Math 4/5/7380: Answers to exam 3

11 December 2013

Definitions and theorems

Provide short, precise answers to the following. Use complete sentences!

1. What is the private key data for the RSA cryptosystem? What is the
public key data? How are messages encrypted using this data? How
are messages decrypted?
The private key consists of data p, q, φ, b and the public key consists of
data a, n where

• p and q are two randomly chosen primes.

• n = pq, modulo which all calculations are performed.
• φ = (p − 1)(q − 1), the order of the multiplicative group modulo
n.
• a is randomly chosen in the interval [1, n − 1], subject only to the
restriction that gcd(a, φ) = 1.
• b is the multiplicative inverse of a modulo φ — that is, ab ≡
1 mod φ.

By Euler’s generalization of Fermat’s “Little Theorem” we know that

(xa )b ≡ x mod n. Thus Alice publishes the pair a, n (keeping every-
thing else secret). Bob (and for that matter everyone else) can encrypt
messages to Alice by first encoding his message as a sequence of inte-
gers x in the range [1, n − 1], computing y = xa mod n for each, and
sending these results to Alice. Alice can decrypt each by computing
y b mod n then decoding into plain text.

1
2. What is an eulerian walk? State Euler’s Theorem on the existence of
eulerian walks. How is it proved?
An eulerian walk is a walk v0 , v1 , . . . , v` (meaning that each pair vi , vi+1
are the endpoints of an edge) such that each edge of the graph is tra-
versed exactly once. Euler’s Theorem says that a connected graph (or
even multigraph) contains an eulerian walk if and only if the number
of nodes of odd degree is 0 or 2. This is proved using these facts:

• An eulerian walk that begins at a node of even degree must end

at that same node.
• An eulerian walk that begins at a node of odd degree must end at
a different node of odd degree.

Together with the fact that every graph contains an even number of
nodes of odd degree these facts imply the “necessity” half of the charac-
terization. For the “sufficiency” half we build an algorithm. If there are
nodes of odd degree choose one; otherwise choose any node. From the
chosen node begin a walk which avoids repetition of edges. Continue
until you reach a node node where all edges have been traversed. Then
go back to the beginning of the walk and examine each node in order,
splicing in closed walks along edges not yet traversed. Eventually all
edges will be included.

3. What is a labeled tree? State Cayley’s Theorem on the number of

labeled trees. How is it proved?
A labeled tree is a tree such that the nodes are numbered 0 through
(say) n − 1. Cayley’s Theorem is that there are exactly nn−2 la-
beled trees on n nodes. More precisely, Cayley’s Theorem establishes
a bijection between the labeled trees on n nodes and the sequences
(a1 , . . . , an−2 ) where each ai is one of the n labels. These sequences are
called the Prüfer codes of their respective labeled trees.

2
4. What is a spanning tree in a graph G? Describe two methods for
finding a spanning tree.
A spanning tree is a subgraph with the same nodes as G and which
is a tree. One way to construct a spanning tree is to successively
choose nodes and edges from G subject only to the restriction that
you never create a cycle from the set of edges chosen. Eventually
you obtain a maximally acyclic subgraph, which must be a spanning
tree. Alternatively you can successively delete edges from G so long
as you never disconnect the graph. Eventually you obtain a minimally
connected subgraph, which must be also be a spanning tree.

5. What is a minimal spanning tree? Describe two methods for finding a

minimal spanning tree.
A minimal spanning tree (MST) is defined for any graph on n nodes for
which there is a positive, symmetric cost function on the edges. In this
context a minimal spanning tree is a spanning tree whose total cost —
that is, the sum of the costs of all its edges — is minimal among all
possible spanning trees.
One way to construct a MST is to successively choose the cheapest edge
from G that does not create a cycle. Alternatively you can successively
delete from G the most expensive edge that does not disconnect the
graph. It can be proved that both algorithms produce a MST, although
not necessarily the same one unless all edges have distinct costs.

3
Computations
You must show all your work in order to receive credit for your solutions.

6. Suppose that V is a set of nodes and c(i, j) is a cost function on pairs of

nodes that is positive, symmetric, and satisfies the triangle inequality.
Suppose further that a minimal spanning tree in the complete graph
on V has planar code 1101001101011100110000. Use the Tree-Shortcut
Algorithm to find a tour of V whose total cost is at most twice the
minimum. Illustrate your solution.
Let T be the planar tree specified above. If we label the root 0 and
label the other nodes as we encounter them in the walk around T then
we obtain a picture of T as below:

This picture is only schematic: we are not attempting to reflect the

costs in the lengths of the edges, for example. The directions of the
branches are largely irrelevant, except that at each node they must be
ordered clockwise as they are encountered in the walk.

4
So, the walk around T is

0, 1, 2, 1, 3, 1, 0, 4, 5, 4, 6, 4, 7, 8, 9, 8, 7, 10, 11, 10, 7, 4, 0.

This is really all the information we need. In fact this information is

really just the list of nodes as they are visited during DFS. The picture
is just a visual aid. When we short-cut past repeated nodes we obtain
the cycle
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 0.
How convenient to have labeled them as encountered in the walk! This
cycle is illustrated below.

