diff --git a/Advanced/Cryptography/main.tex b/Advanced/Cryptography/main.tex index 8e9f7d6..bb83670 100755 --- a/Advanced/Cryptography/main.tex +++ b/Advanced/Cryptography/main.tex @@ -8,7 +8,6 @@ \usepackage{amsmath} \usepackage{amssymb} \usepackage{multicol} -\usepackage{subfiles} \begin{document} @@ -19,14 +18,10 @@ {Intro to Cryptography} {Prepared by Mark on \today{}} - \vspace{3ex} + \input{parts/part 1} + \input{parts/part 2} + \input{parts/part 3} - \subfile{parts/part 1} - - \subfile{parts/part 2} - - \subfile{parts/part 3} - - \subfile{parts/challenge} + \input{parts/challenge} \end{document} diff --git a/Advanced/Cryptography/parts/challenge.tex b/Advanced/Cryptography/parts/challenge.tex index 616800a..d372193 100755 --- a/Advanced/Cryptography/parts/challenge.tex +++ b/Advanced/Cryptography/parts/challenge.tex @@ -1,146 +1,142 @@ -\documentclass[../main.tex]{subfiles} - -\begin{document} - - \section{Challenge Problems} +\section{Challenge Problems} - \problem{} - Prove \ref{mod_has_inverse}: \\ - $a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ - \begin{hint} - To prove an iff statement, prove each direction separately: \\ - Assume that the left side is true and show that left $\implies$ right, \\ - then do the reverse. - \end{hint} +\problem{} +Prove \ref{mod_has_inverse}: \\ +$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ +\begin{hint} + To prove an iff statement, prove each direction separately: \\ + Assume that the left side is true and show that left $\implies$ right, \\ + then do the reverse. +\end{hint} - \begin{solution} - Assume $a^\star$ is the inverse of $a \pmod{m}$. \\ - Then $a^\star \times a \equiv 1 \pmod{m}$ \\ +\begin{solution} + Assume $a^\star$ is the inverse of $a \pmod{m}$. \\ + Then $a^\star \times a \equiv 1 \pmod{m}$ \\ - Therefore, $aa^\star - 1 = km$, and $aa^\star - km = 1$ \\ - We know that $\gcd(a, m)$ divides $a$ and $m$, therefore $\gcd(a, m)$ must divide $1$. \\ - $\gcd(a, m) = 1$ \\ + Therefore, $aa^\star - 1 = km$, and $aa^\star - km = 1$ \\ + We know that $\gcd(a, m)$ divides $a$ and $m$, therefore $\gcd(a, m)$ must divide $1$. \\ + $\gcd(a, m) = 1$ \\ - Now, assume $\gcd(a, m) = 1$. \\ - By the Extended Euclidean Algorithm, we can find $(u, v)$ that satisfy $au+mv=1$ \\ - So, $au-1 = mv$. \\ - $m$ divides $au-1$, so $au \equiv 1 \pmod{m}$ \\ - $u$ is $a^\star$. - \end{solution} + Now, assume $\gcd(a, m) = 1$. \\ + By the Extended Euclidean Algorithm, we can find $(u, v)$ that satisfy $au+mv=1$ \\ + So, $au-1 = mv$. \\ + $m$ divides $au-1$, so $au \equiv 1 \pmod{m}$ \\ + $u$ is $a^\star$. +\end{solution} - \vfill +\vfill - \problem{} - The Euclidean Algorithm (From \ref{euclid_algorithm}) can be written as follows: \\ +\problem{} +The Euclidean Algorithm (From \ref{euclid_algorithm}) can be written as follows: \\ - Assume $a > b$. - Set $e_0 = a$ and $e_1 = b$. \\ - Let $e_{n+1} = \text{remainder}(r_{n-1} \div r_{n})$ \\ - Stop when $e_{k} = 0$. - Then, $\gcd(a, b) = e_{k-1}$. \\ +Assume $a > b$. +Set $e_0 = a$ and $e_1 = b$. \\ +Let $e_{n+1} = \text{remainder}(r_{n-1} \div r_{n})$ \\ +Stop when $e_{k} = 0$. +Then, $\gcd(a, b) = e_{k-1}$. \\ - Let $F_n$ be the $n^{\text{th}}$ Fibonacci number. ($F_0 = 0$; $F_1 = 1$; $F_2 = 1$; $\dots$)\\ - Show that if the Euclidean algorithm requires $n$ steps for an input $(a, b)$, then $a \geq F_{n+2}$ and $b \geq F_{n+1}$. +Let $F_n$ be the $n^{\text{th}}$ Fibonacci number. ($F_0 = 0$; $F_1 = 1$; $F_2 = 1$; $\dots$)\\ +Show that if the Euclidean algorithm requires $n$ steps for an input $(a, b)$, then $a \geq F_{n+2}$ and $b \geq F_{n+1}$. - (In other words, show that the longest-running input of a given size is a Fibonacci pair.) +(In other words, show that the longest-running input of a given size is a Fibonacci pair.) - \begin{solution} - The easiest way to go about this is induction on $n$: \\ +\begin{solution} + The easiest way to go about this is induction on $n$: \\ - \textcolor{gray}{\textit{Base Case:}} + \textcolor{gray}{\textit{Base Case:}} - If $n = 1$, $b$ divides $a$ with