Applied Algebra: Codes, Ciphers and Discrete Algorithms, Second Edition (Solutions, Instructor Solution Manual) [2 ed.] 9781439824979, 9781420071429, 1420071424

Citation preview

SOLUTIONS MANUAL FOR Applied Algebra

by Daryl W. Hardy Colorado State University

SOLUTIONS MANUAL FOR Applied Algebra

by Daryl W. Hardy Colorado State University

Boca Raton London New York

CRC Press is an imprint of the Taylor & Francis Group, an informa business

Chapman & Hall/CRC Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2009 by Taylor and Francis Group, LLC Chapman & Hall/CRC is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Printed in the United States of America on acid-free paper 10 9 8 7 6 5 4 3 2 1 International Standard Book Number: 978-1-4398-2497-9 (Paperback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com

Contents To the Instructor 1 Integers and Computer Algebra 1.1 Integers . . . . . . . . . . . . . . 1.2 Computer Algebra vs. Numerical 1.3 Sums and Products . . . . . . . . 1.4 Mathematical Induction . . . . .

. . . . . Analysis . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

1 1 6 8 10

2 Codes 2.1 ASCII Code . . . . . . 2.2 Morse Code . . . . . . 2.3 Braille . . . . . . . . . 2.4 Two-out-of-Five Code 2.5 Hollerith Codes . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

21 26 28 31 37 39

3 Euclidean Algorithm 3.1 Greatest Common Divisors and the Euclidean 3.2 Extended Euclidean Algorithm . . . . . . . . 3.3 The Fundamental Theorem of Arithmetic . . 3.4 Modular Arithmetic . . . . . . . . . . . . . .

Algorithm . . . . . . . . . . . . . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

41 45 48 52 54

4 Ciphers 4.1 Cryptography . . . . . . . . . 4.2 Cryptanalysis . . . . . . . . . 4.3 Substitution and Permutation 4.4 Block Ciphers . . . . . . . . 4.5 The Playfair Cipher . . . . . 4.6 Unbreakable Ciphers . . . . . 4.7 Enigma Machine . . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

59 59 62 66 68 76 80 82

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . . . . . . . Ciphers . . . . . . . . . . . . . . . . . . . .

. . . . .

. . . . . . .

. . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

5 Error-Control Codes 85 5.1 Bar Codes Based on Two-out-of-Five Code . . . . . . . . . . . . 87 5.2 Other Commercial Codes . . . . . . . . . . . . . . . . . . . . . . 90 5.3 Hamming (7, 4) Code . . . . . . . . . . . . . . . . . . . . . . . . 94

ii

CONTENTS

6 Chinese Remainder Theorem 6.1 Systems of Linear Equations Modulo n . . 6.2 Chinese Remainder Theorem . . . . . . . 6.3 Extended Precision Arithmetic . . . . . . 6.4 Greatest Common Divisor of Polynomials 6.5 Hilbert Matrix . . . . . . . . . . . . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

99 99 106 112 115 123

7 Theorems of Fermat and Euler 7.1 Wilson’s Theorem . . . . . . . . . . 7.2 Powers Modulo n . . . . . . . . . . . 7.3 Fermat’s Little Theorem . . . . . . . 7.4 Rabin’s Probabilistic Primality Test 7.5 Exponential Ciphers . . . . . . . . . 7.6 Euler’s Theorem . . . . . . . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

131 131 133 136 141 145 146

8 Public Key Ciphers 8.1 The Rivest-Shamir-Adleman Cipher System 8.2 Electronic Signatures . . . . . . . . . . . . . 8.3 A System for Exchanging Messages . . . . . 8.4 Knapsack Ciphers . . . . . . . . . . . . . . 8.5 Digital Signature Standard . . . . . . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

. . . . .

151 151 155 162 168 174

9 Finite Fields 9.1 The Galois Field GFp . . . . . . . 9.2 The Ring GFp [x] of Polynomials . 9.3 The Galois Field GF4 . . . . . . . 9.4 The Galois Fields GF8 and GF16 . 9.5 The Galois Field GFpn . . . . . . . 9.6 The Multiplicative Group of GFpn 9.7 Random Number Generators . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

. . . . . . .

179 179 186 189 193 197 203 206

. . . . . . .

. . . . . .

. . . . . . .

. . . . . .

. . . . . . .

. . . . . .

. . . . . . .

. . . . . . .

10 Error-Correcting Codes 211 10.1 A BCH Decoder . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 10.2 Reed-Solomon Codes . . . . . . . . . . . . . . . . . . . . . . . . . 221 11 Advanced Encryption Standard 225 11.1 Data Encryption Standard . . . . . . . . . . . . . . . . . . . . . . 225 11.2 The Galois Field GF256 . . . . . . . . . . . . . . . . . . . . . . . 229 11.3 The Rijndael Block Cipher . . . . . . . . . . . . . . . . . . . . . 235 12 Polynomial Algorithms and FFTs 12.1 Lagrange Interpolation Formula . . . . . . 12.2 Kronecker’s Algorithm . . . . . . . . . . . 12.3 Neville’s Iterated Interpolation Algorithm 12.4 Secure Multiparty Protocols . . . . . . . . 12.5 Discrete Fourier Transforms . . . . . . . . 12.6 Fast Fourier Interpolation . . . . . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

241 241 246 251 255 257 263

To the Instructor Applied Algebra: Codes, Ciphers and Discrete Algorithms deals with the mathematics of data communication and storage. Two central topics are data security (how to make data visible only to friendly eyes) and data integrity (how to minimize data corruption). The text includes many examples and problems. Solutions to odd-numbered problems in the text (and to all problems in this solutions’manual for instructors) are, in many cases, complete solutions rather than mere answers. In the CD version of Applied Algebra: Codes, Ciphers and Discrete Algorithms, the explanatory material and problem sets are the same as those in the printed text, but on the CD, these are supplemented with additional examples and reinforced with self tests. The CD also includes hints for using Scienti…c R R R Notebook , Maple , or MuPAD to do complicated calculations and to make the mathematical ideas more accessible. Examples on the CD come in two varieties. Many have animated mathematics that encourage student exploration. Some have step-by-step discussions of how to solve a particular problem. Others are interactive and allow students to de…ne their own functions and set their own parameters. Thus your students have access to an unlimited number of examples. Self tests allow students to measure their level of understanding. The quizzes are randomly generated from problem prototypes. Thus your students have a virtually unlimited number of distinct quizzes to test their understanding. R

R

R

Computing hints for Scienti…c Notebook , MuPAD and Maple for each section that are pertinent to the material covered in that section are provided on the CD. Several structures help students navigate through the book on CD. The table of contents has links to chapters and sections. Every page includes a breadcrumb trail (Contents >> Chapter >> Section), a menu of subsections, links to exR R amples, problems, computing hints for Scienti…c Notebook , MuPAD , and R Maple , and self tests, and arrows for navigating forwards or backwards by chapter, section, or page. Each index entry links to a page in the text. iii

iv

PREFACE

Further guidance on using the mathematical and document-editing features R of Scienti…c Notebook is available online from the Help menu.

Darel W. Hardy Fort Collins, Colorado Fred Richman Boca Raton, Florida Carol L. Walker Las Cruces, New Mexico

Chapter 1

Integers and Computer Algebra 1.1

Integers

1. Show that if n > 0 is composite, then n has a divisor d with 1 < d2 Answer: Let n = ab with a > 1 and b > 1. If a2 of the right kind. Otherwise a2 > n and b2 =

n.

n, then a is a divisor

n2 n2 =n < a2 n

so b is a divisor of the right kind. 2. Show that 101 is prime by showing that 101 has no prime divisors d such that 1 < d2 101. Answer: The squares of 2, 3, 5, and 7 are less than 101. Note that 101 1 = 50 , 2 2

101 2 = 33 , 3 3

101 1 = 20 , 5 5

101 3 = 14 7 7

and 112 = 121 > 101 3. Let a = 15 and b = 24. Find integers x and y such that ax + by divides both a and b. Answer: Note that 15 ( 3) + 24 (2) = 3, where 3j15 and 3j24. 4. Find the prime power factorization of 10!. Answer: 10! = 28 34 52 7 1

2

CHAPTER 1. INTEGERS AND COMPUTER ALGEBRA 5. Find the prime power factorization of 29 + 512 . Answer: A sum of two cubes factors as a3 + b3 = (a + b) a2 so we have 29 + 512 = 23

3

+ 54

= 23 + 5 4

ab + b2 ,

3 2

23

23

54 + 54

2

= (633) (385 689) = (3 2

=3

211) (3 211

128 563)

128 563

6. Prove the theorem on properties of divisors. Answer: We call on the associative, distributive, and cancellation laws for integers. (a) Assume ajb and bja, say b = ax and a = by for some integers x and y. Then a = by = (ax) y = a (xy), and hence xy = 1. The only integers x and y with the property xy = 1 are x = y = 1 and x = y = 1. (b) Assume ajb and bjc, say b = ax and c = by for some integers x and y. Then c = by = (ax) y = a (xy) where xy is an integer, which means that ajc. (c) Assume cja and cjb, say a = cs and b = ct for some integers s and t. Then ax + by = (cs) x + (ct) y = c (sx + ty) where sx + ty is an integer, and hence cj (ax + by). 7. For each of the following claims about arbitrary integers a, b, c, and d, either show that it is true or show that it is false. (a) If ajb and bjc, then abjc. (b) If ajb and ajc, then aj (b + c). (c) If ajb and ajc, then bjc. (d) If ajb, then a2 jb2 .

(e) If ajb and cjd, then (a + c) j (b + d). (f) If ajb and cjd, then acjbd.

(g) If ajb and ajc, then ajbc. Answer: Let a, b, c, and d be arbitrary integers. (a) This is false. Indeed 4j12 and 6j12, but 4 6 = 24 does not divide 12. Even simpler, but maybe too simple: 2j2 and 2j2 but 2 2 = 4 does not divide 2.

1.1. INTEGERS

3

(b) If ajb, then b = sa for some integer s. If ajc, then c = ta for some integer t. So b + c = sa + ta = (s + t)a, which means that aj(b + c). See also part iii of the theorem on properties of divisors. (c) This is false. Take a = 2, b = 4, and c = 6. (d) If ajb, then b = at for some t, so b2 = a2 t2 , which means that a2 jb2 . (e) This is false. Take a = 2, b = 4, c = 3, and d = 9. Note that 2j4 and 3j9, but 5 - 13. (f) Let b = as and d = ct. Then bd = asct = ac st, which means that acjbd. (g) Let b = as. Then bc = asc, which means that ajbc. 8. Is it true that if a number ends in 2, like 10132, then it must be divisible by 2? Why or why not? Prove that the product of two consecutive integers is divisible by 2. Answer: A number that ends in 2 can be written as 10x + 2 = 2 (5x + 1), which is a multiple of 2. 9. Is it true that if a number ends in 3, then it must be divisible by 3? Why or why not? Answer: No. The number 13 is not divisible by 3. 10. For which digits d is it true that if a number ends in d, then it must be divisible by d? Answer: If d = 1, 2, or 5, then a number that ends in d must be divisible by d. For the other digits, a counterexample is simple: 13 is not divisible by 3; 14 is not divisible by 4; 16 is not divisible by 6; 17 is not divisible by 7; 18 is not divisible by 8; 19 is not divisible by 9; and nothing is divisible by 0. 11. Prove that there are in…nitely many primes by showing that if p1 ; p2 ; : : : ; pk are primes, then the integer p1 p2 pk +1 must have a prime factor distinct from each prime p1 ; p2 ; : : : ; pk . Answer: Let p be a prime divisor of p1 p2 pk + 1. If p = pi for some i, then p1 p2 pk + 1 = pi n for some integer n. So 1 = pi n = pi (n

p1 p2 p1 p2

pk pi

1 pi+1

pk )

making pi a factor of 1. That can’t be, so p must be di¤erent from each prime pi . This shows how, given any …nite set of primes, you can …nd another prime not in that set. So there are in…nitely many primes.

4

CHAPTER 1. INTEGERS AND COMPUTER ALGEBRA 12. Prove that if n is odd, then n2

1 is divisible by 8. 2

Answer: Let n = 2k + 1. Then n2 1 = (2k + 1) 1 = 4k 2 + 4k = 2 2 k (k + 1) and k (k + 1) is a product of two consecutive integers and hence is a multiple of 2 (see the previous exercise). 13. Show that every even number between 4 and 100 is the sum of two primes. Answer: Here is every even number between 4 and 100: 4 = 2 + 2 24 = 19 + 5 44 = 37 + 7 64 = 61 + 3 84 = 79 + 5 6 = 3 + 3 26 = 19 + 7 46 = 43 + 3 66 = 61 + 5 86 = 79 + 7 8 = 5 + 3 28 = 23 + 5 48 = 43 + 5 68 = 61 + 7 88 = 83 + 5 10 = 7 + 3 30 = 23 + 7 50 = 43 + 7 70 = 67 + 3 90 = 83 + 7 12 = 7 + 5 32 = 29 + 3 52 = 47 + 5 72 = 67 + 5 92 = 89 + 3 14 = 11 + 3 34 = 29 + 5 54 = 47 + 7 74 = 67 + 7 94 = 89 + 5 16 = 13 + 3 36 = 29 + 7 56 = 53 + 3 76 = 73 + 3 96 = 89 + 7 18 = 13 + 5 38 = 31 + 7 58 = 53 + 5 78 = 73 + 5 98 = 79 + 19 20 = 13 + 7 40 = 37 + 3 60 = 53 + 7 80 = 73 + 7 22 = 19 + 3 42 = 37 + 5 62 = 59 + 3 82 = 79 + 3 14. List all the prime numbers between 60 and 120. Answer: The primes between 60 and 120 are 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113. 15. Identify each of the following as prime or composite, and factor the composites into primes. a. 2! + 1 e. 6! + 1

b. 3! + 1 f. 7! + 1

c. 4! + 1 g. 8! + 1

d. 5! + 1 h. 9! + 1

Answer: Note that each factorization of n! + 1 involves a prime or primes larger than n. (a) 2! + 1 = 3 is prime (b) 3! + 1 = 7 prime (c) 4! + 1 = 52 composite (d) 5! + 1 = 112 composite (e) 6! + 1 = 7

103 composite

(f) 7! + 1 = 712 composite (g) 8! + 1 = 61

661 composite

(h) 9! + 1 = 19

71

269 composite

16. Why are 2 and 3 the only consecutive numbers that are both prime? Answer: Consecutive numbers look like n and n + 1: One of these must be even, the other odd. Since 2 is the only even prime, then n and n + 1 must include 2. So n = 2 and n + 1 = 3:

1.1. INTEGERS

5

17. Why are 3, 5, and 7 the only three consecutive odd numbers that are prime? Answer: If three numbers are consecutive odd numbers, they must look like n, n+2, n+4, where n is odd. But if n is odd, then n = 2m+1, where m is an integer. Thus, the three numbers are 2m + 1, 2m + 3, 2m + 5. If m = 1, we get the triplet 3, 5, 7. Suppose m > 1. If 2m + 1 is not divisible by 3, then dividing 2m + 1 by 3 gives a remainder of 1 or 2. If the remainder is 1, then 2m + 1 = 3k + 1 for some integer k, and 2m + 3 = 3k + 3 which is divisible by 3. If the remainder is 2, then 2m + 1 = 3k + 2, and 2m + 5 = 3k + 6 which is divisible by 3. Thus one of the three numbers is divisible by 3, and all are greater than 3, one of them is composite. 18. Is n2 + n + 17 a prime for all n > 1? Answer: No. The number n2 + n + 17 is prime for all integers up to 16, but fails to produce a prime when n = 16 because 162 + 16 + 17

=

16 (16 + 1) + 17

=

(16 17) + 17

=

17 (16 + 1)

=

172

19. Can n2 + 1 be a prime if n is odd? What if n is even? Answer: If n = 1, then n2 + 1 = 2, a prime. But if n is an odd number greater than 1, then its square is also odd, and adding 1 gives an even number greater than 2, which is thus composite. So the answer to the …rst question is, if n is odd, n2 + 1 is a prime if and only if n = 1. If n is even, then n2 + 1 can be prime, for example 22 + 1 = 5 is a prime. But n2 + 1 is not a prime for n = 8 because 82 + 1 = 65 = 5 13. 20. If 2n + 1 is prime, then must n be prime? Answer: No. For example, 24 + 1 = 17 is a prime, but 4 is a composite. 21. If 2n

1 is prime, then must n be prime?

Answer: Yes. If n is composite, then n = ab, where a > 1 and b > 1, so 2n

1 = 2ab a

= (2 which shows that 2n also prime.

1 1) 2ab

a

+ 2ab

2a

+ 2ab

1 is composite. Thus if 2n

3a

+

+1

1 is prime, then n is

22. If there are least four composites between two consecutive primes, then there are at least …ve composites between these two primes. Why?

6

CHAPTER 1. INTEGERS AND COMPUTER ALGEBRA Answer: Any pair of consecutive primes, except for 2 and 3, are separated by an odd number of composites, for if two numbers are separated by an even number of numbers, then one of the two numbers is even and the other is odd, and all primes except 2 are odd.

1.2

Computer Algebra vs. Numerical Analysis

1. The two numbers 3:14 and 22=7 both claim to be the best approximation to . Which is the better approximation, and why? Answer: Note that j3:14 j = 1: 592 7 10 3 and 22 = 1: 264 5 7 3 10 , so 22=7 is the closer approximation to . p 2. List the numbers 10, , and 3:16 in increasing order. Justify your answer. Answer: Evaluating numerically, p

10

=

3: 141 6

=

3: 162 3

It follows that. < 3:16
m=2

m

Note that

m m Factor: x2 + x + 10 mod 11 = (x 3) (x + 4). 13. For which primes p does

1 have a square root modulo p?

