Introduction To Mathematical Thinking Algebra and Number Systems 1st Edition Gilbert Solutions Manual

Introduction To Mathematical Thinking
Algebra And Number Systems 1st

Edition Gilbert Solutions Manual
Visit to download the full and correct content document: https://testbankdeal.com/dow
nload/introduction-to-mathematical-thinking-algebra-and-number-systems-1st-edition-
gilbert-solutions-manual/
Chapter 7 Solutions
An Introduction to Mathematical Thinking:
Algebra and Number Systems
William J. Gilbert and Scott A. Vanstone, Prentice Hall, 2005
Solutions prepared by William J. Gilbert and Alejandro Morales
Exercise 7-1:
The following is known to be a simple substitution cipher. Break the code.
PCTPG ANJHT GDURG NEIDV GPEWN LPHYJ AXJHR PTHPG
BETH THAT CHID XFIG DEALT GASH VAST SNIB
TUDAA DLXCV HXBEA TBTIW DS
Solution:
The given ciphertext has 102 letters. Analyzing it we see that the letter T
appears 10 times, and this is one the most repeated letters. Because the letter E
is so common in the english language, an educated guess is to try the substitution
cipher f that sends E to K. This corresponds to the function f : A → A defined
by f (x) ≡ x + 6 (mod 26), where A ≡ 1, B ≡ 2, . . .. The inverse of this function
would be f −1 (x) ≡ x − 6 (mod 26).
Applying f −1 to the message we get
PCTPG ANJHT GDURG NEIDV GPEWN LPHYJ AXJHR PTHPG⇐Ciphertext
ANEAR LYUSE ROFCR YPTOG RAPHY WASJU LIUSC AESAR⇐Plaintext
BETH THAT CHID XFIG DEALT GASH VAST SNIB ⇐Ciphertext
MESSA GESSE NTTOH ISTRO OPSWE REDIS GUISE DBYTH⇐Plaintext
TUDAA DLXCV HXBEA TBTIW DS ⇐Ciphertext
EFOLL OWING SIMPL EMETH OD ⇐Plaintext
With the correct spacing it would be “ an early user of cryptography was

Julius Caesar messages sent to his troops were disguised by the following simple
method”.
Exercise 7-2:
The following is known to be a simple substitution cipher with a key length of
3. The following table may be of some help in cryptanalyzing the cipher. It
gives the frequency distribution of letters in the English language.
Letter A B C D E F G H I J K L M
% 8.0 1.5 3.0 4.0 13.0 2.0 1.5 6.0 6.5 0.5 0.4 3.5 3.0
Letter N O P Q R S T U V W X Y Z
% 7.0 8.0 2.0 0.2 6.5 6.0 9.0 3.0 1.0 1.5 0.5 2.0 0.2
7.1
VRMGX LGKDQ EZVYA QVDGD PGQMP OZCVI NQMDB IKMWT
ZWNIV QWQCV MSEIV SWPVQ GCIVD PGRMC BBQPB JOJTK
VERWH WIVRM OKBKM AEKTN OLEVI UCQEK TCVOG LZCMT
CCAKM INKTI OJTKM PMWOZ IUCMU WWUDW HDPGK TIOJT
KLKCK QFMTO LRBQQ BBQDP GXQPO BGOVV RKGXB WBGCB
WWXLC LWWDM KQPVO MPRCP NZGNQ VGIUZ ZQFMF DPCDI
RBMES AGCWN EBKYV VYBJO OGXMT KTRYT AXWOS INOYW
KBKYV YKAKW XQCAK LTGKV FDPKC EQBSN OIFDW VRMFO
DGVWR WMPDW HGPCD QUUVQ GVCCU QNMTX INQMD BI
Solution:
In order to decrypt the message we have to find the key k1 k2 k3 . Because
we know that the key length is three, then every third letter in the ciphertext
was produced by the same substitution cipher. We therefore can approach the
problem by dividing the ciphertext into three parts by taking every third letter
starting from the first, second and third letters of the text. The first part is
VGGQV QGGPC NDKTN QCSVP GVGCQ JTEHV OKENE UECGC
CKNIT POUUU HGITK QTRQQ GPGVG WCWCW KVPPG VUQFC
REGNK VJGTR AONWK YKQKG FKQNF VFGRP HCUQC QTND
This ciphertext has 119 letters. G appears 15 times, Q appears 11 times and K
appears 9 times. From the given table we know that the letter E has the highest
frequency distribution in the English language. So if k1 is such that E + k1 = G
or 6 + k1 ≡ 8 (mod 26) then k1 = 2 or corresponds to the letter B. If this is so
then Q − B = O and K − B = I which are both letters with a high frequency
of distribution in the English language.
The second part is
RXKEY VDQVQ BMZIW VESVC DRBPO KRWRK MKOVC KXLMC
MKOKM ZCWDD KOKCF OBBDX OORXB BXLDQ ORNNG ZFDDB
SCEYY OXKYX SOKYX WCLKD CBODR OCVWD GDUGC NXQB
This ciphertext has 119 letters. K appears 13 times, O appears 12 times and D
appears 10 times. If k2 is such that E + k2 = K or 6 + k2 ≡ 12 (mod 26) then
k2 = 6 or corresponds to the letter F. If this is so then D − F = J but J has a
low frequency distribution in the English language.
On the other hand if k2 is such that E + k2 = O or 6 + k2 ≡ 16 (mod 26)
then k2 = 10 or corresponds to the letter J. If this is so then K − J = A and
D − J = T which are both letters with a high frequency of distribution in the
English language. Hence k2 = J is a better guess.
The third part is
MLDZA DPMZI MIWWV QMIWQ IPMBB JVWIM BATLI QTOZT
AITJM WIMWW PTJLK MLQBP QBVKB GWLWM PMCZQ IZMPI
MAWBV BOMTT WIYBV AXATV PESIW MDWMW PQVVU MIMI
This ciphertext has 119 letters. M appears 16 times, W appears 14 times

and I appears 14 times. If k3 is such that E + k3 = M or 6 + k3 ≡ 14 (mod 26)
then k3 = 8 or corresponds to the letter H. If this is so then W − H = O and
7.2
I − H = A which are both letters with a high frequency distribution in the
English language.
So a good guess for the key is k1 k2 k3 = BJH. Then the inverse key of BJH
is XP R, decrypting the message we get
THEEN DEAVO URTOS OLVET HEGEN ERALA LGEBR AICOR
POLYN OMIAL EQUAT IONLI ESATT HEHEA RTOFT HEBRA
NCHOF MATHE MATIC SCALL EDCLA SSICA LALGE BRACL
ASSIC ALALG EBRAE NCOMP ASSES MOSTO FTHEA LGEBR
ADISC OVERE DPRIO RTOTH ENINE TEENT HCENT URYAR
OUNDA BOUTE IGHTE ENHUN DREDI TWASP ROVED THATA
PRECI SESOL UTION TOTHE GENER ALPOL YPOMI ALEQU
ATION WASIM POSSI BLEAN DTHIS WORKL EADTO THEDE
VELOP MENTO FWHAT ISKNO WNASM ODERN ALGEB RA
That with the correct spacing would be “The endeavor to solve the general
algebraic or polynomial equation lies at the very heart of the branch of mathe-
matics called classical algebra. Classical algebra encompasses most of the algebra
discovered prior to the nineteenth century around about eighteen hundred it was
proved that a precise solution to the general polynomial equation was impossible
and this work led to the development of what is known as modern algebra.”
Exercise 7-3:
For each of the following values of p, q, and e, find the public key (e, n), and
the associated private key (d, n) of an RSA scheme.
p = 17, q = 19, e = 25.
Solution:
The product is n = pq = 323 and (p − 1)(q − 1) = 288 = 25 32 , therefore
gcd(25, 288) = 1. Now we have to solve the congruence 25d ≡ 1 (mod 288).
The congruence is equivalent to the Diophantine Equation 25y + 288x = 1
for x, y ∈ Z. By inspection 25(−23)+288(2) = 1. So d ≡ −23 ≡ 265 (mod 288).
The public encryption key is (e, n) = (25, 323) and the private key is (d, n) =
(265, 323).
Check: ed = (265)25 = 6625 = 23(288) + 1.
Exercise 7-4:
p = 59, q = 67, e = 1003.
Solution:
The product is n = pq = 3953 and (p − 1)(q − 1) = 3828 = 22 · 3 · 3 · 11 · 29.
If gcd(1003, 3828) = 1, we have to solve the congruence 1003d ≡ 1 (mod 3828).
7.3
The congruence is equivalent to the Diophantine Equation 1003y+3828x = 1
for x, y ∈ Z. Using the Extended Euclidean Algorithm
3828x + 1003y = r qi
1 0 3828
0 1 1003
1 −3 819 3
−1 4 184 3
5 −19 83 1
−11 42 18 4
49 −187 11 2
−60 229 7 3
109 −416 4 1
−169 645 3 4
278 −1061 1 2
So the equation has a solution and 3828(278) + 1003(−1061) = 1 and d ≡

