Assignment #3 Solutions January 24, 2006

Practical Aspects of Modern Cryptography Problem #1 Use Fermat’s Little Theorem and induction on k to prove that x k(p–1)+1 mod p = x mod p for all primes p and k ≥ 0.

January 24, 2006Practical Aspects of Modern Cryptography Answer #1 By induction on k … Base case k = 0: x k(p–1)+1 mod p = x 0+1 mod p = x mod p Base case k = 1: x k(p–1)+1 mod p = x (p-1)+1 mod p = x p mod p = x mod p (by Fermat’s Little Theorem)

January 24, 2006Practical Aspects of Modern Cryptography Answer #1 (cont.) Inductive step: Assume that x k(p–1)+1 mod p = x mod p. Prove that x (k+1)(p–1)+1 mod p = x mod p.

January 24, 2006Practical Aspects of Modern Cryptography Answer #1 (cont.) x (k+1)(p–1)+1 mod p = x k(p–1)+(p-1)+1 mod p = x k(p–1)+1+(p-1) mod p = x k(p–1)+1 x (p-1) mod p = x x (p-1) mod p (by inductive hypothesis) = x p mod p = x p mod p (by Fermat’s Little Theorem)

January 24, 2006Practical Aspects of Modern Cryptography Problem #2 Show that for distinct primes p and q, x mod p = y mod p x mod q = y mod q together imply that x mod pq = y mod pq.

January 24, 2006Practical Aspects of Modern Cryptography Answer #2 x mod p = y mod p  (x mod p) – (y mod p) = 0  (x – y) mod p = 0 (by first assignment)  (x – y) is a multiple of p. Similarly x mod q = y mod q  (x – y) is a multiple of q.

January 24, 2006Practical Aspects of Modern Cryptography Answer #2 (cont.) Therefore, (x – y) is a multiple of pq  (x – y) mod pq = 0  (x mod pq) – (y mod pq) = 0  x mod pq = y mod pq.

January 24, 2006Practical Aspects of Modern Cryptography Problem #3 Put everything together to prove that x K(p–1)(q-1)+1 mod pq = x mod pq For K ≥ 0 and distinct primes p and q.

January 24, 2006Practical Aspects of Modern Cryptography Answer #3 Let k 1 =K(q–1) and k 2 =K(p–1). x K(p–1)(q-1)+1 mod p = x k 1 (p–1)+1 mod p = x mod p and x K(p–1)(q-1)+1 mod q = x k 1 (q–1)+1 mod q = x mod q By Problem #1, and then by Problem #2 x K(p–1)(q-1)+1 mod pq = x mod pq.

January 24, 2006Practical Aspects of Modern Cryptography Problem #4 E(x) = x 43 mod 143 Find the inverse function D(x) = x d mod 143.

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 143 = 11  13 We need to find d such that 43d mod (11–1)(13–1) = 1. Use the Extended Euclidean Algorithm to find a solution to find x and y such that 120x + 43y = 1.

January 24, 2006Practical Aspects of Modern Cryptography Extended Euclidean Algorithm Given A,B > 0, set x 1 =1, x 2 =0, y 1 =0, y 2 =1, a 1 =A, b 1 =B, i=1. Repeat while b i >0: {i = i + 1; q i = a i-1 div b i-1 ; b i = a i-1 -q i b i-1 ; a i = b i-1 ; x i+1 =x i-1 -q i x i ; y i+1 =y i-1 -q i y i }. For all i: Ax i + By i = a i. Final a i = gcd(A,B).

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Answer #4 (cont.) iaiai bibi xixi yiyi qiqi

January 24, 2006Practical Aspects of Modern Cryptography Problem #5 Digital Signature Algorithm Public parameters: q = 11, p = 67, g = 9, y = 62 Private secret: x = 4 Message to be signed: M = 8 Selected random parameter: k = 2

January 24, 2006Practical Aspects of Modern Cryptography The Digital Signature Algorithm To sign a 160-bit message M, Generate a random integer k with 0 < k < q, Compute r = (g k mod p) mod q, Compute s = ((M+xr)/k) mod q. The pair (r,s) is the signature on M.

January 24, 2006Practical Aspects of Modern Cryptography Answer #5 r = (g k mod p) mod q = (9 2 mod 67) mod 11 = (81 mod 67) mod 11 = 14 mod 11 = 3 s = ((M+xr)/k) mod q = ((8+4  3)/2) mod 11 = (20/2) mod 11 = 10 mod 11 = 10 The pair (3,10) is the signature on 8.

January 24, 2006Practical Aspects of Modern Cryptography The Digital Signature Algorithm A signature (r,s) on M is verified as follows: Compute w = 1/s mod q, Compute a = wM mod q, Compute b = wr mod q, Compute v = (g a y b mod p) mod q. Accept the signature only if v = r.

January 24, 2006Practical Aspects of Modern Cryptography Answer #5 (cont.) w = 1/s mod q = 1/10 mod 11 = 10 a = wM mod q = 10  8 mod 11 = 3 b = wr mod q = 10  3 mod 11 = 8 v = (9 3  62 8 mod 67) mod 11 = (59  15 mod 67) mod 11 = 14 mod 11 = 3 v = 3 and r = 3 so the signature is validated.