Answer: If 1 has a square root modulo p, then x2 + 1 should factor modulo p. Factoring with a computer algebra system produces results 2 like x2 + 1 mod 2 = (x + 1) , x2 + 1 mod 3 = x2 + 1, and x2 + 1 mod 5 = (x 2) (x + 2).The prime p = 2 is a special case since 1 = 1 and x2 + 1 has 1 as a double root. Try some primes on your own and you will see that, for the odd primes, it appears that x2 +1 factors exactly when p mod 4 = 1. To give you a start, the solution on the disc factors the …rst 30 primes. 14. Does the matrix 1 3

2 3

have an inverse in the integers modulo 5? If so, …nd it. If not, why not? Answer: Direct evaluation yields 1 3

2 3

1

mod 5 =

4 1

4 3

58

CHAPTER 3. EUCLIDEAN ALGORITHM This is too much like cheating, so look for a matrix that satis…es 1 3

2 3

a c

b d

1 0

=

0 1

modulo 5. Since 1 3

2 3

a c

b d

a + 2c b + 2d 3a + 3c 3b + 3d

=

this leads to the system a + 2c =

1

b + 2d =

0

3a + 3c = 0 3b + 3d = 1 The last two equationcan be rewritten as a+c =

0

b+d =

3

and the substitutions a = 1

1

mod 5 = 2

2c and b = 1

2d lead to

2c + c =

0

2d + d =

2

or c = d =

1 2=3

and hence a

=

b

=

1

2=

1=4

2 ( 2) = 4

Checking, 1 3

2 3

4 1

4 3

mod 5 =

1 0

0 1

Chapter 4

Ciphers 4.1

Cryptography

1. Use the Caesar cipher to encrypt the plaintext Hello. Answer: KHOOR 2. Use the Caesar cipher to decrypt the ciphertext ZOVMQ LDOXM EVFPQ EBPZF BKZBL CPBZO BQTOF QFKD Answer: Cryptography is the science of secret writing. 3. Use the shift cipher y = x + 6 to encrypt the plaintext Encryption products with less than sixty four bits are freely exportable. Answer: The encryption is KTIXEVZOUT VXUJAIZY COZN RKYY ZNGT YODZE LUAX HOZY GXK LXKKRE KDVUXZGHRK 4. Use the a¢ ne cipher y = 5x + 7 mod 26 to encrypt the plaintext The width of a complete …lled rectangle must be a divisor of the length of the message. Answer: The encryption is YMJBN IYMTK FHTRU QJYJK NQQJI WJHYF SLQJR ZXYGJ FINAN XTWTK YMJQJ SLYMT KYMJR JXXFL J 59

60

CHAPTER 4. CIPHERS 5. Use the Caesar cipher to decrypt the ciphertext JRRGE BH Answer: Goodbye. 6. Use the Caesar cipher to unscramble the ciphertext LDPJR LQJWR VSDLQ WRILJ KWDQD UPBZL WKRXW DJHQH UDODQ GWKHQ FHWRW KHHDV WWRIL JKWDJ HQHUD OZLWK RXWDQ DUPB This statement is ascribed to Julius Caesar himself. Answer: I am going to Spain to …ght an army without a general thence to the east to …ght a general without an army. 7. Unscramble the following ciphertext, which was encrypted using the a¢ ne cipher y = x + 5 mod 26. HFJXF KNWXY JSHWD RJXXF

WNXHT SXNIJ WJIYT GJTSJ TKYMJ UJWXT SXYTM FAJJA JWJRU QTDJI UYNTS KTWYM JXFPJ TKXJH ZWNSL LJX

Answer: Caesar is considered to be one of the …rst persons to have ever employed encryption for the sake of securing messages. 8. Use the Vigenère cipher with keyword SING to encrypt the plaintext There are two kinds of music: country and western. Answer: LPRXWIEKLEBQAVQYGNZAKQPIGCAZJGNTVERYLMET 9. Use the Vigenère cipher with keyword GOLF to decrypt the ciphertext JFTAKTZWYVZBVIEYLCCIUIRM Answer: Drive for show; putt for dough. 10. Decrypt the ciphertext HEJGI JTTPU WHBDH UHPBH AMREH SBIUF IZOFT IZUJS IHVHU B which was encrypted using a a¢ ne cipher y = mx + b mod 26, knowing that the plaintext begins with el. Answer: We solve the system 4m + b =

7

11m + b =

4

4.1. CRYPTOGRAPHY

61

to get b=

61 ;m = 7

3 7

and reduce modulo 26 to get 61 mod 26 7 3 mod 26 7 The inverse a¢ ne cipher x = (y duces the plaintext

b) m

=

5

=

7

1

mod 26 = (y

5) 15 mod 26 pro-

Eliptic curves were used by Lenstra to factor integers. 11. Encrypt the message You should be aware that encrypted communications are illegal in some parts of the world. using a polyalphabetic cipher that alternates the use of the three a¢ ne ciphers f (x) = 11x + 2 mod 26 g (x) = 15x + 5 mod 26 h (x) = 19x + 7 mod 26 Answer: GHXSG NOOMN NHKFS UEKCE FPJSG WEUYT ADBOS DYFEM HUSFS UVITN RCODP PNENG CAESH YDGFH HSTY 12. Decrypt the ciphertext DGFEH LDJNE DNPOF DEFHV LU encrypted using a polyalphabetic cipher that alternated the use of the three a¢ ne ciphers f (x) = 11x + 2 mod 26 g (x) = 15x + 5 mod 26 h (x) = 19x + 7 mod 26 Answer: The most common letter is e. 13. Plaintext is encrypted using the a¢ ne cipher y = 3x + 5 mod 26; then the ciphertext in encrypted again using the a¢ ne cipher y = 15x + 4 mod 26. Give a simple equivalent to the compound cipher. Answer: y = 15 (3x + 5) + 4 mod 26 = 45x + 79 mod 26 = 19x + 1 mod 26

62

CHAPTER 4. CIPHERS

14. The a¢ ne cipher y = mx + b mod 26 has an inverse cipher for only 12 di¤erent choices of m. What is the e¤ect of increasing the alphabet size from 26 to 27? How about 29? 30? Answer: A 27-character alphabet would allow 18 invertible choices of m in the cipher y = mx + b mod 27 (just throw out the multiples of 3). For 29, m could be chosen from any of 28 possibilities. For 30, m could only be chosen as one of the eight numbers 1; 7; 11; 13; 17; 19; 23; 29.

4.2

Cryptanalysis

1. The ciphertext ZNKUR JKYZQ TUCTK TIXEV ZOUTJ KBOIK OYZNK YIEZG RK was encrypted using a shift y = x + a mod 26 Determine a and decipher the message. Answer: The ciphertext was generated using the shift y = x + 6 mod 26, so the inverse is given by the shift x = y 6 mod 26. The plaintext is The oldest known encryption device is the scytale. 2. The ciphertext DROBO KBODG YWKSX DIZOC YPMSZ ROBCK CELCD SDEDS YXMSZ ROBKX NKDBK XCZYC SDSYX MSZRO B was encrypted using a shift y = x + a mod 26 Determine a and decipher the message. Answer: The ciphertext was generated using y = x + 10 mod 26, so the inverse is x = y 10 mod 26. The plaintext is There are two main types of ciphers: a substitution cipher and a transposition cipher. 3. The ciphertext RJUMK QRADU KSNMO MRUPS ZRGSH SWNPX OUKUM SZGSS PGJOK JJAPU LAKRD QRJUM AIUPO IUNMO SNM

4.2. CRYPTANALYSIS

63

was encrypted using an a¢ ne cipher y = kx mod 26 Determine k and decipher the message. Answer: The ciphertext was generated using y = 5x mod 26. Since 5 1 mod 26 = 21 the inverse a¢ ne cipher is given by x = 21y mod 26. The plaintext is The scytale consisted of two round pieces of wood which had exactly the same dimensions. 4. The ciphertext AOEBX CPEWG UGUAZ BXAHC DEOEJ ANMZC DDCPU JDXCA ZBXAH CDEWA ZYAMW CNOEB XCPCV HMDXC WAGCO EBXCP DCFDZ CDDCP was encrypted using an a¢ ne cipher y = kx mod 26 Determine k and decipher the message. Answer: The ciphertext was generated using y = 7x mod 26, so the inverse is given by x = 15y mod 26 and the plaintext is A cipher is monoalphabetic if any letter of the alphabet is always enciphered by the same ciphertext letter. 5. The ciphertext GWUUE OWAWC WJORE WEVCR

SWUMW HNEJA UNOJE SFDWV

JWWRA DGWRF VERLM WRSFD

CLWLP EJCQR JOFOR CHFDW

IMORL LFDWA SFDWG AIVOR

ORSEN IVORL WUUES LWJ

was encrypted using an a¢ ne cipher y = kx + s mod 26 Determine k and s, then decipher the message. Answer: The ciphertext was generated using y = 11x + 4 mod 26, so the inverse is given by x = (y 4)11 1 mod 26. Since 11 1 mod 26 = 19 the inverse is the a¢ ne character cipher x = (y 4) 19 mod 26 = 19y + 2 mod 26. The plaintext is Messages were encoded by winding a piece of parchment around the cylinder in a spiral and writing the message along the length of the cylinder.

64

CHAPTER 4. CIPHERS 6. The two shift ciphers f (x) = x + a mod 26 g (x) = x + b mod 26 were combined in a polyalphabetic cipher to construct the ciphertext VMGFT QWKLK PIKFP TYYTV

YKXVH SCQPF XTJEW TUJPI

CWNLQ XFLTE WNVJF OJUXC

WOFPB TFJVF GAYJJ LGXKS

CXQSG NPGWU OFTNP VMGSC

THYJJ FUJNJ JETTU ACOQQ

VBGSV EYIWQ UNPBQ CSIZC

DPNPJ ZRTHN WNIYF LG

Decrypt the message. Answer: The shift ciphers y

= x + 2 mod 26

y

= x + 5 mod 26

were used to encrypt the odd and even letters. Use the inverse shift ciphers y

= x + 24 mod 26

y

= x + 21 mod 26

to obtain the plaintext The artist Carl Gorman was one of the twenty nine original Navajo code talkers, a select group of indians recruited by the Marine Corps in World War Two to send messages in the Navajo language. 7. The two shift ciphers f (x) = x + a mod 26 g (x) = x + b mod 26 were combined in a polyalphabetic cipher to construct the ciphertext ASPCA VYVQA PYJWB KEOPV OZDEO BOLOZ MPUDL PKVYH HUVGL JPYPT ATVYD HYKFA

JMTCP SLYHG OLDHO CPRPY PJZKP ALPJS OVYHW LUOUL ELCHY ZUJMC SPNOT LO

JZKPA HUVNV PDWWH HWJZK DZYVL LDIJA KLAHV CLQZW ZLUOA VXASL UNSFK

LSVLC OLEHW JVQWS PHWVY OKPKT SLEOP ZKFZD CLDPO SLTYQ TYSVX PZAHC

ZLAEL RPYPE VEVRY NHPEO JLATV UOLAB LYHEV LYAAL HXPWP LDVYA ADVQH

YKPKE SPMPE LWSZP LUPEA YJPYP EFDLN CQZOY ELCZZ PZEYL SLYHG CPKVY

OPKPK ASLPE XFPAT SLULA TZUTL YPALY TNJLP UKHSA CPSPK HUVCL HYLHT

TJLAT SPMPE PUEHY TVYVQ DPYJW JVQKP YVQHC SLYHG EVEOP DLCCL PETJZ

4.2. CRYPTANALYSIS

65

Decrypt the message. Answer: The shift ciphers y = x + 7 mod 26 and y = x + 11 mod 26 were used to encrypt the odd and even letters. Use the inverse shift ciphers y = x + 19 mod 26 and y = x + 15 mod 26 to obtain the plaintext Thirty-…ve code talkers attended the dedication of the Navajo code talker exhibit. The exhibit includes a display of photographs, equipment and the original code, along with an explanation of how the code worked. Dedication ceremonies included speeches by the then Deputy Secretary of Defense Donald Atwood, U.S. Senator John McCain of Arizona and Navajo President Peterson Zah. The Navajo veterans and their families traveled to the ceremony from their homes on the Navajo Reservation, which includes parts of Arizona, New Mexico, and Utah. 8. The three shift ciphers f (x) = x + a mod 26 g (x) = x + b mod 26 h (x) = x + c mod 26 were combined in a polyalphabetic cipher to construct the ciphertext DHNMO MOTJV KNBSF RILRE EONCE AUVYW EMKOR NNKBX ETCRR NOHEX DAODO SFCIM NXWNB ELROB ONOYB TQOIA ZRXPI NXCHS NWKVJ TOJXD NXGUS SQ Decrypt the message. Answer: Three shift ciphers y

= x + 10 mod 26

y

= x + 15 mod 26

y

= x + 20 mod 26

were used to create the ciphertext, so use the inverse ciphers y

= x

10 mod 26

y

= x

15 mod 26

y

= x

20 mod 26

to get the plaintext The code talkers, which eventually numbered about three hundred …fty men, were chosen for their pro…ciency in Navajo and English.

66

CHAPTER 4. CIPHERS

4.3

Substitution and Permutation Ciphers

1. Use the substitution cipher = (N EW ) (M XICO) (ST A) (U V RY ) (BDF GHJKLP QZ) to encrypt the plaintext, I live in Las Cruces. Answer:

CPCRW CEPST OYVOW T

2. The ciphertext VDPJV HJLIO LRLAD CL was encrypted using a substitution cipher with = (COLRAD) (ST E) (U N IV Y ) (BF GHJKM P QW XZ) What is the plaintext? Answer: I am high on Colorado. 3. Use a permutation cipher with = (1563) (24) to encrypt the plaintext I have a secret. Answer:

EVIHAA ERSETC

4. Decrypt the ciphertext ESCROUSEHWI WRESOBEIYUT that was encrypted using a permutation cipher = (1 5 2 4 8 9) (3 6 7 11 10) Answer: How secure is your web site? 5. Use the substitution cipher = (A R P I H N C W G F B K O Q M U J)(D X Y T V S Z E L) to encrypt the plaintext There is, of course, no di¢ culty in recognizing that a cipher is transposition and not substitution. Answer:

VNLPL HZQBW QJPZL CQXHB BHWJD VTHCP LWQFC HEHCF VNRVR WHINL PHZVP RCZIQ ZHVHQ CRCXC QVZJK ZVHVJ VHQC

4.3. SUBSTITUTION AND PERMUTATION CIPHERS 6. Verify that a product of disjoint cycles commutes; that is, if disjoint cycles, then x = x .

67 and

are

Answer: If and are disjoint cycles, then x is moved by at most one of and , say x = x and x 6= x. Then x appears in the same cycle as x, so (x ) = x . Thus x

= (x ) = x = (x ) = x

If x = x and x = x, then x

= (x ) = x = x = x = (x ) = x

7. If = (0 4 7)(1 6 5 3)(2 9 8) and = (0)(1 3 5 9 7)(2 8 6 4), express and as products of disjoint cycles. Answer: If then

= (0 4 7)(1 6 5 3)(2 9 8) and

= (0)(1 3 5 9 7)(2 8 6 4),

= (0 2 7) (1 4) (3) (5) (6 9) (8) = (0 4 9) (1) (2) (3) (5 8) (6 7) 1 8. Compute , in Problem 7.

Answer: If then

1

,(

)

1

and (

)

1

for the permutations

= (0 4 7)(1 6 5 3)(2 9 8) and

(

)

and

given

= (0)(1 3 5 9 7)(2 8 6 4),

1

=

(0 7 4) (1 3 5 6) (2 8 9)

1

=

(0) (1 7 9 5 3) (2 4 6 8)

1

=

(0 7 2) (1 4) (3) (5) (6 9) (8)

=

(0 9 4) (1) (2) (3) (5 8) (6 7)

9. Prove Theorem 4.11: Every permutation can be written as a product of disjoint cycles. Answer: Let be a permutation on f1; 2; : : : ; ng. If x = x for all x, then = (1) (2) (n) is a product of disjoint cycles. We say that an integer x is moved by if x 6= x. We induct on the number k of integers moved by a permutation . If k = 0, then x = x for all x and hence = (1) (2) (n) is a product of disjoint cycles, so the theorem holds. For k > 0, assume that all permutations that move fewer than k integers can be written as products of disjoint cycles. Let a be an integer moved by and consider the …nite sequence a1 = a, a2 = a1 , a3 = a2 , and so forth. Since ai 2 f1; 2; : : : ; ng, there exist integers i < j such that ai = aj . Let m be the least integer such that ai = am with 1 i < m. If i > 1, then ai = ai 1 = am = am 1 , contrary to the minimality of m.

68

CHAPTER 4. CIPHERS 1

Consider the permutation (a1 a2 am ) = . Note that ai = ai for i = 1 : : : m and x = xt for all other x 2 f1; 2; : : : ; ng. Thus moves fewer than k integers and hence is a product of disjoint cycles. Thus = (a1 a2 am ) is also a product of disjoint cycles. 10. Prove that the inverse of a product of two permutations is given by ( ) 1 = 1 1 . (See Theorem 4.15.) Answer: Suppose that x = y and y = z. Then x

= (x ) = y = z

which means that

(

)

(z)

1

=x 1

On the other hand, y = z means that y = (z) 1 x = (y) . Thus

That is, (

4.4

1

1

x = (z) )

= (z)

1

1

=

1

and x = y means that 1

1

Block Ciphers 2 5

1. Use the block cipher Y = X

1 3

mod 26 to encrypt the plaintext

I spy. Answer: IS ! PY !