−1061 ≡ 2767 (mod 3828).
The public encryption key is (e, n) = (1003, 3953) and the private key is
(d, n) = (2767, 3953).
Check: ed = (1003)2767 = 2775301 = 725(3828) + 1.
Exercise 7-5:
p = 97, q = 107
Solution:
We have n = pq = 10379 and (p − 1)(q − 1) = 10176. Since gcd(5, 10176) = 1
we know that
5d ≡ 1 (mod 10176)
always has a solution. By the division algorithm 10176 = 2035 · 5 + 1. Or,
5(−2035) ≡ 1 (mod 10176). Since −2035 ≡ 8141 (mod 10176) we have the
public key (e, n) = (5, 10397) and the private key (d, n) = (8141, 10379).
Check: ed = (8141)5 = 40705 = 4(10176) + 1.
Exercise 7-6:
p = 211, q = 241, e = 65.
Solution:
The product is n = pq = 50851 and (p − 1)(q − 1) = 50400 = 25 32 · 52 · 7.
Because 65 = 5 · 13 so gcd(65, 50400) = 5. Because e and (p − 1)(q − 1) are
not coprime then the congruence equation ex ≡ 1 (mod 50400) has no solution.
Hence there is no private key (d, n).
7.4
Exercise 7-7:
For each of the following public keys (e, n), determine the associated private key
(d, n) of an RSA scheme.
(e, n) = (5, 7663)
Solution:
We need the prime factorization of 7663 to find (p − 1)(q − 1), and hence
√ d. Because n is small it can be factored trying prime factors less than
find
7663 ≡ 87.5. Trying 83, 79 we find that 7663 = 79(97) and 97 is indeed a
prime.
Then (p−1)(q −1) = 7488 = 26 ·32 ·13 and gcd(5, 7488) = 1. Now we have to
solve the congruence 5x ≡ 1 (mod 7488) which is equivalent to the Diophantine
Equation 5x + 7488y = 1 for x, y ∈ Z. Using the Extended Euclidean Algorithm
7488y + 5x = r qi
1 0 7488
0 1 5
1 −1497 3 1497
−1 1498 2 1
2 −2995 1 1
So 5(−2995) + 7488(2) = 1 and d ≡ −2995 ≡ 4493 (mod 7488).
The public encryption key is (e, n) = (5, 7663) and the private key is (d, n) =
(4493, 7663).
Check: ed = (5)4493 = 224468 = 3(7488) + 1.
Exercise 7-8:
(e, n) = (197, 6283)
Solution:
We need the prime factorization of n = 6283 to find (p − 1)(q − 1), and hence
d. In this case (as opposed to actual√RSA systems), n is fairly small and can be
factored by trying prime factors ≤ 6283 ≈ 79.3. Trying 79, 73, 71, 67, 61, we
find that 6283 = 61 · 103. So let p = 61, q = 103 and find d by solving 197d ≡ 1
(mod 60 · 102) i.e. (mod 6120). This is equivalent to the Diophantine Equation
197x + 6120y = 1 for x, y ∈ Z. Using the Extended Euclidean Algorithm
6120y + 197x = r qi
1 0 6120
0 1 197
1 −31 13 31
−15 466 2 15
91 −2827 1 6
This yields d ≡ −2827 (mod 6120). So we pick 0 ≤ d = 3293, getting the
private key (d, n) = (3293, 6283).
7.5
Check: 3293 · 197 = 648 721 = 106 · 6120 + 1 ≡ 1 (mod 6120).
Exercise 7-9:
(e, n) = (1277, 47083)
Solution:
find
47083 ≡ 216.9. Trying 211, 199 and 197 we find that 47083 = 197(239) and
239 is indeed a prime.
Then
(p − 1)(q − 1) = 196(238) = 46648 = 23 · 73 · 17.
Now if gcd(1277, 46648) = 1 we have to solve the congruence 1277x ≡ 1
(mod 46648) which is equivalent to the Diophantine Equation 1277x+46648y =
1 for x, y ∈ Z. Using the Extended Euclidean Algorithm
46648y + 1277x = r qi
1 0 46648
0 1 1277
1 −36 676 36
−1 37 601 1
2 −73 75 1
−17 621 1 8
So, the equation has a solution 46648(−17) + 1277(621) = 1 and d ≡ 621

(mod 46648).
The public encryption key is (e, n) = (1277, 47083) and the private key is
(d, n) = (621, 47083).
Check: ed = (1277)621 = 793017 = 17(46648) + 1.
Exercise 7-10:
(e, n) = (100937, 295927)
Solution:
find
295927 ≡ 544. Trying 541 we find that 295927 = 541(547) and 547 is indeed
a prime.
Then (p − 1)(q − 1) = 540(546) = 294840 = 23 · 34 · 5 · 7 · 13. Now, if
gcd(100937, 294840) = 1 then we have to solve the congruence 100937x ≡
7.6
1 (mod 295927) which is equivalent to the Diophantine Equation 100937x +
295927y = 1 for x, y ∈ Z. Using the Extended Euclidean Algorithm
294840y + 100937x = r qi
1 0 294840
0 1 100937
1 −2 3 92966
−1 3 2 7971
12 −35 1 5285
−13 38 3 2686
25 −73 2 2599
−38 111 1 87
1127 −3292 2 76
−1165 3403 1 11
8117 −23710 2 10
−9282 27113 1 1
So the equation has a unique solution 294840(−9282) + 100937(27113) = 1

and d ≡ 27113 (mod 294840).
The public encryption key is (e, n) = (100937, 295927) and the private key
is (d, n) = (27113, 295927).
Check: ed = (100937)27113 = 2736704881 = 9282(294840) + 1.
Exercise 7-11:
Given n = pq, p > q, and φ(n) = (p − 1)(q − 1) prove that
p
p + q = n − φ(n) + 1 and p − q = (p + q)2 − 4n.
Solution:
For the first part,
n − φ(n) + 1 = pq − (p − 1)(q − 1) + 1
= pq − (pq − p − q + 1) + 1
= p + q.
And for the second part,
(p + q)2 − 4n = p2 + 2pq + q 2 − 4pq

