¢¡¤£¦¥§£¦¥©¨ ¢¡ ¨ ©¡¤ ¤ "!"#%$&$(')$(*©+-,.,"/10123!547698&,":$(;(6< ,.=&8?>A@BDCFEHGIKJ¤LK¥>NMOEQPR¨J

S

¥UTV¡¤>?¨J¤WDX¤E YZ¨J¤¥1J¤>? ¢[ \M©¥¥U>^]`__aE

b(¢c¤1¡¤Z£¦J¤U7¨£¦J¤>&¥UKedfd3dhgUifjfikhg1lOjm3nhg1ofdOjmfpfkOqfr3rsgUifjRtnOj3i

¢[ uM©UK¥¥ ¡¤¨¥wvU¨JKWx¡¤7y¦y¦Vz{£¦J¤v|¥ AKTK£¦}¤T~ O7£¦¥¥£¦J¤¥ ¡¤~Ky¦KTUJ¤£¦TwP¤K¥U£€QJ?¡¤£¦¥

@AR‚fƒ

M.K7£¦¥¥U£€J-£¦¥^vQ¨JW{„U£€PHK>O ¤£¦J ¨J W†¥‡Z¨„¥U£€J vy€FTK B|f¡¤£¦¥^TV¡¤¨Q ^

AKU¥J¤¨Qyˆc ¥KE ¢¡¤£€¥ O7£¦¥¥£¦JW R¥ J¤`‰Š3KJ¤WDD@¤£€J W¤£€J v „c y‹£€ ¤y¦†TV¡ ¨ ¥ŒQ

¡¤@A3‚f>ˆ ¡¤3TKQ BO£¦J¤vIw ¤URW c¤TK£¦J¤v T ¤£¦K¥{w¡ K¢¡¤¨JŽ AK¥UJ¤¨y©c¤¥U†¡¤

AKU¥J5TK¨`£¦J¤v¡ ‰TK B>¢„7¨‚f£¦J¤vKy¦KTQJ¤£€T-T ¤£¦K¥Œ¨‘PR¨£¦y€¨Q@¤y€† U’£¦’PR¨y^@B

¡¤KU¥sz{£‹¡¤c ¤U£€h AKU~£¦¥¥U£€QJ £¦J7z{U£‹£€J¤v~Q“ ¢[ MˆUK¥U¥E

”&ŠOTKK <•z{¡¤KU‰‘PHK1–VU£€W¤W KJ—@BŽ¡¤‰¥U OTK£¦}¤T- O7£¦¥¥£¦J5¨@A‘PH>˜¡¤‰¥1¨J W¤¨W™TK BO£¦v¡xJ¤£€T

Q“ ¢[ \M©UK¥¥Z¨ ¤ y€£¦K¥%š¡ £€¥hKy¦KTUJ¤£¦ThP¤K¥U£€QJ¤ƒ

›FK£œ¡¤¡¤£€¥§@O3‚ŒJ §¨QJBD ¨‡F7¨‘B @AZK 3W¤c¤TKW‰&U¨J¤¥U~£œKW‰£¦J†¨QJBDQu

@B¨JBž7K¨QJ¤¥>hKy¦KTUJ¤£¦T‰„7TV¡¤¨J¤£¦TK¨y¦>h£€J TKy¦c¤W¤£¦J¤vŸ ¤¡¤RT BN£¦J¤v>¢7£¦TKU}¤y¦~£¦J¤v>

¨J WKTW £€J¤vQ>%š@B5¨JB£€J¤Q7¨£¦J¥1U¨vŒe’£¦’PR¨ys¥1BO¥‡7>?z{£œ¡ c~ ¤U£€

AKU~£¦¥¥U£€QJ £¦J7z{U£‹£€J¤v~Q ¡ { c¤@¤y¦£€¥U¡¤KUE

¢¡¤7TJ¤¥J†Q§ ¢[ M©¥¥{W¤R¥ J¤~Š3KJ¤Wx-T BN£¦J¤vD vJ¤KU¨ysW¤£¦¥‡£¦@¤c£¦J¤>

§ ¤Q~`£¦J¤>NQ§TK¨`£¦J¤v•J¤’z¡ze‚f¥>N^§¥¨y¦KEhX¤ AKT£€}¤Te O7£€¥U¥£¦Jx„c¤¥1{@O

@<¨£¦J¤KWD£¦J7z{U£‹£€J¤v~Q“ ¢[ \M©UK¥¥Z¢¥Uc¤TV¡ T BN£¦J¤vE

¢

T ]__Q£•@BŽ ¢[^ ¤M©¥¥>¥¦J¤TE Chapter

Number-Theoretic Reference Problems

Contents in Brief

3.1 Introduction and overview §?§&§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 87

3.2 The problem §&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 89

3.3 The RSA problem §?§?§&§?§?§?§&§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 98

3.4 The quadratic residuosity problem §&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 99

3.5 Computing square roots in ¨ª©«§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 99

3.6 The problem §?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 103

3.7 The Dif®e-Hellman problem §&§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 113

3.8 Composite moduli §?§?§&§?§?§?§&§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 114

3.9 Computing individual bits §?§&§?§?§&§?§?§?§&§?§?§?§N§?§?§&§?§?§?§&§ 114

3.10 The subset sum problem §?§?§&§?§?§&§?§?§?§&§?§?§?§N§?§?