15

8

24

2 5

18 2 5

1 3

1 3

mod 26 =

mod 26 =

2. Assume that the block cipher Y = X

20 7 13

9 11 16

produce the ciphertext VX XC ZD HG WC RJ AR Decrypt the message. Answer: Double oh seven. 3. Use the block cipher Y =X

2 5

1 3

mod 26

2

10

! CK

! UJ mod 26 was used to

4.4. BLOCK CIPHERS

69

to encrypt the plaintext A substitution alphabet derived by a linear transformation on the normal sequence introduces at most two unknown quantities. Answer: The ciphertext is MC DV IG OU

TX IE KT RS

BX ZW WC HN

HN FZ IY AN TI OH WN BC PD RT XN SV DH IR MP CV QB RF IY PB VO VR JN YM IN KA RS AH CL YO KS UD OQ DY KM BH HX IC CJ KU

4. Use the block cipher 0

B B Y =XB B @

0 5 3 6 8

7 8 7 1 6

3 1 3 7 9

6 9 4 9 3

8 5 5 6 1

to encrypt the plaintext

1

C C C mod 26 C A

Praise for their skill, speed, and accuracy accrued throughout the war. At Iwo Jima, Major Howard Connor declared, “Were it not for the Navajos, the Marines would never have taken Iwo Jima.” Connor had six Navajo code talkers working around the clock during the …rst two days of the battle. Those six sent and received over eight hundred messages, all without error. Answer: The ciphertext is RTUFL XFWBB VWLYZ ZGUGF JPKWJ NGNKQ

JLLXO VZTUT VUMED JAVCL JDHOC AUDYI

ECSFC LEDTJ PVEPT CNQLF MYNNN MLJUW

XSYRZ NDCZI NWCEX HRQMV BKFUF UQOYC

YMENW MBUVT MEKEZ TGZVP SMWGH JZZSI

RZWZD ASBON JMBZK SSWVY GJTSY QGEPG

DGVZV ELKFE FCXLW NUEMC LGMMU

SLVFM VKJXS WNDNA AERZY LRKKS

QIOHT DTNKB HTLMN EXUNX EYLLB

MBVDM BUEFQ AXSWP BRMYF HNGWN

5. What is the inverse cipher for the cipher given in Problem 4? Answer: The 0 0 7 3 B 5 8 1 B XB B 3 7 3 @ 6 1 7 8 6 9

inverse cipher is 1 1 0 6 8 B 9 5 C C B C 4 5 C mod 26 = X B B @ 9 6 A 3 1

20 3 18 9 23

1 11 12 16 19 15 11 11 14 C C 5 13 17 2 C C mod 26 0 24 19 6 A 11 13 12 15

70

CHAPTER 4. CIPHERS 6. Assume a 2

2 block cipher of the form Y = XM

was used to produce the ciphertext BIMZU WEQRV QKWHT GHNKZ SEYTU GMMDP IZUD

PTTOG MSNAW TEMGT FHOCF OJHCE APUUN

VKIIC XCEIT YEUDK CMVCZ PESIZ HOIYD

DBGGJ TCJDO WWVIX XANOU FIZGX LIKTT

QCVFQ BTZQR MQZDS VRDOY QWVPE WSJGP

WXMKL GDOEK ZZYGH DKAAE CQOAE OHOTA

TMANE NEMFD PPYDY WULQB ANEUM QBHCZ

UNXQR OKWVW TEDDO HGPSZ IVCLI FHCKG

Decipher it. Answer: The letter pairs DO and TT each appear most often in the cipher text. The most common letter pair in English is TH, followed by HE. The guess TH

!

HE

!

TT DO

leads to the equation 7 4 19 7

a c

b d

mod 26 =

3 19

14 19

which has solution a c

b d

=

7 4 19 7

=

3 2

1

3 14 19 19

mod 26

4 3

The plaintext Number theory is a broad subject with many strong connections with other branches of mathematics. Although much may be learned by exploring the extent to which advanced theorems may be proved using only elementary techniques, many such arguments fail to convey the spirit of current research. can be decrypted by applying the matrix 3 2

4 3

1

mod 26 =

3 24

22 3

4.4. BLOCK CIPHERS

71

7. Use the a¢ ne transformation 0

B B B B B B X !B B B B B B @

1 0 7 3 6 8 5 8 1

9 5 3 7 0 4 5 6 2

7 9 3 8 6 0 3 1 4

6 3 2 1 3 0 1 8 3

0 4 5 0 5 4 9 0 2

2 3 7 9 5 1 7 3 3

5 3 9 7 7 9 4 3 5

5 7 1 2 7 8 2 7 7

7 7 4 5 7 2 9 1 4

0

1

5 5 8 8 6 5 4 3 0

B C B C B C B C B C B C CX + B B C B C B C B C B C @ A

1

C C C C C C C mod 10 C C C C C A

to encrypt your Social Security number. Compute the inverse transformation and test it on your encrypted Social Security number. Answer: Assuming the …ctitious Social Security number is 555-55-5555, the a¢ ne transformation yields 0 5

5

5

5

5

8

5

8

5

6

5

5

5

4

5

3

B B B B B B B B B B B B @

5

0

1 9 7 6 0 2 5 5 7

0 5 9 3 4 3 3 7 7

7 3 3 2 5 7 9 1 4

mod 10 =

3 7 8 1 0 9 7 2 5

6 0 6 3 5 5 7 7 7

5

0

3

0

8 4 0 0 4 1 9 8 2

3

5 5 3 1 9 7 4 2 9

8

8 6 1 8 0 3 3 7 1

6

1 2 4 3 2 3 5 7 4

5

9

1

C C C C C C C+ C C C C C A 8

5

The inverse transformation is given by 5

X ! X

5

8

8

6

5

4

A

1

2 0 7 4 3 2 8 1 5

4 4 3 5 1 9 0 6 4

mod 10

Since 0 B B B B B B B B B B B B @

1 9 7 6 0 2 5 5 7

0 5 9 3 4 3 3 7 7

7 3 3 2 5 7 9 1 4

3 7 8 1 0 9 7 2 5

6 0 6 3 5 5 7 7 7

8 4 0 0 4 1 9 8 2

5 5 3 1 9 7 4 2 9

8 6 1 8 0 3 3 7 1

1 2 4 3 2 3 5 7 4

1 C C C C C C C C C C C C A

1

0

B B B B B B mod 10 = B B B B B B @

3 7 2 3 7 5 9 5 8

6 9 9 6 5 2 8 0 7

4 1 2 3 5 7 0 5 7

0 7 9 9 6 9 3 5 7

0 1 3 9 0 8 5 7 7

7 4 5 7 8 0 1 3 0

3 6 6 6 1 2 5 2 4

1 C C C C C C C C C C C C A

72

CHAPTER 4. CIPHERS we see that 5

0 0

=

3 5

8 5

6 0

5 0

9 0

8 5

5 5

5

=

5

5

5

5

8. Use the 10 0

B B B B B B B X !XB B B B B B B @

0

5

0

5

0

5

5

5

5

5

5

5

8

8

6

5

4

3

0

mod 10

5 0

0

5

B B B B B B B B B B B B @

3 7 2 3 7 5 9 5 8

2 0 7 4 3 2 8 1 5

4 4 3 5 1 9 0 6 4

6 9 9 6 5 2 8 0 7

4 1 2 3 5 7 0 5 7

0 7 9 9 6 9 3 5 7

0 1 3 9 0 8 5 7 7

7 4 5 7 8 0 1 3 0

5

3 6 6 6 1 2 5 2 4

1

C C C C C C C mod 10 C C C C C A

10 block cipher 105 233 85 246 248 253 207 79 198 251 98 212 104 164 188 253 89 127 48 222 249 147 110 206 109 203 239 219 13 54

11 192 134 42 213 116 147 223 4 112

79 164 82 235 18 205 189 197 207 114

235 214 200 243 131 69 218 128 180 112

221 160 249 165 109 228 166 154 127 137

233 82 132 172 192 57 234 180 36 108

118 190 204 113 105 243 124 147 8 38

119 195 197 188 41 76 172 178 252 252

1

C C C C C C C C mod 256 C C C C C C A

to encrypt the message Technology and security experts oppose restrictions on encryption, arguing that such restrictions would damage consumer trust. by breaking the message into blocks of 10 characters and using ASCII values for each character. Pad the plaintext with extra “#” so that the total number of characters is a multiple of 10. Answer: The ASCII values for the plaintext (padded with extra "#",

4.4. BLOCK CIPHERS

73

which has ASCII value 35) is given in the 13

0 B B B B B B B B B B B B B B B B B B B B @

84 32 105 115 101 115 112 117 115 105 117 32 116

101 97 116 32 115 32 116 105 117 99 108 99 114

99 110 121 111 116 111 105 110 99 116 100 111 117

104 100 32 112 114 110 111 103 104 105 32 110 115

110 32 101 112 105 32 110 32 32 111 100 115 116

111 115 120 111 99 101 44 116 114 110 97 117 46

108 101 112 115 116 110 32 104 101 115 109 109 35

10 matrix

111 99 101 101 105 99 97 97 115 32 97 101 35

103 117 114 32 111 114 114 116 116 119 103 114 35

121 114 116 114 110 121 103 32 114 111 101 32 35

1 C C C C C C C C C C C C C C C C C C C C A

Now encrypt using

0 B B B B B B B B B B B B B B B B B B B B @ 0 B B B B B B B B B B B B B B @

84 101 32 97 105 116 115 32 101 115 115 32 112 116 117 105 115 117 105 99 117 108 32 99 116 114

99 110 121 111 116 111 105 110 99 116 100 111 117

104 110 111 100 32 115 32 101 120 112 112 111 114 105 99 110 32 101 111 110 44 103 32 116 104 32 114 105 111 110 32 100 97 110 115 117 115 116 46

108 101 112 115 116 110 32 104 101 115 109 109 35

111 99 101 101 105 99 97 97 115 32 97 101 35

103 117 114 32 111 114 114 116 116 119 103 114 35

121 114 116 114 110 121 103 32 114 111 101 32 35

105 233 246 248 207 79 251 98 104 164 253 89 48 222 147 110 109 203 219 13

85 253 198 212 188 127 249 206 239 54

11 192 134 42 213 116 147 223 4 112

79 235 221 164 214 160 82 200 249 235 243 165 18 131 109 205 69 228 189 218 166 197 128 154 207 180 127 114 112 137

233 82 132 172 192 57 234 180 36 108

118 190 204 113 105 243 124 147 8 38

119 195 197 188 41 76 172 178 252 252

1 C C C C C C C C C C C C C C C C C C C C A 1

C C C C C C C C mod 256 C C C C C C A

74

CHAPTER 4. CIPHERS 0

B B B B B B B B B B =B B B B B B B B B B @

9. The 10

69 27 37 100 104 221 170 109 43 80 227 143 147

228 126 196 109 197 30 8 227 72 75 4 176 95

77 28 103 199 176 248 232 76 175 148 134 97 46

81 200 85 75 43 154 41 120 183 61 169 211 102

191 163 81 130 87 215 74 18 91 98 98 48 124 141 145 27 80 233 176 75 169 197 38 104 201 123 28 112 13 131 201 110 139 59 32 166 134 85 132

61 47 113 216 214 200 12 243 9 143 172 117 56

48 44 102 146 251 106 82 170 123 224 178 145 168

90 51 119 154 59 54 249 58 85 243 105 209 61

10 block cipher 0

B B B B B B B X !XB B B B B B B @

105 246 207 251 104 253 48 147 109 219

233 248 79 98 164 89 222 110 203 13

85 253 198 212 188 127 249 206 239 54

11 192 134 42 213 116 147 223 4 112

79 164 82 235 18 205 189 197 207 114

235 214 200 243 131 69 218 128 180 112

221 160 249 165 109 228 166 154 127 137

233 82 132 172 192 57 234 180 36 108

118 190 204 113 105 243 124 147 8 38

1 C C C C C C C C C C C C C C C C C C C C A

119 195 197 188 41 76 172 178 252 252

was used to generate the ciphertext 0 B B B B B B B B B B B B @

102 66 144 101 139 32 40 185 54 163 219 30 55 88 234 159 149 32 112 112 22 170 99 184 180 241 182

98 218 216 135 36 204 248 200 56

34 201 201 217 119 64 142 81 224

179 85 141 72 166 159 130 126 229

118 216 214 243 213 169 220 38 124

173 114 114 5 71 250 152 130 31

as described in problem 8. What is the plaintext?

169 213 84 233 99 240 147 202 208

92 34 190 231 253 174 91 254 121

1 C C C C C C C C C C C C A

1

C C C C C C C C mod 256 C C C C C C A

4.4. BLOCK CIPHERS

75

Answer: Note that 0 B B B B B B B B B B B B B B @

105 233 246 248 207 79 251 98 104 164 253 89 48 222 147 110 109 203 219 13 0 B B B B B B B B B B B B B B @

85 253 198 212 188 127 249 206 239 54

150 189 211 169 56 41 14 86 92 131 123 58 39 16 140 38 76 96 62 198

11 192 134 42 213 116 147 223 4 112

79 164 82 235 18 205 189 197 207 114

235 214 200 243 131 69 218 128 180 112

80 85 71 36 132 166 35 214 166 120 188 180 159 76 164 2 26 11 98 211 35 41 212 217 119 89 7 15 102 134

221 160 249 165 109 228 166 154 127 137

233 82 132 172 192 57 234 180 36 108

118 190 204 113 105 243 124 147 8 38

119 195 197 188 41 76 172 178 252 252

1 C C C C C C C C C C C C C C A

1

mod 256 =

1 222 39 84 64 36 147 56 31 67 180 C C 250 98 146 168 185 C C 112 203 202 193 213 C C 154 150 216 157 142 C C 205 66 50 42 196 C C 43 91 191 47 145 C C 187 209 246 98 222 C C 96 202 233 128 47 A 226 142 16 116 151

and 0 B B B B B B B B B B B B @

0 B B B B B B B B B B B B B B @

102 101 40 163 55 159 112 170 180

150 211 56 14 92 123 39 140 76 62

66 144 139 32 185 54 219 30 88 234 149 32 112 22 99 184 241 182 189 169 41 86 131 58 16 38 96 198

98 218 216 135 36 204 248 200 56

80 85 36 132 35 214 120 188 159 76 2 26 98 211 41 212 119 89 15 102

34 201 201 217 119 64 142 81 224 71 166 166 180 164 11 35 217 7 134

179 85 141 72 166 159 130 126 229

118 216 214 243 213 169 220 38 124

173 114 114 5 71 250 152 130 31

1 169 92 213 34 C C 84 190 C C 233 231 C C 99 253 C C 240 174 C C 147 91 C C 202 254 A 208 121

1 222 39 84 64 36 147 56 31 67 180 C C 250 98 146 168 185 C C 112 203 202 193 213 C C 154 150 216 157 142 C C= 205 66 50 42 196 C C 43 91 191 47 145 C C 187 209 246 98 222 C C 96 202 233 128 47 A 226 142 16 116 151

76

CHAPTER 4. CIPHERS 0

B B B B B B mod 256 B B B B B B @

73 118 108 104 97 97 32 105 104

1 115 101 110 115 105 116 105 100 97 116 97 32 102 97 C C 32 105 110 116 111 32 116 C C 119 114 111 110 103 32 104 C C 115 44 32 105 116 32 99 C C 108 101 97 100 32 116 111 C C 97 117 100 32 111 114 32 C C 110 116 105 116 121 32 116 A 116 46 35 35 35 35 35

102 32 101 32 108 115 101 32 110 100 110 32 102 114 100 101 101 102

Ignore the last …ve numbers (which correspond to #####) and use an ASCII table to obtain the plaintext If sensitive data falls into the wrong hands, it can lead to fraud or identity theft.

4.5

The Playfair Cipher

1. Create a Playfair cipher using the keyword CIPHERSAREUS (Ciphers are us) by starting in the upper left corner and following the arrows in diagram: ! # % # %

. % . % !

! . % . %

. % . % !

# . # .

Encipher the message Wheatstone named the Playfair cipher after his friend Lyon Playfair.

Answer: The Playfair square is given by C P H B D

I E U F Q

R A G O T

S K N V Y

L M W X Z

4.5. THE PLAYFAIR CIPHER

77

The plaintext and ciphertext are given by

WH # HU

EA # AK

TS # YR

TO # RT

NE # UK

NA # GK

ME # PA

DT # QY

HE # UP

PL # MC

AY # KT

FA # OE

IR # RS

CI # IR

PH # HB

ER # AI

AF # EO

TE # QA

RH # OI

IS # RL

FR # OI

EI # UE

ND # HY

LY # SZ

ON # VG

PL # MC

AY # KT

FA # OE

IR # RS

2. Create a Playfair cipher using the keyword CHARLESWHEATSTONE (Charles Wheatstone) by starting at the center and following the arrows in the diagram: ! " " "

" " " "

! ! "

! # #

# # # #

(Whenever you enter a new square, go in the direction indicated.) Encipher the message Wheatstone’s work in acoustics won him a professorship of experimental physics.

Answer: The Playfair square is given by

Z Y X V U

O T W S Q

N H C E P

B A R L M

D F G I K

78

CHAPTER 4. CIPHERS The plaintext and ciphertext are given by WH # CT

EA # LH

TS # WQ

TO # WT

NE # HP

SW # QS

OR # BW

KI # DK

NA # BH

CO # WN

US # QV

TI # FS

CS # WE

WO # ST

NH # HC

IM # LK

AP # HM

RO # WB

FE # HI

SX # VW

SO # QT

RS # WL

HI # FE

PO # QN

FE # HI

XP # CU

ER # LC

IM # LK

EN # PH

TA # HF

LP # EM

HY # AT

SI # EV

CS # WE

3. The keyword RHEOSTAT was used with the pattern ! # ! # !

!

!

!

#

!

!

!

#

!

!

!

(starting in the upper left corner) to create the ciphertext CSBXE FNTOV MROSK DHCOB LTASP ODEFB HILEC SSPOB RMHOP SMARK HOELT LKYBH using a Playfair cipher. Decrypt the message. Answer: Use the Playfair square R D F U V

H C G Q W

E B IJ P X

O A K N Y

S T L M Z

to obtain the message The primary use of a Wheatstone bridge is the measurement of resistance.

