Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

9.9 Computer Problems

1. Paul Revere’s friend in a tower at MIT says he’ll send the message one if (the British are coming) by land and two if by sea. Since they know that RSA will be invented in the Boston area, they decide that the message should be encrypted using RSA with $n = 712446816787$ $n = 712446816787$ and $e = 6551$ $e = 6551$ . Paul Revere receives the ciphertext 273095689186. What was the plaintext? Answer this without factoring $n$ $n$ .
2. What could Paul Revere’s friend have done so that we couldn’t guess which message was encrypted? (See the end of Subsection 9.2.2.)
In an RSA cryptosystem, suppose you know $n = 718548065973745507$ $n = 718548065973745507$ , $e = 3449$ $e = 3449$ , and $d = 543546506135745129$ $d = 543546506135745129$ . Factor $n$ $n$ using the $a^{r} \equiv 1$ $a^{r} \equiv 1$ method of Subsection 9.4.2.
Choose two 30-digit primes $p$ $p$ and $q$ $q$ and an encryption exponent $e$ $e$ . Encrypt each of the plaintexts cat, bat, hat, encyclopedia, antidisestablishmentarianism. Can you tell from looking at the ciphertexts that the first three plaintexts differ in only one letter or that the last two plaintexts are much longer than the first three?
Factor 618240007109027021 by the $p - 1$ $p - 1$ method.
Factor 8834884587090814646372459890377418962766907 by the $p - 1$ $p - 1$ method. (The number is stored in the downloadable computer files ( bit.ly/2JbcS6p) as n1.)
Let $n = 537069139875071$ $n = 537069139875071$ . Suppose you know that

$\begin{matrix} 85975324443166^{2} \equiv 462436106261^{2} & (mod n) . \end{matrix}$ $\begin{matrix} 85975324443166^{2} \equiv 462436106261^{2} & (mod n) . \end{matrix}$

Factor $n$ $n$ .
Let $n = 985739879 \cdot 1388749507$ $n = 985739879 \cdot 1388749507$ . Find $x$ $x$ and $y$ $y$ with $x^{2} \equiv y^{2} (mod n)$ $x^{2} \equiv y^{2} (mod n)$ but $x \equiv \pm y (mod n)$ $x \equiv \pm y (mod n)$ .
1. Suppose you know that
  
  $\begin{matrix} 33335^{2} \equiv 670705093^{2} & (mod 670726081) . \end{matrix}$ $\begin{matrix} 33335^{2} \equiv 670705093^{2} & (mod 670726081) . \end{matrix}$
  
  Use this information to factor 670726081.
2. Suppose you know that $3^{2} \equiv 670726078^{2} (mod 670726081)$ $3^{2} \equiv 670726078^{2} (mod 670726081)$ . Why won’t this information help you to factor 670726081?
Suppose you know that

$\begin{array}{l} 2^{958230} & \equiv & 1488665 (mod 3837523) \\ 2^{1916460} & \equiv & 1 (mod 3837523) . \end{array}$ $\begin{array}{l} 2^{958230} & \equiv & 1488665 (mod 3837523) \\ 2^{1916460} & \equiv & 1 (mod 3837523) . \end{array}$

How would you use this information to factor 3837523? Note that the exponent 1916460 is twice the exponent 958230.

Alice and Bob have the same RSA modulus $n$ $n$ , given to them by some central authority (who does not tell them the factorization of $n$ $n$ ). Alice has encryption and decryption exponents $e_{A}$ $e_{A}$ and $d_{A}$ $d_{A}$ , and Bob has $e_{B}$ $e_{B}$ and $d_{B}$ $d_{B}$ . As usual, $e_{A}$ $e_{A}$ and $e_{B}$ $e_{B}$ are public and $d_{A}$ $d_{A}$ and $d_{B}$ $d_{B}$ are private.
1. Suppose the primes $p$ $p$ and $q$ $q$ used in the RSA algorithm are consecutive primes. How would you factor $n = p q$ $n = p q$ ?
2. The ciphertext 10787770728 was encrypted using $e = 113$ $e = 113$ and $n = 10993522499$ $n = 10993522499$ . The factors $p$ $p$ and $q$ $q$ of $n$ $n$ were chosen so that $q - p = 2$ $q - p = 2$ . Decrypt the message.
3. The following ciphertext $c$ $c$ was encrypted mod $n$ $n$ using the exponent $e$ $e$ :
  
  $\begin{matrix} n = 152415787501905985701881832150835089037858868621211004433 \\ e = 9007 \\ c = 141077461765569500241199505617854673388398574333341423525. \end{matrix}$ $\begin{matrix} n = 152415787501905985701881832150835089037858868621211004433 \\ e = 9007 \\ c = 141077461765569500241199505617854673388398574333341423525. \end{matrix}$
  
