This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: SECTION 3.7 Applications of Number Theory Many of these exercises are reasonably straightforward calculations, but the amount of arithmetic involved in
some of them can be formidable. Look at the worked out examples in the text if you need help getting the
hang of it. The theoretical exercises, such as #16 and #l? give you a good taste of the kinds of proofs in an
elementary number theory course. Look at Exercise 45: it will give you a better understanding of some of the
issues underlying this section, by forcing you to confront the difference between calculations that can be done
without trial and error and those that seem to require it. 1. a) This ﬁrst one is easy to do by inspection. Clearly 10 and 11 are relatively prime, so their greatest common
divisor is 1, and 1: 11 — 10 : (l)  10+ 111.
b) In order to ﬁnd the coefﬁcients .9 and t such that 213 + 44.6 = ged(21, 44), we carry out the steps of the
Euclidean algorithm.
44 2 2  21 + 2 21=102+1 Then we work up from the bottom, expressing the greatest common divisor (which we have just seen to he 1)
in terms of the numbers involved in the algorithm, namely 44, 21, and 2. In particular, the last equation
tells us that 1 : 21 — 10 2, so that we have expressed the god as a linear combination of 21 and 2. But now
the ﬁrst equation tells us that 2 : 44 — 2  21; we plug this into our previous equation and obtain l=21'10(44—221}:2121—1044. Thus we have expressed 1 as a linear combination (with integer coefﬁcients) of 21 and 44, namely gcd(21, 44) :
21  21 + (—10)  44. 0) Again, we carry out the Euclidean algorithm. Since 48 = 136+12, and 12 l 36, we know that gcd(36, 48) =
12. From the equation shown here, we can immediately write 12 :— (—1)  36 + 48. Section 3.7 Applications of Number Theory 101 d) The calculation of the greatest common divisor takes several steps: 55=134+21
34:1o21+13
21=l13+8
13:18+5
8=l5+3
5:13+2
3=12+l Then we need to work our way back up, successively plugging in for the remainders determined in this calculation:
1 = 3 — 2 =37(5—3)=2~3~5
=2(8—5)—5=28—3o5
=2873'(l3—8)=587313
:5(21—13)——3‘13:521—8»13
:521—8(34—21)21:3.21—834
=13(55—34}~834=13‘55—2134
e) Here are the two calculationseaiown to the gcd using the Euclidean algorithm, and then back up by
substitution until we have expressed the gcd as the desired linear combination of the original numbers.
213: 1117+96
117 21.96 + 21
96 = 421 +12
21 =1o12 + 9
12 : 1  9 + 3
Since 3l9, we have gcd(117,213) = 3.
3 =12 — 9
=12—(21—12)=212—21
:2(96—421)—21:296—921
=296~9(117#96)211‘9679'117
=11(213—117)—9117=11213~20~117
f) Clearly,r gcd(0, 223) 2 223, SO we can write 223 = s  0 + 1  223 for any integer s. g) Here are the two calculationsidown to the god using the Euclidean algorithm, and then back up by
substitution until we have expressed the gcd as the desired linear combination of the original numbers. 2347 = 19123 +10
123 = 12  10 + 3
10 = 33 +1
Thus the greatest common divisor is 1.
1:10 — 33
= 10—3 (123—1210)=37' 1073 123
= 37v(23é17 — 19.123)— 3 ' 123 = 37  2347 — 706123 102 Chapter 3 The Fundamentals: Algorithms, the Integers, and Matrices 11) Here are the two calculations~down to the gcd using the Euclidean algorithm, and then back up by
substitution until we have expressed the god as the desired linear combination of the original numbers. 4666 : 3454 +1212
3454 = 2 1212 +1030
1212 = 1030+ 182
1030 2 5 182 +120 182:1204—62 120=62+58
62:58+4
58:144+2 Since 214, the greatest common divisor is 2.
