hw9 - p. 242, #11. p. 252, # 1, 2, 3, 4, 5, 6 p. 255, # 1,...

Info iconThis preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
p. 242, #11. p. 252, # 1, 2, 3, 4, 5, 6 p. 255, # 1, 2, 3. p. 242 #11. We assume that and are 512 bit numbers, satisfying h(IV, ) = h(IV, ). A 512 bit numbers is always bounded above by , so and (a) By the CRT, we know that there is a unique solution to the simultaneous linear congruences and . Note that < < . (b) The value of is almost constant over the range from to , and is never much bigger than . (The same applies to .) We see that if is at least 1, then < . Moreover, < < < . Now if , then < = . So for all k's in the range from 0 to , is at most of , so lies in the (proportionally) short interval between 1 and 1.25 times , so the logarithm is essentially constant. But since < < < , then is at most = = , which is about in the logarithmic sense.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
(c) Since is about 543, the probability for a given value of k that is prime is 1/543. By probabilistic independence of the primality of and , since is about 300000, then the probability that for that given value of k we have both and are prime is . (d) However, even though the chance is almost that either one or the other or both of the q's is not prime, the likelihood of never getting even one good k among = tries is miniscule. (e) And with modern computers, it is very possible to go in and check each possible value of k until we find one yielding and both prime. When we find one, then we have the desired pair of RSA moduli, and . However, H( ) = H( ) = H( ) = H( || ) = h( h(IV, ) , ) = h( h(IV, ) , ) = H( || ) = H( ) = H( ) = H( ) since h(IV, ) = h(IV, ) by the assumed collision in the compression function h. (Note that is smaller than , so that bit string will occupy only the lower 512 bits of the 1024 bit string.)
Background image of page 2
(1.1) (4.1) ln(2^784): evalf(%); %^2; (1-1/%); %^(2^30); 543.4273896 0.9999966138 p. 252 #1. , but m, s, and r are public. Hence the argument at the top of TW p. 248 applies. p. 252 #2.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/14/2012 for the course MATH 470 taught by Professor Staff during the Spring '08 term at Texas A&M.

Page1 / 10

hw9 - p. 242, #11. p. 252, # 1, 2, 3, 4, 5, 6 p. 255, # 1,...

This preview shows document pages 1 - 4. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online