4.5. THE PLAYFAIR CIPHER

79

4. The key AMMETERS ARE CONNECTED IN SERIES was used with the Playfair pattern ! ! ! ! # ! ! ! # # " ! # # " " # " (starting in the upper left corner) to create the Playfair ciphertext OGQME TRTSC MARZN RIRUR TIDFK EAMYB PMYB Decrypt the message. Answer: The Playfair square A K H G F

M L Y X B

E P Z W I

T Q U V D

R S C O N

is used to recover the plaintext Voltmeters are connected in parallel. 5. A variant of the Playfair cipher uses two squares, each generated using its own key. A pair of letters are located in the …rst square; then opposite corners of the second square are used as ciphertext. Thus IT ! DQ. If a pair of letters appear in the same row on the left, then the characters immediately to the right of the corresponding locations in the right box are used. I

D T

Q

The keywords SCIENTIFIC NOTEBOOK and MAPLE MUPAD were used to generate the pair S T A M V

C F D P W

I O G Q X

E B H R Y

N K L U Z

V W X Y Z

O Q R S T

G H I K N

U D B C F

M A P L E

80

CHAPTER 4. CIPHERS of squares. Decrypt the ciphertext DXOCX RTDIV SUOKC DLSBZ BDVKK LWNOB BUOMK UYXUV KHXWU VKYHZ DVZH Answer: The Playfair cipher may be improved by seriating its input text. 6. Another variant of the Playfair uses rectangles of other sizes and larger alphabets. For example, a 27-character alphabet …lls a 3 9 rectangle. The key GADZOOKS was used to …ll the rectangle . E C

Y F B

X H S

W I K

V J O

U L Z

T M D

R N A

Q P G

and generate the ciphertext RVDVG SMFKX MWNSN RMADJ FUNJ: HAGME NSCFR VN:L: CHCT Decrypt the ciphertext. Answer: Two tables with a randomly mixed alphabet were used. 7. The key WHODONEIT was use to create the Playfair rectangle W H O D N

B A T I E

C F G J K

R Q P M L

S U V X Y

: ! ? . Z

and produce the ciphertext HOTOW DPIZA What is the plaintext? Answer: Who? Not me!

4.6

Unbreakable Ciphers

1. Use the one-time key SHORTCIPHERTEXTMESSAGES AREEXTREMELYHARDTOBREAK to encrypt the message The longer the message the easier the decryption using y = x + s mod 26 where x is the plaintext vector and s is the key vector. Answer: LOSCH POTYX YXQBL EEYWT NIWAJ MIOMY IPINP PPKLH B

4.6. UNBREAKABLE CIPHERS

81

2. The ciphertext LLGMV GEVGX VQMAZ KWASK WWUHT TSEMS NSNOX AFPSR I was encrypted using the one-time key SECUREKEYEXCHANGEIS ESSENTIALFORONETIMEKEYS Decrypt the message. Answer: The security of a message equals the weakest link. 3. The short key MILLIONAIRE was used to produce the ciphertext IPZTA HUEEV EWMDE TWAK Decrypt the message. Answer: Who is the weakest link? 4. The short key PLAYFAIR was used to produce the ciphertext HSOPY KMPHN ALJAA ZAJBC WEKFV YIXJD Decrypt the message. Answer: Short keys can easily be recognized. 5. The short key CODETALKER was use to generate the ciphertext YVBTE AJPEZ TKKIG TSOSK JSUKN YDKVV WGLRZ RDK Decrypt the message. Answer: Why Playfair (play fair?) when the other guys are using RSA? 6. A pseudo key of longer length can be generated by using two short keys. Thus the two keys CODE and ENCRYPT can be used as a two-stage cipher + +

p C E c

l O N i

a D C p

i E R h

n C Y e

t O P r

e D T t

x E E e

t C N x

O C t

where the ith ciphertext character is the mod 26 sum of the three characters above it. What is the length of the pseudo key? Answer: Since len(CODE) = 4 and len(ENCRYPT) = 7, the length of the pseudo key is lcm (4; 7) = 28.

82

CHAPTER 4. CIPHERS 7. Encryption can also be done at the bit level. Given a byte (1; 0; 0; 0; 1; 0; 1; 1) and a key (1; 1; 0; 1; 1; 0; 0; 1), the vector sum modulo 2 is given by (1; 0; 0; 0; 1; 0; 1; 1) + (1; 1; 0; 1; 1; 0; 0; 1) mod 2 = (0; 1; 0; 1; 0; 0; 1; 0) Show that decryption is the same as encryption. Answer: Since 1 + 1 mod 2 = 0, it follows that adding the same binary vector twice gives back the original vector. In particular, if 1

0 0

=

0

0

1

0

1 1

0

1

0

0

1 1

+

1

1

0

1

1

0

0

1

mod 2

+

1

1

0

1

1

0

0

1

mod 2

0

then 0 =

4.7

1 1

0

1

0

0

0 0

0

1

1

0

0 1

1

Enigma Machine

1. Use rotor settings s1 = 25, s2 = 13, and s3 = 4. Encrypt the message Hi Answer: We take x = 7

‘H’and compute

y = (x + s1 mod 26)

1

= (7 + 25 mod 26)

1

=6

z = (y + s2 mod 26)

2

= (9 + 13 mod 26)

2

w = (z + s3 mod 26)

3

= (21 + 4 mod 26)

3

1

=9

= 22

2

= 21

= 25

3

=1

u = (w) = 1 = 9 z= u y = (z x = (y

1 3 1 2 1 1

1

s3 mod 26 = 9

3

s2 mod 26) = 14

2

s3 mod 26) = 0

1

1 1

4 mod 26 = 18 13 mod 26 = 13 25 mod 26 = 23

4 mod 26 = 14 13 mod 26 = 0 25 mod 26 = 24

and hence the …rst ciphertext character is 24 ! ‘Y’. Finally, we update the shift constants: s1

s1 + 1 mod 26 = 0

s2

s2 + 1 mod 26 = 14

Continuing in this way, we see that the ciphertext is YQ. 2. The rotor settings s1 = 24, s2 = 25, and s3 = 19 were used to produce the ciphertext QAV Decrypt the message. Answer: Low

4.7. ENIGMA MACHINE

83

3. Rotors 1 and 3 were interchanged with the rotor settings s1 = 23, s2 = 3, and s3 = 7 to produce the ciphertext SKNSL BOWU Decrypt the message. Answer: Attack now! 4. Interchange rotors 1 and 2 and set the initial rotor placements as s1 = 20, s2 = 25, and s3 = 4 to encrypt the plaintext Combinatorial mathematics is the study of the arrangements of objects. Answer:

MUFNY BFLTJ QVHRZ GDRHE UDHIN DXUJF PZMNJ DFPEK FPPZZ PDCTD QDSTT ON

5. There are 26 letters on the Enigma plugboard. A plugboard setting consists of ten (unordered) pairs of letters. So, for example, one plugboard setting is fA; Zg, fB; Y g, fC; Xg, fD; W g, fE; V g, fF; U g, fG; T g, fH; Sg, fI; Rg, fJ; Qg. Verify that there are 150; 738; 274; 937; 250 plugboard settings. 26 2

24 2

22 2

8 2

. In the example, there are 10! ways to choose the …rst pair fA; Zg, then 24 ways to choose the 2 second pair fB; Y g, and so on. But the 10! ways of listing these 10 pairs all give the same pairings, so we must divide by 10! to get the number of distinct plugboard settings. Answer: The number is 26 2

6. Given the permutations =

1 6

2 3

3 5

what are

and

Answer:

=

4 7

5 4

6 1

7 2

and

=

1 4

2 1

3 2

4 6

5 5

6 7

7 3

1 7

2 6

3 3

4 1

4 6

5 5

6 7

7 3

? 1 7

2 2

3 5

4 3

5 6

6 4

7 1

and

=

5 4

6 2

7 5

7. Given the permutations = what are Answer:

1 6

2 3 1 1

3 5 and =

4 7

5 4

6 1

7 2

? 1 2 6 7

3 2

4 5

and

=

1 4

2 1

3 2

1

5 3

6 1

7 4

and

1

=

1 2

2 3

3 7

4 1

5 5

6 4

7 6

84

CHAPTER 4. CIPHERS 8. Write the permutations =

1 6

2 3

3 5

4 7

5 4

6 1

7 2

and

=

1 4

2 1

and

=

3 2

4 6

5 5

6 7

7 3

as a products of disjoint cycles. Answer:

=

1

6

2

3

5

4

7

1 1

9. If is a k-cycle and is a permutation, show that Give a formula for this k-cycle in terms of .

4

6

7

3

2

is also a k-cycle.

1 = Answer: Let = (a1 ; a2 ; : : : ; ak ) and set = . Then (ai ) (ai ) = ai = (ai+1 ) for i = 1; 2; : : : ; k 1, and (ak ) = (ak ) = ak = (a1 ) . If x 2 = fa1 ; a2 ; : : : ; ak g, then x = x = x so x is …xed by the permutation . Thus = (a1 ; a2 ; : : : ; ak ) is also a k-cycle.

10. Show that if = (a1 ; a2 ) (a3 ; a4 ) (a25 ; a26 ) is a product of disjoint 21 cycles, is a permutation, and = , then = (a1 ; a2 ) (a3 ; a4 )

(a25 ; a26 )

is also a product of disjoint 2-cycles. Answer: If i is odd, then (ai )

= ai

= ai = (ai ) = ai+1

= ai

= ai = (ai ) = ai

and if i is even, then (ai ) Thus = (a1 ; a2 ) (a3 ; a4 )

(a25 ; a26 )

1

5

Chapter 5

Error-Control Codes 1. If you use pure guessing on a 10-question true/false exam, what is the probability that you get them all right? Answer: The probability of getting 10 out of 10 on a true false exam is 1 10 1 = 1024 9: 765 6 10 4 . 2 2. If you use pure guessing on a 10-question true/false exam, what is the probability that you get at least 7 out of 10? Answer: The probability of at least 7 out of 10 is the sum of the probabilities of 7, 8, 9, and 10 out of 10. This probability is 1 2

10

+

10 1

1 2

10

+

10 2

1 2

10

+

10 3

1 2

10

=

11 = 0:171 88 64

3. What is the minimum distance between codewords for the triple repetition code? Answer: The codewords 000 and 111 are a distance 3 apart. 4. What is the probability of no errors if 3 bits are transmitted through a binary symmetric channel with p = 0:05? Answer: The probability that a single bit is transmitted correctly is 1 0:05 = 0:95. The probability that 3 bits are received correctly is (1

3

3

0:05) = (0:95) = 0:857 38

5. What is the probability of exactly one error if 200 bits are transmitted through a binary symmetric channel with p = 0:0001? Answer: There are 200 places where the error could occur; so the prob199 ability of a single error is 200 0:0001) (0:0001) = 1: 960 6 10 2 . 1 (1 85

86

CHAPTER 5. ERROR-CONTROL CODES 6. What is the probability of at least two errors if 1000 bits are transmitted through a binary symmetric channel with p = 0:001? Answer: The probability of at least 2 errors is 1 1 error. This is 1

(1

0:001)

1000

1000 (1 1

0:001)

999

the probability of 0 or 1

(0:001) = 0:264 24

7. What is the expected number of errors if 1000 bits are transmitted through a binary symmetric channel with p = 0:001? Answer: The expected number of errors is the sum of n (the probability of exactly n errors), which is given by 1000 X n=0

n

1000 (1 n

0:001)

1000 n

n

(0:001) = 1:0

The contribution by the nth bit is 1 (0:001) = 0:001 . Since there are 1000 bits, the expected number of bit errors is 1000 (0:001) = 1:0: 8. What is the minimum distance between the following collection of garbled sentences? When trcnsmitthngddata, thery is always tte pfssibhlity of error. When transmittxng datae therj is zlwaps the possibwlity of xrror. When trznspitting data, there is always the possibility oe evyorg Whfn tranymyttgnc data, nheri is always the hossibility of error. When transmitting data, dherexis alwahs the jossicility of error. Answer: The minimum distance between sentence i and sentence j is given in the table inj 1 2 3 4 5

1 0 11 12 12 13

2 11 0 13 11 13

3 12 13 0 11 14

4 12 11 11 0 11

5 13 13 14 11 0

and hence the minimum distance is 11. 9. The garbled sentences in problem 8 were generated by assuming that the error rate was 1=10. Explain why a minimum distance of 11 is reasonable.

5.1. BAR CODES BASED ON TWO-OUT-OF-FIVE CODE

87

Answer: If the probability of a letter being changed is 1=10, then you can expect about a tenth of the letters to be changed. For two consecutive sentences, about one …fth of the letters can be expected to be di¤erent. The length of the sentence is 65, and 65=5 = 13, so on average the distance between two sentences should be roughly 13. Indeed, the distances between pairs of sentences range from 11 to 14, so an average of 13 is reasonable.

5.1

Bar Codes Based on Two-out-of-Five Code

1. Read the Code 2 of 5 message

2

0

0

1

(2001 )

Answer: 2. Read the Code 39 message

I

L

I

K

E

Answer: B

A

R

S

(I like bars.) 3. Read the Interleaved 2 of 5 message : 5=wnwnn

Answer:

7=nnnww

z }| {

| {z }

7=nnnww

4. Read the Postal Code

What is the check sum?

z }| {

|

{z

}

3=wwnnn

(5773 )

88

CHAPTER 5. ERROR-CONTROL CODES

Answer: 2

1

4

8

7

4

8

3

2

1

(21487-4832 ) The check sum is 1. Note that 2+1+4+8+7+4+8+3+2+1 mod 10 = 0: 5. Identify and read the bar code

Answer:The 2 of 5 bar code 9

z }| {

1

z }| {

1

z }| {

2

0

z }| { z }| {

0

z }| {

1

z }| {

decodes as (9112001;September 11,2001 ) 6. Identify and read the bar code

7=nnnww

Answer: The interleaved 2 of 5 bar code

|{z}

z }| {

start 1=wwnnn

z }| {

7=nnnww

| {z }

z }| {

7=nnnww

| {z

end

|

{z

z}|{

}

decodes as (741776; July 4,

6=nnwwn

1776 ).

7. Identify and read the bar code

Answer: The Code 39 bar code C

z }| {

O

D

E

z }| { z }| { z }| {

decodes as (Code 39 ).

}

4=nnwnw

z }| {

3

9

z }| { z }| {

5.1. BAR CODES BASED ON TWO-OUT-OF-FIVE CODE

89

8. Read the Postal Code

What is the check sum? Answer:

4

2

8

8

7

8

7

1

4

1

(42887-1487 ) The check sum is 1. Note that 4 + 2 + 8 + 8 + 7 + 1 + 4 + 8 + 7 + 1 = 50 is equal to 0 modulo 10. 9. Identify and read the bar code

Answer: The Interleaved 2 of 5 bar code 1=wwnnn

5=wnwnn

|{z}

z }| {

start

|

{z

|

{z

z }| {

}

5=wnwnn

6=nwwnn

z }| {

| {z }

8=wnnwn end

z}|{

}

2=nwnnw

decodes as (551862; Cinco de Mayo). (Note that the short bars were added to indicate the width of beginning and ending spaces.) 10. Identify and read the bar code

Answer: The 2 of 5 bar code 1

z }| {

7

z }| {

2

9

z }| { z }| {

decodes as 1729, the smallest positive integer that can be written as a sum of two cubes in two di¤erent ways: 123 + 13 = 1729 = 103 + 93

90

CHAPTER 5. ERROR-CONTROL CODES

11. Identify and read the bar code

2

8

i

Answer: The Code 39 bar code s

p

e

f

r

e

c

t

decodes as 28 is perfect. (A perfect number is a number that is equal to the sum of its proper divisors. In this case, 1 + 2 + 4 + 7 + 14 = 28.)

5.2

Other Commercial Codes

1. What are the numbers associated with the following UPC-A bar code? Verify that the check sum is correct.

Answer: |{z} |{z} |{z} |{z} |{z} |{z} 0

3

7

0

0

0

|{z} |{z} |{z} |{z} |{z} |{z} 6

2

8

1

1

8

2. An ISBN number is 0-966-x6563-9, where the …fth digit is unreadable. What is the missing digit, assuming the other digits are correct? Answer: Since 0 1 + 9 2 + 6 3 + 6 4 + x 5 + 6 6 + 5 7 + 6 8 + 3 9 mod 11

=

8 + 5x

=

9

5.2. OTHER COMMERCIAL CODES

91

it follows that 1

5x mod 11 = 1 or x = 5

mod 11 = 9

3. Show that if two (di¤erent) digits in a ten-digit ISBN number are interchanged, then the result is not a valid ISBN number. Answer: Let a1 –a2 a3 a4 –a5 a6 a7 a8 a9 –a10 be a valid ISBN number so that 10 X

iai mod 11 = 0

i=1

Assume that ak and an are interchanged, ak 6= an , and 1 Set bk = an , bn = ak , and otherwise bi = ai . Then ! 10 10 10 X X X ibi mod 11 = ibi iai mod 11 i=1

i=1

9.

i=1

= (k (bk

ak ) + n (bn

an )) mod 11

= (k (an

ak ) + n (ak

an )) mod 11

= (k

n) (an

ak ) mod 11 6= 0

because 11 divides neither of the factors k b1

k 4 is composite, so that n = ab where 1 < a b < n. Then b > 2, so b2 > 2b. If 2 a = b then n = b > 2b so (n 1)! has factors b and 2b and hence (n 1)! mod n = 0. If a < b then both a and b are factors of (n 1)! and hence (n 1)! mod n = 0. 3. Calculate x2 mod 11 for integers x = 1; 2; 3; : : : ; 9; 10 and show x2 mod 11 = 1 only for x = 1 or 10. Answer:

12 mod 11 = 1 32 mod 11 = 9 52 mod 11 = 3 72 mod 11 = 5 92 mod 11 = 4

22 mod 11 = 4 42 mod 11 = 5 62 mod 11 = 3 82 mod 11 = 9 102 mod 11 = 1

4. For any positive integer n > 1, show that x2 mod n = (n 131

2

x) mod n.

132

CHAPTER 7. THEOREMS OF FERMAT AND EULER Answer: We have 2

x) mod n = n2

(n

2xn + x2 mod n

= x2 mod n 5. Find all solutions to x2 mod 15 = 1 for x 2 f1; 2; : : : ; 14g. Answer: Given

f (x) = x2 mod 15 we see that

0

B B B B B B B B B B B fB B B B B B B B B B B @

Thus

1 2 3 4 5 6 7 8 9 10 11 12 13 14

1

0

C B C B C B C B C B C B C B C B C B C B C B C=B C B C B C B C B C B C B C B C B C B C B A @

1 4 9 1 10 6 4 4 6 10 1 9 4 1

1 C C C C C C C C C C C C C C C C C C C C C C A

12 mod 15 = 42 mod 15 = 112 mod 15 = 142 mod 15 = 1 6. Prove or disprove: If x2 mod p = 1 has exactly two solutions x 2 f1; 2; : : : ; p 1g, then p is prime. Answer: Note that x2 mod 4 = 1 has two solutions x = 1; 3 but 4 is not prime. Moreover, x2 mod 6 = 1 has exactly two solutions x = 1; 5 but 6 is not prime. 7. Let p be an odd prime. Show that 2 (p

3)! mod p = p

1.

