Mark/handouts
1
0
Fork 0
Code Pull Requests 1 Actions Packages Releases Activity

Advanced handouts

Browse Source 
Add missing file
Co-authored-by: Mark <mark@betalupi.com>
Co-committed-by: Mark <mark@betalupi.com>
This commit is contained in:
Mark
2025-01-22 12:28:44 -08:00
parent 13b65a6c64
commit dd4abdbab0
177 changed files with 20658 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/Advanced/Cryptography/main.tex Executable file
View File

@ -0,0 +1,32 @@
% use [nosolutions] flag to hide solutions.
% use [solutions] flag to show solutions.
\documentclass[
solutions,
singlenumbering,
shortwarning
]{../../../lib/tex/ormc_handout}
\usepackage{../../../lib/tex/macros}
\usepackage{multicol}
\usepackage{mathtools}
\uptitlel{Advanced 2}
\uptitler{\smallurl{}}
\title{Intro to Cryptography}
\subtitle{Prepared by Mark on \today{}}
\begin{document}
\maketitle
\input{parts/0 euclidean}
\input{parts/1 mod}
\input{parts/2 groups}
\input{parts/3 DLP}
\input{parts/4 DiffieHellman}
\input{parts/5 Elgamal}
\input{parts/challenge}
\end{document}

6
src/Advanced/Cryptography/meta.toml Normal file
View File

@ -0,0 +1,6 @@
[metadata]
title = "Cryptography"
[publish]
handout = true
solutions = true

139
src/Advanced/Cryptography/parts/0 euclidean.tex Executable file
View File

@ -0,0 +1,139 @@
\section{The Euclidean Algorithm}
\definition{}
The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \par
We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$.
\problem{}
Find $\gcd(20, 14)$ by hand.
\begin{solution}
$\gcd(20, 14) = 2$
\end{solution}
\vfill
\theorem{The Division Algorithm}<divalgo>
Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \par
In other words, we can divide $a$ by $b$ to get $q$ remainder $r$.
\theorem{}<gcd_abc>
For any integers $a, b, c$, \par
$\gcd(ac + b, a) = \gcd(a, b)$
\problem{The Euclidean Algorithm}<euclid>
Using the two theorems above, detail an algorithm for finding $\gcd(a, b)$. \par
Then, compute $\gcd(1610, 207)$ by hand. \par
\begin{solution}
Using \ref{gcd_abc} and the division algorithm,
% Minipage prevents column breaks inside body
\begin{multicols}{2}
\begin{minipage}{\columnwidth}
$\gcd(1610, 207)$ \par
$= \gcd(207, 161)$ \par
$= \gcd(161, 46)$ \par
$= \gcd(46, 23)$ \par
$= \gcd(23, 0) = 23$ \par
\end{minipage}
\columnbreak
\begin{minipage}{\columnwidth}
$1610 = 207 \times 7 + 161$ \par
$207 = 161 \times 1 + 46$ \par
$161 = 46 \times 3 + 23$ \par
$46 = 23 \times 2 + 0$ \par
\end{minipage}
\end{multicols}
\end{solution}
\vfill
\pagebreak
\problem{}<extendedeuclid>
Using the output of the Euclidean algorithm,
\begin{itemize}
\item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$
\item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$
% gcd = 1
% u = 11; v = -175
\end{itemize}
This is called the \textit{extended Euclidean algorithm}. \par
\hint{
You don't need to fully solve the last part of this question. \\
Understand how you \textit{would} do it, then move on.
Don't spend too much time on arithmetic.
}
%For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\
%For every such $c$, what are $u$ and $v$?
\vspace{2mm}
\textbf{Hint:}
After running the Euclidean algorithm, you have a table similar to the one shown below. \par
You can use a bit of algebra to rearrange these statements to get what you need. \par
\vspace{5mm}
\newdimen\mywidth
\setbox0=\hbox{Using the Euclidean Algorithm to find that $\gcd(20, 14) = 2$:}
\mywidth=\wd0
\begin{minipage}{\mywidth}
\begin{center}
Using the Euclidean Algorithm to find that $\gcd(20, 14) = 2$: \par
$20 = 14 \times 1 + 6$ \par
$14 = 6 \times 2 + 2$ \par
$6 = 2 \times 3 + 0$ \par
\end{center}
\end{minipage}\par
\vspace{2mm}
We now want to write the 2 in the last equation in terms of 20 and 14.
\begin{solution}
Using the output of the Euclidean Algorithm, we can use substitution and a bit of algebra to solve such problems. Consider the following example:
\begin{multicols}{2}
\begin{minipage}{\columnwidth}
\textit{Euclidean Algorithm:} \par
$20 = 14 \times 1 + 6$ \par
$14 = 6 \times 2 + 2$ \par
$6 = 2 \times 3 + 0$ \par
\end{minipage}
\columnbreak
\begin{minipage}{\columnwidth}
\textit{Rearranged:} \par
$6 = 20 - 14 \times 1$ \par
$2 = 14 - 6 \times 2 = \gcd(20, 14)$ \par
\end{minipage}
\end{multicols}
Using the right table, we can replace $6$ in $2 = 14 - 6 \times 2$ to get
$2 = 14 - (20 - 14) \times 2$, \par
which gives us $2 = \gcd(20, 14) = (3)14 + (-2)20$. \par
\linehack{}
$\gcd(20, 14) = 20(-2) + 14(3)$ \par
$\gcd(541, 34) = 541(11) + 34(-175)$
\end{solution}
\begin{solution}
\huge
This problem is too hard. Break it into many.
\end{solution}
\vfill
\pagebreak