= p2 − 2pq + q 2
= (p − q)2 .
p
Since (p − q) > 0, we have (p + q)2 − 4n = p − q.
Exercise 7-12:
Each integer n is the product of two primes p and q, and the Euler phi function
φ(n) = (p − 1)(q − 1). Determine the prime factors p and q.
7.7
n = 19837, φ(n) = 19516
Solution:
By Exercise 7-10, p + q = n − φ(n) + 1 = 19837 − 19516 + 1 = 322. So
p = 322 − q. Therefore pq = 322q − q 2 = 19837. To solve for q we use the
Quadratic Equation to get
√
322 ± 24336
q =
2
322 ± 156
=
2
which yields the solutions 239 and 83 = 322 − 239. Because n is a product of
two distinct primes then 83 and 239 are the prime factors of n.
Check: 83(239) = 19837 and 82(238) = 19516.
Exercise 7-13:
n = 6887, φ(n) = 6720
Solution:
By Exercise 7-10, p+q = n−φ(n)+1 = 6887−6720+1 = 168. So p = 168−q.
Therefore pq = 168q − q 2 = 6887. To solve for q we use the Quadratic Equation
to get
√
168 ± 676
q =
2
168 ± 26
=
2
which yields the solutions 97 and 71 = 168 − 97. Because n is a product of two
distinct primes then 97 and 71 are the prime factors of n.
Check: 97(71) = 6887 and 96(70) = 6720.
Exercise 7-14:
n = 71531, φ(n) = 70992
Solution:
We have
n = pq = 71531
φ(n) = (p − 1)(q − 1) = 70992
Since
(p − 1)(q − 1) = pq − (p + q) + 1,
7.8
we have
70992 = 71531 − (p + q) + 1.
Thus,
p + q = 540 , pq = 71531.
2
Substituting p = 540 − q gives q − 540q + 71531 = 0 and thus
p
q = 270 − 2702 − 71531 = 270 − 37 = 233
and p = 307.
Check: (233)(307) = 71531 and (232)(306) = 70992.
Exercise 7-15:
n = 2751121, φ(n) = 2747700
Solution:
By Exercise 7-10, p + q = n − φ(n) + 1 = 2751121 − 2747700 + 1 = 3422. So
p = 3422 − q. Therefore pq = 3422q − q 2 = 2751121. To solve for q we use the
Quadratic Equation to get
√
3422 ± 705600
q =
2
3422 ± 840
=
2
which yields the solutions 1291 and 2131 = 3422 − 1291. Because n is a product
of two distinct primes then 1291 and 2131 are the prime factors of n.
Check: 1291(2131) = 2751121 and 1290(2130) = 2747700.
Exercise 7-16:
(a) Prove that the encryption function f : Zn → Zn , for the RSA system
defined by f [x] = [xe ], is a bijection.
(b) Find the permutation of Z15 defined by the bijection f : Z15 → Z15 with
f [x] = [x7 ].
Solution:
(a) By Theorem 7.41. The functions f : Zn → Zn , and g : Zn → Zn defined
by f [x] = [xe ] and g[y] = [y d ] are inverse functions. This implies that f is
invertible and by the Inversion Theorem f is a bijection
(b) f : Z15 → Z15 defines the permutation,
7.9

1 2 ··· 14 15
α =
f (1) f (2) · · · f (14) f (15)

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
=
0 1 8 12 4 5 6 13 2 9 10 11 3 7 14
Exercise 7-17:
Encrypt each message M , using the RSA public key (e, n).
M = 47, (e, n) = (5, 119)
Solution: To encrypt the message M we have to calculate [M 5 ] in Z119 . We
use the square and multiply algorithm. Because 5 = 22 + 20 and 472 ≡ 67
4
(mod 119) and 472 ≡ 86 (mod 119), then 475 ≡ 86 · 47 ≡ 115 (mod 119).
Exercise 7-18:
M = 10, (e, n) = (7, 143)
Solution:
M e = 10e = 107 = 103 · 103 · 10 ≡ 142 · 142 · 10
≡ (−1)(−1) · 10
≡ 10 (mod 143) .
Exercise 7-19:
M = 2425, (e, n) = (17, 28459)
Solution: To encrypt the message M we have to calculate [M 17 ] in Z28459 . We
use the square and multiply algorithm. 17 = 24 + 20 and
M ≡ 2425 (mod 28459)

2
M ≡ 18071 (mod 28459)
M4 ≡ 22475 (mod 28459)
M8 ≡ 6834 (mod 28459)
M 16 ≡ 2337 (mod 28459)
M 17 ≡ M 16 M (mod 28459)
≡ 2337 · 2425 ≡ 3884 (mod 258459)
Exercise 7-20:
M = 21421, (e, n) = (13, 101617)
7.10
Solution: To encrypt the message M we have to calculate [M 13 ] in Z101617 .
We use the square and multiply algorithm. 13 = 23 + 22 + 20 and
M ≡ 21421 (mod 101617)

M2 ≡ 58486 (mod 101617)
M4 ≡ 82359 (mod 101617)
M8 ≡ 70131 (mod 101617)
M 13 ≡ M 8 M 4 M (mod 101617)
≡ 70131 · 82359 · 21421 (mod 101617)
≡ 30581 (mod 101617)
Exercise 7-21:
Decrypt each received ciphertext C, using the RSA public key (d, n).
C = 32, (d, n) = (77, 119)
Solution: To decrypt each ciphertext we must calculate [C 77 ] in Z119 . We use
the square and multiply algorithm. 77 = 64 + 8 + 4 + 1 = 26 + 23 + 22 + 20 and
C ≡ 32 (mod 119)
C2 ≡ 72 (mod 119)
C4 ≡ 67 (mod 119)
C8 ≡ 86 (mod 119)
16
C ≡ 18 (mod 119)
C 32 ≡ 86 (mod 119)
C 64 ≡ 18 (mod 119)
C 77 ≡ C 64 C 8 C 4 C (mod 119)
≡ 18 · 86 · 72 · 32 (mod 119)
≡ 2 (mod 119)
Exercise 7-22:
Decrypt each received ciphertext C, using the RSA private key (d, n).
C = 99, (d, n) = (103, 143)
Solution:
C d = 99103 . Using 995 ≡ 99 (mod 143), we obtain
99103 ≡ (995 )20 · 993 ≡ 9923 ≡ 993 ≡ 44 (mod 143).
Exercise 7-23:
C = 7415, (d, n) = (263, 13261)
7.11
Solution: To decrypt each ciphertext we must calculate [C 263 ] in Z13261 . We
use the square and multiply algorithm. 263 = 256 + 4 + 2 + 1 = 28 + 22 + 2 + 20
and
C ≡ 263 (mod 13261)

2
C ≡ 2119 (mod 13261)
C4 ≡ 7943 (mod 13261)
C8 ≡ 8672 (mod 13261)
C 16 ≡ 453 (mod 13261)
C 32 ≡ 6294 (mod 13261)
64
C ≡ 3829 (mod 13261)
C 128 ≡ 7836 (mod 13261)
C 256 ≡ 4466 (mod 13261)
C 263 ≡ C 256 C 4 C 2 C (mod 13261)
≡ 4466 · 7943 · 2119 · 263 (mod 13261)
≡ 4218 (mod 13261)
Exercise 7-24:
C = 1701, (d, n) = (519, 2773)
Solution: To decrypt each ciphertext we must calculate [C 519 ] in Z2773 . We
use the square and multiply algorithm. 519 = 512 + 4 + 2 + 1 = 29 + 22 + 2 + 20
and
C ≡ 519 (mod 2773)

2
C ≡ 1162 (mod 2773)
C4 ≡ 2566 (mod 2773)
C8 ≡ 1254 (mod 2773)
C 16 ≡ 225 (mod 2773)
C 32 ≡ 711 (mod 2773)
C 64 ≡ 835 (mod 2773)
C 128 ≡ 1202 (mod 2773)
C 256 ≡ 71 (mod 2773)
C 512 ≡ 2268 (mod 2773)
C 519 ≡ C 512 C 4 C 2 C (mod 2773)
≡ 2268 · 2566 · 1162 · 1701 (mod 2773)
≡ 1672 (mod 2773)
Exercise 7-25:
7.12
Find each congruence class by the square and multiply algorithm.
873193 (mod 1000)
Solution:
Using the square and multiply algorithm, 193 = 128 + 64 + 1 = 27 + 26 + 20
and
873 ≡ 873 (mod 1000)

8732 ≡ 129 (mod 1000)
8734 ≡ 641 (mod 1000)
8738 ≡ 881 (mod 1000)
87316 ≡ 161 (mod 1000)
87332 ≡ 921 (mod 1000)
87364 ≡ 241 (mod 1000)
873128 ≡ 81 (mod 1000)
873193 ≡ 873128 87364 873 (mod 1000)
≡ 81 · 241 · 873 (mod 1000)
≡ 833 (mod 1000)
Exercise 7-26:
Find each congruence class by the square and multiply algorithm.
56781 (mod 1024)
Solution:
Using the square and multiply algorithm, 81 = 64 + 16 + 1 = 26 + 24 + 20
and
567 ≡ 567 (mod 1024)

