Mark/handouts
Mark/handouts
1
0
Fork 0
Code Pull Requests 1 Actions Packages Releases Activity

Merge branch 'master' of ssh://git.betalupi.com:33/Mark/ormc-handouts

Browse Source
This commit is contained in:
Mark 2023-05-03 22:23:29 -07:00
commit ecb259b229
5 changed files with 362 additions and 382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Advanced/Cryptography/main.tex
View File

@ -8,7 +8,6 @@
\usepackage{amsmath} \usepackage{amsmath}
\usepackage{amssymb} \usepackage{amssymb}
\usepackage{multicol} \usepackage{multicol}
\usepackage{subfiles}
\begin{document} \begin{document}
@ -19,14 +18,10 @@
{Intro to Cryptography} {Intro to Cryptography}
{Prepared by Mark on \today{}} {Prepared by Mark on \today{}}
\vspace{3ex} \input{parts/part 1}
\input{parts/part 2}
\input{parts/part 3}
\subfile{parts/part 1} \input{parts/challenge}
\subfile{parts/part 2}
\subfile{parts/part 3}
\subfile{parts/challenge}
\end{document} \end{document}

110
Advanced/Cryptography/parts/challenge.tex
View File

@ -1,21 +1,17 @@
\documentclass[../main.tex]{subfiles} \section{Challenge Problems}
\begin{document}
\section{Challenge Problems}
\problem{} \problem{}
Prove \ref{mod_has_inverse}: \\ Prove \ref{mod_has_inverse}: \\
$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ $a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\
\begin{hint} \begin{hint}
To prove an iff statement, prove each direction separately: \\ To prove an iff statement, prove each direction separately: \\
Assume that the left side is true and show that left $\implies$ right, \\ Assume that the left side is true and show that left $\implies$ right, \\
then do the reverse. then do the reverse.
\end{hint} \end{hint}
\begin{solution} \begin{solution}
Assume $a^\star$ is the inverse of $a \pmod{m}$. \\ Assume $a^\star$ is the inverse of $a \pmod{m}$. \\
Then $a^\star \times a \equiv 1 \pmod{m}$ \\ Then $a^\star \times a \equiv 1 \pmod{m}$ \\
@ -28,27 +24,27 @@
So, $au-1 = mv$. \\ So, $au-1 = mv$. \\
$m$ divides $au-1$, so $au \equiv 1 \pmod{m}$ \\ $m$ divides $au-1$, so $au \equiv 1 \pmod{m}$ \\
$u$ is $a^\star$. $u$ is $a^\star$.
\end{solution} \end{solution}
\vfill \vfill
\problem{}<eua_runtime> \problem{}<eua_runtime>
The Euclidean Algorithm (From \ref{euclid_algorithm}) can be written as follows: \\ The Euclidean Algorithm (From \ref{euclid_algorithm}) can be written as follows: \\
Assume $a > b$. Assume $a > b$.
Set $e_0 = a$ and $e_1 = b$. \\ Set $e_0 = a$ and $e_1 = b$. \\
Let $e_{n+1} = \text{remainder}(r_{n-1} \div r_{n})$ \\ Let $e_{n+1} = \text{remainder}(r_{n-1} \div r_{n})$ \\
Stop when $e_{k} = 0$. Stop when $e_{k} = 0$.
Then, $\gcd(a, b) = e_{k-1}$. \\ Then, $\gcd(a, b) = e_{k-1}$. \\
Let $F_n$ be the $n^{\text{th}}$ Fibonacci number. ($F_0 = 0$; $F_1 = 1$; $F_2 = 1$; $\dots$)\\ Let $F_n$ be the $n^{\text{th}}$ Fibonacci number. ($F_0 = 0$; $F_1 = 1$; $F_2 = 1$; $\dots$)\\
Show that if the Euclidean algorithm requires $n$ steps for an input $(a, b)$, then $a \geq F_{n+2}$ and $b \geq F_{n+1}$. Show that if the Euclidean algorithm requires $n$ steps for an input $(a, b)$, then $a \geq F_{n+2}$ and $b \geq F_{n+1}$.
