NetNews Usenet Archive 1992 #20

home *** CD-ROM | disk | FTP | other *** search
/ NetNews Usenet Archive 1992 #20 / NN_1992_20.iso / spool / sci / math / 11108 < prev next >
LaTeX Document | 1992-09-08 | 48.9 KB
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: LaTeX Document (document/latex).
Confidence	Program	Detection	Match Type	Support
`100%`	dexvert	LaTeX Document `(document/latex)`	magic	Supported
`1%`	dexvert	Text File `(text/txt)`	fallback	Supported
`100%`	file	LaTeX document text	default
`99%`	file	LaTeX document, ASCII text	default
`100%`	checkBytes	Printable ASCII	default
`100%`	perlTextCheck	Likely Text (Perl)	default
`100%`	detectItEasy	Format: plain text[LF]	default (weak)
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 4e 65 77 73 67 72 6f 75 | 70 73 3a 20 73 63 69 2e |Newsgrou|ps: sci.|
|00000010| 6d 61 74 68 0a 50 61 74 | 68 3a 20 73 70 61 72 6b |math.Pat|h: spark|
|00000020| 79 21 75 75 6e 65 74 21 | 7a 61 70 68 6f 64 2e 6d |y!uunet!|zaphod.m|
|00000030| 70 73 2e 6f 68 69 6f 2d | 73 74 61 74 65 2e 65 64 |ps.ohio-|state.ed|
|00000040| 75 21 73 64 64 2e 68 70 | 2e 63 6f 6d 21 75 78 31 |u!sdd.hp|.com!ux1|
|00000050| 2e 63 73 6f 2e 75 69 75 | 63 2e 65 64 75 21 63 65 |.cso.uiu|c.edu!ce|
|00000060| 62 6c 61 69 72 0a 46 72 | 6f 6d 3a 20 63 65 62 6c |blair.Fr|om: cebl|
|00000070| 61 69 72 40 75 78 31 2e | 63 73 6f 2e 75 69 75 63 |air@ux1.|cso.uiuc|
|00000080| 2e 65 64 75 20 28 43 68 | 61 72 6c 65 73 20 42 6c |.edu (Ch|arles Bl|
|00000090| 61 69 72 29 0a 53 75 62 | 6a 65 63 74 3a 20 43 52 |air).Sub|ject: CR|
|000000a0| 59 50 54 4f 47 52 41 50 | 48 59 20 4e 4f 54 45 53 |YPTOGRAP|HY NOTES|
|000000b0| 20 28 70 61 72 74 20 31 | 20 6f 66 20 32 29 0a 4d | (part 1| of 2).M|
|000000c0| 65 73 73 61 67 65 2d 49 | 44 3a 20 3c 42 75 39 48 |essage-I|D: <Bu9H|
|000000d0| 43 45 2e 33 4b 30 40 75 | 78 31 2e 63 73 6f 2e 75 |CE.3K0@u|x1.cso.u|
|000000e0| 69 75 63 2e 65 64 75 3e | 0a 4f 72 67 61 6e 69 7a |iuc.edu>|.Organiz|
|000000f0| 61 74 69 6f 6e 3a 20 55 | 6e 69 76 65 72 73 69 74 |ation: U|niversit|
|00000100| 79 20 6f 66 20 49 6c 6c | 69 6e 6f 69 73 20 61 74 |y of Ill|inois at|
|00000110| 20 55 72 62 61 6e 61 0a | 44 61 74 65 3a 20 54 75 | Urbana.|Date: Tu|
|00000120| 65 2c 20 38 20 53 65 70 | 20 31 39 39 32 20 31 33 |e, 8 Sep| 1992 13|