5672 ≡ 977 (mod 1024)
5674 ≡ 161 (mod 1024)
8
567 ≡ 321 (mod 1024)
56716 ≡ 641 (mod 1024)
56732 ≡ 257 (mod 1024)
56764 ≡ 513 (mod 1024)
56781 ≡ 56764 56716 567 (mod 1024)
≡ 513 · 641 · 567 (mod 1024)
≡ 439 (mod 1024)
Exercise 7-27:
Encrypt each message M , using the RSA public key (e, n) and the square and
multiply algorithm.
7.13
M = 1240, (e, n) = (17, 4757)
Solution:
To encrypt the message M we have to calculate [M 17 ] in Z4757 .
Using the square and multiply algorithm, 17 = 16 + 1 = 24 + 20 and
1240 ≡ 1240 (mod 4757)

12402 ≡ 1089 (mod 4757)
12404 ≡ 1428 (mod 4757)
12408 ≡ 3188 (mod 4757)
16
1240 ≡ 2392 (mod 4757)
124017 ≡ 1240161240 (mod 4757)
≡ 2392 · 1240 (mod 4757)
≡ 2469 (mod 4757)
So the enciphered message of M is C = 2469.
Exercise 7-28:
multiply algorithm.
M = 2041, (e, n) = (13, 3599)
Solution:
Using the square and multiply algorithm, 13 = (1101)2 = 8 + 4 + 1 and
20412 ≡ 1638 (mod 3599)

20414 ≡ 16382 ≡ 1789 (mod 3599)
20418 ≡ 17892 ≡ 1010 (mod 3599)
204113 = 20418 · 20414 · 2041 ≡ 1010 · 1789 · 2041 (mod 3599)
≡ 192 · 2041 (mod 3599)
≡ 3180 (mod 3599)
Exercise 7-29:
multiply algorithm.
M = 2607, (e, n) = (21, 12193)
Solution:
7.14
Using the square and multiply algorithm, 21 = 16 + 4 + 1 = 24 + 22 + 20 and
2607 ≡ 2607 (mod 12193)

26072 ≡ 4948 (mod 12193)
26074 ≡ 11353 (mod 12193)
26078 ≡ 10599 (mod 12193)
260716 ≡ 4692 (mod 12193)
260721 ≡ 260716260742607 (mod 12193)
≡ 4692 · 11353 · 2607 (mod 12193)
≡ 2210 (mod 12193)
Exercise 7-30:
multiply algorithm.
M = 1425, (e, n) = (19, 12091).
Solution:
Using the square and multiply algorithm, 19 = 16 + 2 + 1 = 24 + 21 + 20 and
1425 ≡ 1425 (mod 12091)

14252 ≡ 11428 (mod 12091)
14254 ≡ 4293 (mod 12091)
14258 ≡ 3165 (mod 12091)
142516 ≡ 5877 (mod 12091)
142519 ≡ 142516142521425 (mod 12091)
≡ 5877 · 11428 · 1425 (mod 12091)
≡ 10527 (mod 12091)
Exercise 7-31:
For each exponent e, determine the number of modular multiplications to en-
crypt an RSA message using the square and multiply algorithm.
e = 92487.
Solution:
92487 = 216 +214 +213 +211 +28 +26 +22 +21 +20 = (10110100101000111)2.
Thus we need 16 squarings to calculate the remainder of all the powers of 2 up
to 216 and 8 multiplications for a total of 24 modular multiplications.
Exercise 7-32:
7.15
e = 1247683
Solution:
1247683 = 10488576 + 131072 + 65536 + 2048 + 256 + 128 + 64 + 2 + 1

= 220 + 217 + 216 + 211 + 28 + 27 + 26 + 21 + 20
= (100110000100111000011)2
Thus we need 20 squarings to calculate the remainder of all the powers of 2

up to 220 , and 8 multiplications for a total of 28 modular multiplications.
Exercise 7-33:
e = 524289.
Solution:
e = 524289 = 524288 + 1 = 219 + 20 = (10000000000000000001)2. So we
need 19 squarings to calculate the remainder of all the powers of 2 up to 219
and 1 multiplication for a total of 20 modular multiplications.
Exercise 7-34:
e = 46321
Solution:
46321 = 215 + 213 + 212 + 210 + 27 + 26 + 25 + 24 + 20 = (1011010011110001)2.
Thus, we need to perform 15 squarings and 8 multiplications, i.e. 23 modular
multiplications.
Exercise 7-35:
Use the Chinese Remainder Theorem to decrypt each received ciphertext C,
using the RSA private key (d, n) where n = pq.
C = 762, d = 899, p = 31, q = 37
Solution:
n = 1147. To decrypt the ciphertext C we have to calculate [C 899 ] ∈ Z1147 .
This is equivalent to calculating [C 899 ] in both Z31 and Z37 and then recombining
the solution using the Chinese Remainder Theorem.
Since 762 ≡ 18 (mod 31). Because 31 6 | 18, Fermat’s Little Theorem tells
us that 1830 ≡ 1 (mod 31). Then because 899 ≡ 29 (mod 30), 18899 ≡ 1829
(mod 31).
7.16
Using the square and multiply algorithm 29 = 16 + 8 + 4 + 1
18 ≡ 18 (mod 31)
182 ≡ 14 (mod 31)
184 ≡ 10 (mod 31)
188 ≡ 7 (mod 31)
1816 ≡ 18 (mod 31)
1829 ≡ 1816 · 188 · 184 · 18 (mod 31)
≡ 18 · 7 · 10 · 18 ≡ 19 (mod 31)
Similarly 762 ≡ 22 (mod 37). Because 37 6 | 22, Fermat’s Little Theorem

tells us that 2236 ≡ 1 (mod 37). Then because 899 ≡ 35 (mod 36), 22899 ≡ 2235
(mod 36).
Using the square and multiply algorithm 35 = 32 + 2 + 1
22 ≡ 22 (mod 37)
222 ≡ 3 (mod 37)
224 ≡ 9 (mod 37)
228 ≡ 7 (mod 37)
2216 ≡ 12 (mod 37)
2232 ≡ 33 (mod 37)
2235 ≡ 2232 · 222 · 22 (mod 37)
≡ 33 · ·3 · 22 ≡ 32 (mod 37)
If R = 762899 then
R ≡ 19 (mod 31)
R ≡ 32 (mod 37)
The second congruence is equivalent to R = 32 + 37y for some y ∈ Z. Substi-

tuting in the first congruence yields 6y ≡ 18 (mod 31). This has solution y ≡ 3
(mod 31) or y = 3 + 31z for some z ∈ Z. The solution for both congruences is
R = 32 + 37(3 + 31z) = 143 + 1147z or R ≡ 143 (mod 1147). Therefore the
message was M = 147.
Exercise 7-36:
C = 1120, d = 5051, p = 79, q = 131
Solution:
Now, d = 5051 ≡ 59 (mod 78) and c = 1120 ≡ 14 (mod 79).
7.17
59 = (111001)2 = 32 + 16 + 8 + 2 + 1. We have
142 ≡ 38 (mod 79)

144 ≡ 22 (mod 79)
148 ≡ 10 (mod 79)
1416 ≡ 21 (mod 79)
1432 ≡ 46 (mod 79)
We compute 1459 ≡ 46 · 21 · 10 · 38 · 14 ≡ 12 (mod 79).

Now, d = 5051 ≡ 111 (mod 130) and c = 1120 ≡ 72 (mod 131). 111 =
(1101111)2 = 64 + 32 + 8 + 4 + 2 + 1. We have
722 ≡ 75 (mod 131)

724 ≡ 123 (mod 131)
728 ≡ 64 (mod 131)
7216 ≡ 35 (mod 131)
7232 ≡ 46 (mod 131)
7264 ≡ 20 (mod 131)
We compute 72111 ≡ 20 · 46 · 64 · 123 · 75 · 72 ≡ 127 (mod 131).