(In other words, show that the longest-running input of a given size is a Fibonacci pair.) (In other words, show that the longest-running input of a given size is a Fibonacci pair.)
\begin{solution} \begin{solution}
The easiest way to go about this is induction on $n$: \\ The easiest way to go about this is induction on $n$: \\
\textcolor{gray}{\textit{Base Case:}} \textcolor{gray}{\textit{Base Case:}}
@ -69,47 +65,48 @@
Therefore, $a = q_0b + r_0 \geq b + r_0$ \\ Therefore, $a = q_0b + r_0 \geq b + r_0$ \\
But $b + r_0 = F_{m+1} + F_{m} = F_{m+2}$, \\ But $b + r_0 = F_{m+1} + F_{m} = F_{m+2}$, \\
so $a \geq F_{m+2}$. so $a \geq F_{m+2}$.
\end{solution} \end{solution}
\vfill \vfill
\pagebreak
\problem{Chinese Remainder Theorem} \problem{Chinese Remainder Theorem}
There are certain things whose number is unknown. If we count them by threes, we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there? There are certain things whose number is unknown. If we count them by threes, we have two left over; by fives, we have three left over; and by sevens, two are left over. How many things are there?
\begin{solution} \begin{solution}
$x \equiv 2 \pmod{3}$ \\ $x \equiv 2 \pmod{3}$ \\
$x \equiv 3 \pmod{5}$ \\ $x \equiv 3 \pmod{5}$ \\
$x \equiv 2 \pmod{7}$ \\ $x \equiv 2 \pmod{7}$ \\
$x = 23 + 105k\ \forall k \in \mathbb{Z}$ $x = 23 + 105k\ \forall k \in \mathbb{Z}$
\end{solution} \end{solution}
\vfill \vfill
\problem{}<flt_prereq> \problem{}<flt_prereq>
Show that if $p$ is prime, $\binom{p}{i} \equiv 0 \pmod{p}$ Show that if $p$ is prime, $\binom{p}{i} \equiv 0 \pmod{p}$
for $0 < i < p$. for $0 < i < p$.
\begin{solution} \begin{solution}
$\binom{p}{i} = \frac{p!}{i!(p-i)!}$ tells us that $i!(p-i)!$ divides $p! = p(p-1)!$. \\ $\binom{p}{i} = \frac{p!}{i!(p-i)!}$ tells us that $i!(p-i)!$ divides $p! = p(p-1)!$. \\
However, $i!(p-i)!$ and $p$ are coprime, since all factors of $i!(p-i)!$ are smaller than $p$. \\ However, $i!(p-i)!$ and $p$ are coprime, since all factors of $i!(p-i)!$ are smaller than $p$. \\
Therefore, $i!(p-i)!$ must divide $(p-1)!$ \\ Therefore, $i!(p-i)!$ must divide $(p-1)!$ \\
So, $\binom{p}{i} = p \times \frac{(p-1)!}{i!(p-i)!}$, and $\binom{p}{i} \equiv 0 \pmod{p}$. So, $\binom{p}{i} = p \times \frac{(p-1)!}{i!(p-i)!}$, and $\binom{p}{i} \equiv 0 \pmod{p}$.
\end{solution} \end{solution}
\vfill \vfill
\problem{Fermat's Little Theorem} \problem{Fermat's Little Theorem}
Show that if $p$ is prime and $a \not\equiv 0 \pmod{p}$, then $a^{p-1} \equiv 1 \pmod{p}$. \\ Show that if $p$ is prime and $a \not\equiv 0 \pmod{p}$, then $a^{p-1} \equiv 1 \pmod{p}$. \\
You may want to use \ref{flt_prereq}. You may want to use \ref{flt_prereq}.
\begin{hint} \begin{hint}
It may be easier to show that $a^p \equiv a \pmod{p}$ It may be easier to show that $a^p \equiv a \pmod{p}$
\end{hint} \end{hint}
\begin{solution} \begin{solution}
Use induction: Use induction:
$1 \equiv 1 \pmod{p}$ \\ $1 \equiv 1 \pmod{p}$ \\
@ -124,23 +121,22 @@
We can repeat this for all $a$. This proof can be presented more formally with a bit of induction. We can repeat this for all $a$. This proof can be presented more formally with a bit of induction.