|00000130| 3a 32 36 3a 32 33 20 47 | 4d 54 0a 4c 69 6e 65 73 |:26:23 G|MT.Lines|
|00000140| 3a 20 38 32 30 0a 0a 0a | 25 20 20 54 68 65 73 65 |: 820...|%  These|
|00000150| 20 61 72 65 20 61 20 73 | 65 74 20 6f 66 20 6e 6f | are a s|et of no|
|00000160| 74 65 73 20 66 6f 72 20 | 61 20 63 6f 75 72 73 65 |tes for |a course|
|00000170| 20 49 20 74 61 75 67 68 | 74 20 69 6e 20 46 61 6c | I taugh|t in Fal|
|00000180| 6c 20 31 39 39 31 20 6f | 6e 20 0a 25 20 70 75 62 |l 1991 o|n .% pub|
|00000190| 6c 69 63 2d 6b 65 79 20 | 63 72 79 70 74 6f 67 72 |lic-key |cryptogr|
|000001a0| 61 70 68 79 20 61 6e 64 | 20 72 65 6c 61 74 65 64 |aphy and| related|
|000001b0| 20 74 6f 70 69 63 73 3a | 20 0a 25 0a 25 20 31 2e | topics:| .%.% 1.|
|000001c0| 20 45 6e 63 72 79 70 74 | 69 6f 6e 20 53 79 73 74 | Encrypt|ion Syst|
|000001d0| 65 6d 73 0a 25 20 32 2e | 20 45 6c 65 6d 65 6e 74 |ems.% 2.| Element|
|000001e0| 61 72 79 20 4e 75 6d 62 | 65 72 20 54 68 65 6f 72 |ary Numb|er Theor|
|000001f0| 79 20 33 2e 20 52 53 41 | 20 61 6e 64 20 52 61 62 |y 3. RSA| and Rab|
|00000200| 69 6e 20 73 79 73 74 65 | 6d 73 0a 25 20 34 2e 20 |in syste|ms.% 4. |
|00000210| 4b 6e 61 70 73 61 63 6b | 20 73 79 73 74 65 6d 73 |Knapsack| systems|
|00000220| 20 28 49 20 64 6f 6e 27 | 74 20 64 69 73 63 75 73 | (I don'|t discus|
|00000230| 73 20 62 72 65 61 6b 69 | 6e 67 20 74 68 65 6d 2e |s breaki|ng them.|
|00000240| 20 20 53 6f 72 72 79 21 | 29 0a 25 20 35 2e 20 49 |  Sorry!|).% 5. I|
|00000250| 6e 74 72 6f 64 75 63 74 | 69 6f 6e 20 74 6f 20 4e |ntroduct|ion to N|
|00000260| 50 2d 43 6f 6d 70 6c 65 | 74 65 6e 65 73 73 20 36 |P-Comple|teness 6|
|00000270| 2e 20 52 61 62 69 6e 27 | 73 20 70 72 69 6d 61 6c |. Rabin'|s primal|
|00000280| 69 74 79 20 74 65 73 74 | 0a 25 20 37 2e 20 50 72 |ity test|.% 7. Pr|
|00000290| 6f 62 61 62 69 6c 69 73 | 74 69 63 20 45 6e 63 72 |obabilis|tic Encr|
|000002a0| 79 70 74 69 6f 6e 20 28 | 47 6f 6c 64 77 61 73 73 |yption (|Goldwass|
|000002b0| 65 72 2d 4d 69 63 61 6c | 69 29 0a 25 20 38 2e 20 |er-Mical|i).% 8. |
|000002c0| 50 73 65 75 64 6f 2d 72 | 61 6e 64 6f 6d 20 6e 75 |Pseudo-r|andom nu|
|000002d0| 6d 62 65 72 20 67 65 6e | 65 72 61 74 6f 72 73 20 |mber gen|erators |
|000002e0| 28 42 6c 75 6d 2d 42 6c | 75 6d 2d 53 68 75 62 29 |(Blum-Bl|um-Shub)|