R ≡ 12 (mod 79)
Finally, we must solve the pair of congruences
R ≡ 127 (mod 131)
using the Chinese Remainder Theorem. We begin by applying the Extended
Euclidean Algorithm.
131x + 79y = r qi
1 0 131
0 1 79
1 −1 52 1
−1 2 27 1
2 −3 25 1
−3 5 2 1
38 −63 1 12
−79 131 0 2
Hence, using the fact that M ≡ 12 · 38 · 131 + 127 · (−63) · 79 (mod 10349), we
finally get M = 7201.
Exercise 7-37:
C = 113261, d = 9809, p = 367, q = 401
Solution:
n = 147167. To decrypt the ciphertext C we have to calculate [C 9809 ] ∈
Z147167 . This is equivalent to calculating [C 9809 ] in both Z367 and Z401 and
then recombining the solution using the Chinese Remainder Theorem.
7.18
Since 113261 ≡ 225 (mod 367). Because 367 6 | 225, Fermat’s little theo-
rem tells us that 225366 ≡ 1 (mod 31). Then because 9809 ≡ 293 (mod 366),
2259809 ≡ 225293 (mod 31).
225 ≡ 225 (mod 367)

2252 ≡ 346 (mod 367)
2254 ≡ 74 (mod 367)
2258 ≡ 338 (mod 367)
22516 ≡ 107 (mod 367)
22532 ≡ 72 (mod 367)
22564 ≡ 46 (mod 367)
225128 ≡ 281 (mod 367)
225256 ≡ 56 (mod 367)
225293 ≡ 225256 · 22532 · 2254 · 2251 ≡ 59 (mod 367)
Similarly 113261 ≡ 179 (mod 401). Because 401 6 | 179, Fermat’s little the-
orem tells us that 179400 ≡ 1 (mod 401). Then because 9809 ≡ 209 (mod 400),
1799809 ≡ 179209 (mod 401).
179 ≡ 179 (mod 401)

1792 ≡ 362 (mod 401)
1794 ≡ 318 (mod 401)
1798 ≡ 72 (mod 401)
17916 ≡ 372 (mod 401)
17932 ≡ 39 (mod 401)
17964 ≡ 318 (mod 401)
179128 ≡ 72 (mod 401)
179209 ≡ 179128 · 17964 · 17916 · 179 (mod 401)
≡ 72 · 318 · 372 · 179 ≡ 56 (mod 401)
If R = 1132619809 then
R ≡ 59 (mod 367)
R ≡ 56 (mod 401)
The second congruence is equivalent to R = 56 + 401y for some y ∈ Z. Sub-

stituting for R in the first congruence yields 34y ≡ 3 (mod 367). Using the
7.19
Extended Euclidean Algorithm
367x + 34y = r qi
1 0 367
0 1 34
1 −10 27 10
−1 11 7 1
4 −43 6 3
−5 54 1 1
So this has solution y ≡ 162 (mod 367) or y = 162 + 367z for some z ∈ Z.
Therefore the solution for both congruences is R = 56 + 401(162 + 367z) =
65018 + 147167z or R ≡ 65018 (mod 147167). Therefore the message is M =
65018.
Exercise 7-38:
Let (e, n) = (1837, 9379) be the public encryption key for an RSA system, and
let (d, n) = (5, 9379) be the corresponding private decryption key. Decode the
following received message blocks, where the plaintext has been grouped into
message blocks of two letters per block, using the equivalence A ↔ 01, etc. You
will find it useful to take advantage of the prime factorization of n as 83 · 113.
2485 1169 1981 2897
Solution:
We decrypt using the Chinese Remainder Theorem.
24855 ≡ 29 (mod 83) 24855 ≡ 113 (mod 113)

11695 ≡ 41 (mod 83) 11695 ≡ 113 (mod 113)
19815 ≡ 52 (mod 83) 19815 ≡ 113 (mod 113)
28975 ≡ 17 (mod 83) 28975 ≡ 133 (mod 113)
Now, 64 · 83 ≡ 1 (mod 113) and 36 · 113 ≡ 1 (mod 83). Thus, applying the
Chinese Remainder Theorem yields the following plaintext:
2485→29 · 36 · 113 + 112 · 64 · 83 (mod 9379) = 112 ↔AL.

1169→41 · 36 · 113 + 27 · 64 · 83 (mod 9379) = 705↔GE.
1981→52 · 36 · 113 + 105 · 64 · 83 (mod 9379) = 218 ↔BR.
2897→17 · 36 · 113 + 100 · 64 · 83 (mod 9379) = 100 ↔A.
The message is: “Algebra”.
Exercise 7-39:
Let (e, n) be the public encryption key for an RSA system. Suppose that it takes
10−4 seconds to do one modular multiplication, and that e has 200 digits with
100 ones in its binary representation. Assuming that modular multiplication is
7.20
the only time-consuming operation, determine the time required to encrypt a
message.
Solution:
Let e = (r200 r199 . . . r2 r1 r0 )2 where each ri = 0 or 1. Because the binary
representation of e has 200 digits we know that r200 = 1 so e = 2200 + · · · .
Therefore 200 squarings are needed in order to calculate the remainder of all
the powers of 2 up to 2200 . And because there are 100 ones in the binary
representation of e, 100 of these powers must be multiplied. This involves 99
extra multiplications for a total of 299 modular multiplications. Hence the time
required is
t = ( # of multiplications) × (time per multiplication)

= 299 · 10−4 s = 0.0299 seconds
Exercise 7-40:
Anne has a public key (eA , nA ) = (7, 8453), and a private key (dA , nA ) =
(7087, 8453). Bill has public key (eB , nB ) = (1837, 9379), and private key
(dB , nB ) = (5, 9379). Anne sends to Bill a signed message encrypted under
Bill’s public key. The ciphertext comes in two enciphered blocks.
5752 7155.
Find the message sent by Anne.

Solution:
If a, a−1 and b, b−1 are Anne’s and Bill’s public encryption and private de-
cryption functions, then the signed messages M1 and M2 encrypted under Bill’s
public key are b(a−1 M1 ) = 5752 and b(a−1 M2 ) = 7155. To decipher them we
must compute M1 = a(b−1 (5257)) and M2 = a(b−1 (7155)).
b−1 (5257) = (5257dB ) in Z9379 . Using the square and multiply algorithm,
5 = 2 2 + 20 .
5257 ≡ 5257 (mod 9379)

52572 ≡ 5771 (mod 9379)
52574 ≡ 8991 (mod 9379)
52575 ≡ 52574 · 5257 (mod 9379)
≡ 8991 · 5257 (mod 9379)
≡ 426 (mod 9379)
Because 426 < 8453 then 426 ≡ 426 (mod 8453). If this was not true then
we would have problems.
We now have to compute a(426) = 4267 in Z8453 . Using the square and
multiply algorithm, 7 = 22 + 21 + 20 .
7.21
426 ≡ 426 (mod 8453)
4262 ≡ 3963 (mod 8453)
4264 ≡ 8148 (mod 8453)
7
426 ≡ 4265 · 4262 · 426 (mod 8453)
≡ 8248 · 3963 · 426 (mod 8453)
≡ 1905 (mod 8453)
Now we do the same thing for 7155.
7155 ≡ 7155 (mod 9379)

71552 ≡ 3443 (mod 9379)
71554 ≡ 8572 (mod 9379)
71555 ≡ 71554 · 7155 (mod 9379)
≡ 8572 · 7155 (mod 9379)
≡ 3379 (mod 9379)
3379 ≡ 3379 (mod 8453), and
3379 ≡ 3379 (mod 8453)