\end{solution} \end{solution}
\vfill \vfill
%\problem{} %\problem{}
%Prove \ref{theorem:gcd_abc}: \\ %Prove \ref{theorem:gcd_abc}: \\
%For any integers $a, b, c$, \\ %For any integers $a, b, c$, \\
%$\gcd(ac + b, a) = \gcd(a, b)$\\ %$\gcd(ac + b, a) = \gcd(a, b)$\\
%\begin{solution} %\begin{solution}
% This problem is hard, \\ % This problem is hard, \\
% I'll write a solution eventually. % I'll write a solution eventually.
%\end{solution} %\end{solution}
%\vfill %\vfill
[Note on \ref{eua_runtime}] This proof can be used to show that the Euclidean algorithm finishes in logarithmic time, and it is the first practical application of the Fibonacci numbers. If you have finished all challenge problems, finish the proof: show that the Euclidean runs in $O(\log{n})$ [Note on \ref{eua_runtime}] This proof can be used to show that the Euclidean algorithm finishes in logarithmic time, and it is the first practical application of the Fibonacci numbers. If you have finished all challenge problems, finish the proof: show that the Euclidean runs in $O(\log{n})$
\pagebreak \pagebreak
\end{document}

122
Advanced/Cryptography/parts/part 1.tex
View File

@ -1,107 +1,101 @@
\documentclass[../main.tex]{subfiles} \definition{}
The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \\
\begin{document} We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$.
\section{The Euclidean Algorithm}
\definition{}
The \textit{greatest common divisor} of $a$ and $b$ is the greatest integer that divides both $a$ and $b$. \\
We denote this number with $\gcd(a, b)$. For example, $\gcd(45, 60) = 15$.
\theorem{The Division Algorithm} \theorem{The Division Algorithm}
Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \\ Given two integers $a, b$, we can find two integers $q, r$, where $0 \leq r < b$ and $a = qb + r$. \\
In other words, we can divide $a$ by $b$ to get $q$ remainder $r$. In other words, we can divide $a$ by $b$ to get $q$ remainder $r$.
\theorem{}<gcd_abc> \theorem{}<gcd_abc>
For any integers $a, b, c$, \\ For any integers $a, b, c$, \\
$\gcd(ac + b, a) = \gcd(a, b)$ $\gcd(ac + b, a) = \gcd(a, b)$
\problem{} \problem{}
Find $\gcd(20, 14)$ by hand. Find $\gcd(20, 14)$ by hand.
\begin{solution} \begin{solution}
$\gcd(20, 14) = 2$ $\gcd(20, 14) = 2$
\end{solution} \end{solution}
\vfill \vfill
\problem{}<euclid_algorithm> \problem{The Euclidean Algorithm}<euclid_algorithm>
Using the theorems above, detail an algorithm for finding $\gcd(a, b)$.\\ Using the theorems above, detail an algorithm for finding $\gcd(a, b)$.\\
Then, compute $\gcd(1610, 207)$ by hand. \\ Then, compute $\gcd(1610, 207)$ by hand. \\
Have an instructor check your work before moving on.
\begin{solution} \begin{solution}
Using \ref{gcd_abc} and the division algorthm, Using \ref{gcd_abc} and the division algorthm,
% Minipage prevents column breaks inside body % Minipage prevents column breaks inside body
\begin{multicols}{2} \begin{multicols}{2}
\begin{minipage}{\columnwidth} \begin{minipage}{\columnwidth}
$\gcd(1610, 207)$ \\ $\gcd(1610, 207)$ \par
$= \gcd(207, 161)$ \\ $= \gcd(207, 161)$ \par
$= \gcd(161, 46)$ \\ $= \gcd(161, 46)$ \par
$= \gcd(46, 23)$ \\ $= \gcd(46, 23)$ \par
$= \gcd(23, 0) = 23$ \\ $= \gcd(23, 0) = 23$ \par
\end{minipage} \end{minipage}
\columnbreak \columnbreak
\begin{minipage}{\columnwidth} \begin{minipage}{\columnwidth}
$1610 = 207 \times 7 + 161$ \\ $1610 = 207 \times 7 + 161$ \par
$207 = 161 \times 1 + 46$ \\ $207 = 161 \times 1 + 46$ \par
$161 = 46 \times 3 + 23$ \\ $161 = 46 \times 3 + 23$ \par
$46 = 23 \times 2 + 0$ \\ $46 = 23 \times 2 + 0$ \par
\end{minipage} \end{minipage}
\end{multicols} \end{multicols}
\end{solution} \end{solution}
\vfill \vfill
\pagebreak \pagebreak
\problem{Divide and Conquer} \problem{Divide and Conquer}
If we are given $a, b, c$, when can we find $u, v$ that satisfy $au + bv = c$? If we are given $a, b, c$, when can we find $u, v$ that satisfy $au + bv = c$?
