COMP 547: Assignment 1 Solutions

COMP 547: Assignment 1 Solutions 

October 12, 2005 

Remarks 

Please do not print this corrigé as it is fairly long and would waste 

a lot of paper. 

This corrigé is mostly (somewhere above 95 % of it) due to Samuli Heilala 

who kindly gave me the L A TEXcode of his/her (Sorry I do not know if you are 

a man or a woman) assignment and thereby saved me a lot of time. I (me the 

T.A.) simply changed or added a few things that were wrong or missing. I do 

not expect such nice and agreeable to read assignment, but many of you should 

look at the structure of a proof and learn to reproduce it. Also, this is definitely 

the correct way to show the output of the code. 

Part A: Maple 

1. myIrreduciblePoly := proc() 

local g; 

randomize(); 

g := 0; 

while not Irreduc(g) mod 2 do 

g := x^1000 + add(rand(0..1)()*x^i, i = 0..999); 

end do; 

return(sort(g)); 

end proc; 

This generated the following irreducible polynomial P : 

P := x^1000 + x^998 + x^996 + x^991 + x^990 + x^988 + x^985 

+ x^984 + x^983 + x^980 + x^979 + x^978 + x^973 + x^971 

+ x^970 + x^969 + x^967 + x^965 + x^964 + x^963 + x^959 

+ x^958 + x^955 + x^953 + x^952 + x^950 + x^949 + x^947 

+ x^945 + x^944 + x^943 + x^941 + x^940 + x^935 + x^934 

+ x^931 + x^928 + x^926 + x^924 + x^922 + x^920 + x^919 

+ x^918 + x^917 + x^916 + x^915 + x^914 + x^911 + x^910 

+ x^909 + x^908 + x^907 + x^904 + x^902 + x^896 + x^894 

1

+ x^893 + x^892 + x^891 + x^890 + x^889 + x^886 + x^884 

+ x^883 + x^881 + x^879 + x^875 + x^874 + x^873 + x^872 

+ x^871 + x^868 + x^865 + x^864 + x^863 + x^861 + x^859 

+ x^858 + x^855 + x^854 + x^853 + x^850 + x^848 + x^842 

+ x^841 + x^836 + x^834 + x^832 + x^831 + x^830 + x^828 

+ x^827 + x^824 + x^823 + x^820 + x^818 + x^817 + x^816 

+ x^815 + x^810 + x^804 + x^800 + x^799 + x^798 + x^796 

+ x^793 + x^792 + x^790 + x^787 + x^786 + x^784 + x^783 

+ x^782 + x^776 + x^774 + x^771 + x^770 + x^765 + x^764 

+ x^761 + x^759 + x^758 + x^757 + x^756 + x^755 + x^754 

+ x^752 + x^747 + x^744 + x^743 + x^741 + x^740 + x^738 

+ x^736 + x^735 + x^731 + x^729 + x^727 + x^726 + x^725 

+ x^723 + x^719 + x^718 + x^716 + x^714 + x^713 + x^709 

+ x^708 + x^705 + x^704 + x^703 + x^702 + x^698 + x^696 

+ x^695 + x^693 + x^692 + x^690 + x^688 + x^686 + x^684 

+ x^683 + x^680 + x^679 + x^678 + x^675 + x^673 + x^672 

+ x^670 + x^666 + x^665 + x^664 + x^663 + x^660 + x^659 

+ x^658 + x^656 + x^655 + x^654 + x^652 + x^650 + x^649 

+ x^648 + x^647 + x^645 + x^644 + x^642 + x^639 + x^638 

+ x^634 + x^633 + x^632 + x^631 + x^629 + x^628 + x^622 

+ x^620 + x^617 + x^616 + x^615 + x^614 + x^610 + x^609 

+ x^606 + x^604 + x^602 + x^597 + x^595 + x^592 + x^588 

+ x^587 + x^586 + x^585 + x^583 + x^582 + x^581 + x^577 

+ x^575 + x^574 + x^572 + x^571 + x^570 + x^567 + x^566 

+ x^565 + x^563 + x^562 + x^561 + x^560 + x^558 + x^557 

+ x^556 + x^553 + x^552 + x^551 + x^550 + x^545 + x^544 

+ x^543 + x^541 + x^538 + x^536 + x^533 + x^532 + x^531 

+ x^529 + x^525 + x^524 + x^523 + x^522 + x^518 + x^515 

+ x^514 + x^512 + x^510 + x^509 + x^507 + x^506 + x^504 

+ x^500 + x^497 + x^496 + x^493 + x^492 + x^491 + x^490 

+ x^489 + x^488 + x^487 + x^484 + x^481 + x^477 + x^475 

+ x^474 + x^471 + x^470 + x^469 + x^468 + x^467 + x^466 

+ x^464 + x^461 + x^460 + x^459 + x^458 + x^456 + x^455 

+ x^454 + x^452 + x^451 + x^449 + x^448 + x^446 + x^445 

+ x^443 + x^438 + x^437 + x^433 + x^431 + x^428 + x^426 

+ x^423 + x^420 + x^417 + x^416 + x^415 + x^414 + x^413 

+ x^412 + x^411 + x^408 + x^406 + x^404 + x^402 + x^400 

+ x^399 + x^398 + x^396 + x^395 + x^394 + x^393 + x^391 

+ x^388 + x^387 + x^386 + x^385 + x^384 + x^383 + x^379 

+ x^378 + x^376 + x^372 + x^371 + x^364 + x^363 + x^362 

+ x^361 + x^358 + x^357 + x^356 + x^355 + x^354 + x^353 

+ x^350 + x^347 + x^345 + x^343 + x^342 + x^340 + x^339 

+ x^337 + x^336 + x^335 + x^332 + x^331 + x^327 + x^324 

+ x^316 + x^314 + x^312 + x^311 + x^308 + x^303 + x^302 

+ x^301 + x^300 + x^297 + x^296 + x^295 + x^294 + x^292 

+ x^288 + x^285 + x^284 + x^283 + x^280 + x^279 + x^278 

2

+ x^277 + x^276 + x^275 + x^272 + x^269 + x^268 + x^260 

+ x^259 + x^258 + x^257 + x^254 + x^252 + x^250 + x^248 

+ x^244 + x^243 + x^242 + x^239 + x^238 + x^237 + x^236 

+ x^235 + x^232 + x^231 + x^229 + x^228 + x^226 + x^225 

+ x^222 + x^221 + x^218 + x^216 + x^211 + x^210 + x^209 

+ x^208 + x^206 + x^204 + x^202 + x^200 + x^197 + x^196 

+ x^193 + x^192 + x^188 + x^182 + x^180 + x^179 + x^178 

+ x^177 + x^175 + x^174 + x^173 + x^171 + x^170 + x^167 

+ x^163 + x^159 + x^158 + x^157 + x^155 + x^153 + x^152 

+ x^150 + x^149 + x^148 + x^146 + x^145 + x^143 + x^142 

+ x^141 + x^140 + x^139 + x^137 + x^136 + x^135 + x^131 

+ x^129 + x^128 + x^127 + x^125 + x^124 + x^123 + x^121 

+ x^120 + x^119 + x^118 + x^116 + x^114 + x^113 + x^110 

+ x^105 + x^104 + x^103 + x^102 + x^100 + x^99 + x^97 

+ x^94 + x^90 + x^83 + x^81 + x^79 + x^78 + x^75 + x^72 

+ x^71 + x^69 + x^68 + x^64 + x^61 + x^58 + x^56 + x^55 

+ x^54 + x^50 + x^48 + x^45 + x^44 + x^43 + x^42 + x^40 

+ x^39 + x^37 + x^36 + x^35 + x^34 + x^32 + x^31 + x^30 

+ x^24 + x^23 + x^22 + x^21 + x^20 + x^18 + x^17 + x^16 

+ x^14 + x^13 + x^11 + x^9 + x^8 + x^2 + 1; 

The problem with Maple’s Randpoly and Randprime functions is that they 

use a random number generator seed that cannot be manually set. Thus, 

the sequence of generated “random” polynomials is always the same from 

one Maple session to another. To demonstrate this, proceed as follows: 

(NB: These results were obtained with Maple 9. I make no claims concerning 

other versions of Maple.) 

(a) Start a Maple session. 

(b) Run y := Randpoly(1000, x) mod 2; and save the output with 

save y, tmp1;. 

(c) Exit Maple and start another Maple session. 

(d) Set the global random number generator seed to a number based on 

the system clock with randomize();. 

(e) Run y := Randpoly(1000, x) mod 2; and save the output with 

save y, tmp2;. 

(f) Exit Maple. 

(g) Compare the two files tmp1 and tmp2. On a Unix-like system this is 

best done with diff tmp1 tmp2. This reveals that the two “random” 

polynomials are, in fact, identical. 

Unfortunately, Randprime and Randpoly do not use the global random 

number generator seed, which can be set with randomize. There is no 

function such as Randomize (capitalised) that would allow the user to set 

the random number generator seed used by Randpoly and Randprime. In 

3

all functions I wrote for this assignment, I used the randomize function 

to set the seed used by functions such as rand to a number that is based 

on the system clock. Although my random numbers are still deterministically 

computed, they are, in a sense, more random and more difficult to 

randomly reproduce. 

But there is worst, the random generator Randpoly is not very good and 

loops around quite quickly. You could not, in fact generate the entire field. 