33792 ≡ 6091 (mod 8453)
33794 ≡ 64 (mod 8453)
7
3379 ≡ 33795 · 33792 · 3379 (mod 8453)
≡ 64 · 6091 · 3379 (mod 8453)
≡ 1212 (mod 8453)
Therefore the original message was 1905 1212, using the equivalence A ←→ 01
etc. Now 19051212 ←→ SELL.
Exercise 7-41:
Suppose that Anne’s encryption function is a based on the public key (eA , nA ),
and her decryption function is a−1 based on the private key (dA , nA ). Bill’s en-
cryption function is b based on the public key (eB , nB ), and his decryption func-
tion is b−1 based on the private key (dB , nB ). Suppose also that Anne wants to
send a digitally signed message M in private to Bill, by sending him b(a−1 (M )).
Anne would first compute M dA ≡ C (mod nA ) with 0 ≤ C ≤ nA − 1. Anne then
computes C eB (mod nB ) provided C is such that 0 ≤ C ≤ nB − 1. This will
be true if nA < nB . If nA > nB , this may be false and complications arise.
Describe several ways to overcome this problem.
Solution:
If nA > nB , complications arise because if M dA ≡ C (mod nA ) and C ≥ nB
then Bill will recover [C]nB but not C.
7.22
This problem can be avoided expressing C in base nB . That is if M dA ≡ C
(mod nA ) and C ≥ nB , C can be expressed uniquely as
C = (rn rn−1 · · · r2 r1 r0 )nB
where 0 ≤ ri < nB . For each ri , rieB (mod nB ) can be computed with no

complications. If Bill recovers the ri s and knows that they are part of a base
nB representation, he can calculate C by,
C = rn (nB )n + rn−1 (nB )n−1 + · · · + r1 (nB )1 + r0 .
Anne could inform Bill that C ≥ nB and that it will be expressed in base nB
using some protocol or predefined keyword.
Another way to overcome this problem is to break up C into blocks that
give rise to numbers smaller than nB and encrypt them separately using Bill’s
public key. We know that Anne and Bill’s block lengths, lA and lB , give rise
to integers that are smaller than nA and nB . Because nA > nB then lA ≥ lB .
So lA can be divided into blocks of length lB by adding enough blanks (00) at
the beginning of the lA -block. Bill can recover these blocks using his decryption
function. He can join them and trim leading blanks (00) to get a block of length
lA which is the original C.
With C, he can apply Anne’s encryption function and recover M .
Problem 7-42:
Which elements are fixed under the function
f : Z77 → Z77 defined by f [x] = [x7 ] ?
That is, for which [x] ∈ Z77 is f [x] = [x] ?

Solution:
We have to find the [x] ∈ Z77 such that [x7 ] = [x] or x7 ≡ x (mod 77). By
the Chinese Remainder Theorem, this congruence is equivalent to the system of
congruences x7 ≡ x (mod 7) and x7 ≡ x (mod 11).
x7 ≡ x (mod 7) is true for all x (mod 7) . And x11 ≡ x (mod 11) is true iff
x ≡ 0 (mod 11) or x6 ≡ 1 (mod 11). The latter is true iff x2 ≡ 1 (mod 11) iff
x ≡ 1, 10 (mod 11).
Therefore, the fixed elements are all x mod 77 that are 0, 1 or 10 mod 11:
{0, 1, 10, 11, 12, 21, 22, 23, 32, 33, 34, 43, 44, 45, 54, 55, 56, 65, 66, 67, 76} (mod 77) .
Problem 7-43:
Two people A and B communicate using an RSA system for privacy. An oppo-
nent finds out that the messages being passed between the two are limited to
a set of 100 messages and the opponent has a list of the messages. Describe a
method by which the opponent can read the messages passing between A and
7.23
B, without ever having to factor n. Can you devise a way for A and B to alter
their RSA system slightly so as to avoid such an attack?
Solution:
Since the attacker knows the entire message space (only 100 possible mes-
sages), the attacker can encrypt each one with A’s public key and also B’s public
key, and create a table of these two hundred cipher texts, along with the corre-
sponding plaintext. Any message passing between A to B must consist of one
of these two hundred cipher texts, and so can easily be found by looking it up
in the table.
One way to prevent this attack is to add randomly generated bits to a
message before it is encrypted. If m bits are added, then the attacker would have
to create a table of messages and corresponding plaintext that would consist of
2 × 100 × 2m entries. Select m so that it is infeasible to create such a table. For
example, if the modulus n = 2048 and m is chosen to be 60, then the storage
requirements would be in excess of 1021 bytes (or 1 zettabyte).
Problem 7-44:
Suppose that an opponent discovers a nonzero message M , that is not relatively
prime to the modulus n = pq of an RSA system.
(a) Show that the opponent can factor n and, hence, break the system.
(b) If the opponent selects a message at random, determine the probability
that the message M is not relatively prime to n.
(c) If both p and q are larger than 10100 , show that the probability in (b) is
less than 10−99 .
Solution:
(a) If there is a nonzero message M such that gcd(M, n) 6= 1, because n = pq
then either p or q divide M . Without loss of generality p|M . Hence by the GCD
characterization theorem there exist integers s and t such that M r + ns = p.
Using the Extended Euclidean algorithm r and s can be found rather easily
which determines p. Dividing n by p, gives q and n is factored.
(b) There are φ(n) = (p − 1)(q − 1) integers from 1 to n that are relatively
prime to n. A message M can take any of the values from 0 to n − 1. So the
probability of M not being coprime is
Prob. not coprime = 1 − (Prob. coprime)

# of coprime choices of M
= 1−
# of choices
φ(pq) (p − 1)(q − 1)
= 1− =1−
pq pq
p+q−1
=
pq
7.24
(c) If p, q > 10100 then 1/p, 1/q < 10−100 and 1/pq < 10−200 . So
1 1 1
Prob. not coprime = + −
q p pq
1 1 2 1
< + < 100 < 99
q p 10 10
Problem 7-45:
We would like to distribute some information to s people so that if any two
of the s people combine their information they can deduce the secret positive
integer k, but no person alone can do so. Select a prime number p larger than
s and k. Then select a polynomial f (x) = ax + k ∈ Zp [x] with a 6= 0. Compute
pairs (i, f (i)), 1 ≤ i ≤ s, and distribute these to the s people. Prove that this
scheme has the desired properties.
Solution: Clearly p 6= 2 because p > s ≥ 2.
If two people have (i, f (i)) and (j, f (j)), 1 ≤ i, j ≤ s ≤ p and i 6= j, then
f (i) − f (j) = (ai + k) − (aj + k) = a(i − j).
Because Zp is a field then (i − j)−1 exists and because both people know i
and j they can calculate it by solving the congruence (i − j)x ≡ 1 (mod p).
Multiplying by it gives
(i − j)−1 (f (i) − f (j)) = a.
Knowing a, any of the two can calculate k = f (i) − ai = f (j) − aj.

Now we have to prove that one person alone cannot find out k. Because
a 6= 0 and p 6= 2, there exists d ∈ Zp such that d, a + d 6= 0 and k − di 6≡ k
(mod p). Consider g(x) = (a + d)x + (k − di). It is clear that f (i) = g(i)
but f and g have different constant terms. Therefore one person alone cannot
determine a unique k from (i, f (i)).
Problem 7-46:
We would like to distribute some information to s people so that if any three
of the s people combine their information they can deduce the secret positive
integer k, but any fewer than three can not. Select a prime number p larger
than s and k. Then select a polynomial f (x) = ax2 + bx + k ∈ Zp [x] with a 6= 0.
Compute pairs (i, f (i)), 1 ≤ i ≤ s, and distribute these to the s people. Prove
that this scheme has the desired properties.
Solution: First we will show that three people having (i, f (i)), (j, f (j)), and
(m, f (m)), 1 ≤ i, j, m ≤ s ≤ p, for different i, j and m, can find k.
The first two people can calculate
f (i) − f (j) = (ai2 + bi + k) − (aj 2 + bj + k) = a(i2 − j 2 ) + b(i − j)

= a(i − j)(i + j) + b(i − j).
7.25
Because Zp is a field, (i−j)−1 exists and because both people know i and j they
can calculate it by solving the congruence (i − j)x ≡ 1 (mod p). Multiplying
by it gives
(i − j)−1 (f (i) − f (j)) = a(i + j) + b.
Now if the person having (i, f (i)) does similar calculations with the person
having (m, f (m)) they will have a(i + m) + b. Then
a(i + j) + b − (a(i + m) + b) = a(j − m)
and multiplying by (j − m)−1 gives a.