5
7. Let E be the elliptic curve y 2 = x3 − 7x, with the point at infinity
serving as the identity for its group law. Graph E and on it locate the
points P = (4, 6) and Q = (0, 0). Compute 2P and P + Q. Illustrate
your solution.
To graph E we first graph the cubic y = x3 − 7x, which has 3 distinct
real roots, and then take “square roots” of the y-values:

Now let’s write down the formulas for the coordinates of the addition
of points P1 and P2 . We suppose that the line joining them is the
tangent line in case P1 = P2 , and that in any case the line is not
vertical. (Otherwise P1 + P2 = O, the point at infinity.) Let us say
that P3 = P1 + P2 and Pi = (xi , yi ) for each i. If the line joining P1
and P2 has equation y = mx + b then the xi all satisfy the equation

m2 x2 + 2mbx + b2 = x3 − 7x.

When we rewrite this in standard form and then factor we obtain

x3 − m2 x2 − (2mb + 7)x − b2 = (x − x1 )(x − x2 )(x − x3 ).

Hence
m2 = x1 + x2 + x3 ,

6
or
x3 = m2 − x1 − x2 .

Next, let’s determine the slopes of tangent line by implicit differentia-

tion:
dy
2y = 3x2 − 7,
dx
whence
dy 3x2 − 7
= .
dx 2y
Let’s apply this in the case P1 = P2 = (4, 6). The equation of the
tangent line is
41 41 23
y = (x − 4) + 6 = x − .
12 12 3
From our formulas above we find that the x-coordinate of 2P is
1681 529
−8=
144 144
and the y-coordinate is
 
41 529 23 8441
− · − =− .
12 144 3 1728

Now let’s apply our formulas in the case P1 = (4, 6) and P2 = (0, 0).
The equation of the secant line is
3
y= x
2
whence the x-coordinate of P + Q is
9 7
−4=−
4 4
and the y-coordinate is
3 7 21
−− · = .
2 4 8

7
Proofs
In this section all graphs are simple — that is, they have no multiple edges
and no self loops.

8. Let G be a graph. Prove that if G is disconnected then its complement

G is connected.
We prove in fact that for any two nodes there is a path in G of length
at most 2 joining them. Since G is disconnected there is a partition of
G into two nonempty sets of nodes A and B with no edges joining any
node in A to any node in B. Now let v and w be any two nodes. If v
and w are in different connected components of G then in particular,
by definition of complement they are joined by an edge in G. If they
are in the same connected component of G then this component must
lie entirely within either A or B. Let’s say that they lie in A. If we
choose x ∈ B then from the previous remarks we find that both v and
w are joined to x in G. Thus in any case v and w are joined by a path
in G of length at most 2, as claimed.

9. Suppose that T is a rooted tree. Prove that if the root has degree d
then T has at least d leaves.
We prove this by induction on the number of nodes. If T consists of a
single node then d = 0 and indeed T has at least 0 leaves. Now suppose
that T has more than one node. Let r denote the root. If from T we
delete r and all the edges on it then the connected components of this
smaller graph are called the branches of T at r. Each of these branches
is a tree in its own right. Note that since T is a tree r is connected to
exactly one node in each branch. Indeed, if r were connected to two
nodes in a branch then the unique path joining them in the branch
together with the edges joining the ends of the path to r would form a
cycle in T . Let us root each of these trees at its unique node joined to r.
If a branch consists of a single node then it is a leaf in T . Otherwise the
root of that branch has degree at least 1, and so by induction contains
at least 1 leaf. By definition this leaf is not the root of that branch. By
our previous remarks this leaf is not joined to r in T , hence its degree
in T is also 1. That is, it is a leaf in T . Thus each of the d branches
contains at least 1 leaf in T , as required.

8
Python
10. The following is a python function for depth-first search (DFS). Modify
the code so that it returns a pair T,C where T is a spanning tree and C
is a planar code of T.

def DFS(G,r):
T = graph()
T.add_node(r)
V = [r]
while V:
x = V[-1]
U = [y for y in G[x] if y not in T]
if U:
y = U[0]
T.add_node(y)
T.add_edge(x,y)
V.append(y)
else:
V.pop()
return T

The modification required is very simple: we begin with an empty list

C; each time we visit a new node (the line T.add_node(y)) we append
1 to C; each time we backtrack (the line V.pop()) we append 0 to C.
Of course, we also modify the return line.

def augmented_DFS(G,r):
T = graph()
T.add_node(r)
V = [r]
C = []
while V:
x = V[-1]
U = [y for y in G[x] if y not in T]
if U:
y = U[0]
T.add_node(y)

9
 T.add_edge(x,y)
V.append(y)
C.append(1)
else:
V.pop()
C.append(0)
C.pop() # 0 should not be appended
# when we examine the root r
# the very last time
return T, C

11. Provide a big-O analysis of the running time of the DFS code above.
The main loop iterates over each edge exactly twice: once downward
and once upward. The critical calculation in iteration is

U = [y for y in G[x] if y not in T]

This examines the children of the current node x and determines which
of these (if any) have not yet been visited. The number of nodes to
check is bounded by the number of nodes in T, which in turn is at most
the number of nodes in G, of course. We could provide a sharper bound,
especially if we wanted an analysis of the average running time, but we
are only asked for a big-O analysis, so this estimate suffices. Thus we
can say that the number of basic graph operations performed is

O(|E| · |V |) = O(|V |3 ).

10