cis 428/628 - introduction to cryptography - spring 2009
background for quiz 3
i. terminology
Be able to define and give an example of the
following terms. Each term is in the index of either
Lewand or Trappe and Washington.
- asymmetric cryptosystem
- bit commitment
- collision-free
- Chinese Remainder Theorem
- congruence class
- existential forgery
- hash function
- index of coincidence
- key agreement
- key distribution
- key exchange
- one-way function
- primitive root
- pseudoprime
- RSA signature
- threshold scheme
ii. number theory
The theme of this part of the quiz will be Discrete Logs and
primitive elements.
questions from a previous year's quiz 3
(with answers)
Problem 1 (9 points)
Define and give an example of each of the following.
(A one or two sentence definition is enough and a small
example suffices.)
birthday attack
existential forgery
key exchange
[show answer]
Problem 2 (2 points)
Show that
4
is not a primitive element of Z11*.
[show answer]
an answer. First we compute the powers of 4 mod 11 until we get a 1.
41 mod 11 = 4.
42 mod 11 = (4*4) mod 11 = 5.
43 mod 11 = (4*5) mod 11 = 9.
44 mod 11 = (4*9) mod 11 = 3.
44 mod 11 = (4*3) mod 11 = 1.
Since 5<10, 4 cannot be a primitive root modulo 11.
[hide answer]
Problem 3 (3 points)
Fact: 6 is a primitive element of Z11*.
L6(x) denotes the discrete log of x to the base 6 mod 11.
Evaluate the following to obtain a element of
Z11*. (Hint: Start by making a table
of the powers of 6 mod 11.)
652 mod 11
L6(3)
L6(2)
[show answer]
An answer.
First, here is our table
| k |
1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 |
L6(n) |
6k mod 11 |
6 | 3 | 7 | 9 | 10 |
6 | 8 | 4 | 2 | 1 |
n |
652
= 652 mod 10
= 62 = 36 = 3 (mod 11).
L6(3) = 2 from the table.
L6(2) = 9 from the table.
[hide answer]
Do one of problems 4 and 5. If you do both,
tell me which you want graded.
In the following
suppose that p is a prime and a is a primitive element of
Zp*.
Problem 4 (6 points)
Prove that:
If gcd(k,p-1)>1, then ak is not
a primitive element of Zp*.
If gcd(k,p-1)=1, then ak is
a primitive element of Zp*.
[show answer]
an answer.
Suppose gcd(k,p-1)=d>1.
So k/d and (p-1)/d are both integers < p-1.
Hence, (ak)(p-1)/d
== (ak/d)p-1
== 1 (mod p), by FLL.
Since (p-1)/d<p-1,
ak cannot be a primitive root.
Suppose gcd(k,p-1)=1. Hence, k*m == 0 (mod p-1)
if and only if m is a multiple of p-1. Thus, none of
(ak)1,
(ak)2,
…,
(ak)p-2>,
is == 1 (mod p-1). Hence, ak is a primitive root.
[hide answer]
Problem 5 (6 points)
Suppose p==3 (mod 4).Prove that:
If x is in QR(p), then -x is not in QR(p).
If x is not in QR(p), then -x is in QR(p).
Hint:
a(p-1)/2 == -1 (mod p). Is (p-1)/2 even or odd?
[show answer]
an answer.
First we note that p-1 is even, but because p==3 (mod 4),
we have that (p-1)/2 is odd. Now for any k in {0,…,p-2},
-ak == (-1)* ak
== a(p-1)/2 * ak
== ak+(p-1)/2)
== a(k+(p-1)/2) mod (p-1) (mod p).
Suppose x is in QR(p). Then x== ak(mod p) for some
even k. Then -x == ak+((p-1)/2) (mod p) and
k+(p-1)/2 is odd (since even+odd=odd). Since p-1 is even,
(k+(p-1)/2) mod (p-1) is also odd. Hence, -x is not in QR(p).
Suppose x is not in QR(p).
Then x== ak(mod p) for some odd k.
Then -x == ak+((p-1)/2) (mod p) and
k+(p-1)/2 is even (since odd+odd=even).
Since p-1 is even, (k+(p-1)/2)mod(p-1) is also even.
Hence, -x is in QR(p).
[hide answer]
number theory and crypto facts given on the quiz
-
Theorem.
-
For each a,b>0 we have that
gcd(a,b) = min {xa+yb | x,y in Z & xa+yb>0 }.
-
Fermat's Little Lemma.
-
Suppose p is a
prime. Then for each integer a,
ap-1 == 1 (mod p).
-
Euler's Theorem.
-
Suppose n>1. Then for each a in Zn*,
aphi(n) == 1 (mod n).
-
Euler's Corollary.
-
Suppose n=p * q, where
p and q are distinct primes. Then,
for each integer a, aphi(n)+1 == a (mod n).
-
Definition.
-
Suppose n>1.
QR(n) = {x in Zn*
| for some y, x = y2 (mod n)}.
The elements of QR(n) are the
quadratic residues modulo n.
-
Definition.
-
Suppose p is a prime and a is
in Zn*. We say that a is
a primitive element of Zn* when
Zn* = {a0,a1,
a2,…,ap-2} (or, alternatively, when
p-1=min{k>0 | ak== 1 (mod p)}).
-
Definition.
-
Suppose p is a prime and a is a primitive element of
Zn*.
For each x in Zn*, define
Laa(x) = the unique y in {0,1,…,p-2} such that
ay == x (mod p). La(x) is called the
discrete log of x to the base a (mod p).
-
Theorem.
-
Suppose p is a prime and a is a primitive element of
Zn*. For each x in
Zn*, x is in QR(p) if and only if
La(x) is even.
The multiplication table for Z11*.
* 1 2 3 4 5 6 7 8 9 10
1 1 2 3 4 5 6 7 8 9 10
2 2 4 6 8 10 1 3 5 7 9
3 3 6 9 1 4 7 10 2 5 8
4 4 8 1 5 9 2 6 10 3 7
5 5 10 4 9 3 8 2 7 1 6
6 6 1 7 2 8 3 9 4 10 5
7 7 3 10 6 2 9 5 1 8 4
8 8 5 2 10 7 4 1 9 6 3
9 9 7 5 3 1 10 8 6 4 2
10 10 9 8 7 6 5 4 3 2 1
Some values of phi(n)
n 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
phi(n) 1 1 2 2 4 2 6 4 6 4 10 4 12 6 8 8
The RSA Algorithm: Each user does the following.
- Picks to large, distinct primes p & q.
- Computes n=p * q and phi(n) = (p-1) * (q-1).
- Picks a random e in {1,...,phi(n)-1} with gcd(e,phi(n))=1.
- Computes d in {1,...,phi(n)-1} with d * e == 1 (mod phi(n)).
- Publishes e and n.
- The values p, q, and d are kept private.
A user with key (n,p,q,e,d) has the following
encryption and decryption functions:
encrypt(m) = me (mod n) [public]
decrypt(c) = cd (mod n) [private]
where c,m in Zn*.
back to the course home page
Jim Royer /