T Cryptology Spring 2009

Similar documents
Introduction to Finite Fields (cont.)

Modern Algebra Lecture Notes: Rings and fields set 4 (Revision 2)

The Division Algorithm for Polynomials Handout Monday March 5, 2012

SOLVING POLYNOMIAL EQUATIONS

HOMEWORK 5 SOLUTIONS. n!f n (1) lim. ln x n! + xn x. 1 = G n 1 (x). (2) k + 1 n. (n 1)!

How To Understand The Theory Of Algebraic Functions

minimal polyonomial Example

Discrete Mathematics: Homework 7 solution. Due:

CHAPTER SIX IRREDUCIBILITY AND FACTORIZATION 1. BASIC DIVISIBILITY THEORY

calculating the result modulo 3, as follows: p(0) = = 1 0,

PROBLEM SET 6: POLYNOMIALS

The finite field with 2 elements The simplest finite field is

Math 115 Spring 2011 Written Homework 5 Solutions

H/wk 13, Solutions to selected problems

FACTORING SPARSE POLYNOMIALS

Quotient Rings and Field Extensions

Factorization Algorithms for Polynomials over Finite Fields

Chapter 4, Arithmetic in F [x] Polynomial arithmetic and the division algorithm.

1 = (a 0 + b 0 α) (a m 1 + b m 1 α) 2. for certain elements a 0,..., a m 1, b 0,..., b m 1 of F. Multiplying out, we obtain

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

it is easy to see that α = a

Lecture 10: Distinct Degree Factoring

I. GROUPS: BASIC DEFINITIONS AND EXAMPLES

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

(a) Write each of p and q as a polynomial in x with coefficients in Z[y, z]. deg(p) = 7 deg(q) = 9

Math 55: Discrete Mathematics

Congruence properties of binary partition functions

FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z

Factoring Polynomials

Winter Camp 2011 Polynomials Alexander Remorov. Polynomials. Alexander Remorov

Vieta s Formulas and the Identity Theorem

4/1/2017. PS. Sequences and Series FROM 9.2 AND 9.3 IN THE BOOK AS WELL AS FROM OTHER SOURCES. TODAY IS NATIONAL MANATEE APPRECIATION DAY

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include

March 29, S4.4 Theorems about Zeros of Polynomial Functions

Binary Number System. 16. Binary Numbers. Base 10 digits: Base 2 digits: 0 1

3 1. Note that all cubes solve it; therefore, there are no more

Real Roots of Univariate Polynomials with Real Coefficients

A New Generic Digital Signature Algorithm

Chapter 13: Basic ring theory

Rolle s Theorem. q( x) = 1

1 if 1 x 0 1 if 0 x 1

Module MA3411: Abstract Algebra Galois Theory Appendix Michaelmas Term 2013

1 Lecture: Integration of rational functions by decomposition

Chapter 3. if 2 a i then location: = i. Page 40

Lecture 6: Finite Fields (PART 3) PART 3: Polynomial Arithmetic. Theoretical Underpinnings of Modern Cryptography

8 Primes and Modular Arithmetic

Zeros of Polynomial Functions

COMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012

Notes 11: List Decoding Folded Reed-Solomon Codes

3.6 The Real Zeros of a Polynomial Function

Some applications of LLL

10 Splitting Fields. 2. The splitting field for x 3 2 over Q is Q( 3 2,ω), where ω is a primitive third root of 1 in C. Thus, since ω = 1+ 3

6.2 Permutations continued

1 Shapes of Cubic Functions

SOLUTIONS FOR PROBLEM SET 2

3. INNER PRODUCT SPACES

Basics of Polynomial Theory

EMBEDDING DEGREE OF HYPERELLIPTIC CURVES WITH COMPLEX MULTIPLICATION

The mathematics of RAID-6

Second Order Differential Equations with Hypergeometric Solutions of Degree Three

On the generation of elliptic curves with 16 rational torsion points by Pythagorean triples

Prime Numbers and Irreducible Polynomials

Factoring polynomials over finite fields

p e i 1 [p e i i ) = i=1

CSE373: Data Structures and Algorithms Lecture 3: Math Review; Algorithm Analysis. Linda Shapiro Winter 2015

r + s = i + j (q + t)n; 2 rs = ij (qj + ti)n + qtn.


Math 4310 Handout - Quotient Vector Spaces

1 Formulating The Low Degree Testing Problem

Algebraic Attacks on SOBER-t32 and SOBER-t16 without stuttering

The Mean Value Theorem

Zero: If P is a polynomial and if c is a number such that P (c) = 0 then c is a zero of P.

