2016-01-05 14:51:37 1/6 Course notes (2/11)

&
:{
easy

n
:
theory

2016-01-05 14:51:37 1/6 Course notes (2/11)

 ear dropping
→

2016-01-05 14:51:37 2/6 Course notes (4/11)

 Shift cipher .

2016-01-05 14:51:38 3/6 Course notes (8/11)

 plaintexts
→ ciphertext .

2016-01-05 14:51:38 4/6 Course notes (9/11)

2016-01-05 14:51:38 5/6 Course notes (10/11)
 A • -

B A a. e

•
C
- - o

D
- • a

I
•

F
0 a - a

G - - .

H a e o o

I a o

a - - -

J
K
L

In
N
O

A B C D E F G It .
I J K L In N 0 P Q 2 S T U V W X Y Z P
Q

as
.

Y
ASC 22 : American Standard Code
X
Y

for information interchange z

2016-01-05 14:51:38 6/6 Course notes (11/11)

 1043=1 mod
12 .

Modular Arithmetic .

z mod 26 .

modular m .

>
#
M O
extra numbers .

Zm= foil , 2 .
-
- -

m -
I
} remainder upon
division by
m
.

PEEL
addition BE 7km atb remainder mod
define the
of atb
ai
; is m
, . .

: III :÷ :* :!
m
"

30=26-14
.gr#*in..pw.::::::::i::tn .

↳ mod is
(
' '

Knud 26 a=b m a
congruent
zo=
b and
)
"
to m

2016-01-05 14:51:38 6/6 Course notes (11/11)

 mod 26 ? 23
Q what -3
.

; is

A -

b multiple of at -_m

Example :
Shift cipher

p=C=k=Z④zg
A th mod 26
encrypt ; for XEP , KEK ,
eklx ) -
. .

decryption .

.
For
ye c. kek . day )=y - k med 26 .

Verify for HEP dkleklx ) ) dklxtk ) cxtk ) k=X

-

; -
-
, - -

"
( all mod 26

Example .

HELLO

Okita
Yola
→ 14

21182525
in texts
k
.

, × text .

V s K -44
2 -2 C cipher texts . .

Problem : There are only 26 keys

In Eve the ciphertext VSZZE

the example ,
if receives .
2) The Substitution Cipher .

The P=C=#Ez6

the characters A. B -23

keys Ki f all permutations a
of . . .

In shift cipher ,
we used a

¥41231
B c D ' .
-

x y z
-
.
.

D I I G It
' - -

A B c .

cyclic
cyc.licpermueotion-egfork-3.FI (A) =D I LBK Tcl Z )=C
another I E - . .

notation ,
.

We allow
arbitrary
now
permutation .

A B D E F
IT
C
G
I
-
-

E F U A Q -
- -

H
G

TIITUXD
X
For daleth da Calx ) )
=

Verify =p )) =
x =
.

:
.

TL Ut ) -
-
E Ill 37--7 .

'
a- CE ) -

-
A .

in Substitution cipher ?
How
many keys
permutations of 26 letters A Z
.

How the .

many
- -

26 ! Factorial .

"
> Io

Substitution cipher has been used and considered safe for many gentries
 HEERA'S .

P =
C = Zm .
m > o
,
( For AB ,
Z , use m
-

-
26
?

) I
{ a.be#im god calm }
=

K =
La . b) I ,

+
.

\ divisor
greatest common

Fox the 'd 82 .

For Kha b) .
,
.

define encryption ekcx ) =

ax t b mod m .

acxtx
'
) tax tax
'
mod m .

decryption dy ly )
-
-
at Cy
-
b ) mod m .

dgleklx
dylaxtb X. modm
' '

Verify )) ) a- C Laxtbs bi ) a- ax
-

.
= -
-
= -
-
.

on

.
For a. b ,
in Im ,
define at b. a -
b ,
← result of usual

operation after
remainder mod alarm
taking
-

¥.
rk fine

Kisumu
.

a
bit problematic .

26
example : m -26 '

.
7.18=126--22 mod .

Consider : 213--26=0 mod 26 .

a =L to be .
 We still have rules like a Cbtc ) -

- abtac mod m .

'

|Divia Problematic A/b b-

-
-
a.

number b in Zm is called invertible if these

Definition :
a

"
number such that mod
'
is to in Im b
-

a .
to =/ M .

And 6-1 is called the inverse of b mod m .

"
So 15=7 mod 26 .

a number a in Im is invertible modem .

it and only if gcdca) ,

m
=/

Affine -
Cryptosystem
-
:

invertible modem bin Im

P = C =
Im ,
kfcab) , I
a ,
)

Key = Kea . b) .

encryption excxkaxtb
axtb
:
x →
.

'
decryption : dy Cy , = a- CYb )
-

}
-4 we
get shift cipher
How many keys
For a , .

"

less than m
 C Z 226
A 13 m
-
- -
.

O I
2 - - -
25 .

ACTIVITY ;

1) choose a secret word 14-5 letters ) .

4
Encrypt it affine cipher m
-
-
26 ,
key -45,10 )
using
.
.

3) with neighbour
Exchange your .

W E K X
-
 ABC DEF G H I J K L MN O P Q
0 I 2 3 45 6 7 89 to 11 12 13 14 IS 16

RS T UV WXYZ
P 18/9 20 2122 232425

S 18×51-10=100/26 = 22 . W ,

E 4×5-110=30/26 = 4 .
E -

A O +10 = 10/26=20 .
K
N 13×5-110=75/26--23 .
X

WDF .
D :
3 I .
55 .
9

5. J .
Z . F; I .
31 57 83109
- 135 .

25

x
to Axtb
↳ I
.

I
To
. +26

13 39 65 K¥
26 -

y
④ ad
I .
Note the inverse in 7hm is bet dm
of No a
-

me
-

some a
- .
. .
.

need not exist ( number a

The inverse me
every is

invereible ) but

ifitexi-4-rt.swuque.su
we had two such no bi db
p pose
.
a

dm and bz
a. b ,
= , me a -

= I mod m .

Then b b- be med
,
= b
,
.
I =
big = m -

Have bi-bz.ba.ba .

-
a) shift Cipher . 127 substitution Cipher

⑦ Affine Cipher th Hill cipher .

f- L .
Hill 794
-

Hill Cupid :

p integers .

D= C = C 7↳Dm
,
some m > o
.

