Applications of Congruences

SECTION 4.5 Applications of Congruences

The great British number theorist G. H. Hardy (1877-1947) once said, "I have never done anything 'useful.' No discovery of mine has made, or is likely to make, directly or indirectly, for good or ill, the least difference to the amenity of the world." He was wrong. Number theory has many applications, especially in cryptography (see Section 4.6). In the present section we saw applications to hashing functions (important for storing large amounts of information and being able to retrieve it efficiently), pseudorandom numbers (important for computer simulations), and check digits (important in our technological world). Hardy would be appalled!

The exercises in this section are mostly routine.

1. We are simply asked to compute k mod 97 for each value of k. We do this by dividing the given number by 97 and taking the remainder, which can be found either by multiplying the decimal remainder by 97, or by subtracting 97 times the quotient from k. (See the solution to Exercise 3 below for details.)

a) 034567981 mod 97

=

91 b) 183211232 mod 97

=

57 c) 220195744 mod 97

=

21 d) 987255335 mod 97

=

⁵

3. a) We need to compute k mod 31 in each case. A good way to do this on a calculator is as follows. Enter k and divide by 31. The result will be a number with an integer part and a decimal fractional part. Subtract off the integer part, leaving a decimal fraction between 0 and 1. This is the remainder expressed as a decimal.

To find out what whole number remainder that really represents, multiply by 31. The answer will be a whole number (or nearly so-it may require rounding, say from 4.9999 or 5.0001 to 5), and that number is k mod 31.

(i) 317 mod 31

=

7 (ii) 918 mod 31

=

19 (iii) 007 mod 31

=

7 (iv) 100 mod 31

=

7 (v) 111 mod 31

=

18 (vi) 310 mod 31

=

0

b) Take the next available space, where the next space is computed by adding 1 to the space number and pretending that 30

+

1

=

0.

5. We apply the formula with n = 0 to obtain x₁ = (3 · x0

+

2) mod 13 = (3 · 1

+

2) mod 13 = 5. Then

X2 = (3 · x1

+

2) mod 13

=

(3 · 5

+

2) mod 13

=

17 mod 13 = 4. Continuing in this way we have

X3

=

(3 · 4

+

2) mod 13

=

1. Because this is the same as x0 , the sequence repeats from here on out. So the sequence is 1, 5, 4, 1, 5, 4, 1, 5, 4, ....

7. We compute until the sequence begins to repeat:

x₁ = 3 · 2 mod 11 = 6 x2

=

3 · 6 mod 11

=

7

X3 = 3 · 7 mod 11 = 10 x4

=

3 · 10 mod 11

=

⁸

x5

=

3 · 8 mod 11

=

2

Since X5

=

xo, the sequence repeats forever: 2, 6, 7, 10, 8, 2, 6, 7, 10, 8, ....

9. We follow the instructions. Because 2357² = 5555449 = 05555449, the middle four digits are 5554, so 5554 is our second pseudorandom number. Next 5554²

=

30846916, so our third pseudorandom number is 8469.

Repeating the same procedure leads to the following five terms: 7239, 4031, 2489, 1951, 8064.

11. We are told to apply the formula Xn+l

=

x~ mod 7, starting with x0

=

2. Thus x1

=

2³ mod 7

=

1, x₂

=

1³ mod 7

=

1, and our sequence never gets off the ground! The sequence generated here is 2, 1, 1, 1, ....

13. A correctly transmitted bit string must have an even number of 1 's. Therefore we can be sure that there is an error in ( d), but because the other three strings have an even number of 1 's, we cannot detect an error in any of them. (Of course that doesn't mean that there is no error, because it is possible that two bits were transmitted incorrectly, in which case the sum modulo 2 does not change.)

138 Chapter 4 Number Theory and Cryptography

15. Let d be the check digit. Then we know that 1·0+2·0+3·7+4·1+5·1+6·9+7·8+8·8+9·1+10·d

=

0 (mod 11).

This simplifies to 213+10·d

=

0 (mod 11). But 213

=

4 (mod 11), and 10

=

-1(mod11), so this is equivalent to 4 - d

=

0 (mod 11) , or d

=

4.