Answer: We know that (p 1)! mod p = p 1. Since p 1 ? p, it follows that (p 2)! mod p = 1. Since p 2 (mod p) 2, it follows that (p

3)! (p

2) mod p

=

1

2 (p

3)! mod p

=

1

2 (p

3)! mod p

=

p

1:

8. Prove that an integer p > 2 is prime if and only if (p

2)! mod p = 1.

Answer: Suppose p > 2 is prime. Then p 1 ? p and hence (p 1)! mod p = p 1 implies (p 2)! mod p = 1. Suppose p = ab where 1 < a b < p. Then a j (p 2)! and hence (p 2)! mod p cannot equal 1.

7.2. POWERS MODULO N

133

9. Illustrate the proof of Wilson’s theorem for p = 17 by pairing the integers 2, 3, 4, . . . , 15 and using that to …nd 16! mod 17. Answer: Rearrange the product as 2 3 4 5 6 7 8 9 10 11 12 13 14 15 = (2 9) (3 6) (4 13) (5 7) (8 15) (10 12) (11 14) and observe that 2 9 mod 17 = 1, 3 6 mod 17 = 1, 4 13 mod 17 = 1, 5 7 mod 17 = 1, 8 15 mod 17 = 1, 10 12 mod 17 = 1, and 11 14 mod 17 = 1. Hence 16! mod 17 = 1 16 (2 9) (3 6) (4 13) (5 7) (8 15) (10 12) (11 14) mod 17 = 1 16 1 1 1 1 1 1 1 mod 17 = 16 mod 17

1 (mod 17)

10. Show that 9! + 1 mod 19 = 0 and 18! + 1 mod 19 = 0. Answer: Note that 9! + 1 = 362 881 = 19

19 099

and 18! + 1 = 6402 373 705 728 001 = 19

7.2

336 967 037 143 579

Powers Modulo n

1. Use Algorithm 7.1 to evaluate the expression 114 mod 15. Answer: Using Algorithm 7.1, gets k 1 2 3 4

p 1 1 11 mod 15 = 11 11 11 mod 15 = 1 1 11 mod 15 = 11 11 11 mod 15 = 1

so 114 mod 15 = 1. 2. Use Algorithm 7.1 to evaluate the expression 93 mod 23 Answer: Using Algorithm 7.1, we have k 1 2 3 so 93 mod 23 = 16.

p 1 1 9 mod 23 = 9 9 9 mod 23 = 12 12 9 mod 23 = 16

134

CHAPTER 7. THEOREMS OF FERMAT AND EULER

3. Use Algorithm 7.1 to evaluate the expression 164 mod 29 Answer: Using Algorithm 7.1, gets k 1 2 3 4

p 1 1 16 mod 29 = 16 16 16 mod 29 = 24 24 16 mod 29 = 7 7 16 mod 29 = 25

so 164 mod 29 = 25. 4. Use Algorithm 7.1 to evaluate the expression 225 mod 25 Answer: Using Algorithm 7.1, we have k 1 2 3 4 5

p 1 1 22 mod 25 = 22 22 22 mod 25 = 9 9 22 mod 25 = 23 23 22 mod 25 = 6 6 22 mod 25 = 7

so 225 mod 25 = 7. 5. Use Algorithm 7.2 to compute the expression 597 mod 127 Answer: We have x2 mod 127 ! x 5 52 mod 127 = 25 252 mod 127 = 117 1172 mod 127 = 100 1002 mod 127 = 94 942 mod 127 = 73 732 mod 127 = 122

bn=2c ! n n mod 2 97 1 b97=2c = 48 0 b48=2c = 24 0 b24=2c = 12 0 b12=2c = 6 0 b6=2c = 3 1 b3=2c = 1 1 b1=2c = 0 0 597 mod 127 = 80

prod x mod 127 ! prod 1 5 mod 127 = 5

73 5 mod 127 = 111 111 122 mod 127 = 80

6. Use Algorithm 7.2 to compute the expression 4126 mod 127

7.2. POWERS MODULO N

135

Answer: We have x2 mod 127 ! x 4 42 mod 127 = 16 162 mod 127 = 2 22 mod 127 = 4 42 mod 127 = 16 162 mod 127 = 2 22 mod 127 = 4

bn=2c ! n n mod 2 126 0 b126=2c = 63 1 b63=2c = 31 1 b31=2c = 15 1 b15=2c = 7 1 b7=2c = 3 1 b3=2c = 1 1 b1=2c = 0 0 4126 mod 127 = 1

prod x mod 127 ! prod 1 16 mod 127 = 16 16 2 mod 127 = 32 32 4 mod 127 = 1 1 16 mod 127 = 16 16 2 mod 127 = 32 32 4 mod 127 = 1

7. Use Algorithm 7.2 to compute the expression 463 mod 127 Answer: We calculate x2 mod 127 ! x 4 42 mod 127 = 16 162 mod 127 = 2 22 mod 127 = 4 42 mod 127 = 16 162 mod 127 = 2

bn=2c ! n n mod 2 63 1 b63=2c = 31 1 b31=2c = 15 1 b15=2c = 7 1 b7=2c = 3 1 b3=2c = 1 1 b1=2c = 0 0 463 mod 127 = 1

prod 1 16 64 1 16 64

x mod 127 ! prod 4 mod 127 = 4 4 mod 127 = 64 2 mod 127 = 1 4 mod 127 = 4 4 mod 127 = 64 2 mod 127 = 1

8. Use Algorithm 7.2 to compute the expression 371000 mod 127 Answer: We calculate x2 mod 127 ! x 37 372 mod 127 = 99 992 mod 127 = 22 222 mod 127 = 103 1032 mod 127 = 68 682 mod 127 = 52 522 mod 127 = 37 372 mod 127 = 99 992 mod 127 = 22 222 mod 127 = 103

bn=2c ! n n mod 2 1000 0 b1000=2c = 500 0 b500=2c = 250 0 b250=2c = 125 1 b125=2c = 62 0 b62=2c = 31 1 b31=2c = 15 1 b15=2c = 7 1 b7=2c = 3 1 b3=2c = 1 1 b1=2c 0 371000 mod 127 = 37

prod x mod 127 ! prod

1 103 mod 127 = 103 103 52 mod 127 = 22 22 37 mod 127 = 52 52 99 mod 127 = 68 68 22 mod 127 = 99 99 103 mod 127 = 37

9. Use a computer algebra system to compute 1272387894339363242 mod 243682743764 Answer: We get 1272387894339363242 mod 243682743764 = 17 298 641 040.

136

CHAPTER 7. THEOREMS OF FERMAT AND EULER

10. Count the number of multiplications required to compute 231234 mod 137 by …rst …nding the base 2 representation of 1234. Answer: The base 2 representation of 1234 is 1234

=

210 + 210

=

210 + 27 + 82

=

210 + 27 + 26 + 18

=

210 + 27 + 26 + 24 + 21

=

(10011010010)2

so 14 multiplications are required. 11. Compare the following variations of Algorithm 7.2. Are these variations equivalent? Explain. Input Integers x, n, m Output Integer y = xn mod m Function power(x; n; m) Set prod = 1 While n > 0 do If n mod 2 = 1 then Set prod = prod x mod m End if Set x = x2 mod m Set n = bn=2c End while Set power = prod Return Powers modulo m

Input Integers x, n, m Output Integer y = xn mod m Function power(x; n; m) Set prod = 1 While n > 0 do If n mod 2 = 1 then Set prod = prod x End if Set x = x2 Set n = bn=2c End while Set power = prod mod m Return Powers modulo m

Answer: The second variation computes xn and then reduces the result modulo m. For x and n integers, xn is feasible to calculate exactly only if x and n are relatively small integers, say at most 3 or 4 digits each. The …rst variation makes it easy to calculate xn mod m for numbers x, n, and m that are each perhaps a hundred decimal digits long.

7.3

Fermat’s Little Theorem

1. Verify Fermat’s little theorem for a = 2 and the prime p = 11, using Algorithm 7.2. Answer:

x2 mod 11 ! x 2 22 mod 11 = 4 42 mod 11 = 5 52 mod 11 = 3

bn=2c ! n 10 b10=2c = 5 b5=2c = 2 b2=2c = 1

n mod 2 0 1 0 1

p x mod 11 ! p 1 1 4 mod 11 = 4 3 4 mod 11 = 1

7.3. FERMAT’S LITTLE THEOREM

137

and we see that 210 mod 11 = 1: 2. Let p be a prime such that gcd (p; a) = 1. Show directly that if ap a (mod p), then ap 1 1 (mod p), thus deriving Fermat’s theorem from its corollary. Is it necessary that p be a prime? Answer: If ap a (mod p), then ap = a + kp so that p divides ap a = a ap 1 1 . Since gcd (p; a) = 1 it follows that p divides ap 1 1 so that ap 1 1 (mod p). 3. Let p be a prime such that gcd (p; a) = 1. Show that if n mod (p then an 1 (mod p).

1) = 1,

Answer: If n mod (p 1) = 1, then n = 1 + k (p 1) for some integer k. So k an = a1+k(p 1) = aak(p 1) = a ap 1 but, modulo p, a ap

1 k

a1k = a

In problems 4–10, use Fermat’s little theorem to …nd the answer. 4. 2100 mod 13 Answer: Note that 2100 mod 13 = 16 mod 13 = 3.

212

8

24 mod 13 = 18 24 mod 13 =

5. 21000 mod 13 Answer: 21000 mod 13 = 212

83 4

2 mod 13 = 183 24 mod 13 = 16 mod 13 = 3

6. 3500 mod 17 Answer: Note that 3500 mod 17 = 316

31

34 mod 17 = 131 34 mod 17 = 13

7. 52000 mod 17 Answer: 52000 mod 17 = 516

125

mod 17 = 1125 mod 17 = 1

8. 72222 mod 23 Answer: Note that 72222 mod 23 = 722

101

mod 23 = 1101 mod 23 = 1.

9. 111234 mod 29 Answer: 111234 mod 29 = 1128 5

44

112 mod 29 = 144 112 mod 29 = 121 mod 29 =

10. 2100 mod 31 Answer: Note that 2100 mod 31 = 230

3

210 mod 31 = 13 210 mod 31 = 1.

138

CHAPTER 7. THEOREMS OF FERMAT AND EULER

11. Verify that 5217 mod 217 = 5. Factor 217. Answer: To verify this by hand, write 217 as a sum of powers of 2: 217

=

128 + 64 + 16 + 8 + 1

=

28 + 2 7 + 2 4 + 2 3 + 1

then compute 5n (mod 217) for n = 1; 2; 22 ; 23 ; : : : ; 28 using the fact that each number 5n (mod 217) is the square of the preceding one: 5, 25, 191, 125, 191, 125, 191, 125, 191 Finally, compute 5217

= =

5128+64+16+8+1 5128 564 516 58 5 191 125 191 125 5 (mod 217) 5 (mod 217)

Trying to divide 217 by 3; 5; 7; 11; : : : results quickly in 217 = 7

31

12. Verify that x1105

x (mod 1105)

for every integer x. Show that 1105 can be written as a sum of two squares in four di¤erent ways. (Integers smaller than 1105 can be so written in at most three ways.) Answer: Note that 1105 = 5 have x1105 x1105 x

1105

x x x

x4 x x

13 276

12 92

17 and for any integer x ? 1105 we 276

x (mod 5)

92

x (mod 13)

69

x (mod 17)

x (1)

= x (1)

16 69

x (1)

and hence x1105 x (mod 1105) by the Chinese remainder theorem. Assume x mod 7 = 0 whereas x ? 13 and x ? 17. Then x1105 mod 5 = 0 = x mod 5 x1104 mod 13 = x12

92

mod 13 = 192 mod 13 = 1

x1104 mod 17 = x16

69

mod 17 = 169 mod 17 = 1

and hence x1105 mod 5 = x mod 5 x1105 mod 13 = x mod 13 x1105 mod 17 = x mod 17

7.3. FERMAT’S LITTLE THEOREM

139

so x1105 mod 1105 = x mod 1105 by the Chinese remainder theorem. The remaining cases can be done in a similar manner. Observe that 1105 = 42 + 332 = 92 + 322 = 122 + 312 = 232 + 242 13. Verify that 1729 is a Carmichael number. Verify that 1729 is the smallest positive integer that can be written as the sum of two cubes in two di¤erent ways. This is the famous Hardy-Ramanujan number, so called because of the conversation between those two mathematicians after Hardy took a cab numbered 1729 to visit Ramanujan in the hospital. See http://en.wikipedia.org/wiki/1729_(number). Answer: Note that 1729 = 7 13 19 and 1728 = 26 33 . Since 7, 13, and 19 are primes, it follows that x7 mod 7 = x mod 7 and x13 mod 13 = x mod 13 and x19 mod 19 = x mod 19 for every integer x. Suppose x ? 7, x ? 13, and x ? 19. Then x1728 mod 7 = x6

288

mod 7 = 1288 mod 7 = 1

x1728 mod 13 = x12

144

x1728 mod 19 = x18

96

mod 13 = 1144 mod 13 = 1

mod 19 = 196 mod 19 = 1

and hence by the Chinese remainder theorem, x1728 mod 1729 = 1, which means that x1729 mod 1729 = x mod 1729. Suppose that x mod 7 = 0, x ? 23, and x ? 41.Then x1729 mod 7 = 0 = x mod 7 x1728 mod 13 = x12

144

x1728 mod 19 = x18

96

mod 13 = 1144 mod 13 = 1

mod 19 = 196 mod 19 = 1

and hence x1729 mod 7 = 0 = x mod 7 and x1729 mod 13 = x mod 13 and x1729 mod 19 = x mod 19 so that x1729 mod 1729 = x mod 1729 by the Chinese remainder theorem. The remaining cases can be handled in a similar manner. Observe that 1729 = 103 + 93 = 123 + 13 14. Verify that n = 6601 is a Carmichael number. Answer: Note that 6601 = 7 23 41 and 6600 = 23 3 23, and 41 are primes, it follows that x7 mod 7 = x mod 7 x23 mod 23 = x mod 23 x41 mod 41 = x mod 41

52 11. Since 7,

140

CHAPTER 7. THEOREMS OF FERMAT AND EULER for every integer x. Suppose x ? 7, x ? 23, and x ? 41. Then x6600 mod 7 = x6

1100

x6600 mod 23 = x22

300

mod 23 = 1300 mod 23 = 1

x6600 mod 41 = x40

165

mod 41 = 1165 mod 41 = 1

mod 7 = 11100 mod 7 = 1

and hence by the Chinese remainder theorem, x6600 mod 6601 = 1 which means that x6601 mod 6601 = x mod 6601 Suppose that x mod 7 = 0, x ? 23, and x ? 41. Then x6601 mod 7 = 0 = x mod 7 x6600 mod 23 = x22

300

mod 23 = 1300 mod 23 = 1

x6600 mod 41 = x40

165

mod 41 = 1165 mod 41 = 1

and hence x6601 mod 7 = 0 = x mod 7 x6601 mod 23 = x mod 23 x6601 mod 41 = x mod 41 so that x6601 mod 6601 = x mod 6601 by the Chinese remainder theorem. The remaining cases can be handled in a similar manner. 15. Prove that a product n of distinct primes is a Carmichael number if n is composite and n 1 is divisible by p 1 for each prime p dividing n. Answer: Let x be an integer and p a prime dividing n. If p divides x, then xn mod p = 0 = x mod p If p does not divide x, then xn

1

= xp

1 (n 1)=(p 1)

1(n

1)=(p 1)

1 (mod p)

so xn mod p = x mod p Thus this equation holds for any prime p dividing n. By the Chinese remainder theorem, xn mod n = x mod n

7.4. RABIN’S PROBABILISTIC PRIMALITY TEST

141

16. Let k > 0 and assume 6k + 1, 12k + 1, and 18k + 1 are all primes. Show that n = (6k + 1) (12k + 1) (18k + 1) is a Carmichael number. Answer: Note that (6k + 1) (12k + 1) (18k + 1)

1 = 1296k 3 + 396k 2 + 36k = 36k 36k 2 + 11k + 1

is a multiple of (6k + 1) 1 = 6k, (12k + 1) 1 = 12k and (18k + 1) 1 = 18k, and hence if 6k + 1, 12k + 1, and 18k + 1 are all primes, then n = (6k + 1) (12k + 1) (18k + 1) is a Carmichael number. 17. Use the result of Problem 16 to construct eight Carmichael numbers of the form n = (6k + 1) (12k + 1) (18k + 1) where 1

k

100.

Answer: Set m = 1 and do a loop such as the Maple code for k from 1 to 100 do; if isprime(6*k+1)=true and isprime(12*k+1)=true and isprime(18*k+1) =true then c[m]:=(6*k+1)*(12*k+1)*(18*k+1); m:=m+1; …; od; and observe that

7.4

c (1) = 1729

c (4) = 118901521

c (7) = 228842209

c (2) = 294409

c (5) = 172947529

c (8) = 1299963601

c (3) = 56052361

c (6) = 216821881

c (9) = 2301745249

Rabin’s Probabilistic Primality Test

1. Test 899 for p primality by testing for divisibility by integers a in the range 1 < a < b 899c. p Answer: Since 899 = 29, we check 899 2 899 7 899 17 899 29

= 449 12 = 128 37 = 52 15 17 = 31

and hence 899 = 29 31.