With a, they can find b because b = a(i + j) + b − a(i + j). With a and b
any of the three can determine k. because
k = f (i) − ai2 − bi = f (j) − aj 2 − bj = f (m) − am2 − bm.
Now we have to prove that fewer than three people cannot find k. Suppose
that the quadratic is f (x) ∈ Zp [x], and that two people have the pairs (i, f (i))
and (j, f (j)). Then the secret number is f (0).
Choose a k ∈ Zp such that a + k 6= 0 and let h(x) = f (x) + k(x − i)(x − j),
which is also a quadratic in Zp [x], and it has the property that h(i) = f (i) and
h(j) = f (j). However h(0) = f (0) + ij 6= f (0). Hence, either f (x) or h(x) could
be the polynomial that gives the two pairs, (i, f (i)) and (j, f (j)). Since they
yield different secret numbers f (0) and h(0), these two people cannot determine
the secret number.
As an example consider f (x) = x2 + 3x + 5 ∈ Z7 [x]. Suppose two people are
given the pairs (1, f (1)) = (1, 2) and (3, f (3)) = (3, 2). Now let
h(x) = f (x) + (x − 1)(x − 3) = 2x2 − x + 1.
Then h(1) = f (1) = 2 and h(3) = f (3) = 2, but the constant terms, f (0) = 5
and h(0) = 1, are different. Hence these two people cannot determine the unique
positive integer.
Problem 7-47:
(a) Generalize the previous two problems so that any t of the s people have
enough information to deduce a secret number k, but any fewer than t
can not.
(b) Six people receive the information pairs (1,10), (2,6), (3,1), (4,1), (5,1),
(6,7) generated in this way using p = 11. It is known that any four of the
six have enough information to deduce the secret integer k. Find k.
Solution:
(a) Again select a prime number p larger than s and k. Then select a polynomial
f (x) = at−1 xt−1 +at−2 xt−2 +· · ·+a1 x+k ∈ Zp [x] with at−1 6= 0. By distributing
distinct pairs (i, f (i)), 1 ≤ i ≤ s to each person, the desired scheme is achieved.
7.26
We will show by induction on t, that any t of the s people have sufficient
information to find k.
As induction hypothesis suppose that, given any polynomial g(x) of degree
m − 1 in Zp [x] and m distinct pairs (i, g(i)), then it is possible to determine the
m coefficients of g(x). (Although it seems stronger, determining all coefficients
is equivalent as determining k).
In the base case m = 1, we are given a constant polynomial h(x) = k and
one pair (i, h(i)). Since h(i) = k, we know the only coefficient k. Problem 7-45
is the case m = 2, and Problem 7-46 the case m = 3.
Now suppose that m + 1 people have the distinct pairs (i1 , f (i1 )), (i2 , f (i2 )),
. . ., (im , f (im )), (im+1 , f (im+1 )), with f (x) = am xm + · · · + a1 x + k. The person
with the pair (ij , f (ij )) can combine it with that of the first person to calculate
f (i1 ) − f (ij ) = am (im m

1 − ij ) + · · · + a1 (i1 − ij ).
Using the equation an − bn = (a − b)(an−1 + an−2 b + · · · + abn−2 + bn−1 ),
f (i1 ) − f (ij ) =
(i1 − ij )[am (i1m−1 + i1m−2 ij + · · · + ijm−1 ) + · · · + a2 (i1 + ij ) + a1 ]
The people knowing i1 and ij can calculate (i1 − ij )−1 because Zp is a field.
Multiplying by it gives
(i1 − ij )−1 [f (i1 ) − f (ij )]

= am ijm−1 + (am i1 + am−1 )ijm−2 + · · · + (am i1m−2 + · · · + a3 i1 + a2 )ij
+(am i1m−1 + am−1 i1m−2 + · · · + a2 i1 + a1 )
= g(ij )
where g(x) = cm−1 xm−1 + cm−2 xm−2 + · · · + c1 x + c0 and cn = am i1m−1−n +

am−1 im−2−n
1 + · · · + an+1 for 0 ≤ n ≤ m − 1. Notice that cm−1 = am 6= 0 and
that cn only depends in the coefficients of f (x) and i1 .
The m + 1 people can calculate g(ij ) for all 2 ≤ j ≤ m + 1. By the induction
hypothesis this is sufficient information to determine all the coefficients of g(x).
The m + 1 coefficients of f (x) can be computed from the coefficients of g(x) and
i1 , since
am = cm−1
am−1 = cm−2 − cm−1 i1
am−2 = cm−3 − cm−2 i1
..
.
a1 = c 0 − c 1 i1
k = f (i1 ) − am−1 i1m−1 − · · · − a1 i1 .
Hence the induction hypothesis holds for polynomials of degree m + 1.
7.27
By the principle of mathematical induction the scheme works for any t of
the s people.
To show that t−1 people cannot determine the secret number from the pairs
(i1 , f (i1 )), . . ., (it−1 , f (it−1 )), proceed as in Problem 7-46. That is find a k ∈ Zp
such that an + k 6= 0 and consider
h(x) = f (x) + k(x − i1 )(x − i2 ) · · · (x − it−1 ).
The polynomials f (x) and h(x) have the same degree and the same values and
at i1 , . . . , it−1 , but have different constant terms.
(b) By part (a) the six pairs received are of the form (i, f (i)) where f (x) =
ax3 + bx2 + cx + k ∈ Z11 , so that any four people have enough information to
deduce the secret integer k. If we choose the four pairs (1, 10), (3, 1), (4.1), and
(5, 1), then we must have
10 = f (1) = a + b + c + k
1 = f (3) = 5a + 9b + 3c + k
1 = f (4) = 9a + 5b + 4c + k
1 = f (5) = 4a + 3b + 5c + k
which is a system of four equations and four unknowns in Z11 . Solve the system
by eliminating variables.
a+ b+ c+k = 10
5a+9b+3c+k = 1
Eliminating the first variable
9a+5b+4c+k = 1
4a+3b+5c+k = 1
a+ b+ c+ k = 10
nd 4b−2c−4k = 6
Multiplying the 2 equation by 3
−4b−5c−8k = 10
− b+ c−3k = 5
a+b+ c+ k = 10
b+5c− k = 7
Eliminating the second variable
−b+7c+9k = 8
−b+ c−3k = 5
a+b+ c+ k = 10
rd b+5c+10k = 7
Multiplying the 3 equation by 8
c+ 8k = 4
6c+ 7k = 1
a+b+ c+ k = 10
b+5c+10k = 7
Eliminating the third variable
c+ 8k = 4
3k = 10
The inverse of 3 in Z11 is 4, since 3 · 4 = 1 in Z11 . Hence 4(3k) = 40 = 7 in Z11 ,
and so the secret number is k = 7.
7.28
Check: Solving the system of equations completely yields k = 7, c = 4−8(7) =
3, b = 7 − 5(3) − 10(7) = 10, a = 10 − 10 − 3 − 7 = 1. Hence, the polynomial is
f (x) = x3 + 10x2 + 3x + 7, and we can check all the six pairs.
f (1) ≡ 21 ≡ 10 (mod 11) f (4) ≡ 243 ≡ 1 (mod 11)

f (2) ≡ 61 ≡ 6 (mod 11) f (5) ≡ 397 ≡ 1 (mod 11)
f (3) ≡ 133 ≡ 1 (mod 11) f (6) ≡ 601 ≡ 7 (mod 11)
Problem 7-48:
(a) Let n = pq, where p and q are primes. Prove that if p − q is known then
n can be factored.(Exercise 7-11 will help.)
(b) Describe a way to break an RSA system with modulus n = pq if p − q is