|000002f0| 0a 25 20 39 2e 20 46 75 | 72 74 68 65 72 20 72 65 |.% 9. Fu|rther re|
|00000300| 73 75 6c 74 73 20 6f 6e | 20 70 73 65 75 64 6f 2d |sults on| pseudo-|
|00000310| 72 61 6e 64 6f 6d 20 6e | 75 6d 62 65 72 73 0a 25 |random n|umbers.%|
|00000320| 0a 25 20 5b 54 68 65 72 | 65 20 68 61 76 65 20 62 |.% [Ther|e have b|
|00000330| 65 65 6e 20 73 6f 6d 65 | 20 6d 69 6e 6f 72 20 63 |een some| minor c|
|00000340| 6f 72 72 65 63 74 69 6f | 6e 73 2c 20 61 6e 64 20 |orrectio|ns, and |
|00000350| 74 68 65 20 73 68 6f 72 | 74 20 73 65 63 74 69 6f |the shor|t sectio|
|00000360| 6e 20 39 0a 25 20 20 69 | 73 20 6e 65 77 20 73 69 |n 9.%  i|s new si|
|00000370| 6e 63 65 20 74 68 65 20 | 6f 72 69 67 69 6e 61 6c |nce the |original|
|00000380| 20 70 6f 73 74 69 6e 67 | 2e 5d 0a 25 20 0a 25 20 | posting|.].% .% |
|00000390| 20 20 54 68 69 73 20 69 | 73 20 61 20 4c 61 54 65 |  This i|s a LaTe|
|000003a0| 58 20 66 69 6c 65 20 69 | 6e 20 74 77 6f 20 70 61 |X file i|n two pa|
|000003b0| 72 74 73 20 28 34 35 20 | 70 61 67 65 73 20 77 68 |rts (45 |pages wh|
|000003c0| 65 6e 20 70 72 69 6e 74 | 65 64 29 2e 20 20 43 6f |en print|ed).  Co|
|000003d0| 6e 63 61 74 2d 0a 25 20 | 65 6e 61 74 65 20 74 68 |ncat-.% |enate th|
|000003e0| 65 20 74 77 6f 20 70 61 | 72 74 73 20 62 65 66 6f |e two pa|rts befo|
|000003f0| 72 65 20 72 75 6e 6e 69 | 6e 67 20 4c 61 54 65 58 |re runni|ng LaTeX|
|00000400| 2e 20 20 41 64 76 61 6e | 63 65 64 20 72 65 61 64 |.  Advan|ced read|
|00000410| 65 72 73 20 77 68 6f 20 | 6f 6e 6c 79 0a 25 20 77 |ers who |only.% w|
|00000420| 61 6e 74 20 73 65 63 74 | 69 6f 6e 73 20 37 2d 39 |ant sect|ions 7-9|
|00000430| 20 63 61 6e 20 64 65 6c | 65 74 65 20 66 72 6f 6d | can del|ete from|
|00000440| 20 74 68 65 20 6c 69 6e | 65 20 5c 73 65 63 74 69 | the lin|e \secti|
|00000450| 6f 6e 7b 45 6e 63 72 79 | 70 74 69 6f 6e 20 53 79 |on{Encry|ption Sy|
|00000460| 73 74 65 6d 73 7d 0a 25 | 20 74 6f 20 74 68 65 20 |stems}.%| to the |
|00000470| 65 6e 64 20 6f 66 20 74 | 68 69 73 20 66 69 6c 65 |end of t|his file|
|00000480| 20 62 65 66 6f 72 65 20 | 63 6f 6e 63 61 74 65 6e | before |concaten|
|00000490| 61 74 69 6e 67 2e 0a 25 | 0a 25 20 20 20 49 20 68 |ating..%|.%   I h|
|000004a0| 61 76 65 20 69 6e 63 6c | 75 64 65 64 20 61 20 63 |ave incl|uded a c|
|000004b0| 6f 70 79 72 69 67 68 74 | 20 61 6e 6e 6f 75 6e 63 |opyright| announc|
