*Click on question number to see answers*

1. In certain computer bulletin-board systems it is customary, if you want to post a message that may offend some people (e.g., a dirty joke), to encipher the letters (but not the blanks or punctuation) by a simple shift cipher. It is then easy to decipher the text if one wants to, but no one is forced to see a message that jars on the nerves. This story was recently found on such a bulletin-board.

At an international convention of surgeons, representatives of different countries were comparing notes on recent advances in reattaching severed parts of the body. The French, Americans and Russians were being especially boastful. The French surgeon said, "We sewed a leg on an injured runner, and a year later he placed in a national 1000-meter race." "Using the most advanced surgical procedures," the Russian surgeon chimed in, "we were able to put back an athlete's entire arm, and a year later with the same arm he established a new world record for the shot put." But they all fell silent when the American, not to be outdone, announced that "Jr frjrq n fzvyr ba n ubefr'f nff, naq n lrne yngre vg jnf ryrpgrq Cerfvqrag!"What is the punchline?

2. Consider the following assignments of numerical equivalents to a 40 letter alphabet. The letters A-Z are given the their numerical equivalents 0 to 25 respectively, a blank space = 26, "." = 27, "?" = 28, "$" = 29 and the numerals 0-9 are assigned 30-39 respectively. A message using this alphabet is encoded into a string of numbers by taking each pair of letters (anything in the alphabet) in the message, converting the pair to their numerical equivalents, say a, b, and then replacing the pair by the number a(40) + b. Thus, a message starting "Hi. Send $ ..." would be converted to HI = 7(40) + 8 = 288, . = 27(40) + 26 = 1106, SE = 18(40) + 4 = 726, ND = 13(40) + 3 = 523, $ = 26(40) + 29 = 1069, so our message would be written numerically as 288 1106 726 523 1069 ... .

(a) If this method is used to convert a message to a numerical sequence and then the sequence is encrypted by the RSA system, explain how the message could be decrypted without knowing how to factor the public modulus.

(b) Suppose that the RSA system used modulus 793349 and exponent 17. Break this system
by factoring the modulus and finding 17^{-1} mod (793349). [*If you are unable to factor the
number by Tuesday, I will supply the factors by e-mail for the cost of 3 points*.]

(c) Which method, (a) or (b), would be the fastest, and why?

3. Use the Pohlig-Hellman algorithm to find the discrete logarithm of 153 to the base 2 in
Z_{181}, i.e., solve for x : 2^{x} = 153 mod (181).

4. Consider the non-linear feedback function f(s_{0}, s_{1}, s_{2}, s_{3}) = s_{0} + s_{2} + s_{0}s_{2}s_{3} + s_{1}s_{2} and the
sequence generated from the starting state 0001. Determine the linear equivalence of this
sequence and construct a LFSR which will generate the same sequence.

5. If n is an odd composite number and b an integer such that gcd (n,b) = 1 then

(i) if b^{n-1} = 1 mod n, then **n** is called a *pseudoprime to the base b*.

(ii) if then **n** is called an* Euler pseudoprime to the base b*.

(iii) write n - 1 = 2^{s}t with t odd. If either b^{t} = 1 mod n or there exists an r, 0 r s, such
that then **n** is called a *strong pseudoprime to the base b*.

(a) Show that 91 is a pseudoprime to the base 3, but not to the base 2.

(b) Prove that any Euler pseudoprime to the base b is a pseudoprime to the base b.

(c) We have seen in class that 91 is an Euler pseudoprime to the base 10. Is 91 a strong pseudoprime to the base 10?

(d) Prove that if n is a pseudoprime to the base 2, then N = 2^{n} - 1 is a strong pseudoprime
and an Euler pseudoprime to the base 2.

**This is a cyclic shift cipher by 13 (i.e. ROT13 ). It decrypts as "We sewed a smile on a horse's ass, and a year later it was elected President!"**

Return to Questions

Answer to Question 2

**(a) This coding of the message produces 40 ^{2} = 1600 possible numbers to be enciphered by RSA. Since the method of enciphering is public knowledge, Oscar can encipher these 1600 numbers and store the results (after sorting) in a table with the letter pairs that produce them. Upon intercepting an enciphered text, Oscar merely looks up the numbers in this table and decrypts them as the corresponding letter pairs.**

**
(b) n = 793349 = (607)(1307), so(n) = (606)(1306) = 791436. Using the extended Euclidean Algorithm we find 17 ^{-1} = 744881 mod 791436.**

**
(c) In this example, setting up the table of 1600 numbers will take more time than factoring n. However, RSA decryption requires raising each number to the 744881 power, while method a) only requires a table lookup. Even for fairly short messages, the difference in time required to decrypt the message quickly makes up for the extra time needed to set up the table. Method a) would be much faster in practice for anything but the shortest messages**.

Return to Questions

Answer to Question 3

**x = 107 mod 180.**

Return to Questions

Answer to Question 4

**The sequence produced has period 6 and starts 0 0 0 1 0 1 .... Thus, the polynomial S ^{(6)}(x) = x^{3} + x^{5}. The gcd (1 + x^{6}, x^{3} + x^{5}) = 1 + x^{2} (most easily obtained from the Euclidean Algorithm). Thus, m*(x) = (1 + x^{6})/(1 + x^{2}) = 1 + x^{2} + x^{4}. So the linear equivalence is 4 and in this case m(x) = m*(x), so this is the characteristic polynomial of a LFSR which produces the same sequence (with starting state 0 0 0 1)**.

Return to Questions

Answer to Question 5

**(a) 3 ^{90} 1 mod 91, so 91 is a psuedoprime to the base 3. However, 2^{90} 64 mod 91, so 91 is not a psuedoprime to the base 2.**

**
(b) Since n is an Euler psuedoprime to the base b, we have b ^{n-1/2} (b/n) mod n. Since gcd(b,n) = 1, the Jacobi symbol (b/n) can only be +1 or -1. Squaring both sides of the congruence gives b^{n-1} (b/n)^{2} = 1 mod n, and so, n is a psuedoprime to the base b.**

**
(c) 91 - 1 = 90 = 2(45). 10 ^{45} -1 mod 91, so we see that 91 is a strong psuedoprime to the base 10. **

**
(d) As n is a psuedoprime to the base 2, we have 2 ^{n-1} 1 mod n. Now N -1 = (2^{n} -1) - 1 = 2^{n} - 2 = 2(2^{n-1} - 1), thus s = 1 and t = 2^{n-1} -1. Therefore, 2^{t} = 2^{2^{n-1} -1} = 2^{nm} for some integer m since 2^{n-1} - 1 0 mod n. Now N 0 mod N, so 2^{n} - 1 0 mod N, or in other words, 2^{n} 1 mod N, therefore 2^{t} = 2^{nm} 1^{m} 1 mod N, and so N is a strong psuedoprime to the base 2.**

**
Consider 2 ^{N-1/2} 2^{t} 1 mod N (from above). Now, N + 1 = 2^{n} 0 mod 8 if n > 2, and since n is an odd composite it must be greater than or equal to 9, so in our case N -1 mod 8. The Jacobi symbol (2/N) = 1 if N -1 mod 8, so we have 2^{N-1/2} (2/N) mod N, and so, N is an Euler psuedoprime to the base 2.**