\problempart{Divide} \problempart{Divide}
Show that if we find a solution $(u, v)$ to $au + bv = \gcd(a, b)$, we can easily find a $(u, v)$ for any other value of $c$. \\ Show that if we find a solution $(u, v)$ to $au + bv = \gcd(a, b)$, we can easily find a $(u, v)$ for any other value of $c$. \\
\textcolor{gray}{\textit{Note: } We are not looking for \textit{all} $(u, v)$ that solve $au + bv = c$, we are looking for an easy way to find \textit{any} $(u, v)$.} \textcolor{gray}{\textit{Note: } We are not looking for \textit{all} $(u, v)$ that solve $au + bv = c$, we are looking for an easy way to find \textit{any} $(u, v)$.}
\begin{solution} \begin{solution}
Note that $\gcd(a, b)$ divides both a and b. \\ Note that $\gcd(a, b)$ divides both a and b. \\
Therefore, any $c$ must be divisible by $\gcd(a, b)$. Therefore, any $c$ must be divisible by $\gcd(a, b)$.
The smallest such $c$ is $\gcd(a, b)$ itself, and we can get all other tuples $(u, v, c)$ by scaling. The smallest such $c$ is $\gcd(a, b)$ itself, and we can get all other tuples $(u, v, c)$ by scaling.
\end{solution} \end{solution}
\vfill \vfill
\problempart{Conquer}<extend_e_algorithm> \problempart{Conquer}<extend_e_algorithm>
Using the output of your algorithm\footnotemark{} from \ref{euclid_algorithm}, Using the output of the Euclidean algorithm,
\footnotetext{Your solution to \ref{euclid_algorithm} is called the \textit{Euclidean Algorithm}}
\begin{itemize} \begin{itemize}
\item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$ \item[-] find a pair $(u, v)$ that satisfies $20u + 14v = \gcd(20, 14)$
\item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ \\ \item[-] find a pair $(u, v)$ that satisfies $541u + 34v = \gcd(541, 34)$ \\
% gcd = 1 % gcd = 1
% u = 11; v = -175 % u = 11; v = -175
\end{itemize} \end{itemize}
For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\ For which numbers $c$ can we find a $(u, v)$ so that $541u + 34v = c$? \\
For every such $c$, what are $u$ and $v$? For every such $c$, what are $u$ and $v$?
\begin{solution} \begin{solution}
Using the output of the Euclidean Algorithm, we can use substitution and a bit of algebra to solve such problems. Consider the following example: Using the output of the Euclidean Algorithm, we can use substitution and a bit of algebra to solve such problems. Consider the following example:
\begin{multicols}{2} \begin{multicols}{2}
\begin{minipage}{\columnwidth} \begin{minipage}{\columnwidth}
\textit{Euclidean Algorithm:} \\ \textit{Euclidean Algorithm:} \par
$20 = 14 \times 1 + 6$ \\ $20 = 14 \times 1 + 6$ \par
$14 = 6 \times 2 + 2$ \\ $14 = 6 \times 2 + 2$ \par
$6 = 2 \times 3 + 0$ \\ $6 = 2 \times 3 + 0$ \par
\end{minipage} \end{minipage}
\columnbreak \columnbreak
\begin{minipage}{\columnwidth} \begin{minipage}{\columnwidth}
\textit{Rearranged:} \\ \textit{Rearranged:} \par
$6 = 20 - 14 \times 1$ \\ $6 = 20 - 14 \times 1$ \par
$2 = 14 - 6 \times 2 = \gcd(20, 14)$ \\ $2 = 14 - 6 \times 2 = \gcd(20, 14)$ \par
\end{minipage} \end{minipage}
\end{multicols} \end{multicols}
@ -123,7 +117,9 @@
$u = k \times u_0 = 11k$ and $v = k \times v_0 = -175k$. \\ $u = k \times u_0 = 11k$ and $v = k \times v_0 = -175k$. \\