91
src/Advanced/Cryptography/parts/1 mod.tex Executable file
View File

@ -0,0 +1,91 @@
\section{Modular Arithmetic}
\definition{}
$\mathbb{Z}_n$ is the set of integers mod $n$. For example, $\mathbb{Z}_5 = \{0, 1, 2, 3, 4\}$. \par
\vspace{2mm}
Multiplication in $\mathbb{Z}_n$ works much like multiplication in $\mathbb{Z}$: \par
If $a, b$ are elements of $\mathbb{Z}_n$, $a \times b$ is the remainder of $a \times b$ when divided by $n$. \par
\note{For example, $2 \times 2 = 4$ and $3 \times 4 = 12 = 2$ in $\mathbb{Z}_5$}
\problem{}
Create a multiplication table for $\mathbb{Z}_4$:
\begin{center}
\begin{tabular}{c | c c c c}
$\times$ & 0 & 1 & 2 & 3 \\
\hline
0 & ? & ? & ? & ? \\
1 & ? & ? & ? & ? \\
2 & ? & ? & ? & ? \\
3 & ? & ? & ? & ? \\
\end{tabular}
\end{center}
\definition{}
Let $a, b$ be elements of %\mathbb{Z}_n$. \par
If $a \times b = 1$, we say that $b$ is the \textit{inverse} of $a$ in $\mathbb{Z}_n$.
\vspace{2mm}
We usually write \say{$a$ inverse} as $a^{-1}$. \par
Inverses are \textbf{not} guaranteed to exist.
\theorem{}<mod_has_inverse>
$a$ has an inverse in $\mathbb{Z}_n$ if and only if $\gcd(a, n) = 1$ \par
\problem{}
Find the inverse of $3$ in $\mathbb{Z}_4$, if one exists. \par
Find the inverse of $20$ in $\mathbb{Z}_{14}$, if one exists. \par
Find the inverse of $4$ in $\mathbb{Z}_7$, if one exists.
\begin{solution}
\begin{itemize}
\item $3^{-1}$ in $\mathbb{Z}_{4}$ is $3$
\item $20^{-1}$ in $\mathbb{Z}_{14}$ doesn't exist.
\item $4^{-1}$ in $\mathbb{Z}_{7}$ is $2$
\end{itemize}
\end{solution}
\vfill
\problem{}
Show that if $n$ is prime, every element of $\mathbb{Z}_n$ (except 0) has an inverse.
\vfill
\problem{}
Show that if $n$ is not prime, $\mathbb{Z}_n$ has at least one element with no inverse.
\vfill
\pagebreak
\problem{}<general_inverse>
In general, how can we find the inverse of $a$ in $\mathbb{Z}_n$? Assume $a$ and $n$ are coprime.\par
\hint{You can find that $34^{-1}$ is $-175$ in $\mathbb{Z}_{541}$ by looking at a previous problem.}
\begin{solution}
We need an $a^{-1}$ so that $a \times a^{-1} = 1$. \par
This means that $aa^{-1} - mk = 1$. \par
Since $a$ and $m$ are coprime, $\gcd(a, m) = 1$ and $aa^{-1} - mk = \gcd(a, m)$ \par
Now use the extended Euclidean algorithm from \ref{extendedeuclid} to find $a^\star$.
\end{solution}
\vfill
\definition{}
Elements in $\mathbb{Z}_n$ that have an inverse are called \textit{units}. \par
The set of units in $\mathbb{Z}_n$ is called $\mathbb{Z}_n^\times$, which is read \say{$\mathbb{Z}$ mod $n$ cross}.
\problem{}
What is $\mathbb{Z}_5^\times$? \par
What is $\mathbb{Z}_{12}^\times$? \par
\vfill
\pagebreak