899 3 899 11 899 19

= 299 23 8 = 81 11 6 = 47 19

899 5 899 13 899 23

= 179 54 2 = 69 13 2 = 39 23

142

CHAPTER 7. THEOREMS OF FERMAT AND EULER

2. Use the sieve of Eratosthenes to generate all the primes less than 900. Is 899 on this list? Answer: The picture

shows the set of primes < 900 as black squares within a 30 30 array. (Black squares along the bottom row locate 2; 3; 5; 7; etc.) Note that 899 (upper right corner) is blank. 3. Use Miller’s test on n = 899. Answer: Note that gcd (2; 899) = 1. Factoring, we have 898 = 2 449. The calculations 2449 mod 899 = 698 and 6982 mod 899 = 845 show that 899 is composite. 4. Use Miller’s test on n = 561 with a = 13. Answer: Note that 560 = 24 5

7. Let m = 560=24 = 35. Then

b = 1335 mod 561 = 208 b2 = 2082 mod 561 = 67 b2

2

= 672 mod 561 = 1

and hence 561 is not prime. 5. Use Fermat’s little theorem to show that p = 205 193 is not prime. Factor p. Answer: Since 2p 1 mod p = 26 747, it follows from Fermat’s little theorem that p is composite. Factorization shows that p = 449 457. 6. Use Miller’s test to determine whether or not 172 947 529 is prime. If p is composite, factor it. Answer: We have 172 947 529

1 = 23

21 618 441. Note that

721 618 441 mod 172 947 529 = 171 253 811 171 253 8112 mod 172 947 529 = 1

7.4. RABIN’S PROBABILISTIC PRIMALITY TEST

143

and hence 172 947 529 is not a prime. In fact, 172 947 529 = 307

613

919

7. Use Miller’s test to determine whether or not 187 736 503 is prime. If p is composite, factor it. Answer: We have 187 736 503

1=2

93 868 251. Note that

293 868 251 mod 187 736 503 = 1 393 868 251 mod 187 736 503 =

1

5

93 868 251

mod 187 736 503 =

7

93 868 251

mod 187 736 503 = 1

11

93 868 251

mod 187 736 503 =

1

13

93 868 251

mod 187 736 503 =

1

17

93 868 251

mod 187 736 503 =

1

19

93 868 251

mod 187 736 503 =

1

23

93 868 251

mod 187 736 503 = 1

29

93 868 251

mod 187 736 503 =

1

1

and hence 187 736 503 passes Miller’s test with n = 10 trials. 8. Use Miller’s test on 14 386 156 093 with a = 2; 3; 5; 7; 11; 13. Answer: We have 14 386 156 093

1 = 22

3596 539 023. Note that

23596 539 023 mod 14 386 156 093 = 8525 259 051 8525 259 0512 mod 14 386 156 093 =

1

3596 539 023

mod 14 386 156 093 =

3596 539 023

mod 14 386 156 093 = 5481 336 855

3

5

2

5481 336 855 mod 14 386 156 093 = 3596 539 023

7

1 1

mod 14 386 156 093 = 11 469 658 653

2

11 469 658 653 mod 14 386 156 093 = 3891 890 249 3891 890 2492 mod 14 386 156 093 = 1 113596 539 023 mod 14 386 156 093 = 13 530 977 203 13 530 977 2032 mod 14 386 156 093 = 1 133596 539 023 mod 14 386 156 093 = 10 366 841 087 10 366 841 0872 mod 14 386 156 093 = 3891 890 249 3891 890 2492 mod 14 386 156 093 = 1 and hence 14 386 156 093 passes Miller’s test for a = 2; 3; 5 but fails Miller’s test for a = 7; 11; 13.

144

CHAPTER 7. THEOREMS OF FERMAT AND EULER

9. Let (x) denote the number of primes x. The prime number theorem states that (x) lim =1 x!1 x= ln x Roughly speaking, this means that x ln x

(x)

Use this approximation to determine the average gap between primes for primes p 10100 . Knowing that large primes are odd, about how many numbers do you expect to test before …nding a prime if you start at roughly 10100 ? Answer: Let f (x) = 0

x ln x .

Then f 0 (x) =

100

1 ln x x x (ln x)2

=

ln x 1 ln2 x

1 ln x

and

3

hence f 10 = 4: 324 083 649 10 , so the average gap between primes 231. Assuming that on average you start halfway is 4: 324 0831649 10 3 between two primes, and you only check even numbers, you will expect to test about 231=4 58 numbers. 10. Let p1 = nextprime (1000), and set pi+1 = nextprime (1 + pi ) for i = 1; : : : ; 10. What is the average gap between these primes? How well does this compare with the expected average gap given in problem 9? Answer: The primes are p1 = 1009 p5 = 1031 p9 = 1051

p2 = 1013 p6 = 1033 p10 = 1061

p3 = 1019 p7 = 1039 p11 = 1063

p4 = 1021 p8 = 1049

and hence the gaps are p2 p1 = 4 p6 p5 = 2 p10 p9 = 10

p3 p2 = 6 p7 p6 = 6 p11 p10 = 2

p4 p8

p3 = 2 p7 = 10

p5 p9

p4 = 10 p8 = 2

so the average gap is 4 + 6 + 2 + 10 + 2 + 6 + 10 + 2 + 10 + 2 27 = 10 5

5

According to problem 9, the average gap should be about 1 f 0 (1000)

8: 077

This sample does contain a surprisingly large number of twin primes (gap of 2).

7.5. EXPONENTIAL CIPHERS

145

11. Let p1 = nextprime 10100 , and set pi+1 = nextprime (1 + pi ) for i = 1; : : : ; 10. What is the average gap between these primes? How well does this compare with the expected average gap given in problem 9? Answer: The gaps are 949 268 = 681 1293 1243 = 50 2773 1983 = 790 2911 2809 = 102 3469 2967 = 502

1243 1983 2809 2967 3501

949 = 294 1293 = 690 2773 = 36 2911 = 56 3469 = 32

so the average gap is 3 681 + 294 + 50 + 690 + 790 + 36 + 102 + 56 + 502 + 32 = 323 10 10 which is somewhat larger than the expected gap given in problem 9.

7.5

Exponential Ciphers

1. Test the exponential cipher using p = 101, e = 7, and x = 73. Answer: Note that gcd (7; 100) = 1: We have 737 mod 101 = 40 and 7 1 mod 100 = 43 and 4043 mod 101 = 73, and hence 73 is recovered. 2. Test the exponential cipher using a computer algebra system to generate a 30-digit prime. Answer: For example, p = 633 825 300 114 114 700 748 351 602 943 E = 1009 d=E

1

mod p

x = 22 222 222 222 222 222 222 y = xE mod p = 198 093 941 834 965 328 180 795 020 063 z = y d mod p = 22 222 222 222 222 222 222 3. Create a scheme for generating a random prime that is exactly 100 decimal digits long. Answer: For example, let p = 3391 691 164 919 859 649 719 340 532 627 567 207 607 656 859 034 356 995 566 589 707 894 210 757 866 827 613 621 721 127 496 191 413 be the smallest prime

5150 mod 10100 .

146

CHAPTER 7. THEOREMS OF FERMAT AND EULER

4. Let nextprime(x) denote the smallest prime x. Discuss the strengths and weaknesses of each of the following schemes for generating a random prime p with exactly 50 decimal digits. (a) Let p = nextprime 1049 . 0 50 digits 1 z }| { (b) Let p = nextprime@184637 85A, where the digits inside the brackets are generated by closing your eyes and letting your …ngers dance on the top row of your keyboard.

(c) Let p = nextprime 761 + 1149 mod 1050 . Answer: We have a. The number nextprime 1049 = 10 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 009 does not appear to be very ‘random’. b. The number nextprime(184637 85) = 18 463 794 872 637 843 987 273 649 276 374 653 879 473 542 837 649 seems to have a subtle but noticeable bias; too many 3’s, no 0’s. It is very di¢ cult for humans to act in a completely random manner. c. The number nextprime 761 + 1149 mod 1050 = 23 342 596 810 957 343 679 558 256 205 136 602 761 424 755 554 127 looks good, unless the attacker has some idea about how the prime is generated. 5. Generate a 100-digit prime p, let x = 55 5 (string of 99 …ves), and let e e = 1009. Compute y = xe mod p and z = x + 1043 mod p. Compare the numbers y and z. Let yi be the ith digit of y and zi the ith digit of z. For how many i does yi = zi ? Is this a surprise? Why or why not? Answer: The numbers 2 047 679 804 982 929 369 090 035 623 502 251 062 360 672 859 815 645 1 503 714 396 228 131 674 104 263 081 904 252 158 592 322 776 941 888 958 411 586 724 601 781 693 914 292 292 892 305 522 540 318 192 363 442 582 571 176 226 543 020 134 304 037 361 597 914 795 908 agree at 10 spots (see the bold digits). This is not a surprise because the process does a good job of mixing, and random 100-digit numbers would be expected to agree in about 10 spots (one-tenth of the time).

7.6

Euler’s Theorem

1. Compute '(24) by listing all the integers a in the range 1 that a ? 24.

a

24 such

7.6. EULER’S THEOREM

147

Answer: Since 24 = 23 3, the integers f1; 5; 7; 11; 13; 17; 19; 23g are relatively prime to 24 and '(24) = 8. 2. Compute '(24) by using the prime power factorization of 24 and theorems in this section. Answer: Since 24 = 23 3 it follows that '(24) = '(23 )'(3) = 23

22 (3

1) = 8

3. Compute '(27) using two di¤erent methods. Answer: We have '(27) = '(33 ) = 33

32 = 18. There are 18 integers

1; 2; 4; 5; 7; 8; 10; 11; 13; 14; 16; 17; 19; 20; 22; 23; 25; 26 less than or equal to 27 that are relatively prime to 27. 4. Verify that 4'(27) mod 27 = 1. Answer: We have '(27) = 18 and 418 mod 27 = 1. 5. Compute '(1001) and verify that 5'(1001) mod 1001 = 1. Answer: Since 1001 = 7

11

13, we have

'(1001) = '(7)'(11)'(13) = 6 10 12 = 720 Note that 5720 mod 1001 = 1. 6. Prove Theorem 7.6: Let a be an integer such that a ? n. If R is a reduced residue system modulo n then so is far j r 2 Rg.

Answer: Let a be relatively prime to n and assume R is a reduced residue system modulo n. If r 2 R then r ? n, and hence ar ? n. If ar + t as + t (mod n) for some r; s 2 R, then ar as (mod n) and hence r s (mod n) since a ? n. Since R is a reduced residue system modulo n it follows that r = s. The number of elements of far + t j r 2 Rg is certainly '(n), so this set is a reduced residue system modulo n.

7. Start with a complete residue system R modulo 10. Note that 7 ? 10 and show directly that f7r + 4 j r 2 Rg is also a complete residue system modulo 10. Answer: We start with the least nonnegative residue system R = f0; 1; 2; 3; 4; 5; 6; 7; 8; 9g and construct f7r + 4 j r 2 Rg = f4; 11; 18; 25; 32; 39; 46; 53; 60; 67g Note that 4 mod 10 11 mod 10 18 mod 10 25 mod 10 32 mod 10

= = = = =

4 1 8 5 2

39 mod 10 46 mod 10 53 mod 10 60 mod 10 67 mod 10

= = = = =

9 6 3 0 7

148

CHAPTER 7. THEOREMS OF FERMAT AND EULER and hence each element of f7r + 4 j r 2 Rg is congruent modulo 10 to exactly one element of R.

8. Start with a reduced residue system R modulo 15. Note that 7 ? 15 and multiply each element of R by 7 to form a new reduced residue system f7r j r 2 Rg. Show directly that each element of f7r j r 2 Rg is congruent modulo 15 to exactly one element of R. Answer: The set R = f1; 2; 4; 7; 8; 11; 13; 14g has '(15) = '(3)'(5) = (3 1) (5 1) = 8 elements. Given the set f7r j r 2 Rg = f7; 14; 28; 49; 56; 77; 91; 98g note that 7 mod 15 = 14 mod 15 = 28 mod 15 = 49 mod 15 =

7 14 13 4

56 mod 15 = 11 77 mod 15 = 2 91 mod 15 = 1 98 mod 15 = 8

9. Show that if n is a product of distinct primes a'(n)+1 = a (mod n) for any a. Answer: Let p be a prime that divides n. If p does not divide a, then ap 1 1 (mod p) so a'(n) 1 (mod p) because p

1 divides ' (n). Multiplying by a we get a'(n)+1

a (mod p)

On the other hand, if p does divide a, then a 0 trivially, a'(n)+1 a (mod p)

a'(n)+1 (mod p) so,

Thus a'(n)+1 a (mod p) for each prime dividing n. But this says that each prime that divides n also divides a'(n)+1 a, so if n is a product of distinct primes, then n must divide a'(n)+1 a, that is, a'(n)+1 a (mod n). 10. Verify the formula in problem 9 for n = 30. Answer: Since 30 = 2 3 5, it follows that ' (30) = ' (2) ' (3) ' (5) = 1 2 4 = 8. If gcd (a; 2) = 1, then a'(30)+1 = a9 = a2

4

a

a (mod 2)

a'(30)+1 = a9 mod 2 = 0

a (mod 2)

If gcd (a; 2) = 2, then

In either case, a'(30)+1

a (mod 2). If gcd (a; 3) = 1, then

a'(30)+1 = a9 = a2

4

a

a (mod 3)

7.6. EULER’S THEOREM If 3 j a, then

149

a'(30)+1 = a9

In either case, a'(30)+1

0 mod 3 = a mod 3

a (mod 3). If gcd (a; 5) = 1, then

a'(30)+1 = a9 = a4 If 5 j a, then

2

a

a (mod 5)

a'(30)+1 = a9 = 0 mod 5 = a mod 5

In either case, a'(30)+1

a (mod 5). By the Chinese Remainder Theorem, a'(30)+1

a (mod 30)

Chapter 8

Public Key Ciphers 8.1

The Rivest-Shamir-Adleman Cipher System

1. Let p = 5 and q = 7 so that m = 35, and let e = 11. Find d = e 1 mod '(m). Then let x = 22 and compute y = xe mod 35 and z = y d mod m. Answer: Note that '(35) = '(5)'(7) = 4 6 = 24 To calculate 11

1

mod 24, the matrix calculations

0 1

1 b11=24c

0 1

1 b24=11c

0 1 0 1 indicate 11

1

1 b11=2c

1 b2=1c

11 24

1 0

=

24 11

0 1

24 11

0 1

=

11 2

11 2

1 2

=

2 1

2 11

2 1

2 11

=

1 0

11 24

1 2

mod 24 = 11. We compute 2211 mod 35 using

x2 mod 35 ! x 22 2 22 mod 35 = 29 292 mod 35 = 1 12 mod 35 = 1

be=2c ! e e mod 2 prod x mod 35 ! prod 11 1 22 1 mod 35 = 22 b11=2c = 5 1 29 22 mod 35 = 8 b5=2c = 2 0 b2=2c = 1 1 1 8 mod 35 = 8 2211 mod 35 = 8 151

152

CHAPTER 8. PUBLIC KEY CIPHERS and compute 811 mod 35 using x2 mod 35 ! x 8 82 mod 35 = 29 292 mod 35 = 1 12 mod 35 = 1

be=2c ! e e mod 2 prod x mod 35 ! prod 11 1 8 1 mod 35 = 8 b11=2c = 5 1 29 8 mod 35 = 22 b5=2c = 2 0 b2=2c = 1 1 1 22 mod 35 = 22 811 mod 35 = 22

2. Show that a2 mod 24 = 1 for each a ? 24. Conclude that a a mod 24 for each a ? 24.

1

mod 24 =

Answer: Note that 12 mod 24 = 1 132 mod 24 = 1

52 mod 24 = 1 172 mod 24 = 1

72 mod 24 = 1 192 mod 24 = 1

112 mod 24 = 1 232 mod 24 = 1

It follows that a 1 mod 24 = a mod 24 for a ? 24. (This shows that encyphering and decyphering are exactly the same using RSA with p = 5 and q = 7.) 3. Let p = 29 and q = 31 so that m = 899, and let e = 101. Find d=e

1

mod '(m)

Then let x = 555 and compute y = xe mod m and z = y d mod m. Answer: As m = 29 31, we have '(m) = '(29)'(31) = 28 30 = 840 and d = e 1 mod ' (m) = 101 1 mod 840 = 341. So y = xe mod m = 555101 mod 899 = 731 z = y d mod m = 731341 mod 899 = 555 4. Assume m = 25 972 641 171 898 723 is a product of two primes p and q and that '(m) = 25 972 640 809 676 568 Use these two equations to …nd the primes p and q. Answer: The numbers p and q are found using p+q

= =

p

q

p q

m

'(m) + 1 = 25972641171898723

25972640809676568 + 1

362 222 156 p p (p + q)2 4m = 362 222 1562 4 25972641171898723 = p = 27 314 325 609 693 444 = 165 270 462 (p + q) + (p q) 362 222 156 + 165 270 462 = = = 263 746 309 2 2 (p + q) (p q) 362 222 156 165 270 462 = = = 98 475 847 2 2

8.1. THE RIVEST-SHAMIR-ADLEMAN CIPHER SYSTEM

153

As a check, 263 746 309 98 475 847 = 25 972 641 171 898 723 5. Illustrate the RSA algorithm using m from Problem 4 with e = 997 x = 99 999 999 999 999 Answer:Let x = 99999999999999, m = 25972641171898723, e = 997, and ' = 25972640809676568 and note that y = xe mod m = 4815 828 410 330 867 d=e

1

mod ' = 11 514 450 589 645 981

yields y d mod m = 99 999 999 999 999. 6. Assume that y = xe mod m from problem 5 is transmitted over a noisy channel and received as w = y + 1012 . How similar are y and w? What message is decrypted? How similar are x and the decrypted message? (This explains why most ciphers are wrapped in some type of error correction scheme.) Answer: Let w = y + 1012 = 4816 828 410 330 867. Notice that y and w are identicial except that one 5 is replaced by a 6. Then wd mod m = 25 463 764 333 236 165 is the decrypted message, not very similar to the plaintext x = 99 999 999 999 999. 7. Assume m = 21 936 520 921 056 942 428 185 744 321 881 874 204 790 829 920 570 235 226 904 516 467 385 564 406 736 567 597 367 535 979 699 930 859 170 667 289 061 009 756 151 158 068 196 185 554 149 is a product of two primes p and q and that '(m) = 21 936 520 921 056 942 428 185 744 321 881 874 204 790 829 920 570 235 226 904 516 467 385 548 925 092 800 907 044 879 409 345 000 125 494 759 694 716 131 857 830 775 913 843 528 947 136. Use these two equations to …nd the primes p and q. Answer:The numbers p and q are found using p + q = m '(m) + 1 = 15 481 643 766 690 322 656 570p 354 930 733 675 907 594 344 877 898 320 382 154 352 656 607 014 and p q = (p + q)2 4m = 12 326 200 145 806 231 064 298 751 424 387 459 058 535 358 406 473 593 017 996 013 777 132 860.

q) Then p = (p+q)+(p = 1577 721 810 442 045 796 135 801 753 173 108 424 529 2 493 235 712 363 682 079 169 439 737 077 and q = (p+q) 2 (p q) =13 903 921 956 248 276 860 434 553 177 560 567 483 064 851 642 185 956 700 075 183 216 869 937.