2 r: 58 * 144 =5814(62—58)=1558~1462 : 15(120—62)—1462: 15 120—2962
15 l20~29(182~120) =44120—29~ 182
: 44 (1030 —5 182) — 29 182 = 44 ~ 1030 — 249 182 441030 — 249 (1212 w 1030) : 293 1030  249 1212 = 293  (3454 — 21212) — 249  1212 : 293  3454 — 835 1212
= 293  3454  835 (4666 — 3454) = 1128  3454 — 8354666 i) Here are. the two calculationsvdown to the god using the Euclidean algorithm, and then back up by
substitution until we have expressed the god as the desired linear combination of the original numbers. 11111 = 9999+ 1112
9999 = 8 1112+ 1103
1112 =1103+9
1103: 12294—5 9 : 5+ 4 5 = 4 + 1
Thus 1 is the greatest common divisor. 1:544
=5—(9—5)=2.59
:2(11031229)—9=21103—245.9
=2.1103— 21150112—1103): 2471103~2451112
:247.(9999 ~81112)~2451112:2479999—22211112
: 24799992221(11111~ 9999) : 24689999 _ 2221  11111 3. We simply need to show that 15  7 E 1 (mod 26), or in other words, that 15  7 ~ 1 is divisible by 26. But
this quantity is 104, which is 26  4. 5. We could look for the inverse by trial and error: since there are only nine possibilities. Alternately, we could
write 1 (the greatest common divisor of 4 and 9) as a linear combination of 4 and 9. Indeed, using the
techniques Shown in Exercise 1, we have 1 = 7 4 ~ 3  9. This tells us that 7  4 ~ 1 is divisible by 9, which
means that 74 E 1 (mod 9). In other words. 7 is the desired inverse of 4 modulo 9. Section 3. 7 11. 13. 15. 17. 19. Applications of Number Theory 103 . Using the techniques of Exercise 1, we can determine that 1 = 52 19 — T 141. This immediately tells us that 52  19 E 1 (mod 141), so 52 is the desired inverse. . We follow the hint. Suppose that we had two inverses of a modulo in, say b and c. In symbols, we would have be E 1 (mod m) and on E 1 (mod m). The ﬁrst congruence says that m. divides be — 1, and the second
says that. m. divides ce. — 1. Therefore at divides the difference (be — 1) E (ca E 1) : be. — cu. (The difference
of two multiples of m is a multiple 01' m.) Thus he. E on (mod m). It follows immediately from Theorem 2
(the roles of a. l), and c need to be permuted) that l; E 0 (mod m). which is what we wanted to prove. By Exercise 5, we knew that 7' is an inverse of 4 modulo 9. Therefore we can multiply both sides of
the given congruence by 7 and obtain .7: : 7'  5 : 3.5 E 8 (mod 9). Therefore the solution set consists .,—10,—1,8,17,.... of all numbers congruent to 8 modulo 9, namely .. We can check, for example, that 48:32E5(m0d9). The hypothesis tells us that m. divides ac—bc, which is the product (a. E b)c. Let m’ be m/ gcd(c., Then
of is a factor of m, so certainly m’ [(e E b)c. Now since all the common factors of m and c were divided out
of m. to get in’, we know that m’ is relatively prime to c. It follows from Lemma 1 that m’ In E 5. But this means that a E l) (mod m’), exactly what we were trying to prove. We want to ﬁnd numbers a; such that 3:2 E (mod p), in other words, such that p divides :52 E 1. Factoring
this expression, we see that we are seeking numbers such that + — 1). By Lemma 2, this can only
happen if p I a: + 1 or pl 9: — 1. But these two congruences are equivalent to the statements Lt E E1 (mod p) and a: E 1 (mod p). a) If two of these integers were congruent modulo p, say in and je, where 1 S i < j < p, then we would
have plja. E in, or p[(j E i)o.. By Lemma 1, since a is not divisible by p, ,0 must divide j — i. But this
is impossible, since j —i. is a positive integer less than p. Therefore no two of these integers are congruent
modulo p. b) By part (a), since no two of 0., 2a, ..., (p — 1)e are congruent modulo ,0, each must be congruent to a
diFferent number from 1 to p— 1. Therefore if we multiply them all together, we will obtain the same product, modulo p, as if we had multiplied all the numbers from 1 to p — 1. In symbols,
av2e.3a(pE1)nE123v(p—1)(modp). The lefthand side of this congruence is clearly (p E 1)!  (I'D—1, and the righthand side is just (10 E 1)!, as desired. (3) Wilson’s Theorem says that (p — 1)! is congruent to E1 modulo p. Therefore the congruence in part (13) says that (—1) aP‘1 E —1 (mod p). h'lultiplying both sides by —1, we see that up” E 1 (mod p), as desired. Note that we already assumed the hypothesis that p/[a in part (a). d) If p [ a, then both sides of w” E a. (mod p) are 0 modulo p, so the congruence holds. If not, then we just multiply the result obtained in part (c) by a. Since 2, 3, 5, and 11 are pairwise relatively prime, we can use the Chinese Remainder Theorem. The
answer will be unique modulo 2  3  5  11 = 330. Using the notation in the text, we have a1 : 1, ml : 2,
a2 = 2, m2 = 3, n3 : 3, m3 : .5, e4 2 4,7214 2 11, m = 330,311: 330/2 : 165, 11/12 = 330/3 =110,
11/13 = 330/5 = 66, ill/I4 = 330/11 2 30. Then we need to find inverses y.‘ of My module in, for i : 1,2,3.4.
