You are on page 1of 7

Date : 03/12/2004 ECE575 HW4 Venkat Suryadevara

Problem 8.6.1:
Show that if someone discovers the value of k used in the ElGamal signature scheme,
then a can also be determined.
Solution:
a can be found in the following way if k is used in ElGamal Signature Scheme
In ElGamal SS, s is given by
s = k ^1 (m-a*r)
s*k = m-a*r
s*k m = -a*r
(m-s*k)/r = a
Hence, if k is known then a can be computed.
Problem 8.6.3:
Let p =11, q=5,

=3, and k=3. Show that (

^k (mod p)) (mod q) (

^k (mod q))
(mod p). This shows that the order of operations in the DSA is important.
Solution:
3. Given the values p=11, q=5, =3, k=3
If we find the value of (
k
(mod p)) (mod q) , we get
(
k
(mod p)) (mod q) =(3
3
(mod 11))(mod 5)=(27 (mod 11))(mod 5)=5 (mod 5)=1
then computing (
k
(mod q)) (mod p) , we get
(
k
(mod q)) (mod p)= 33(mod 5)) (mod 11)
= (27 (mod 5)) (mod 11)
= 2 (mod 11)
=2.
Finally, (
k
(mod p)) (mod q) = 1 and (
k
(mod q)) (mod p) =2. Thus we conclude that
(
k
(mod p)) (mod q) (
k
(mod q)) (mod p).So the order of operation in DSA is
important.
Problem 8.6.4:
Let p be a prime and let

be an integer with p

. Let h(x)

^x (mod p). Explain


why h(x) is not good cryptographic hash function.
Solution:
Hash function is h(x) =
x
(mod p .(
h(x) is not a good hash function because :
Assume p=7, =5. and find different values of x .
We get the same value for x=3 ,x=9,x=15 ;

> modp(Power(5,3),7);
6
> modp(Power(5,9),7);
6
> modp(Power(5,15),7);
6
Since the hash function is mapping different values of x to the same hash key, the given
function cannot be a good hash function.
Problem 15.6.2:
(a) List the points on the elliptic curve E: y2 = x3 2 (mod7).
(b) Find the sum (3, 2) + (6, 5) on E
(c) Find the sum (3, 2) + (3, 2) on E.
Solution:
(a)
) 5 , 5 ( ), 2 , 5 (
7 mod ) 2 ( 7 mod 4 7 mod 214 5
7 mod 6 7 mod 62 4
) 2 , 3 ( ), 5 , 3 (
7 mod ) 5 ( 7 mod 25 3
7 mod 6 2
7 mod 6 7 mod 1 1
7 mod 5 7 mod 2 0
2 2
2
2 2
2
2
2

t



y x
solution no y x
solution no y x
solution no y x
solution no y x
solution no y x
) 5 , 6 ( ), 2 , 6 (
7 mod ) 2 ( 7 mod 4 7 mod 214 6
2

t y x
and the last point is ( , )
(b)
) , (
) 5 , 6 (
) 2 , 3 (
3 3
2 2
1
1
y x R Q P
y x Q
y x P
+


where:

'

7 mod 2 7 mod 5 2 ) 6 3 ( ) (
7 mod 6 7 mod 8 6 3 1
1
3 6
2 5
1 3 1 3
2 1
2
3
1 2
1 2
y x x y
x x x
x x
y y

P+Q=R(3,2)+(6,5)=(6,2)
(c) P(x
1
, y
1
)=(3,2) on E
P(x
1
, y
2
)=(3,2) on E
Since we are adding point P to itself, it is one of the cases of the addition rule for Elliptic
Crypto Systems.
7 mod 5 7 mod 12 7 mod 2 6
7 mod 5 7 mod 12 7 mod 2 6
7 mod 4 6 7 mod 4 27
) ( 7 mod
2 2
) 3 ( 3
2
3
1 1
2
1
2
1




a note
y
a x

'



7 mod 2 7 mod 12 2 ) 5 3 ( 5 ) (
7 mod 5 7 mod 19 3 3 25
1 3 1 3
2 1
2
3
y x x y
x x x

P+P= R (3, 2) + (3, 2)=(5, 2)


Answer:
(a) The points on the curve are (3, 2), (3, 5), (5, 2), (5, 5), (6, 2), (6, 5) and ( , )
(b) (3, 2) + (6, 5) = (6, 2)
(c) (3, 2) + (3, 2) = (5, 2)
Problem 15.6.10:
Let x = b1b2bw be an integer written in binary. Let P be a point on the elliptic curve E.
(a) Show that Rw = xP
Let x be a positive integer and let P be a point on the elliptic curve.
(b) Show that the given procedure computes xP
Solution:
Excluded in this HW
Computer Problems
Problem 8.7.1:
Suppose we use ElGamal signature scheme with p=655539,

=2,

=33384. We send
two signed messages (m, r, s): (809, 18357, 2042) (=hi) and (22505, 18357, 26272)
(=bye).
(a) Show that the same value of k was used for each signature
(b) Use this fact to find this value of k and to find the value of a such that

^a
(mod p)
Solution:
Given values: p=65539, alpha=2, beta=33384, m1=809, m2=22505, r=18357, s1=1042,
s2=26272
k can be found using k (1-m2)/(s1-s2) mod p
There can be different solutions for k which is given by d = gcd(s1-s2,p-1);
> d=gcd(1042-26272,65539-1);
d 6
solving for k after dividing the all the terms in the congruence by 6 we get
> k1= modp(((m1-m2)/6)/((s1-s2)/6),(p-1)/6);
k1
|
.