|000004c0| 65 6d 65 6e 74 20 60 60 | 6a 75 73 74 20 69 6e 20 |ement ``|just in |
|000004d0| 63 61 73 65 2e 27 27 20 | 20 48 6f 77 65 76 65 72 |case.'' | However|
|000004e0| 2c 0a 25 20 49 20 73 70 | 65 63 69 66 69 63 61 6c |,.% I sp|ecifical|
|000004f0| 6c 79 20 61 75 74 68 6f | 72 69 7a 65 20 75 73 65 |ly autho|rize use|
|00000500| 20 6f 66 20 74 68 69 73 | 20 6d 61 74 65 72 69 61 | of this| materia|
|00000510| 6c 20 66 6f 72 20 74 65 | 61 63 68 69 6e 67 20 63 |l for te|aching c|
|00000520| 6c 61 73 73 65 73 2c 0a | 25 20 69 6e 63 6c 75 73 |lasses,.|% inclus|
|00000530| 69 6f 6e 20 69 6e 20 66 | 74 70 20 73 69 74 65 73 |ion in f|tp sites|
|00000540| 2c 20 61 6e 64 20 73 69 | 6d 69 6c 61 72 20 6e 6f |, and si|milar no|
|00000550| 6e 2d 70 72 6f 66 69 74 | 20 61 63 74 69 76 69 74 |n-profit| activit|
|00000560| 69 65 73 2e 20 20 49 20 | 77 6f 75 6c 64 2c 0a 25 |ies.  I |would,.%|
|00000570| 20 6f 66 20 63 6f 75 72 | 73 65 2c 20 61 70 70 72 | of cour|se, appr|
|00000580| 65 63 69 61 74 65 20 61 | 70 70 72 6f 70 72 69 61 |eciate a|ppropria|
|00000590| 74 65 20 61 74 74 72 69 | 62 75 74 69 6f 6e 2e 0a |te attri|bution..|
|000005a0| 25 0a 25 20 20 20 49 20 | 64 6f 20 6e 6f 74 20 63 |%.%   I |do not c|
|000005b0| 6c 61 69 6d 20 74 6f 20 | 68 61 76 65 20 70 72 6f |laim to |have pro|
|000005c0| 76 65 6e 20 61 6e 79 20 | 6e 65 77 20 72 65 73 75 |ven any |new resu|
|000005d0| 6c 74 73 20 61 6e 64 20 | 74 72 69 65 64 20 74 6f |lts and |tried to|
|000005e0| 20 67 69 76 65 0a 25 20 | 61 70 70 72 6f 70 72 69 | give.% |appropri|
|000005f0| 61 74 65 20 63 72 65 64 | 69 74 73 2e 20 20 48 6f |ate cred|its.  Ho|
|00000600| 77 65 76 65 72 2c 20 49 | 20 68 6f 70 65 20 74 68 |wever, I| hope th|
|00000610| 61 74 20 6d 79 20 65 78 | 70 6f 73 69 74 69 6f 6e |at my ex|position|
|00000620| 20 6d 61 79 20 62 65 20 | 65 61 73 69 65 72 0a 25 | may be |easier.%|
|00000630| 20 74 6f 20 75 6e 64 65 | 72 73 74 61 6e 64 20 74 | to unde|rstand t|
|00000640| 68 61 6e 20 6f 74 68 65 | 72 20 76 65 72 73 69 6f |han othe|r versio|
|00000650| 6e 73 2e 0a 25 0a 25 20 | 20 20 53 75 67 67 65 73 |ns..%.% |  Sugges|
|00000660| 74 69 6f 6e 73 20 61 6e | 64 20 28 65 73 70 65 63 |tions an|d (espec|
|00000670| 69 61 6c 6c 79 29 20 63 | 6f 72 72 65 63 74 69 6f |ially) c|orrectio|
