf. ze sefes up [Ng ] fps a qsppf. Fistumz, poe thpxt uhau ao asbiusasz voiuasz nausiy cao be decpnqpted ioup a qspdvcu pf uxp-mewem voiuasz nausicet, xhese au nptu uxp cppsdioauet ase chaoged. vecpodmz, ciscviut fspn uxp-mewem voiuasz nausicet ase bvimu fspn tiogme rvbiu aod gqrw gauet. □ uenasl . . eu uhe uine pf xsiuiog, lfp pfest rvaouvn cpnqvuest aod tinvmaupst fps qvbmic vte (https://quantum-computing.ibm.com). Ypv cao cseaue aod svo zpvs pxo amgpsiuhnt po rvaouvn dewicet vtiog a gsaqhicam cpnqptes ps a tvaouvn ettenbmz oaogvage gpde (tevp) ediups. giscviut ase bvimu fspn a teu pf emeneouasz gauet ( , , , , , , gqrw, … ), aod cpnbioauipot pf uhen cao eyqsett npse cpnqmicaued voiuasz usaotfpsnauipot. emtp mppl au uhe pqeo tpvsce fsanexpsl titliu (https://qiskit.org) fps xpsliog xiuh opitz rvaouvn cpnqvuest. paoz rvaouvn amgpsiuhnt uale at ioqvu a tvqesqptiuipo pf uhe batit tuauet. whe tiogme rvbiu kadanasd gaue (tee vecuipo . ) usaotfpsnt uhe batit tuaue | ⟩ ioup uhe tvqesqptiuipo

(| ⟩ + | ⟩) . √ whe zamth-kadanasd usaotfpsnauipo geoesami{et uhit up a tztuen pf be inqmeneoued bz qasammem kadanasd gauet.

rvbiut. lu cao

heioiuipo . . whe zamth-kadanasd usaotfpsnauipo acut po a tztuen pf rvbiut aod it deioed bz = ⊗ ⊗⋯⊗ = ⊗ . ♢

whe zamth-kadanasd usaotfpsnauipo usaotfpsnt uhe {esp tuaue ioup a bamaoced tvqesqptiuipo pf amm batit tuauet (tee Figvse . ): ⊗

|

… ⟩=

=

√ √

(| ⟩ + | ⟩) ⊗ (|

… ⟩+|

√

(| ⟩ + | ⟩) ⊗ ⋯ ⊗

… ⟩+⋯+|

√

… ⟩) .

(| ⟩ + | ⟩)

. tvaouvn gpnqvuiog

|

⟩

Figvse

√

∑

∈{ , }

| ⟩

. . zamth-kadasnasd usaotfpsnauipo.

whe tecpod ervauipo fpmmpxt fspn uhe facu uhau uhe ueotps qspdvcu it mioeas io each cpnqpoeou.

tvaouvn amgpsiuhnt cao vte uhit tvqesqptiuipo up tinvmuaoepvtmz cpnqvue amm wamvet pf a wecupsiam fppmeao fvocuipo ∶ { , } → { , } . vioce naz opu be iowesuibme (xhich it amxazt uhe cate if ≠ ), bvu rvaouvn ciscviut nvtu be iowesuibme, hat up be uxealed. jiweo , xe deioe ∶ { , } + → { , } + bz ( , ) = ( , ⊕ ( )).

rbwipvtmz, it iowesuibme aod − = . whe cpssetqpodiog voiuasz usaotfpsnauipo po a tztuen pf + rvbiut it giweo bz (| , ⟩) = | , ⊕ ( )⟩

(tee Figvse . ). vvch a usaotfpsnauipo cao be eicieoumz inqmeneoued bz cpnbioiog emeneouasz gauet. | ⟩

| ⟩

| ⊕ ( )⟩

| ⟩

Figvse

. . xoiuasz usaotfpsnauipo attpciaued up a fppmeao fvocuipo .

iyanqme . . oeu ( , ) = be uhe cmatticam eqh pqesauipo po uxp ioqvu biut (tee wabme . ). whe cpssetqpodiog iowesuibme fvocuipo it ∶ { , } → { , } , xhese ( , , )=( , , ⊕ ). whe rvaouvn usaotfpsnauipo it cammed a wpfpmi gaue aod it giweo bz (| , , ⟩) = | , , ⊕ ⟩ po uhsee ioqvu rvbiut xiuh uhe batit tuauet | ⟩, | ⟩ aod | ⟩.

♢

roe cao mewesage up cpnqvue bz teuuiog uhe tecpod ioqvu cpnqpoeou up uhe {esp tusiog . wheo ( , ) = ( , ( )) aod uhvt | , ⟩ = | , ( )⟩. Fvsuhesnpse, naqt a tvqesqptiuipo ∑ | , ⟩ up ∑

∈{ , }

| , ( )⟩ .

. . tvaouvn emgpsiuhnt

ze cpnbioe uhe zamth-kadasnasd usaotfpsnauipo (po uhe istu rvbiut) aod . whit usaotfpsnt uhe {esp tuaue ioup a tvqesqptiuipo pf amm wamvet pf (tee Figvse . ): (

|

⟩,

)=

(

√

∑

∈{ , }

| ,

⟩) =

√ √

√ ∑

∈{ , }

∑

∈{ , }

∑

∈{ , }

| , ( )⟩ .

| ⟩

| ( )⟩

Figvse . . loqvu pf uhe ciscviu it uhe {esp tuaue aod pvuqvu it uhe tvqesqptiuipo pf amm wamvet pf .

whe tinvmuaoepvt cpnqvuauipo pf amm wamvet pf a fvocuipo mpplt nisacvmpvt. kpxewes, uhe tuaue it opu disecumz accettibme aod a neatvseneou pomz eyusacut a tiogme wamve. Fvsuhesnpse, uhe pvuqvu it qspbabimituic, aod wamvet xiuh a wesz tnamm cpeicieou, i.e., a tnamm qspbabimiuz, amnptu oewes pccvs. roe uhesefpse hat up cpotusvcu a cmewes rvaouvn amgpsiuhn, xhich nalet vte pf uhe tvqesqptiuipo aod pvuqvut uhe servetued wamve xiuh a tigoiicaou qspbabimiuz. roe pf uhe nptu inqpsuaou amgpsiuhnt it uhe tvaouvn Fpvsies wsaotfpsn, xhich xe tuvdz io uhe fpmmpxiog tecuipo. qeyu, xe eyqmaio uhe hevutch-mpt{a emgpsiuhn (tee Figvse . ). lu immvtusauet uhe caqabimiuiet pf rvaouvn amgpsiuhnt, amuhpvgh uhe vodesmziog qspbmen it pf miniued iouesetu. |

⟩

| ⟩

�

Figvse . . hevutch-mpt{a amgpsiuhn. whe neatvseneou qspdvcet a cmatticam bioasz tusiog � pf meoguh . lf � = it neatvsed uheo nvtu be cpotuaou, puhesxite, it bamaoced.

vvqqpte a fppmeao fvocuipo ∶ { , } → { , } it eiuhes cpotuaou ps bamaoced, i.e., uhe ovnbes pf ioqvu tusiogt hawiog uhe pvuqvu aod it ervam. e cmatticam opoqspbabimituic amgpsiuhn serviset (io uhe xpstu cate) − + fvocuipo cammt io psdes up deuesnioe xheuhes ps opu it bamaoced. whit it pomz featibme fps tnamm . lo cpousatu,

. tvaouvn gpnqvuiog

uhe hevutch-mpt{a rvaouvn amgpsiuhn it qpmzopniam io . whe istu tueq pf uhe hevutchmpt{a amgpsiuhn it up aqqmz uhe zamth-kadanasd usaotfpsnauipo ⊗( + ) up uhe ioqvu tuaue | , ⟩. vioce | ⟩ = (| ⟩ − | ⟩), xe pbuaio uhe tuaue √

| ⟩=( =

=

⊗

⊗

√

|

⊗

)(| ⟩ ⊗ ⋯ ⊗ | ⟩ ⊗ | ⟩)

⟩⊗

+

∑

∈{ , }

| ⟩

| ⟩ ⊗ (| ⟩ − | ⟩).

(| , ⟩) = | , ⊕ ( )⟩ it aqqmied up uhe tuaue :

qeyu,

| ⟩=

√

∑

+

∈{ , }

| ⟩ ⊗ ((| ⟩ − | ⟩) ⊕ ( )).

vvqqpte | ⟩ it a batit tuaue | … ⟩. lf ( ) = uheo | ⟩ − | ⟩ senaiot vochaoged. lf ( ) = uheo | ⟩ − | ⟩ it naqqed up | ⟩ − | ⟩ = −(| ⟩ − | ⟩). lo bpuh catet, xe hawe (| ⟩ − | ⟩) ⊕ ( ) = (− )

aod uhvt pbuaio

| ⟩=

lo uhe oeyu tueq, ⊗ ⊗ cao checl uhe eyqaotipo

(tee iyescite ), xhese (

⊗

⊗

)(

√

∑ (− )

+

∈{ , }

it aqqmied up ⊗

| ⟩=

√

( )

( )

(| ⟩ − | ⟩),

| ⟩ ⊗ (| ⟩ − | ⟩).

| ⟩, tp uhau | ⟩ it naqqed up ∑ (− )

∈{ , }

⋅

| ⟩

⋅ it uhe dpu qspdvcu npdvmp . whit ziemdt

| ⟩) =

Fioammz, xe neatvse uhe istu

∑

∈{ , }

∑

∈{ , }

(− )

( )+ ⋅

| ⟩⊗

√

∈{ , }

(− )

( )

,

| ⟩. roe

(| ⟩ − | ⟩) .

rvbiut. whe cpeicieou pf uhe batit tuaue | ∑

⊗

⟩ it

tioce = pbwipvtmz ziemdt ⋅ = fps amm ∈ { , } . lf it cpotuaou, uheo uhe abpwe cpeicieou it eiuhes ps − . keoce uhe qspbabimiuz pf neatvsiog it ervam up aod aoz neatvseneou nvtu giwe . ro uhe puhes haod, if it bamaoced uheo qptiuiwe aod oegauiwe uesnt caocem aod uhe qspbabimiuz pf neatvsiog it . whe hevutch-mpt{a amgpsiuhn pvuqvut it cpotuaou, if a neatvseneou giwet , aod puhesxite it bamaoced. whit setvmu it amxazt cpssecu aod uhe rvaouvn amgpsiuhn svot io qpmzopniam uine.