99
src/Advanced/Cryptography/parts/2 groups.tex Executable file
View File

@ -0,0 +1,99 @@
\section{Groups}
Group theory gives us a set tools for understanding complex structures.
We can use groups to solve the Rubik's cube,
to solve problems in physics and chemistry,
and to understand complex geometric symmetries.
It's also worth noting that much of modern cryptography
is built using results from group theory.
\definition{}
A \textit{group} $(G, \ast)$ consists of a set $G$ and an operator $\ast$. \par
Groups always have the following properties:
\begin{enumerate}
\item $G$ is closed under $\ast$. In other words, $a, b \in G \implies a \ast b \in G$.
\item $\ast$ is associative: $(a \ast b) \ast c = a \ast (b \ast c)$ for all $a,b,c \in G$
\item There is an \textit{identity} $e \in G$, so that $a \ast e = a \ast e = a$ for all $a \in G$.
\item For any $a \in G$, there exists a $b \in G$ so that $a \ast b = b \ast a = e$. $b$ is called the \textit{inverse} of $a$. \par
This element is written as $-a$ if our operator is addition and $a^{-1}$ otherwise.
\end{enumerate}
Any pair $(G, \ast)$ that satisfies these properties is a group.
\problem{}
Is $(\mathbb{Z}_5, +)$ a group? \par
Is $(\mathbb{Z}_5, -)$ a group? \par
\hint{$+$ and $-$ refer to the usual operations in modular arithmetic.}
\vfill
\problem{}
Show that $(\mathbb{R}, \times)$ is not a group,
then find a subset $S$ of $\mathbb{R}$ so that $(S, \times)$ is a group.
\begin{solution}
$(\mathbb{R}, \times)$ is not a group because $0$ has no inverse. \par
The solution is simple: remove the problem.
\vspace{3mm}
$(\mathbb{R} - \{0\}, \times)$ is a group.
\end{solution}
\vfill
\problem{}
What is the smallest group we can create?
\begin{solution}
Let $(G, \circledcirc)$ be our group, where $G = \{\star\}$ and $\circledcirc$ is defined by the identity $\star \circledcirc \star = \star$
Verifying that the trivial group is a group is trivial.
\end{solution}
\vfill
\pagebreak
\problem{}
Let $(G, \ast)$ be a group with finitely many elements, and let $a \in G$. \par
Show that there exists an $n$ in $\mathbb{Z}^+$ so that $a^n = e$ \par
\hint{$a^n \coloneqq a \ast a \ast ... \ast a$, with $a$ repeated $n$ times.}
\vspace{2mm}
The smallest such $n$ defines the \textit{order} of $g$.
\vfill
\problem{}
What is the order of 5 in $(\mathbb{Z}_{25}, +)$? \par
What is the order of 2 in $(\mathbb{Z}_{17}^\times, \times)$? \par
\vfill
\theorem{}
Let $p$ be a prime number. \par
In any group $(\mathbb{Z}_p^\times, \ast)$ there exists a $g \in \mathbb{Z}_p^\times$ where...
\begin{itemize}[itemsep=1mm]
\item The order of $g$ is $p - 1$, and
\item $\{a^0,~ a^1,~ ...,~ a^{p - 2}\} = \mathbb{Z}_n^\times$
\end{itemize}
We call such a $g$ a \textit{generator}, since its powers generate every other element in the group.
\begin{instructornote}
$\mathbb{Z}_p^\times$ has $p-1$ elements. \par
The set $\{a^0,~ a^1,~ ...,~ a^{p - 2}\}$ also has $p-1$ elements, since we start counting from zero.
\vspace{2mm}
The fact that the last power here is $p-2$ can be a bit confusing, but it's just the result of counting from zero.
We could also write this set as $\{a^1,~ a^2,~ ...,~ a^{p - 1}\}$, since $a^0 = a^{p - 1}$.
\end{instructornote}
\vfill
\pagebreak