(See Part A) (See Part A)
\end{solution} \end{solution}
\vfill
\pagebreak
\end{document} \vfill
\pagebreak

73
Advanced/Cryptography/parts/part 2.tex
View File

@ -1,68 +1,65 @@
\documentclass[../main.tex]{subfiles} \section{Modular Arithmetic}
\begin{document} \definition{}
\section{Modular Arithmetic} We say that $a, b$ are equivalent mod $m$ if $m$ divides $a - b$. \\
If $a$ is equivalent to $b$ mod $m$, we write $a \equiv b \pmod{m}$. \\
\definition{} You can think of $b$ as the remainder of $a \div m$:
We say that $a, b$ are equivalent mod $m$ if $m$ divides $a - b$. \\ \begin{itemize}
If $a$ is equivalent to $b$ mod $m$, we write $a \equiv b \pmod{m}$. \\
You can think of $b$ as the remainder of $a \div m$:
\begin{itemize}
\item[] $32 \equiv 2 \pmod{6}$ \item[] $32 \equiv 2 \pmod{6}$
\item[] $4 \equiv 4 \pmod{6}$ \item[] $4 \equiv 4 \pmod{6}$
\item[] $-2 \equiv 4 \pmod{6}$ \item[] $-2 \equiv 4 \pmod{6}$
\end{itemize} \end{itemize}
\problem{} \problem{}
Complete the following: Complete the following:
\begin{itemize} \begin{itemize}
\item[] $87 \equiv ? \pmod{12}$ \hspace{3em} \textcolor{gray}{(Your answer should be between $0$ and $12$)} \item[] $87 \equiv ? \pmod{12}$ \hspace{3em} \textcolor{gray}{(Your answer should be between $0$ and $12$)}
\item[] $13 \equiv 2 \pmod{?}$ \item[] $13 \equiv 2 \pmod{?}$
\item[] $? \equiv 1 \pmod{9}$ \item[] $? \equiv 1 \pmod{9}$
\end{itemize} \end{itemize}
\begin{solution} \begin{solution}
\begin{itemize} \begin{itemize}
\item[] $87 \equiv 3 \pmod{12}$ \item[] $87 \equiv 3 \pmod{12}$
\item[] $13 \equiv 2 \pmod{11}$ \item[] $13 \equiv 2 \pmod{11}$
\item[] $(9k + 1) \equiv 1 \pmod{9}\ \forall k \in \mathbb{Z}$ \item[] $(9k + 1) \equiv 1 \pmod{9}\ \forall k \in \mathbb{Z}$
\end{itemize} \end{itemize}
\end{solution} \end{solution}
\vfill \vfill
\definition{} \definition{}
The inverse of $a$ mod $m$ is an integer $a^\star$ so that \\ The inverse of $a$ mod $m$ is an integer $a^\star$ so that \\
$a \times a^\star \equiv 1 \pmod{m}$. \\ $a \times a^\star \equiv 1 \pmod{m}$. \\
Note that not every $a$ has an inverse mod $m$. Note that not every $a$ has an inverse mod $m$.
\theorem{}<mod_has_inverse> \theorem{}<mod_has_inverse>
$a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\ $a$ has an inverse mod $m$ iff $\gcd(a, m) = 1$ \\
\textcolor{gray}{\textit{The proof of this theorem is left as a challenge problem.}} \textcolor{gray}{\textit{The proof of this theorem is left as a challenge problem.}}
\problem{D\'ej\`a vu?}<find_inverse> \problem{D\'ej\`a vu?}<find_inverse>
Find the inverse of $20 \pmod{14}$, if one exists. \\ Find the inverse of $20 \pmod{14}$, if one exists. \\
Find the inverse of $34 \pmod{541}$, if one exists. Find the inverse of $34 \pmod{541}$, if one exists.
\begin{solution} \begin{solution}
$20^\star$ does not exist mod $14$, by \ref{mod_has_inverse}. \\ $20^\star$ does not exist mod $14$, by \ref{mod_has_inverse}. \\
$34^\star \equiv -175 \equiv 366 \pmod{541}$. $34^\star \equiv -175 \equiv 366 \pmod{541}$.
See \ref{general_inverse} for an explanation. See \ref{general_inverse} for an explanation.