. . tvaouvn Fpvsies wsaotfpsn

13.4. Quantum Fourier Transform whe hevutch-mpt{a amgpsiuhn denpotusauet uhau neatvsiog a rvaouvn tuaue cao qspwide vtefvm iofpsnauipo. whe tvaouvn Fpvsies wsaotfpsn it a lez amgpsiuhn, xhich eicieoumz iodt a qesipd pf a masge ioqvu wecups. lo vecuipo . bempx xe ximm tee hpx uhit cao be mewesaged up tpmwe uhe facupsiog qspbmen. whe cmatticam hitcseue Fpvsies wsaotfpsn (hFw) it a bikecuiwe ℂ-mioeas naq po ℂ . e terveoce pf cpnqmey ovnbest (io uhe ditcseue uine dpnaio) it naqqed up uhe fserveocz dpnaio. whe setvmuiog wecups pf cpnqmey Fpvsies cpeicieout seweamt uhe qesipdic tusvcuvse pf uhe ioqvu daua. vvqqpte uhe ioqvu wecups it uhe cpnqmey wecups ( , , … , it ( , , … , − ) aod uhe Fpvsies cpeicieout ase deioed bz =

√

−

∑ =

− ��

/

, xhese

= , , …,

−

). wheo uhe hFw

− .

ze opue uhau uhe abpwe voiuasz hFw difest fspn puhes wasiaout bz a opsnami{auipo facups. whe cpnqvuauipo cao be accemesaued vtiog uhe Fatu Fpvsies wsaotfpsn (FFw). whe hFw it giweo bz uhe fpmmpxiog voiuasz × nausiy: =

xhese

=

− ��/

√

−

it a qsiniuiwe

( − )

… … … … …

−

( − )

( − )( −

⎟ ⎟, ⎟ ) ⎠

-uh sppu pf voiuz.

whe psigioam daua cao be secpwesed fspn uhe Fpvsies cpeicieout vtiog uhe ioweste hFw: =

√

−

∑ =

��

/

, xhese

whe cpssetqpodiog nausiy pf uhe ioweste hFw it nausiy.

= , , …, −

=

− .

, uhe cpokvgaue usaotqpte

whe hFw cpnqvuet uhe ditcseue tqecusvn pf uhe ioqvu daua. lf uhe daua pf meoguh it -qesipdic aod it diwitibme bz , uheo uhe Fpvsies cpeicieout ase opo{esp pomz it ao fps nvmuiqmet pf . lo geoesam, a Fpvsies anqmiuvde | | ≫ iodicauet uhau aqqspyinaue nvmuiqme pf uhe qesipd.

. tvaouvn gpnqvuiog iyanqme . . oeu = ( , , , ) be a daua wecups pf meoguh = -qesipdic. whe voiuasz × nausiy uhau detcsibet uhe hFw it −� − �

=

−

= . whe daua it

� ⎟. − ⎟ −� ⎠

−

ze cpnqvue uhe Fpvsies cpeicieout = = ( , , − , ) . romz uhe cpeicieout aod ase opo{esp aod heoce it = -qesipdic. whe ioqvu wecups cao be secpwesed

fspn uhe Fpvsies cpeicieout bz cpnqvuiog

=

=

−

.

♢

lo a rvaouvn teuuiog, xe xaou up cpnqvue uhe hFw pf a masge ioqvu wecups ( , , … , − ) pf meoguh = aod iod a hiddeo qesipd pf uhe daua. whe batic idea it uhau uhe iodicet xiuh Fpvsies cpeicieout | | ≫ seweam uhe qesipd. whe neatvseneou pf a tuaue wecups pf Fpvsies anqmiuvdet ximm giwe tvch iodicet xiuh a tigoiicaou qspbabimiuz. whe tvaouvn Fpvsies wsaotfpsn (tFw) dpet a hFw po uhe anqmiuvdet pf uhe rvaouvn tuaue aod pvuqvut a tvqesqptiuipo pf Fpvsies cpeicieout: | ⟩=

whe tcamiog facups cpeicieout ase

−

∑

| ⟩ ↦

=

−

∑

| ⟩=

=

| ⟩.

eotvset uhau uhe cpeicieou wecups pf | ⟩ it opsnami{ed. whe Fpvsies =

√

−

∑ =

��

/

.

qpue uhau uhe abpwe tFw vtet uhe qsiniuiwe -uh sppu pf voiuz = ��/ aod opu uhe cpokvgaue wamve − ��/ . roe cao thpx uhau uhe tFw hat ao eicieou ciscviu aod svot io uine (⎱iz⎢( ) ). lo uhe tinqmetu cate ( = ), uhe tFw it giweo bz a tiogme kadanasd gaue. qpx, tvqqpte uhau uhe ioqvu wecups ( , , … , − ) it -qesipdic, xhese it ao − volopxo qesipd beuxeeo aod . roe qseqaset uhe tuaue | ⟩ = ∑ = | ⟩ pf ao -rvbiu tztuen, aqqmiet uhe tFw aod neatvset uhe tuaue

a high qspbabimiuz, uhe neatvsed pvuqvu

| ⟩=

∑

− =

it ao aqqspyinaue nvmuiqme pf

.

| ⟩. ziuh

13.5. Shor’s Factoring Algorithm whe attvnquipo uhau facupsiog it a hasd qspbmen qmazt ao inqpsuaou spme io qvbmic-lez cszqupgsaqhz, aod etqeciammz fps uve eocszquipo aod tigoauvse tchenet. whe nptu eicieou cmatticam facupsiog amgpsiuhn it uhe qvnbes Fiemd viewe, xhich hat tvbeyqpoeouiam cpnqmeyiuz (tee vecuipo . ). lo , seues vhps fpvod a rvaouvn amgpsiuhn

. . vhps’t Facupsiog emgpsiuhn

uhau svot io qpmzopniam uine ([vhp ]). whit amgpsiuhn it a nakps aqqmicauipo pf rvaouvn cpnqvuiog. lu hat beeo tvccettfvmmz inqmeneoued fps upz eyanqmet (mile facupsiog = ⋅ ) aod ximm cesuaiomz be aqqmied up seam-xpsmd qspbment at tppo at rvaouvn cpnqvuest xiuh uhpvtaodt pf rvbiut becpne awaimabme. vhps’t amgpsiuhn iodt a hiddeo qesipd pf a fvocuipo aod it bated po uhe tvaouvn Fpvsies wsaotfpsn.

Fistumz, xe eyqmaio hpx up desiwe uhe volopxo facupst pf a cpnqptiue ovnbes fspn uhe nvmuiqmicauiwe psdes pf ao emeneou ∈ ℤ∗ . qpue uhau uhe nvmuiqmicauiwe psdes pf it amtp uhe meatu qesipd pf uhe fvocuipo ( ) = npd . vvqqpte uhau = , xhese it lopxo aod , ase volopxo. ghppte a voifpsn saodpn ioueges xiuh < < . lf g⎠⎡( , ) ≠ , uheo g⎠⎡( , ) it eiuhes ps aod uhe volopxo facupst ase fpvod. kpxewes, uhe qspbabimiuz pf g⎠⎡( , ) ≠ it wesz tnamm if uhe qsine facupst ase masge aod it saodpnmz chpteo. qpx attvne uhau g⎠⎡( , ) = ; uheo

npd

∈ ℤ∗ aod

= ⎭⎰⎡( ) ∣ ⎭⎰⎡(ℤ∗ ) = ( − )( − )

(tee gpspmmasz . ). fz deioiuipo, aod uhvt ∣ ( / − )( uxp qpttibimiuiet: ( ) ( )

− =(

/

/

≡

− )(

npd /

. lf it eweo, uheo

+ )≡

npd

+ ). vioce ⎭⎰⎡( ) ≠ , xe hawe

,

∤(

/

− ) aod uhese ase

diwidet poe pf uhe uxp facupst aod diwidet uhe puhes. lo uhit cate g⎠⎡( giwet ps . ∣(

/

/

+ , )

+ ), uheo uhe amgpsiuhn faimt aod poe hat up chppte aopuhes bate .

whe amgpsiuhn it tvccettfvm if it eweo aod ∤ ( / + ). gmptes aoamztit thpxt uhau uhe qspbabimiuz pf tvccett it au meatu % (cpnqase [Ng ]): meu aod be uhe psdes pf io ℤ∗ aod ℤ∗ , setqecuiwemz. wheo it pdd if aod pomz if aod ase pdd (tee iyescite ). qpx tvqqpte uhau it eweo aod it uhe nayinam qpxes pf uhau diwidet . ze hawe / + ≡ npd if aod pomz if / ≡ − npd aod / ≡ − npd . ∣ aod ∣ . whit serviset ∤ aod ∤ . vioce ∣ aod ∣ , xe pbuaio lf

vvnnasi{iog, uhe amgpsiuhn faimt if eiuhes ∤ aod ∤ ps ∣ aod ∣ . it chpteo voifpsnmz au saodpn, uheo uhe qspbabimiuz fps uhit up haqqeo it au nptu %.

iyanqme . . oeu = aod = ; uheo g⎠⎡( , ) = . vvqqpte xe lopx uhe psdes pf npd io uhe nvmuiqmicauiwe gspvq ℤ∗ : uhe psdes it = ⎭⎰⎡( npd ) = aod uhit it ao eweo ovnbes. ze pbuaio /

+ =

+ ≡

ze cpnqvue g⎠⎡( + , ) = g⎠⎡( , ) = = . qpue uhau g⎠⎡( / − , ) = g⎠⎡( , /

npd

.

aod pbuaio poe pf qsine facupst pf ) = giwet uhe puhes facups pf .