This can be done by inspection (trial and error), since the moduli here are so small, or systematically using
the Euclidean algorithm, as in Example 3', we ﬁnd that yl : 1, 312 2 2, m 2 1, and 114 = T (for this last one,
:30 E 8 (mod 11), so we want to solve 813.; = 1 (mod 11), and we observe that 8 7 z 56 E 1 (mod 11)). Thus
our solution is 3'; = 11651 + 2 110. 2 + 3  66 v 1 + 4  30  7 = 1643 E 323 (mod 330). So the solutions are
all integers of the form 323 + 330k, where k is an integer. 104 Chapter 3 The Fundamentals: Algorithms, the Integers, and Matrices 21. Vile cannot apply the Chinese Remainder Theorem directly, since the moduli are not pairwise relatively prime.
However, we can, using the Chinese Remainder Theorem, translate tl'iese congruences into a set of C(mgruenees
that together are equivalent to the given congruence. Since we want a: E 4 (mod 12), we must have a; E 4 E
1 (mod 3) and .7: E 4 E 0 (mod 4). Similarly, from the third congruence we must have .7; E 1 (mod and
.‘L' E 2 (mod 7). Since the first congruence is consistent with the requirement that a: E 1 (mod 3), we see that.
our system is equivalent. to the system .1: E 7 (mod 9), E 0 (mod 41), :r, E 2 (mod 7). These can be solved
using the Chinese Remainder Theorem (see Exercise 19 or Example 6) to yield 1: E 16 (mod 252). Therefore
the solutions are all integers of the form 16' + 2521:, where ft. is an integer. 23. We will argue for the truth of this statement using the Fundamental Theorem of Arithmetic. What we must
show is that 77211713   m,, la. — I). Look at the prime factorization of both sides of this proposition. Suppose
that p is a prime appearing in the prime factorization of the lefthand side. Then plot, for some 3'. Since
the refs are relatively prime, 2) does not appear as a factor in any of the other 'n'n’s. Now we know from the
hypothesis that m, {o— b. Therefore a E 15 contains the factor p in its prime factorization, and 1) must appear
to a power at least as large as the power to which it appears in in]. But what we have just shown is that
each prime power p" in the prime factorization of the left—hand side also appears in the prime factorization of
the righthand side. Therefore the lefthand side does, indeed, divide the right—hand side. 25. We are asked to solve the simultaneous congruences :z: E 1 (mod 2) and E 1 (mod 3). The solution will be
unique modulo 2  3 2 6, By inspection we see that the answer is simply that 3;" E 1 (mod 6). The solution
set is . . , 11, ‘5, 1,7, 13, . . 27. a) We calculate 23'10 = (210)34 E 13‘1 : 1 (mod 11), since Fermat’s Little Theorem says that 21n E (mod 11).
b) We calculate 23"lU : (25)“ : 3268 E 168 : 1 (mod 31), since 32 E 1 (mod 31).
