EE 418: Network Security and Cryptography Homework 2 { Solutions Assigned: Tuesday, October 11, 2016, Due: Tuesday, October 25, 2016 Instructor: Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Problem 1 For each of the following pairs of integers (x; y), first determine whether x−1 mod y exists. Then find x−1 (mod y) if it exists. Show all work. (a) x = 5, y = 25 (b) x = 12, y = 29 (c) x = 24, y = 35 (d) x = 17, y = 101 (e) x = 87, y = 102 Solution: (a) x = 5; y = 25 There does not exist an inverse x−1 (mod y) for a pair x = 5; y = 25, since x = 5 y = 25 = 52; hence gcd(x = 5; y = 25) = 5 6= 1 (b) x = 12; y = 29 There does exist an inverse x−1 (mod y) for a pair x = 12; y = 29, since gcd(x = 12; y = 29) = 1. Let's show that using the Eucliedan Algorithm: 12 = 0(29) + 12 29 = 2(12) + 5 12 = 2(5) + 2 5 = 2(2) + 1 2 = 2(1) + 0 Now, let's use the Extended Eucliedan Algorithm to find the inverse x−1 (mod y) for a pair x = 12; y = 29: 1 = 5 − 2(2) = 5 − 2[12 − 2(5)] = 5(5) − 2(12) = 5[29 − 2(12)] − 2(12) = 5(29) − 12(12) (1) From equation (1), it follows that: 12−1 = −12 (mod 29) = 17 (mod 29) 1 Solution: (c) x = 24; y = 35 There does exist an inverse x−1 (mod y) for a pair x = 24; y = 35, since gcd(x = 24; y = 35) = 1. Let's show that by factorizing x and y: x = 23 · 3 y = 5 · 7 (2) From (2), it follows that x and y do not have any common factors, hence gcd(x = 24; y = 35) = 1. Let's now use the Extended Euclidean Algorithm to find the inverse x−1 (mod y) for a pair x = 24; y = 35: 24 = 0(35) + 24 35 = 1(24) + 11 ! 11 = 35 − 1(24) 24 = 2(11) + 2 ! 2 = 24 − 2(11) 11 = 5(2) + 1 ! 1 = 11 − 5(2) 1 = 11 − 5(2) = 11 − 5[(24) − 2(11)] = 11(11) − 5(24) = 11[(35) − (24)] − 16(24) = 11(35) − 16(24) (3) From (3), it follows that: 24−1 = −16 (mod 35) = 19 (mod 35) (d) x = 17; y = 101 There does exist an inverse x−1 (mod y) for a pair x = 17; y = 101, since both 17 and 101 are prime numbers. Using the Extended Euclidean Algorithm to find the inverse x−1 (mod y) for a pair x = 17; y = 101 we get that 17−1 mod (101) = 6. (e) x = 87; y = 102 There does not exist an inverse x−1 (mod y) for a pair x = 87; y = 102, since gcd(x = 87; y = 102) = 3. Let's show that by factorizing x and y: x = 87 = 29 · 3 y = 102 = 2 · 3 · 17 (4) From (4), it follows that x and y do have common factor, d = 3, hence gcd(x = 87; y = 102) = 3. Problem 2 (Stinson, Problem 1.2) Suppose that a, m > 0 and a 6≡ 0 (mod m). Prove that (−a) mod m = m − a(modm): (5) Solution I: In order to prove the statement given by equation (5), let's use the remainder theorem to represent a as: a = b · m + r (6) We next multiply both sides of equation (6) by -1 and rearrange the equation in the following way: −a = −b · m − r = −b · m + m − m − r = −(b + 1) · m + m − r (7) 2 Equation (7) is, however, nothing but another application of the remainder theorem: −a = − (b + 1) m + (m − r) = q1 · m + r1 (8) | {z } | {z } q1 r1 Using the fact that a(modm) ≡ r, we can write: −a mod m = r1 = m − r = m − a mod m (9) Equation (9) completes the proof. Solution II: Part one: Suppose that a; m > 0 and a 6≡ 0 mod m, hence for some integers q and r, where 0 ≤ r < m, we can write a as a = mq + r, according to division theorem. By simple algebra, −a = −mq − r, which is −a = m(−q) − r. Then we take mod m on both side. (−a) mod m = (−r) mod m. However, it is equivalent to (−a) mod m = m − r mod m. Since 0 < r < m, then 0 < m − r < m, and m − r mod m = m − r, as the result (−a) mod m = m − r. Part two: On the other hand, since a = mq + r, then a mod m = r, hence −(a mod m) = −r. By adding m on both side, we get m − (a mod m) = m − r By comparing result from both part, (−a) mod