As a check, pq = 21 936 520 921 056 942 428 185 744 321 881 874 204 790 829 920 570 235 226 904 516 467 385 564 406 736 567 597 367 535 979 699 930 859 170 667 289 061 009 756 151 158 068 196 185 554 149

154

CHAPTER 8. PUBLIC KEY CIPHERS

8. Illustrate the RSA algorithm using m from problem 7 with e = 997 x = 99 999 999 999 999 Answer: Let x = 99999999999999 m = 21 936 520 921 056 942 428 185 744 321 881 874 204 790 829 920 570 235 226 904 516 467 385 564 406 736 567 597 367 535 979 699 930 859 170 667 289 061 009 756 151 158 068 196 185 554 149 e = 997 ' = 21 936 520 921 056 942 428 185 744 321 881 874 204 790 829 920 570 235 226 904 516 467 385 548 925 092 800 907 044 879 409 345 000 125 494 759 694 716 131 857 830 775 913 843 528 947 136 and note that y = xe mod m y = 6767 468 168 387 408 478 886 741 511 357 900 710 355 612 626 761 676 836 205 813 444 281 167 783 138 238 235 671 834 020 522 457 578 667 354 002 070 826 390 906 060 428 777 303 159 968 d=e

1

mod '

= 21 848 510 807 030 635 738 403 655 076 859 278 922 123 665 106 445 580 321 280 024 926 894 533 683 668 155 767 999 563 945 315 531 719 775 623 246 592 897 627 709 087 745 683 675 270 317 yields y d mod m = 99 999 999 999 999 9. Let m = pq where p and q are distinct primes. Show that if x is chosen at random in the range 1 x m, then the probability that gcd (x; m) 6= 1 is equal to 1=p + 1=q 1=m. Answer: There are ' (m) = (p 1) (q 1) numbers between 1 and m that are relatively prime to m. So there are m (p 1) (q 1) = p + q 1 numbers x in that range with gcd (x; m) 6= 1. Thus the probability of choosing a number x with gcd (x; m) 6= 1 is p+q m

1

=

1 1 + q p

1 m

10. Verify the formula in problem 9 for m = 6 and m = 15. Show that if x is chosen at random in the range 1 x < m, then the probability that gcd (x; m) 6= 1 is less than 1=p + 1=q.

8.2. ELECTRONIC SIGNATURES

155

Answer: Choosing x at random from the set f1; 2; 3; 4; 5; 6g, the four choices f2; 3; 4; 6g satisfy gcd (x; m) 6= 1, so the probability that gcd (x; m) 6= 1 is 4=6 = 2=3 and 2 1 1 1 + = 2 3 6 3 Choosing x at random from the set f1; 2; 3; 4; 5g, the three choices f2; 3; 4g satisfy gcd (x; m) 6= 1, so the probability that gcd (x; m) 6= 1 is 3=5 and 3 5 1 1 < = + 5 6 2 3 If x is chosen at random from f1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15g, the choices 3; 5; 6; 9; 10; 12; 15 satisfy gcd (x; m) 6= 1, so the probability that gcd (x; m) 6= 1 is 7=15 and 1 1 + 3 5

1 7 = 15 15

If x is chosen at random from f1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14g, the choices 3; 5; 6; 9; 10; 12 satisfy gcd (x; m) 6= 1, so the probability that gcd (x; m) 6= 1 is 6=14 = 3=7 and 3 8 1 1 < = + 7 15 3 5

8.2

Electronic Signatures

1. Send the plaintext x = 12 from Kyle to Sarah assuming Kyle’s private key is (3; 15) and Sarah’s public key is (5; 21). Answer: We have 123 mod 15 = 3 and 35 mod 21 = 12 and hence Kyle sends the message 12 to Sarah. 2. Sean uses the primes ps = 38 490 587 and qs = 983 299 with exponent es = 7349. Find Sean’s public and private keys. Answer: The product ps qs is given by ns

=

38 490 587 983 299

=

37 847 755 706 513

which means that the public key is (es ; ns ) = (7349; 37 847 755 706 513) Calculations yield ' (ns )

=

(38 490 587

=

37 847 716 232 628

1) (983 299

1)

156

CHAPTER 8. PUBLIC KEY CIPHERS so that ds

1

=

7349

mod 37 847 716 232 628

=

28 526 126 032 457

and hence the private key is (ds ; ns ) = (28 526 126 032 457; 37 847 755 706 513) 3. Brendon uses the primes pb = 2748 401 and qb = 157 849 763 with exponent eb = 9587. Find Brendon’s public and private keys. Answer: The product pb qb is given by nb = 2748 401 157 849 763 = 433 834 446 478 963 so the public key is (eb ; nb ) = (9587; 433 834 446 478 963) Since ' (nb ) = (2748 401

1) (157 849 763

1)

= 433 834 285 880 800 if follows that db = 9587

1

mod 433 834 285 880 800

= 394 147 974 342 523 and hence the private key is (ds ; ns ) = (394 147 974 342 523; 433 834 446 478 963) 4. Brendon wishes to send the message 1234 567 890 to Sean, using Sean’s public key and Brendon’s private key. What message should Sean receive? Answer: Since ns < nb , Brendon …rst uses Sean’s public key, then Brendon’s private key to encrypt the message as 1234 567 8907349 mod 37 847 755 706 513

394 147 974 342 523

mod 433 834 446 478 963 =

5112 397 193 243394 147 974 342 523 mod 433 834 446 478 963

=

386 686 175 803 129

8.2. ELECTRONIC SIGNATURES

157

5. Show how Sean decrypts the message from Problem 4. Answer: Since ns = 37 847 755 706 513 < nb = 433 834 446 478 963, Sean decrypts the message by …rst applying Brendon’s public key, then Sean’s private key to get 386 686 175 803 1299587 mod nb =

5112 397 193 243

28 526 126 032 457

28 526 126 032 457

mod ns

mod ns = 1234 567 890

Use the following table of primes and exponents to answer Problems 6–9.

p q e

Brendon 8329 3499 5501

Janet 2333 6469 7853

Kyle 9967 1931 4663

Preston 7451 6689 7907

Sarah 3469 7643 4637

6. Compute private keys for Brendon, Janet, Kyle, Preston, and Sarah. Answer: We have nb

=

8329 3499 = 29 143 171

nl

=

2333 6469 = 15 092 177

nk

=

9967 1931 = 19 246 277

np

=

7451 6689 = 49 839 739

ns

=

3469 7643 = 26 513 567

and 'b

=

(8329

1) (3499

1) = 29 131 344

'j

=

(2333

1) (6469

1) = 15 083 376

'k

=

(9967

1) (1931

1) = 19 234 380

'p

=

(7451

1) (6689

1) = 49 825 600

's

=

(3469

1) (7643

1) = 26 502 456

and hence db

=

5501

1

mod 29 131 344 = 164 165

dj

=

7853

1

mod 15 083 376 = 11 873 861

4663

1

mod 19 234 380 = 7305 187 mod 49 825 600 = 45 679 243 mod 26 502 456 = 22 913 165

dk

=

dp

=

7907

1

ds

=

4637

1

158

CHAPTER 8. PUBLIC KEY CIPHERS The private keys are (db ; nb )

=

(164 165; 29 143 171)

(dj ; nj )

=

(11 873 861; 15 092 177)

(dk ; nk )

=

(7305 187; 19 246 277)

(dp ; np )

=

(45 679 243; 49 839 739)

(ds ; ns )

=

(22 913 165; 26 513 567)

7. Brendon encrypts the plaintext message 99 999 999 using his private key and Janet’s public key. What is the encrypted message? Answer: Since nj < nb , the plaintext message is encrypted by …rst using Janet’s public key, then using Brendon’s private key to get 99 999 9997853 mod 15 092 177 = 6136 937

164165

164165

mod 29 143 171

mod 29 143 171 = 24 506 902

8. Preston receives the encrypted message 34 568 007 from Kyle, who used his own private key and Preston’s public key. Decrypt the message. Answer: Since nk < np , Preston decrypts the message by …rst using his own private key and then Kyle’s public key. The result is 34 568 00745 679 243 mod 49 839 739 =

4663

9211 960

4663

mod 19 246 277

mod 19 246 277 = 12 121 212

9. The plaintext message 2000 000 is encrypted by …rst applying Preston’s public key, then Sarah’s private key. Show that decryption fails. Explain what went wrong. Answer: Encryption yields 2000 0007907 mod 49 839 739 = 45 574 626

22 913 165

22 913 165

mod 26 513 567

mod 26 513 567 = 6765 427

and decryption yields 6765 4274637 mod 26 513 567 = 19 061 059

45 679 243

45 679 243

mod 49 839 739

mod 49 839 739 = 44 781 288

Information can be lost when modular arithmetic with a large modulus is followed by modular arithmetic with a smaller modulus.

8.2. ELECTRONIC SIGNATURES

159

For problems 10–13, use the following table of primes and exponents.

p q e

Brendon 41 381 059 613 23 841 287 213 387 420 499

Janet 688 223 072 857 10 214 358 881 177 264 463

p q e

Preston 862 891 037 453 510 246 412 969 304 839 373

Sarah 16 321 363 081 11 162 261 477 98 329 493

Kyle 10 410 338 677 20 604 499 379 96 889 010 447

10. Compute private keys for Brendon, Janet, Kyle, Preston, and Sarah. Answer: We have nb nj nk

=

41 381 059 613 23 841 287 213

=

986 577 727 411 807 628 569

=

688 223 072 857 10 214 358 881

=

7029 757 456 346 007 993 017

=

10 410 338 677 20 604 499 379

=

214 499 816 805 426 181 583

np

= 862 891 037 453 510 246 412 969 = 440 287 056 643 492 283 927 957

ns

=

16 321 363 081 11 162 261 477

=

182 183 322 371 176 330 637

and 'b

=

(41 381 059 613

=

986 577 727 346 585 281 744

=

(688 223 072 857

=

7029 757 455 647 570 561 280

'k

=

(10 410 338 677

'p

= =

214 499 816 774 411 343 528 (862 891 037 453 1) (510 246 412 969

=

440 287 056 642 119 146 477 536

'j

's

1) (23 841 287 213 1) (10 214 358 881 1) (20 604 499 379

=

(16 321 363 081

=

182 183 322 343 692 706 080

1) (11 162 261 477

1) 1) 1) 1) 1)

160

CHAPTER 8. PUBLIC KEY CIPHERS and hence db

=

387 420 499

1

mod 986 577 727 346 585 281 744

=

260 733 157 830 321 636 619

dj

=

177 264 463

dk

= =

4711 812 028 528 146 619 567 96 889 010 447 1 mod 214 499 816 774 411 343 528

=

168 249 111 080 980 780 967

=

304 839 373

=

296 508 493 562 020 024 470 277

=

98 329 493

=

144 485 874 601 498 611 197

dp ds

1

1

1

mod 7029 757 455 647 570 561 280

mod 440 287 056 642 119 146 477 536

mod 182 183 322 343 692 706 080

The private keys are (db ; nb )

=

(260 733 157 830 321 636 619; 986 577 727 411 807 628 569)

(dj ; nj )

=

(4711 812 028528 146 619567; 7029 75456 346007 993017)

(dk ; nk )

=

(168 249 111 080 980 780 967; 214 499 816 805 426 181 583)

(dp ; np )

=

(296508493562020024470277; 440287056643492283927957)

(ds ; ns )

=

(144 485 874 601 498 611 197; 182 183 322 371 176 330 637)

11. Brendon encrypts the plaintext message 99 999 999 using his private key and Janet’s public key. What is the encrypted message? Answer: Since nj > nb , the plaintext message is encrypted by …rst using Brendon’s private key, then using Janet’s public key to get 99 999 999260 733 157 830 321 636 619 mod 986 577 727 411 807 628 569

177 264 463

mod 7029 757 456 346 007 993 017 = 889 504 247 126 301 481 385177 264 463 mod 7029 757 456 346 007 993 017 = 6165 005 940 876 305 088 312 12. Preston receives the encrypted message 182 654 067 428 694 778 930 238 from Kyle, who used his own private key and Preston’s public key. Decrypt the message. Answer: Since nk < np , Preston decrypts the message by …rst using his own private key and then Kyle’s public key. The result is (182 654 067 428 694 778 930 238296 508 493 562 020 024 470 277 mod 440 287 056 643 492 283 927 957)96 889 010 447 mod 214 499 816 805 426 181 583 =

56 882 870 141 660 296 04996 889 010 447 mod 214 499 816 805 426 181 583

=

123 456 789 987 654 321

8.2. ELECTRONIC SIGNATURES

161

13. The plaintext message 101010101010101010101 is encrypted by …rst applying Preston’s public key, then Sarah’s private key. Show that decryption fails. Explain what went wrong. Answer: Encryption yields (101010101010101010101304 839 373 mod 440 287 056 643 492 283 927 957)144 485 874 601 498 611 197 mod 182 183 322 371 176 330 637 = 415 227 274 690 496 761 131 723144 485 874 601 498 611 197 mod 182 183 322 371 176 330 637 = 70 849 375 393 993 065 812 and decryption yields (70 849 375 393 993 065 81298 329 493 mod 182 183 322 371 176 330 637)296 508 493 562 020 024 470 277 mod 440 287 056 643 492 283 927 957 = 31 483 006 585 903 610 000296 508 493 562 020 024 470 277 mod 440 287 056 643 492 283 927 957 = 333 146 600 281 273 156 600 517 Information can be lost when modular arithmetic with a large modulus is followed by modular arithmetic with a smaller modulus. By …rst applying Sarah’s private key followed by Preston’s public key, the encrypted message is (101010101010101010101144 485 874 601 498 611 197 mod 182 183 322 371 176 330 637)304 839 373 mod 440 287 056 643 492 283 927 957 =

3216 311 807 427 897 250304 839 373 mod 440 287 056 643 492 283 927 957

=

30 564 624 919 862 526 996 750

and decryption yields (30 564 624 919 862 526 996 750296 508 493 562 020 024 470 277 mod 440 287 056 643 492 283 927 957)98 329 493 mod 182 183 322 371 176 330 637 =

3216 311 807 427 897 25098 329 493 mod 182 183 322 371 176 330 637

=

101 010 101 010 101 010 101

162

8.3

CHAPTER 8. PUBLIC KEY CIPHERS

A System for Exchanging Messages

1. Convert the plaintext “2^4=16”to a positive integer, using ASCII values and base 256 arithmetic. Answer: The ASCII values are given by 2 50

^ 94

4 52

= 61

1 49

6 54

and hence the equivalent positive integer is 50 + 94 256 + 52 2562 + 61 2563 + 49 2564 + 54 2565 = 59 585 108 139 570 2. Convert to plaintext the three numbers 653 481 561 706 256 160 607 300 716 034 424 225 952 184 750 930 556 034 090 672 982 451 998 688 663 006 597 581 940 164 228 207 199 505 372 523 Answer: Let x

=

653 481 561 706 256 160 607 300 716 034 424 225 952 184 750 930

y

=

556 034 090 672 982 451 998 688 663 006 597 581 940 164 228 207

z

=

199 505 372 523

Then x mod 256 = 82 is the ASCII value of the …rst character. Subtract 82 and divide by 256 and reduce modulo 256 to get the value of the second ASCII value as ((A 82) =256) mod 256 = 83 Subtract 83 from (A a0

=

x = a1

=

x =

82) =256 and repeat this process as follows:

x mod 256 = 82 x a0 = 2552 662 350 415 063 127 372 268 422 009 469 632 625 721 683 256 x mod 256 = 83 x a1 = 9971 337 306 308 840 341 297 923 523 474 490 752 444 225 256 x mod 256 = 65 .. .

a2

=

a19

=

x mod 256 = 114

y

=

556 034 090 672 982 451 998 688 663 006 597 581 940 164 228 207

b0

=

y mod 256 = 111 .. .

8.3. A SYSTEM FOR EXCHANGING MESSAGES

163

.. . b19 z c0 z

c4

= y mod 256 = 97 =

199 505 372 523

= z mod 256 = 107 z c0 = = 779 317 861 256 .. . = z mod 256 = 46

Use a table of ASCII values to get the corresponding plaintext symbols. 82 R 108 l 97 a 83 S

83 S 101 e 32 110 n

65 A 109 m 115 s 101 e

39 ’ 97 a 99 c 97 a

115 s 110 n 101 e 107 k

32 32 110 n 101 e

76 L 119 w 101 e 114 r

101 e 114 r 32 115 s

110 n 111 o 102 f 46 .

32 116 t 111 o

65 A 101 e 114 r

100 d 32 32

The plaintext message is RSA’s Len Adleman wrote a scene for Sneakers.