17. The ISBN is 0073383090. To check its validity we compute, as in Example 6, 1·0+2·0 + 3 · 7 + 4 · 3 + 5 · 3 + 6 · 8 + 7 · 3 + 8 · 0 + 9 · 9 + 10 · 0 = 198. Because this is congruent to 0 modulo 11, the check digit was computed correctly.

19. To determine whether an 11-digit number is a valid USPS money order identification number, we need to verify that the sum of the first ten digits reduced modulo 9 gives the last digit.

a) 7 + 4 + 0 + 5 + 1 + 4 + 8 + 9 + 6 + 2 mod 9

=

46 mod 9

=

1 -1-3, so this is not a valid number.

b) 8 + 8 + 3 + 8 + 2 + 0 + 1 + 3 + 4 + 4 mod 9

=

^{41 mod 9}

=

5, which is the last digit, so this is a valid number.

c) 5 + 6 + 1+5+2+2 + 4 + 0 + 7 + 8 mod 9 = 40 mod 9 = 4, which is the last digit, so this is a valid number.

d) 6 + 6 + 6 + 0 + 6 + 6 + 3 + 1 + 1 + 7 mod 9

=

42 mod 9

=

6 -1-8, so this is not a valid number.

21. In each case, we know that xn = x1 + x2 + X3 + X4 + xs + X5 + x1 + xs + Xg + X10 mod 9. (See the preamble to Exercise 18.) This is equivalent to x11 = x 1 + x2 + ^X3 + x 4 + x5 + x 6 + x 7 + x 8 + x 9 + x 10 (mod 9), with 0 ::; x 11 :S 8. Therefore we will get an equation modulo 9 involving the unknown Q for each of these valid postal money order identification numbers.

a) 8 = 4 + 9 + 3 + 2 + 1 + 2 +

Q

+ 0 + 6 + 8 (mod 9), which is equivalent to 8 =

Q

+ 35 =

Q

+ 8 (mod 9).

Therefore

Q

= 0 (mod 9). There are two single-digit numbers

Q

that makes this true:

Q

= 0 and

Q

= 9, so it is impossible to know for sure what the smudged digit was.

b) 8

=

8 + 5 + 0 + Q + 9 + 1+0 + 3 + 8 + 5 (mod 9), which is equivalent to 8

=

Q + 39 = Q + 3 (mod 9).

The only single-digit number Q that makes this true is Q = 5, so the smudged digit must have been a 5.

c) 4 = 2 + Q + 9 + 4 + 1+0 + 0 + 7 + 7 + 3 (mod 9), which is equivalent to 4 = Q + 33 = Q + 6 (mod 9).

The only single-digit number Q that makes this true is Q

=

7, so the smudged digit must have been a 7.

d) 1=6+6 + 6 + 8 + 7 + Q + 0 + 3 + 2 + 0 (mod 9), which is equivalent to 1=Q+38 = Q + 2 (mod 9).

The only single-digit number Q that makes this true is Q

=

8, so the smudged digit must have been an 8.

23. Because the first ten digits are added, any transposition error involving them will go undetected-the sum of the first ten digits will be the same for the transposed number as it is for the correct number. Suppose the last digit is transposed with another digit; without loss of generality, we can assume it's the tenth digit and that x₁₀ -1-x11 . Then the correct equation will be

X11

=

X1 + X2 + X3 + X4 + X5 + X5 + X7 + Xs + Xg + X10 (mod 9) but the equation resulting from the error will read

X10

=

X1 + X2 + X3 + X4 + X5 + X5 + X7 + Xs + Xg + X11 (mod 9) .

Subtracting these two equations, we see that the erroneous equation will be true if and only if x11 - ^x10

=

x 10 - x11 (mod 9). This is equivalent to 2x11

=

^2x10 (mod 9), which, because 2 is relatively prime to 9, is equivalent to x 11 = x10 (mod 9), which is false. This tells us that the check equation will fail. Therefore we conclude that transposition errors involving the eleventh digits are detected.