2. To build the field F 2 1000 using P , one must use Maple’s GF function: 

F21000 := GF(2, 1000, P); 

This generated the following output: 

F21000 := module () export +, -, *, /, ^, input, output, 

inverse, extension, variable, factors, norm, trace, order, 

random, size, isPrimitiveElement, PrimitiveElement, 

ConvertIn, ConvertOut, zero, one, init; end module 

3. myFindPrim := proc(Field) 

local factors, m, f, g, i; 

randomize(); 

factors := [31, 601, 4710883168879506001, 269089806001, 

1801, 3, 11, 251, 229668251, 5519485418336288303251, 

4051, 5, 94291866932171243501, 268501, 28001, 96001, 

41, 101, 47970133603445383501, 3775501, 7001, 8101, 17, 

61681, 401, 3173389601, 2787601, 340801, 8877945148742\ 

945001146041439025147034098690503591013177336356694416\ 

517527310181938001, 4001, 1074001, 2020001, 22624001, 

1481124532001]; 

m := [seq((2^1000 - 1)/factors[i], i = 1..34)]; 

f := 0; 

while f = 0 do 

f := 1; 

g := Field[input](rand(0..2^1000-1)()); 

for i from 1 to 34 do 

if Field[‘^‘](g, m[i]) = Field[one] then 

f := 0; 

break; 

end if 

end do; 

end do; 

return(g); 

end proc; 

This generated the following primitive element g: 

4

g := x^997 + x^996 + x^994 + x^991 + x^990 + x^988 + x^985 

+ x^976 + x^974 + x^973 + x^971 + x^968 + x^966 + x^965 

+ x^963 + x^962 + x^960 + x^959 + x^958 + x^957 + x^954 

+ x^953 + x^952 + x^951 + x^949 + x^948 + x^947 + x^944 

+ x^943 + x^940 + x^939 + x^936 + x^932 + x^931 + x^929 

+ x^927 + x^926 + x^925 + x^923 + x^920 + x^919 + x^917 

+ x^915 + x^914 + x^913 + x^911 + x^908 + x^907 + x^904 

+ x^902 + x^901 + x^899 + x^898 + x^896 + x^894 + x^893 

+ x^891 + x^890 + x^887 + x^883 + x^879 + x^878 + x^876 

+ x^875 + x^873 + x^870 + x^869 + x^865 + x^862 + x^861 

+ x^860 + x^857 + x^854 + x^853 + x^849 + x^847 + x^846 

+ x^844 + x^840 + x^837 + x^834 + x^833 + x^830 + x^829 

+ x^828 + x^826 + x^824 + x^823 + x^821 + x^820 + x^819 

+ x^818 + x^817 + x^815 + x^814 + x^813 + x^810 + x^809 

+ x^808 + x^807 + x^806 + x^804 + x^803 + x^802 + x^801 

+ x^799 + x^798 + x^797 + x^796 + x^795 + x^794 + x^792 

+ x^790 + x^787 + x^785 + x^784 + x^783 + x^782 + x^781 

+ x^780 + x^779 + x^778 + x^777 + x^775 + x^774 + x^772 

+ x^771 + x^770 + x^767 + x^764 + x^761 + x^755 + x^753 

+ x^752 + x^751 + x^750 + x^748 + x^747 + x^746 + x^745 

+ x^744 + x^742 + x^741 + x^740 + x^736 + x^733 + x^732 

+ x^731 + x^729 + x^728 + x^726 + x^725 + x^723 + x^720 

+ x^719 + x^717 + x^716 + x^715 + x^712 + x^710 + x^709 

+ x^706 + x^704 + x^701 + x^700 + x^698 + x^695 + x^694 

+ x^689 + x^688 + x^682 + x^679 + x^672 + x^670 + x^668 

+ x^667 + x^660 + x^659 + x^658 + x^657 + x^656 + x^653 

+ x^650 + x^649 + x^648 + x^647 + x^646 + x^645 + x^642 

+ x^639 + x^636 + x^634 + x^633 + x^632 + x^630 + x^629 

+ x^627 + x^623 + x^622 + x^617 + x^612 + x^608 + x^606 

+ x^601 + x^600 + x^599 + x^598 + x^594 + x^593 + x^591 

+ x^590 + x^587 + x^586 + x^585 + x^584 + x^583 + x^581 

+ x^580 + x^579 + x^578 + x^577 + x^576 + x^575 + x^570 

+ x^569 + x^568 + x^566 + x^565 + x^564 + x^563 + x^561 

+ x^559 + x^557 + x^554 + x^553 + x^552 + x^550 + x^548 

+ x^547 + x^544 + x^543 + x^541 + x^540 + x^539 + x^537 

+ x^535 + x^534 + x^532 + x^529 + x^528 + x^527 + x^526 

+ x^521 + x^518 + x^517 + x^516 + x^514 + x^511 + x^510 

+ x^508 + x^507 + x^506 + x^505 + x^504 + x^503 + x^502 

+ x^501 + x^500 + x^498 + x^494 + x^493 + x^490 + x^489 

+ x^488 + x^486 + x^484 + x^483 + x^482 + x^480 + x^478 

+ x^474 + x^473 + x^469 + x^468 + x^466 + x^461 + x^459 

+ x^456 + x^454 + x^450 + x^448 + x^447 + x^446 + x^444 

+ x^443 + x^439 + x^435 + x^434 + x^433 + x^431 + x^430 

+ x^426 + x^425 + x^424 + x^422 + x^418 + x^417 + x^413 

+ x^410 + x^409 + x^404 + x^403 + x^402 + x^400 + x^397 

+ x^395 + x^394 + x^393 + x^391 + x^390 + x^389 + x^384 

5

+ x^383 + x^382 + x^381 + x^379 + x^378 + x^377 + x^376 

+ x^375 + x^373 + x^372 + x^369 + x^368 + x^365 + x^363 

+ x^359 + x^356 + x^354 + x^351 + x^350 + x^347 + x^346 

+ x^345 + x^343 + x^338 + x^335 + x^332 + x^330 + x^328 

+ x^327 + x^326 + x^324 + x^322 + x^320 + x^319 + x^316 

+ x^315 + x^313 + x^312 + x^311 + x^310 + x^308 + x^306 

+ x^305 + x^302 + x^300 + x^299 + x^298 + x^297 + x^296 

+ x^291 + x^287 + x^286 + x^284 + x^283 + x^279 + x^275 

+ x^274 + x^273 + x^272 + x^271 + x^270 + x^266 + x^265 

+ x^264 + x^263 + x^260 + x^258 + x^254 + x^253 + x^252 

+ x^251 + x^250 + x^246 + x^243 + x^239 + x^235 + x^234 

+ x^231 + x^229 + x^227 + x^225 + x^223 + x^222 + x^217 

+ x^213 + x^212 + x^208 + x^207 + x^205 + x^200 + x^199 

+ x^198 + x^197 + x^194 + x^193 + x^192 + x^190 + x^189 

+ x^186 + x^185 + x^184 + x^178 + x^177 + x^176 + x^174 

+ x^173 + x^172 + x^170 + x^166 + x^165 + x^163 + x^162 

+ x^160 + x^159 + x^158 + x^156 + x^154 + x^153 + x^150 

+ x^147 + x^143 + x^142 + x^140 + x^138 + x^137 + x^136 

+ x^135 + x^134 + x^132 + x^131 + x^129 + x^127 + x^125 

+ x^118 + x^110 + x^109 + x^106 + x^104 + x^103 + x^102 

+ x^100 + x^97 + x^96 + x^93 + x^91 + x^89 + x^82 + x^79 

+ x^78 + x^77 + x^76 + x^75 + x^72 + x^70 + x^68 + x^66 

+ x^65 + x^63 + x^62 + x^61 + x^60 + x^56 + x^54 + x^53 

+ x^52 + x^51 + x^50 + x^43 + x^42 + x^34 + x^33 + x^28 

+ x^27 + x^24 + x^21 + x^20 + x^19 + x^14 + x^13 + x^12 

+ x^10 + x^9 + x^7 + x^4 + x^3 + x; 

4. To generate two random elements i, j from F 2 1000, use the primitive element 

g from above: 

randomize(); 

x := rand(0..2^1000)(); 

y := x; 

while y = x do 

y := rand(0..2^1000)(); 

end do; 

if x=2^1000 then 

i=0; 

else 

i := F21000[‘^‘](g, x); 

endif 

if y=2^1000 then 

j=0; 

else 

j := F21000[‘^‘](g, y); 

endif 

6

We know that the distinct powers of a primitive element enumerate all the 

distinct elements in our field. In particular, as long as our x, y are distinct 

and randomly selected, the generated i, j will be distinct and randomly 

selected. We only need take care of the zero polynomial exception. 

The above code generated the following i, j pair: 

