COMP 547: Assignment 1 Solutions

More documents

Recommendations

Info

( ) ( ) ( z z (b) If p = −1 and q = 1, then ) so zx /∈ QR n . Also, = zyx /∈ QR n ( zyx q ) zx q ( z q ) ( y q ( ) ( ) z x = q q = (1)(−1) = −1, ) ( ) = (1)(1)(−1) = −1, so This shows that such an integer x would not be included in our four categories. Again, this would manifest itself as the four amounts not adding up to 100. This argument would hold if n had than two factors. In summary, we can conclude that if ( y n) = 1, ( z n) = −1 and the amounts in our four categories add up to 100 and are more or less evenly distributed in the four categories, then n, y and z will probably have been correctly chosen. The more one whishes to be convinced that n has only two factors, the more points can be included in the set X. The probability of being misled decreases exponentially quickly with the number of samples in X. x q Part B: Theory 13. To prove that rootLV finds a square root of x if and only if it randomly chooses an integer a that gives the key to √ x, we must prove two directions. (a) First, we will show that if rootLV succeeds in finding a square root of x, then the integer a it chose gives the key to √ x. We will prove this by contrapositive. Suppose rootLV chooses an integer a that does not give the key to √ x. Then a 2 − x mod p ∈ QR p , so there exists an integer r such that r 2 ≡ a 2 − x ≡ (a + √ x)(a − √ x) (mod p). From this, it follows immediately that r p−1 ≡ (a + √ x) p−1 2 (a − √ x) p−1 2 (mod p). Using Fermat’s little theorem, we know, since r is in the correct range, that which shows that r p−1 ≡ 1 (mod p), (a + √ x) p−1 2 (a − √ x) p−1 2 ≡ 1 (mod p). Multiplying both sides by (a − √ x) p−1 2 yields 30
(a + √ x) p−1 2 (a − √ x) p−1 ≡ (a − √ x) p−1 2 (mod p), and using Fermat’s little theorem again on (a − √ x) p−1 reduces this to (a + √ x) p−1 2 ≡ (a − √ x) p−1 2 (mod p). (1) Now, consider the symbolic computation we perform in rootLV: (a + √ x) p−1 2 ≡ c + d √ x (mod p). (2) We could just as well perform an equivalent computation on a − √ x, rather than a + √ x: (a − √ x) p−1 2 ≡ c + d ′√ x (mod p). (3) Note that the obtained c parameter will be the same for both a − √ x and a + √ x. This is because all intermediate steps of the a + √ x computation are of the form (e+f √ x)(g+h √ x) = eg+(eh+fg) √ x+ fhx, while all intermediate steps of the a − √ x computation are of the form (e ′ − f ′√ x)(g ′ − h ′√ x) = e ′ g ′ − (e ′ h ′ + f ′ g ′ ) √ x + f ′ h ′ x. At the first step in both computations, of course, the parameters are the same: e = e ′ , f = f ′ , g = g ′ , h = h ′ . Considering such computations reveals that the terms contributing to the final c parameters in both the a+ √ x and the a− √ x computations are the same, with the same sign. This explains why we have the c term in both equations (2) and (3), rather than a distinct c ′ term in equation (3). Now, combining equations (1), (2) and (3), we obtain which produces which, at last, yields, c + d √ x ≡ c + d ′√ x (mod p), d √ x ≡ d ′√ x (mod p), d ≡ d ′ (mod p). Note that multiplicative cancellation holds, since p is prime, so gcd( √ x, p) = 1, and it is certainly not the case that √ x ≡ 0 (mod p). Now, note that d and d ′ are both between 0 and p − 1. d ′ , however, being dependent on the −(e ′ h ′ + f ′ g ′ ) √ x terms mentioned above, will be negative before the mod p operation is applied. Also, the −(e ′ h ′ + f ′ g ′ ) √ x terms of the a − √ x computation and the +(eh + fg) √ x terms of the a + √ x computation are the same, only with different signs. The only integer k such that k mod p = (−k) mod p is either 0 or a multiple of p. Since d and d ′ must be between 0 and 31
Page 1 and 2: COMP 547: Assignment 1 Solutions Oc
Page 3 and 4: + x^277 + x^276 + x^275 + x^272 + x
Page 5 and 6: g := x^997 + x^996 + x^994 + x^991
Page 7 and 8: We know that the distinct powers of
Page 9 and 10: + x^790 + x^788 + x^784 + x^783 + x
Page 11 and 12: The following Maple function comput
Page 13 and 14: a:= 0; b:= 0; while not (a = -1 and
Page 15 and 16: 21284645683965405414161580243440656
Page 17 and 18: 17819930918348761695484963068116150
Page 19 and 20: 38925360540593985506091325701956938
Page 21 and 22: 5471234567945 is in QR_n (root of x
Page 23 and 24: 5471234567962 is not in QR_n (root
Page 25 and 26: 5471234567979 is not in QR_n (root
Page 27 and 28: integers in X fall into either of t
Page 29: There are simply too many condition
Page 33 and 34: Thus, if rootLV fails, then a does
Page 35 and 36: Now, armed with these lemmas, let u

COMP 547: Assignment 1 Solutions

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?