\end{solution} \end{solution}
\vfill \vfill
\problem{}<general_inverse> \problem{}<general_inverse>
In general, how can we find the inverse of $a \pmod{p}$?\\ In general, how can we find the inverse of $a \pmod{p}$?\\
(Assume $p$ is prime.) (Assume $p$ is prime.)
\begin{solution} \begin{solution}
We need an $a^\star$ so that $a \times a^\star \equiv 1 \pmod{m}$. \\ We need an $a^\star$ so that $a \times a^\star \equiv 1 \pmod{m}$. \\
This means that $aa^\star - mk = 1$. \\ This means that $aa^\star - mk = 1$. \\
Since $p$ is prime, $\gcd(a, m) = 1$, and $aa^\star - mk = \gcd(a, m)$ \\ Since $p$ is prime, $\gcd(a, m) = 1$, and $aa^\star - mk = \gcd(a, m)$ \\
Now use the Extended Euclidean Algorithm from \ref{extend_e_algorithm} to find $a^\star$. Now use the Extended Euclidean Algorithm from \ref{extend_e_algorithm} to find $a^\star$.
\end{solution} \end{solution}
\vfill
\pagebreak
\vfill
\pagebreak
\end{document}

150
Advanced/Cryptography/parts/part 3.tex
View File

@ -1,85 +1,82 @@
\documentclass[../main.tex]{subfiles} \section{Symmetric Cryptosystems}
\begin{document} \definition{}
\section{Symmetric Cryptosystems} The goal of cryptography is to establish private communication between two parties over
a public channel. The rest of this handout tries to achieve this goal, using the tools we've
developed in the last two sections. \\
\definition{} In this handout, a ``symmetric cryptosystem'' consists of the following:
The goal of cryptography is to establish private communication between two parties over \begin{itemize}
a public channel. The rest of this handout tries to achieve this goal, using the tools we've
developed in the last two sections. \\
In this handout, a ``symmetric cryptosystem'' consists of the following:
\begin{itemize}
\item[-] A public prime number $p$ (Ideally, a \textit{big} prime number). \item[-] A public prime number $p$ (Ideally, a \textit{big} prime number).
\item[-] $k$, a secret key that is shared between both parties. This is NOT public. \item[-] $k$, a secret key that is shared between both parties. This is NOT public.
\item[-] $E_k(m) = c$, a function that uses key $k$ to encrypt message $m$ into a ciphertext $c$. \item[-] $E_k(m) = c$, a function that uses key $k$ to encrypt message $m$ into a ciphertext $c$.
\item[-] $D_k(c) = m$, a function that uses key $k$ to decrypt a ciphertext $c$ into message $m$. \\ \item[-] $D_k(c) = m$, a function that uses key $k$ to decrypt a ciphertext $c$ into message $m$. \\
\item[-] Of course, $D_k(E_k(m)) = m$. \\ \item[-] Of course, $D_k(E_k(m)) = m$. \\
\end{itemize} \end{itemize}
We have a good reason for picking a prime $p$. A prime base guarantees that every\footnote[1]{except those $\equiv 0 \pmod{p}$, of course} integer has an inverse mod $p$. Review \ref{mod_has_inverse} and convince yourself that this is true. \\ We have a good reason for picking a prime $p$. A prime base guarantees that every\footnote[1]{except those $\equiv 0 \pmod{p}$, of course} integer has an inverse mod $p$. Review \ref{mod_has_inverse} and convince yourself that this is true. \\
\vspace{2ex} \vspace{2ex}
We'll assume that the secret key $k$ has been shared beforehand. How such a $k$ is created is beyond the scope of this handout, but those that are curious may look up ``Diffie-Hellman Key Exchange'' (Computerphile offers a We'll assume that the secret key $k$ has been shared beforehand. How such a $k$ is created is beyond the scope of this handout, but those that are curious may look up ``Diffie-Hellman Key Exchange'' (Computerphile offers a
pretty good introduction). \\ pretty good introduction). \\
\vspace{2ex} \vspace{2ex}
One may wonder why we care about secretly exchanging numbers. Those of you with experience in computing may have an answer: any information---text, images, etc---may be represented as a number. For example, we can encode the 26 letters of the alphabet as the numbers $1 - 26$. Such mappings are called ``encodings.'' \\ One may wonder why we care about secretly exchanging numbers. Those of you with experience in computing may have an answer: any information---text, images, etc---may be represented as a number. For example, we can encode the 26 letters of the alphabet as the numbers $1 - 26$. Such mappings are called ``encodings.'' \\
\vspace{2ex} \vspace{2ex}
Finally, you will notice that the encryption schemes that follow can only take a limited range of inputs. Indeed, even the cyphers in use today have a limited input size. A simple (though possible insecure) way to overcome this limitation is to split the message into ``blocks'' of a desired size, and encrypt each independently. Finally, you will notice that the encryption schemes that follow can only take a limited range of inputs. Indeed, even the cyphers in use today have a limited input size. A simple (though possibly insecure) way to overcome this limitation is to split the message into blocks of a desired size, encrypting each independently.