i := x^998 + x^995 + x^993 + x^990 + x^988 + x^986 + x^985 

+ x^983 + x^982 + x^979 + x^976 + x^970 + x^964 + x^962 

+ x^960 + x^959 + x^957 + x^953 + x^950 + x^948 + x^944 

+ x^943 + x^942 + x^941 + x^940 + x^938 + x^936 + x^933 

+ x^931 + x^930 + x^926 + x^924 + x^923 + x^922 + x^921 

+ x^919 + x^918 + x^915 + x^914 + x^908 + x^907 + x^906 

+ x^904 + x^902 + x^900 + x^898 + x^897 + x^894 + x^893 

+ x^889 + x^888 + x^886 + x^877 + x^873 + x^872 + x^871 

+ x^870 + x^869 + x^867 + x^865 + x^863 + x^861 + x^859 

+ x^854 + x^851 + x^849 + x^848 + x^847 + x^846 + x^843 

+ x^842 + x^841 + x^840 + x^839 + x^832 + x^830 + x^827 

+ x^826 + x^825 + x^824 + x^823 + x^822 + x^820 + x^819 

+ x^816 + x^815 + x^814 + x^813 + x^812 + x^811 + x^810 

+ x^809 + x^808 + x^807 + x^806 + x^805 + x^800 + x^798 

+ x^796 + x^795 + x^791 + x^787 + x^785 + x^784 + x^783 

+ x^782 + x^781 + x^780 + x^776 + x^774 + x^772 + x^770 

+ x^769 + x^768 + x^767 + x^766 + x^765 + x^763 + x^760 

+ x^759 + x^758 + x^755 + x^754 + x^752 + x^750 + x^749 

+ x^748 + x^747 + x^746 + x^745 + x^744 + x^743 + x^742 

+ x^741 + x^740 + x^737 + x^734 + x^733 + x^732 + x^730 

+ x^728 + x^726 + x^723 + x^719 + x^718 + x^715 + x^713 

+ x^712 + x^710 + x^705 + x^702 + x^701 + x^695 + x^693 

+ x^691 + x^690 + x^689 + x^686 + x^685 + x^682 + x^680 

+ x^679 + x^677 + x^675 + x^674 + x^672 + x^671 + x^668 

+ x^665 + x^664 + x^662 + x^659 + x^658 + x^656 + x^653 

+ x^645 + x^644 + x^643 + x^641 + x^638 + x^635 + x^634 

+ x^632 + x^631 + x^629 + x^627 + x^625 + x^624 + x^623 

+ x^622 + x^621 + x^619 + x^618 + x^617 + x^616 + x^613 

+ x^608 + x^607 + x^605 + x^604 + x^603 + x^599 + x^597 

+ x^595 + x^594 + x^592 + x^591 + x^590 + x^584 + x^581 

+ x^580 + x^578 + x^576 + x^574 + x^568 + x^567 + x^566 

+ x^564 + x^563 + x^559 + x^558 + x^557 + x^555 + x^553 

+ x^551 + x^550 + x^549 + x^546 + x^545 + x^543 + x^539 

+ x^538 + x^536 + x^533 + x^528 + x^527 + x^524 + x^521 

+ x^518 + x^517 + x^514 + x^512 + x^511 + x^507 + x^506 

+ x^503 + x^499 + x^498 + x^497 + x^495 + x^494 + x^492 

+ x^489 + x^487 + x^485 + x^484 + x^483 + x^482 + x^481 

+ x^480 + x^477 + x^475 + x^474 + x^473 + x^472 + x^471 

+ x^469 + x^468 + x^465 + x^463 + x^462 + x^461 + x^460 

+ x^459 + x^455 + x^454 + x^453 + x^450 + x^449 + x^447 

7

+ x^445 + x^443 + x^442 + x^440 + x^439 + x^437 + x^436 

+ x^435 + x^429 + x^427 + x^426 + x^423 + x^419 + x^418 

+ x^416 + x^412 + x^410 + x^409 + x^408 + x^405 + x^400 

+ x^398 + x^395 + x^394 + x^392 + x^390 + x^388 + x^387 

+ x^385 + x^384 + x^383 + x^382 + x^380 + x^374 + x^373 

+ x^371 + x^368 + x^367 + x^365 + x^363 + x^359 + x^358 

+ x^357 + x^356 + x^353 + x^348 + x^346 + x^345 + x^341 

+ x^338 + x^337 + x^336 + x^334 + x^331 + x^329 + x^324 

+ x^321 + x^319 + x^317 + x^313 + x^312 + x^310 + x^309 

+ x^307 + x^305 + x^303 + x^302 + x^301 + x^298 + x^297 

+ x^296 + x^291 + x^289 + x^282 + x^281 + x^279 + x^278 

+ x^276 + x^273 + x^270 + x^269 + x^267 + x^266 + x^265 

+ x^264 + x^261 + x^258 + x^256 + x^254 + x^252 + x^250 

+ x^249 + x^248 + x^246 + x^243 + x^242 + x^241 + x^240 

+ x^238 + x^230 + x^228 + x^225 + x^224 + x^222 + x^221 

+ x^220 + x^219 + x^218 + x^217 + x^215 + x^213 + x^211 

+ x^207 + x^203 + x^200 + x^196 + x^195 + x^194 + x^192 

+ x^189 + x^186 + x^185 + x^181 + x^180 + x^179 + x^175 

+ x^173 + x^168 + x^167 + x^166 + x^164 + x^163 + x^162 

+ x^161 + x^158 + x^156 + x^155 + x^153 + x^152 + x^149 

+ x^148 + x^146 + x^145 + x^144 + x^143 + x^142 + x^141 

+ x^139 + x^137 + x^135 + x^131 + x^129 + x^128 + x^127 

+ x^126 + x^122 + x^121 + x^115 + x^113 + x^112 + x^111 

+ x^110 + x^109 + x^107 + x^106 + x^104 + x^103 + x^99 

+ x^98 + x^97 + x^96 + x^95 + x^91 + x^89 + x^88 + x^87 

+ x^86 + x^83 + x^81 + x^77 + x^76 + x^74 + x^69 + x^66 

+ x^64 + x^63 + x^61 + x^58 + x^56 + x^55 + x^54 + x^52 

+ x^51 + x^50 + x^47 + x^46 + x^44 + x^42 + x^40 + x^38 

+ x^33 + x^30 + x^29 + x^27 + x^26 + x^25 + x^24 + x^22 

+ x^11 + x^10 + x^8 + x^7 + x^6 + x^5 + x^4 + x^3 + x^2; 

j := x^996 + x^995 + x^991 + x^988 + x^987 + x^985 + x^984 

+ x^983 + x^978 + x^975 + x^971 + x^966 + x^965 + x^964 

+ x^963 + x^962 + x^960 + x^959 + x^958 + x^954 + x^953 

+ x^952 + x^951 + x^949 + x^948 + x^946 + x^945 + x^944 

+ x^943 + x^937 + x^936 + x^934 + x^931 + x^930 + x^926 

+ x^923 + x^922 + x^919 + x^917 + x^915 + x^913 + x^912 

+ x^910 + x^909 + x^906 + x^904 + x^903 + x^902 + x^901 

+ x^896 + x^895 + x^893 + x^889 + x^888 + x^885 + x^884 

+ x^883 + x^882 + x^878 + x^876 + x^872 + x^871 + x^869 

+ x^867 + x^865 + x^864 + x^862 + x^861 + x^860 + x^857 

+ x^856 + x^855 + x^851 + x^846 + x^845 + x^843 + x^842 

+ x^840 + x^838 + x^837 + x^834 + x^832 + x^831 + x^830 

+ x^829 + x^827 + x^825 + x^824 + x^822 + x^818 + x^817 

+ x^815 + x^814 + x^813 + x^808 + x^805 + x^804 + x^801 

+ x^799 + x^798 + x^797 + x^794 + x^793 + x^792 + x^791 

8

+ x^790 + x^788 + x^784 + x^783 + x^782 + x^781 + x^780 

+ x^779 + x^775 + x^773 + x^770 + x^768 + x^766 + x^765 

+ x^763 + x^761 + x^760 + x^759 + x^753 + x^751 + x^740 

+ x^738 + x^737 + x^736 + x^735 + x^733 + x^729 + x^727 

+ x^726 + x^722 + x^720 + x^717 + x^716 + x^715 + x^714 

+ x^709 + x^706 + x^705 + x^704 + x^699 + x^698 + x^694 

+ x^688 + x^686 + x^685 + x^684 + x^681 + x^680 + x^677 

+ x^676 + x^672 + x^670 + x^669 + x^667 + x^666 + x^665 

+ x^664 + x^663 + x^661 + x^660 + x^656 + x^655 + x^654 

+ x^653 + x^652 + x^651 + x^648 + x^647 + x^644 + x^639 

+ x^638 + x^637 + x^636 + x^635 + x^632 + x^629 + x^628 

+ x^626 + x^623 + x^622 + x^620 + x^619 + x^616 + x^615 

+ x^610 + x^606 + x^605 + x^604 + x^599 + x^598 + x^596 

+ x^595 + x^594 + x^593 + x^592 + x^586 + x^583 + x^582 

+ x^581 + x^577 + x^576 + x^575 + x^574 + x^572 + x^570 

+ x^568 + x^565 + x^564 + x^563 + x^562 + x^556 + x^555 

+ x^552 + x^551 + x^549 + x^546 + x^545 + x^542 + x^539 

+ x^537 + x^519 + x^518 + x^517 + x^516 + x^513 + x^509 

+ x^508 + x^506 + x^505 + x^504 + x^503 + x^501 + x^500 

+ x^496 + x^494 + x^492 + x^491 + x^490 + x^488 + x^487 

+ x^484 + x^483 + x^482 + x^480 + x^479 + x^478 + x^477 

+ x^476 + x^475 + x^474 + x^473 + x^472 + x^470 + x^468 

+ x^466 + x^465 + x^463 + x^461 + x^459 + x^458 + x^455 

+ x^452 + x^448 + x^447 + x^446 + x^445 + x^444 + x^439 

+ x^436 + x^435 + x^430 + x^428 + x^426 + x^425 + x^424 

+ x^422 + x^420 + x^418 + x^417 + x^413 + x^412 + x^411 

+ x^410 + x^408 + x^407 + x^406 + x^404 + x^403 + x^401 

+ x^399 + x^397 + x^394 + x^393 + x^391 + x^384 + x^380 

+ x^378 + x^374 + x^373 + x^372 + x^369 + x^366 + x^364 

+ x^363 + x^360 + x^359 + x^357 + x^356 + x^355 + x^354 

+ x^351 + x^349 + x^348 + x^347 + x^346 + x^345 + x^344 

+ x^343 + x^342 + x^338 + x^335 + x^333 + x^330 + x^329 

+ x^328 + x^326 + x^324 + x^323 + x^319 + x^314 + x^311 

+ x^310 + x^307 + x^306 + x^301 + x^300 + x^296 + x^295 

+ x^294 + x^292 + x^285 + x^284 + x^281 + x^280 + x^279 

+ x^277 + x^275 + x^270 + x^268 + x^266 + x^265 + x^263 

+ x^262 + x^261 + x^258 + x^257 + x^256 + x^255 + x^253 

+ x^250 + x^249 + x^247 + x^246 + x^245 + x^244 + x^240 

+ x^235 + x^234 + x^232 + x^231 + x^229 + x^228 + x^227 

+ x^226 + x^225 + x^223 + x^222 + x^217 + x^216 + x^214 

+ x^212 + x^210 + x^207 + x^206 + x^203 + x^202 + x^201 

+ x^198 + x^197 + x^195 + x^194 + x^186 + x^184 + x^183 

+ x^182 + x^177 + x^173 + x^172 + x^171 + x^168 + x^165 

+ x^164 + x^162 + x^161 + x^157 + x^156 + x^154 + x^153 

+ x^149 + x^148 + x^145 + x^143 + x^142 + x^141 + x^140 

+ x^139 + x^138 + x^137 + x^136 + x^134 + x^133 + x^130 

9

+ x^127 + x^124 + x^122 + x^121 + x^119 + x^117 + x^114 

+ x^113 + x^109 + x^108 + x^106 + x^105 + x^104 + x^103 

+ x^101 + x^94 + x^92 + x^89 + x^86 + x^83 + x^77 + x^75 

+ x^72 + x^71 + x^70 + x^69 + x^67 + x^65 + x^62 + x^60 

+ x^59 + x^58 + x^56 + x^53 + x^51 + x^48 + x^46 + x^44 

+ x^43 + x^42 + x^41 + x^40 + x^39 + x^37 + x^36 + x^35 

+ x^34 + x^32 + x^30 + x^27 + x^25 + x^24 + x^20 + x^17 

+ x^16 + x^11 + x^10 + x^9 + x^7 + x^6 + x^4 + x^3 + x; 