. tvaouvn gpnqvuiog = ⎭⎰⎡( npd ) =

lo facu, xe tvcceeded io uhit eyanqme tioce ⎭⎰⎡( npd ) = it pdd.

|

it eweo aod

= ♢

| ⟩

⟩

Figvse . . vhps’t amgpsiuhn vtet uhe tvaouvn Fpvsies wsaotfpsn aod iodt a hiddeo qesipd pf a fvocuipo .

qpx, uhe rvaouvn qasu pf vhps’t amgpsiuhn it up cpnqvue uhe volopxo psdes pf a giweo setidve cmatt ∈ ℤ∗ . Fps uhau qvsqpte, poe qseqaset a tvqesqptiuipo pf ioqvu wamvet = , , … , − aod tinvmuaoepvtmz cpnqvuet amm npd . whe wamvet ase -qesipdic, i.e., ≡ + . whe tFw it aqqmied up uhe tuaue aod xe ximm tee uhau a neatvseneou seweamt uhe qesipd xiuh high qspbabimiuz. whe terveoce nvtu be tigoiicaoumz mpoges uhao uhe qesipd aod iu uvsot pvu uhau = xiuh ≤ ≤ it a seatpoabme chpice.

ze wiex ( ) = npd at a fppmeao fvocuipo. whe cpssetqpodiog voiuasz usaotfpsnauipo po rvaouvn biut it | , ⟩ = | , ⊕ ( )⟩. whe istu segitues hat rvbiut aod uhe tecpod hat = ⎱iz⎢( ) rvbiut.

whe zamth-kadanasd usaotfpsnauipo naqt | ⟩ = | ⟩ up a tvqesqptiuipo pf amm batit tuauet. ze teu | ⟩ = | ⟩, aqqmz aod pbuaio uhe tuaue | ⟩=

qeyu, uhe tFw pqesaups chaoged: (

(

| ⟩,|

⟩) =

−

∑ | , ( )⟩ .

√

=

it aqqmied up uhe istu segitues xhime uhe tecpod senaiot vo-

⊗

−

−

∑ ∑

)| ⟩ =

=

=

��

/

| , ( )⟩ .

Fioammz, uhe istu segitues it neatvsed (tee Figvse . ). whe tecpod segitues ualet a saodpn wamve ∈ � ( ) aod uhe qspbabimiuz pf neatvsiog | , ⟩ it | | | |

∶

∑

( )=ᵆ

��

/

| | . | |

whese it a high qspbabimiuz uhau it ao aqqspyinaue nvmuiqme pf || − � |

|| < |

| ⇒ ||

�| − ||
≥ ≥

> ≥

… … ⋮ … >

… … …

⎟. ⎟ ⎠

kqFt amtp eyitu fps geoesam × nausicet, i.e., xiuhpvu uhe cpodiuipo vioce xe pomz cpotides mauuicet pf fvmm saol, uhit it opu oeeded hese.

( )= .

iwesz ioueges nausiy cao be usaotfpsned ioup a nausiy io kqF fpsn:

sspqptiuipo . . oeu be a × nausiy pwes ℤ xiuh ( ) = aod ≤ . wheo uhese eyitut a voinpdvmas × nausiy , tvch uhau = it io kqF. Fvsuhesnpse, uhe cpmvnot pf aod geoesaue uhe tane mauuice Λ ⊂ ℝ .

ssppf. whe nausiy cao be cpnqvued bz javttiao eminioauipo. whe fpmmpxiog pqesauipot ase tvicieou: txaqqiog uxp cpmvnot, nvmuiqmziog a cpmvno bz − aod addiog ao ioueges nvmuiqme pf a cpmvno up aopuhes cpmvno. whete pqesauipot ase giweo bz a nvmuiqmicauipo xiuh a voinpdvmas nausiy po uhe sighu. ze meawe uhe deuaimt up uhe seades. □ uenasl . . ebpwe, xe cpotidesed uhe cpmvno-tuzme kqF. whese it amtp a spx-tuzme kqF pf nausiy io vqqes-usiaogvmas fpsn xhese = . fpuh kqFt ase usaotqptet pf each puhes. iyanqme

. . ( ) ze cpnqvue uhe kqF pf

aod

io iyanqme

. . oeu

=

{� , � } = {( ) , ( )}. veu � ← (−� ) + � aod txaq � aod � . ze pbuaio uhe − kqF =(

qpx cpotides uhe tecpod batit

).

= {( ) , ( )}. veu � ← (−� ) + � , giwiog − −

). qpx teu � ← (− � ) + � aod � ← � + � . whit giwet − − at abpwe. lo facu, aod geoesaue uhe tane mauuice. (

( ) gpotides a tmighumz npse cpnqmicaued eyanqme: =(

− − −

).

=(

)

. oauuice-bated gszqupgsaqhz

ze meu vagepauh cpnqvue uhe kqF: sage: A= matrix (ZZ ,[[2 , -6 ,12 ,4] ,[10 , -30 ,11 ,6] ,[2 , -6 ,4 ,5]]) sage: H=A. transpose (). hermite_form (). transpose (); H [ 2 0 0 0] [ 3 7 0 0] [14 11 23 0]

vioce vagepauh cpnqvuet a spx-tuzme kqF, xe hawe up add transpose() pqesauipot. whe cpmvnot pf aod geoesaue uhe tane mauuice; uhe uhsee opo{esp cpmvnot pf fpsn a batit pf uhe mauuice. ♢ emuhpvgh naoz mauuicet dp opu qpttett ao psuhpgpoam batit, a gppd batit thpvmd hawe amnptu psuhpgpoam wecupst. heioiuipo bz

. . whe psuhpgpoamiuz defecu pf a batit ‖ ‖⋯‖ ‖ . ⎡⎢⎲(Λ)

, …,

pf a mauuice Λ it deioed ♢

whe psuhpgpoamiuz defecu it amxazt ≥ . lu it cmpte up fps a ‘gppd’ batit aod ervam up fps ao psuhpgpoam batit. iyanqme . . whe psuhpgpoamiuz defecu pf uhe ‘gppd’ batit . aod uhau pf uhe ‘bad’ batit it . .

(tee iyanqme

. ) it ♢

whe naio pbkecuiwe pf mauuice sedvcuipo it eicieou usaotfpsnauipo pf ao asbiusasz batit ioup ao amnptu psuhpgpoam batit. Fps iooes qspdvcu tqacet, fps eyanqme ℝ , uhe jsan-vchnidu rsuhpgpoami{auipo (jvr) qspdvcet ao psuhpgpoam batit (tee emgpsiuhn . ). lf , … , it aoz giweo batit, uheo poe pbuaiot ao psuhpgpoam batit bz iuesauiwe qspkecuipot: meu ∗ = aod ∗ �

=

�

�−

− ∑ ��,� �=

∗ �

, xhese ��,� =

∗ � ⋅ � ∗ ∗ � ⋅ �

fps

≤� �+ uheo : vxaq � aod �+ : jpup vueq : eod if : eod fps : seuvso , …,

, …,

, jvr batit

∗ �

uenasl . . emgpsiuhn . cao be pquini{ed: iu it opu oecettasz up meawe uhe mppq aod up se-svo uhe ti{e-sedvcuipo emgpsiuhn . , if � aod �+ ase txaqqed (tueq ). lotuead, iu it tvicieou up vqdaue uhe jvr batit aod tewesam jvr cpeicieout aod up decseate uhe mppq iodey � bz .

iyanqme . . ze cpotides uhe fpmmpxiog kqF batit pf a -dineotipoam mauuice (tee iyanqme . ( )): = ( ),

= ( ).

= ( ),

ze aqqmz uhe ooo mauuice sedvcuipo emgpsiuhn . . Fistu, xe cpnqvue uhe jvr cpeicieout: ⋅ ∗ ⋅ ⋅ � = = , � = = , � = ∗ ∗ =− . ⋅ ⋅ ⋅ qpue uhau � it cpnqvued vtiog uhe vqdaued wecups ∗

=

−�

= (−

/

,

/

,−

/

) .

. oauuice-bated gszqupgsaqhz

whe ti{e-sedvcuipo amgpsiuhn teut � it vqdaued up � − ⌊� ⌉ = −

qpx, = up � − ⌊� ⌉�

=

.

− ⌊� ⌉

=

−

= (− , , − ) . wheo,

− ⌊� ⌉ = + = (− , , ) . whe jvr cpeicieou � chaoget = � +� = aod � it vqdaued up � − ⌊� ⌉ = � + = .

whe matu ti{e-sedvcuipo tueq it = − ⌊� ⌉ cpeicieou � chaoget up � − ⌊� ⌉ = � − = ti{e-sedvced batit: − = ( ), = ( ), − =

ze checl uhe opwac{ cpodiuipo fps

( −� )

= − = (− , , ) . whe jvr . ze hawe uhvt cpnqvued a oex

− = ( ).

aod � = . ze hawe

≈

>

≈

whe opwac{ cpodiuipo it opu tauitied, aod tp xe txaq =(

− −

),

eqqmz uhe jvr amgpsiuhn aod pbuaio batit. whe jvr cpeicieout ase: �

=−

, �

= ( ), =

,

=−

=

.

aod

− = ( ).

, �

aod =

.

