Sample Solution Cryptology Design Fundamentals Grundlagen des kryptographischen Systementwurfs Lecture ID: ET-IDA-28 Final Examination Closed-book short question part Prof. W. Adi Date : 06.04. 2011 Duration : 20 Minutes , Maximum marks is 30% Sample Solution Vorname ……………………………………….. Nachname ……………………………………….. Matrikel-Nr. ………………………………………..

Marks: ∑ ........... 2

gcd ( a 7 t – a t , a 9 t – a t ) = a t gcd ( a 6 t – 1 , a 8 t – 1 ) Q1: Compute gcd(910,280). (1 P) n1 n2 q r 910 280 3 70 4  gcd ( 910 , 280 ) = …70.. Q2: Compute gcd [ (a7 t - at) , (a9 t - at) ], where a and t are non-zero positive integers and gcd (t,9)=gcd(t,7)=1. (2 P) gcd ( a 7 t – a t , a 9 t – a t ) = a t gcd ( a 6 t – 1 , a 8 t – 1 ) = a t (a gcd ( 6 t, 8 t ) – 1) = a t (a 2t–1) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Page 1/5

Q3: On which claimed unsolvable problems are the securities of the following cryptosystems based? 1. RSA Signature System Integer factoring problem 2. Omura Proof of Identity Protocol Discrete Logarithm Problem 3. Omura-Massey Lock for Shamir’s 3-Pass Protocol over GF(p) Discrete Logarithm Problem over GF(p) 4. Fiat Shamir proof of identity protocol (4 P)

Since ord(3) = 17-1 = 16 as a primitive element Q4: Compute the multiplicative order of 34 in GF(17) assuming that 3 is a primitive element in GF(17). Since ord(3) = 17-1 = 16 as a primitive element Q5: How many elements are there in the group of units Z*m for m =187= 11· 17. Compute the highest possible multiplicative order for a unit in Z*m (*)Compute the multiplicative order of the element 2 modulo 187 (optional question +4p) (3 P) # of elements in the group is (17 . 11) = (17-1) (11-1) = 160 Highest possible order is: (17 . 11) = lcm [(17) , (11)] = lcm [(17) , (11)] = lcm [16, 10] = 16 . 10 / gcd(16,10) = 160/2 = 80 (5 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Order divides 80 that is 1, 2, 4, 5, 8, 10, 16, 20, 40, or 80 21 = 2 ≠ 1, 22 = 4 ≠ 1, 24 = 16 ≠ 1, 25 = 32 ≠ 1, 28 = 69 ≠ 1, 210 = 89 ≠ 1, 216 = 86 ≠ 1 220 = 67 ≠ 1, 240 = 1 order of 2 is = 40 Page 2/5

Q6: Reduce the following expressions to the smallest positive integers in the corresponding deployed algebra: 1. R13 ( 12 33 – ( 27 ) 5 · 28 2 ) = R13 ( -1 33 – (1 ) 5 (2)2 ) = R13 (-1 - 4) = R13 (- 5) =8 2. ( 1 – 2x 2 ) ( 2 + 3x2) over GF(5) = 2 + 3 x2 – 4 x2 - 6x4 = 2 – x2–x4 = 2 + 4x2 + 4 x4 (3 P)

and the order of a group’s element? Q7: Which relationship do exist between the number of the group elements and the order of a group’s element? Q8: What is a mathematical „Involution“ function? Is a function which is equal to its inverse function. ( F= F-1 ) (2 P) The order of the group element divides the number of its elements Or the order of each element divides the group’s order (Lagrange Theorem) (2 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen? Page 3/5

+ Shamir Perfect Secret Sharing RAND Z Q9: Sketch Shamir perfect secret sharing scheme for two users (3 P) Shamir Perfect Secret Sharing Shamir RAND Random BSS Z Secret Give User A Common Secret Between A and B + Exchange to generate Common secret RAND + Z Give User B

Compute the possible multiplicative orders for elements in GF(29)? Q10: In GF(29). Compute the possible multiplicative orders for elements in GF(29)? Possible multiplicative orders are the divisors of (29) = 29-1=28= 2 x 2 x7. These are: 1, 2, 4, 7,14,28 Compute the number of primitive elements in GF(29). # of primitive elements (28) = (22.7) = 28 (1- 1/2) . (1- 1/7) = 12 3. Which are the minimum number of tests required to find out weather a given element β in GF(29) is primitive? β1 ≠ 1, β2 ≠ 1, β4 ≠ 1, β7 ≠ 1, β14 ≠ 1 (6 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?

2-6 = 2t = 2-6 mod 28= 2-6 + 28= 2 22 => order of 2 is 28 Compute the multiplicative order of 2 in GF(29). 21 ≠ 1, 22 ≠ 1, 24 =16≠ 1, 27 =128=12≠ 1, 214 =144=28≠ 1 => order of 2 is 28 Compute the smallest positive integer t for which 2-6 = 2t holds. 2-6 = 2t = 2-6 mod 28= 2-6 + 28= 2 22 => t = 22 Page 4/5

Compute a8 and give the corresponding binary vector for a8 . Q11: GF(26) is generated by the irreducible and primitive polynom P(x)= x6 + x + 1. The element a = 000011 = x + 1 is selected from GF(26). Compute a8 and give the corresponding binary vector for a8 . a = (x +1), a 2 = (x 2 + 1), a 4 = (x 2 + 1) 2 = x 4 + 1, a 8 = (x 4 + 1) 2 = x 8 + 1 = x 3 + x 2 + 1 = 001101 as x 6 + x + 1 = 0  x 6 = x + 1  x 7 = x 2 + x  x 8 = x 3 + x 2 2. Compute the multiplicative order of a (Hint: a= 1+x = x6 ) As P(x) is primitive, the order of x is 26-1=63, as x6=1+x => ord (1+x) = ord( x6) 3. Compute the smallest positive integer t for which a-1 = at holds. The modulus in the exponent for a is the order of a=63 ord (a) = ord (x6) = (ord x) / gcd (ord x , 6) = (2 6 – 1) / gcd (2 6 – 1 , 6) = 63/3 = 21  a -1 mod 21 = a -1+21 = a 20  t = 20 (10 P) MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?

Annex: Euler Function (m) (m) = m ( 1 - ) ( 1 - ) …… For m = p1 p2 p3 .... pt e1 e2 e3 et (m) = m ( 1 - ) ( 1 - ) …… P1 1 P2 1 Carmicheal´s function (m) :  (2)= 1, (22) = 2, (2e) = 2e-2 for e  3: (pe)= (pe) = (p - 1)pe-1 for p odd prim. for m = p1e1 p2e2 p3e3 ... pnen (m) = lcm [ (p1e1 ), (p2e2 ), … (pnen ) ] page 5/5