5. The x, y pair used above, such that g x = i and g y = j, was as follows: 

x := 9996624267323432385860154688013965289244775912541095846\ 

535852465958036219324187129020612749492978345054637631822\ 

068685180242273194079032073433587702733320902621411219030\ 

197361870983920382212856316640364750228006953961590545028\ 

536588900708607519411648639259588779023984224837585211337\ 

596610575030089733; 

y := 4421400686325875904669189606687247157171896340333697491\ 

038345589908751327223429043940799468738274631257310849856\ 

475555535414243218803857633670804928823838373666740772907\ 

628430736972473471959749800914977273140890859864815145939\ 

651743208870161801887951726958872861225054888743539321784\ 

292172995856175649; 

6. Here is a randomly generated 1000-bit message string m: 

m := "011101101101010010000100110001000001000011011101100000\ 

011100111100010110111001110101001011001101001101001100111\ 

001010010110000010011111110101001110111000000111001110010\ 

110110001100101101101110100111010100001000111001010010110\ 

011010100010111101010110000101011000111011011100101011000\ 

001000110001100010011001111100000101100111111110000001010\ 

101011110001000001010111111001011100011001000010100011110\ 

111100011100001001100010100111010011000100111111011010000\ 

110001111010100011000101110101001011101111000001110011011\ 

010011101110101101010011010111100111110101000001000010001\ 

011001100110100000011001100100100001000100101001000111100\ 

011010011101011000111010110110011110111011101010101111111\ 

010001011001111010001101010111100010010101010010001010001\ 

011011111100010010010110101110101100110011010111000011000\ 

001001110010111110111001010111011001011111000001000000011\ 

001000000100001000001011011011010111111011000001100010000\ 

001110010101100001101110001010001000010100101100110100001\ 

1011011001101001011001010000001110"; 

10

The following Maple function computes the tag of this message from i and 

j : 

tag := proc(Field, m, i, j) 

local msg, fulltag, len; 

msg := Field[input](convert(m, decimal, binary)); 

fulltag := convert(convert(Field[output](Field[‘+‘]( \ 

Field[‘*‘](msg, i), j)), binary), string); 

len := length(fulltag); 

return(substring(fulltag, len-49..len)); 

end proc; 

This generated the following tag t: 

t := "01110011001001111001011000000110100110100100101000"; 

7. Here is the function pqsrt: 

pqsqrt := proc(x, p, q) 

local r0, r1; 

if not (isprime(p) and isprime(q)) then 

return(’FAIL’); 

end if; 

r0 := msqrt(x,p); 

r1 := msqrt(x,q); 

if r0 = ’FAIL’ or r1 = ’FAIL’ then 

return(’FAIL’); 

end if; 

if p = q then 

return msqrt(x, p^2); 

end if; 

return(chrem([r0, r1], [p, q])); 

end proc; 

8. The square root modulo n problem, where n is composite, is a computationally 

difficult problem, equivalent to factoring n. Thus, we will not 

spend much effort on attempting to solve it in general. However, we have 

efficient algorithms for solving the square root modulo p problem, where p 

is prime. With these algorithms and the Chinese remainder theorem, we 

are able to solve the square root modulo n problem, where n is a composite 

integer whose prime factorisation n = pq is known. 

Maple’s msqrt function is efficient if the given modulus is prime (or in 

certain other special cases, such as if the given modulus is a square of a 

prime). However, given a nonprime modulus n (even if we, the user, know 

its factorisation), msqrt is unable to efficiently search for the requested 

11

square root. In other words, we would like to be able to let msqrt know 

n’s factorisation n = pq, as this would allow for an efficient search for 

a square root modulo n, using the techniques seen in class. However, 

since msqrt does not allow us to do this, we must write our own function, 

pqsqrt, which works exactly like msqrt, except that instead of providing 

the function with n, we provide it with n’s prime factorisation n = pq. 

9. To pick my two primes p, q starting by 1 followed by 669955887 and ending 

by 01 or 03 of a 100 bits : 

genpq := proc() 

local p, q; 

randomize(); 

p := 0; 

q := 0; 

while not isprime(p) do 

p := 1669955887*10^90 + rand(0..10^88-1)()*10^2 + 1; 

end do; 

while not isprime(q) do 

q := 1669955887*10^90 + rand(0..10^88-1)()*10^2 + 3; 

end do; 

return(p, q); 

end proc; 

This generated the following p, q pair: 

p := 1669955887263026818036412887272431375849039042767749903\ 

121235706543134605608754758160586255799694301; 

q := 1669955887003361797744279814925958377127037938538442466\ 

825381252778399643783166093655256052781392403; 

Computing n = pq yielded the following: 

n := 1587706207511861907832769125027465150069895085728428488\ 

006051557553392116910484620485578137364900762730201415942\ 

132714983409510118890246103424460950790756546532252049282\ 

409606090137788255468523795303; 

10. To pick my two random quadratic non-residues y and z,here is the following 

Maple function: 

genyz := proc(n, p, q) 

local a, b, y, z; 

randomize(); 

with(numtheory); 

12

a:= 0; 

b:= 0; 

while not (a = -1 and b = -1) do 

y := rand(0..n-1)(); 

a := legendre(y, p); 

b := legendre(y, q); 

end do; 

a:= 0; 

while not a = -1 do 

z := rand(0..n-1)(); 

a := jacobi(z, n); 

end do; 

return(y, z); 

end proc; 

Note that for y to be a quadratic non-residue modulo n with ( y 

( ) ( ) 

( ) ( ) 

n) 

= 

y y 

p q 

= 1, it must be that y 

p 

= y 

q 

= −1. In the other case, 

( ) ( ) 

that is, y 

p 

= y 

q 

= 1, y would be a quadratic residue of p and q and 

thus also a quadratic residue of n = pq. For z to be a quadratic nonresidue 

with ( ) ( ) ( ) 

( ) 

z 

n = 

z z 

z 

p q 

= −1, it suffices for either one of 

p 

or 

( ) 

to be −1 and the other to be 1. 

z 

q 

The function genyz above generated the following y, z pair: 

y := 6828165478458244954425568987722711192848710385068586873\ 

330343001674797770669151644585296390744236530600427067756\ 

952382372899261059101233106007893074799506465937101422538\ 

49857344436225026648108167416; 

z := 1014476806922749766097153401339980498916763089303181078\ 

452710842372157533385631901422484639407020488955331847032\ 

043425503277388589120679223801190500624962252051388446769\ 

558427952249759946315212830912; 

11. The following function classifies the integers in the given range and exhibit 

square roots modulo n of either x, yx, zx or zyx. 

resCat := proc(p, q, y, z) 

local cx, cyx, czx, czyx, x, s; 

cx := 0; 

cyx := 0; 

czx := 0; 

czyx := 0; 

for x from 5471234567890 to 5471234567989 do 

13

if not pqsqrt(x, p, q) = ’FAIL’ then 

s := pqsqrt(x, p, q); 

cx := cx + 1; 

printf("%d%s%d%s", x, " is in QR_n (root of x: ",\ 

s, ")\n\n"); 

elif not pqsqrt(y*x, p, q) = ’FAIL’ then 

s := pqsqrt(y*x, p, q); 

cyx := cyx + 1; 

printf("%d%s%d%s", x, " is not in QR_n (root of \ 

yx: ", s, ")\n\n"); 

elif not pqsqrt(z*x, p, q) = ’FAIL’ then 

s := pqsqrt(z*x, p, q); 

czx := czx + 1; 


zx: ", s, ")\n\n"); 

elif not pqsqrt(z*y*x, p, q) = ’FAIL’ then 

s := pqsqrt(z*y*x, p, q); 

czyx := czyx + 1; 


zyx: ", s, ")\n\n"); 

end if; 

end do; 

return(cx, cyx, czx, czyx); 

end proc; 

This generated the following output: 

5471234567890 is not in QR_n (root of zyx: 13705545460247289\ 

385083062216614968438591792875825598148556471487933775598975\ 

208946117455903638843760177127586959484871315643403479941704\ 

843055989868092690941284507754839297216918187353326155897289\ 

21) 

5471234567891 is not in QR_n (root of zx: 114614823566925985\ 

551643515222801620939415339830502482519536289797210146571280\ 

221966028283198847782656061957650810514691634551130723655740\ 

190889283119459024340464899241280645213504198822616182807224\ 

4) 


703118775564941631528157362744464496065099558544537315633433\ 

059571016323384817120797438855826535022742906605003383848290\ 

875178308792485186669115380551093195142943362548830949456443\ 

5) 

5471234567893 is in QR_n (root of x: 13526909176657070629036\ 

14

212846456839654054141615802434406566784475175321494077298375\ 

072006419644102124795342899633493608521923954879952205059919\ 

09163376811864584057901724967536730190271343570994492656) 


047609086046893610096106796767162612910926806299984873749649\ 

157950110108632427871929633547116996457643716683370694604040\ 

6962465950116622136866265287612518188820120021528869659) 


809598855199084968069434293717678779549540766110603326619008\ 

134785279557711743890528259746223269922284962831443897368715\ 

994907127928584864278569786385651264420175603074970408677711) 


456752327308777008089844831365860261806007203509078631219475\ 

629929626557413469293831013207660270919377392900513134397856\ 

962951751515209219508575106463687991308955739601297929993877\ 

3) 


584635506328086399133249879965015985966792896834218148965372\ 

110745399553051024280949582800786446866785867337102710418415\ 

5183869684767783661018037648893379393779698677583631185) 


749386245245254892234347105752408664547866055118945448551205\ 

783228754629198231850349123499245121889480261446132717594061\ 

553744952296602105240137687594780080597186336276120254315208) 


968010350241458670225781103584432121890306383608271856987013\ 

047362034765916749441831835822075394836598697869090416929828\ 

833080802663705069902435053239136830161193702616952767122101\ 

6) 

5471234567900 is not in QR_n (root of yx: 142340479729238119\ 

932784156406490042115609530687329714369638353406120260087712\ 

006204764244749951963874522109697032395595631803617848106505\ 

972867668406000099531339452154896747700992218431414119704000\ 

0) 


010426438741476286402090758005977790519094099425390752103252\ 

916361231029223139178906804634902530867898444536685689507472\ 

964105708980104888207976386494503419606066469989184057750055) 

15


634870414404654906165686484477765278896401706847966963336424\ 

588656184075031360814020111174201709949144194014210025981494\ 

588238006692397731275422537334719655185609232247999243857463\ 

3) 