c) Since '11 and 31 are relatively prime, and 11 ~31 : 341, it follows from the first two parts and Exercise 23
that 23‘10 E 1 (mod 341). 29. a) By Fermat’s Little Theorem we know that 5‘3 E 1 (mod 7); tl'ierefore .51998 ~ (5‘3)333 E 1333 E 1 (mod 7),
and so 52003 : 55  51998 E 3125 1 E 3 (mod 7). So 52003 mod 7 2 3. Similarly, 5‘0 E 1 (mod 11);
therefore 52000 = (510)200 E 12”0 E 1 (mod 11), and so 52003 = :33 ~ 5200” E 125 1 E 4 (mod 11). So
52003 mod 11 : 4. Finally, 5"2 E 1 (mod 13), therefore 51992 i (512)165 E 1‘66 E 1 (mod 13), and so
52003 = 5” 5199? 2 48,828,125  1. E 8 (mod 13). So 52003 mod 13 = 8. b) We now apply the Chinese Remainder Theorem to the results of part (a), as in Example 6. Let in :
7 11 13 = 1001, M, : m/7 = 143, ill/[2 2 arr/11 : 91, and 11/73 : m/13 : 77. We see that 5 is an
inverse of 143 modulo 7, since 143 E 3 (mod 7), and 3 5 = 15 .E 1 (mod 7). Similarly, «'1 is an inverse of 01 l l l module 11, and 12 is an inverse of 77 modulo 13. (An algorithm to compute inversosﬂif we don‘t want to
find them by inspection as we’ve clone here4s given in Theorem 3. See. Example 3.) Therefore the answer is
(31435 +zl914 + 877 12) mod 1001: 10993 mod 1001: 983. 31. First note that 2047 = 2389. so 2047 is composite. To apply Miller’s test, we write 2047~ : 2046 : 21023,
so s = 1 and t = 1023. “la must. show that either 21023 E 1 (mod 2047) or 21023 E —1 (mod 2047). To
compute, we write 21023 : (2“)93 : 204893 E 193 = 1 (mod 2047), as desired. (We could also compute this
using the modular exponentiation algorithm given in Section 3.6% see Example 11 in that section.) 33. We factor 2821 2 7 13  31. We must show that this number meets the definition of Carmichael number,
namely that 0252” E 1 (mod 2821) for all I: relatively prime to 2821. Note that if gcd(b,2821) : 1, then
ged(b, 7) gcd(b,13) : gcd(b.31) 1. Using Fermat’s Little Theorem we find that 1:5 E 1 (mod 7),
by2 E 1 (mod 13), and b30 : 1 (mod 31). It follows that $352" : (b10470 E 1 (mod 7), 17282“ : (b12)335 E H
H Section 3. 7 35. 37. 39. 41. Applications of Number Theory 105 1 (mod 13). and 0232” : (WOW 3 1 (mod 31). By Exercise ‘23 (or the Chinese Remainder Theorem) it. follows
that (32520 :— 1 (mod 2821), as desired. a) If we multiply out this expression, we get n. : 1290M3 + 396m2 +36ni + l . Clearly 6m [ n. m 1. 12m  a, 7 l ,
and 18m l n. — 1. Therefore, the conditions of Exercise 34 are met, and we. conclude that n. is a Carmichael
number. b) Letting m : 51 gives u. : 172,947,529. We note that 6m. + l : 3307, 12m. + l :— 013, and 1.8m. q‘e 1 = 919
are all prime. It is straightforward to calculate the remainders when the integers from 0 to '14 are divided by 3 and by .5.
For example, the remainders when 10 is divided by 3 and 5 are 1 and 0, respectively. so we represent 10 by
the pair (LO). The exercise is simply asking us to tabulate these remainders, as in Example. 7. 0=moJ 32mg) 62mg) sza) 12:me)
lznn) 4:04) 7:02) rezpe) iszne)
2:92) 5:0e) 8:95) iizmn) 14:99) The method of solving; a. system of congruences such as this is given in the proof of Theorem 4. Here we have
m1 2 99, leg : 98. U13 : 97', and 7114 : 95, so that m : 99  98  97  95 : 89403930. We compute the values
11:11. 2 “re/mi. and Obtain 1111 2 903070, 111; 2 912285, 11/13 = 921690, and 1114 : 941094. Next we need to
ﬁnd the inverses yr. of 1le modulo iii,1... To do this we first replace each Mi, by its remainder modulo ml. (to
make the arithn'ietic easier), and then apply the technique shown in the solution to Exercise 7. For 1.: : l we
want to ﬁnd the inverse of 903070 modulo 99, which is the same as the inverse of 903070 mod 99, namely
91 . To do this we apply the Euclidean algorithm to express 1 as a. linear combination of 91 and 99. 99:m+s
91:1r8+3
8:2s+2
3:2+1
21:372 :3—(8~2'3):33e8 :3(911l8)k8:3‘917348 2391—34(99—91):379173499
We therefore conclude that. the inverse of 91 modulo 99 is 37', so we have yl : 37'. Similar calculations show
that W = 3.3, 213 : 24, and 1J4 : 4. Continuing with the procedure outlined in the proof of Theorem 4, we
now form the sum of the products Okl‘i'fkyk, and this will he our solution. We have 05 903070 ‘ 37 + 2 9121285  33 +51  921090  24 + 10  941094  4 : 3397886480. We want our answer reduced modulo m, so we divide by 89403930 and take the remainderf obtaining 537140.