Limits and Continuity

MATH 289 PROBLEM SET 4: NUMBER THEORY

Arithmetic algorithms for cryptology 5 October 2015, Paris. Sieves. Razvan Barbulescu CNRS and IMJ-PRG. R. Barbulescu Sieves 0 / 28

2.3. Finding polynomial functions. An Introduction:

Section 4.2: The Division Algorithm and Greatest Common Divisors

Polynomials and Factoring

Nonlinear Algebraic Equations. Lectures INF2320 p. 1/88

Number Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures

A note on companion matrices

3.2 The Factor Theorem and The Remainder Theorem

CONTINUED FRACTIONS AND PELL S EQUATION. Contents 1. Continued Fractions 1 2. Solution to Pell s Equation 9 References 12

Continuity. DEFINITION 1: A function f is continuous at a number a if. lim

Lecture 13 - Basic Number Theory.

MATH10040 Chapter 2: Prime and relatively prime numbers

Math 319 Problem Set #3 Solution 21 February 2002

Cryptosystem. Diploma Thesis. Mol Petros. July 17, Supervisor: Stathis Zachos

MA4001 Engineering Mathematics 1 Lecture 10 Limits and Continuity

Chapter 1. Search for Good Linear Codes in the Class of Quasi-Cyclic and Related Codes

Erasure Codes Made So Simple, You ll Really Like Them

RINGS WITH A POLYNOMIAL IDENTITY

THE NUMBER OF REPRESENTATIONS OF n OF THE FORM n = x 2 2 y, x > 0, y 0

Chapter 6. Orthogonality

CS 103X: Discrete Structures Homework Assignment 3 Solutions

k, then n = p2α 1 1 pα k

Field Fundamentals. Chapter Field Extensions Definitions Lemma

Putnam Notes Polynomials and palindromes

MATH 22. THE FUNDAMENTAL THEOREM of ARITHMETIC. Lecture R: 10/30/2003

The Method of Partial Fractions Math 121 Calculus II Spring 2015

Transcription:

T-79.5501 Cryptology Spring 2009 Homework 4 Tutor : Joo Y. Cho joo.cho@tkk.fi 19th February 2009

Q1. Consider two LFSRs with polynomials f(x) = x 5 + x 4 + 1 and g(x) = x 4 + x 2 + 1. Find the shortest LFSR which generates all sequences generated by these LFSRs and its connection polynomial h(x). Determine the exponents of f(x), g(x) and h(x). What kind of periods the sequences in Ω(h(x)) may have?

A1-a) The polynomials f(x) and g(x) factor into: f(x) = x 5 + x 4 + 1 = (x 3 + x + 1)(x 2 + x + 1), g(x) = x 4 + x 2 + 1 = (x 2 + x + 1) 2. By Theorem 2 in the lecture slides, the LFSR with the connection polynomial h(x) = lcm(f(x), g(x)) = (x 3 + x + 1)(x 2 + x + 1) 2 generates all sequences in Ω(f(x)) and Ω(g(x)).

A1-b). The exponents of factors of f(x) and g(x) are (x 3 + x + 1) : e = 7, (x 2 + x + 1) : e = 3, (x 2 + x + 1) 2 : e = 6 Hence f(x) (x 21 + 1) and g(x) (x 6 + 1) and lcm(21, 6) = 42 e h. The polynomial x 42 + 1 has the factorization x 42 + 1 = (x 21 + 1) 2 = (x 6 + x 5 + x 4 + x 2 + 1) 2 (x 6 + x 4 + x 2 + x + 1) 2 (x 3 + x 2 + 1) 2 (x 3 + x + 1) 2 (x 2 + x + 1) 2 (x + 1) 2. Hence, h(x) (x 42 + 1) and e h = 42. Since 42 = 2 3 7, the periods of the sequences in Ω(h(x)) are divisible by 2, 3, or 7.

Theorem Let g F q [x] be irreducible over F 2 m with g(0) 0 and ord(g) = e, and let f = g b with a positive integer b. Let t be the smallest integer with 2 t b. Then ord(f) = e 2 t. For example, let us find the exponent of f such that g = (x 2 + x + 1), f = g 2. Since the exponent of g is 3 and 2 1 2, we get ord(f) = 3 2 1 = 6.

Q2. Let e be the exponent of f(x). Show that then there is a sequence S Ω(f) such that the period of S is equal to e.

A2-a) Suppose that the sequence S Ω(f(x)) has the period of d with generating function S(x) = 1 f (x). We claim that d = e. i) By Theorem 3 (Lecture 4) we know that d divides e. ii) We show that d e. Since S has period d, S Ω(1 + x d ), and hence there is a polynomial of degree less than d such that G(x) = P(x) 1+x d. Hence, P(x) 1 + x d = 1 f (x) P(x)f (x) = 1 + x d P (x)f (x) = x d + 1 Hence, f(x) x d + 1 and the exponent e d.

Q3. Show that the exponent of the polynomial f(x) = x n + x n 1 +... + x 2 + x + 1 = n i=0 xi is equal to n + 1 for all integers n, n > 1.