570071757730229201166295301703010368754394141217165592716672\ 

860794721841449822662158000202280055834291343424037758846314\ 

110671385975795058177487086517211491307704706063815912684379) 


798243922107536664244187362705159039874868863009637660494349\ 

499618128886389083794022301950220440501941879963032007111452\ 

91836235378999061530390121525402477765688173415656929827) 


941267365244958002471480098969560854432612554231749501830315\ 

523433268941193287465968889727499697164994122938221484595880\ 

173697792731886145911870791851919357181468178305886445712495\ 

6) 


464912209695605215673571899385577680514915863869603807284816\ 

838356228945512415260651577257015308770247702977934524164379\ 

674831398371334905750686634975653121038570758510168511489512\ 

4) 


364888371506101592594633499534321787235309353800825230201538\ 

183825836361467915165160953041771566472917407825242685411365\ 

79012975968319111406694866706750683959293661817126765635558) 


106762932438533598930303148513358088754274124376890418934387\ 

919005295317542638817195807693509714136570109788409594772688\ 

515646104773775414898100570666392529147200469027778861542690\ 

7) 


445446344194372676971493124085086948713614022822384256624642\ 

738277026745913096032676611784069343541841577825870466489633\ 

063197889274125287855961977881770907709185521260627461759139) 


16

178199309183487616954849630681161502464085232572178417547282\ 

549322498082405557954865834441043957791165695975467762101546\ 

7408417313416803605955121065398817177071855497245393992) 


840917769541209087457447546741991890288455271001659479521759\ 

532096289320799644302253153722937605549425347958771756691089\ 

950164883056834068708076853966708381170670778656070582776137) 


138617832024689756399222584401697011704193523069119959355300\ 

595214658062473594120185295425227083136794417564894849101414\ 

47127614943748646239613203975929219446662086746597483283349) 


528739152438415268161364065048416414204542423204258532129362\ 

405516410231505939709897226346769247110527366113366115451931\ 

170363188930754574521938405261253873676081807853273719825145) 


405830651014994558069257155784461497261021411217178100974735\ 

093941350522288897967191444534345602173937159792698924783437\ 

4817989264286660791495815196066543929695296344012442004) 


237681413974310044927390619908716941116866483653524028058030\ 

375474453152994436040515814282677955028421777826852523559164\ 

983755006962407455661735441619650756874951915547414988019258) 


973613812381058774203042353212917146772696209140581874437187\ 

454637744305758079530350387940923184224780911694964586990198\ 

928153024493618000645081890591245484050799127072439317571253) 


729994137256749479100280483235496422889605812026878949965557\ 

236506646217509439721914111722004776826738694261390227154163\ 

743647497118758958910829401030660489671031717570842978390140\ 

2) 


699999078971002972751146131291745874582847415674669463570757\ 

731708325341911257986759202928317937718075880196408698380691\ 

765017578353500870710472958577205873419775250401929658018087) 


17

233691878922252066348509134604244471333546312317852220895508\ 

369427626913772850143760176143129931451424429293884759562490\ 

322601317396442135442907921311723452332263114970776692997399\ 

86) 


475555226176467004479669770506607128074264943715736115077162\ 

010446302281624600501359713324371970059657445871355106003774\ 

678727964187749344888565217585386682960440817674026518833688\ 

7) 


412636736474619870006210493607454026925709136635761964424525\ 

780560454922479800157513998513109146131267147121907977627943\ 

9668991248196886208816906104469457020877946309152705431) 


468796688894991268686404825263879572098525789607706678269048\ 

973733779536806399235445240579782920828038971648803553499375\ 

219885677685297660079194110297518594536232466939364065688775\ 

3) 


554037691119354300482091241579335424697456809789537706376662\ 

359381011261909204392563098928526888103454707911882594778920\ 

148121815199371458543851407561254753027368916918296277277248\ 

93) 


395185499250644611897322927992088655497461296287060382259962\ 

142124003695556370860099531962708007476760763195505959119974\ 

412892446112838905911059584014213022816726355456791667636250) 


694018979093115486392253387043463977624513784616574134137384\ 

703833837248541010757190319876296764149678236234058948990851\ 

5712510445465032540986337774653266411763044620727261102) 


303445331802249333659443911413486906619977794458803788310190\ 

303175737195055886454332971366135001838790395921222294497979\ 

67656151745559006271162802952823587058348067743185313643) 


333843401788714361595729951249979169454216657307030484588210\ 

419540224406633343710956552045187771900944602273222399321263\ 

18

389253605405939855060913257019569382985851949618610552765743) 


568091019091746720835660796932371665230986310276155529438383\ 

880532771695254615399398651378677983340589259418496954263595\ 

096128490110042461280509220051830319965029276293520091009633) 


748460597502287488889889805364067722479443471455998030499553\ 

148402846946069834085524443328580685416948548290787287598816\ 

07279637921952695115994458766792287648893040402863612633) 


857527606660903356751260704646876208859300924011334350017154\ 

130406705701446263764558835957741901143551758941607260202948\ 

268088877296293611771517973114797777025024325407506029194456) 


411286464795235951931214166642099785450597553287939601235290\ 

133260213998837331706548294622947237360232975286367476221921\ 

9673286808711472914133656876983941248408571059925693734) 


574680860246888870245952180960859652463627264992350400629142\ 

735991845837467765361513385863336647884012850692358136634292\ 

329258364414974689121659907807822816185358698483029763623072\ 

8) 


411669508296032100054408011354164084315309554648387190623061\ 

850391562678286948882357840252083624802721634805404252819442\ 

97663116531448042598341239325818399793043374538401395006) 


118429211893238272588270321557227335538218007473353883271196\ 

406674890000364557523433762502208167432017112953001862798243\ 

604063408172337779240626851851569811070727283206777476975339\ 

0) 


802525804982885990372882971613104284242242208181988239023522\ 

343734725910885821817345053226507229172681037610344462807077\ 

708929408034477497740906941987063785113099116233528322639990\ 

8) 


19

561857978871574450994255621219475283040175070738448443032696\ 

922347826900704881854987371429914498131786185423365931997315\ 

931426018093182160579080630407695664470774522049047255070929) 


919875105223364055928864409640824418920283666850313186305080\ 

251159547105628289641393841787394376076721189893723955526246\ 

146397669116063903525596855512340874513292682935957623859968\ 

4) 


135585733137526581297468655865852627417824469737349861291856\ 

325296058762323316290456265727807745554809437023466312856571\ 

3646142468346056767516916966652689530963648025713236525) 


918316464460824380572380122221027368014350825286544315920758\ 

011719417198403369620199314569375548544205100890953480306149\ 

4868170010638107576476766082861745150377077078246514802) 


392281974269135794323432863815715191979745058534628227288862\ 

169273470242451379657965177337826704553682629478397786876914\ 

149067461970812932208274585491785675903722340154565312667611\ 

54) 


014805031332970464457652728729538091328834936117057727108137\ 

003157812669217292865665736928687260645071304543233487395424\ 

01110413552951807960453528948523807630401547469065442128) 


243137727664297199302547354960745939497192483897998010085920\ 

865420178641425129305044456333635709879513699790291879603370\ 

864665394481419567526986888610756599016374594415579740214733) 


637906474031131934900814123552993931019651568497322417036893\ 

242589006250108793027467215823486078196991423958203601101156\ 

4272946694321215941204662649206748460983744841704400375) 


639100201058136637397149137967951687497819053652606958365901\ 

793540235966947667172567392254485020492588462902087436412464\ 

542396464581891118960551422319438890173957076119830888990623\ 

8) 

20


629168843714381450205482599012992640358448772963693596851899\ 

996610246171248068392699988057408416104159671055426912144904\ 

1558992092901496910873991646011154442186549065546540953) 


069345678444618580023604821395569552681604215386943465587170\ 

961840584225221874996780702611222540562641864692354443024324\ 

0253864336246785979637784432031217896547337690126842839) 


684062180718543822975346624493475763142431269429338523663141\ 

383541788300794335626172810999586100038474388383976758759912\ 

798164832114626763055687989403194835588816200901494586849671) 


835549963076815676033748839624585003463859546253549994432063\ 

867021775971596431106129937272321621073197601159128108579716\ 

563967313747602443978592813541871211926730058182947000244124) 


806019187313692654151091317117306318321669553466842451905942\ 

552316777848104813627502494889019291825085178327935329722314\ 

582084895481501371402616116308332726216695876613173503861937\ 

83) 


018763396135041426659957645364534839565375795615319909788615\ 

167940292136091419474881534761565790196071379694669793983507\ 

425771142730615562998609686119465726562365762875274343555567\ 

3) 


715424209110821956345727347837765759438558445411981124759104\ 

987814156115111822624945919896215813961601891684382905821188\ 

190211250806021887324976221642299324376627400133852527758477) 


719707391661237304832632478801577776150494406521852583601538\ 

701538927318643222182695477685297198452165626795018225696072\ 

4717326861601545927572098988867560174386406662152066170991572) 


476375132468434104896139792021536376076882600021091742607010\ 

412948767868031355659492466554550651426135097700902977390835\ 

21

068958583946094029037749829444668743976584180504461865278080\ 

0) 


363531718063953075629143925296464074318638737420794063986932\ 

276114281489808536647445692828428973135339675900646427978606\ 

029923919078257106342485809111243050819159341137663549448567) 


191325180843687731968689284696742570004046698845140122830516\ 

676465947149980750611844778070398778303745393729379221348581\ 

513228422957798481517480388179667678800825253017465988679315\ 

9) 


727255043407976886482346678406988724839585278157822751017151\ 

627992622113950063638488022694980654600608137490003795561834\ 

019025226111954389670553462678000719125366838328697640452921) 


413308547401438699296624467437258929813707495144116775731952\ 

792115512269517661949781887226112592785189927900827886598585\ 

457874766723489013322377669840242184573190925154120283531769) 


198323047572977460502487593171250274602523234292367075170363\ 

701891381558687325505993472006511371032170623965959644138083\ 

589831598603147951734831992050259576167221853882759311896717) 


665161506259702848002120441068143516438087472588466844494074\ 

036338060210425870096066899580665318187034287555886373929996\ 

494866439385712243624593121609452378770391835922520191340679\ 

3) 


739534247116228326129944024250758564085904174220757834572037\ 

523607225788963231638641596265422574291214518415322649137701\ 

689839870233748567156669923624840341173589683835044148533969) 