[ Vectors Lbhouks ) of m . numbers mod 26 .

in 226
with entries
keys k= f CA ,
s ) I D is an mxm matrix .
,

invertible med 26 S in ( Thom }

,
.
Encryption :
giver 4=42 , s ) ,
excx ) =
HATS ,

Decryption dkcxs =D - '

S
Cy )
.
-

dklexcx ) )=dkUdXts)= A- ' cants

Verify S ) x
.

. -
=
.

Looks like affine eytosystem , but this time we

deal with vectors X , s in

( 7265 A X .

÷¥i¥÷ ! ! .
.

det A associated to then matrix A

Remark is namer
.

; a

The matrix 8 in
invertible # det D is invertible modulo .

why ?
A. adj A
-
-
deed .

2mi
IF ? feud

Do C
ITA adj A) =L
'

( ad
Iet A Abcd ] = -

be .

Example : m=z .

3×8--53=1 module
I I §] det A 11×7
'
=
A
- .
-

[ invertible
-

Insist
'

ILIE
' '

A- A sub
¥ ]
=
-

↳ t 26
-3 .
 verify :
a. x' =L ; :3 .

IIs if f- to 9) =
*

example the text

:
encrypt
-

JULY If -
20 h
-
24 A
-

I} } I 5- If )
-

'
X X

ex ANTS
=L ; f) If ] I
ex ) -

Lfo ] t mod
=
TY
) 26 .

e. ex 's =

§ ] [ t Too )
'
] I If ) mod 26
=
-1313 = .

201

REMARKS :

,)
There are bits of keys for m
large
"

S E ( 2ham have 26 choices

Only for ,
we .

2) for me 1 .
we
get
the affine cipher

Hm
3)
If A =
then excx )
! %f÷ciph
Nts
-
-

'
matrix
identity day , =
y -
s
fth
century
c

4) Special case
of Vigentie
considered safe system
! )
"

total
length of
'

when unbreakable
cipher m =

centuries
the This is called
plaintext .

One-time This provides perfect security

.
 Example on Vigenore :
m
--

7 .
choose key 5=01-11772 E

S FC2.fr 8. 5,5 ,
it . 4) E ( 22617

plaintext '

some letter
"

I
"

is encrypted by different
C
if it 's position in

→ the block is different

T H LM ⑤ ①⑤ A N Ex A M P L E O F T H E V

fi
:÷÷÷÷÷÷÷÷÷÷÷÷÷±÷f""" 0 O

? ?

A B C D E F G H I J K L M N o P Q R S T U V W X Y Z
0 I 2 3 4 5 G 7 8 9 to 11 12 13 14 IS 16 17 18 19 so 21 22 2324 25
 used nowadays AES C advanced standard )
cryptosystem :
encrypeion .

One -
time Pad :
long I . .

is 128 bit
key length .

Public key .

. change passwords through safe way .

DES 4970 -

sooo
)
Before
.

t 't
key length ,
64 bits =
56 t 8 control bits It raw

In 1964 ,
the most powerful computer
↳ teacher 's
birthday .

Cray CDC
supercomputer :
( 8 million $ )

500 KFLOPS 105

5
)
=
ops see
.

't
Nowadays ,
Supercomputer : ~ to FLOPS

"
control 1034
AES : 128 bit = 112 bit t 16 .
£ keys =
945K¥24 .
5 Some number
.
theory
b carb ) division
a.
integers ,
god greatest common .

the number d d la and dlb

is satisfying is
.

←
d divider ,
a
is a
multiple of d .

↳ Whenever Ha and Hb .
then eld .

prime
not prime
I t
Cd be 00003 0000017=1
g
.

,
I

Compute god with EuelideanAyoniehm\ 1-

2000003=2 . I oooo ol tf → god .

← v
I
I oooo ol I
1000001 .

I to
Euclidean Algorithm .

lnput ;
=
Given : a > b > o
,
integers .
blog
↳ b does we divide a
 the scheme of divisions with reminder
Compute following
.

amodb a- fab + the with OE K s b

K ← .

b
fear
=
b. ← b mod r .
/ . tr ,

Vy ← r ,
mod r
, VE first Vy
4
.

I I
I
,

rnc-rn.rmdrn-ltn-i-fenirn.it rn

Vn =
Gn th
, -

until rn , ,
=0 -

OUTPUT ,
god La , b) =
rn .

is the ged
Lab ) ?
Why rn

divisor b ;
D rn is a common
of a ,

tenth Vnlrn rnlb

→ k
la
→
-
i -
r
.

upwards

-
2) tha , -43 ,
told ? or
-4 rn .

↳
tea .
-

f. b) = ra
-4lb -

girl =
23

Conclusion : rn b ,
=
gcdca ,
,
example .

I 237 a -

-7321 b - 4836 .

7321 = 4836 t 2485

)
.

step
I

4836 =
2485 + ↳ s ,

2485 = 235 I t 134 ) 2

}
2351=1*134
)
t 73 .

134
) 4
=
73 t 61

73 61 2
) 5

=
t * '
b
)
61 = 60 t
① → god
fo = to to . ) 7

The dye b > ra > b > - -

-

so
stops

time Fix number of divisor steps

7-
winning
analysis .

.
n

?
what the smallest number a that
requires
n
steps
is

Worst all
scenario for Euclidean Algo of I
-

:
case
-

:* : :*
a=b the

:: : : : :
÷÷÷ : .
f
Vn ,
= Th -

I t th
,
for h =L . 2 ,
-
-
-

Fibonacci numbers :
Fn = In .
it In u
rn
.

=
,
 Good news i Fibonacci number
grow exponentially .

Fix the number n division steps for EA Then the

of
,

smallest numbers Laib ) that require n division steps are Cfn . Fri )

-
w#n#¥-Fs -

II k¥5 )
n
In Let Gold ratio OI
-

(
-

- :

HII
i
where 4 -
-

I 1.618 -

l = I
,

Fn Offs Compute IF ( Iot ) risked .

.

Fn =
IF Ion hegFn= n.bg#-Io=nhgoI .
cis constant

the number of division steps of EA is bounded by by car

bn each division step how needed ?

,
many operation are

integer
- tabby
1234567 :
7 range Eu
.

a- -
an

¥34,1 running time bounded by bga )

(
.
,

Conclusion :
EA is 0 Chg af
,
( bounded
by c .

Ilyas )
b
for input
a >
quadratic time algorithm efficient
every ?
.
 bra
example : a -7321 .
log ,oa=4 -

=
Sff logger .
- - -

Him :
ASA cryptosystem .

Need ; EA →
god c a. b ) .

