Objectives: To Learn and Answer A Few Questions About Euler's Totient Function, The RSA
Objectives: To Learn and Answer A Few Questions About Euler's Totient Function, The RSA
Objectives: To Learn and Answer A Few Questions About Euler's Totient Function, The RSA
Objectives: To learn and answer a few questions about Euler’s Totient function, the RSA
public-key encryption algorithm, Diffie-Hellman Key Exchange algorithm, and polynomial
arithmetic over finite fields.
Notes on the Writing Format and Details Requirements: Be sure to include your work,
including brief explanations, in your answers using your own words in the first tense (and do
not copy/paste the assignment’s questions or instructions as part of your answer!) to each of
the questions; otherwise, inadequate descriptions/explanations or not following the prescribed
format for your work will result in up to 3 points (i.e., 10%) deducted from your assignment’s
grade.
Submission Instructions: Submit your answer in a single file in Word or PDF format to
WebCourses, using the name of: <Last (family) name>,<First (given) full
name>_Assignment<number>.<filetype>, for example, Smith,Jonathan_Assignment4.pdf.
Note: The document “HW4-Remarks.pdf” is provided for your reference, but be sure you
read and understand its “spoiler alert/disclaimer.”
1. (7 pts.) First, recall the definition of Euler’s Totient function (p.42 of Notes#5 on Modular
Arithmetic). For integer n 2, the set of integers 1 and n1, that are relatively prime
to n, form a (multiplicative) abelian group G; Euler’s Totient function is defined as (n) =
|G|. That is, for integer n 2, (n) = the count of integers, in the range of 1 through n1,
which share no common factors with n except for 1. For example, (8) = 4, since the set
of integers 1 and 7, that are relatively prime to 8, is {1,3,5,7} which has 4 elements;
for any prime p, (p) = p1, since all integers 1, 2, .., p1, are relatively prime to p (by the
definition of p being a prime). There is also a formula for computing (n) once we know
the prime factorization of n:
1 1 1 1
(n) n 1 n1 1 ...1 , assumingp1 , p 2 ,..., p r , are the prime factors for n
p| n
p p1 p 2 p r
Consider two primes p = 137 and q = 79. (These are very small primes, used here for
demonstration purposes.). Define n = pq = (137)(79) = 10823.
(a) Compute (pq) where () is Euler’s Totient function.
(b) Determine a number E, 2 E (pq), so that GCD(E, (pq)) = 1. (Hint: Try E = 5, or
use randomly generated values for E until finding one that works.)
(c) For E selected from (b) find its multiplicative inverse D such that DE 1 mod (pq).
(Hint: use the Extended Euclid’s GCD algorithm on pages 40, 41 of Notes#5 on
Modular Arithmetic.)
(d) For each value of T, T = 99 and 102, compute C = TE mod n, then compute CD mod n,
where n = pq = 10823. What is your conclusion?
(e) Similar to (d), for each value of T = 99 and 102, compute C = TD mod n, then compute
CE mod n, where n = pq = 10823. What is your conclusion?
3. (6 pts.) Consider a variation (simplified and broken version) of the DH Key Exchange
algorithm using a public-key protocol: Two parties A and B wanting to communicate first
agree on a public key (n, g) where n is a (large) prime number, and g a fixed number, 2
g n 1. To establish a secret key between A and B, party A chooses a private key
(random number) x, calculates X = g x (mod n), then sends it to party B. Similarly, party
B chooses its own private key y, calculates Y = g y (mod n), then sends it to party A.
When A receives the value Y = g y, it calculates the secret key K = g x + g y (mod n).
Similarly, party B after receiving X = g x (mod n) from A, calculates g y + g x (mod n),
then use it as the secret key. Note that an eavesdropper E monitoring the communications
can capture both X and Y (i.e., both g x and g y, modulo n) although E does not know the
two private keys (random numbers) x and y. (E does know the public key (n, g).) Now
answer the below questions regarding this new secret key exchange algorithm.
(a) Show/explain why the above algorithm works in the sense that it allows the
communicating parties A and B establish a (common) secret key.
(b) Suppose the eavesdropper E, after capturing the value g x (mod n), uses the below
algorithm to calculate/crack the private key x:
Step 1. Set k = 1
Step 2. Compute g k (mod n)
Step 3. Test if g k = (the captured value) g x (mod n): if equal, then found the
private key k, declare “Success” and stop
Step 4. Otherwise, increment k by 1, go back to Step 2 (unless the value of k =
n; in that case, declare “Failure” and stop)
Explain why the above “brute-force” algorithm is considered inefficient, e.g., suppose
n is a large prime with 600 decimal digits.
(c) Suppose a “smarter” eavesdropper S who also captured the value X = g x (mod n),
realized that the private key x = g1 X (mod n), where g1 denotes the “multiplicative
inverse” of g (mod n). Based on this idea, describe an “efficient” algorithm that
calculates (cracks) the private key x.
(d) (Extra-credit, up to 2 pts.) Describe an efficient algorithm/method, including an
analysis of its time complexity, for an eavesdropper to determine/crack the (common)
secret key established between communicating parties A and B, without having the
need to crack the parties’ private keys.
4. (5 pts.) Determine all divisors of the polynomial f(x) = x5 + x4 + x3 + 1 over GF(2). (Hint:
First, find a degree one polynomial divisor f(x) (if any); if not found, try to find a degree-
two polynomial divisor. When a divisor is identified, divide it into x5 + x4 + x3 + 1 to get a
quotient polynomial. Continue the process by finding the divisors of the quotient
polynomial, etc, until reaching an irreducible polynomial, i.e., no more divisors can be
found. Once you have a complete factorization of f(x), list all its divisors.)
5. (5 pts.) Determine the multiplicative inverse of x3 + x2 + 1 in GF(24), using the prime
(irreducible) polynomial m(x) = x4 + x + 1 as the modulo polynomial. (Hint: Adapt the
Extended Euclid’s GCD algorithm, on pages 40, 41 of Notes#5 on Modular Arithmetic, to
polynomials.)