=

,

=

aod

:

=

fps uhe oex

wheo ti{e sedvcuipo it aqqmied aod xe vqdaue bz − ⌊� ⌉ = + = ( , , ) aod � bz � + = − . whe puhes uxp cpeicieout � aod � ase opu chaoged aod ase spvoded up . keoce uhe oex batit − = ( ),

= ( ),

=(

−

it ti{e-sedvced. whe opwac{ cpodiuipo it tauitied fps � = : bvu it opu tauitied fps � = : ze hawe up txaq

aod

( −� )

( −� )

aod pbuaio =(

− −

),

≈

≈

=(


),

≈

≈

)

,

.

= ( ).

. . oauuice emgpsiuhnt

qpx uhe jvr amgpsiuhn giwet jvr cpeicieout ase �

=−

=

=

,

, �

=−

=

aod , �

=

, aod uhe vqdaued

.

egaio, uhe ti{e-sedvcuipo amgpsiuhn it aqqmied. dpet opu chaoge tioce ⌊� ⌉ = . ze vqdaue bz − ⌊� ⌉ = − = ( , , ) , � bz � − ⌊� ⌉� = aod � bz � − = ase tauitied:

. qpx uhe batit

,

( −� )

( −� )

,

it ti{e-sedvced aod bpuh opwac{ cpodiuipot

≈

≈


√ aod < < . wheo tpmwiog uhe ozi decitipo qspbmen it au meatu at hasd at rvaouvnmz tpmwiog vlys� po asbiusasz -dineotipoam mauuicet, xhese = ̃ ( / ). ♢

lo puhes xpsdt: if a qpmzopniam-uine amgpsiuhn achiewet a opo-oegmigibme adwaouage io uhe ozi decitipo qspbmen (io uhe awesage cate), uheo a qpmzopniam-uine amgpsiuhn po a rvaouvn cpnqvues cao tpmwe aoz iotuaoce (amtp uhe xpstu cate) pf uhe

. oauuice-bated gszqupgsaqhz vlys /� qspbmen. vioce uhe aqqspyinauipo pf uhe thpsuetu iodeqeodeou wecups qspbmen up xiuhio qpmzopniam facupst it attvned up be a hasd qspbmen eweo fps rvaouvn cpnqvuest, uhe ozi qspbmen it qspbabmz hasd. whe xpstu-cate up awesage-cate sedvcuipo pf whepsen . it qasuicvmasmz iouesetuiog, becavte nptu puhes cszqupgsaqhic cpotusvcuipot ase bated po awesage-cate hasdoett. qpx xe deioe a qvbmic-lez cszquptztuen uhau it bated po ozi aod hat uhe tane tuspog tecvsiuz gvasaouee. heioiuipo . . oeu , , ∈ ℕ, ≥ , ≥ aod ao essps ditusibvuipo po ℤ. oeu be uhe qmaioueyu meoguh. wheo uhe ozi qvbmic-lez cszquptztuen it deioed bz: • whe qmaioueyu tqace ℳ = { , } ≅ ℤ . • whe ciqhesueyu tqace � = ℤ × ℤ .

• Fps lez geoesauipo, poe chpptet ao × nausiy aod ao × nausiy voifpsnmz au saodpn aod ao × nausiy accpsdiog up . emm nausicet ase deioed pwes ℤ . whe qsiwaue lez it = aod uhe qvbmic lez it = ( , ), xhese = + . • wp eocszqu a qmaioueyu � ∈ { , } , poe chpptet a wecups saodpn. whe ciqhesueyu it giweo bz ( , ) = ℰ (�) = (

,

+ ⌊ ⌉�) ∈ ℤ × ℤ .

• hecszquipo pf a ciqhesueyu ( , ) it deioed bz � ( , ) = ⌊⌊ ⌉− ( −

lo puhes xpsdt, each cppsdioaue pf − ⌊ ⌉ npdvmp .

∈ { , } voifpsnmz au

)⌉ npd .

it uetued xheuhes iu it cmptes up ps up ♢

whe decszquipo naz hawe esspst. roe hat � (ℰ (�)) = � (

= ⌊⌊ ⌉− ((

= ⌊⌊ ⌉− ( = ⌊⌊ ⌉−

,

+ ⌊ ⌉�)

+ )

+ ⌊ ⌉� −

+ ⌊ ⌉�)⌉ npd

⌉ + � npd .

ze cao attvne uhau uhe cppsdioauet pf

)⌉ npd

ase iouegest beuxeeo − aod . wheo

ao decszquipo essps pccvst if uhe nagoiuvde pf a cppsdioaue pf it gseaues uhao ps ervam up . iach cppsdioaue it a tvn pf au nptu cpeicieout pf , aod it chpteo accpsdiog up . vvqqpte uhau it a ditcseue javttiao ℤ, pf xiduh . wheo uhe cppsdioauet pf uhe wecups hawe nagoiuvde mett uhao √ xiuh high qspbabimiuz. roe cao thpx uhau fps amm uhese ase chpicet fps , aod tvch uhau uhe essps qspbabimiuz it wesz tnamm aod uhe ozi qspbmen it hasd (tee [pu ] aod [sei ]).

. . oeasoiog xiuh isspst

whe tecvsiuz pf ozi eocszquipo semiet po uhe hasdoett pf uhe ozi qspbmen (tee [ueg ]): whepsen . . lf uhe ozi decitipo qspbmen xiuh qasaneuest , , aod it hasd, uheo uhe ozi eocszquipo tchene hat iodituiogvithabme eocszquipo vodes chpteo qmaioueyu auuacl (lqh-gse tecvse). ♢ e ditadwaouage pf uhe abpwe ozi cszquptztuen it a tvbtuaouiam eocszquipo bmpxvq facups, tioce qmaioueyu biut ase usaotfpsned ioup ( + ) ⎱iz⎢( ) ciqhesueyu biut. whe qvbmic lez ( , ) hat ( + ) ⎱iz⎢( ) biut, aod uhe ti{e pf uhe tecseu lez it ⎱iz⎢( ) biut. iyanqme . . ze immvtusaue uhe ozi eocszquipo tchene xiuh a upz eyanqme. e npse aod a seamituic eyanqme cao be fpvod io iyescite . oeu = , = , = , = ditcseue javttiao ditusibvuipo

ℤ,

pf xiduh = aod tuaodasd dewiauipo � =

ze chppte voifpsn saodpn nausicet

(tecseu) aod

⎟ ⎟ ⎟ = ⎟ ⎟ ⎟ ⎟ ⎠ whe tecseu nausiy it chpteo accpsdiog up ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎟ ⎠

=

(qvbmic):

= ℤ,

=

. whe nausiy

=

ze xaou up eocszqu � = ( , , , ) aod chppte a saodpn wecups

ze hawe ⌊ �⌉ = ( , ,

( , ) = ℰ (�) = (

,

,

=( , , , , , , , ) .

) aod cpnqvue uhe ciqhesueyu + ⌊ ⌉�) = (( ,

Fps decszquipo, xe vte uhe tecseu nausiy −

=( , , , ) −

( ,

⎟. ⎟ ⎠ +

it qvbmic.

⎟ ⎟ ⎟ ⎟. ⎟ ⎟ ⎟ ⎠

∈{ , } :

, , ) , ( , , , ) ) npd

aod pbuaio

, , ) =( ,

,

,

√ �

) npd

.

.

≈ .

. oauuice-bated gszqupgsaqhz giwe uhe biu aod cpeicieout cmpte up ⌊ ⌉ =

biu . keoce xe secpwes uhe qmaioueyu � = ( , , , ) .

gpeicieout cmpte up

npd

giwe uhe ♢

ozi eocszquipo cao be auuacled bz secpwesiog uhe lez . oeu be a cpmvno pf aod , uhe cpssetqpodiog cpmvnot pf aod , setqecuiwemz. wheo + =

aod uhe ozi qspbmen it up iod (ps ) giweo aod . whit it a cmptetu wecups qspbmen (gys) fps uhe mauuice Λ ( ) aod uhe uasgeu wecups . roe cao vte naooao’t enbeddiog uechoirve aod cpowesu gys ioup a thpsuetu wecups qspbmen (vys). oeu be ao × nausiy pwes ℤ tvch uhau uhe cpmvnot fpsn a batit pf Λ ( ). ze cpotusvcu a mauuice Λ′ pf dineotipo + uhau it geoesaued bz uhe cpmvnot pf uhe ( + ) × ( + ) nausiy xhese

>

=(

),

it ao enbeddiog facups. qpx uhe ervauipo −

uhau a mioeas cpnbioauipo pf uhe cpmvnot pf

+

giwet uhe wecups

′

=

npd

inqmiet

= ( ) ∈ Λ′ . lu it

milemz uhau ′ it uhe thpsuetu wecups io uhe mauuice Λ′ geoesaued bz , if uhe qasaneues it qspqesmz chpteo. whvt, xe ximm qspbabmz iod bz tpmwiog uhe vys qspbmen fps uhe mauuice Λ′ pf dineotipo + . kpxewes, if uhe thpsuetu wecups io Λ ( ) it tnammes uhao , uheo uhe neuhpd dpet opu xpsl.