275455056796670953915221406735861302478405662109471930633738\ 

559783947673424158009765922577998794623625341860790516838418\ 

838258764908290976854413870070519069079452011416113051122560\ 

96) 

22


127886359075959279854993398099306559867794228170555175137619\ 

451797732005409509893461704580828603549549396862832017100505\ 

931923954533711158789556384630108353299157211622136290556763\ 

5) 


202959015885117789817972191460868866216931161717954572102351\ 

397541633641594600652474158411895148773894438066744071248849\ 

556858077190820645802782776654430702387871680813866740505862\ 

4) 


781539906518991055826661420636675267487272218462063573295805\ 

611176317050367685626264242511150992543564947624853412292161\ 

045240802564852074517473144290924182476853864412455647171434) 


793051362102454746398360222077844442260549601206438066864465\ 

279329615750260664038595985552454199069111738268669034815790\ 

291266020087840821114012026521501042549545958094472591757343) 


959012121404229209000091861886541273465115336972929657367438\ 

178665636761977217978255183740579296775898803506369908348993\ 

245470156143491580842602876162280304276102993915355740920659\ 

78) 


345754995476002419443784499269037706350858613404139065142731\ 

763891693729025259867245303379292040902000657526364000768267\ 

182255919982219922018296868411698369036734882283677088757520\ 

93) 


821784458549956594147573966789713437163719265262545163655149\ 

325329165748512213196177933307430179062570154642487889024527\ 

9712175703053381387320161400706721075990708354768677964) 


187705154020929948680245076870082197045457613155570813805013\ 

133534392234121983274110498644639778079190169084190052825669\ 

789494154162322941922775306780242001729829678131947022629028) 


354672256001562342970374193169939950373317907918477016362074\ 

23

867610908415254416831766577282279084646008699895257082242172\ 

948757661588040299072160443888243660954746439296997997910209\ 

2) 


956549957434744433876973198054865887641137010371644572269672\ 

745836607053372131550552612004845823465553187682822368466044\ 

947716132772867340175154069149253239964172418060278954069548) 


897847085659016045490649273788082429157325795427468836081538\ 

613845470507920039809552096161090176712501390342829053591625\ 

548645505061484505198836567597939769727175305569821949207005\ 

7) 


421940210911612850100620192499008735663992492416629944850476\ 

279717911747532247234102863448836207213242178169492622358020\ 

44083914794700721361533642326475251869184428783568498314) 


285339178450835013592400057564053622617178469038742590918062\ 

429298741510619347125104525023725909853200400602329408931224\ 

48793381580136663780265788193663634177388241839424113792) 


297729575803354102900137738266967964153587712536798941054539\ 

195139710839958113204336587543164893127031187304527691421905\ 

518518718976372841903688640254083974006275485389714323438581) 


024652563023712374478672009205281727043860907373728825957868\ 

076856945410034351265397706475532650654527980900003700914959\ 

938499271155159808927004416042295693796964634401260063471435\ 

03) 


837452859763270278074018310278146839895809140324895619886455\ 

323291812832131460325668771137144733681094380124809958877498\ 

2967223043571649935876941786441759051029747233299732099) 


133800569413085512053304021085029997470017322809136631794917\ 

898260428980069134905151947664696044949474183498660150942111\ 

20526676024351428534573114198457724607171885434642109602964) 

24


734017446611796949413843138542333463408018632234840655090084\ 

167793981800293941200545122680281860678163571266704138033767\ 

088824216998913375003555782633996440227608638240793329108829) 


729012317441675924168023406270819294566585079331392609257538\ 

755813553703964922942299005414865028981363205075026688193026\ 

4587240482964322354825415822357118582816959532225231739) 


020349592726385551440107170136882368987234729251336629564152\ 

459393208412429436189893118688899920184293431498632895220115\ 

3275109594740482430634599837326891880893610720187435305) 


155814137623053769901988801817198786810047094545511742129222\ 

704153274607896326742172603295736218524930304188226247499569\ 

171161122208835591556829908422261559239037807266897278051747\ 

3) 


270028756793599281064869983015527141911940705475341988265341\ 

747601498943476186801173436894897243158600431086032438432151\ 

827960888296883252952910474335889484286491640215073135915377) 


331417391499168741858777546020354434935375816699435892227934\ 

018309725363714851602421156111525086550842875391096861117245\ 

262008845243097646616563832995506737511392749323560655146931\ 

1) 


035209433950166745794844725896246171745524946030444743029356\ 

157968654157103030054472695677741951986447005469665438226326\ 

575999203343317985406991598000039438642794340137531690822147) 


867587491989043035831300828201284703376101540778985062936569\ 

391968367848454376296350574872597052804957670228205973341344\ 

828518183544124544870470226582882446253177216791243701804280) 


091939482603987739556121810868552142326684295941945686992554\ 

573367873668797866728487855893858808753285663486061314796012\ 

140358673444596816895559689839563635606754300470333640611878\ 

25

Type x yx zx zyx 

Amount 24 23 27 26 

Table 1: Summary of results for problem 11. 

5) 


900524755578585052721630258447382451765030144949951207786646\ 

110838585885971204218719872431155751276782292634789749171217\ 

050399637909286063835079790158907905880286681588957215994637\ 

4) 


710031752707137582830741110348039577107913444950334782429346\ 

834499138925114821873522260732875624204023958322262242726896\ 

915774023449924304056024312035505160809645729547061229283948\ 

0) 

24, 23, 27, 26 

These results are summarised in table 1. 

12. We will first propose a way to check that n, y and z have all been chosen 

correctly and then discuss how and why it works. Let X be a set of 100 

random number in Z ∗ n. 

Here is a way to check that n, y and z have all been chosen correctly: 

(a) Compute ( y 

n) 

. If it is not 1, return fail. 

(b) Compute ( z 

n) 

. If it is not −1, return fail. 

(c) Sum up the amounts of variants of x ∈ X that are in QR n (that is, 

the numbers of x’s, yx’s, zx’s and zyx’s in QR n ). If they do not sum 

up to 100, return fail. 

(d) If they do sum up to 100, they should be more or less evenly distributed 

in the four categories. At this point, it is safe to return 

succeed. 

Let us assume, for the moment, that n, y and z have all been chosen correctly. 

We will make some important observations concerning our results 

in this case of correctly chosen parameters. 

We know that given a prime r, exactly half of the integers between 1 and 

r − 1 are in QR r . Thus, using some intuition, if n = pq, we would expect 

about half of the integers in X to be in QR p and about half of them to be 

in QR q . Of course, it will generally not be the case that exactly half of the 

26

integers in X fall into either of these two categories, but since |X| = 100 

and thus covers a fairly large range, it is reasonable to expect such an 

approximate distribution. If for some x ∈ X ( y 

n) 

is equal to zero, then we 

can just select a new point at random to replace x in X. 

Taking this a step further and combining QR p and QR q , we would expect 

about one fourth of the integers in X to be in neither QR p nor QR q , about 

one fourth to be in QR p but not QR q , about one fourth to be in QR q but 

not QR p and about one fourth to be in both QR p and QR q . Again, the 

distribution might be very skewed and need not be even. However, we 

would expect there to be a number of integers in X that fall into each 

of these four categories. This accounts for all 100 integers in X. The 

important observation we will make is that these four cases (x being in 

QR p and QR q , QR p but not QR q , QR q but not QR p or neither QR p nor 

QR q ) correspond to the cases of x, yx, zx or zyx being in QR n . Let us 

explore this idea. 

( ) ( ) 

( ) ( ) 

We know that y 

p 

= y z 

z 

q 

= −1 and that either (a) 

p 

= 1 and 

q 

= 

( ) ( ) 

−1 or (b) = −1 and = 1. (Recall that, for now, we are assuming 

z 

p 

that n, y and z were chosen correctly.) 

z 

q 

Now, consider some x ∈ X. 

( ) ( ) 

x 

x 

• If x ∈ QR p and x ∈ QR q , then 

p 

= 1 and 

q 

= 1. From this, 

we can immediately conclude that x ∈ QR n . 

( ) 

( ) 

x 

x 

• If x /∈ QR p and x /∈ QR q , then 

p 

= −1 and 

q 

= −1. Now, 

( ) ( ) ( ) 

using y, we can see that yx 

p 

= y x 

p p 

= (−1)(−1) = 1 and 

( ) ( ) ( ) 

yx 

q 

= y x 

q q 

= (−1)(−1) = 1. From this, we can conclude that 

yx ∈ QR n . 

( ) 

z 

• Next, we must consider our cases for z. Recall that either (a) 

p 

( ) 

( ) ( ) 

= 1 

z 

z 

z 

and 

q 

= −1 or (b) 

p 

= −1 and 

q 

= 1. 

( ) ( ) 

x 

x 

(a) If x ∈ QR p and x /∈ QR q , then 

p 

= 1 and 

q 

( ) ( ) 

= −1. Using 

( ) 

z 

z 

zx 

the facts that 

p 

= 1 and 

q 

= −1, we see that 

p 

( ) ( ) 

( ) ( ) ( ) 

= 

z x 

zx z x 

p p 

= (1)(1) = 1 and 

q 

= 

q q 

= (−1)(−1) = 1. 

From this, we can conclude that( 

zx) 

∈ QR n . ( ) 

x 

x 

If x /∈ QR p and x ∈ QR q , then 

p 

= −1 and 

q 

= 1. Using 

( ) ( ) 

( ) ( ) 

z 

z 


p 

= 1, 

q 

= −1 and y 

p 

= y 

q 

= −1, 

( ) ( ( ) ( ) 

we see that zyx z 

p 

= y x 

p) 

p p 

= (1)(−1)(−1) = 1 and 

( ) ( ) ( ) ( ) 

zyx z 

q 

= y x 

q q q 

= (−1)(−1)(1) = 1. From this, we can 

conclude that zyx ∈ QR n . 