no remainder, and the smallest possible $a, b$ for which this is true is $(2, 1) = (F_3, F_2)$. + If $n = 1$, $b$ divides $a$ with no remainder, and the smallest possible $a, b$ for which this is true is $(2, 1) = (F_3, F_2)$. - \linehack{} + \linehack{} - \textcolor{gray}{\textit{Induction:}} + \textcolor{gray}{\textit{Induction:}} - Assume that for $n$ steps, $a \geq F_{n+2}$ and $b \geq F_{n+1}$. + Assume that for $n$ steps, $a \geq F_{n+2}$ and $b \geq F_{n+1}$. - Now, say the algorithm takes $n+1 = m$ steps. \\ + Now, say the algorithm takes $n+1 = m$ steps. \\ - The first step gives us $a = q_0b + r_0$ \\ - Therefore, the pair $(b, r_0)$ must take $m-1$ steps. \\ - We thus know that $b \geq F_{m+1}$ and $r_0 \geq F_m$ \hfill \textcolor{gray}{by our induction hypothesis} \\ - Therefore, $a = q_0b + r_0 \geq b + r_0$ \\ - But $b + r_0 = F_{m+1} + F_{m} = F_{m+2}$, \\ - so $a \geq F_{m+2}$. - \end{solution} + The first step gives us $a = q_0b + r_0$ \\ + Therefore, the pair $(b, r_0)$ must take $m-1$ steps. \\ + We thus know that $b \geq F_{m+1}$ and $r_0 \geq F_m$ \hfill \textcolor{gray}{by our induction hypothesis} \\ + Therefore, $a = q_0b + r_0 \geq b + r_0$ \\ + But $b + r_0 = F_{m+1} + F_{m} = F_{m+2}$, \\ + so $a \geq F_{m+2}$. +\end{solution} - \vfill +\vfill +\pagebreak - \problem{Chinese Remainder Theorem} - There are certain things whose number is unknown. If we count them by threes, we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there? +\problem{Chinese Remainder Theorem} +There are certain things whose number is unknown. If we count them by threes, we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there? - \begin{solution} - $x \equiv 2 \pmod{3}$ \\ - $x \equiv 3 \pmod{5}$ \\ - $x \equiv 2 \pmod{7}$ \\ +\begin{solution} + $x \equiv 2 \pmod{3}$ \\ + $x \equiv 3 \pmod{5}$ \\ + $x \equiv 2 \pmod{7}$ \\ - $x = 23 + 105k\ \forall k \in \mathbb{Z}$ - \end{solution} + $x = 23 + 105k\ \forall k \in \mathbb{Z}$ +\end{solution} - \vfill +\vfill - \problem{} - Show that if $p$ is prime, $\binom{p}{i} \equiv 0 \pmod{p}$ - for $0 < i < p$. +\problem{} +Show that if $p$ is prime, $\binom{p}{i} \equiv 0 \pmod{p}$ +for $0 < i < p$. - \begin{solution} - $\binom{p}{i} = \frac{p!}{i!(p-i)!}$ tells us that $i!(p-i)!$ divides $p! = p(p-1)!$. \\ - However, $i!(p-i)!$ and $p$ are coprime, since all factors of $i!(p-i)!$ are smaller than $p$. \\ - Therefore, $i!(p-i)!$ must divide $(p-1)!$ \\ +\begin{solution} + $\binom{p}{i} = \frac{p!}{i!(p-i)!}$ tells us that $i!(p-i)!$ divides $p! = p(p-1)!$. \\ + However, $i!(p-i)!$ and $p$ are coprime, since all factors of $i!(p-i)!$ are smaller than $p$. \\ + Therefore, $i!(p-i)!$ must divide $(p-1)!$ \\ - So, $\binom{p}{i} = p \times \frac{(p-1)!}{i!(p-i)!}$, and $\binom{p}{i} \equiv 0 \pmod{p}$. - \end{solution} + So, $\binom{p}{i} = p \times \frac{(p-1)!}{i!(p-i)!}$, and $\binom{p}{i} \equiv 0 \pmod{p}$. +\end{solution} - \vfill +\vfill - \problem{Fermat's Little Theorem} - Show that if $p$ is prime and $a \not\equiv 0 \pmod{p}$, then $a^{p-1} \equiv 1 \pmod{p}$. \\ - You may want to use \ref{flt_prereq}. +\problem{Fermat's Little Theorem} +Show that if $p$ is prime and $a \not\equiv 0 \pmod{p}$, then $a^{p-1} \equiv 1 \pmod{p}$. \\ +You may want to use \ref{flt_prereq}. - \begin{hint} - It may be easier to show that $a^p \equiv a \pmod{p}$ - \end{hint} +\begin{hint} + It may be easier to show that $a^p \equiv a \pmod{p}$ +\end{hint} - \begin{solution} - Use induction: +\begin{solution} + Use induction: - $1 \equiv 1 \pmod{p}$ \\ + $1 \equiv 1 \pmod{p}$ \\ - Using \ref{flt_prereq} and the binomial theorem, we have + Using \ref{flt_prereq} and the binomial theorem, we have - $2^p = (1 + 1)^p = 1 + \binom{p}{1} + \binom{p}{2} + \dots + \binom{p}{p-1} + 1 \equiv 1 + 0 + ... + 0 + 1 \equiv 2 \pmod{p}$ \\ + $2^p = (1 + 1)^p = 1 + \binom{p}{1} + \binom{p}{2} + \dots + \binom{p}{p-1} + 1 \equiv 1 + 0 + ... + 0 + 1 \equiv 2 \pmod{p}$ \\ - Then, + Then, - $3^p = (1 + 2)^p = 1 + \binom{p}{1}2 + \binom{p}{2}2^2 + \dots + \binom{p}{p-1}2^{p-1} + 2^p \equiv 1 + 0 + ... + 0 + 2 \equiv 3 \pmod{p}$ \\ + $3^p = (1 + 2)^p = 1 + \binom{p}{1}2 + \binom{p}{2}2^2 + \dots + \binom{p}{p-1}2^{p-1} + 2^p \equiv 1 + 0 + ... + 0 + 2 \equiv 3 \pmod{p}$ \\ - We can repeat this for all $a$. This proof can be presented more formally with a bit of induction. + We can repeat this for all $a$. This proof can be presented more formally with a bit of induction. - \end{solution} +\end{solution} - \vfill +\vfill - %\problem{} - %Prove \ref{theorem:gcd_abc}: \\ - %For any integers $a, b, c$, \\ - %$\gcd(ac + b, a) = \gcd(a, b)$\\ +%\problem{} +%Prove \ref{theorem:gcd_abc}: \\ +%For any integers $a, b, c$, \\ +%$\gcd(ac + b, a) = \gcd(a, b)$\\ - %\begin{solution} - % This problem is hard, \\ - % I'll write a solution eventually. - %\end{solution} +%\begin{solution} +% This problem is hard, \\ +% I'll write a solution eventually. +%\end{solution} - %\vfill +%\vfill - [Note on \ref{eua_runtime}] This proof can be used to show that the Euclidean algorithm finishes in logarithmic time, and it is the first practical application of the Fibonacci numbers. If you have finished all challenge problems, finish the proof: show that the Euclidean runs in $O(\log{n})$ - \pagebreak -\end{document} +[Note on \ref{eua_runtime}] This proof can be used to show that the Euclidean algorithm finishes in logarithmic time, and it is the first practical application of the Fibonacci numbers. If you have finished all challenge problems, finish the proof: show that the Euclidean runs in $O(\log{n})$ +\pagebreak \ No newline at end of file diff --git a/Advanced/Cryptography/parts/part 1.tex b/Advanced/Cryptography/parts/part 1.tex index b8f7c60..7d8e2e1 100755 --- a/Advanced/Cryptography/parts/part 1.tex +++ b/Advanced/Cryptography/parts/part 1.tex @@ -1,129 +1,125 @@ -\documentclass[../main.tex]{subfiles} - -\begin{document} - \section{The Euclidean Algorithm} - - \definition{} - The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \\ - We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$. +\definition{} +The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \\ +We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$. - \theorem{The Division Algorithm} - Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \\ - In other words, we can divide $a$ by $b$ to get $q$ remainder $r$. +\theorem{The Division Algorithm} +Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \\ +In other words, we can divide $a$ by $b$ to get $q$ remainder $r$. - \theorem{} - For any integers $a, b, c$, \\ - $\gcd(ac + b, a) = \gcd(a, b)$ +\theorem{} +For any integers $a, b, c$, \\ +$\gcd(ac + b, a) = \gcd(a, b)$ - \problem{} - Find $\gcd(20, 14)$ by hand. +\problem{} +Find $\gcd(20, 14)$ by hand. - \begin{solution} - $\gcd(20, 14) = 2$ - \end{solution} +\begin{solution} + $\gcd(20, 14) = 2$ +\end{solution} - \vfill +\vfill - \problem{} - Using the theorems above, detail an algorithm for finding $\gcd(a, b)$.\\ - Then, compute $\gcd(1610, 207)$ by hand. \\ - Have an instructor check your work before moving on. +\problem{The Euclidean Algorithm} +Using the theorems above, detail an algorithm for finding $\gcd(a, b)$.\\ +Then, compute $\gcd(1610, 207)$ by hand. \\ - \begin{solution} - Using \ref{gcd_abc} and the division algorthm, +\begin{solution} + Using \ref{gcd_abc} and the division algorthm, - % Minipage prevents column breaks inside body - \begin{multicols}{2} - \begin{minipage}{\columnwidth} - $\gcd(1610, 207)$ \\ - $= \gcd(207, 161)$ \\ - $= \gcd(161, 46)$ \\ - $= \gcd(46, 23)$ \\ - $= \gcd(23, 0) = 23$ \\ - \end{minipage} + % Minipage prevents column breaks inside body + \begin{multicols}{2} + \begin{minipage}{\columnwidth} + $\gcd(1610, 207)$ \par + $= \gcd(207, 161)$ \par + $= \gcd(161, 46)$ \par + $= \gcd(46, 23)$ \par + $= \gcd(23, 0) = 23$ \par + \end{minipage} - \columnbreak + \columnbreak - \begin{minipage}{\columnwidth} - $1610 = 207 \times 7 + 161$ \\ - $207 = 161 \times 1 + 46$ \\ - $161 = 46 \times 3 + 23$ \\ - $46 = 23 \times 2 + 0$ \\ - \end{minipage} - \end{multicols} - \end{solution} + \begin{minipage}{\columnwidth} + $1610 = 207 \times 7 + 161$ \par + $207 = 161 \times 1 + 46$ \par + $161 = 46 \times 3 + 23$ \par + $46 = 23 \times 2 + 0$ \par + \end{minipage} + \end{multicols} +\end{solution} - \vfill - \pagebreak +\vfill +\pagebreak - \problem{Divide and Conquer} - If we are given $a, b, c$, when can we find $u, v$ that satisfy $au + bv = c$? +\problem{Divide and Conquer} +If we are given $a, b, c$, when can we find $u, v$ that satisfy $au + bv = c$? - \problempart{Divide} - Show that if we find a solution $(u, v)$ to $au + bv = \gcd(a, b)$, we can easily find a $(u, v)$ for any other value of $c$. \\ - \textcolor{gray}{\textit{Note: } We are not looking for \textit{all} $(u, v)$ that solve $au + bv = c$, we are looking for an easy way to find \textit{any} $(u, v)$.} +\problempart{Divide} +Show that if we find a solution $(u, v)$ to $au + bv = \gcd(a, b)$, we can easily find a $(u, v)$ for any other value of $c$. \\ +\textcolor{gray}{\textit{Note: } We are not looking for \textit{all} $(u, v)$ that solve $au + bv = c$, we are looking for an easy way to find \textit{any} $(u, v)$.} - \begin{solution} - Note that $\gcd(a, b)$ divides both a and b. \\ - Therefore, any $c$ must be divisible by $\gcd(a, b)$. - The smallest such $c$ is $\gcd(a, b)$ itself, and we can get all other tuples $(u, v, c)$ by scaling. - \end{solution} +\begin{solution} + Note that $\gcd(a, b)$ divides both a and b. \\ + Therefore, any $c$ must be divisible by $\gcd(a, b)$. + The smallest such $c$ is $\gcd(a, b)$ itself, and we can get all other tuples $(u, v, c)$ by scaling. +\end{solution} - \vfill +\vfill - \problempart{Conquer} - Using the output of your algorithm\footnotemark{} from \ref{euclid_algorithm}, - \footnotetext{Your solution to \ref{euclid_algorithm} is called the \textit{Euclidean Algorithm}} - \begin{itemize} - \item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$ - \item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ \\ - % gcd = 1 - % u = 11; v = -175 - \end{itemize} - For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\ - For every such $c$, what are $u$ and $v$? +\problempart{Conquer} +Using the output of the Euclidean algorithm, - \begin{solution} +\begin{itemize} + \item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$ + \item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ \\ + % gcd = 1 + % u = 11; v = -175 +\end{itemize} +For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\ +For every such $c$, what are $u$ and $v$? - Using the output of the Euclidean Algorithm, we can use substitution and a bit of algebra to solve such problems. Consider the following example: +\begin{solution} - \begin{multicols}{2} - \begin{minipage}{\columnwidth} - \textit{Euclidean Algorithm:} \\ - $20 = 14 \times 1 + 6$ \\ - $14 = 6 \times 2 + 2$ \\ - $6 = 2 \times 3 + 0$ \\ - \end{minipage} + Using the output of the Euclidean Algorithm, we can use substitution and a bit of algebra to solve such problems. Consider the following example: - \columnbreak + \begin{multicols}{2} + \begin{minipage}{\columnwidth} + \textit{Euclidean Algorithm:} \par + $20 = 14 \times 1 + 6$ \par + $14 = 6 \times 2 + 2$ \par + $6 = 2 \times 3 + 0$ \par + \end{minipage} - \begin{minipage}{\columnwidth} - \textit{Rearranged:} \\ - $6 = 20 - 14 \times 1$ \\ - $2 = 14 - 6 \times 2 = \gcd(20, 14)$ \\ - \end{minipage} - \end{multicols} + \columnbreak - Using the right table, we can replace $6$ in $2 = 14 - 6 \times 2$ to get - $2 = 14 - (20 - 14) \times 2$, \\ - which gives us $2 = \gcd(20, 14) = (3)14 + (-2)20$. \\ + \begin{minipage}{\columnwidth} + \textit{Rearranged:} \par + $6 = 20 - 14 \times 1$ \par + $2 = 14 - 6 \times 2 = \gcd(20, 14)$ \par + \end{minipage} + \end{multicols} - \textcolor{gray}{\textit{Note to instructors:} You can present the $(20, 14)$ case as an example.} + Using the right table, we can replace $6$ in $2 = 14 - 6 \times 2$ to get + $2 = 14 - (20 - 14) \times 2$, \\ + which gives us $2 = \gcd(20, 14) = (3)14 + (-2)20$. \\ - \linehack{} + \textcolor{gray}{\textit{Note to instructors:} You can present the $(20, 14)$ case as an example.