iyanqme . . ze cpouiove iyanqme . abpwe aod usz up auuacl uhe ozi qspbmen. rvs ain it up istu iod cpmvno pf uhe qsiwaue nausiy giweo pomz aod . Fistu xe cpnqvue uhe kqF pf uhe -asz mauuice Λ pf dineotipo geoesaued bz . sage: AZ=A.lift (). augment (23* identity_matrix (8)) H=AZ. transpose (). hermite_form (). transpose ()

whe mauuice Λ it geoesaued bz uhe cpmvnot pf (xhese uhe cpeicieout ase mifued up ℤ) aod ℤ . whe istu eighu (opo{esp) cpmvnot pf uhe kqF fpsn a batit pf Λ. qpx xe cpotusvcu uhe -dineotipoam mauuice Λ′ :

sage: B=H[: ,0:8].augment (P[: ,0]).stack ( vector ([0 ,0 ,0 ,0 ,0 ,0 ,0 ,0 ,2]))

ze chppte uhe enbeddiog facups = , bvu uhe seades naz checl uhau = = amtp xpsl io uhit eyanqme. Fioammz, xe cpnqvue uhe ooo-sedvced batit. sage: B. transpose (). LLL (). transpose () [ 0 1 -2 0 2 -4 -2 4 -1] [ 0 0 -2 -2 -3 0 0 1 -3] [-1 0 0 -1 0 -3 -3 -1 1] [ 0 -2 -1 -1 1 0 -1 2 0] [ 0 1 -3 -2 0 0 0 1 3] [ 1 -3 -1 1 0 -2 2 -2 -2] [ 1 1 0 -4 2 0 2 0 -3]

aod

. . oeasoiog xiuh isspst

[-1 -1 [ 2 0

0 -1 1 -1 2 0 -2 0

3 0

1 2

0] 2]

vioce uhe dineotipo it tnamm, uhe istu cpmvno ( , , − , , , , , − , ) it uhe thpsuetu opo{esp wecups pf Λ′ . ze hawe tvccettfvmmz fpvod uhe wecups ( ), xhese uhe tecseu essps wecups (uhe istu cpmvno pf ; tee iyanqme

. ).

npd

it

♢

e ditadwaouage pf ozi it uhau uhe lez ti{e aod uhe ovnbes pf pqesauipot it au meatu rvadsauic io uhe naio tecvsiuz qasaneues . rquini{auipot pf uegew’t ozi eocszquipo tchene eyitu, fps eyanqme uhe npse cpnqacu oiodoes-seilesu tchene [os ]. whe lez ti{e aod uhe eicieocz pf uhe tztuen xat amtp uhe npuiwauipo behiod uhe dewempqneou pf ao amgebsaic wasiaou pf ozi cammed uiog-ozi (u-ozi). ze neouipo uozi pomz bsielz aod sefes up uhe miuesauvse fps a deuaimed ditcvttipo aod aqqmicauipot up eocszquipo aod lez eychaoge (tee [osu ] aod tvbterveou xpslt).

ozi it bated po uhe hasdoett up iod a wecups giweo uhe nausiy qspdvcu + pwes ℤ . qpx, uiog-ozi mewesaget uhe czcmpupnic siog = ℤ [ ]/(

aod a opitz

+ ),

xhese it a qpxes pf . whe nausiy aod uhe tecseu wecupst aod ase seqmaced bz emeneout io . vioce amm emeneout pf cao be voirvemz seqseteoued bz qpmzopniamt pf degsee mett uhao , xe hawe ≅ ℤ . eoz emeneou ∈ geoesauet a qsiociqam ideam ( )={ | ∈ } ⊂ . lf ≠ , uheo ( ) cpssetqpodt up ao -dineotipoam -asz ideam mauuice.

whe u-ozi qspbmen it up iod ∈ giweo ∈ aod = + ∈ . whe siog emeneou it ‘tnamm’ aod chpteo accpsdiog up ao essps ditusibvuipo. qpue uhau it ao emeneou pf uhe ideam mauuice aod pomz uhe opitz emeneou it giweo up ao adwestasz. eo eocszquipo tchene cao be deioed io a tinimas xaz up heioiuipo . abpwe. whe naio adwaouage it uhau uhe lez meoguh aod uhe ovnbes pf pqesauipot ase opx mioeas io . uiog-ozi amtp hat ao atznqupuic tecvsiuz gvasaouee: uhese it a sedvcuipo fspn a xpstu-cate mauuice qspbmen vys� up u-ozi, i.e., tpmwiog u-ozi it au meatu at hasd at rvaouvnmz tpmwiog uhe vys� qspbmen po asbiusasz ideam mauuicet. qpue uhau uhe sedvcuipo it bated po ideam mauuicet io iotuead pf geoesam -asz mauuicet. vvch ideam mauuicet hawe addiuipoam tusvcuvse aod iu nighu be qpttibme uhau eicieou auuaclt ximm be fpvod uhau eyqmpiu uhe amgebsaic tusvcuvse aod caoopu be aqqmied up geoesam mauuicet. kpxewes, tvch auuaclt ase opu zeu lopxo aod naz opu eyitu.

. oauuice-bated gszqupgsaqhz

14.6. Summary

• oauuicet ase ditcseue tvbgspvqt pf ℝ . whez hawe a ioiue batit pwes ℤ. • Fiodiog uhe thpsuetu wecups io a mauuice (vys), uhe thpsuetu iodeqeodeou wecupst (vlys) aod uhe cmptetu mauuice wecups up a giweo wecups (gys) ase tvqqpted up be hasd qspbment. • whe ooo-amgpsiuhn mewesaget uhe jsan-vchnidu rsuhpgpoami{auipo (jvr) amgpsiuhn up sedvce uhe ti{e pf a giweo batit. • e thpsu, amnptu psuhpgpoam batit pf a mauuice cao fpsn uhe qsiwaue lez pf a qvbmiclez eocszquipo tchene. • jjk aod qwux ase cmatticam cszquptztuent bated po mauuice qspbment, aod inqspwed westipot pf qwux ase attvned up be tecvse. • whe ozi (oeasoiog xiuh isspst) decitipo qspbmen it up dituiogvith beuxeeo a opitz mauuice wecups aod a voifpsn saodpn wecups. ozi hat a tecvsiuz gvasaouee uhau it bated po uhe xpstu-cate hasdoett pf ao aqqspyinaue vlys qspbmen. whe cpssetqpodiog ozi eocszquipo tchene it gse-tecvse if uhe ozi qspbmen it hasd.

Exercises

. gpotides iyanqme . gpotides iyanqme

. . Fiod a voinpdvmas nausiy ̃ tvch uhau . . Fiod uhe mauuice Λ⟂ ( )∗ .

. xte uhe mauuice deioed bz uhe cpmvnot pf ( uenasl: lo facu, ervamiuz hpmdt.

−

√

) up thpx uhau

̃.

= ≥

√

.

. gpotides uhe mauuice io iyanqme . . xte fabai’t spvodiog neuhpd up iod uhe cmptetu mauuice wecups up uhe uasgeu wecups � = ( , ). gao zpv amtp vte uhe batit ? . oeu be ao Λ⟂ ( )∗ .

×

nausiy pwes ℤ . vhpx uhau Λ⟂ ( ) =

Λ ( )∗ aod Λ ( ) =

. oeu Λ be a -dineotipoam mauuice pf cpwpmvne . jiwe ao vqqes bpvod fps � (Λ) aod uhe eyqecued meoguh pf uhe thpsuetu wecups if Λ it saodpnmz chpteo.

. oeu Λ be a mauuice xiuh uhe fpmmpxiog kqF batit: − =( ),

= ( ).

(a) gpnqvue uhe deuesnioaou pf Λ aod uhe psuhpgpoamiuz defecu pf uhe batit { , }.

iyescitet

(b) eqqmz uhe ooo-amgpsiuhn: Fistu, svo uhe jvr aod uhe ti{e sedvcuipo amgpsiuhn. (c) ghecl uhe opwac{ cpodiuipo. vxaq uhe batit wecupst aod agaio aqqmz uhe ti{e sedvcuipo amgpsiuhn. (d) ghecl uhe opwac{ cpodiuipo agaio aod pvuqvu uhe ooo-sedvced batit. gpnqvue uhe psuhpgpoamiuz defecu pf uhit batit. (e) jiwe uhe thpsuetu opo{esp wecups pf Λ.

. e mauuice Λ it geoesaued bz uhe cpmvnot pf uhe fpmmpxiog nausiy: ).

=(

(a) iocszqu = (− , − , ) xiuh uhe jjk eocszquipo tchene. ghppte uhe opite wecups = ( , − , − ). (b) wsz up decszqu uhe ciqhesueyu vtiog uhe nausiy . zhz dpet uhit auuenqu faim? (c) eqqmz uhe ooo-amgpsiuhn up vtiog vagepauh aod thpx uhau Λ hat uhe fpmmpxiog thpsu batit: − =( − −

−

− ).

(d) hecszqu vtiog uhe qsiwaue batit .

. xte uhe qwux cszquptztuen pf iyanqme . up eocszqu = − − + . ghppte uhe saodpn qpmzopniam = − + , uheo decszqu uhe ciqhesueyu aod secpwes .

. vhpx uhau uhe qwux cszquptztuen it opu gse-tecvse. kpx cpvmd zpv iy uhit qspbmen? kiou: whe cpotusvcuipo pf inqmiet ( ) = npd aod heoce ( ) = ( ) npd (cpnqase iyanqme . ). . xte uhe lez qais pf uhe ozi iyanqme . . (a) ghppte a saodpn wecups aod eocszqu � = ( , , , ) . (b) hecszqu uhe ciqhesueyu ( , ). (c) gao decszquipo esspst pccvs xiuh uhe chpteo nausiy ? jiweo ao eyanqme pf aod tvch uhau uhe decszquipo it opu cpssecu.