not too large. (This problem illustrates an important point. When con-
structing an RSA system one must pick the primes so that their difference
is large.)
Solution:
(a)
p Suppose, p − q is known (n is also known). By Exercise 7-11, p − q =
(p + q)2 − 4np, so (p − q)2 = (p + q)2 − 4n , and thus (p + q)2 = (p − q)2 + 4n
and (p + q) = (p − q)2 + 4n. From these, we can determine p = (1/2) [(p −
q) + (p + q)] and q = (n/p).
(b) If (p − q) is not too large, we can, by part (a), find it by testing whether
i2 + 4n is a perfect square for i = 1, 2, 3, 4, . . ..
2
Then let p − q = i0 , where p i0 ∈ P is such that i0 + 4n is the square of
an integer, and let p + q = 2
i0 + 4n. Determine p and q as described in
(a), compute (p − 1)(q − 1), and find the private key d by solving ed ≡ 1
(mod (p − 1)(q − 1)).
(This only works if (p − q) is relatively small, because then only relatively
few i ∈ P need to be tested. If (p − q) is large, the testing will take too long to
be useful.)
Problem 7-49:
Use the algorithm developed in the previous problem to break the RSA system
having modulus n = 26, 850, 099, 599.
Solution:
By the previous problem, assuming p − q is small, we can find (p + q)2 by
testing whether i2 + 4n is a perfect square for small i.
4n = 107400398396,
√
i = 1 → √1 + 107400398396 ≈ 327719.99
i=2 → 4 + 107400398396 = 327720
7.29
If p + q = 327720 and p − q = 2 then (p + q) + (p − q) = 2p = 327722, so
p = 163861, and q = 163861 − 2 = 163859.
Because n is a product of two primes then they are 163861 and 163859.
Check: (163861)(163859) = 26, 850, 099, 599.
Problem 7-50:
Jane announces that her public RSA key pair is (2743, 9797). Determine Jane’s
private key, and decode the message 3940 that is sent to her.
Solution:
To decode C = 3940, we first need to factor n = 9797 into p and q so we can
compute (p − 1)(q − 1) and solve
2743d ≡ 1 (mod (p − 1)(q − 1))
√
Let’s try primes ≤ 9797 ≈ 98.98.
By trying 98 and 97, we find 9797 = 97 · 101.
So let p = 97, q = 101; then (p − 1)(q − 1) = 96 · 100 = 9600. Solve 2743d ≡ 1
(mod 9600).
The Euclidean Algorithm, applied to 9600 and 2743, gives a value of
d ≡ 7 (mod 9600), so Jane’s private key must be (7, 9797).
To decode C, we need to compute
D([C]) = [C d ] = [C 7 ] = [39407] ∈ Z9797 .
Use Square and Multiply Algorithm:
7 = (111)2 = 4 + 2 + 1
39402 ≡ 5152 (mod 9797)
39402 ≡ 51522 ≡ 3031 (mod 9797)
39407 = 39404 · 39402 · 39401
≡ 3031 · 5152 · 3940 (mod 9797)
≡ 9091 · 3940 (mod 9797)
≡ 708 (mod 9797) .
Hence the original message must have been M = 0708, which translates to
“Hi”, using A ↔ 00, B ↔ 01, C ↔ 02, etc.
Problem 7-51:
Compute 8132 and 9132 modulo 133. Do these calculations tell you anything
about the primality of 133?
Solution:
Using the square and multiply algorithm, 132 = 128 + 4 = 27 + 22 ,
8 ≡ 8 (mod 133) 816 ≡ 106 (mod 133)
82 ≡ 64 (mod 133) 832 ≡ 64 (mod 133)
84 ≡ 106 (mod 133) 864 ≡ 106 (mod 133)
88 ≡ 64 (mod 133) 8128 ≡ 64 (mod 133)
7.30
Hence 8132 ≡ 8128 · 84 ≡ 64 · 106 ≡ 1 (mod 133). This tells us nothing about
the primality of 133.
With 9,
9 ≡ 9 (mod 133) 916 ≡ 23 (mod 133)

92 ≡ 81 (mod 133) 932 ≡ 130 (mod 133)
94 ≡ 44 (mod 133) 964 ≡ 9 (mod 133)
99 ≡ 74 (mod 133) 9129 ≡ 81 (mod 133)
Hence 9132 ≡ 9128 · 94 ≡ 81 · 44 ≡ 106 6≡ 1 (mod 133). Using the contrapositive

of Fermat’s Little Theorem, we can conclude that 133 is not a prime.
7.31

Introduction To Mathematical Thinking Algebra and Number Systems 1st Edition Gilbert Solutions Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Introduction To Mathematical Thinking Algebra and Number Systems 1st Edition Gilbert Solutions Manual

Uploaded by

Copyright:

Available Formats

Introduction To Mathematical Thinking

Algebra And Number Systems 1st

Solutions prepared by William J. Gilbert and Alejandro Morales

With the correct spacing it would be “ an early user of cryptography was

This ciphertext has 119 letters. M appears 16 times, W appears 14 times

So the equation has a solution and 3828(278) + 1003(−1061) = 1 and d ≡

So, the equation has a solution 46648(−17) + 1277(621) = 1 and d ≡ 621

So the equation has a unique solution 294840(−9282) + 100937(27113) = 1

And for the second part,

(p + q)2 − 4n = p2 + 2pq + q 2 − 4pq

M ≡ 2425 (mod 28459)

M ≡ 21421 (mod 101617)

99103 ≡ (995 )20 · 993 ≡ 9923 ≡ 993 ≡ 44 (mod 143).

C ≡ 263 (mod 13261)

C ≡ 519 (mod 2773)

873 ≡ 873 (mod 1000)

567 ≡ 567 (mod 1024)

1240 ≡ 1240 (mod 4757)

So the enciphered message of M is C = 2469.

20412 ≡ 1638 (mod 3599)

So the enciphered message of M is C = 3180.

2607 ≡ 2607 (mod 12193)

So the enciphered message of M is C = 2210.

1425 ≡ 1425 (mod 12091)

So the enciphered message of M is C = 10527.

1247683 = 10488576 + 131072 + 65536 + 2048 + 256 + 128 + 64 + 2 + 1

Thus we need 20 squarings to calculate the remainder of all the powers of 2

Similarly 762 ≡ 22 (mod 37). Because 37 6 | 22, Fermat’s Little Theorem

The second congruence is equivalent to R = 32 + 37y for some y ∈ Z. Substi-

142 ≡ 38 (mod 79)

We compute 1459 ≡ 46 · 21 · 10 · 38 · 14 ≡ 12 (mod 79).

722 ≡ 75 (mod 131)

We compute 72111 ≡ 20 · 46 · 64 · 123 · 75 · 72 ≡ 127 (mod 131).

225 ≡ 225 (mod 367)

179 ≡ 179 (mod 401)

The second congruence is equivalent to R = 56 + 401y for some y ∈ Z. Sub-

2485 1169 1981 2897

24855 ≡ 29 (mod 83) 24855 ≡ 113 (mod 113)

2485→29 · 36 · 113 + 112 · 64 · 83 (mod 9379) = 112 ↔AL.

The message is: “Algebra”.

t = ( # of multiplications) × (time per multiplication)

Find the message sent by Anne.

5257 ≡ 5257 (mod 9379)

Now we do the same thing for 7155.

7155 ≡ 7155 (mod 9379)

3379 ≡ 3379 (mod 8453), and

3379 ≡ 3379 (mod 8453)

C = (rn rn−1 · · · r2 r1 r0 )nB

where 0 ≤ ri < nB . For each ri , rieB (mod nB ) can be computed with no

C = rn (nB )n + rn−1 (nB )n−1 + · · · + r1 (nB )1 + r0 .

f : Z77 → Z77 defined by f [x] = [x7 ] ?

That is, for which [x] ∈ Z77 is f [x] = [x] ?

Prob. not coprime = 1 − (Prob. coprime)

f (i) − f (j) = (ai + k) − (aj + k) = a(i − j).

(i − j)−1 (f (i) − f (j)) = a.

Knowing a, any of the two can calculate k = f (i) − ai = f (j) − aj.

f (i) − f (j) = (ai2 + bi + k) − (aj 2 + bj + k) = a(i2 − j 2 ) + b(i − j)

a(i + j) + b − (a(i + m) + b) = a(j − m)

and multiplying by (j − m)−1 gives a.

k = f (i) − ai2 − bi = f (j) − aj 2 − bj = f (m) − am2 − bm.

h(x) = f (x) + (x − 1)(x − 3) = 2x2 − x + 1.

f (i1 ) − f (ij ) = am (im m

Using the equation an − bn = (a − b)(an−1 + an−2 b + · · · + abn−2 + bn−1 ),