`
,

modp ,
m1 m2
6
|
.

`
,

s1
6
s2
6

p
6
1
6
> k1=modp(((809-22505)/6)/((1042-26272)/6),(65539-1)/6);
k1 1814
Check all the 6 possible values of k and verify which values gives the correct encryption.
The k that gives us r will be the final solution.
> k2:=k1+(p-1)/6;
:= k2 12737
> k3:=k2+(p-1)/6;
:= k3 23660
> k4:=k3+(p-1)/6;
:= k4 34583
> k5:=k4+(p-1)/6;
:= k5 45506
> k6:=k5+(p-1)/6;
:= k6 56429
Trying different k values to calculate r
>r1:=alpha^k1 mod p;
:= r1 51656
> r2:=alpha^k2 mod p;
:= r2 33299
> r3:=alpha^k3 mod p;
:= r3 47182
> r4:=alpha^k4 mod p;
:= r4 13883
> r5:=alpha^k5 mod p;
:= r5 32240
> r6:=alpha^k6 mod p;
:= r6 18357
For := k6 56429
we get the required r hence k6 is the required k
Now solving for a using the equation ar = m1-ks1 (mod p-1 (
There are gcd(r,p-1) possible values of a
> gcd(r,p-1);
3
Since there are 3 values of a, we can find them .
< r:=18357 :
> a1:=(r/3)&^(-1)*((m1-k6*s1)/3) mod ((p-1)/3);
:= a1 9871
> a2:=a1+(p-1)/3;
:= a2 31717
> a3:=a2+(p-1)/3;
:= a3 53563
For each value of a , find =
a ;
< beta1:=alpha^(a1) mod p ;
:= 1 33384
> beta2:=alpha^(a2) mod p;
:= 2 35730
> beta3:=alpha^(a3) mod p;
:= 3 61964
a is 9871 which gives the correct .
Thus k = 56429 and a=9871.
Problem 8.7.4:
(a) If there are 30 people in classroom, what is the probability that at least two have
the same birthday
(b) How many people should there be in a classroom in order to have a 99% chance
that at least two have the same birthday
(c) How many people should there be in a classroom in order to have 100%
probability that at least two have the same birthday
Solution:
(a)
> 1-mul(1.-i/365, i=1..29);
.7063162428
(b) > 1-mul(1.-i/365, i=1..56);
bytes used=3015796, alloc=2227816, time=0.66
.9901224593
Hence the number of people should be 57 in order to have a 99% chance that at least two
have the same birthday.
(c) > 1-mul(1.-i/365, i=1..123);
1.000000000
Hence the number of people should be 124 (or greater) in order to have a 100% chance
that at least two have the same birthday.
Problem 15.7.2:
You want to represent the message 12345 as a point (x, y) on the curve
y2=x3 + 7x + 11 (mod 593899) write x = 12345_ and find a value of the missing last digit
of x such that there is a point on the curve with this x- co-ordinate.
Solution:
After trying all possible solutions for x, we get
For x = 123450, y2 = 474965 (mod 593899) It has no solution
For x = 123451, y2 = 426106 (mod 593899) It has no solution
For x = 123452, y2 = 524054 (mod 593899) It has no solution
For x = 123453, y2 = 174916 (mod 593899) It has no solution
For x = 123454, y2 = 566496 (mod 593899) It has no solution
For x = 123455, y2 = 511002 (mod 593899) It has no solution
For x = 123456, y2 = 8440 (mod 593899) It has no solution
For x = 123457, y2 = 246614 (mod 593899) It has no solution
For x = 123458, y2 = 37732 (mod 593899) It has no solution
For x = 123459, y2 = 569598 (mod 593899) It has no solution
Hence there exists no solution for x for which y has a square root.
Problem 15.7.4:
Let P= (2, 3) be a point on the elliptic curve y^2 x^3 10x +21 (mod 557).
(a) Show that 189P = but 63P and 27P
(b)Show that P has order 189
(c)Show that elliptical curve has 567 points using Hasses Theorem
Solution:
(a) > p=[2,3];
p = [2, 3]
> multell([2,3],189,-10,21,557);
["infinity", "infinity"]
> multell([2,3],63,-10,21,557);
[38, 535]
> multell([2,3],27,-10,21,557);
[136, 360]
(b)
> multell([2,3],189,-10,21,557);
["infinity", "infinity"]
(c) From the given problem, we know that the order of the given curve is 189 And
according to Lagranges Theorem, The number of points N is an integral multiple of
order Hence N = 189C. According to Hasses theorem, modulus (N p 1) 2 p.
Here p=557. So the condition becomes: absolute (189C - 557- 1) 47.
This condition is satisfied only if C = 567. Hence the number of points on the given curve
is N = 189*C = 189*3 = 567
Hence this elliptic curve has 567 points.
Problem 15.7.5:
Compute the difference (5, 9) (1, 1) on the elliptic curve y^2 x^3 11x + 11 (mod
593899). Note that the answer involves large integers, even though the original points
have small coordinates.
Solution:
> addell([5,9],[1,-1],-11,11,593899);
[148475, 222715]
> x:=148475;
x := 148475
> y:=222715;
y := 222715
> y:=222715^2;
y := 49601971225
> m:=((x&^3) - (11*x) + 11) mod 593899;
m := 120644
> 49601971225 mod 593899;
120644
(Using the rule P Q = P + (-Q))
Answer: Hence the difference between the points is [148475, 222715] (substituting these
values of x and y, LHS=RHS)

You might also like