'

→
a-
mod m
EEA
.

compute
T
time
on running
focus
.

extended

CRT .

format
.

EL
BezTh b
@zLtbzdzEdd-gcdca.b
a. , non - zero ,

Notation : d7I= { xd )
x in 2) =
f -
- -

,
- d. o
,
d. zd .
3d -
-
-

aztb2-faxtbylx.gr ink } .

In particular :
d=fcdcaib3=ax- by for '
some x.
y ink .

TT
Beaut -
coefficients .

3) =/
22-132=2.1
gcdez
.

example :

52+72=1.2 fades 71=1 ,

.
 Question -

. How to
find the inverse at of same number a mod m ?

Example : 15,7=1 mod 26 .

7=1-5
- I
mod 26

What the inverse 15 mod 1000003 ?

is
of
mod 10%1 ?
①
i. a mod m ⇐ a- is the inverse of a mod m .

a-

mod ?
What are the invertible elements m

invertible in od m }
Notation : Zin = { a
E Im I a is .

IF 15 '
7 19 21 23 A }
{
'
11
7,9
.
= , ,

3,5
,

I
,
,
.

,
,

THENh :

in For any integer

m 71 ,
Zin -

-
for I
fed calm ) =L
) ,

number
ZE 2mW ) s m
prime
.

②
=

far 3.43
[ ZE -

-
.

2.3=1
mods
looks like A Q G ,
i. , ,
med 5
f- C- I ) 4.4=1
held
.

Im is a .

C- I .
-
I )

PROOF : d) a EZE ⇐ a invertible mod m . there is a inverse

It mod
I
↳ a . a- m .
⇐ a . at -
I = x. m
for X E I

I
'

⇐ aca t XL met
-

⇐
-

I
god ca m
)
-
-
.
 't

Parl L2 ) Im Iml
5035¥ For Isa
=
Em
t.gcdea.ms I
-

any
-
-

⇐ mis prime

Example : Is 8 invertible mod 2029 ?

Q '
18 8 is invertible mod self
) fed neg ) =/ Therefore
Byu
.
's , .
.

Qr : what is the inverse ? We use

Rezone 's Theorem
:

81201977 write f- sixths y

gcdc therefore can
.

, , .

mod
a 1=8 . X
self
the inverse
of 8 mod
the Begone -

coefficient x is
soy

Tenchi dean
Qs .
Lee 's find the god is , wtf )
using Algorithm .

2019=252
'

8-138=2-3-12 fi inverse

3=1.2+10
-
god .

Looking for
numbers ix.
y ,
such
¥4 that I = Six t sexy .

iEaro
I =3 .

Golf -
8. b- a ) - 8=3.2019 .
-

(3.52+1) f .
 mod 2019
we find 1=8 -
C -

757 )
2019-2-2 .

So the inverse of s is 1262yd self

S 1262--10096=1 mod
self
.

EEA -_
Extended Euclidean Algorithm .

to > ri > o
integers
Inp hi
-
.

EA to -

far th
Compute : ,
-

8, =
fifths .

rn : -

f. * rn . i → god .

Vm , =
fnvn .

Vitro
with O L rn Crn -
is .
. -
<

two numbers .si

sequences of
ti
plus compute ,
,

too til
ti-ti-z-fie.ie ,
-

So -4 S,
, Si =
Sir -

fi . i Sit

Output :

gcdcro.ril-rn-snrottnrigcdca.b-xatby.EE/t--0Choga5
 2019=25
8-138=2-3-12
'd
s -
I 2+10 8 5=252×2+1

0 I 2 3 4
Stop

Vi self 8 3 2
I

Gi -
252 Zo I

ti 0 I -252 505 -757 .

Si I O 72
I 3
D o
I
O - 1×2

RSA encryption
-
:

To do ; CRT ,
phi -

function Fermat 's little Theorem

↳ Chinese Remainder Theorem C appeared in

point in Chinese text

years ago )
→ ooo

X - a mod mi .

Given numbers Mi I Mn Ms ' - -

Mr .

Which are relatiii-Y-pn.me ( that .

is , god Cmi ,
my'D =/ for
Then the
of simultaneous
congruences ifj
system
.
 X = a ,
mod m ,
,

Xz
'

-
armed Mr

Hr -
-
armed Mr .

solution modules M=M uh Mr

- -

X
-

Was
.
,
a
unique

where where
X ai
Mif t
army -1 as
Mryr
-
- -
=
,

Mi
-

-
MMT
,
Mihm -
- -

Mr =
¥ .

'
and Yi -

- MI mod mi

Xel mods Miz

Example :
System
XE meds fad ( Mii
Mj ) =/
may }
.

X =3 mods -5
my it
j
-

X = 4 mod 7 .
my -7 .

There is a solution X and X is Modula Ma 3.57=210

unique
.

Find X ; X =
I .
105 't -12.70 -
I
-13-42-31-4.30 '

4=1103 .

"
253 mod 2/0
Ai It , Mi 705 .
1=4--105 modz .

A 2 79 "
ME 1=45-70 mad 3 .

'

as =3 Ms 4L 27-43=45
'
meds 2- mods
-
.
=3 .
.

All
-9 , My -70 .
44--30-1=2-1 .
mod 7 2-1=4 mod
f
 Euler 's phi
-

function :

Yi IN → IN defined by

=/ 2m*/ number elements in Zm which

of
Cfm are
a

invertible modem .

For example 4661=12

2¥ =
fl 3,517.9
, ,
11 , 15 , 17,19 ,
21 ,
23,253 .

Cfcs ) -

4 .
When P is a
prime
number ,
2p*= 2PM .

↳ 943=174*1 =p -
I

26=2.13 duty 45131=12 .

4cL ) 443 ) . -42 .

Faoe;lfp.qpnme9cpqs=94ukCP-DlWLpIg
Ucp f ) counts invertible elements mod Pfe
Proof : , .

-
-

I , 2 ,
3
-
- -
, I
Pfe ,

qif--pfp
multiple of multiple of he
3
p sp
-

p Pfe
- - -
-
- -
- -

q multiple of
#
p
.

hey are not invertible mod Pq .

Pt G- I numbers .

cecpqy -42¥ f- Pfe -

Cpt f -
D= Pfe -

p -

feel =

Cp -

hCG -
I
) .

all non - invertible

4cg ) =
413.3 )

| Shri
4.5.7831
-

-
f not horses -

hey
 fEmo¥mf -
tee p be prime .