27

( ) ( ) 

x 

x 

(b) If x ∈ QR p and x /∈ QR q , then 

p 

= 1 and 

q 

= −1. Using 

( ) ( ) ( ) ( ) 

z 

z 


p 

= −1, 

q 

= 1 and y 

p 

= y 

q 

= −1, 

( ) ( ( ) ( ) 

we see that zyx z 

p 

= y x 

p) 

p p 

= (−1)(−1)(1) = 1 and 

( ) ( ) ( ) ( ) 

zyx z 

q 

= y x 

q q q 

= (1)(−1)(−1) = 1. From this, we can 

conclude that zyx ∈ QR n . ( ) ( ) 

x 

x 

If x /∈ QR p and x ∈ QR q , then 

p 

= −1 and 

q 

= 1. Using 

( ) 

( ) 

( ) 

z 

z 

zx 


p 

= −1 and 

q 

= 1, we see that 

p 

= 

( ) ( ) 

( ) ( ) ( ) 

z x 

zx z x 

p p 

= (−1)(−1) = 1 and 

q 

= 

q q 

= (1)(1) = 1. 

From this, we can conclude that zx ∈ QR n . 

Thus, regardless of how z was chosen, as long as it was chosen correctly, 

we can see that for each of our categories that an integer x ∈ X can fall 

into (in both QR p and QR q , QR p but not QR q , QR q but not QR p or 

neither QR p nor QR q ), either x, yx, zx or zyx is in QR n . 

Furthermore, there is a one-to-one correspondence between these occurrences. 

It is quite easy to show that if one of x, yx, zx or zyx is in 

QR n , then the other three ( possibilities ) ( ) are not in QR ( n ). 

For ( instance, ) ( ) 

x x 

zx z x 

suppose x ∈ QR n . Then 

p 

= 

q 

= 1. Either 

p 

= 

p p 

= 

( ) ( ) ( ) 

zx z x 

(−1)(1) = −1 or 

q 

= 

q q 

= (−1)(1) = −1, so zx /∈ QR n . Either 

( ) ( ( ) ( ) 

( ) ( ) ( ) ( ) 

zyx z 

p 

= y x 

p) 

p p 

= (1)(−1)(1) = 1 or zyx z 

q 

= y x 

q q q 

= 

) ( ) ( ) 

(1)(−1)(1) = 1, so zyx /∈ QR n . = y 

p 

= (−1)(1) = −1, so 

( 

yx 

p 

yx /∈ QR p . The cases of yx, zx and zyx being in QR n can all be dealt 

with in a similar fashion. 

We have shown that if n, y and z were correctly chosen, we should obtain 

results similar to those we did, in fact, obtain: a somewhat even categorisation 

of the 100 integers in X into our four type categories. However, 

does the converse hold That is, if a more or less even categorisation of 

all the integers in X occurred, can we be certain that n, y and z were 

correctly chosen 

First, we note that it is easy to verify that ( ( 

y 

n) 

= 1 and 

z 

n) 

= −1. 

This can be done by simply computing the Jacobi symbols in question. 

Therefore, in the rest of this discussion, we will assume that ( y 

) n) 

= 1 and 

= −1. 

( z 

n 

Now, suppose n has more than two prime factors, that is, n = p 1 · · · p k , 

where k > 2. x ∈ QR n if and only if x ∈ QR p1 , . . . , x ∈ QR pk . Similarly, 

yx ∈ QR n if and only if yx ∈ QR p1 , . . . , yx ∈ QR pk , zx ∈ QR n if and 

only if zx ∈ QR p1 , . . . , zx ∈ QR pk and zyx ∈ QR n if and only if zyx ∈ 

QR p1 , . . . , zyx ∈ QR pk . Intuitively, it is quite clear that in this case, there 

will be some integer x ∈ X such that neither x, yx, zx nor zyx is in QR n . 

x 

p 

28

There are simply too many conditions to be satisfied, as a result of the 

many prime factors of n. 

To show this, we must simply find an x ∈ X with, for instance, the 

following properties: 

( ) ( ) 

• For some p i , y x 

p i p i 

= −1. 

( ) ( ) 

z x 

• For some p j , 

p j p j 

= −1. 

( ) ( ) ( ) 

z 

• For some p k , 

y x 

p k p k p k 

= −1. 

( ) 

x 

• For some p l , 

p l 

= −1. 

It is clear that this will guarantee that x /∈ QR n , yx /∈ QR n , zx /∈ QR n 

and zyx /∈ QR n . 

Note that we could simply try to construct such an x. We begin by 

choosing a p i to clash with y, then a p j to clash with z, and so on. Of 

course, this raises the question of whether or not an integer x with the 

required properties even exists in X. Here, we will simply use intuition 

and argue that in the case that n = pq, our categoration was tight and 

complete, in the sense that every quadratic residue combination an x could 

fall into corresponded exactly to one of our QR n types (x, yx, zx or zyx). 

Here, we have far more quadratic residue combinations, since n has more 

than two prime factors. Four of these combinations may still correspond to 

our x, yx, zx and zyx types, as described above. The other combinations, 

however, might correspond to situations where neither x, yx, zx nor zyx 

is in QR n . Therefore, if n = p 1 · · · p k , where k > 2, then summing up the 

numbers of the variants of x in QR n would yield less than 100. 

Henceforth, let us assume again that n = pq. Now, we must address the 

question of whether or not y and z were correctly chosen. As discussed 

previously, it is easy to verify that ( ( 

y 

n) 

= 1 and 

z 

n) 

= −1. From this, 

it immediately follows that z is not in QR n , since n has( only ) two ( ) prime 

factors. The only incorrect case we must consider is that y 

p 

= y 

q 

= 1, 

in which case y would be in QR n . In( 

this ) case, ( ) consider an x ∈ X that is 

not in QR p and not in QR q . That is, = = −1. Clearly, x /∈ QR n . 

( ) ( ) ( ) ( ) ( ) ( ) 

Also, it follows immediately that yx 

p 

= yx 

q 

= y x 

p p 

= y x 

q q 

= 

(1)(−1) = −1. Thus, yx /∈ QR n . Now, we must again consider our two 

cases (a) and (b) for z: 

( ) ( ) 

( ) ( ) ( ) 

z 

z 

zx z x 

(a) If 

p 

= 1 and 

q 

= −1, then 

p 

= 

p p 

= (1)(−1) = −1, 

( ) ( ( ) ( ) 

so zx /∈ QR n . Also, zyx z 

p 

= y x 

p) 

p p 

= (1)(1)(−1) = −1, so 

x 

p 

x 

q 

zyx /∈ QR n 

29

( ) ( ) ( 

z 

z 

(b) If 

p 

= −1 and 

q 

= 1, then 

) 

so zx /∈ QR n . Also, = 

zyx /∈ QR n 

( 

zyx 

q 

) 

zx 

q 

( 

z 

q 

) ( 

y 

q 

( ) ( ) 

z x 

= 

q q 

= (1)(−1) = −1, 

) ( ) 

= (1)(1)(−1) = −1, so 

This shows that such an integer x would not be included in our four 

categories. Again, this would manifest itself as the four amounts not 

adding up to 100. This argument would hold if n had than two factors. 

In summary, we can conclude that if ( y 

n) 

= 1, 

( z 

n) 

= −1 and the amounts 

in our four categories add up to 100 and are more or less evenly distributed 

in the four categories, then n, y and z will probably have been correctly 

chosen. The more one whishes to be convinced that n has only two factors, 

the more points can be included in the set X. The probability of being 

misled decreases exponentially quickly with the number of samples in X. 

x 

q 

Part B: Theory 

13. To prove that rootLV finds a square root of x if and only if it randomly 

chooses an integer a that gives the key to √ x, we must prove two directions. 

(a) First, we will show that if rootLV succeeds in finding a square root 

of x, then the integer a it chose gives the key to √ x. We will prove 

this by contrapositive. 

Suppose rootLV chooses an integer a that does not give the key to 

√ x. Then a 2 − x mod p ∈ QR p , so there exists an integer r such 

that 

r 2 ≡ a 2 − x ≡ (a + √ x)(a − √ x) (mod p). 

From this, it follows immediately that 

r p−1 ≡ (a + √ x) p−1 

2 (a − 

√ x) 

p−1 

2 (mod p). 

Using Fermat’s little theorem, we know, since r is in the correct 

range, that 

which shows that 

r p−1 ≡ 1 (mod p), 

(a + √ x) p−1 

2 (a − 

√ x) 

p−1 

2 ≡ 1 (mod p). 

Multiplying both sides by (a − √ x) p−1 

2 yields 

30

(a + √ x) p−1 

2 (a − 

√ x) p−1 ≡ (a − √ x) p−1 

2 (mod p), 

and using Fermat’s little theorem again on (a − √ x) p−1 reduces this 

to 

(a + √ x) p−1 

2 ≡ (a − √ x) p−1 

2 (mod p). (1) 

Now, consider the symbolic computation we perform in rootLV: 

(a + √ x) p−1 

2 ≡ c + d √ x (mod p). (2) 

We could just as well perform an equivalent computation on a − √ x, 

rather than a + √ x: 

(a − √ x) p−1 

2 ≡ c + d ′√ x (mod p). (3) 

Note that the obtained c parameter will be the same for both a − √ x 

and a + √ x. This is because all intermediate steps of the a + √ x 

computation are of the form (e+f √ x)(g+h √ x) = eg+(eh+fg) √ x+ 

fhx, while all intermediate steps of the a − √ x computation are of 

the form (e ′ − f ′√ x)(g ′ − h ′√ x) = e ′ g ′ − (e ′ h ′ + f ′ g ′ ) √ x + f ′ h ′ x. At 

the first step in both computations, of course, the parameters are the 

same: e = e ′ , f = f ′ , g = g ′ , h = h ′ . Considering such computations 

reveals that the terms contributing to the final c parameters in both 

the a+ √ x and the a− √ x computations are the same, with the same 

sign. This explains why we have the c term in both equations (2) 

and (3), rather than a distinct c ′ term in equation (3). 

Now, combining equations (1), (2) and (3), we obtain 

which produces 

which, at last, yields, 

c + d √ x ≡ c + d ′√ x (mod p), 

d √ x ≡ d ′√ x (mod p), 

d ≡ d ′ 

(mod p). 

Note that multiplicative cancellation holds, since p is prime, so gcd( √ x, p) = 

1, and it is certainly not the case that √ x ≡ 0 (mod p). 

Now, note that d and d ′ are both between 0 and p − 1. d ′ , however, 

being dependent on the −(e ′ h ′ + f ′ g ′ ) √ x terms mentioned above, 

will be negative before the mod p operation is applied. Also, the 

−(e ′ h ′ + f ′ g ′ ) √ x terms of the a − √ x computation and the +(eh + 

fg) √ x terms of the a + √ x computation are the same, only with 

different signs. The only integer k such that k mod p = (−k) mod p 

is either 0 or a multiple of p. Since d and d ′ must be between 0 and 

31

p − 1, it must be the case that d = d ′ = 0. If d = 0, then rootLV fails 

to find a square root of x. 