. gpotides iyanqme . . xte naooao’t enbeddiog uechoirve up secpwes uhe tecpod cpmvno pf uhe tecseu essps nausiy . vhpx uhau uhe enbeddiog facupst = , , xpsl. zhau haqqeot if zpv teu = ? . gpotusvcu ao eyanqme pf ozi eocszquipo xiuh uhe qasaneuest = = , = , = . , = aod a ditcseue javttiao ditusibvuipo �= ≈ . (tee [pu ] wabme ). √ �

ℤ,

, = xiuh

. oauuice-bated gszqupgsaqhz

(a) jeoesaue a lez qais: sage: Zq= IntegerModRing (2003) sage: A= random_matrix (Zq ,2008 ,136) sage: S= random_matrix (Zq ,136 ,136)

pale tvse up xsiue uhe import tuaueneou ioup poe mioe. sage: from sage.stats.distributions. discrete_gaussian_integer import DiscreteGaussianDistributionIntegerSampler sage: D = DiscreteGaussianDistributionIntegerSampler (sigma =5.19)

sage: numbers =[D() for _in range (2008*136)] sage: E = Matrix (Zq , 2008 , numbers ) sage: P=A*S+E

(b) ze chppte a saodpn qmaioueyu � pf meoguh = meoguh = .

aod a saodpn wecups

(c) gpnqvue uhe ciqhesueyu ( , ). qpue uhau ⌊ ⌉ =

.

sage: sage: sage: sage:

pf

v=[ ZZ. random_element (0 ,2) for _in range (136)] v= vector (v) a=[ ZZ. random_element (0 ,2) for _in range (2008)] a= vector (a)

sage: u=A. transpose ()*a sage: c=P. transpose ()*a +1002* v

(d) ze oeed a naq uhau ualet ao ioueges npdvmp at ioqvu, nvmuiqmiet iu bz ⌊ ⌉− , spvodt up uhe oeasetu ioueges aod pvuqvut uhe setvmu npdvmp . sage: def transform (x): y=RR(x.lift ())*1/1002 return ZZ( round (y))

(e) hecszqu uhe ciqhesueyu: sage: w= vector (map(transform , c-S. transpose ()*u))

(f) gpnqase uhe setvmu xiuh uhe psigioam qmaioueyu, fps eyanqme bz qsiouiog pvu � − �. (g) ssiou pvu � aod − aod iouesqseu uhe setvmu. (h) iyqmaio xhz ps xhz opu aoz decszquipo esspst pccvssed. (i) jiwe uhe ti{et pf uhe qvbmic lez, uhe qsiwaue lez, uhe qmaioueyu aod uhe ciqhesueyu.

Chapter 15

Code-based Cryptography

issps cpssecuipo cpdet qmaz ao inqpsuaou spme xheo daua it teou pwes opitz chaooemt, fps eyanqme pwes xisemett miolt, ps tupsed po qpueouiammz vosemiabme nedia. ghaooem cpdiog deamt xiuh saodpn esspst aod opu xiuh naoiqvmauipot bz adwestasiet, bvu iouegsiuz qspuecuipo it a cpnnpo pbkecuiwe pf chaooem cpdiog aod cszqupgsaqhz. kpxewes, cpdet amtp ain up eotvse essps cpssecuipo, xhich gpet bezpod essps deuecuipo. e chaooem eocpdes ualet ao iofpsnauipo xpsd at ioqvu aod geoesauet a cpdexpsd uhau it usaotniuued pwes a chaooem. whe sauip beuxeeo uhe meoguht pf uhe psigioam daua xpsd aod uhe cpdexpsd deuesnioet uhe iofpsnauipo saue pf uhe cpde. hecpdiog it a qpueouiammz cpnqmey uatl, xhese seceiwed xpsdt ase usaotfpsned ioup cpdexpsdt aod uhe psigioam iofpsnauipo it (hpqefvmmz) secpwesed. gpdet xiuh gppd essps-cpssecuipo caqabimiuiet, a high iofpsnauipo saue aod eicieou decpdiog amgpsiuhnt ase awaimabme aod xidemz vted io qsacuice. Fps cszqupgsaqhic aqqmicauipot, poe cao vte wesz mpog cpdet xiuh a tecseu tusvcuvse. lo uhit cate, decpdiog thpvmd be hasd fps ao adwestasz xiuhpvu accett up uhe hiddeo tusvcuvse. lo vecuipo . , xe giwe a thpsu iouspdvcuipo up mioeas cpdet. fpvodt po uhe qasaneuest pf cpdet ase giweo io vecuipo . . lo vecuipo . , xe eyqmaio cmatticam jpqqa cpdet. whe pcimiece cszquptztuen it bated po jpqqa cpdet aod seqseteout poe pf uhe qspnitiog caodidauet fps qptu-rvaouvn cszqupgsaqhz. ze eyqmpse uhe pcimiece tchene aod uhe semaued qiedesseiues cszquptztuen io vecuipo . . whese ase a ovnbes pf tinimasiuiet beuxeeo mauuice-bated aod cpde-bated cszqupgsaqhz. oauuicet aod cpdet ase mioeas tvbtqacet pf high-dineotipoam tqacet, aod fps a giweo uasgeu wecups, iodiog uhe cmptetu wecups io uhe tvbtqace cao be a hasd qspbmen.

. gpde-bated gszqupgsaqhz

fpuh vte a tecseu tusvcuvse xhich ammpxt fps ao eicieou tpmvuipo up uhe qspbmen. kpxewes, mauuicet aod cpdet vte a difeseou neusic. wxp secpnneoded ueyubpplt po cpdiog uhepsz ase [upu ] aod [fma ]. e thpsu iouspdvcuipo up essps cpssecuiog cpdet aod uhe pcimiece cszquptztuen it giweo io [wW ]. ppse deuaimt po cpde-bated cszqupgsaqhz cao be fpvod io [rv ].

15.1. Linear Codes whe batic idea pf chaooem cpdiog it up teod (ps tupse) eocpded daua iotuead pf uhe psigioam iofpsnauipo. whe daua it seqmaced bz a terveoce pf cpdexpsdt aod teou pwes a opitz cpnnvoicauipo chaooem ps tupsed po vosemiabme nedia (tee Figvse . ). ze ximm pomz cpotides essps-cpssecuiog cpdet aod fpcvt po bmpcl cpdet, xhese each iofpsnauipo xpsd it teqasauemz eocpded ioup a cpdexpsd. ze opue uhau puhes essps-cpssecuiog cpdet eyitu, fps eyanqme cpowpmvuipoam aod wvsbp cpdet. whese ase amtp puhes uzqet pf cpdiog, io qasuicvmas tpvsce cpdiog. ghaooem iocpdes

ghaooem

Figvse

ghaooem hecpdes

′

. . ghaooem cpdiog.

iyanqme . . whe nptu emeneouasz eyanqme it seqeuiuipo cpdet, xhese ao iofpsnauipo tznbpm (fps eyanqme poe biu) it seqeaued uinet, taz = : ⋯⟶

….

issps deuecuipo it tusaighufpsxasd: if uhe nettage seceiwed dpet opu hawe uhit qauueso, ao essps hat pccvssed. whe essps deuecuipo dpet opu amxazt xpsl tioce a cpdexpsd cpvmd accideouammz chaoge ioup aopuhes cpdexpsd. emuhpvgh uhe qspbabimiuz pf uhit haqqeoiog it tnamm, iu it opu inqpttibme (vomett it wesz masge, xhich nalet uhe cpde inqsacuicam). qpue uhe difeseoce up hath wamvet ps nettage avuheouicauipo cpdet xhich (amnptu) amxazt deuecu chaoget. whe seqeuiuipo cpde amtp ammpxt fps essps cpssecuipo xiuhio cesuaio miniut: bz chpptiog uhe tznbpm xiuh uhe highetu fserveocz (nayinvn milemihppd) io a seceiwed bmpcl, − vq up ⌊ ⌋ esspst cao be cpssecued. Fps eyanqme, poe essps cao be cpssecued xiuh = , uxp esspst xiuh = , euc.

e nakps ditadwaouage pf a seqeuiuipo cpde it uhe nettage eyueotipo bz a facups pf . ♢

fempx, xe attvne uhau nettaget aod cpdexpsdt ase wecupst pwes a ioiue iemd pf chasacuesituic , i.e., pwes a bioasz iemd ( ), xhese = ps = . gpdiog uhepsz cao be tuvdied pwes asbiusasz ioiue iemdt, bvu io qsacuice iemdt pf chasacuesituic ase uhe nptu inqpsuaou cate.

. . oioeas gpdet heioiuipo . . e bmpcl cpde pf meoguh pwes ( ) it a tvbteu pf ( ) . whe emeneout pf ase cammed cpdexpsdt. whe cpde ti{e it = | | aod uhe dineotipo pf it = ⎪⎭g (| |). e mioeas cpde pwes ( ) it a mioeas tvbtqace ⊂ ( ) . whe cpde ti{e pf a mioeas cpde it | | = aod it cammed a mioeas [ , ] cpde. whe iofpsnauipo saue pf it giweo bz = .

iyanqme . . whe cpdexpsdt pf a seqeuiuipo cpde pf meoguh pwes ( ) fpsn uhe poe-dineotipoam tvbtqace ⊂ ( ) geoesaued bz uhe wecups ( , , … , ). it a mioeas ♢ [ , ] cpde pwes ( ) aod uhe iofpsnauipo saue it .

whe essps-cpssecuipo caqabimiuz pf a cpde it deuesnioed bz uhe nioinvn dituaoce beuxeeo uhe cpdexpsdt. heioiuipo

. . oeu

⊂

( ) be a bmpcl cpde pwes

( ) whe kanniog xeighu � ( ) pf pf .

∈

( ).

( ) it uhe ovnbes pf opo{esp cppsdioauet

( ) whe kanniog dituaoce ( , ) = � ( − ) beuxeeo uxp wecupst , it uhe ovnbes pf cppsdioauet xhese aod difes.

∈

( )

( ) whe nioinvn dituaoce = ( ) pf a cpde it uhe nioinvn pf amm dituaocet ( , ′ ) fps , ′ ∈ aod ≠ ′ . e mioeas [ , ] cpde xiuh nioinvn dituaoce it amtp cammed ao [ , , ] cpde.

sspqptiuipo . . oeu be mioeas cpde. whe nioinvn dituaoce nioinvn xeighu ⎫i⎬ ∈ � ( ).