} - $(-2)20 + (3)14 = \gcd(20, 14) = 2$ \\ - $(11)541 + (-175)34 = \gcd(541, 34) = 1$ + \linehack{} - \linehack{} + $(-2)20 + (3)14 = \gcd(20, 14) = 2$ \\ + $(11)541 + (-175)34 = \gcd(541, 34) = 1$ - We can find a solution $(u, v)$ when $c$ is any integer multiple of $\gcd(541, 34)$. \\ - If $c = k \times \gcd(541, 34)$, \\ - $u = k \times u_0 = 11k$ and $v = k \times v_0 = -175k$. \\ - (See Part A) + \linehack{} + + We can find a solution $(u, v)$ when $c$ is any integer multiple of $\gcd(541, 34)$. \\ + If $c = k \times \gcd(541, 34)$, \\ + $u = k \times u_0 = 11k$ and $v = k \times v_0 = -175k$. \\ + (See Part A) + +\end{solution} + + +\vfill +\pagebreak - \end{solution} - \vfill - \pagebreak -\end{document} diff --git a/Advanced/Cryptography/parts/part 2.tex b/Advanced/Cryptography/parts/part 2.tex index 11194d7..d0a8c30 100755 --- a/Advanced/Cryptography/parts/part 2.tex +++ b/Advanced/Cryptography/parts/part 2.tex @@ -1,68 +1,65 @@ -\documentclass[../main.tex]{subfiles} +\section{Modular Arithmetic} -\begin{document} - \section{Modular Arithmetic} +\definition{} +We say that $a, b$ are equivalent mod $m$ if $m$ divides $a - b$. \\ +If $a$ is equivalent to $b$ mod $m$, we write $a \equiv b \pmod{m}$. \\ +You can think of $b$ as the remainder of $a \div m$: +\begin{itemize} + \item[] $32 \equiv 2 \pmod{6}$ + \item[] $4 \equiv 4 \pmod{6}$ + \item[] $-2 \equiv 4 \pmod{6}$ +\end{itemize} - \definition{} - We say that $a, b$ are equivalent mod $m$ if $m$ divides $a - b$. \\ - If $a$ is equivalent to $b$ mod $m$, we write $a \equiv b \pmod{m}$. \\ - You can think of $b$ as the remainder of $a \div m$: +\problem{} +Complete the following: +\begin{itemize} + \item[] $87 \equiv ? \pmod{12}$ \hspace{3em} \textcolor{gray}{(Your answer should be between $0$ and $12$)} + \item[] $13 \equiv 2 \pmod{?}$ + \item[] $? \equiv 1 \pmod{9}$ +\end{itemize} + +\begin{solution} \begin{itemize} - \item[] $32 \equiv 2 \pmod{6}$ - \item[] $4 \equiv 4 \pmod{6}$ - \item[] $-2 \equiv 4 \pmod{6}$ + \item[] $87 \equiv 3 \pmod{12}$ + \item[] $13 \equiv 2 \pmod{11}$ + \item[] $(9k + 1) \equiv 1 \pmod{9}\ \forall k \in \mathbb{Z}$ \end{itemize} +\end{solution} - \problem{} - Complete the following: - \begin{itemize} - \item[] $87 \equiv ? \pmod{12}$ \hspace{3em} \textcolor{gray}{(Your answer should be between $0$ and $12$)} - \item[] $13 \equiv 2 \pmod{?}$ - \item[] $? \equiv 1 \pmod{9}$ - \end{itemize} +\vfill - \begin{solution} - \begin{itemize} - \item[] $87 \equiv 3 \pmod{12}$ - \item[] $13 \equiv 2 \pmod{11}$ - \item[] $(9k + 1) \equiv 1 \pmod{9}\ \forall k \in \mathbb{Z}$ - \end{itemize} - \end{solution} +\definition{} +The inverse of $a$ mod $m$ is an integer $a^\star$ so that \\ +$a \times a^\star \equiv 1 \pmod{m}$. \\ +Note that not every $a$ has an inverse mod $m$. - \vfill +\theorem{} +$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ +\textcolor{gray}{\textit{The proof of this theorem is left as a challenge problem.}} - \definition{} - The inverse of $a$ mod $m$ is an integer $a^\star$ so that \\ - $a \times a^\star \equiv 1 \pmod{m}$. \\ - Note that not every $a$ has an inverse mod $m$. +\problem{D\'ej\`a vu?} +Find the inverse of $20 \pmod{14}$, if one exists. \\ +Find the inverse of $34 \pmod{541}$, if one exists. - \theorem{} - $a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ - \textcolor{gray}{\textit{The proof of this theorem is left as a challenge problem.}} +\begin{solution} + $20^\star$ does not exist mod $14$, by \ref{mod_has_inverse}. \\ + $34^\star \equiv -175 \equiv 366 \pmod{541}$. + See \ref{general_inverse} for an explanation. +\end{solution} - \problem{D\'ej\`a vu?} - Find the inverse of $20 \pmod{14}$, if one exists. \\ - Find the inverse of $34 \pmod{541}$, if one exists. +\vfill - \begin{solution} - $20^\star$ does not exist mod $14$, by \ref{mod_has_inverse}. \\ - $34^\star \equiv -175 \equiv 366 \pmod{541}$. - See \ref{general_inverse} for an explanation. - \end{solution} +\problem{} +In general, how can we find the inverse of $a \pmod{p}$?