Then XP mod all

c I ) ex
p for X
-

.
,

'
XP
-

② I
medp for
e
all
.

such that does not divide X

p .

PROOF :
⑦ i

Show part 2 .
Assume PXX Cp doesn't divide X )

Then the numbers x ax 3x DX are all different mod

Lp p
-
- .
,
-

, ,
.

↳ in mod P
why ? tf jx in
j e D impossible i
j
-
- -
-
i. p
.

[
-

then ii
j, mod divides a divides Ii
x p p ji x p j
-
-

,
-

Therefore Fx 2x 2x -
-

DX ) G. 2.3 - - -

I
) prod p
Ep
-

p
-

, , . , = , .

all numbers in each set

multiply .

'
XP Cpt ! mod
) CP ) !
P
= -
I

it
XP I mod p is invertible med
= c P is ! -

P .

Fermat 's Theorem

x2ey~= Er has solutions ,

3 , 4.5 ,
5.12.13 .

they
" "

Z has solutions try positive integers when 33

-

-
no n
.
Hes H Wile found a
proof
.

,
,

little Theorem med whenever

Fermat 's : XII .
3
3Xx
1h44 mods whenever Sfx

" " ' b

modi
'

Compute 7 ,

't b
Mt
If mod y =
76 mod 't = 4
.

'

Tba
'

22.7 .
7 = f. 5.5--125=0 med it
,

72-omod.it
-

die is the inverse of eye .

Remarks .
.

Diffie and Hellman gave no concrete examples of a

public key

cryptosystem
.

RSA Cryptosystem :
-
-

Fix two prime numbers p

.

q .
n
-

p
.

of .

P=C =

In .
Keys , K=Sk
-

-
in , pig .
a. b) }

where h =p
.

f .
a
invertible mud 4cm
,
y Ln )= Cp -

D ( of
-
-
I
) abt modeling
 Ewa Xb mod nite
encryption
: = n . Er
requires public crib ) .

decryption ; day ) = Ya mod n .

private :( P .
f. a -7

Verify : dkcekcxs )=dkCXb)=Xba mod n

t " M
"
ab -4 mod yen ) =
X mod n .

⇐ abt tt .

Yon ) =
X .
Xt " " '
mod n .

' % "
=X .
XM tmodnn-p.fr
-
.

at a
'

/ =X mod n
Fermat 's Theorem :
.

"

x'
e

modp
I
.

mod
} pg
My money Pf
.
-
-
n .

Encryption ,

"
Compute X mod n
Example ; ,
, ←
D ⑥
I €
21--1-14+16=1+2424 binary expansion
-
o

q
.

ya =

x1t4ttb.zxl.cx34f@x2j2TTComputeix2rmedn.zcX5modn.cex

m.dn.dz square
.

'M
'

( C airs 's modn .

 invertible
Compute god -6 see
if it is .

Can use IFA to compute inverse b of a .

YZ p -101
q= 103

4cm -40200
a -413 b= 5777 .

A
10403
=

Message
No b -

5777 :
5777--242142 ?

Ek 43 )
-43*777
+27-124*20
145=2
 n -_ 10403 N O
385360
13 14
468
.

*
( 14h )
1357 mod 10403 603639169
,
,

=
a -4174
"
"
"
+242426+2 .

t.tt?i
5=7478
.

145171920€14
145777 mod 10403

'
445*66.142*2

27804926
.

µ
'
6=2177953
651 .

320-1320

=
.

9798 mod 10403 .

"

#txu4 14 e.
H2o mod 10403 .

x 9798×10308 #
3738
he = - -

- 4A =
.
1415 -
-
-

141% 1415
'

14240=14153 -

-
His
.

2214=7374.0 l4'92
 Fest method to compute xbmodn is "

square & murti ply

"
Method .

1) write binary expansion of b -401

b -
- lol = 641-32-14+1=26+25-122+3 .

D-
Compute iterated squares .

3) Then compute
.

RSA
Security of cryptosystem .

"
Eve b mod yen ,
tf for ) is known then can
compute a
-

and decrypt the ciphertext ,

f p f c-
prime
'

p
PM
- .

n
Suppose
-
,
i
.

Then farbraseriion of n known # 4cm known .

( nap
q )
.

Prot Assume
' ' "

in =p q
.

.
Then 4cm -49-1142-1 )

I know can ?

"
⇐
"
Assume some grade tells me fun ) .
2 also know

" Yet )
n ,
and mathematics tells me ,
n
-
-
p.ge .
6lb

=P he -449 e) t I c.pt f) =p tl -

ten ) .
known ptfis known
 The polynomial x2-lptfpxtpq-cx.pl Cx -

f)
So
P&G are .
the zero
of the polynomial Xihptfsxth .

factoring n # computing eons break ask .

Rabin cryptosystem :

mod 4
to =p f prime p =3
.

p.ge
.

n .

& G =3 mod 4

19
example pet .
. PFI .

f- G- In ; K -
-

fun .ph/n--Pb }

p
! t
private .

:
Ki→x2 modn
Encryption

Decryption ; y , →
"

Jy
"

mod n .
6 possible plaintext Xin Xy

Ty mod
' ' ' '

Then -6 compute n ?

the PET
mod
Compute following :
Zp=y n

Zg y 4¥ -

-
mod n
.
 sede for systems of -
?
mod p and X , mod med )
q
c
Xi Zp unique X n
=

Zq
-

as ,

Xz mod and mod mod

↳ =
Zp p xz=Zq f
C Xz n )
-

. unique

(3) Xs =

Zp mod and XE mod

p Zay
-

of .

↳ Xue Zp modp and Xue

c
Zqmodfe
-
-

Each these
four mods xa.az Xie is a
square
of , x , , , .

of mod n
not
y
.

mod not of
Verify :
yer n .
x , is square y xi=yL xI ,
I
=zf=y¥=x
'
" I
* =
x =
x
-
mud p .
xixmodn
I format
g.)
'
Ip mod HEY modn .

X
fi
-
-
- - -

-
-

,
.

the roses Xxxx

door
plaintext
x is one of four possible square

In
practice . we hope only one of x , nxy gives resonate

plaintext .
 Example : p -3
-

.
6=7 .
n -

-4

42--4 mod 21
x=z y
-

- ,
,

'

Xi XFH mod -4
modes -46=2 mood 7
'
Xi -23--31=4--1 Zz Y
-

D
-
-
i = .
-
.
,

:::÷i : : : : : : : : : : : :: :
"

med
147 Xy = 2 3 .
A 4=5 mod 7 Xx=5 modal

All x , ray are

square
roots
of 4 med
y

x,
'
=
5=4 mod -4 XI -
-
162=256--4 mod 4

XI -
-
15=361--4 modal Nui -

- 5--25=4 modal .