42
src/Advanced/Cryptography/parts/3 DLP.tex Executable file
View File

@ -0,0 +1,42 @@
\section{The Discrete Log Problem}
\definition{}
Let $g$ be a generator in $(\mathbb{Z}_p^\times, \ast)$ \par
Let $n$ be a positive integer.
\vspace{1mm}
We now want a function \say{log} from $\mathbb{Z}_p^\times$ to $\mathbb{Z}^+$ so that $\log_g(g^n) = n$. \par
In other words, we want an inverse of the \say{exponent} function.
\vspace{1mm}
This is the \textit{discrete logarithm problem}, often abbreviated \textit{DLP}.
\problem{}
Does the discrete log function even exist? \par
Show that $\exp$ is a bijection, which will guarantee the existence of $\log$. \par
\note[Note]{Why does this guarantee the existence of log? Recall our lesson on functions.}
\vfill
\problem{}
Find a simple (but perhaps inefficient) way to calculate $\log_g(a)$
\vfill
\problem{}
Find an efficient way to solve the discrete log problem. \par
Then learn \LaTeX, write a paper, and enjoy free admission to the graduate program at any university. \par
\vfill
The discrete logarithm can be quickly computed in a few special cases, but there is no known way to efficiently compute it in general. Interestingly enough, we haven't been able to prove that an efficient solution \textit{doesn't} exist. The best we can offer is a \say{proof by effort:} many smart people have been trying for long time and haven't solved it yet. It probably doesn't exist.
\vspace{2mm}
In the next few pages, we'll see how the assumption \say{DLP is hard} can be used to construct various tools used to secure communications.
\pagebreak

129
src/Advanced/Cryptography/parts/4 DiffieHellman.tex Executable file
View File