A3. We have n+1 (x + 1)f(x) = xf(x) + f(x) = x i + i=1 n x i = x n+1 + 1. Hence, f(x) (x n+1 + 1) for all n > 1, and the exponent of f(x) is n + 1. i=0

Q4. Recall that an element of a finite field of size q is primitive if it has multiplicative order q 1. The following fact holds: An irreducible polynomial is primitive if and only if x = 00... 010 is a primitive element in the Galois field GF(2 n ) = Z 2 [x]/(f(x)) with polynomial f(x). We know that the polynomial x 4 + x 3 + x 2 + x + 1 is irreducible but not primitive, since its exponent is 5. Hence x is not a primitive element in the field Z 2 [x]/(x 4 + x 3 + x 2 + x + 1). Find some primitive element in this field.

A4. The task is to find a primitive element in the field F 2 [x]/(x 4 + x 3 + x 2 + 1). We can start searching among small polynomials. Since x is no good, let us try x+1 next. Since the order of the field is 15, the possible orders are 3, 5 and 15. (Use x 5 1.) (x + 1) 3 = x 3 + x 2 + x + 1, (x + 1) 5 = (x + 1)(x 4 + 1) = x 5 + x 4 + x + 1 = x 4 + x, (x + 1) 15 = ((x + 1) 5 ) 3 = x 3 (x 3 + 1) 3 = x 3 (x 9 + x 6 + x 3 + 1) = 1 We can find more primitive elements in a similar way.

Q5. For each of the following 5-bit sequences determine its linear complexity and find one of the shortest LFSR that generates the sequence without using the Berlecamp-Massey algorithm. a) 0 0 1 1 1 b) 0 0 0 1 1 c) 1 1 1 0 0 d) Determine an LFSR that generates all three sequences.

Q5-a) The sequence contains two consecutive 0 s. It follows that LC 3. Let s try to fit a linear recurrence of length 3 to the sequence. Given five terms of the sequence we get the following two equations: c 0 0 + c 1 0 + c 2 1 = 1 c 0 0 + c 1 1 + c 2 1 = 1 from where we get c 2 = 1 and c 1 = 0. We are looking for a full length three LFSR, hence c 0 = 1. Since we found a solution LFSR with polynomial x 3 + x 2 + 1 it follows that LC = 3.

Q5-b) Similarly as in a) we see immediately that LC 4. When fitting a linear recurrence of length 4, only one equation is obtained: c 0 0 + c 1 0 + c 2 0 + c 3 1 = 1 It follows that c 3 = 1. Hence, with c 0 = 1, we have four solutions. It follows that LC =4, and that any of the four polynomials works: x 4 + x 3 + c 2 x 2 + c 1 x + 1.

Q5-c) The non-zero sequence contains two consecutive 0 s. It follows that LC 3. Let s try to fit a linear recurrence of length 3 to the sequence. From the five terms of the sequence we get the following two equations: c 0 1 + c 1 1 + c 2 1 = 0 c 0 1 + c 1 1 + c 2 0 = 0 from where we get c 0 = c 1 and c 2 = 0. We are looking for a full length three LFSR, hence c 0 = 1. Since we found a solution LFSR with polynomial x 3 + x + 1 it follows that LC = 3.

Q5-d) Let us try if we could find a degree 4 solution by fitting a linear recurrence of length four to the three sequences. We get three equations: c 0 0 + c 1 0 + c 2 1 + c 3 1 = 1 c 0 0 + c 1 0 + c 2 0 + c 3 1 = 1 c 0 1 + c 1 1 + c 2 1 + c 3 0 = 0 We get c 0 = c 1, c 2 = 0, and c 3 = 1 and hence the common polynomial is x 4 + x 3 + x + 1.

Q6. Let S be a sequence of bits with linear complexity L. Its complemented sequence S is the sequence obtained from S by complementing its bits, that is, by adding 1 modulo 2 to each bit. a) Show that LC( S) L + 1. b) Show that LC( S) = L 1, or L, or L + 1.

A6-a. Let I be a sequence 1111...1... (finite or infinite) that is generated using the feedback polynomial x + 1. Then, we have S = S I. By Theorem 2 in the lecture slides, we know S Ω(h) where h(x) = lcm(f(x), (x + 1)). If the original sequence is generated using a polynomial f(x) of degree L then the complemented sequence is generated using a feedback polynomial lcm(f(x), (x + 1)), which has degree at most L + 1. Hence, LC( S) LC(S) + 1.

A6-b) Applying the result proved in a) for S and observing that S = S we get LC( S) LC(S) 1. Hence LC( S {L 1, L, L + 1}. All three cases are possible as shown by the sequences: 111111...(complemented sequence has LC = 0), 01010...(complemented sequence has the same LC), 000000...(complemented sequence has LC = 1)

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information