A p prime
, in
Ep ,
have at most 2
square
roots number
of given
.

Ulp ) =p -
I
.

If p, q prime ,
n
-

Pfe .
in In ,
we have at most 4
square
roots .

Results : Breaking Robin cryptosystem is

eguivielante to

fraction n
-

ng =p G .

.
Assignment 4 ,
Rabin Cryptosystem .

{ if B C Z } I
{ I 2-53
'

2
-
.
o
-
i
. -
.
, ,
.

encode blocks
of
s letters

13=8-14+1 in binary : 13=1101

with base 26
Do same
.

Hello
714×26+114262411×263 -114×264=6497147
74111114

I can encode 265-1=11×881,378

Prime Numbers :

Given n EIN ,
is n Prime ?

divide P
2 Ed Ep -
I ; d does not p prime .

to test
is Zed
In face . it saficient for Efp it dlp .

ab
If n
-
-

"
" 30 & 10154
lo p
Remember : a =p genes . y

Need test for 2EdEJpalo77ssib.

 Improved tests ;

For all prime numbers .

f .
2
Ef Efp .

divide C Sieve
test if q p .

of Erato seher

240 BC )

# prime numbers
up to
Tpa 107721075 '

Wolfram Alpha l webs .

①
-

Theorem ; For A 32

Denote an
the number of prime
number
p
by ,
such that ZEP Em .

Then
f- Fm Stum ) S8 Fm

For m
large : Tum ) rent -
-
- -
-
-

hmm
-

2512×10154 lnm
I
Ipa = m . = 356 ?
s

( there 101st numbers f

are ~~ prime
.

. - - -
-
- -
-
e .
-
 Sax L 20027
Theorem ;
C
Agrawal Kayal .

"

Prove is a deterministic algorithm that decide in Oclogn )

number
if a
given
n is
prime -

Xxampk 1554
clog Pio
=
p =

'

Af,op -454 154

"
I to

Proof number to the

uses :
p
choose such that
a
gcdca p ) .
=L

Then p prime ⇐ Cx -

gyp = c XP -
as mod p .

\ I
'

polynomials
in the variable P ,

in
coefficients ZEP
Discussion : It is easier to decide it a number n is
prime
then to
find all prime factors of
n .

Have seen .

.
There a
poly time algorithm that decide .

if a

number is
given prime . L A bit show )
lion is known
No algorithm for integer factories
-

But poly time

-
-
.

Wolfram Alpha uses IEDs

pwb to determine it
number is
I
a given prime Strassen
.

such method
'

Salway
-

are

Algorithm .

Definition : felt p be an odd prime .

Some number a E Z is called quadratic residue modp

Tf
'
number
a
y modp for some
y 2
-
-

, e

called residue
If not a is quadratic non mod p
-
.
.

Example p II
=
:

12=1 mod y = IT 22--4 med i

,
2

32=9 med 11=82 5=5 mod II . -

5--3

72--5 med it
mod it = 62=3
I mod 11
.

F- e- a' 5- up
-
at
 residue mod 11 are { I ,
3. 4.5.93
The quadratic

. -
- - -
non
-
pesidue mod 11 are f- 2 , 6.7 ,
8 ,
to } ,

Theorem Enter 's Criterion

c )

fee p odd prime a C- 7L with # mod

p
, a o
.

arts residue mod ⇐ a =L modp

Then quadratic p -
.

this
T poly time the
Compute in using
and multiply method
square
- - .

Proof :

"
"
"
< Is Assume Y mod p
a
for some
-

EI
-

.
, y ,

Then # '

y ) mod p
I
a =L
YP
-

=
= , .

fermat .

" "
⇐ Assume a mod p

later chloro h) that in be written

We will see
any OF a .

Zp can

as a
-
- bi

IF
bi
fi
"
b ,b3
'

we will see = ,
b -
-
-

,
- - .

b )
,
,
\ root mod P
primitive ;

and Fermat 's theorem has an improved version here :

 bm mod p Iff Cpt ) divides m -

3
W
" " or
med
b =L p .

proofed
.

This gives l=a'¥= bi -

. mod p .

or
AED

Improved Fermat :
Lp D- divides i .

4
pi§

is So Bt big mod
p
i even
i=sj a-
-

i
Therefore
- -

, ,

Example :

17=13 . { 1.214.8 , 3.6 , 12 . Hi 9 , 5 , 10.7 , }

Let be odd prime EZ Then the

Definition :
p an . a
,

of and is
legendre symbol a
p ;

:
¥511
mainframe
residue
Fay modp .

,
a is quadratic non residue med p
-
.

example :
CF )
-
x
I hate
it
, '
FT =
Cbp ) a
-
-

bmodp .

(¥ , =
,
µ
(F) = -

15
( T ) -
-

I
Theorem odd a EZ Then CST ) =
mod p
:
p prime , , .

mod
Proof :
If a=o
,
p .

is quadratic residue ok by Euler 's criterion

If a ,
.

residue know mod p

If we *
non a I
is ,
-

a
quadratic ,

"

Fermat tells us f- a' ca Tmodp

=

but .
.

at = - I
mod
p .

3¥ 3

a -
a
"
Definition :
AE -
- a
→ a -

teen be an odd number ,

"
write n =p , pin .
. .
Peet be the prime factorization of n .

For any integer the Jacobi symbol

a
define -
.
.
,

et
as
lens -

cap.sk#je2cfgG
.

-
. .
.

Example :

( 92¥ ,
5- coziness .ch#ic67fs .

②
A-
9975=3.57-19 =L } Hs ) Fg )
#
.
) .

=L -
t ) I C -

he n
.
= I

2¥
- -

3.1
'
.

!
= 21=271 mod

b' = 216=6 # mod 7

89 83 83.83 I
=
=L ya fell
-

I
-
.
= -
We know :

p odd prime ,
a c- 2 .

(F) =
a
modp .

when is odd 2
n
integer ,
a. E ,

then # modn
(f) may be
equal to a .

Example :

cien
91--7×13 .
=
I K¥345 ) :-c
-
I ) .
.

# I
(F) 33--27--6=-1 med ?
= -

=3 =

Cfg )= 101¥ = 106=1 mods .

So LET = -

Compare :
to =
1045=-1 mod 91 .