25. From Example 5. we know that a valid UPC code must satisfy the equation

Section 4.5 Applications of Congruences 139

Therefore in each case we simply need to compute the left-hand side of this equation modulo 10 and see whether or not we get 0 as the answer.

a) 3 · 0 + 3 + 3 · 6 + 0 + 3 · 0 + 0 + 3 · 2 + 9 + 3 · 1+4 + 3 · 5 + 2 = 60

=

0 (mod 10), so this is a valid code.

b) 3 · 0 + 1 + 3 · 2 + 3 + 3 · 4 + 5 + 3 · 6 + 7 + 3 · 8 + 9 + 3 · 0 + 3

=

88

"!-

0 (mod 10) , so this is not a valid code.

c) 3 · 7 + 8 + 3 · 2 + 4 + 3 · 2 + 1+3 · 8 + 4 + 3 · 3 + 0 + 3 · 1+4 = 90

=

0 (mod 10), so this is a valid code.

d) 3 · 7 + 2 + 3 · 6 + 4 + 3 · 1+2+3·1+7 + 3 · 5 + 4 + 3 · 2 + 5 = 90

=

0 (mod 10), so this is a valid code.

27. The digits with even subscripts appear in the formula with coefficient 1, whereas those with odd subscripts appear with coefficient 3. Therefore if two digits whose positions have the same parity (both odd or both even) are switched, then th~ sum will be unchanged and such an error cannot be detected. If two digits whose parities are different are transposed, say an x in an odd position and a y in an even position, then the new sum will differ from the old sum by (x + 3y) - (3x + y), which equals 2(y- x). As long as the two transposed digits do not differ by 5, the sum will therefore be different modulo 10; if they do differ by 5, then the sum will be the same modulo 10. We conclude that transposition errors will be detected if and only if the transposed digits are an odd number of positions apart (in particular transposing neighboring digits) and do not differ by 5 .

29. In each case we need to compute a₁a2 . . . ^al4 mod 7 and see if we get a_{15 .} This may be inconvenient on a calculator with only 12 digits of precision, but one can always divide it out by hand (or, better, use computer algebra software).

a) 10133334178901

=

7 · 1447619168414 + 3. Therefore 10133334178901 mod 7

=

3

=

a15 , so this is a valid airline ticket number. (In Maple we could just type 10133334178901 mod 7 and get the response 3.)

b) 00786234277044 mod 7· = 6 -/=- 5 = a_{15 ,} so this is not a valid number.

c) 11327343888253 mod 7

=

1

=

a15 , so this is a valid number.

d) 00012234732287 mod 7 = 1 = a15 , so this is a valid number.

31. Let's solve a more general problem by ignoring the word "consecutive." First we look at the case in which the transposition does not involve the check digit itself. Suppose the erroneous number formed by the first 14 digits occurs when a, is interchanged with aJ , where 1 ~ i

<

j ~ 14. Because of our decimal place-value numeration system, before the switch, a, was contributing a, -10¹⁴-z to the value of the number, and aJ was contributing aJ · 10¹⁴-J. Therefore this change has increased the 14-digit number by (aJ -a,)10¹⁴- ' +(a, -aJ)10¹⁴-J, which equals (aJ - a,)(10¹⁴-z - 10¹⁴-J). In order for this to still check, this last expression must be equivalent to 0 modulo 7. Obviously this will happen if ai and aJ differ by 7, but it will also happen if (10¹⁴- ¹ -10¹⁴-J) is a multiple of 7. A bit of calculation shows that this will happen if and only if j - i = 6 or 12. Thus we cannot detect the error if the columns in which the transposition occurs are 6 or 12 apart or the transposed digits differ by 7. Finally, if the digit a15 is transposed with the digit

a,,

where 1 ~ i ~ 14, then a1 a2 ••• a14 mod 7 has gone up by ( a15-a,)10¹⁴-z and the check digit has gone up by a, - a15 , so we will not be able to detect this error ifand only if (a15-a,)10¹⁴- i

=a,

^-a15 (mod 7), which is equivalent to (a15-a,)(10¹⁴-'+ 1)

=

0 (mod 7).