(All of these calculations are not (liﬁicult rising a scientific calculator.) Finally, let us check our answer:
537140 mod 99 : 05, 537140 mod 98 :' 2, 537140 mod 97 : 51, 537140 mod 95 I 10. One can compute ged(2“ ; 1, '20 e 1) using the Euclidean algorithm. Let us look at what happens when we
do so. If D 2 1, then the answer is just 261 — l. which is the same as ZEC‘ILU'E’) — l in this case. Otherwise, we
reduce the problem to computing gcd(‘2l’ * 1, (2“ — 1) mod (‘20 i Now from Exercise 40 we know that
this second argument equals ‘2‘1 "“3d 0 — 1. Therefore the exponents involved in the continuing calculation are
l) and a. mod l) c.xaet.ly the same quantities that are involved in computing}; gcd(a,b)i It follows that when the process terminates, the answer must be 23°‘1(“=b) — l, as desired. 106 43. 45. 47. 49. 51. Chapter 3 The Fundamentals: Algorithms, the Integers, and Matrices Let g be a (necessarily odd) prime dividing 2P — 1. By Fermat‘s Little Theorem, we know that (1129—1 — 1.
Then from Exercise 41 we know that gcd(2i" — 1, 2"‘1 w 1) = 2g°d(p"7‘1) — 1. Since q is a common divisor of
2"” — 1 and 2?” ~ 1, we know that gcd(2'p * 1,2‘1—l — 1) > 1. Hence gcd(p, q R 1) = p, since the only other
possibility, namely gcd(p,q ~ 1) 2 1, would give us gcd(2p  1, 2‘3‘Jl — 1) : 1. Hence p I q ~ 1, and therefore
there is a positive integer m such that q — 1 = mp. Since q is odd, m must be even, say in = 2k, and so
every prime divisor of 23" r 1 is of the form 21:11 + 1. Furthermore, products of numbers of this form are also
of this form, since (2km + 1)(‘2k.2p + 1) : ﬁlls2102 + 2km + 2kg}; +1 : 2(2k1kgp + k1 + 132)}; + 1. Therefore
all divisors of 2" — 1 are of this form. Suppose that we know 71. : pq and (p — 1)(q — 1), and we wish to find p and (,7. Here is how we do so.
Expanding (p ~ l)(q — 1) algebraically we obtain pq — p — q + 1 = a — p — q + 1. Thus we know the value
of n — p — q + 1, and so we can easily calculate the value of 'p + q (since we know But we also know
the value of pq, namely n. This gives us two simultaneous equations in two unknowns, and we can solve
them using the quadratic formula. Here is an example. Suppose that we want. to factor n. = 341, and we
are told that (p — 1)(q — 1) = 300. We want to ﬁnd ,0 and q. Following the argument just outlined, we
know that p + q : 341 + 1  300 = 42. Plugging q : 42 — p into pr; :2 341 we obtain p(42 — p) r: 341,
or p2 — 42p + 341 = 0. The quadratic formula then tells us that p = (42 + : 31, and so
the factors are 31 and 42 — 31 = 11. Note that absolutely no trial divisions were involved here—it was just straight calculation. This problem requires a great amount of calculation. Ideally, one should do it using a computer algebra
package, such as Mathematics. or Maple. Let us follow the procedure outlined in Example 12. We need to
compute 0667Q37 mod 2537 = 1808, 1947937 mod 2537 : 1121, and 0671937 mod 2537 : 0417. (These
calculations can in principle be done with a calculator, using the fast modular exponentiation algorithm, but
it would probably take the better part of an hour and be prone to transcription errors.) Thus the original message is 1808 1121 0417, which is easily translated into letters as SILVER. When we apply the Euclidean algorithm we obtain the following quotients and remainders: q1 = 1, r2 : 55,
q; :1, r3234, (13 :1,r.1=21,q4 :1, r5 :13, (15:1, 73:8, qﬁ =1, T725, (1721, r3 :3, q5 = 1,
7'9 : 2, gig : 1, 710 = 1, gm 2 2. Note that a = 10. Thus we compute the successive 3‘s and t’s as follows,
using the given recurrences: 52:30”q131:1—1‘0:1, t2=t0mq1£1=O—ll:41 33:v3[—q232:0—1'1:—1, t3=t1—th2—1—1(—1):2
54=SQ~q333:11(~1):2, t4=t2~q3t3:—1~12=—3
85—83—(1484——1—12=—3, f5=£3—Q4t4=2—l(—3):5
36:54—(156'522gl'(—3)=5, t52t4—q5f.5———3—1‘5=—8
37:35—qesg:~3—15:~8, t7=t5—q6tg:5—l(~8)=13
33:36~q737~5—1(~8):13, tg:t5—q7t7:—8—113=21
59:37—q533z—8—113:«21. t9=t7—qaf3213—1(2l):34. .910 : 35 * (IQSQ =13 * l. ‘ (—21.) = 34, tm Zia — C]th : —21 — l ' 34 : m55 Thus we have 310a. + tmb = 34 144 + (—55) 89 : 1, which is gcd(144,89).