45=2
92=81 916=1
"
"
( oo . to 9 =
I
932=1
98=1
,

"
9 .
to
!
.

65=5.3-3 I 045=[45/3]
 91 composite
example
.

3=10 mod 91

a =2 is Euler witness
It ,
Now take n = a -2
,

the
(F) =
(F) LIE ) =L -
ill -
n =/ for fait nets

is not
prime
-

'

z = 27=8 mod D-

Definition ; n odd composite

number : a E 2

If (E) =a¥ mod n .

then we
say that n

is Euler pseudo
-
to the base a
an
prime
.

If Ehlen witness
it is not an
I¥me , then a is

↳
.

CI ) # ant mod that is not

prime
n
, we knows n

Theorem ? Say n odd

composite . IF -
-
fat gcdca ,
n ) -43

Then ;

( { at
Iff n
is Euler pseudo -

prime
to the base a) ISE ( 2n*/

This tells us : We have a 350% chance to pick an Euler -

witness

a in
29 .
Sale algorithm Given n odd
Strawn i
.

ray
- .

① choose Is a < n
randomly
.

② Jacobi symbol end )

Compute

then RETURN
③ If to
,
a is a
factor of n .
STOP .
: NO

a # mod
④ Compute n
.

#
If a mod n f- ( Az )
,
Then return :
"
n
not
prime
'

If a med n =
Cfp ) ,
Then RETURN .
.
'
'

n possibleby prime !
'

Repeat this test too times .

The theorem tells us tf is the

probability
: n
composite ,

of too times a non witness is E CI )

' 00

picking o
-

=
.

Problem , How to
compute the Jacob -

symbol Ldn )

( In the definition
=p ? prime factorization of )
. we use n poet
. . .
n

Have to
find different method to
Jacobi
compute
.

symbols
-
.

-
 Rules in the Game b- compute Cnt ) ;

< I >
tf a=b modn ,
then cap ) = Che ,
reduce upper me
J
.

mod g
'
it n It
=/
-

CF ,
-
,

(
t it n
-
-
I3 mod 8 .

③ Canby --L%Lk→ -

Fa , if a -
. named 4

tf odd then (F)

}
* , a is
,
=

ya , else .

Example : C
GIFT ) .EC#as)-l3gYf7 )
gets .it mods

€ I .

(3131
9975=3 needy

9975 ) .

3139=3 mod 4
.

⑨= -

C 9937357g
) 9975=558 mod
3139

assists ?
ee
notte
-

⇐ iffy , # -
i see ¥ ¥ -

East
.cz#siE-cIIsiEcaIsi=cFsT=EssiFss---uIzsi=-lYaI

477=-1
-

=
 rules to
These give an algorithm

Cen ) in
compute OC bgn5 .

amine
,I7¥p= - c = -

c7¥ )
.

=I¥nsh = -

=tf¥
=
* 23474¥, ha

= -
79ft = -
= -

i ± -
' Ea
.

II f I I. A
'
=
t =
We use Jacobi symbol for prime testing :

If n is prime ,
then
,
then , = ant mod n f a E Z -

-1 I 741146
"
mod 9283 .

I
-

For FSA Need to

find two targe prime
system :

number P 1×2912=1654
, of

between and n
Ign
2
= numbers
.

prime

Strassen
if is Solway
-

test
to
prime
.

:
1 Algorithm n

( based on Jacobi Symbol ,

Fowler 's theorem D

-

Primality Testing ;
( Aim : Miller -
Robin Test I
-
'
No at
Recall Fermat 's Theorem ;
tf p is a
prime ,
then =
, modp

if pya
in fact Am -

I mod p et divides
p
-

: -
I m .

1-
" ' k I
all
'

=p .

when to mod
p prime ,
a
p .
 Az 2512

Fermat Test: given n N E

p .q=i5b 077
-

1.
O Choose random number 2<=a<=n-1
2. Compute gcd(a,n). If d=gcd(a,n) ¥1
O ,
then we found
a
proper division d of n . STOP .

③ tf ah
-
'
II mod n
,
then STOP
,
n is wearing

else back to
①
,
go

13 .

Example :
n
-
-
is ,

gcd ( a. n ) Fl , if a =3 , 5. 6.9 ,
lo , 12 : Find divisor .

need test 4.7 8 14

For step ③ , we to 6=2 . .
, 11 ,
13 ,

Test : a' 4=1 mod If for a =

-4 ,
11 , 14 .

a' 4--4 mod 15 for a -

2.718.13£
Conclusion h
composite
: .

Assume
Step ③ n
=p f p.ge = 10154 p.ge primes
- .

: .
.
.

In the sea En I
range
-

.
,

many mutiples of p ?
how
f- I "
= "
how
)
many muti pees
off .
? py

Among the numbers 2£ a s n -

I ,
there are about 2.1077 numbers a with

such number 2jf7

gcdca.nl -4 .
The probability to pick a is = =
¥ .
=o
Definition ; A number n 32 is called Carmichael- number

CR D . . charmiehael ,
1812 )
if

① not and
n is prime ,

③ an -1=1 mod n
for all a with gcdca.nl =/

For Carmichael Numbers .

the Fermat Test FALLS .

Example :
n
-

-
561 . is Carmichael .

Theorem : fee n be an odd number ,

n 33 .

①
Lf n is Carmichael .
.
then n is
sguate-feec.no m2 divides n
)

( prime factorization of n
=p, Pz .pe with all distinct
n
)
. -

;
,

If then is Carmichael ⇐ p divides n t

for
-

is I
② square free
-

n . n
,

divisor
every prime p of n .

Square -

free
)

③ Carmichael numbers have at least 3

different divisors
prime
.

Test -561 3×11×17 free ✓

n F square
-
-

17=3 ,
4560 ,
v p
-

- H i 101560 . V P -- 17 . 161560 .
✓
hence 561 is Carmichael .
More Carmichael numbers : 561=3×11×17 .

1105=5+13×17 .
1729 . 2465,2821 -
-
-

172081=7×13×31×61 .

Mtl
P
.

Theorem : ( Alfred , Granville , Pomerania . 1994 ) Annals of Math .

I { Carmichael numbers En } I 3h47 for n > 70 .

③ write =p Pz product of prime

numbers
Proof of n
Pt
- -
-

:
.

ah mod
'
Carmichael all
=/ for withgcdca =/
-

n a n )
N ,
,

CRT ; an
'
mod
for all
-

=/ p :
pi ,
and all a .

