Solutions to Homework 2

Debasish Das
EECS Department, Northwestern University
ddas@northwestern.edu
1 Problem 1.14
Using the results from 0.4, Fibonacci numbers in terms of matrix can be repre-
sented as follows

F
n
F
n+1

0 1
1 1

n
.

F
0
F
1

(1)
Since F
n
(mod p) can be obtained by taking the rst term of the matrix

F
n
F
n+1

(mod p). As the matrix

F
0
F
1

is a constant matrix, computing

0 1
1 1

n
(mod
p) is sucient to compute F
n
(mod p). We call the matrix

0 1
1 1

as A. An
extension of modular exponentiation algorithm can be employed to solve this
problem once we prove the following theorem.
Theorem 1 Given any general matrix A, (A mod p)(A mod p) = A
2
(mod p)
Proof: Assume A as any matrix

a b
c d

. (A mod p) can be written as

a + k
1
p b + k
2
p
c + k
3
p d + k
4
p

where k
1
, .., k
4
are arbitrary integers. After multiplying
(A mod p) with (A mod p), the rst term in the nal matrix can be written as
b
2
+ ac + p(C) where C is any constant which is equivalent to the rst term of
the matrix A
2
(mod p). Similarly it holds for other terms as well.
Using the above theorem, we can establish in general that (A
n
(mod p)
(A mod p) = A
n+1
(mod p). The algorithm is given as
function Modified-modexp(A, p, n)
Input: 2x2 Array A where each element is of n-bits,
p (n bit) and integer exponent n
Output: A
n
mod p
if y = 0: return I
2
z = Modified-modexp(A,p,

n
2

)
temp = (z mod p)(z mod p)
if y is even:
1
return temp
else:
return (A mod p)temp
Complexity Analysis : Number of recursive calls are analogous to Modular
Exponentiation presented at page 19. Matrix multiplication is O(n
2
) (Chapter
3 presents a better bound). Hence the complexity of the algorithm is O(n
3
).
2 Problem 1.15
Statement : For any a, b, if ax bx mod c, then a b mod c.
Necessary and Sucient Condition Derivation
ax bx(modc) c|(a b)x
a b(modc) c|(a b)
Now since c must divide (a-b)x and c must divide (a-b), we should choose x
such that GCD(c,x) = 1 which will ensure that if (a-b)x is divisible by c, then
(a-b) must be divisible by c as GCD(c,x) is 1.
3 Problem 1.17
x and y are each n-bit long. We are performing complexity analysis of 2 algo-
rithms for x
y
computation.
function Iterative-Exponentiation(x,y)
Input: x and y each n-bit long
Output: x
y
prod = x
for i = 1 to y-1
prod = x * prod
return prod
Complexity Analysis : After each multiplication, the size of the product be-
comes i.n where i is the current iteration. Total time is given by

y1
i=0
O(in n)
=
(y1)y
2
O(n
2
). The complexity is O(y
2
n
2
) where y is O(2
n
).
function Recursive-Exponentiation(x,y)
Input: x and y each n-bit long
Output: x
y
if y = 0: return 1
z = Recursive-Exponentiation(x,

y
2

)
if y is even:
return z*z
else:
return x*z*z
2
Complexity Analysis : Since y is n-bit long, the number of iterations is bounded
by O(n). Size of z on each return from recursive call increases by a factor of 4.
Total running time is given by
O(n
2
) + O(4n
2
) + ... + O((2
n2
n)
2
) =O(n
2
2
2n
)
4 Problem 1.24
From the set given 0,1,2,...,p
n
-1 we have to exclude all numbers which are mul-
tiple of p since gcd(kp,p
n
) where 0 k < p
n1
is surely not equal to 1 as p is a
common divisor for both the numbers. Now consider numbers of the form kp+i
where 0<i<p-1. k and i are integers. Now gcd(kp+i,p
n
) = 1 as p is surely not
a divisor of kp+i and p is the only prime divisor of p
n
. Therefore total numbers
in the set which are multiple of p are p
n1
. Numbers which have an inverse are
p
n
p
n1
.
5 Problem 1.26
We have to compute 17
17
17
(mod 10) to get the least signicant digit.
10 = 2 5 where 2 and 5 are primes
p = 2 q = 5 and a = 17
a
(p1)(q1)
= 1(mod10) 17
4
= 1(mod10)
17
17
= (4
2
+ 1)
17
= 4 C + 1where C is some constant
17
17
17
(mod10) = 17
4C
(mod10) 17(mod10) = 7
6 Problem 1.44
Alice and her three friends are communicating using RSA cryptosystem. Re-
spective public keys are (N
i
,e
i
) where i 1,2,3. Alice sent the same message
MSG to all three of her friends. Since e
i
= 3, we get following cyphertext M
i
M
1
= MSG
3
mod(N
1
)
M
2
= MSG
3
mod(N
2
)
M
3
= MSG
3
mod(N
3
)
Rearranging terms the above equations can be written as
MSG
3
= M
1
mod(N
1
)
MSG
3
= M
2
mod(N
2
)
MSG
3
= M
3
mod(N
3
)
Someone who intercepts all the 3 encrypted messages M
1
, M
2
and M
3
along with
the public keys N
1
, N
2
, N
3
and e can compute MSG
3
using Chinese Remainder
Theorem.
3
Theorem 2 Suppose m
1
, m
2
,...,m
s
are s integers, no two of which have a
common divisor other than 1. Let M = m
1
m
2
...m
s
and suppose a
1
,a
2
,...,a
s
are
integers such that gcd(a
i
,m
i
) = 1 for each i. Then the s congruences
a
1
x b
1
(modm
1
)
a
2
x b
2
(modm
2
)
...,
a
s
x b
s
(modm
s
)
have a simultaneous solution that is unique modulo M.
Proof: From each particular congruence we construct one common to the
entire set. We choose integers c
1
,c
2
,...,c
s
such that
a
i
c
i
b
i
(modm
i
) (2)
Note that one possibility of choose c
i
is to take them equal to b
i
. Now let
n
i
=
M
mi
. No two m
i
have a common factor, therefore gcd(n
i
,m
i
)=1. Therefore
an inverse n
i
exist such that n
i
n
i
1(modm
i
). Thus the x
0
dened by
x
0
= c
1
n
1
n
1
+ c
2
n
2
n
2
+ ... + c
s
n
s
n
s
(3)
is a solution to the original system of s congruences. Note that by denition m
i
divides each n
j
except n
i
. Thus
a
i
x
0
= a
i
c
1
n
1
n
1
+ a
i
c
2
n
2
n
2
+ ... + a
i
c
s
n
s
n
s
a
i
c
i
n
i
n
i
(modm
i
)
a
i
c
i
(modm
i
)
b
i
(modm
i
)
Hence x
0
is a solution of each congruence.
Using the theorem getting M is straightforward. For the given problem
a
1
, a
2
and a
3
are 1 respectively. c
1
= M
1
, c
2
= M
2
and c
3
= M
3
. M =
N
1
N
2
N
3
. n
1
= N
2
N
3
, n
2
= N
1
N
3
and n
3
= N
1
N
2
. Compute n
1
by the equation
n
1
n
1
= 1(modN
1
) using Extended Euclid Algorithm. Similarly compute n
2
and n
3
. Following that generate x
0
as the solution for the congruences. Now
x
0
(modN
1
N
2
N
3
) is the required solution. Thus MSG
3
= x
0
and MSG = x
1
3
0
7 Errata for Homework 1
Problem 2 (0.1) (l) n
1
2
= O(5
log n
)
4