Assignments
Foundations of Cryptography
CSCI-662-01, Fall 2023, Semester 2231

In all cases show the details of your work, and give brief reasons for your answers. The homeworks are due in pdf format on myCourses. Convert to single pdf before submission, submit just one pdf file for each assignment. You can use generative AI tools for developing answers to homework assignments, but in all places where such use was significant, it needs to be noted.

Assignment 1, due Wednesday, September 6

Warm-up assignment:
Solve problems 1.2, 1.3, 1.4 from chapter 1, pages 24-25.

Assignment 2, due Wednesday, September 20

Extended to Thursday, September 21.
  1. Easy mod. Solve problems 5, 6, 7, 8 from chapter 1 (i.e. 1.5, 1.6, 1.7, 1.8), pages 25-26.
  2. More warm up. Solve problems 11, 13 from chapter 1, pages 26-27.
  3. Some work. Solve problems 4, 5, 6 from chapter 2, pages 52-53.
  4. Some more work. Solve problems 8, 10 from chapter 2, pages 53-54.

Assignment 3, due Wednesday, October 4

  1. Solve problems 1, 3, 4, 7, 9 from chapter 3, pages 83-86.
  2. Solve problems 10, 12 from chapter 3, pages 83-86.
  3. Solve problems 4, 5, 9 from chapter 5, pages 145-146.
  4. Solve problem 16 from chapter 5, page 148.

Assignment 4, due Monday, October 16 (before class at 5pm)

In all solutions show the details of your work.
  1. Solve exercises 4, 5 and 6 from chapter 4, page 118.
  2. Solve problems 13.1, 14, 16 from chapter 4, pages 120-121
    (this is the complete page 121 from the textbook, some places on the web show only one of the problems 16 and 17).

  3. Find all irreducible polynomials in Z2[x] of degree 4.
  4. Which of the following polynomials are reducible in Z2[x]: x5 + x4 + 1, x5 + x3 + 1, x5 + x4 + x2 + 1? If reducible, then show factors.
  5. Find all irreducible monic polynomials (with the leading coefficient at x2 equal to 1) in Z3[x] of degree 2.
  6. Compute 01011001*01010011 in GF(256), using the AES irreducible polynomial.

Midterm Exam, Wednesday, October 18, class place/time

Assignment 5, due Friday, November 10

Show the details of your work.
  1. Solve problems 2, 3, 4.1, 4.2, 4.3 (skip 4.4) from chapter 6, page 170.
  2. Solve problems 5, 6, 10 from chapter 6, pages 170-171.
  3. Trace the execution of the Extended Euclid Algorithm, as in example 6.6 page 163, for gcd(663,773). Find the mutual multiplicative inverses of 663 and 773 in their respective canonical intervals (663^-1 mod 773, 773^-1 mod 663 = 110^-1 mod 663).
  4. Find the value of the Euler totient function φ(n), for n = 831, 833, 834, 835, 837 and 839. Show the details of computations.
  5. Find all primitive elements (generators) modulo 131. Attach the program which you used to generate them.

Assignment 6, due Tuesday, November 21

Part I, RSA and CRT

  1. Solve problems 1, 2, 6, 7 from chapter 7, pages 200/201.
  2. Read, understand and think about problems 10, 12, 14, 16 pages 201-204. Do not submit answers to them. Many answers can be found on the web. A question similar to one of these problems may be included in the final exam.

Part II, Miller-Rabin Probabilistic Primality Test

The error probability of the Miller-Rabin primality test is at most 1/4, when only one base a is chosen (security parameter s=1). You will now test this claim experimentally.

  1. Find the largest error probability of Miller-Rabin primality testing algorithm for odd integers between 95,000 and 105,000. It is ok to brute-force on all values of a. For modular exponentiation, some version of the square-and-multiply algorithm has to be used. In your answer, you should give this largest error probability (with at least three decimals of precision) and 10 odd integers between 95,000 and 110,000 for which the highest error probability occurs.
  2. Submit a commented hardcopy of your code, and a clear description of what you did (make it a part of one pdf being submitted for this assignment). You are encouraged to compare your error probabilities with your classmates.

Hints on Miller-Rabin Primality Test

The formatting of the Miller-Rabin test in our textbook is somewhat confusing. Nicely formatted pseudocode can be found at wiki, or in the Stinson's textbook. Suppose that we test for primality 25. We have 25 - 1 = 24 = 2^3 * 3. Note that there are exactly two Miller-Rabin liars (different from 1 and n-1), namely a=7 and a=18, since in these cases a^3 != +-1 but a^6 = -1, all mod 25. Thus, the error probability for 25 is 1/11. See also the overall flow.


Assignment 7, due Monday, December 11

Show the details of your work.

  1. Solve problems 1, 2, 4 (parts 1, 2, 3), 10 from chapter 8, pages 234-235.
  2. Solve problems 3 (parts 2, 5, 8) and 5 from chapter 11, pages 315-316.
  3. Suppose that you can compute, store, and check for collisions 2000000 instances of SHA-1(x) in one second (this would require signbificant resources). How long do you have to run such computations to have a probability at least 1/100 of finding a collision?
  4. Compute the probabilities that there is no birthday collision among t people (as in the middle of page 300), for 11 <= t <= 38. Compute approximations of these probabilities discussed in the middle of page 301. How close are they? (This approximation leads to the sample size estimate for the birthday paradox in the formula (11.1))


Final Exam, Monday, December 18, 70-2455, 7pm-9:30pm


Back to the course page