|00000680| 6e 73 20 61 72 65 20 77 | 65 6c 63 6f 6d 65 2e 0a |ns are w|elcome..|
|00000690| 25 0a 25 20 20 20 20 43 | 68 61 72 6c 65 73 20 42 |%.%    C|harles B|
|000006a0| 6c 61 69 72 20 28 63 65 | 62 6c 61 69 72 40 75 78 |lair (ce|blair@ux|
|000006b0| 31 2e 63 73 6f 2e 75 69 | 75 63 2e 65 64 75 29 0a |1.cso.ui|uc.edu).|
|000006c0| 25 0a 5c 64 6f 63 75 6d | 65 6e 74 73 74 79 6c 65 |%.\docum|entstyle|
|000006d0| 5b 31 32 70 74 5d 7b 61 | 72 74 69 63 6c 65 7d 5c |[12pt]{a|rticle}\|
|000006e0| 62 65 67 69 6e 7b 64 6f | 63 75 6d 65 6e 74 7d 0a |begin{do|cument}.|
|000006f0| 5c 74 69 74 6c 65 7b 4e | 6f 74 65 73 20 6f 6e 20 |\title{N|otes on |
|00000700| 43 72 79 70 74 6f 67 72 | 61 70 68 79 20 7d 5c 61 |Cryptogr|aphy }\a|
|00000710| 75 74 68 6f 72 7b 43 68 | 61 72 6c 65 73 20 42 6c |uthor{Ch|arles Bl|
|00000720| 61 69 72 5c 5c 0a 42 75 | 73 69 6e 65 73 73 20 41 |air\\.Bu|siness A|
|00000730| 64 6d 69 6e 69 73 74 72 | 61 74 69 6f 6e 20 44 65 |dministr|ation De|
|00000740| 70 74 2e 5c 5c 55 6e 69 | 76 65 72 73 69 74 79 20 |pt.\\Uni|versity |
|00000750| 6f 66 20 49 6c 6c 69 6e | 6f 69 73 5c 5c 0a 63 65 |of Illin|ois\\.ce|
|00000760| 62 6c 61 69 72 40 75 78 | 31 2e 63 73 6f 2e 75 69 |blair@ux|1.cso.ui|
|00000770| 75 63 2e 65 64 75 7d 0a | 5c 64 61 74 65 7b 5c 63 |uc.edu}.|\date{\c|
|00000780| 6f 70 79 72 69 67 68 74 | 31 39 39 31 20 62 79 20 |opyright|1991 by |
|00000790| 74 68 65 20 61 75 74 68 | 6f 72 7d 5c 6d 61 6b 65 |the auth|or}\make|
|000007a0| 74 69 74 6c 65 5c 74 61 | 62 6c 65 6f 66 63 6f 6e |title\ta|bleofcon|
|000007b0| 74 65 6e 74 73 0a 5c 6e | 65 77 74 68 65 6f 72 65 |tents.\n|ewtheore|
|000007c0| 6d 7b 54 68 7d 7b 54 68 | 65 6f 72 65 6d 7d 0a 5c |m{Th}{Th|eorem}.\|
|000007d0| 6e 65 77 74 68 65 6f 72 | 65 6d 7b 4c 65 7d 5b 54 |newtheor|em{Le}[T|
|000007e0| 68 5d 7b 4c 65 6d 6d 61 | 7d 5c 6e 65 77 74 68 65 |h]{Lemma|}\newthe|
|000007f0| 6f 72 65 6d 7b 43 6f 7d | 5b 54 68 5d 7b 43 6f 72 |orem{Co}|[Th]{Cor|
|00000800| 6f 6c 6c 61 72 79 7d 0a | 5c 6e 65 77 63 6f 6d 6d |ollary}.|\newcomm|
|00000810| 61 6e 64 7b 5c 70 71 7d | 7b 5c 70 61 72 5c 6d 65 |and{\pq}|{\par\me|
|00000820| 64 73 6b 69 70 7d 0a 5c | 6e 65 77 63 6f 6d 6d 61 |dskip}.\|newcomma|
|00000830| 6e 64 7b 5c 63 6f 7d 5b | 33 5d 7b 23 31 5c 65 71 |nd{\co}[|3]{#1\eq|