@ -0,0 +1,129 @@
\section{Diffie-Hellman Key Exchange}
One problem we encounter in computer science is \textit{secure key exchange}: How can two parties (usually called Alice and Bob) agree on a \say{key} without revealing anything to an eavesdropper (Eve)?
\begin{center}
\begin{tikzpicture}
\node (A) at (0, 0) {Alice};
\node (B) at (4, 0) {Bob};
\node (E) at (2, -1) {Eve};
\draw[-]
(A) edge (B)
(E) edge (2, 0)
;
\end{tikzpicture}
\end{center}
A simple mathematical solution to the key exchange problem is the \textit{Diffie-Hellman key exchange algorithm}, detailed below.
\vspace{1mm}
Values that are \textit{public} are known to everyone. Values that are sent are also known to everyone: we assume that everyone can see what Alice and Bob send to each other.
Eve can read all public values, but she cannot change them in any way.
\begin{center}
\begin{tikzpicture}[scale = 0.5]
\def\bx{18}
\def\ex{13}
\node[anchor = center] at (\ex, 7.5) {\textbf{Setup}};
\draw[-] (\ex-4.5, 7) -- (\ex+4.5, 7);
\node[anchor = west] at (\ex-4, 6) {Let $p$ be a prime number};
\node[anchor = west] at (\ex-4, 5) {Let $g$ be a generator in $\mathbb{Z}_p^\times$};
\node[anchor = west] at (\ex-4, 4) {Both $g$ and $p$ are public.};
\node[anchor = center] at (4, 1.5) {\textbf{Alice}};
\draw[-] (-0.5, 1) -- (8.5, 1);
\node[anchor = west] at (0, 0) {Pick a random $a \in \mathbb{Z}_p^\times$};
\node[anchor = west] at (0, -1) {Set $A = g^a$};
\node[anchor = west] at (0, -3) {Publish $A$};
\draw[->] (6, -3) -- (\ex - 1, -3);
\node[anchor = west] at (0, -5) {\color{gray} Compute ...};
\node[anchor = center] at (\bx+4, 1.5) {\textbf{Bob}};
\draw[-] (\bx-0.5, 1) -- (\bx+8.5, 1);
\node[anchor = west] at (\bx, 0) {Pick a random $b \in \mathbb{Z}_p^\times$};
\node[anchor = west] at (\bx, -1) {Set $B = g^b$};
\node[anchor = west] at (\bx, -4) {Publish $B$};
\draw[->] (\bx - 1, -4) -- (\ex+1, -4);
\node[anchor = west] at (\bx, -5) {\color{gray} Compute ...};
\node[anchor = center] at (\ex, 1.5) {\textbf{Public}};
\draw[-] (\ex-2, 1) -- (\ex+2, 1);
\node[anchor = center] at (\ex, 0) {$p, g$};
\node[fill=white, anchor = center] at (\ex, -3) {$A$};
\node[fill=white, anchor = center] at (\ex, -4) {$B$};
\end{tikzpicture}
\end{center}
\problem{}
Complete the algorithm. What should Alice and Bob compute? \par
\hint{
The goal of this process is to arrive at a \textit{shared secret} \par
That is, Alice and Bob should arrive at the same value without exposing it to Eve.
}
\vfill
\problem{}
Let $p = 11$, $g = 2$, $a = 9$, and $b = 4$. \par
Run the algorithm. What is the resulting shared secret?
\begin{solution}
$g^b = 5$\par
$g^a = 6$\par
$g^{ab} = g^{ba} = 9$ % spell:disable-line
\end{solution}
\vfill
\pagebreak
\problem{}
Is the Diffie-Hellman key exchange algorithm secure? What information does Eve have? \par
What does Eve need to do to find the value Alice and Bob agreed on?
\vfill
\problem{}
Now, say Eve can change information in transit. \par
That is, she can pretend to be Alice to send information to Bob. \par
How can she break this system? \par
\note[Note]{This is called a \textit{man-in-the-middle} attack.}
\vfill
\pagebreak

