Foundations of Cryptography
CSCI-662-01, Fall 2022, Semester 2221

In all cases show the details of your work, and give brief reasons for your answers. The homeworks are due in pdf format on myCourses. Convert to single pdf before submission, submit just one pdf file for each assignment.

Assignment 1, due Wednesday, August 31

Warm-up assignment:
Solve problems 1.2, 1.3, 1.4 from chapter 1, pages 24-25.

Assignment 2, due Wednesday, September 14

  1. Easy mod. Solve problems 5, 6, 7, 8 from chapter 1 (i.e. 1.5, 1.6, 1.7, 1.8), pages 25-26.
  2. More warm up. Solve problems 11, 13 from chapter 1, pages 26-27.
  3. Some work. Solve problems 4, 5, 6 from chapter 2, pages 52-53.
  4. Some more work. Solve problems 8, 10 from chapter 2, pages 53-54.

Assignment 3, due Monday, September 26

  1. Solve problems 1, 3, 4, 7, 9 from chapter 3, pages 83-86.
  2. Solve problems 10, 12 from chapter 3, pages 83-86.
  3. Solve problems 4, 5, 9 from chapter 5, pages 145-146.
  4. Solve problem 16 from chapter 5, page 148.

Assignment 4, due Friday, October 7

In all solutions show the details of your work.
  1. Solve exercises 4, 5 and 6 from chapter 4, page 118.
  2. Solve problems 13.1, 14, 16 from chapter 4, pages 120-121
    (this is the complete page 121 from the textbook, some places on the web show only one of the problems 16 and 17).

  3. Find all irreducible polynomials in Z2[x] of degree 4.
  4. Which of the following polynomials are reducible in Z2[x]: x5 + x4 + 1, x5 + x3 + 1, x5 + x4 + x2 + 1? If reducible, then show factors.
  5. Find all irreducible monic polynomials (with the leading coefficient at x3 equal to 1) in Z3[x] of degree 3.
  6. Compute 01101001*01010001 in GF(256), using the AES irreducible polynomial.

Midterm Exam, Wednesday, October 12, class place/time

Assignment 5, due Monday, October 31

Show the details of your work.
  1. Solve problems 2, 3, 4.1, 4.2, 4.3 (skip 4.4) from chapter 6, page 170.
  2. Solve problems 5, 6, 10 from chapter 6, pages 170-171.
  3. Trace the execution of the Extended Euclid Algorithm, as in example 6.6 page 163, for gcd(665,773). Find the mutual multiplicative inverses of 665 and 773 in their respective canonical intervals.
  4. Find the value of the Euler totient function φ(n), for n = 827, 829, 831, 833, 834, 835 and 839. Show the details of computations.
  5. Find all primitive elements (generators) modulo 139. Attach the program which you used to generate them.

Assignment 6, due Saturday, November 19

Part I, RSA and CRT

  1. Solve problems 1, 2, 6, 7 from chapter 7, pages 200/201.
  2. Read, understand and think about problems 10, 12, 14, 16 pages 201-204. Do not submit answers to them. Many answers can be found on the web. A question similar to one of these problems may be included in the final exam.

Part II, Miller-Rabin Probabilistic Primality Test

The error probability of the Miller-Rabin primality test is at most 1/4, when only one base a is chosen (security parameter s=1). You will now test this claim experimentally.

  1. Find the largest error probability of Miller-Rabin primality testing algorithm for odd integers between 95,000 and 110,000. It is ok to brute-force on all values of a. For modular exponentiation, some version of the square-and-multiply algorithm has to be used. In your answer, you should give this largest error probability (with at least three decimals of precision) and 10 odd integers between 95,000 and 110,000 for which the highest error probability occurs.
  2. Submit a commented hardcopy of your code, and a clear description of what you did (make it a part of one pdf being submitted for this assignment). You are encouraged to compare your error probabilities with your classmates.

Hints on Miller-Rabin Primality Test

The formatting of the Miller-Rabin test in our textbook is somewhat confusing. Nicely formatted pseudocode can be found at wiki, or in the Stinson's textbook. Suppose that we test for primality 25. We have 25 - 1 = 24 = 2^3 * 3. Note that there are exactly two Miller-Rabin liars (different from 1 and n-1), namely a=7 and a=18, since in these cases a^3 != +-1 but a^6 = -1, all mod 25. Thus, the error probability for 25 is 1/11. See also the overall flow as in the class.


Assignment 7, due Saturday, December 3

Show the details of your work.

  1. Solve problems 1, 2, 4 (parts 1, 2, 3), 10 from chapter 8, pages 234-235.
  2. Solve problems 3 (parts 1, 4, 7) and 5 from chapter 11, pages 315-316.
  3. Suppose that you can compute, store, and check for collisions 1000000 instances of SHA-1(x) in one second (this would require lots of resources). How long do you have to run such computations to have a probability at least 1/100 of finding a collision?
  4. Compute the probabilities that there is no birthday collision among t people (as in the middle of page 300), for 12 <= t <= 37. Compute approximations of these probabilities discussed in the middle of page 301. How close are they? (This approximation leads to the sample size estimate for the birthday paradox in the formula (11.1))


Final Exam, Monday, December 12, 70-1455, 7pm-9:30pm


Back to the course page