Because 10¹⁴-'' + 1

=

0 (mod 7) if and only if i

=

5 or 11, we conclude that we cannot detect the transposition error if it interchanges the check digit with a₅ or a11 or interchanges it with a digit differing from it by 7.

(Of course, the check digit must be 0 through 6, so an error that puts a 7, 8, or 9 in the last position can also be detected.)

Because transposing consecutive digits is not transposing digits whose positions differ by the quantities mentioned above, we can detect all transposition errors of consecutive digits unless the digits differ by 7.

33. In each case we will compute 3d1+4d2 + 5d3 + 6d4 + 7d5 + 8d₆ + 9d₇ mod 11. If this matches the digit given for ds, then the ISSN is valid, and conversely.

140 Chapter 4 Number Theory and Cryptography

a) 3 · 1 + 4 · 0 + 5 · 5 + 6 · 9 + 7 · 1 + 8 · 0 + 9 · 2 mod 11 = 107 mod 11 = 8. Because ds = 7 =/= 8, this number is not valid.

b) 3 · 0 + 4 · 0 + 5 · 0 + 6 · 2 + 7 · 9 + 8 · 8 + 9 · 9 mod 11 = 220 mod 11 = 0. Because d₈ = 0, this number is valid.

c) 3 · 1+4 · 5 + 5 · 3 + 6 · 0 + 7 · 8 + 8 · 6 + 9 · 6 mod 11=196 mod 11 = 9. Because d₈ = 9, this number is valid.

d) 3 · 1+4 · 0 + 5 · 0 + 6 · 7 + 7 · 1 + 8 · 2 + 9 · 0 mod 11 = 68 mod 11 = 2. Because d8 is "X" (representing 10 modulo 11 ), this number is not valid.

35. By subtracting d₈ from both sides and noting that -1

=

10 (mod 11) , we see that the checking congruence is equivalent to 3d1+4d2 + 5d3 + 6d4 + 7 d5 + 8d5 + 9d1 + lOds

=

0 (mod 11) . It is now easy to see that transposing adjacent digits x and y (where x is on the left) causes the left-hand side to increase by x and decrease by y, for a net change of x - y. Because x =/'. y (mod 11) , the congruence will no longer hold. Therefore errors of this type are always detected.

SECTION 4.6 Cryptography

In addition to exercises about the topics covered in this section, this exercise set introduces the Vigenere cipher (Exercises 18-22) and a protocol for key exchange (Exercise 33). There is a nice website for encoding and decoding with the affine cipher (far any function of the farm f(p) = ap

+

b ), which you can use to check your answers: www.shodor.org/interactivate/activities/CaesarCipher/. A website for the Vigenere cipher can be found here: isl ab. oregonstate. edu/koc/ ece575/02Proj ect/Mun+Lee/VigenereCipher. html 1. a) We need to replace each letter by the letter three places later in the alphabet. Thus D becomes G, 0

becomes R, and so on. The resulting message is GR QRW SDVV JR.

b) We need to replace each letter by the letter 13 places later in the alphabet. Thus D becomes Q, 0 becomes B (we cycle, with A following Z), and so on. The resulting message is QB ABG CNFF TB.

c) This one is a little harder, so it is probably easiest to work with the numbers. For D we have p

=

3 because D is the fourth letter of the alphabet. Then 3 · 3 + 7 mod 26 = 16, so the encrypted letter is the 17th letter, or Q (remember that we start the sequence at 0). Our original message has the following numerical values:

3-14 13-14-19 15-0-18-18 6-14. Multiplying each of these numbers by 3, adding 7, and reducing modulo 26 gives us 16-23 20-23-12 0- 7-9-9 25-23. Translating back into letters we have QX UXM AHJJ ZX.

3. In each case, we translate the letters to numbers from 0 to 25, then apply the function, then translate back. (See the solution for Exercise le above for details.) In each case, the numerical message is 22-0-19-2-7 24-14-20-17 18-19-4-15.

a) Adding 14 to each number modulo 26 yields 10-14-7-16-21 12-2-8-5 6-7-18-3. Translating back into letters yields KOHQV MCIF GHSD.

b) Multiplying each number by 14, adding 21, and reducing modulo 26 yields 17-21-1-23-15 19-9-15-25 13-1-25-23. Translating back into letters yields RVBXP TJPZ NBZX.

c) Multiplying each number by - 7, adding 1, and reducing modulo 26 yields 3-1-24-13-4 15-7-17-12 5-24-25-0.