Therefore, if a does not give the key to √ x, then rootLV fails. Taking 

the contrapositive of this, if rootLV succeeds, then a gives the key 

to √ x. Here, and also later, we use the fact that rootLV always 

terminates, that is, it either succeeds or it fails. If it does not succeed, 

then it fails, and if it does not fail, then it succeeds. This proves one 

direction. 

(b) Conversely, we must show that if a gives the key to √ x, then rootLV 

succeeds. Again, we will prove this by contrapositive. 

Suppose rootLV fails, that is, d = 0 after our symbolic computation. 

Then 

(a + √ x) p−1 

2 ≡ c (mod p), 

and our equivalent a − √ x computation is, as above, 

(a − √ x) p−1 

2 ≡ c + d ′√ x (mod p). 

Again, the terms involves in the two computations are similar. In 

particular, the final d and d ′ factors are, by exactly the same argumentation 

as before, the same, only with different signs. Since d = 0, 

it follows that d ′ = 0, so 

Thus, it follows that 

(a − √ x) p−1 

2 ≡ c (mod p). 

(a + √ x) p−1 

2 ≡ (a − √ x) p−1 

2 (mod p). 

Multiplying both sides by (a + √ x) p−1 

2 yields 

(a + √ x) p−1 ≡ (a 2 − x) p−1 

2 (mod p), 

from which Fermat’s little theorem on (a + √ x) p−1 gives us 

So, combining these results, 

(a + √ x) p−1 ≡ 1 (mod p). 

(a 2 − x) p−1 

2 ≡ 1 (mod p). 

We know that an integer x between 1 and p − 1 is in QR p if and only 

if x p−1 

2 ≡ 1 (mod p). (a 2 −x) mod p is certainly between 1 and p−1, 

so this establishes that a 2 − x mod p is in QR p . This is equivalent 

to the statement that a does not give the key to √ x. 

32

Thus, if rootLV fails, then a does not give a key to √ x. Taking the 

contrapositive of this, if rootLV chooses an integer a that gives the 

key to √ x, then it does not fail and finds a square root of x. 

Combining these two directions yields that rootLV finds a square root of 

x if and only if it randomly chooses an integer a that gives the key to √ a. 

14. In this problem, we will be using the function 

f : {1, 2, . . . , p − 1}\{ √ x, p − √ x} → {2, 3, . . . , p − 1} 

defined by the equation 

(a − √ x)f(a) ≡ a + √ x (mod p). 

First, we will prove several little lemmas. 

Lemma 1: f(a) ∈ QR p if and only if a does not give the key to √ x. 

Proof: We must prove two directions. 

(a) First, suppose a does not give the key to √ x. 

x) mod p ∈ QR p , so 

r 2 ≡ a 2 − x ≡ (a + √ x)(a − √ x) (mod p) 

for some integer r. Using the definition of f, we obtain 

r 2 ≡ (a − √ x) 2 f(a) (mod p). 

Then (a 2 − 

This shows that (a− √ x) 2 f(a) ∈ QR p . Clearly, (a− √ x) 2 ∈ QR p 

since 

s 2 ≡ (a − √ x) 2 (mod p) 

is true for s = a − √ x, so in order for (a − √ x) 2 f(a) to be in 

QR p , it must be that f(a) ∈ QR p . This follows 

( ) 

from 

( 

the 

) ( 

observation 

that if ab ∈ QR p and a ∈ QR p , then 

) 

ab a b 

p 

= 

p p 

= 

( ) 

( ) 

(1) = 1. Thus, it must be the case that = 1, so 

b 

p 

b ∈ QR p . 

(b) Conversely, if f(a) ∈ QR p , then (a − √ x) 2 f(a) ∈ QR p , since, as 

discussed above, (a − √ x) 2 ∈ QR p . From the definition of f(a), 

we obtain 

(a − √ x) 2 f(a) ≡ (a + √ x)(a − √ x) (mod p), 

which, since (a − √ x) 2 f(a) ∈ QR p , shows that 

(a + √ x)(a − √ x) mod p = a 2 − x mod p ∈ QR p . 

This indicates that a does not give the key to √ x. 

b 

p 

33

Combining these two directions proves that f(a) ∈ QR p if and only 

if a does not give the key to √ x. 

Lemma 2: f is a one-to-one function. 

Proof: Suppose, for the sake of deriving a contradiction, that there exist 

two elements i, j ∈ {1, 2, . . . , p − 1}\{ √ x, p − √ x}, i ≠ j, such that 

f(i) = f(j) = g. Then, by the definition of f, (i − √ x)g ≡ i + 

√ x (mod p) and (j − 

√ x)g ≡ j + 

√ x (mod p). Combining these 

two results, we obtain the following sequence of statements: (NB: 

Here, we use some multiplicative cancellation. This is valid, since 

gcd(p, x) = 1 for any integer x, given that p is prime. We also know 

that it is not the case that i− √ x ≡ 0 (mod p) or j− √ x ≡ 0 (mod p), 

since i, j /∈ { √ x, p − √ x} and it is not the case that g ≡ 0 (mod p), 

since f’s range is {2, 3, . . . , p − 1}.) 

(i − √ x)(j + √ x)g ≡ (i + √ x)(j − √ x)g (mod p) 

(i − √ x)(j + √ x) ≡ (i + √ x)(j − √ x) (mod p) 

ij + i √ x − j √ x − x ≡ ij − i √ x + j √ x − x (mod p) 

i √ x − j √ x ≡ −i √ x + j √ x (mod p) 

√ x(i − j) ≡ 

√ x(j − i) (mod p) 

i − j ≡ j − i (mod p) 

2i ≡ 2j (mod p) 

i ≡ j (mod p) 

Since i, j ∈ {1, 2, . . . , p − 1}, this last result can occur only if i = j. 

This contradicts our assumption that i ≠ j. Therefore, we conclude 

that there cannot exist two elements i, j ∈ {1, 2, . . . , p−1}, i ≠ j, such 

that f(i) = f(j). This establishes that f is a one-to-one function. 

Lemma 3: If p ≡ 1 (mod 4), then p − 1 ∈ QR p . 

Proof: We know that x ∈ QR p if and only if x p−1 

2 ≡ 1 (mod p). Let x = 

p−1. Then p−1 ∈ QR p if and only if (p−1) p−1 

2 ≡ 1 (mod p). Since 

p ≡ 1 (mod 4), we know that 4|p−1, so 4k = p−1 for some integer k. 

Then p − 1 ∈ QR p if and only if (4k) 2k ≡ 1 (mod 4k + 1). Note that 

for any integer b, (b + 1)(b − 1) = b 2 − 1. So (b + 1)|(b 2 − 1). So b 2 ≡ 

1 (mod b + 1). Thus, (4k) 2 ≡ 1 (mod 4k + 1), and it immediately 

follows that (4k) 2k ≡ 1 (mod 4k + 1). This was our condition for 

p − 1 being in QR p . Thus, we can conclude that p − 1 ∈ QR p . 

34

Now, armed with these lemmas, let us address the problem itself. 

If a gives the key to √ x and a is in f’s domain {1, 2, . . . , p − 1}\{ √ √ 

x, p − 

x}, then f(a) /∈ QRp , by lemma 1. We know that exactly half of the 

integers between 1 and p − 1 are in QR p and exactly half of them are not 

in QR p . Since 1 ∈ QR p , the number of integers between 2 and p − 1 that 

are not in QR p is still p−1 

2 . Since, by lemma 3, p−1 ∈ QR p, the number of 

integers between 2 and p − 2 that are not in QR p is still p−1 

2 

. Thus, there 

are p−1 

2 

integers in f’s range that are not in QR p . Since, by lemma 2, f is 

a one-to-one function, we know that of the integers in f’s domain, exactly 

p−1 

2 

get mapped to integers that are not in QR p and thus, by lemma 1, 

give the key to √ x. 

The values that a can assume that are not in f’s domain, √ x and p − √ x, 

are square roots of x modulo p. Thus, these values also give the key to 

√ x. This contributes two more values that give the key to 

√ x. 

Thus, 

√ 

the total number of values that a can assume that give the key to 

x is 

p−1 

2 

+ 2 = p+3 

2 . 

15. We assume that the prime number theorem is exactly correct for all powers 

of two, that is, the number of primes not exceeding 2 m for any m is equal 

to 

2m 

ln 2 

, or, expressed another way, π(2 m ) = 

2m 

m m ln 2 . 

Picking a random m-bit integer n such that gcd(n, 6) = 1 can very easily 

be done probabilistically as follows: 

(a) Pick a random m-bit integer n. 

(b) Using the Euclidean algorithm, test if gcd(n, 6) = 1. If yes, return n. 

Otherwise, go to step (a). 

The Euclidean algorithm is efficient, so this procedure yields fruit quite 

quickly. 

Since we are picking an m-bit integer, there are a total of 2 m integers we 

could pick. By the prime number theorem, exactly 

2m 

m ln 2 

of these integers 

are prime. Of the 2 m integers we are considering, half are divisible by two, 

one third are divisible by three and one sixth are divisible by six. Thus, 

culling those integers that are not relatively prime to 6, we are left with 

2 m − 2m 2 − 2m 3 + 2m 6 = 2m − 2 3 2m = 2m 3 

integers, both prime and composite. 

Obviously, we did not cull any prime numbers, so 

2m 

m ln 2 

of our remaining 

integers are still prime. 

We know that if n is composite, the procedure Rabin-Miller prime(n,k) 

returns prime with a probability of at most ( 1 k. 

4) 

Thus, the probability of choosing a composite n from our culled integers 

is ( 2 m 3 − 2m 

m ln 2 2) / 2m 3 = ( 1 − 3 

m ln 2) 

, so the probability that our procedure 

picks a composite n that Rabin-Miller prime(n,k) falsely identifies as 

prime is at most ( ) 

1 − 3 1 

m ln 2 

. 

4 k 

35

16. One only need to solve the following expression for k : 

( 

1 − 3 ) 1 

m ln 2 4 k < 1 

2 50 . 

To obtain that k has to be no smaller than 25. 

36

COMP 547: Assignment 1 Solutions

Create successful ePaper yourself

Delete template?

Save as template?