|00000840| 75 69 76 23 32 5c 68 62 | 6f 78 7b 20 6d 6f 64 20 |uiv#2\hb|ox{ mod |
|00000850| 7d 23 33 7d 0a 5c 6e 65 | 77 63 6f 6d 6d 61 6e 64 |}#3}.\ne|wcommand|
|00000860| 7b 5c 72 6f 7d 7b 5c 68 | 62 6f 78 7b 20 6f 72 20 |{\ro}{\h|box{ or |
|00000870| 7d 7d 0a 5c 6e 65 77 63 | 6f 6d 6d 61 6e 64 7b 5c |}}.\newc|ommand{\|
|00000880| 7a 6f 7d 7b 5a 5e 31 5f | 6e 7d 5c 6e 65 77 63 6f |zo}{Z^1_|n}\newco|
|00000890| 6d 6d 61 6e 64 7b 5c 70 | 73 7d 7b 70 5f 7b 50 53 |mmand{\p|s}{p_{PS|
|000008a0| 7d 7d 0a 5c 6e 65 77 63 | 6f 6d 6d 61 6e 64 7b 5c |}}.\newc|ommand{\|
|000008b0| 54 7d 7b 7b 5c 62 66 20 | 54 7d 7d 20 5c 6e 65 77 |T}{{\bf |T}} \new|
|000008c0| 63 6f 6d 6d 61 6e 64 7b | 5c 46 7d 7b 7b 5c 62 66 |command{|\F}{{\bf|
|000008d0| 20 46 7d 7d 0a 5c 6e 65 | 77 65 6e 76 69 72 6f 6e | F}}.\ne|wenviron|
|000008e0| 6d 65 6e 74 7b 6c 73 74 | 7d 0a 7b 5c 62 65 67 69 |ment{lst|}.{\begi|
|000008f0| 6e 7b 63 65 6e 74 65 72 | 7d 5c 62 65 67 69 6e 7b |n{center|}\begin{|
|00000900| 74 61 62 75 6c 61 72 7d | 7b 6c 7d 7d 7b 5c 65 6e |tabular}|{l}}{\en|
|00000910| 64 7b 74 61 62 75 6c 61 | 72 7d 5c 65 6e 64 7b 63 |d{tabula|r}\end{c|
|00000920| 65 6e 74 65 72 7d 7d 0a | 5c 73 65 63 74 69 6f 6e |enter}}.|\section|
|00000930| 7b 45 6e 63 72 79 70 74 | 69 6f 6e 20 53 79 73 74 |{Encrypt|ion Syst|
|00000940| 65 6d 73 7d 0a 41 6e 20 | 65 6e 63 72 79 70 74 69 |ems}.An |encrypti|
|00000950| 6f 6e 20 73 79 73 74 65 | 6d 20 69 73 20 61 20 70 |on syste|m is a p|
|00000960| 72 6f 63 65 64 75 72 65 | 20 77 68 69 63 68 20 74 |rocedure| which t|
|00000970| 61 6b 65 73 20 74 68 65 | 20 6f 72 69 67 69 6e 61 |akes the| origina|
|00000980| 6c 20 6d 65 73 73 61 67 | 65 0a 28 7b 5c 69 74 20 |l messag|e.({\it |
|00000990| 70 6c 61 69 6e 74 65 78 | 74 5c 2f 7d 29 20 61 6e |plaintex|t\/}) an|
|000009a0| 64 20 61 20 73 6d 61 6c | 6c 20 70 69 65 63 65 20 |d a smal|l piece |
|000009b0| 6f 66 20 69 6e 66 6f 72 | 6d 61 74 69 6f 6e 20 61 |of infor|mation a|
|000009c0| 72 72 61 6e 67 65 64 20 | 69 6e 20 61 64 76 61 6e |rranged |in advan|
|000009d0| 63 65 0a 62 65 74 77 65 | 65 6e 20 73 65 6e 64 65 |ce.betwe|en sende|
|000009e0| 72 20 61 6e 64 20 72 65 | 63 65 69 76 65 72 20 28 |r and re|ceiver (|
|000009f0| 74 68 65 20 7b 5c 69 74 | 20 6b 65 79 5c 2f 7d 29 |the {\it| key\/})|
|00000a00| 20 61 6e 64 20 63 72 65 | 61 74 65 73 20 61 6e 20 | and cre|ates an |