m = m − r, m − (a mod m) = m − r, we conclude they are equal, and hence it completes the proof. Problem 3 (Stinson, Problem 1.6) If an encryption function eK is identical to the decryption function dK , then the key K is said to be an involutory key. Find all the involutory keys in the Shift Cipher over Z26. Solution: In order to find all involutory keys in Shift Cipher over Z26, let's first represent the 5-tuple that defines the cipher: P = C = K = Z26 y = eK (x) = (x + K) mod 26 x = dK (y) = (y − K) mod 26 (10) By definition, a cryptographic key K is involutory key, if: eK (x) = dK (y) (11) 3 From equation (11), if follows that: x = eK (eK (x)) = eK [(x + K) mod 26] = [(x + K) mod 26 + K] mod 26 = (x + 2K) mod 26 (12) From equation (12), the condition for a key to be an involutory key in Shift Cipher over Z26 is given as: 2 · K mod 26 = 0 (13) From equation(13), we conclude that there are two involutory keys in Shift Cipher over Z26: K1 = 0; K2 = 13 Problem 4 (Stinson, Problem 1.7) Determine the number of valid keys (a; b) in an Affine cipher over Zm for m = 30; 100 and 1225. Solution: Let's start solving this problem by recalling the definition of the Affine cipher: P = C = Zm K = f(a; b): a 2 Zm and gcd(a; m) = 1; b 2 Zmg y = eK (x) = (ax + b) mod m −1 x = dK (y) = a (y − b) mod m (14) From equation (14), it follows that the number of keys in an Affine Cipher over Zm depends on the cardinality ~ ~ of the subset Zm, that contains all the elements x 2 Zm, such that gcd(x; m) = 1. The cardinality of the ~ subset Zm is determined by the Euler totient (φ) function: n Y ei ei−1 φ(m) = (pi − pi ) (15) i=1 Qn ei where i=1 pi represents a unique prime factorization of number m. From equation (15), the number of distinct keys in an affine cipher over Zm is defined as: n Y ei ei−1 # of distinct keys = N(m) = m · φ(m) = m (pi − pi ) (16) i=1 4 For m = 30; 100; 1225, we can write: 30 = 2 · 3 · 5 n Y ei φ(30) = pi = (2 − 1) · (3 − 1) · (5 − 1) = 8 i=1 n Y ei ei−1 N(30) = m · φ(m) = m (pi − pi ) = 30 · 8 = 240 i=1 100 = 22 · 52 n Y ei 2 2 φ(100) = pi = (2 − 2) · (5 − 5) = 2 · 20 = 40 i=1 n Y ei ei−1 3 N(100) = m · φ(m) = m (pi − pi ) = 100 · 40 = 4 · 10 i=1 1225 = 52 · 72 n Y ei 2 2 φ(1225) = pi = (5 − 5) · (7 − 7) = 20 · 42 = 840 i=1 n Y ei ei−1 N(1225) = m · φ(m) = m (pi − pi ) = 1225 · 840 = 1029000 i=1 Problem 5 (Stinson, Problem 1.10) Suppose K = (5, 21) is a key in an Affine Cipher over Z29. 0 0 0 0 (a) Express the decryption function dK (y) in the form dK = a y + b , where a ; b 2 Z29. (b) Prove that dK (eK (x)) = x for all x 2 Z29. Solution: An Affine Cipher over Z29 is defined by the following 5-tuple: P = C = Z29 K = f(a; b): a 2 Z29 and gcd(a; 29) = 1; b 2 Z29g y = eK (x) = (ax + b) mod 29 −1 x = dK (y) = a (y − b) mod 29 (17) (a) In order to express the decryption rule (equation (17)) in the form: 0 0 0 0 dK (y) = a y + b ; where a ; b 2 Z29 (18) let's first find the multiplicative inverse of a = 5 over Z29 using Extended Euclidean Algorithm: 29 = 5(5) + 4 5 = 1(4) + 1 1 = 5 − 1(4) 1 = 5 − 1(29 − 5(5)) 1 = 6(5) − 29 (19) 5 From equation (19), it follows that a−1 = 6. We can now write: −1 dK (x) = a (y − b) mod 29 = (a−1y − a−1b) mod 29 = (6y − 126) mod 29 ≡ (6y + 19) mod 29 (20) Therefore, decryption rule dK (y) can be expressed as dK (y) = (6y + 19) mod 29 (b)We next prove that dK (eK (x)) = x for all x 2 Z29. In order to prove that dK (eK (x)) = x, let's express dK (eK (x)) in the following way: dK (eK (x)) = dk[(5x + 21) mod 29] = 6[(5x + 21) mod 29] + 19 (mod 29) = 30x + 126 + 19 (mod 29) = 30x + 145 (mod 29) = 30x + 145 ≡ x (mod 29) (21) Equation (21) completes the proof.