128
src/Advanced/Cryptography/parts/5 Elgamal.tex Executable file
View File

@ -0,0 +1,128 @@
\section{Elgamal Asymmetric Encryption}
Another cryptographic tool we often use is the \textit{public key cryptosystem}.
In such a system, one has two keys: a \textit{public key} that can only encrypt data, and a \textit{private key} that can decrypt it.
The following problem provides a simple example.
\problem{}
Alice wants to send a secret letter to Bob. Eve, the postman, would like to see what is inside. \par
\vspace{2mm}
Alice has a box, a lock, and a key. Bob does not own a lock. \par
Eve will open the box if she can, but she will not try to break any locks. \par
Also, she will always deliver the box without modifying its contents.
\vspace{2mm}
How can Alice send her letter without letting Eve read it?
\vfill
Elgamal encryption allows Alice to publish a public key ($A$ in the diagram below),
which Bob can use to encrypt a message. Alice then uses here private key ($a$) to decrypt it.
\begin{center}
\begin{tikzpicture}[scale = 0.5]
\def\bx{18}
\def\ex{13}
\node[anchor = center] at (\ex, 7.5) {\textbf{Setup}};
\draw[-] (\ex-4.5, 7) -- (\ex+4.5, 7);
\node[anchor = west] at (\ex-4, 6) {Let $p$ be a prime number};
\node[anchor = west] at (\ex-4, 5) {Let $g$ be a generator in $\mathbb{Z}_p^\times$};
\node[anchor = west] at (\ex-4, 4) {Both $g$ and $p$ are public.};
\node[anchor = center] at (4, 1.5) {\textbf{Alice}};
\draw[-] (-0.5, 1) -- (8.5, 1);
\node[anchor = west] at (0, 0) {Pick a random $a \in \mathbb{Z}_p^\times$};
\node[anchor = west] at (0, -1) {Set $A = g^a$};
\node[anchor = west] at (0, -2) {Publish $A$};
\draw[->] (6, -2) -- (\ex - 1, -2);
\draw[->] (\ex+1, -2) -- (\bx - 1, -2);
\node[anchor = west] at (0, -6) {Compute $c_2 \times c_1^{-a}$};
\node[anchor = west] at (0, -7) {$= (mA^k)(g^{-ak})$};
\node[anchor = west] at (0, -8) {$= (m)(g^{ak}g^{-ak})$};
\node[anchor = west] at (0, -9) {$= m$};
\node[anchor = center] at (\bx+4, 1.5) {\textbf{Bob}};
\draw[-] (\bx-0.5, 1) -- (\bx+8.5, 1);
\node[anchor = west] at (\bx, 0) {Bob has a message $m \in \mathbb{Z}_p^\times$};
\node[anchor = west] at (\bx, -1) {Pick a random $k \in \mathbb{Z}_p^\times$};
\node[anchor = west] at (\bx, -3) {Set $c_1 = g^k$};
\node[anchor = west] at (\bx, -4) {Set $c_2 = mA^k$};
\node[anchor = west] at (\bx, -5) {Publish $(c_1, c_2)$};
\draw[->] (\bx-1, -5) -- (\ex+1.5, -5);
\draw[->] (\ex-1.5, -5) -- (6, -5);
\node[anchor = center] at (\ex, 1.5) {\textbf{Public}};
\draw[-] (\ex-2, 1) -- (\ex+2, 1);
\node[anchor = center] at (\ex, 0) {$p, g$};
\node[fill=white, anchor = center] at (\ex, -2) {$A$};
\node[fill=white, anchor = center] at (\ex, -5) {$(c_1, c_2)$};
\end{tikzpicture}
\end{center}
\problem{}
Let $p = 17$, $g = 2$, $a = 7$, $k = 10$, and $m = 3$ \par
Run this algorithm and make sure it works.
\begin{solution}
$A = 2^7 = 9$\par
$c_1 = 2^10 = 4$\par
$c_2 = 3(9^{10}) = 5$
\vspace{2mm}
$c_1^a = 13$, so $c_1^{-a} = 4$\par
$c_2 \times c_1^a = 5 \times 4 = 3 = m$
\end{solution}
\vfill
\pagebreak
\problem{}
What information does Eve have? \par
What does Eve need to do to find $m$?
\vfill
\problem{}
Say Bob re-uses the same $k$ twice.\par
Let $(c_1, c_2)$ and $(d_1, d_2)$ be two ciphertexts generated with this key, encrypting messages $m_1$ and $m_2$. \par
Also, say Eve knows the value of $m_1 - m_2$. How can Eve find $m_1$ and $m_2$?\par
\note[Note]{If Bob doesn't change his key, Eve will also be able to decrypt future messages.}
\begin{solution}
$c_2 - d_2 = (m_1 - m_2)A^k$ \par
So, $(c_2 - d_2)(m_1 - m_2)^{-1} = A^k$\par
Now that we have $A^k$, we can compute $m_1 = c_2 \times A^{-k}$
\end{solution}
\vfill
\pagebreak