  The prime factors $p$ $p$ and $q$ $q$ of $n$ $n$ are consecutive primes. Decrypt the message. (The number $n$ $n$ is stored in the downloadable computer files (bit.ly/2JbcS6p) as naive, and $c$ $c$ is stored as cnaive.) Note: In Mathematica^®, the command Round[N[Sqrt[n],50]] evaluates the square root of $n$ $n$ to 50 decimal places and then rounds to the nearest integer. In Maple, first use the command Digits:=50 to obtain 50-digit accuracy, then use the command round(sqrt(n*1.)) to change $n$ $n$ to a decimal number, take its square root, and round to the nearest integer. In MATLAB, use the command digits(50);round(vpa(sqrt(ŉ’))).
Let $p = 123456791$ $p = 123456791$ , $q = 987654323$ $q = 987654323$ , and $e = 127$ $e = 127$ . Let the message be $m = 14152019010605$ $m = 14152019010605$ .
1. Compute $m^{e} (mod p)$ $m^{e} (mod p)$ and $m^{e} (mod q)$ $m^{e} (mod q)$ ; then use the Chinese remainder theorem to combine these to get $c \equiv m^{e} (mod p q)$ $c \equiv m^{e} (mod p q)$ .
2. Change one digit of $m^{e} (mod p)$ $m^{e} (mod p)$ (for example, this could be caused by some radiation). Now combine this with $m^{e} (mod q)$ $m^{e} (mod q)$ to get an incorrect value $f$ $f$ for $m^{e} (mod p q)$ $m^{e} (mod p q)$ . Compute $gcd (c - f, p q)$ $gcd (c - f, p q)$ . Why does this factor $p q$ $p q$ ?
The method of (a) for computing $m^{e} (mod p q)$ $m^{e} (mod p q)$ is attractive since it does not require as large multiprecision arithmetic as working directly mod $p q$ $p q$ . However, as part (b) shows, if an attacker can cause an occasional bit to fail, then $p q$ $p q$ can be factored.
Suppose that $p = 76543692179$ $p = 76543692179$ , $q = 343434343453$ $q = 343434343453$ , and $e = 457$ $e = 457$ . The ciphertext $c \equiv m^{e} (mod p q)$ $c \equiv m^{e} (mod p q)$ is transmitted, but an error occurs during transmission. The received ciphertext is 2304329328016936947195. The receiver is able to determine that the digits received are correct but that last digit is missing. Determine the missing digit and decrypt the message.
Test 38200901201 for primality using the Miller-Rabin test with $a = 2$ $a = 2$ . Then test using $a = 3$ $a = 3$ . Note that the first test says that 38200901201 is probably prime, while the second test says that it is composite. A composite number such as 38200901201 that passes the Miller-Rabin test for a number $a$ $a$ is called a strong $a$ $a$ -pseudoprime.
There are three users with pairwise relatively prime moduli $n_{1}, n_{2}, n_{3}$ $n_{1}, n_{2}, n_{3}$ . Suppose that their encryption exponents are all $e = 3$ $e = 3$ . The same message $m$ $m$ is sent to each of them and you intercept the ciphertexts $c_{i} \equiv m^{3} (mod n_{i})$ $c_{i} \equiv m^{3} (mod n_{i})$ for $i = 1, 2, 3$ $i = 1, 2, 3$ .
1. Show that $0 \leq m^{3} < n_{1} n_{2} n_{3}$ $0 \leq m^{3} < n_{1} n_{2} n_{3}$ .
2. Show how to use the Chinese remainder theorem to find $m^{3}$ $m^{3}$ (as an exact integer, not only as $m^{3} (mod n_{1} n_{2} n_{3})$ $m^{3} (mod n_{1} n_{2} n_{3})$ ) and therefore $m$ $m$ . Do this without factoring.
3. Suppose that
  
  $\begin{matrix} n_{1} = 2469247531693, n_{2} = 11111502225583, \\ n_{3} = 44444222221411 \end{matrix}$ $\begin{matrix} n_{1} = 2469247531693, n_{2} = 11111502225583, \\ n_{3} = 44444222221411 \end{matrix}$
  
  and the corresponding ciphertexts are
  
  $359335245251, 10436363975495, 5135984059593.$ $359335245251, 10436363975495, 5135984059593.$
  
  These were all encrypted using $e = 3$ $e = 3$ . Find the message.
1. Choose a 10-digit prime $p$ $p$ and and 11-digit prime $q$ $q$ . Form $n = p q$ $n = p q$ .
2. Let the encryption exponent be $e = 65537$ $e = 65537$ . Write a program that computes the RSA encryptions of all plaintexts $m$ $m$ with $1 \leq m < 10^{4}$ $1 \leq m < 10^{4}$ . (Do not store or display the results.) The computer probably did this almost instantaneously.
3. Modify your program in (b) so that it computes the encryptions of all $m$ $m$ with $1 \leq m < 10^{8}$ $1 \leq m < 10^{8}$ and time how long this takes (if this takes too long, use $10^{7}$ $10^{7}$ ; if it’s too fast to time, use $10^{9}$ $10^{9}$ ).
4. Using your timing from (c), estimate how long it will take to encrypt all $m$ $m$ with $1 \leq m < n$ $1 \leq m < n$ (a year is approximately $3 \times 10^{7}$ $3 \times 10^{7}$ seconds).
Even this small example shows that it is impractical to make a database of all encryptions in order to attack RSA.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for 9.9 Computer Problems

Create new playlist

Sign In

Sign Up

Table of Contents for
9.9 Computer Problems