= ( ) it ervam up uhe

ssppf. vvqqpte , ′ ∈ aod ( , ′ ) = ; uheo − ′ ∈ aod � ( − ′ ) = . gpowestemz, if ∈ aod � ( ) = �, uheo ( , ) = �. qpue uhau uhe {esp wecups it a cpdexpsd tioce it a mioeas cpde. □ iyanqme . . gpotides uhe seqeuiuipo cpde = { , whe nioinvn dituaoce it ( ) = aod it a [ , , ] cpde.

} pf meoguh pwes

whe fpmmpxiog qspqesuiet pf uhe kanniog dituaoce ase eatz up thpx:

sspqptiuipo . . whe kanniog dituaoce it a neusic po ( ) poe hat: ( ) ( ) ( )

( , ) ≥ xiuh ervamiuz if aod pomz if ( , ) = ( , ) (tznneusz).

= .

( , ) ≤ ( , ) + ( , ) (usiaogme ioervamiuz).

( ) , i.e., fps amm , ,

( ). ♢ ∈

♢

e decpdes naqt a seceiwed xpsd ∈ ( ) up a cpdexpsd ∈ . payinvnmilemihppd decpdiog neaot up decpde a xpsd up uhe cpdexpsd ∈ uhau nayini{et uhe cpodiuipoam qspbabimiuz [ | ].

. gpde-bated gszqupgsaqhz

qeasetu-cpdexpsd decpdiog pf a seceiwed xpsd qiclt uhe cmptetu cpdexpsd xiuh setqecu up uhe kanniog dituaoce. Fps a bioasz tznneusic chaooem xiuh essps qspbabimiuz mett uhao poe hamf, nayinvn-milemihppd decpdiog it erviwameou up oeasetu-cpdexpsd decpdiog. ze sefes up ueyubpplt po cpdiog uhepsz fps a npse deuaimed ditcvttipo aod opx vte oeasetu-cpdexpsd decpdiog. whe fpmmpxiog whepsen qspwidet bpvodt fps essps deuecuipo aod cpssecuipo: whepsen

. . e cpde cao deuecu vq up ( ) − esspst aod cpssecu vq up ⌊

( )−

⌋ esspst.

ssppf. fz deioiuipo pf uhe nioinvn dituaoce, addiog mett uhao ( ) esspst caoopu giwe aopuhes cpdexpsd aod heoce vq up ( ) − esspst cao be deuecued. qpx meu ( )− ⌋ esspst; uheo a cpdexpsd ∈ eyitut xiuh be a seceiwed xpsd hawiog au nptu ⌊ ⌊

( , ) ≤ ⌊ ( )−

( )−

⌋. vvqqpte uhese it aopuhes cpdexpsd

⌋. wheo uhe usiaogme ioervamiuz inqmiet

a cpousadicuipo.

( , ′) ≤ ( , ) + ( , ′) ≤ ⌊

( )−

′

∈

tvch uhau ( , ′ ) ≤

⌋≤ ( )− ,

□

vioce mioeas cpdet ase mioeas tvbtqacet, uhez cao be seqseteoued bz uhe tqao pf a teu pf mioeasmz iodeqeodeou wecupst. zsiuiog uhete wecupst ioup uhe spxt pf a nausiy giwet uhe geoesaups nausiy pf a cpde. lf it a mioeas [ , ] cpde, uheo it a × nausiy pwes ( ). whe teu pf cpdexpsdt cao be cpnqvued bz , xhese svot pwes amm wecupst ∈ ( ) .

whe geoesaups nausiy pf a cpde it opu voirvemz deuesnioed: addiog uhe nvmuiqme pf poe spx up aopuhes spx ps txaqqiog uxp spxt dpet opu chaoge uhe tvbtqace. vxaqqiog uxp cpmvnot giwet ao erviwameou cpde, xhese pomz uhe cppsdioauet ase qesnvued. fz aqqmziog emeneouasz spx pqesauipot (javtt-mpsdao eminioauipo) aod cpmvno qesnvuauipot (if oecettasz), poe cao iod a geoesaups nausiy io tztuenauic fpsn: =( | )=(

…

| | | |

).

it uhe × ideouiuz nausiy aod it a × ( − ) nausiy. whe cpssetqpodiog cpde it cammed tztuenauic aod (bz javtt-mpsdao eminioauipo) amm cpdet ase erviwameou up a tztuenauic cpde. vztuenauic cpdet hawe uhe adwaouage uhau cpdexpsdt cpouaio uhe psigioam daua at uheis istu tznbpmt. ruhesxite, uhe iofpsnauipo xpsd nvtu be secpwesed fspn a cpdexpsd bz tpmwiog a mioeas tztuen pf ervauipot. kpx cao xe wesifz uhau a seceiwed wecups it a cpdexpsd xiuhpvu cpnqasiog uhe wecups up a mitu pf amm cpdexpsdt? xtiog javttiao eminioauipo, poe cao checl xheuhes ∈ , i.e., xheuhes it a mioeas cpnbioauipo pf uhe spxt pf . e npse disecu xaz it vtiog a qasiuz-checl nausiy.

. . oioeas gpdet

heioiuipo . . oeu checl nausiy pf if Fps a seceiwed xpsd

be a cpde xiuh geoesaups nausiy . wheo =

∈

⟺

∈ .

−

| | | |

( ) , uhe wecups

it cammed a qasiuz-

it cammed uhe tzodspne pf .

sspqptiuipo . . oeu = ( | ) be uhe geoesaups nausiy pf a tztuenauic [ , ] cpde. wheo uhe ( − ) × nausiy = (−

|

−

)=(

it uhe attpciaued qasiuz checl nausiy. ssppf. oeu

(�, �) ∈

be a spx wecups pf meoguh ; uheo (�, �)

=( (

( ) ×

� )) = (− �

( )

…

)

−

� + � ) = −� + �.

whit it uhe {esp wecups if aod pomz if � = � , xhich it erviwameou up (�, �) = � aod up (�, �) beiog a cpdexpsd. □ iyanqme . . whe [ , ] kanniog cpde pwes geoesaups nausiy:

( ) cao be deioed bz uhe fpmmpxiog

= whe iofpsnauipo saue it

aod uhe qasiuz-checl nausiy it =(

⎟. ⎟ ⎠ ).

ze xaou up thpx uhau uhe nioinvn dituaoce it = . Fistumz, uhe nioinvn dituaoce caoopu be gseaues uhao , tioce cpdexpsdt pf xeighu eyitu (tee sspqptiuipo . ), fps eyanqme = ( , , , , , , ). qpx attvne uhau (�, �) = fps cpdexpsdt � aod �. wheo � (� − �) = aod (� − �) it a {esp cpmvno pf , a cpousadicuipo. lf (�, �) = uheo (� − �) , a tvn pf uxp cpmvnot pf , it {esp, aod heoce uxp cpmvnot pf ase mioeasmz deqeodeou. kpxewes, uhit it opu uhe cate.

whe [ , , ] kanniog cpde cao cpssecu poe essps. Fps eyanqme, tvqqpte uhau uhe wecups = ( , , , , , , ) it seceiwed. whe tzodspne it = ( , , ) aod heoce it

. gpde-bated gszqupgsaqhz opu a cpdexpsd. kpxewes, = ( , , , , , , ) it a cpdexpsd becavte = ( , , ). Fvsuhesnpse, uhe kanniog dituaoce pf aod it pomz . whesefpse, uhe oeasetucpdexpsd decpdiog pf giwet = ( , , , ). ♢

lo uhe abpwe eyanqme, poe cpvmd gvett uhe oeasetu cpdexpsd. e beuues neuhpd it tzodspne decpdiog.

heioiuipo . . oeu ⊂ ( ) be a mioeas cpde aod ∈ ( ) aoz wecups. whe teu + = { + | ∈ } it cammed a cpteu pf . e wecups hawiog nioinvn kanniog xeighu io a cpteu it cammed a cpteu meades. ♢ qpue uhau amm wecupst io a cpteu + fps amm cpdexpsdt ∈ aod heoce

( + )

hawe uhe tane tzodspne =

.

, tioce

=

Fvsuhesnpse, amm wecupst io a giweo cpteu cao be decpded xiuh uhe cpteu meades at uheis essps wecups. lo facu, uhe cpteu meades seqseteout uhe meatu chaoge uhau usaotfpsnt a wecups ioup a cpdexpsd. sspqptiuipo . . oeu be a mioeas cpde aod tvqqpte poe xaout up decpde a seceiwed xpsd . oeu be uhe cpteu meades pf uhe cpteu + , i.e., uhe cpteu meades xiuh uhe tzodspne . wheo uhe oeasetu cpdexpsd up it − ∈ . ssppf. vioce aod hawe uhe tane tzodspne, uhe tzodspne pf − it {esp aod − it a cpdexpsd. Fvsuhesnpse, uhe cpteu meades hat nioinvn xeighu anpog uhe wecupst xiuh − ∈ . □

iyanqme . . ze cpouiove iyanqme . . whe tzodspne it = ( , , ) aod xe oeed up iod uhe cpteu meades xhich hat uhau tzodspne. lo geoesam, poe xpvmd vte a uabme uhau cpouaiot uhe cpteu meades fps each tzodspne. lo pvs eyanqme, xe tvtqecu uhau pomz hat a tiogme biu essps. keoce uhe cpteu meades it a voiu wecups aod iut tzodspne it a cpmvno pf uhe qasiuz-checl nausiy . whe tzodspne ( , , ) aqqeast io uhe uhisd cpmvno. whe cpteu meades it = ( , , , , , , , ) aod xe decpde up uhe cpdexpsd − = ( , , , , , , ).

uenasl . . lu it lopxo uhau uhe oeasetu-cpdexpsd qspbmen fps saodpn cpdet it hasd (qs-cpnqmeue). whit tvggetut uhau masge cpdet cao be vted fps cszqupgsaqhic qvsqptet.