187
src/Advanced/Cryptography/parts/challenge.tex Executable file
View File

@ -0,0 +1,187 @@
\section{Bonus Problems}
\problem{}
Show that a group has exactly one identity element.
\vfill
\problem{}
Show that each element in a group has exactly one inverse.
\vfill
\problem{}
Let $(G, \ast)$ be a group and $a, b, c \in G$. Show that...
\begin{itemize}
\item $a \ast b = a \ast c \implies b = c$
\item $b \ast a = c \ast a \implies b = c$
\end{itemize}
This means that we can \say{cancel} operations in groups, much like we do in algebra.
\vfill
\pagebreak
\problem{}
Let $G$ be the set of all bijections $A \to A$. \par
Let $\circ$ be the usual composition operator. \par
Is $(G, \circ)$ a group?
\vfill
\definition{}
Note that our definition of a group does \textbf{not} state that $a \ast b = b \ast a$. \par
Many interesting groups do not have this property.
Those that do are called \textit{abelian} groups. \par
\vspace{2mm}
One example of a non-abelian group is the set of invertible 2x2 matrices under matrix multiplication.
\problem{}
Show that if $G$ has four elements, $(G, \ast)$ is abelian.
\vfill
\pagebreak
\problem{}
Prove \ref{mod_has_inverse}: \par
$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \par
\begin{solution}
Assume $a^\star$ is the inverse of $a \pmod{m}$. \par
Then $a^\star \times a \equiv 1 \pmod{m}$ \par
Therefore, $aa^\star - 1 = km$, and $aa^\star - km = 1$ \par
We know that $\gcd(a, m)$ divides $a$ and $m$, therefore $\gcd(a, m)$ must divide $1$. \par
$\gcd(a, m) = 1$ \par
Now, assume $\gcd(a, m) = 1$. \par
By the Extended Euclidean Algorithm, we can find $(u, v)$ that satisfy $au+mv=1$ \par
So, $au-1 = mv$. \par
$m$ divides $au-1$, so $au \equiv 1 \pmod{m}$ \par
$u$ is $a^\star$.
\end{solution}
\vfill
\problem{}<eua_runtime>
The Euclidean Algorithm (From \ref{euclid}) can be written as follows: \par
\begin{itemize}
\item Assume $a > b$.
\item Set $e_0 = a$ and $e_1 = b$. \par
\item Let $e_{n+1} = \text{remainder}(r_{n-1} \div r_{n})$ \par
\item Stop when $e_{k} = 0$.
\item Then, $\gcd(a, b) = e_{k-1}$. \par
\end{itemize}
Let $F_n$ be the $n^{\text{th}}$ Fibonacci number. ($F_0 = 0$; $F_1 = 1$; $F_2 = 1$; $\dots$) \par
\vspace{2mm}
Show that if the Euclidean algorithm requires $n$ steps for an input $(a, b)$, then $a \geq F_{n+2}$ and $b \geq F_{n+1}$.
In other words, show that the longest-running input of a given size is a Fibonacci pair.
\begin{solution}
The easiest way to go about this is induction on $n$: \par
\textcolor{gray}{\textit{Base Case:}}
If $n = 1$, $b$ divides $a$ with no remainder, and the smallest possible $a, b$ for which this is true is $(2, 1) = (F_3, F_2)$.
