Assignment 5 Solutions James Vanderhyde

1. Problem 31.2-6.
Recall F1 = 0, F2 = 1, and Fk+1 = Fk + Fk−1 for k > 2. By the discussion in
the book, Extended-Euclid(Fk+1 , Fk ) returns (d, x, y), where d = xFk+1 + yFk and
d = gcd(Fk+1 , Fk ). The book also shows gcd(Fk+1 , Fk ) = gcd(Fk , Fk+1 mod Fk ) =
gcd(Fk , Fk+1 − Fk ) = gcd(Fk , Fk−1 ) = . . . = gcd(2, 1) = 1. We will show by induction
that for k ≥ 2, x = ±Fk−1 and y = ∓Fk . The signs are determined by this: x > 0 and
y < 0 iff k is odd. Clearly Extended-Euclid(F3 , F2 ) = Extended-Euclid(1, 1) =
(1, 0, 1) = (1, −F1 , F2 ). Now let (d, x, y) = Extended-Euclid(Fk+1 , Fk ) and (d0 , x0 , y 0 ) =
Extended-Euclid(Fk , Fk−1 ). By induction assume d0 = 1, x0 = ∓Fk−2 , y 0 = ±Fk−1 .
By the algorithm, d = d0 , x = y 0 , and y = x0 − y 0 . This implies d = 1, x = ±Fk−1 ,
and y = ∓Fk−2 − ±Fk−1 = ∓(Fk−2 + Fk−1 ) = ∓Fk . This completes the induction since
k − 1 is even iff k is odd.
2. Problem 31.2-8.
Note lcm(a, b) = ab/ gcd(a, b), so we can use Euclid’s algorithm to compute the greatest
common divisor to compute the least common multiple of a pair of integers. To com-
pute the least common multiple of a set of integers, we recursively decompose it into
pairs: lcm(a1 , lcm(a2 , lcm(. . . lcm(an−1 , an ) . . .))). To be sure this works, we have to
prove that lcm(a1 , a2 , . . . , an ) = lcm(a1 , lcm(a2 , . . . , an )). Let m0 = lcm(a1 , a2 , . . . , an )
and m = lcm(a1 , lcm(a2 , . . . , an )). Then we know ai |m0 for all i, and a1 |m and
lcm(a2 , . . . , an )|m. The latter implies that all of a2 through an also divides m. Thus
m is a common multiple of a1 , a2 , . . . , an and therefore greater than or equal to the
least common multiple, m0 . So m ≥ m0 . Conversely, we know that m0 is a multiple
of a1 through an . Therefore it is a common multiple of a2 through an , which means
lcm(a2 , . . . , an ) divides m0 because the least common multiple divides every common
multiple. Thus m0 is a common multiple of a1 and lcm(a2 , . . . , an ), and therefore
m0 ≥ m. Together we have m = m0 , so we may break the setwise least common multi-
ple computation into pairwise least common multiple computations. Thus there are a
total of n − 1 multiplications and divisions plus n − 1 calls to Euclid’s algorithm.
3. Problem 31.4-1.

35x ≡ 10 (mod 50).

a = 35, b = 10, n = 50.
d = gcd(35, 50) = 5. d = 35x0 + 50y 0 ⇒ x0 = 3, y 0 = −2.
x0 = x0 (b/d) mod n = 3(10/5) mod 50 = 6.
xi = x0 + i(n/d). i(n/d) = i(50/5) = 10i.
Solutions are 6, 16, 26, 36, 46.
4. Problem 31.5-4.
By Corollary 31.29, f (x) ≡ 0 (mod n) iff f (x) ≡ 0 (mod ni ) for each i. Say f (x) ≡ 0

1
Assignment 5 Solutions James Vanderhyde

(mod ni )Q
has ri roots. Since there are ri possibilities for each component to be 0, there
must be ri possible ways for f (x) to be 0 (mod n).
5. Problem 31.6-1.
∗
ZZ11 = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}.
x ord11 (x) ind11,2 x
1 1 0
2 10 1
3 5 8
4 5 2
5 5 4
6 10 9
7 10 7
8 10 3
9 5 6
10 2 5
6. Problem 31.7-1.
p = 11, q = 29, n = pq = 319, e = 3. Note e does not divide n. φ(n) = 10 · 28 = 280.
d ≡ e−1 (mod 280) ⇐ 3d ≡ 1 (mod 280) ⇐ 3d = 1 + 280x. x = 3 ⇒ d = 187.
M = 100 ⇒ P (M ) = P (100) = 1003 mod 319 = 254.
7. Problem 31.7-3.
PA (M1 )PA (M2 ) = (M1e mod n)(M2e mod n) = M1e M2e mod n = (M1 M2 )e mod n =
PA (M1 M2 ).
Input: PA (M ), the encrypted message; PA = (e, n), the public key
Output: M , the decrypted message
1: repeat
2: Pick a random message M 0 .
3: Encrypt M 0 to form PA (M 0 ).
4: Calculate PA (M M 0 ) = PA (M )PA (M 0 ).
5: Decrypt this efficiently with probability 0.01 to get M M 0 (mod n).
6: if efficient decryption succeeded then
7: Compute M 0−1 (mod n).
8: return (M M 0 )(M 0−1 ) = M
9: end if
10: until k iterations
11: return no solution found

Note that M 0−1 (mod n) exists as long as M 0 does not divide n, but n’s only factors
are 1, p, q, and n = pq, so M 0 will almost always have an inverse. The probability of
success of this algorithm is 1 − (0.99)k , so k = 459 implies there is a greater than 99%
chance of success.