In problems 3-8, use the keys e d n

Sarah 997 5723 817 666 152 736 823 804 533 643 038 086 174 227 240 327 463 629 7649 659 803 155 869 454 870 134 280 817 974 298 450 529 391 711 731

e d n

Kyle 1009 54 694 190 835 205 830 800 340 406 109 777 002 114 336 086 773 869 126 284 756 413 553 050 978 360 366 248 406 608 817 836 065 776 277

3. Encrypt the message Ron Rivest is a professor at MIT from Sarah to Kyle. Answer: Use the Phone Book entries Sarah Kyle

e 997 1009

n 7649659803155869454870134280817974298450529391711731 126284756413553050978360366248406608817836065776277

164

CHAPTER 8. PUBLIC KEY CIPHERS together with Sarah’s private exponent d 5723 817 666 152 736 823 804 533 643 038 086 174 227 240 327 463 629

Sarah

to encrypt the message Ron Rivest is a professor at MIT from Sarah to Kyle. Sarah …rst translates the plaintext to large integers using the table R 82 i 105 s 115

o 111 s 115 o 111

n 110

32 a 97

32 r 114

32

R 82

i 105 p 112 t 116

32 a 97

v 118 r 114 32

e 101 o 111 M 77

s 115 f 102 I 73

t 116 e 102 T 84

32 s 115 . 46

and the calculations x = 82 + 111c + 110c2 + 32c3 + 82c4 + 105c5 + 118c6 + 101c7 + 115c8 + 116c9 + 32c10 + 105c11 + 115c12 + 32c13 + 97c14 + 32c15 + 112c16 + 114c17 + 111c18 + 102c19 = 584 802 410 296 329 453 294 993 117 073 566 607 047 018 835 794 y = 102 + 115c + 115c2 + 111c3 + 114c4 + 32c5 + 97c6 + 116c7 + 32c8 + 77c9 + 73c10 + 84c11 + 46c12 = 3670 580 832 286 885 393 984 052 753 254 Since nk < ns , Sarah …rst uses Kyle’s public key, then her private key to encrypt the message as ds

(xek mod nk )

mod ns = 6642 642 701 546 739 554 009 203 231 203 625 130 908 152 661 584 571

(y

ek

ds

mod nk )

mod ns = 5781 828 020 001 339 664 110 566 141 724 658 323 575 128 107 486 053

4. Kyle received the encrypted message 580 735 046 350 033 514 934 592 803 992 352 023 532 099 155 378 947 5291 232 071 949 948 925 471 032 807 295 136 508 630 705 523 321 750 from Sarah. Read the message. Answer: Let x

=

580 735 046 350 033 514 934 592 803 992 352 023 532 099 155 378 947

y

=

5291 232 071 949 948 925 471 032 807 295 136 508 630 705 523 321 750

8.3. A SYSTEM FOR EXCHANGING MESSAGES

165

Since nk < ns , Kyle …rst uses Sarah’s public key then his own private key to calculate z w

dk

=

(xes mod ns )

=

653 395 903 804 376 877 904 390 826 288 251 861 566 866 678 849

=

(y es mod ns )

=

1035 449 778 059 609 442 711 375 039 876 683 595 560 805 729

dk

mod nk mod nk

Then z mod 256 = 65 is the ASCII value of the …rst character. Subtract 65 and divide by 256 and reduce modulo 256 to get the value of the second ASCII value as ((z 65) =256) mod 256 = 100 Subtract 100 from (z

65) =256 and repeat this process as follows:

a0

=

z mod 256 = 65 z a0 = 2552 327 749 235 847 179 314 026 665 188 483 834 245 572 964 256 z mod 256 = 100 z a1 = 99970 030 270 452 528 044 195 416 660 892 514 977 521 769 256 z mod 256 = 105 .. .

z

=

a1

=

z

=

a2

=

a19

=

z mod 256 = 114

w

=

1035 449 778 059 609 442 711 375 039 876 683 595 560 805 729

b0

=

w mod 256 = 97 .. .

b18

=

y mod 256 = 46

Use a table of ASCII values to get the corresponding plaintext symbols. 65 A 32 97 a

100 d 97 a 116 t

105 i 110 n 104 h

32 32 101 e

83 S 73 I 109 m

104 h 115 s 97 a

97 a 114 r 116 t

109 m 97 a 105 i

105 i 101 e 99 c

114 r 108 l 105 i

32 105 i 97 a

105 i 32 110 n

The plaintext message is Adi Shamir is an Israeli mathematician. 5. Sarah received the encrypted message 1695 609 128 579 432 034 342 230 443 933 539 315 666 505 917 090 109 3526 148 554 529 184 887 055 643 524 345 287 218 828 172 175 185 624 2837 766 027 562 936 344 846 748 331 694 487 638 574 287 462 071 682

115 s 109 m 46 .

0

166

CHAPTER 8. PUBLIC KEY CIPHERS from Kyle. Read the message. Answer: The plaintext is given by (1695 609 128 579 432 034 342 230 443 933 539 315 666 505 917 090 109ds mod ns )1009 mod nk =

556 027 306 900 323 371 972 634 397 180 595 958 543 027 041 613 (3526 148 554 529 184 887 055 643 524 345 287 218 828 172 175 185 624ds mod ns )1009 mod nk

=

636 049 692 002 562 905 820 329 338 691 786 332 826 336 262 515 (2837 766 027 562 936 344 846 748 331 694 487 638 574 287 462 071 682ds mod ns )1009 mod nk

=

219 081 774 602 656 284 221 550

The message is given by 77 M 111 o 98 b 97 a 100 d

117 u 110 n 117 u 116 t 46 .

108 l 32 116 t 105 i 0

116 t 105 i 32 111 o 0

105 i 115 s 102 f 110 n 0

112 p 32 97 a 32 0

108 l 101 e 99 c 105 i 0

105 i 97 a 116 t 115 s 0

99 c 115 s 111 o 32 0

97 a 121 y 114 r 104 h 0

116 t 44 , 105 i 97 a 0

105 i 32 122 z 114 r 0

or Multiplication is easy, but factorization is hard. 6. Encrypt the message RSA is used to transfer keys for fast encryption schemes from Sarah to Kyle. Answer: The plaintext numbers are x

=

658 995 509 454 863 985 121 771 137 015 825 605 287 041 127 250

y

=

630 244 187 274 945 263 446 735 328 575 909 621 359 998 821 734

z

=

153 387 860 314 975 223 295 154 470 078 809 469 539

8.3. A SYSTEM FOR EXCHANGING MESSAGES

167

The encrypted numbers are ds

(xek mod nk )

mod ns = 5362 205 969 975 789 618 473 678 087 311 728 134 073 259 826 802 103

ds

(y ek mod nk )

mod ns = 3975 627 734 959 136 885 138 314 595 110 312 237 615 927 090 012 303

ds

(z

ek

mod nk )

mod ns = 7188 788 230 209 682 931 026 769 683 067 771 664 376 407 951 590 343

7. Kyle received the encrypted message 1491 543 853 684 791 090 861 904 364 888 457 101 214 455 628 031 970 6920 136 844 206 351 338 082 229 186 328 578 558 592 587 709 058 521 464 188 094 287 035 035 931 921 710 687 540 480 117 216 797 612 537 from Sarah. Read the message. Answer: Let x

=

1491 543 853 684 791 090 861 904 364 888 457 101 214 455 628 031 970

y

=

6920 136 844 206 351 338 082 229 186 328 578 558 592 587 709 058 521

z

=

464 188 094 287 035 035 931 921 710 687 540 480 117 216 797 612 537

Since nk < ns , Kyle …rst uses Sarah’s public key then his own private key to calculate x997 mod ns =

dk

mod nk

618 742 835 528 692 068 798 869 961 057 077 244 413 161 329 490 y 997 mod ns

=

dk

mod nk

659 130 005 268 293 013 642 056 915 480 341 417 925 472 713 068 z 997 mod ns

=

dk

mod nk

444 234 427 424

The message is given by. 82 R

83 S

116 t

65 A

121 y

32 112 p

52 4

32 116 t

32

108 l

0

0

0

105 i

111 o

111 o 0

107 k

110 n 0

0

101 e 99 c

32

121 y 97 a

50 2

103 g

0

115 s

108 l

48 0

52 4

0

0

32

97 a

114 r

108 l

121 y

56 8

32

98 b

0

0

0

0

32

101 e 49 1

48 0

105 i

116 t

0

0

32 50 2 115 s

168

CHAPTER 8. PUBLIC KEY CIPHERS or RSA keys are typically 1024 to 2048 bits long

8. Sarah received the encrypted message 2027 208 815 204 265 182 328 141 518 312 028 960 081 474 989 240 004 3151 590 210 265 147 454 601 370 266 850 881 158 943 783 670 753 786 2698 042 079 593 028 266 457 969 044 162 648 597 639 273 126 469 652 from Kyle. Read the message. Answer: Let x

=

2027 208 815 204 265 182 328 141 518 312 028 960 081 474 989 240 004

y

=

3151 590 210 265 147 454 601 370 266 850 881 158 943 783 670 753 786

z

=

2698 042 079 593 028 266 457 969 044 162 648 597 639 273 126 469 652

The plaintext numbers are given by 1009

xds mod ns =

mod nk

297 590 243 217 167 794 405 489 677 103 894 158 559 651 386 194 y ds mod ns

=

1009

mod nk

573 250 710 820 231 184 133 192 327 329 611 653 088 776 960 304 z ds mod ns

=

1009

mod nk

134 814 791 029 503 827 218 930 970 961 952 207 461

The message is given by 82 R

83 S

65 A

32

101 e

110 n

101 e

32

105 i

100 101 d e

97 a

107 k

107 k

103 g 115 s

97 a

101 e

116 t 116 t

104 h 105 i

114 r 98 b

121 y

32

32

52 4

108 l

108 l

32

32

117 u

101 e

108 l

115 s

101 e

100 d 0

0

48 0

0

57 9

111 o

102 f

54 6

32

99 c 110 n

111 o 98 b

32 97 a

110 n 114 r

0

or RSA keys of length 4096 are still considered unbreakable

8.4

Knapsack Ciphers

1. Show that 2; 3; 6; 12; 24; 48; 96; 200 is a superincreasing sequence.

108 l 114 r 115 s 101 e

8.4. KNAPSACK CIPHERS

169

Answer: Note that 2=2j

n 1 ),

n Y2

(x

j)

j=0

which is the desired result.

Suppose two of 0 ; 1 ; : : : ; n 2 are equal. Then clearly g is the zero polynomial. But f is also the zero polynomial because two of the rows in the de…ning determinant are equal. So we may assume that 0 ; 1 ; : : : ; n 2 are all di¤erent. Both f and g are of degree n 1. The leading coe¢ cient of f is equal to the determinant of the matrix obtained by removing the last row and column from the matrixY whose determinant is f . By induc( i tion, this determinant is equal to j ), which is the leading n 1>i>j

coe¢ cient of g. Clearly g ( j ) = 0 for j = 0; 1; : : : ; n 2, and f ( j ) = 0 for j = 0; 1; : : : ; n 2 because f ( j ) is the determinant of a matrix with two equal rows. So f and g have the same leading coe¢ cient and the same zeros. Thus they are equal.

10. Verify that

0

1 det @ 1 1

1 1 4 A = (3 9

1 2 3

by evaluating both sides. Answer: Note that

(3 11. Let

1) (2

1)

1 1 4 A=2 9

0

1 2 3

2) (3

1) (2

1 det @ 1 1

and

2) (3

1) = 2

4

be a root of x + x + 1 in GF16 . Verify that 0 1 1 1 1 2 A 2 det @ 1 = 2 1 ( 2 4 1

1)

by evaluating both sides.

Answer: The left-hand side is equal to 4

which is

5

2 (

4

+2

2

2

2

1)

2 2

+

2

4

+

2

. The right-hand side is equal to 1

3

= =

5

=

5

2

2 2

4

2

4

+

+

3

+2

2

2

1

3

+2

2

12.6. FAST FOURIER INTERPOLATION

263

Notice that the equation holds for any But we knew that.

12.6

whatsoever, and for any …eld.

Fast Fourier Interpolation

1. Find a prime of the form p = 25 k + 1, and then …nd an element ! in GFp of order 25 . Answer: To …nd such a prime, look at the numbers 25 k + 1 for k = 1; 2; 3; : : : and hope you …nd a prime quickly. To go from k to k + 1 you simply add 32 to the number you had before. So, starting with k = 1, which gives 33 (not a prime), successively adding 32 gives 65 (not a prime), then 97, bingo! Thus 97 = 25 3 + 1 is a prime. That was easy. The next 32 part is a little trickier. As 96 = 32 3, we get a3 mod 97 = 1 so we can look for cubes b such that b16 mod 97 6= 1. Computing 816 mod 97 = 1

2716 mod 97 = 1 12516 mod 97 = 96 bingo! so 125

28 (mod 97) is an element of order 32.

2. Verify that p = 25 29 + 1 = 929 is a Fourier prime. Show that 3 is a primitive element of GF929 . Find an element of order 32 = 25 in GF929 . Answer: To show that 929 is prime, use Scienti…c Notebook, MuPAD, or Maple to check, using the function isprime. 4

Testing a = 2 and a = 3 …nds that 329 2 mod 929 6= 1: 4

229 2 mod 929 3

29 24

mod 929

=

1

=

928

To show that 3 is a primitive element, it is su¢ cient to compute that 3928 mod 929 = 1 3928=2 mod 929 = 928 3928=29 mod 929 = 347 Hence the element 329 mod 929 = 701 has order 25 . We verify this by computing 70132 mod 929 = 1 70116 mod 929 = 928 3. Observe that 28 + 1 = 257 is a prime. Find an element ! in GF257 of order 28 . Answer: Note that 3128 mod 257 = 256 and 3256 mod 257 = 1 implies that 3 has order 256.

264

CHAPTER 12. POLYNOMIAL ALGORITHMS AND FFTS

4. Find a prime of the form p = 2n + 1 for n > 8. Find an element ! in GFp of order p 1. Answer:

Use an algorithm such as p := 2^9: while isprime(p) = false do; p := 2*(p-1) + 1; end

This gives p := 1025 p := 2049 p := 4097 p := 8193 p := 16385 p := 32769 p := 65537 where isprime(65537) = true. To …nd a primitive element, note that 265536=2 mod 65537 = 1 365536=2 mod 65537 = 65 536 and hence 3 is a primitive element of GF65537 . 5. Verify that p = 1 + 230 37 58 73 112 13 172 19 23 is a prime. Find an element of order p 1 in GFp . Use this to …nd an element of order 230 in GFp . Answer: Use a computer algebra system to verify that p = 1 + 230 37 58 73 112 13 172 19 23 is a prime. Recall that a is of order n if an = 1 and an=r 6= 1 for each prime r dividing n (see Section 9.5 problems). Let q = p 1 and observe that 29q=2 mod p = 62 504 431 582 015 232 409 600 000 000 29q=3 mod p = 39 510 906 027 632 123 741 196 378 894 29q=5 mod p = 20 739 905 493 567 049 891 681 480 849 29q=7 mod p = 46 525 541 236 811 572 209 996 095 299 29q=11 mod p = 25 821 169 224 421 318 975 300 997 529 29q=13 mod p = 9966 500 034 696 371 632 146 125 001 29q=17 mod p = 27 534 573 559 640 223 122 138 911 033 29q=19 mod p = 2797 174 485 912 474 274 185 207 652 29q=23 mod p = 57 885 642 771 173 560 912 474 071 472

12.6. FAST FOURIER INTERPOLATION

265

and hence 29 is a primitive element of GFp . Let n = q=230 = 58 211 788 145 839 453 125 Then 29n mod p = 58 183 380 006 354 634 332 026 032 462 is an element of order 230 . To verify this, note that 30

58 183 380 006 354 634 332 026 032 4622 mod p = 1 29

58 183 380 006 354 634 332 026 032 4622 mod p = 1

6. Show that if ! is a primitive nth root of 1, then ! nth root of 1. 1 n

Answer: Note that ! k

1

= (! n )

1

= (1)

1

1

is also a primitive

= 1. If !

k

! = 1, and hence ! = 1, so n divides k. Thus ! nth root of 1.

1

1 k

= 1, then

is a primitive

7. Let ! be a root of f (x) = x5 + 2x + 1 in GF243 . Show that ! is a primitive 242nd root of 1. Find ! 1 . What is the minimal polynomial of ! 1 ? 112 , it is su¢ cient to

Answer: To show that the order of ! is 242 = 2 evaluate

! !

! 242 mod ! 5 + 2! + 1

=

1

242=2

5

=

2

5

=

2! 3 + 2! 2 + ! + 1

242=11

mod ! + 2! + 1 mod ! + 2! + 1

We have ! 1 = ! 241 mod ! 5 + 2! + 1 = 2! 4 + 1. As a check, note that ! 2! 4 + 1 mod ! 5 + 2! + 1 = 1. The minimal polynomial of ! 1 is x

2! 4 + 1 x

x

2! 4 + 1

2! 4 + 1

81

3

2! 4 + 1

x

mod ! 5

9

x

2! 4 + 1

27

! + 1 = x5 + 2x4 + 1

8. With reference to the discussion in this section, prove by induction on i that the formula cn = 2i cn=2i + 2in is correct for i = 1; 2; : : : ; log2 n. Answer: For i = 1 we have cn = 2cn=2 + 2n = 2i cn=2i + 2in Assume cn = 2i cn=2i + 2in where 1 cn

i < log2 n. Then

=

2i cn=2i + 2in

=

2i 2cn=2i+1 + 4

=

2i+1 cn=2i+1

=

2i+1 cn=2i+1 + 2 (i + 1) n

n + 2in 2i+1 + 2n + 2in

266

CHAPTER 12. POLYNOMIAL ALGORITHMS AND FFTS

9. Let f (t) and g (t) be polynomials of degrees a and b with coe¢ cients in a …eld. Show that multiplication of f (t) by g (t) requires (a + 1) (b + 1) multiplications of …eld elements, and ab additions of …eld elements. Answer: The polynomial f has a + 1 coe¢ cients and the polynomial g has b + 1 coe¢ cients. Each of the coe¢ cients of f must be multiplied by each of the coe¢ cients of g, for a total of (a + 1) (b + 1) multiplications. Now we have to add these (a + 1) (b + 1) products to form a + b + 1 sums (deg f g + 1). To add up m numbers and get n sums, you need m n additions. For example, to add up 7 numbers to get 1 sum, you need 6 additions. To add up 8 numbers to get 2 sums you need 6 additions: for example, 1 + 2 + 3 and 4 + 5 + 6 + 7 + 8. So to add up (a + 1) (b + 1) numbers to get a + b + 1 sums, you need (a + 1) (b + 1) (a + b + 1) = ab additions. 10. How many steps does the fast Fourier transform take for N = 2048? How does this compare to the number of steps for N = 1024? Answer: For N = 1024 we have N 2

1 + 2N log2 N =

N 2

1 + 2N log2 N

N 2

1 + 2N log2 N

= 20 991 N =1024

and for N = 2048 we have N 2

1 + 2N log2 N =

= 46 079 N =2048

which is only slightly more that twice the number of steps. Ordinary multiplication would take roughly 20482 = 4194 304 compared with roughly 10242 = 1048 576, or about four times as many steps.

K11187

an informa business

www.taylorandfrancisgroup.com

6000 Broken Sound Parkway, NW Suite 300, Boca Raton, FL 33487 270 Madison Avenue New York, NY 10016 2 Park Square, Milton Park Abingdon, Oxon OX14 4RN, UK