Translating back into letters yields DBYNE PHRM FYZA.

5. a) We need to undo the encryption operation, which was to choose the letter that occurred ten places later in the alphabet. Therefore we need to go backwards 10 places (or, what amounts to the same thing, forward 16 places). For example, the C decodes as S. Doing this for each letter, as in Exercise 1, gives us SURRENDER NOW.

b) BE MY FRIEND c) TIME FOR FUN

Section 4.6 Cryptography 141

7. We need to play detective. First note that the two-letter word DY occurs twice. Because this was a shift cipher, we know that the first letter of this word occurs five places beyond the second letter in the alphabet. One of those letters has to be a vowel. This makes it very likely that the word is either UP or TO, corresponding to k

=

9 or k

=

10, respectively. Since TO is a more common word, let us assume k

=

10. To decrypt, we shift each letter in the encrypted message backward 10 places (or forward 16 places) in the alphabet, obtaining TO SLEEP PERCHANCE TO DREAM (from Hamlet).

9. Following the same strategy as in Exercise 7, we try to figure out k from the fact that MW is a two-letter word in the encrypted text. What fits best is IS, with k

=

^{4. If} we apply that to the three-letter word, we get ANY, which seems quite promising. We now decode the entire message: ANY SUFFICIENTLY ADVANCED TECHNOLOGY IS INDISTINGUISHABLE FROM MAGIC.

11. We want to solve the congruence c

=

^15p

+

13 (mod 26) for p. To do that we will need an inverse of 15 modulo 26, which we can obtain using the Euclidean algorithm or by trial and error. It is 7, because 7 · 15

=

105

=

4 · 26

+

1. Therefore we have p

=

7(c - 13) mod 26

=

7c - 91 mod 26

=

7c

+

13 mod 26.

13. Because the most common letters are E and T, in that order, and the numerical values of E, T, Z, and J are 4, 19, 25, and 9, respectively, we will assume that f( 4)

=

25 and f(19)

=

9. This means that 4a

+

b

=

²⁵

and 19a

+

b

=

9, where we work modulo 26, of course. Subtracting the two equations gives 15a

=

10, which simplifies to 3a

=

2 (because 5 is not a factor of 26, we can divide both sides by 5). We can find an inverse of 3 modulo 26 using the Euclidean algorithm or by trial and error. It is 9, because 3 · 9 = 27 = 26

+

1.

Therefore a

=

^{9 · 2}

⁼

18. Plugging this into 4a

+

b

=

25 yields b

=

^{25 - 4a}

⁼

^{25 - 72}

=

5. We therefore guess that the encryption function is f(p)

=

18p

+

5 mod 26. As a check, we see that f(4)

=

25 and f(19)

=

9.

15. We permute each block of four by undoing the permutation ^O". Because 0'(1)

=

3, we put the third letter first; because 0'(2)

=

1, we put the first letter second; and so on. This gives us BEWA REOF MART IANS, presumably meant to be BEWARE OF MARTIANS.

17. Presumably the message was translated letter by letter, such as by a shift cipher or affine cipher. (Other, nonlinear, bijections on Z₂₆ are also possible.)

19. The numerical version of the encrypted text is 14-8-10-24-22-21-7-1-23. If we subtract the values for the key HOTHOTHOT, namely 7-14-19-7-14-19-7-14-19 and reduce modulo 26, we obtain 7-20-17-17-8-2-0-13-4, which translates to HURRICANE.

21. If l is the distance between the beginnings of the string that occurs several times, then it may be likely that the length of the key string is a factor of l. Thus if we have several such values of l, we can find their greatest common divisor and assume that the length of the key string is a factor of this gcd.

23. Suppose that we know n

=

pq and (p - 1) ( q - 1), and we wish to find p and q. Here is how we do so.