\\ +(Assume $p$ is prime.) - \vfill +\begin{solution} + We need an $a^\star$ so that $a \times a^\star \equiv 1 \pmod{m}$. \\ + This means that $aa^\star - mk = 1$. \\ + Since $p$ is prime, $\gcd(a, m) = 1$, and $aa^\star - mk = \gcd(a, m)$ \\ + Now use the Extended Euclidean Algorithm from \ref{extend_e_algorithm} to find $a^\star$. +\end{solution} - \problem{} - In general, how can we find the inverse of $a \pmod{p}$?\\ - (Assume $p$ is prime.) +\vfill +\pagebreak - \begin{solution} - We need an $a^\star$ so that $a \times a^\star \equiv 1 \pmod{m}$. \\ - This means that $aa^\star - mk = 1$. \\ - Since $p$ is prime, $\gcd(a, m) = 1$, and $aa^\star - mk = \gcd(a, m)$ \\ - Now use the Extended Euclidean Algorithm from \ref{extend_e_algorithm} to find $a^\star$. - \end{solution} - - \vfill - \pagebreak -\end{document} diff --git a/Advanced/Cryptography/parts/part 3.tex b/Advanced/Cryptography/parts/part 3.tex index 5a8c02f..cac9e48 100755 --- a/Advanced/Cryptography/parts/part 3.tex +++ b/Advanced/Cryptography/parts/part 3.tex @@ -1,169 +1,165 @@ -\documentclass[../main.tex]{subfiles} +\section{Symmetric Cryptosystems} -\begin{document} - \section{Symmetric Cryptosystems} +\definition{} +The goal of cryptography is to establish private communication between two parties over +a public channel. The rest of this handout tries to achieve this goal, using the tools we've +developed in the last two sections. \\ - \definition{} - The goal of cryptography is to establish private communication between two parties over - a public channel. The rest of this handout tries to achieve this goal, using the tools we've - developed in the last two sections. \\ +In this handout, a ``symmetric cryptosystem'' consists of the following: +\begin{itemize} + \item[-] A public prime number $p$ (Ideally, a \textit{big} prime number). + \item[-] $k$, a secret key that is shared between both parties. This is NOT public. + \item[-] $E_k(m) = c$, a function that uses key $k$ to encrypt message $m$ into a ciphertext $c$. + \item[-] $D_k(c) = m$, a function that uses key $k$ to decrypt a ciphertext $c$ into message $m$. \\ + \item[-] Of course, $D_k(E_k(m)) = m$. \\ +\end{itemize} - In this handout, a ``symmetric cryptosystem'' consists of the following: - \begin{itemize} - \item[-] A public prime number $p$ (Ideally, a \textit{big} prime number). - \item[-] $k$, a secret key that is shared between both parties. This is NOT public. - \item[-] $E_k(m) = c$, a function that uses key $k$ to encrypt message $m$ into a ciphertext $c$. - \item[-] $D_k(c) = m$, a function that uses key $k$ to decrypt a ciphertext $c$ into message $m$. \\ - \item[-] Of course, $D_k(E_k(m)) = m$. \\ - \end{itemize} +We have a good reason for picking a prime $p$. A prime base guarantees that every\footnote[1]{except those $\equiv 0 \pmod{p}$, of course} integer has an inverse mod $p$. Review \ref{mod_has_inverse} and convince yourself that this is true. \\ - We have a good reason for picking a prime $p$. A prime base guarantees that every\footnote[1]{except those $\equiv 0 \pmod{p}$, of course} integer has an inverse mod $p$. Review \ref{mod_has_inverse} and convince yourself that this is true. \\ +\vspace{2ex} - \vspace{2ex} +We'll assume that the secret key $k$ has been shared beforehand. How such a $k$ is created is beyond the scope of this handout, but those that are curious may look up ``Diffie-Hellman Key Exchange'' (Computerphile offers a +pretty good introduction). \\ - We'll assume that the secret key $k$ has been shared beforehand. How such a $k$ is created is beyond the scope of this handout, but those that are curious may look up ``Diffie-Hellman Key Exchange'' (Computerphile offers a - pretty good introduction). \\ +\vspace{2ex} - \vspace{2ex} +One may wonder why we care about secretly exchanging numbers. Those of you with experience in computing may have an answer: any information---text, images, etc---may be represented as a number. For example, we can encode the 26 letters of the alphabet as the