15.2. Bounds on Codes

e gppd cpde ⊂ ( ) thpvmd hawe a masge ovnbes pf cpdexpsdt aod a masge nioinvn dituaoce, bvu giweo , bpuh qasaneuest caoopu be masge au uhe tane uine. whe fpmmpxiog whepsen qspwidet ao vqqes bpvod fps uhe ovnbes pf cpdexpsdt io uesnt pf uhe nioinvn dituaoce.

. . fpvodt po gpdet

whepsen aod ti{e

. . (viogmeupo fpvod) oeu ; uheo

lo qasuicvmas, if

≤

be a bmpcl cpde pf meoguh , nioinvn dituaoce − +

it a mioeas [ , , ] cpde, uheo ≤

−

+ ⟺

.

≤

− + .

ssppf. gpotides uhe naq ∶ → ( ) − + , xhich senpwet uhe istu − cppsdioauet, i.e., ( , … , ) = ( , … , ). whe naq it iokecuiwe, tioce uxp cpdexpsdt difes io au meatu cppsdioauet. whit thpxt uhe istu attesuipo. Fps a mioeas cpde, xe hawe = , aod uhesefpse ≤ − + . □ heioiuipo . . e mioeas [ , , ] cpde uhau tauitiet cpde (nayinvn dituaoce teqasabme).

=

− + it cammed ao phv ♢

Fps eyanqme, uhe qasiuz cpde it phv (tee iyescite ), bvu uhe [ , , ] kanniog cpde (tee iyanqme . ) it opu phv. ueed-vpmpnpo cpdet ase a xemm-lopxo cmatt pf phv cpdet, fps xhich xe sefes up ueyubpplt po cpdiog uhepsz. roe cao vte uhe geoesaups nausiy ps uhe qasiuz-checl nausiy up checl xheuhes a cpde it phv. ze sefes up [upu ] fps uhe fpmmpxiog facu: sspqptiuipo . . oeu be a mioeas [ , ] cpde xiuh geoesaups nausiy aod qasiuzchecl nausiy . wheo it phv if aod pomz if poe pf uhe fpmmpxiog cpodiuipot it tauitied: ( ) iwesz teu pf

− cpmvnot pf

( ) iwesz teu pf cpmvnot pf

it mioeasmz iodeqeodeou.

it mioeasmz iodeqeodeou.

( ) lf = ( | ) it io tztuenauic fpsn, uheo opotiogvmas.

aod ewesz trvase tvbnausiy pf

it

iyanqme . . ( ) ze agaio cpotides uhe [ , ] kanniog cpde (tee iyanqme . ). ze tee uhau uhe istu uhsee cpmvnot pf ase mioeasmz deqeodeou. whe matu fpvs cpmvnot pf ase amtp mioeasmz deqeodeou. roe cao thpx uhau op opo-usiwiam mioeas cpde pwes ( ) cao be phv. ( ) ze cpotusvcu a tztuenauic [ , ] cpde pwes ( | ), xhese =

( ) xiuh geoesaups nausiy ⎟. ⎟ ⎠

=

deioet uhe piygpmvnot pqesauipo pf uhe eiv bmpcl ciqhes (tee vecuipo . ). emm rvadsauic tvbnausicet pf ase opotiogvmas pwes ( ) (tee iyescite pf ghaques ), tp uhe cpde it phv.

. gpde-bated gszqupgsaqhz ze opx thpx uhau × nausicet attpciaued up [ , , + ] phv cpdet hawe gppd difvtipo qspqesuiet. whe bsaoch ovnbes, deioed bz ⎫i⎬(� (� ) + � ( � )), �≠

xhese � it a spx wecups pf meoguh , neatvset uhe xpstu-cate difvtipo pf . whe xeighu pf voiu wecupst it aod tp uhe nayinvn bsaoch ovnbes it + . oeu = ( | ) be uhe geoesaups nausiy pf a [ , , + ] phv cpde aod � ≠ . lu fpmmpxt uhau + ≤ � (� ) = � (�‖� ) = � (�) + � (� ) = � (� ) + � (

� ),

aod tp uhe bsaoch ovnbes pf it nayinam. fz sspqptiuipo . ( ), uhe cpde xiuh geoesaups nausiy ( | ) it amtp phv aod heoce uhe bsaoch ovnbes pf it nayinam, upp. lo uhit cate, it cammed pquinam. whe piygpmvnot nausiy pf uhe eiv ciqhes it pquinam aod uhe bsaoch ovnbes it . ♢ whese it amtp a mpxes bpvod fps uhe ti{e pf au meatu poe (opu oecettasimz mioeas) cpde xiuh a giweo meoguh aod nioinvn dituaoce. Fistu, xe cpvou uhe ovnbes pf wecupst io a bamm pf sadivt : sspqptiuipo . . oeu ∈ ℕ aod � ∈ tvch uhau (�, �) ≤ it

( ) . wheo uhe ovnbes pf wecupst � ∈

( , ) = ∑ ( )( − )� . � �=

( )

ssppf. oeu � ∈ ( ) aod � ≤ . wheo uhe ovnbes pf wecupst � tvch uhau (�, �) = � it ( )( − )� , becavte uhese ase ( ) qpttibme iodey teut xhese eyacumz � cppsdioauet pf � � � difes fspn �, aod − qpttibme wamvet fps each pf uhete cppsdioauet. eddiog uhete ovnbest fps ≤ � ≤ giwet ( , ), uhe ovnbes pf wecupst � ∈ ( ) xiuh (�, �) ≤ . whit it uhe tane at uhe ovnbes pf wecupst io a bamm pf sadivt aspvod uhe ceoues �. □

heioiuipo . . oeu , ∈ ℕ aod ≤ . wheo xe deioe ( , ) up be uhe masgetu ioueges tvch uhau a cpde pwes ( ) pf ti{e , meoguh aod nioinvn dituaoce ≥ eyitut. ♢ whe fpmmpxiog whepsen giwet a mpxes bpvod fps

whepsen

. . (vqhese-cpwesiog bpvod) ( , )≥

( ,

− )

.

( , ):

ssppf. oeu be a cpde pf meoguh , nioinvn dituaoce pf au meatu aod | | = ( , ). ze cao attvne uhau, fps each wecups � ∈ ( ) , uhese it au meatu poe cpdexpsd tvch uhau (�, ) < . ruhesxite, xe cpvmd add � at a cpdexpsd up uhe cpde xhime qseteswiog uhe meoguh aod uhe nioinvn dituaoce . keoce uhe voipo pf bammt pf sadivt −

. . fpvodt po gpdet hawiog uheis ceoues au tpne cpdexpsd cpwest uhe xhpme pf ( ) . whe ovnbes pf wecupst io uhau voipo it au nptu ( , )⋅ ( , − ), xhich inqmiet uhe tqhese-cpwesiog bpvod. □ qpue uhau uhe abpwe asgvneou dpet opu thpx ervamiuz, tioce wecupst cao be cpouaioed io tewesam bammt. whe fpmmpxiog uhepsen giwet a bpvod fps uhe eyitueoce pf a mioeas cpde pf dineotipo aod nioinvn dituaoce . whepsen tvch uhau

≥ ,

. . (jimbesu-yasthanpw bpvod) oeu ( − ,

− )
( − , − ) eotvset uhau xe cao iod wecupst io ( ) − tvch uhau aoz − pf uhen ase mioeasmz iodeqeodeou (tee [upu ] fps npse deuaimt). ze xsiue uhete wecupst ioup uhe cpmvnot pf a ( − ) × qasiuz-checl nausiy . whe dineotipo pf uhe attpciaued cpde it au meatu − ( − ) = . Fvsuhesnpse, uhe dituaoce beuxeeo uxp difeseou cpdexpsdt caoopu be mett uhao , tioce puhesxite a cpdexpsd ∈ eyitut xiuh � ( ) ≤ − , aod tp − cpmvnot pf ase mioeasmz deqeodeou, a cpousadicuipo. □ ( , ) it giweo bz uhe kanniog bpvod:

eo vqqes bpvod fps sspqptiuipo hawe

. . (kanniog bpvod ps tqhese-qacliog bpvod) Fps ( , )≤

( , )

.

=

+ , xe

ssppf. vvqqpte a cpde pf meoguh , nioinam dituaoce = + aod ti{e ( , ) it giweo. oeu (�) be uhe teu pf wecupst � xiuh (�, �) ≤ , i.e., a bamm pf sadivt aspvod �. whe casdioamiuz pf ( ) it ( , ). whe voipo pf uhe bammt ( ) pwes amm cpdexpsdt it ditkpiou aod hat ( , ) ⋅ ( , ) emeneout. whesefpse, xe pbuaio ( , )⋅

whit ziemdt uhe attesuipo.

( , )≤

.

□

e cpde it cammed qesfecu if iu auuaiot uhe kanniog bpvod. iyanqme

. . oeu

= ,

=

( , )

=

aod

= . wheo uhe tqhese-cpwesiog bpvod it

( )+( )+( )

=

≈ . ,

. gpde-bated gszqupgsaqhz

Figvse

. . etznqupuic bpvodt po uhe iofpsnauipo saue

=

agaiotu uhe semauiwe

nioinvn dituaoce = fps cpdet pwes ( ). viogmeupo aod kanniog ase vqqes bpvodt aod jimbesu-yasthanpw it a mpxes bpvod.

aod heoce uhese it a cpde xiuh au meatu cpdexpsdt aod uhe abpwe qasaneuest. qeyu, xe cpotides uhe jimbesu-yasthanpw bpvod: ( , )=( )+( )=


ervauipot. ghpptiog mioeasmz iodeqeodeou ervauipot, i.e., ao iowesuibme × tvbnausiy pf , tvicet up iod .

kpxewes, iu it vomilemz uhau it essps-fsee po a saodpn iodey teu : uhe qspbabimiuz uhau a saodpnmz temecued iodey teu it opu afecued bz aoz esspst it −

⋅

− − −

⋯

− − + − +