Expanding (p - 1 )( q - 1) algebraically we obtain pq - p - q

+

1

=

n - p - q

+

1. Thus we know the value of n - p - q

+

1, and so we can easily calculate the value of p

+

q (since we know n). But we also know the value of pq, namely n. This gives us two simultaneous equations in two unknowns, and we can solve them using the quadratic formula. Here is an example. Suppose that we want to factor n

=

341, and we are told that (p - 1) ( q - 1) = 300. We want to find p and q. Following the argument just outlined, we know that p

+

q

=

341

+

1 - 300

=

42. Plugging q

=

42 - p into pq

=

341 we obtain p( 42 - p)

=

341, or p^{2 -} 42p

+

341

=

0. The quadratic formula then tells us that p

= (

42

+ .J

422 - 4 · 341) /2

=

31, and so the factors are 31 and 42 - 31 = 11. Note that absolutely no trial divisions were involved here-it was just straight calculation.

142 Chapter 4 Number Theory and Cryptography

25. First we translate UPLOAD into numbers: 2015 1114 0003. For each of these numbers, which we might call M, we need to compute C =Me mod n

=

M¹⁷ mod 3233. Note that n

=

53 · 61

=

3233 and that gcd(e, (p -1) ( q - 1))

=

gcd(l 7, 52 · 60)

=

1, as it should be. A computational aid tells us that 2015¹⁷ mod 3233

=

2545, 1114¹⁷ mod 3233 = 2757, and 0003¹⁷ mod 3233 = 1211. Therefore the encrypted message is 2545 2757 1211.

27. This problem requires a great amount of calculation. Ideally, one should do it using a computer algebra package, such as Mathematica or Maple. Let us follow the procedure outlined in Example 9. It was computed there that the inverse of e

=

13 modulo n

=

43·59 is d

=

937. We need to compute 0667⁹³⁷ mod 2537

=

1808, 194 7⁹³⁷ mod 2537 = 1121, and 0671⁹³⁷ mod 2537 = 0417. (These calculations can in principle be done with a calculator, using the fast modular exponentiation algorithm, but it would probably take the better part of an hour and be prone to transcription errors.) Thus the original message is 1808 1121 0417, which is easily translated into letters as SILVER.

29. We follow the steps given in the text, with p

=

23, a= 5, k1

=

8, and k2

=

5. Using Maple, we verify that 5 is a primitive root modulo 23, by noticing that 5k as k runs from 0 to 21 produce distinct values (and of course 5²² mod 23 = 1 ). We find that 5⁸ mod 23 = 16. So in Step (2), Alice sends 16 to Bob. Similarly, in Step (3), Bob sends 5⁵ mod 23

=

20 to Alice. In Step (4) Alice computes 20⁸ mod 23

=

6, and in Step (5) Bob computes 16⁵ mod 23

=

6. These are the same, of course, and thus 6 is the shared key.

31. See Example 10 for the procedure. First Alice translates her message into numbers: 1804 1111 0421 0417 2419 0708 1306. She then applies her decryption transformation sending each block x to x¹¹⁸³ mod 2867.

(We should verify with Maple that 7 · 1183 mod (60 · 46)

=

1.) Using Maple, we see that the blocks become

1804¹¹⁸³ mod 2867

=

2186, 1111¹¹⁸³ mod 2867

=

2087, 0421¹¹⁸³ mod 2867

=

1279, 0417¹¹⁸³ mod 2867

=

1251, 2419¹¹⁸³ mod 2867

=

0326, 0708¹¹⁸³ mod 2867

=

0816, and 1306¹¹⁸³ mod 2867

=

^{1948. If} her friends apply Alice's encryption transformation to 2186 2087 1279 1251 0326 0816 1948, they will obtain the numbers of her original message.

33. Cathy knows the shared key kAlice,Bob, but because she transmitted it to Alice encrypted, no one else knows it at the time Alice receives it. Alice can decrypt the first part of Cathy's message to find out what the key is. When Alice sends the second part of Cathy's message, which consists of kAlice.Bob encrypted with Bob's key, on to Bob, Bob can decrypt it to find the shared key, but it remains hidden from everyone else.

在文檔中 Student's Solutions Guide (頁 146-151)