Scribd
Upload
20 views1 page

Problems 8

The document outlines homework problems for a cryptology course, focusing on primality testing, modular arithmetic, and RSA protocol vulnerabilities. It includes exercises on the Solovay-Strassen and Miller-Rabin tests, finding square roots modulo a composite number, and a detailed example of a common modulus protocol failure in RSA. Additionally, it involves computations related to factoring and the Quadratic Sieve method.

Uploaded by

jazzy075
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views1 page

Problems 8

The document outlines homework problems for a cryptology course, focusing on primality testing, modular arithmetic, and RSA protocol vulnerabilities. It includes exercises on the Solovay-Strassen and Miller-Rabin tests, finding square roots modulo a composite number, and a detailed example of a common modulus protocol failure in RSA. Additionally, it involves computations related to factoring and the Quadratic Sieve method.

Uploaded by

jazzy075
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

T-79.

5501 Cryptology
Homework 8
April 2, 2009

1. Test the primality of 2009 using

(a) the Solovay-Strassen test with a = 442


(b) the Miller-Rabin test with a = 442.

2. (a) Find all square roots of 1 modulo 4453 = 61 · 73.


(b) 2777 is a square root of 3586 modulo 4453. Find all square roots of 3586 modulo 4453.

3. (Stinson 5.24) Suppose throughout this question that p is an odd prime and gcd(a, p) = 1.
Suppose that i ≥ 2 and b2 ≡ a (mod pi−1 ). In the ad hoc exercises last week it was shown that
there is a unique x ∈ ZZpi , such that x2 ≡ a (mod pi ) and x ≡ b (mod pi−1 ) and a method was
described how this x can be computed efficiently.
Illustrate this method in the following situation: starting with the congruence 62 ≡ 17 ( mod 19),
find square roots of 17 modulo 192 and modulo 193 .

4. Compute

2120 (mod122183).

Then using the p − 1 method, attempt to factor 122183.

5. Let n = pq, where p and q are primes. We can assume that p > q > 2 and we denote d = p−q 2
and x = p+q . Then n = x2 − d2 . Attempt to factor n = 400219845261001 by searching for small
2 √
non-negative integers t such that x2 − n = (d ne + t)2 − n is a perfect square. (This is a simple
form of the Quadratic Sieve method.)

6. (Stinson): This exercise illustrates an example of a protocol failure (presented by Gus Simmons)
involving RSA; it is called the common modulus protocol failure. Suppose Bob has an RSA
cryptosystem with modulus n and encryption exponent b1 , and Charlie has an RSA Cryptosystem
with (the same) modulus n and encryption exponent b2 . Suppose also that gcd(b1 , b2 ) = 1. Now,
consider the situation that arises if Alice encrypts the same plaintext x to send it to both Bob and
Charlie. Thus, she computes y1 = xb1 mod n and y2 = xb2 mod n and then she sends y1 to Bob
and y2 to Charlie. Suppose Oscar intercepts y1 and y2 , and performs following computations:
Input: n, b1 , b2 , y1 , y2

i) Compute c1 = b−1
1 mod b2
ii) Compute c2 = (c1 b1 − 1)/b2
iii) Compute x1 = y1c1 (y2c2 )−1 mod n

(a) Prove that the value x1 computed in step iii) is in fact Alice’s plaintext, x. Thus Oscar can
decrypt the message Alice sent, even though the cryptosystem may be “secure”.
(b) Illustrate the attack by computing x by this method if n = 18721, b1 = 43, b2 = 7717,
y1 = 12677 and y2 = 14702.

You might also like