Sie sind auf Seite 1von 3

Math 5248

Cryptology and Number Theory Homework 5, Due Thursday October 23

Fall 2008

Exercises: 7.2.03, 7.2.08, 7.2.09 Solutions: 7.2.03 An RSA cipher is set up with modulus n = 210757 and encryption key e = 3. The plaintext is 54321 (converted from text to an integer in some manner that we dont care about). Encrypt it. The RSA encryption function is En,e (x) = xe mod n. Thus we wish to compute 543213 mod 210757. You may use a computer or TI-89 (or whatever) to perform the computation, but I will use my lucky TI-36X. The value of 543213 is slightly beyond the range of my 10-digit display, so I will use the fast exponentiation algorithm discussed in class. The binary expansion of 3 is 2 + 1 = 21 + 20 . Now note that 543212 = 54321 mod 210757, 543212 = 173041 mod 210757. Hence 543213 = 543212
1 +20 1 0

mod 210757
20

= 54321 54321 = 173041 54321 = 208718

21

mod 210757 mod 210757 mod 210757.

7.2.08 An RSA cipher is set up with modulus n = 12091 and encryption key e = 3. The ciphertext is 9812. Decrypt it (just as an integer, which we presume is encoded from text in some unknown but irrelevant manner). In this exercise, we play the role of Eve the eavesdropper. We have all of the public information and none of the private information. So what can we do? We need to know the private key d, which is e1 mod (n), and for this we need to know (n). We could compute (n) in two ways: we could actually count all of the coprime residue classes mod 12091 (which would take a while), or we could nd the prime

factors of n = 12091 and use Eulers product formula to computer (n). Ill go with the second option. If 12091 = pq, then one of p or q must be less than 12091 110. So lets start at 110 and go down, looking for prime factors. First, 109 is prime but it doesnt divide 12091. Next, 107 is prime and it does divide 12091 (lucky!). We nd the factorization 12091 = 107 113.

(The reason I started at 12091 and went down is because I assumed the prime factors would be as large as possible. After all, Alice doesnt want us to know them.) So now we can compute (12091) = (107 1)(113 1) = 11872. Now the private key d is the inverse of 3 mod 11872. We can compute this using the Euclidean algorithm. 11872 = 3957 3 + 1. The Euclidean algorithm terminates after one step, and we get d = 31 = 3957 = 7915 mod 11872. Finally, to decrypt we need to compute 98127915 mod 12091. This really is beyond the range of my TI-36X, so I have to use the fast exponentiation algorithm. (Even this wont be fun, and is better suited to a computer. But the steps I will describe are probably exactly what the computer does, so its good to understand them.) The binary expansion of 7915 is 1111011101011 In other words, 7915 = 212 + 211 + 210 + 29 + 27 + 26 + 25 + 23 + 21 + 20 . So we need to compute 98122 for i from 0 to 12. Here are the results: i 98122 mod 12091 0 9812 1 6802 2 7038 3 8708 4 6603 5 11554 6 10276 7 5473 8 4322 9 11180 7733 10 11 9294 12 332
i i

(Each row is obtained by squaring the previous entry and reducing mod 12091. All of this is within the range of my TI-36X.) Finally, to obtain the answer, we multiply together the entries from rows 0, 1, 3, 5, 6, 7, 9, 10, 11, and 12, reducing mod 12091 after each multiplication. 98127915 = 332 9294 7733 11180 5473 10276 11554 8708 6802 9812 = 2403 7733 11180 5473 10276 11554 8708 6802 9812 = 10623 11180 5473 10276 11554 8708 6802 9812 = 7338 5473 10276 11554 8708 6802 9812 = 6663 10276 11554 8708 6802 9812 = 9746 11554 8708 6802 9812 = 1801 8708 6802 9812 = 1081 6802 9812 = 1634 9812 = 142

mod 12091.

Each of those calculations was within range of my TI-36X. Did I do them that way? No. Do I recommend that you do them that way? No. However, if you used this method but made a calculation error you still get full credit. 7.2.09 Let p and q be distinct primes. Prove that for all integers x we have x1+(p1)(q1) = x mod pq. Proof: We already know that this holds for integers x coprime to pq. The goal is to show that it holds also for x not coprime to pq. We can do this in two steps. 1. First note that the equation is true modulo p. Indeed, Fermats little Theorem says that x(p1) = 1 mod p for any x coprime to p. Hence x1+(p1)(q1) = x1 (x(p1) )q1 = x1 (1)q1 = x mod p is true for any x coprime to p. For x not coprime to p (i.e. for x a multiple of p), both sides of this equation are 0, hence the statement still holds. Similarly, this statements holds modulo q. 2. If we have a = b modulo p and a = b modulo q, it follows that a = b modulo pq. Indeed, we assume that p and q each divides a b. Since p and q are coprime, this implies that pq divides a b. In other words a = b mod pq. This completes the proof. Conclusion: This theorem can be interpreted in terms of the RSA cryptosystem. It tells us that we neednt worry whether the message integer x is coprime to the modulus n = pq. The algorithm will still work even if x and pq are not coprime.