Download Practice Number Theory Problems and more Lecture notes Number Theory in PDF only on Docsity!
Massachusetts Institute of Technology Handout 9 6.857: Network and Computer Security March 21, 2013 Professor Ron Rivest Due: N/A
Practice Number Theory Problems
Problem 3-1. GCD
(a) Compute gcd(85, 289) using Euclid’s extended algorithm. Then compute x and y such that 85x + 289 y = gcd(85, 289).
Recall Euclid’s extended algorithm:
a = bq 1 + r 1 b = r 1 q 2 + r 2
... rn− 1 = rnqn+1 + rn+1.
We stop when we reach a remainder of 0, that is, when rn+1 = 0. We obtain gcd(a, b) = rn.
Fact 1 For all a, b ∈ N, if gcd(a, b) = d, then there exists x, y ∈ Z such that ax + by = d.
To compute x and y from Fact 1, we can use Euclid’s extended algorithm above: starting from rn, we iterate backwards, by expressing rn in terms of ri, a and b, for i decreasing until rn is expressed in terms of a and b only, as in the example below. Let’s apply Euclid’s extended algorithm to compute gcd(289, 85).
289 = 85 · 4 + 34 85 = 34 · 2 + 17 34 = 17 · 2 + 0
The gcd is the last remainder, non-zero: 17. Let’s now work backwards and compute x and y:
17 = 85 − 34 · 2 = 85 − (289 − 85 · 4) · 2 = 85 − 289 · 2 + 85 · 8 = 85 · 9 − 289 · 2 ,
and thus x = 9 and y = −2. (b) Show that if k | mn, but gcd(m, k) = 1 then k | n. Let’s first argue intuitively: since k divides m and n and k has no factors in common with m, it must be that all factors of k divide n and hence k divides n. Let’s prove this statement formally: k | mn implies that
∃ q s.t. mn = kq. (1)
Since gcd(m, k) = 1, we know by Fact 1 that there exists x, y s.t. mx + ky = 1 and therefore m = (1 − ky)/x. By replacing m in Eq. (1), we obtain n(1 − ky) = xkq and thus n = nky + xkq = k(ny + xq) so k | n. Someone asked me in recitation if it is ok that k is multiplied by a term containing n: the term (ny + xq). The reason this is fine is that all we need from ny + xq is to be an integer, which it is because all of n, y, x, q ∈ Z. Then, we get that n equals k times some integer, which means that n is a multiple of k.
(c) Show that if m > n then gcd(m, n) = gcd(m − n, n). Let d = gcd(m, n). We know that d | m and d | n so d | m − n. Indeed, d is now a common divisor of m − n and n. To show that d is the largest such divisor, assume by contradiction that it is not the largest divisor. That is, assume that there exists a divisor d′^ > d such that d′^ | m − n and d′^ | n. This means that d′^ | m and that gcd(m, n) ≥ d′^ > d, which achieves a contradiction. (d) Show that gcd(m, n) is a linear combination of m and n. Write 1 as a linear combination of 18 and
The first part of this problem follows trivially from Fact 1. The second part just involves computing the Euler’s extended algorithm:
31 = 18 · 1 + 13 18 = 13 · 1 + 5 13 = 5 · 2 + 3 5 = 3 · 1 + 2 3 = 2 · 1 + 1 2 = 1 · 2 + 0
Working backwards (the first equality of each line indicates a substitution from the equations above):
1 = 3 − 2 · 1 = 3 − (5 − 3) = 3 · 2 − 5 = (13 − 5 · 2) · 2 − 5 = 13 · 2 − 5 · 5 = 13 · 2 − (18 − 13) · 5 = 13 · 7 − 18 · 5 = (31 − 18) · 7 − 18 · 5 = 31 · 7 − 18 · 12.
(e) Show that if gcd(a, m) = 1 and gcd(a, n) = 1 then gcd(a, mn) = 1. Recall that
Fact 2 For all a, b ∈ N, for all x, y ∈ Z, if ax + by = d, then gcd(a, b) | d.
Proof. The proof of this fact is easy. Let d∗^ = gcd(a, b). Since d∗^ | a and d∗^ | b, it means that d∗^ | ax + by = d.
Since gcd(a, m) = 1, by Fact 1, we have that there exists x, y such that ax+my = 1. Thus my = 1−ax. Similarly, there exists v and w such that av + nw = 1 and thus nw = 1 − av. Therefore, we obtain that my · nw = (1 − ax)(1 − av) and therefore mn · yw + a(v + x − avx) = 1, which by Fact 2, gives us that gcd(m, n) | 1 so gcd(m, n) = 1.
Problem 3-2. Modular arithmetic
(a) Show that if a ≡ b mod n, then for all integers c, a + c ≡ b + c mod n. Since a ≡ b mod n, there exists q ∈ Z such that a = b + nq. This means that a + c = b + c + nq. If we compute mod n on both sizes, nq cancels out and we obtain a + c ≡ b + c mod n.
(a) What is the order of 5 in Z∗ 13?
52 = 12 mod 13 53 = 8 mod 13 54 = 1 mod 13
Order is thus 4. (b) Find an element of order 3 mod 7.
Try out a few values 13 = 1, 2^3 mod 7 = 1: thus 2 has order 3 mod 7.
Problem 3-5. Generators
(a) Find a safe prime ≥ 20 and it’s corresponding Sophie-Germain prime.
Recall that a safe prime p is a prime such that p = 2q + 1 where q is a prime. q is called a Sophie- Germain prime. p = 23 and q = 11. (b) Find a generator of Z∗ 11 - note that 11 is a safe prime, so you should be able to do this by hand! All you need to try is whether the generator to the power of the factors of p − 1 (p = 11 here) is not one. If gx^ ≡ 1 mod p for x < p − 1, g cannot be a generator because it has shorter cycles than p − 1 and thus cannot generate all p − 1 values.
25 = 32 6 = 1 mod 11.
22 ≡ 4 6 = 1 mod 11.
(c) Test 3 is a generator for Z∗ 7 by computing only two exponentiations. 32 ≡ 2 mod 7 6 = 1 33 ≡ 6 mod 7 6 = 1.
Problem 3-6. Discrete log and related assumptions
(a) Compute the discrete log 3 2 mod 7. 3 x^ ≡ 2 mod 7. x = 2. (b) Prove that if the Computational Diffie-Hellman assumption is hard, then Discrete Log assumption is also hard. It is enough to prove the counterpositive: if we can break DL, then we can break CDH. To break CDH, we are given ga, gb^ and we need to compute ab. Since we know how to break DL, we can compute a and b and then we just multiply them. So we can break CDH.
Problem 3-7. Quadratic Residue
(a) Find Q 7 , the set of quadratic residues mod 7.
Therefore, Q 7 = { 1 , 2 , 4 }.
- 12 = 1 mod
- 22 = 4 mod
- 32 = 2 mod
- 42 = 2 mod
- 52 = 4 mod
- 62 = 1 mod