\vfill \vfill
\pagebreak \pagebreak
\problem{Multiplication mod p} \problem{Multiplication mod p}
Consider the cryptosystem where Consider the cryptosystem where
\begin{itemize} \begin{itemize}
\item[-] $p$ is a prime (for this problem, fix $p = 11$. Remember, $p$ is public.) \item[-] $p$ is a prime (for this problem, fix $p = 11$. Remember, $p$ is public.)
\item[-] $k$ is an integer \item[-] $k$ is an integer
\item[-] $E_k(m) = k \times m \pmod{p}$ \item[-] $E_k(m) = k \times m \pmod{p}$
\item[-] $D_k(c) = k^\star \times c \pmod{p}$ \item[-] $D_k(c) = k^\star \times c \pmod{p}$
\end{itemize} \end{itemize}
\problempart{} \problempart{}
Encrypt $m = 8$ with $k = 5$. \\ Encrypt $m = 8$ with $k = 5$. \\
Decrypt $c = 3$ with $k = 9$. \\ Decrypt $c = 3$ with $k = 9$. \\
\textcolor{gray}{In other words, find $E_5(8)$ and $D_9(3)$} \textcolor{gray}{In other words, find $E_5(8)$ and $D_9(3)$}
\begin{solution} \begin{solution}
$E_5(8) = 5 \times 8 \equiv 7$ \\ $E_5(8) = 5 \times 8 \equiv 7$ \\
$D_9(3) = k^\star \times 3 = 5 \times 3 \equiv 4$ $D_9(3) = k^\star \times 3 = 5 \times 3 \equiv 4$
\end{solution} \end{solution}
\vfill \vfill
\problempart{} \problempart{}
Using this cryptosystem, Nikita sends a message to Sanjit. \\ Using this cryptosystem, Nikita sends a message to Sanjit. \\
Looking over Sanjit's shoulder, you find that $E_k(9) = 8$ \\ Looking over Sanjit's shoulder, you find that $E_k(9) = 8$ \\
What key was used? \\ What key was used? \\
\textcolor{gray}{This is called a \textit{known plaintext attack}. With a good cryptosystem, it will be very difficult to solve this problem.} \textcolor{gray}{This is called a \textit{known plaintext attack}. With a good cryptosystem, it will be very difficult to solve this problem.}
\begin{solution} \begin{solution}
$E_k = c = km$ \\ $E_k = c = km$ \\
$E_k \times m^\star = kmm^\star = k$ \\ $E_k \times m^\star = kmm^\star = k$ \\
$m^\star = 5; k = 7$ $m^\star = 5; k = 7$
\end{solution} \end{solution}
\vfill \vfill
\problempart{}<mult_analysis> \problempart{}<mult_analysis>
If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\
What range of values can this system effectively encrypt? What range of values can this system effectively encrypt?
Justify all answers. Justify all answers.
\begin{solution} \begin{solution}
If the messages are independent, no. However, analysis is possible if the plaintexts have a known structure. If the messages are independent, no. However, analysis is possible if the plaintexts have a known structure.
@ -88,44 +85,44 @@
$m \in \{1, 2, ..., 10\}$ \\ $m \in \{1, 2, ..., 10\}$ \\
Note that $m$ cannot be $\equiv 0$. Note that $m$ cannot be $\equiv 0$.