Fermat ;
Pi -
I divide n -
1

of Assume Carmichael
Proof ③ n Pfe pig primes, pff h
-

i
-
, , .

Ps L .
h =p G -

By ③ f- I divides n I =p f I =
PIG
-

D t p I
- -
- -
,

Therefore divides
fit p I
-
,

However ,
peg p
.

,
sq ,
} n has at least 3 distinct prime
divisions .

-
pts
Assigns :
Mat 'h4 hand
Mpls
-

'

Ppts CS
-

co
-
=
-
.
 Mar .
18 .

Fermat to .

Miller - Rabin Test .

an "
mod n .

Theorem : Fermat 2.0 : Given n odd prime , and a C- IN with

gcd La , n ) =L -

=3 d odd ie
n -

if
write n -
I .
where d is

f
'

n -1--18=21
-

. -

Then : either ① ad =
I mod n
n -61
-

Or
③ AID = -
I mod n
for some O Eres -
I n -
I =
2- - 15 ,

Proof :

ad -4 mod n → case ①
of
add
tf
"

not ; we know a = mod n .

Look at ad
,
old
,
aid .
' '

,
att 'd aid mod n .
,
'
T T
not )
I

Let a be the maximal index such that aid # I mod n .

'd
aid 5=1
"

Then of =L mod n .

So x=aId satisfies x2=1

But n is
prime and the polynomial equation
,

XII has only 2 solution : a- It

Therefore , aid =
-
I mod n
.
 Let de odd
Notation : n .

number
tf some a with
gcd La , n ) =/

neither ① @ then a is called witness

satisfies nor .

for the fact that n is met prime .

about Fermat There

The good thing 20 is .
. are
days witnesses .

Example . Taken the smallest Carmichael number ;

odd Write -1=24.35 5=4 d--35

561
-
he .
n

Test ① ;
choose a =L

① 235 =
( 275 mod 561 .
= 263 Ft mod 561 .

in ⑦ coed ) -
Lad 5 aid coed 5 aid
compute
-
= - - -

; , . ,

For r
-
-
O . I ,
2.3 = s -

I , compute aid mod 561 .

test if -
I

r -
- O ,
It = 2631=-1 .
mod 561

8=1 ,
265=166 t -
I mod 561

8=2 1662 =
67 I -
I mod 561

r =3 t mod 561
672 =
I -
I

is witness 561
a- 2
for n
being composite
-
.
-
 /

Hitler -
Rabin Test :

Input : n .
odd natural number .

① choose 2 Ea en -
I

⑦ Compute gcdca.nl .
lf gcdca.in
) # l
,
then STOP ,
found divisor
gcdca . n )
of n .

③ Compute b ad mod tf 6=1 mod stop

" "
n n
maybe prime
-
-
. , n
, .

④ For r
-
- o to S I -
,
do :

"

tf f mod maybe prime

"

= -
I n then STOP n ,

else b a- 6- mod n
compute
.

⑤ STOP
"
"
n is with witness
; composite .
a

Def :
tf n odd
composite
number ,
gcdca.net .

We call the number witness for of if

a men
composite n

a does not Fermat 4) Re )

satisfy 2 - o
.

Theorem Let > 9 odd then ZF-falgcdca.my )

n
composite
.
. .
.

Chine )

(
false a en -
i ,
gcdca , ma l l E t£
and a is not witness .

to choose is
probability non -
witness E 254 . .

Repeat coo times

probability e
a #
Conclusion : n
prime .
Proof ; set e
-
- mox.fr/aId=-tmodn for some a } i

Set m
-
- Bd

write n=p9pE - - -
pea

zit = fat gcdca , h ) -43 .

Ul

j =
fat at -1=1 mod n ) .

UI

k =
Salam -
- timed Pii )
.

UI
L =
fat am =
It mod n )
UI

{ non -
witness ) .

Fact : LEK E
JE ZE are
swbgtoups
'

If a. b in L .
then ab in L .

Am =
-4 bm III ( ab )m= It .
It =
It shod n .

LAGRANGE Theorem ;

HCG the IHI divides

←
, IGI
gtwup G

1-
Subgroup
" l
-
l l l

ln particular : HCG but it # G , HI E 1¥

 -

'

n -15 .

,
n -
1=14--2 .
-7 .

5=1 ,
d -7 .

If =
{I 2
4,7 8 11 13 143 8 elements
m=d=7
. . .
,
,
S
.

1=0
.
,
-

Ul

Y =
fl , 4 , 11 ,
14 } . 4 elements .

Ul

ke f , , 14 , 4,11 } of -

-
H mods and a
"

# mod t '

y elements
UI

Je fi 14 } of =
It mods
elements
, ,
.

2
.

In k ,
we have It mod pie
'

,
II mod Paa
,
-
-
-

II modpeet possibility

but we have It mod n .

divisors then
We
get ; tf n has 3 or more
prime
,
,

1¥ ¥ =

,
t 73 .
I non -

witness l E Rf

We need to deal with the case where n has at most 2 different

divisors Theoreminsgnines
prime ,

excluded . prime power t.es#* ,

p divisor Pe
tf for some
prime p
-

has only : n -

n one prime
.

So n has two
=
prime divisors

So 1=2 and is not Carmichael f € 2ft

4,43=12 .
n
,

fron -
witness } E l{h
when is
f
=
If ? Precisely when n is a Carmichael number .

We know Carmichael numbers have atleast f- =3

are
square free
-

: ,
.

divisors
prime .

Theorem n > 9 odd

; ,
,

cote ,

nnotapn.me#power .

'

How do
you
test
if n
=p ?
Newton 's Method
-
he 1447123 Compute In
f-
=
.

solve n
-
-
o

>
I
Method to
Efficient compute roots .

Jn Fn Fn

Prime Number Testing IME finished .

Factoring ;

•
Discrete logarithm :

D Polland 's p
-
i method .

Input : n odd number .

I choose B ( bound ) ,
and a c. Base ) .

!
② Compute b -
- AB mod n .

= a
b
do be bi mod
② For 2. to B n
-

i -
- .

" !
( ya.PT . . .
)B = a mod n .
 ③ Compute gcdcb
-
I , m
)

④ en STOP else to ①
If I
aged Cb I. - n ) .
.
, go .

Dissension : Assume n =p
- m
,
p prime
.

P -
I =
Pi Pa B '
-
-
- -

pi with Pi prime .

that
"

Assume all B divisors

has small )
'

pie only prime

'

c p i
-

Then p I divides B!