We start with the pseudocode for the Euclidean algorithm (Algorithm 6 in Section and add variables to keep track of the s and t values. We need three of them, since the new 5 depends on the previous two 8’s,
and similarly for t. \Ve also need to keep track of q. Section 3. 7 Applications of Number Theory 107 procedure extended Euclidean(a,b : positive integers) :t := a
y z: b
oldolds :: 1
aids :2 0
oldoldt :: U
oldt :2 1
while 1; U
begin
q : :L‘ div y
r :: mod 1;
1' z: y
y : f.
s '2 oldalds — q. aids f. :: oldolo’t E q oldt
oldolds :2 olds
oltloldt z: oldt
aids :: s
oldt := 6
end {gcd(u., b) is w, and (oldolds)a + (oldolrlt)b = :r} 53. we need to prove that if the congruence 9:2 E a (mod p) has any solutions at all, then it has exactly two solutions. So let us assume that. s is a solution. Clearly is is a solution as well, since (Es)2 : .92.
Furthermore, Es E 3 (mod ,0), since if it were7 we would have 25 E 0 (mod p), which means that pl 23. Since
p is an odd prime, that means that p l s, so that s E 0 (mod p). Therefore a E 0 (mod p), contradicting the conditions of the problem. It remains to prove that there cannot be more than two incongruent solutions. Suppose that. s is one
solution and that t is a second solution. We have s2 E t2 (mod p). This means that pls2 — t2, that
is, pl(s + i)(s E it). Since p is prime, Lemma 2 guarantees that pls — t or pls + t. This means that
t E .9 (mod p) or t E —3 (mod p). Therefore any solution it must be either the ﬁrst solution or its negative.
In other words, there are at most two solutions. 55. There is really almost nothing to prove here. The value depends only on whether or not u is a quadratic 2 E a (mod 33) has a solution. Obviously, this depends residue modulo ,0, i.e., whether or not the equivalence .2:
only on the equivalence class of a modulo p. 57. By Exercise 56 we know that E ¢5i(1""1}/2l)(l""”/2 = (e.l;v)(1”1)/2 E (mod p). Since the only values
either side of this equivalence can take on are :i:l , being congruent modulo 1) is the same as being equal. 59. We follow the hint. Working modulo 5, we want to solve 3:2 E I . It is easy to see that there are exactly
two solutions modulo 5, namely .7: : 2 and :17 = 3. Similarly there are only the solutions a: = 1 and .7: : 6
modulo 7. Therefore we want to ﬁnd values of {r modulo 5 i 7 = 35 such that a; E 2 or 3 (mod 5) and .1: E l
or 6 (mod 7). “lo can do this by applying the Chinese Remainder Theorem (as in Example 6) four times, for
the four combinations of these values. For example, to solve .9: E 2 (mod 5) and :r E 1 (mod 7), we ﬁnd that
m. = 35, M1: 7, M2 = 5,311: 3, y; = 3, so .7; E 2  7  3 + 1—53 2 57 E 22 (1110(135). Doing the similar
calculation with the other three possibilities yields the other three solutions module 35: :1: 2 8, a; 2 l3, and
a: : 27. 61. Suppose that we use a prime for a. To ﬁnd a private decryption key from the corresponding; public encryption
key 6, one would need to ﬁnd a number (1'. that is an inverse for e modulo nE i so that the calculation shown
before Example 12 can go through. But. ﬁnding such a d is easy using the Euclidean algorithm, because the 108 Chapter 3 The Fundamentals: Algorithms, the Integers, and Matrices person doing this would already know n — 1. (In particular, to ﬁnd d, one can work backward through the
steps of the Euclidean algorithm to express 1 as a linear combination of e and n — 1; then d is the coefficient
of e in this linear combination.) The important point. in the actual BSA system is that the person trying to
ﬁnd this inverse will not know (1) — 1)(q — 1) and therefore cannot simply use the Euclidean algorithm. ...
View
Full Document
 Spring '09
 Ming

Click to edit the document details