\end{solution} \end{solution}
\vfill \vfill
\pagebreak \pagebreak
\problem{The Affine Cipher} \problem{The Affine Cipher}
Consider the cryptosystem where Consider the cryptosystem where
\begin{itemize} \begin{itemize}
\item[-] $p$ is a prime (for this problem, fix $p = 541$) \item[-] $p$ is a prime (for this problem, fix $p = 541$)
\item[-] $k = (k_1,\ k_2)$ is a tuple of two integers \item[-] $k = (k_1,\ k_2)$ is a tuple of two integers
\item[-] $E_k(m) = k_1 \times m + k_2 \pmod{p}$ \item[-] $E_k(m) = k_1 \times m + k_2 \pmod{p}$
\item[-] $D_k(c) = k_1^\star \times (c - k_2) \pmod{p}$ \item[-] $D_k(c) = k_1^\star \times (c - k_2) \pmod{p}$
\end{itemize} \end{itemize}
\problempart{} \problempart{}
Encrypt $m = 204$ with $k = (34,\ 71)$. \\ Encrypt $m = 204$ with $k = (34,\ 71)$. \\
Decrypt $c = 431$ with $k = (34,\ 71)$. Decrypt $c = 431$ with $k = (34,\ 71)$.
\begin{solution} \begin{solution}
$E_k(204) = 34 \times 204 + 71 \equiv 515$ \\ $E_k(204) = 34 \times 204 + 71 \equiv 515$ \\
$k^\star = 366$ $k^\star = 366$
\hfill\textcolor{gray}{Known from \ref{find_inverse}}\\ \hfill\textcolor{gray}{Known from \ref{find_inverse}}\\
$D_k(431) = 366 (431 - 71) \equiv 297$ $D_k(431) = 366 (431 - 71) \equiv 297$
\end{solution} \end{solution}
\vfill \vfill
\problempart{} \problempart{}
Now, let $p = 601$. You know two plaintext-ciphertext pairs:\\ Now, let $p = 601$. You know two plaintext-ciphertext pairs:\\
$(m_1,\ c_1) = (387,\ 324)$ \\ $(m_1,\ c_1) = (387,\ 324)$ \\
$(m_2,\ c_2) = (491,\ 381)$ \\ $(m_2,\ c_2) = (491,\ 381)$ \\
How would you find $(k_1, k_2)$? \\ How would you find $(k_1, k_2)$? \\
\textcolor{gray}{\textit{Note: } You do NOT have to find $k$. The calculations take a lot of manual labor. All you need to do is detail the steps you \textit{would} take if you had a calculator.} \textcolor{gray}{\textit{Note: } You do NOT have to find $k$. The calculations take a lot of manual labor. All you need to do is detail the steps you \textit{would} take if you had a calculator.}
\begin{solution} \begin{solution}
$E_k(387) = k_1 \times 387 + k_2 \equiv 324 \pmod{601}$ \\ $E_k(387) = k_1 \times 387 + k_2 \equiv 324 \pmod{601}$ \\
$E_k(491) = k_1 \times 491 + k_2 \equiv 381 \pmod{601}$ \\ $E_k(491) = k_1 \times 491 + k_2 \equiv 381 \pmod{601}$ \\
@ -141,16 +138,16 @@
Substitute $k_1 = 41$. \\ Substitute $k_1 = 41$. \\
$(k_1, k_2) = (41, 83)$ $(k_1, k_2) = (41, 83)$
\end{solution} \end{solution}
\vfill \vfill
\problempart{} \problempart{}
If you only know one message and its corresponding ciphertext, can you find the encryption key? \\ If you only know one message and its corresponding ciphertext, can you find the encryption key? \\
If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\ If you know many ciphertexts encrypted with the same key, can you find the key used to create them? \\
What range of values can this system effectively encrypt? What range of values can this system effectively encrypt?
Justify all answers. Justify all answers.
\begin{solution} \begin{solution}
Given $m$ and $c$, you cannot find $k_1$ or $k_2$. Given $m$ and $c$, you cannot find $k_1$ or $k_2$.
\linehack{} \linehack{}
@ -162,8 +159,7 @@
$m \in \{1, 2, ..., 540\}$ $m \in \{1, 2, ..., 540\}$
Other answers are the same as those to \ref{mult_analysis}. Other answers are the same as those to \ref{mult_analysis}.
\end{solution} \end{solution}
\vfill \vfill
\pagebreak \pagebreak
\end{document}