numbers $1 - 26$. Such mappings are called ``encodings.'' \\ - One may wonder why we care about secretly exchanging numbers. Those of you with experience in computing may have an answer: any information---text, images, etc---may be represented as a number. For example, we can encode the 26 letters of the alphabet as the numbers $1 - 26$. Such mappings are called ``encodings.'' \\ +\vspace{2ex} - \vspace{2ex} - - Finally, you will notice that the encryption schemes that follow can only take a limited range of inputs. Indeed, even the cyphers in use today have a limited input size. A simple (though possible insecure) way to overcome this limitation is to split the message into ``blocks'' of a desired size, and encrypt each independently. +Finally, you will notice that the encryption schemes that follow can only take a limited range of inputs. Indeed, even the cyphers in use today have a limited input size. A simple (though possibly insecure) way to overcome this limitation is to split the message into blocks of a desired size, encrypting each independently. - \vfill - \pagebreak +\vfill +\pagebreak - \problem{Multiplication mod p} - Consider the cryptosystem where - \begin{itemize} - \item[-] $p$ is a prime (for this problem, fix $p = 11$. Remember, $p$ is public.) - \item[-] $k$ is an integer - \item[-] $E_k(m) = k \times m \pmod{p}$ - \item[-] $D_k(c) = k^\star \times c \pmod{p}$ - \end{itemize} +\problem{Multiplication mod p} +Consider the cryptosystem where +\begin{itemize} + \item[-] $p$ is a prime (for this problem, fix $p = 11$. Remember, $p$ is public.) + \item[-] $k$ is an integer + \item[-] $E_k(m) = k \times m \pmod{p}$ + \item[-] $D_k(c) = k^\star \times c \pmod{p}$ +\end{itemize} - \problempart{} - Encrypt $m = 8$ with $k = 5$. \\ - Decrypt $c = 3$ with $k = 9$. \\ - \textcolor{gray}{In other words, find $E_5(8)$ and $D_9(3)$} +\problempart{} +Encrypt $m = 8$ with $k = 5$. \\ +Decrypt $c = 3$ with $k = 9$. \\ +\textcolor{gray}{In other words, find $E_5(8)$ and $D_9(3)$} - \begin{solution} - $E_5(8) = 5 \times 8 \equiv 7$ \\ - $D_9(3) = k^\star \times 3 = 5 \times 3 \equiv 4$ - \end{solution} +\begin{solution} + $E_5(8) = 5 \times 8 \equiv 7$ \\ + $D_9(3) = k^\star \times 3 = 5 \times 3 \equiv 4$ +\end{solution} - \vfill +\vfill - \problempart{} - Using this cryptosystem, Nikita sends a message to Sanjit. \\ - Looking over Sanjit's shoulder, you find that $E_k(9) = 8$ \\ - What key was used? \\ - \textcolor{gray}{This is called a \textit{known plaintext attack}. With a good cryptosystem, it will be very difficult to solve this problem.} +\problempart{} +Using this cryptosystem, Nikita sends a message to Sanjit. \\ +Looking over Sanjit's shoulder, you find that $E_k(9) = 8$ \\ +What key was used? \\ +\textcolor{gray}{This is called a \textit{known plaintext attack}. With a good cryptosystem, it will be very difficult to solve this problem.} - \begin{solution} - $E_k = c = km$ \\ - $E_k \times m^\star = kmm^\star = k$ \\ +\begin{solution} + $E_k = c = km$ \\ + $E_k \times m^\star = kmm^\star = k$ \\ - $m^\star = 5; k = 7$ - \end{solution} + $m^\star = 5; k = 7$ +\end{solution} - \vfill +\vfill - \problempart{} - If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ - What range of values can this system effectively encrypt? - Justify all answers. +\problempart{} +If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ +What range of values can this system effectively encrypt? +Justify all answers. - \begin{solution} +\begin{solution} - If the messages are independent, no. However, analysis is possible if the plaintexts have a known structure. + If the messages are independent, no. However, analysis is possible if the plaintexts have a known structure. - \linehack{} + \linehack{} - $m \in \{1, 2, ..., 10\}$ \\ - Note that $m$ cannot be $\equiv 0$. + $m \in \{1, 2, ..., 10\}$ \\ + Note that $m$ cannot be $\equiv 0$. - \end{solution} +\end{solution} - \vfill - \pagebreak +\vfill +\pagebreak - \problem{The Affine Cipher} - Consider the cryptosystem where - \begin{itemize} - \item[-] $p$ is a prime (for this problem, fix $p = 541$) - \item[-] $k = (k_1,\ k_2)$ is a tuple of two integers - \item[-] $E_k(m) = k_1 \times m + k_2 \pmod{p}$ - \item[-] $D_k(c) = k_1^\star \times (c - k_2) \pmod{p}$ - \end{itemize} +\problem{The Affine Cipher} +Consider the cryptosystem where +\begin{itemize} + \item[-] $p$ is a prime (for this problem, fix $p = 541$) + \item[-] $k = (k_1,\ k_2)$ is a tuple of two integers + \item[-] $E_k(m) = k_1 \times m + k_2 \pmod{p}$ + \item[-] $D_k(c) = k_1^\star \times (c - k_2) \pmod{p}$ +\end{itemize} - \problempart{} - Encrypt $m = 204$ with $k = (34,\ 71)$. \\ - Decrypt $c = 431$ with $k = (34,\ 71)$. +\problempart{} +Encrypt $m = 204$ with $k = (34,\ 71)$. \\ +Decrypt $c = 431$ with $k = (34,\ 71)$. - \begin{solution} - $E_k(204) = 34 \times 204 + 71 \equiv 515$ \\ +\begin{solution} + $E_k(204) = 34 \times 204 + 71 \equiv 515$ \\ - $k^\star = 366$ - \hfill\textcolor{gray}{Known from \ref{find_inverse}}\\ - $D_k(431) = 366 (431 - 71) \equiv 297$ - \end{solution} + $k^\star = 366$ + \hfill\textcolor{gray}{Known from \ref{find_inverse}}\\ + $D_k(431) = 366 (431 - 71) \equiv 297$ +\end{solution} - \vfill +\vfill - \problempart{} - Now, let $p = 601$. You know two plaintext-ciphertext pairs:\\ - $(m_1,\ c_1) = (387,\ 324)$ \\ - $(m_2,\ c_2) = (491,\ 381)$ \\ - How would you find $(k_1, k_2)$? \\ - \textcolor{gray}{\textit{Note: } You do NOT have to find $k$. The calculations take a lot of manual labor. All you need to do is detail the steps you \textit{would} take if you had a calculator.} +\problempart{} +Now, let $p = 601$. You know two plaintext-ciphertext pairs:\\ +$(m_1,\ c_1) = (387,\ 324)$ \\ +$(m_2,\ c_2) = (491,\ 381)$ \\ +How would you find $(k_1, k_2)$? \\ +\textcolor{gray}{\textit{Note: } You do NOT have to find $k$. The calculations take a lot of manual labor. All you need to do is detail the steps you \textit{would} take if you had a calculator.} - \begin{solution} - $E_k(387) = k_1 \times 387 + k_2 \equiv 324 \pmod{601}$ \\ - $E_k(491) = k_1 \times 491 + k_2 \equiv 381 \pmod{601}$ \\ +\begin{solution} + $E_k(387) = k_1 \times 387 + k_2 \equiv 324 \pmod{601}$ \\ + $E_k(491) = k_1 \times 491 + k_2 \equiv 381 \pmod{601}$ \\ - $387k_1 + k_2 - 324 \equiv 491k_1 + k_2 - 381$ \\ - $387k_1 + 57 \equiv 491k_1$ \\ - $104k_1 \equiv 57$ \\ - So $104k_1 + 601a = 57$ \\ + $387k_1 + k_2 - 324 \equiv 491k_1 + k_2 - 381$ \\ + $387k_1 + 57 \equiv 491k_1$ \\ + $104k_1 \equiv 57$ \\ + So $104k_1 + 601a = 57$ \\ - Solve $104k_1 + 601a = \gcd(601, 104) = 1$, then scale. - \hfill\textcolor{gray}{Remember, 601 is prime.} \\ - $k_1 \equiv -2964 \equiv 41 \pmod{601}$. \\ + Solve $104k_1 + 601a = \gcd(601, 104) = 1$, then scale. + \hfill\textcolor{gray}{Remember, 601 is prime.} \\ + $k_1 \equiv -2964 \equiv 41 \pmod{601}$. \\ - Substitute $k_1 = 41$. \\ - $(k_1, k_2) = (41, 83)$ + Substitute $k_1 = 41$. \\ + $(k_1, k_2) = (41, 83)$ - \end{solution} - \vfill +\end{solution} +\vfill - \problempart{} - If you only know one message and its corresponding ciphertext, can you find the encryption key? \\ - If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ - What range of values can this system effectively encrypt? - Justify all answers. +\problempart{} +If you only know one message and its corresponding ciphertext, can you find the encryption key? \\ +If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ +What range of values can this system effectively encrypt? +Justify all answers. - \begin{solution} - Given $m$ and $c$, you cannot find $k_1$ or $k_2$. +\begin{solution} + Given $m$ and $c$, you cannot find $k_1$ or $k_2$. - \linehack{} + \linehack{} - Given any number of ciphertexts, you cannot find $k$. + Given any number of ciphertexts, you cannot find $k$. - \linehack{} + \linehack{} - $m \in \{1, 2, ..., 540\}$ + $m \in \{1, 2, ..., 540\}$ - Other answers are the same as those to \ref{mult_analysis}. - \end{solution} + Other answers are the same as those to \ref{mult_analysis}. +\end{solution} - \vfill - \pagebreak -\end{document} +\vfill +\pagebreak