:÷÷i÷:÷l :÷÷ :*
-

÷: :
.

psgcdcb -
I. n
) .

Example : n -
-
15,770,708.441

Consequence for RSA cryptosystem

:

cheese We want to make that both

n =p .ge , pig prime .
sure
p q , are

that
such p I &
q have large prime factors
-
-
I .

→
Goodwins
Theorem : CE , Fowvry .
1985 )

}
{ p prime . 2 Ep em ,
p
-
I has prime
divisor > m 313C .

Fm
/
for some constant c
' '
divisor 71600
ht Mao
, prime
-
One solution for RSA ;

number 25
"
choose random r re

such that is also prime

cheese the nextprime p apt ) .

cpzr )

' ' '

Then p -1=7
'
use p =
zptl for n n
=P .ge -
large .

General methods are :

factoring ,

↳ Quadratic sieve
best known methods today
}
.

(
↳ Algebraic number
field sieve
Fun in sub exponential time

elliptic curve methods .

but not
polynomial time .

>
Idea .
. Given h

search numbers such that

for X. y

F- y
'
mod n
my ex
'
-

y )
'
-

ex -

y ) cxty ) 'd "

9
"
T'
-

}
-

and # Ly mod n
my way ,
X
ny, ex
y, Fn
. -

X 227
-

Y 210
-
-

7429
-

Example
,

n
-
.
:
-

~
- x -

Y
-

17
that x'
-

such
for y
.

Looking x.
= n
y
-

gcdcn .
AKA

:::÷
Jn =
86 19

:: : ::*
.

.
:
÷
"
:* : : :*: :c
:: n

£-227 ,
22ft -
n= 44100 = 61032
x Y
Discrete Logarithms :
 If an
is root for 2¥
a not primitive 31127*1=6
y
.

{ I .
2143 f- 2¥

Theorem Lee be Then 2p* cyclic and there are

:
p prime . is .

And element net

primitive roots
at
Gcp -
I ) .
an
2ft is primitive

ad # modp for
all divisors d of p
-

l
H
P -
t .

26*-11.33 .

zit # * * I

73=13 ULP -

1) =
4427=413 .

4) = 613 ) -

441=2 . =
y 22=4 # I
a→
as
*

¥
Test 2*13 3 #
=
1
,
2 . 4, 5 ,
6 , 7 , 8 , 9 ,
10 ' " ' ' Z -

V
,

24=16--3-+1

!
X
X
X
prime
root ? X
¥, gY, Xp Yo . E- -

Iti
-
.

v
divisors of 1=12 d "b
proper p are '
-

to # oh
know
we : 2,5=91,7 ,
lo .
5,9 ,
it . 12.6 ,
3.8.42 ) 102--9=11
1×2 3×7
6×7 8×7
63=12 II
meds .
mods mods mod !3
104 =3 ty
A -7 . at ,
al ,
of a3 . , . 76
lob

176=11 med B .

Find × such that 75=11 mod 13 .

X is called logarithm .
 number
Remark : choose a
prime p which is of the form pesfti for
some number
prime of .

and there Ucp the cafe)

Then the Theorem says Ipt is
cyclic are -

: ,

412 ) you ) f I
primitive
-
= -
=

roots in 2p* .
I 74*1=26 .

About half of all elements are

primitive nots .

For a E Zp* ,
to test if a is
primitive nots .

I need to test
only ,
a- ¥1 ,
anti mod p .

Proper divisors of p I
-
=
He are 2.
of .

List the smallest not med

Example :
of primitive a
p .

for prime s too .

a p
I 2

2 3 5 11 13 If 29 37 53 59 61 67 83

3 7 17 31 43 79 89

" " "

 compute
=7
If =

compute =
If
f

we choose 17=23 , a=5 .

I EX ,
yep -2 .
Y it
-

- .
 Recall EL Gamal cryptosystem :

Given p prime number -2

ei at }
root
Zp*={ I
-
-

a
-

a
primitive for
.
,

Plaintext :
P = 72ft

't
Ciphertext c 2p* X
Ip
-
: -

Keys K
-
-
HA , X ) where A- at modp - , I
snap -23
t tr
public private

AY MA ' ) random
encryption i exam ) =L , for some
y C- 749

CM -
I mod Et -
I
p
- -

f- y x -
-

It -4 "
=p
'
4
( c4j =
c- = mod
4

Note .

* EL Gamel works in with some

primitive root
every group
a .

Cris increased
flexibility ; use p-adic elliptic groups )

's
and tbxtc PXQ
elliptic curves
y
=
* Ethanol is a bit more
expansive than
RSA

is twice
( ciphertext as
long )

has small there

warning tf p I only prime factor is an
-
: .

¥hm that computes discrete logarithm efficiently .

↳
pohlig
-

Hellman algorithm .

Question mod
what is X
logab p ?
-

: -

⇐ ax =D modp .

" " " " "

mod
-

a =
I
p :
a = b mod p
Kup Y
axe
-

= b mod
p

→ are x modulo I
we
looking for p
-
.

Ponting
-

Hellman algorithm : p prime , a

primitive root for 74¥

P =p ? pak
'

Suppose : -

I . . . pfe
Find a- hgab mod p .

Example : 12=29 a=2

p 1--227=28
-
,
,

legal 8 mod
"
a X
-

-
4
Want x=
logy 8 mod of ↳ problem : z is not in 2*4
.
 mod ? '
Compute x begat p
-
-

Idea :
"

x -
-

hgab mod poet

} combine
by CRT

'
x -
-

logo,b mod pie

'
a' =b

11=109218 mod 29 ⇐ 2
"
=
IS mod 29 .

pit ? I
-

Write x= aotaip ,
t a. - - -

tae ,
-
i
-

' ' MP
aao
" Yp
)E
'

b¥ ax
-

( AP )
-

(a
-

Observe
.

i
, ,
=
.

.
= = = -
-
= n
,

"

"

'

That means ; To determine Ao ,

n

" ,
%
-

MYP
compute powers of a' ,
until I
get
b a

÷÷÷÷÷÷÷÷÷÷÷:÷ .ie?iii
: "
.
. .

( a' Y
'
' a
Observe .

.
b' =
where b, -
-
b a--

- A

b
a% 294
'
'
= =
27 z mod zf b, -_
b. at = 18 I-

=f
A 122=28 mod 29
b' hi
"
=
97 =
28 mod 4
↳aa←
x =3 mod 4 I

→
} D mods .

A- 4 may
 us
@
i. ¥ i

w E
Es
'

s E
is a
⑦ o