\linehack{}
\textcolor{gray}{\textit{Induction:}}
Assume that for $n$ steps, $a \geq F_{n+2}$ and $b \geq F_{n+1}$.
Now, say the algorithm takes $n+1 = m$ steps. \par
The first step gives us $a = q_0b + r_0$ \par
Therefore, the pair $(b, r_0)$ must take $m-1$ steps. \par
We thus know that $b \geq F_{m+1}$ and $r_0 \geq F_m$ \hfill \textcolor{gray}{by our induction hypothesis} \par
Therefore, $a = q_0b + r_0 \geq b + r_0$ \par
But $b + r_0 = F_{m+1} + F_{m} = F_{m+2}$, \par
so $a \geq F_{m+2}$.
\end{solution}
\vfill
\pagebreak
\problem{Chinese Remainder Theorem}
There are certain things whose number is unknown. If we count them by threes, we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there?
\begin{solution}
$x \equiv 2 \pmod{3}$ \par
$x \equiv 3 \pmod{5}$ \par
$x \equiv 2 \pmod{7}$ \par
$x = 23 + 105k\ \forall k \in \mathbb{Z}$
\end{solution}
\vfill
\problem{}<flt_prereq>
Show that if $p$ is prime, $\binom{p}{i} \equiv 0 \pmod{p}$
for $0 < i < p$.
\begin{solution}
$\binom{p}{i} = \frac{p!}{i!(p-i)!}$ tells us that $i!(p-i)!$ divides $p! = p(p-1)!$. \\
However, $i!(p-i)!$ and $p$ are coprime, since all factors of $i!(p-i)!$ are smaller than $p$. \\
Therefore, $i!(p-i)!$ must divide $(p-1)!$ \par
So, $\binom{p}{i} = p \times \frac{(p-1)!}{i!(p-i)!}$, and $\binom{p}{i} \equiv 0 \pmod{p}$.
\end{solution}
\vfill
\pagebreak
\problem{Fermat's Little Theorem}
Show that if $p$ is prime and $a \not\equiv 0 \pmod{p}$, then $a^{p-1} \equiv 1 \pmod{p}$. \\
You may want to use \ref{flt_prereq}. \par
\hint{It may be easier to show that $a^p \equiv a \pmod{p}$}
\begin{solution}
Use induction:
$1 \equiv 1 \pmod{p}$ \par
Using \ref{flt_prereq} and the binomial theorem, we have
$2^p = (1 + 1)^p = 1 + \binom{p}{1} + \binom{p}{2} + \dots + \binom{p}{p-1} + 1 \equiv 1 + 0 + ... + 0 + 1 \equiv 2 \pmod{p}$ \par
Then,
$3^p = (1 + 2)^p = 1 + \binom{p}{1}2 + \binom{p}{2}2^2 + \dots + \binom{p}{p-1}2^{p-1} + 2^p \equiv 1 + 0 + ... + 0 + 2 \equiv 3 \pmod{p}$ \par
We can repeat this for all $a$. This proof can be presented more formally with a bit of induction.
\end{solution}
\vfill
\problem{}
Show that for any three integers $a, b, c$, \par
$\gcd(ac + b, a) = \gcd(a, b)$ \par
%\begin{solution}
% This problem is hard, \\
% I'll write a solution eventually.
%\end{solution}
\vfill
[Note on \ref{eua_runtime}] This proof can be used to show that the Euclidean
algorithm finishes in logarithmic time, and it is the first practical application
of the Fibonacci numbers. If you have finished all challenge problems,
finish the proof: find how many steps the Euclidean algorithm needs to arrive at
a solution for a given $a$ and $b$.
\pagebreak