|00000a10| 65 6e 63 6f 64 65 64 0a | 76 65 72 73 69 6f 6e 20 |encoded.|version |
|00000a20| 6f 66 20 74 68 65 20 6d | 65 73 73 61 67 65 20 28 |of the m|essage (|
|00000a30| 74 68 65 20 7b 5c 69 74 | 20 63 69 70 68 65 72 74 |the {\it| ciphert|
|00000a40| 65 78 74 5c 2f 7d 29 2e | 0a 5c 70 71 20 57 68 65 |ext\/}).|.\pq Whe|
|00000a50| 6e 20 77 65 20 61 72 65 | 20 63 6f 6e 73 69 64 65 |n we are| conside|
|00000a60| 72 69 6e 67 20 74 68 65 | 20 71 75 61 6c 69 74 79 |ring the| quality|
|00000a70| 20 6f 66 20 61 6e 20 65 | 6e 63 72 79 70 74 69 6f | of an e|ncryptio|
|00000a80| 6e 20 73 79 73 74 65 6d | 2c 20 77 65 20 61 73 73 |n system|, we ass|
|00000a90| 75 6d 65 0a 74 68 65 20 | 70 65 72 73 6f 6e 20 74 |ume.the |person t|
|00000aa0| 72 79 69 6e 67 20 74 6f | 20 64 65 63 6f 64 65 20 |rying to| decode |
|00000ab0| 74 68 65 20 6d 65 73 73 | 61 67 65 20 6b 6e 6f 77 |the mess|age know|
|00000ac0| 73 20 77 68 61 74 20 74 | 68 65 20 67 65 6e 65 72 |s what t|he gener|
|00000ad0| 61 6c 20 70 72 6f 5c 2d | 63 65 64 75 72 65 0a 69 |al pro\-|cedure.i|
|00000ae0| 73 20 61 6e 64 20 69 73 | 20 6c 6f 6f 6b 69 6e 67 |s and is| looking|
|00000af0| 20 61 74 20 74 68 65 20 | 63 69 70 68 65 72 74 65 | at the |cipherte|
|00000b00| 78 74 2d 2d 2d 20 74 68 | 65 20 6f 6e 6c 79 20 74 |xt--- th|e only t|
|00000b10| 68 69 6e 67 20 68 65 20 | 64 6f 65 73 20 6e 6f 74 |hing he |does not|
|00000b20| 20 68 61 76 65 0a 69 73 | 20 74 68 65 20 6b 65 79 | have.is| the key|
|00000b30| 2e 20 20 57 65 20 61 6c | 73 6f 20 61 73 73 75 6d |.  We al|so assum|
|00000b40| 65 20 74 68 65 20 70 65 | 72 73 6f 6e 20 73 65 6e |e the pe|rson sen|
|00000b50| 64 69 6e 67 20 6d 65 73 | 73 61 67 65 73 20 64 6f |ding mes|sages do|
|00000b60| 65 73 20 6e 6f 74 20 73 | 70 65 6e 64 0a 74 69 6d |es not s|pend.tim|
|00000b70| 65 20 74 72 79 69 6e 67 | 20 74 6f 20 63 6f 6e 74 |e trying| to cont|
|00000b80| 72 69 76 65 20 61 20 64 | 69 66 66 69 63 75 6c 74 |rive a d|ifficult|
|00000b90| 2d 74 6f 2d 72 65 61 64 | 20 6d 65 73 73 61 67 65 |-to-read| message|
|00000ba0| 20 62 79 20 75 73 69 6e | 67 20 75 6e 75 73 75 61 | by usin|g unusua|
|00000bb0| 6c 0a 77 6f 72 64 73 20 | 6f 72 20 6c 65 74 74 65 |l.words |or lette|
|00000bc0| 72 20 66 72 65 71 75 65 | 6e 63 69 65 73 2d 2d 2d |r freque|ncies---|
|00000bd0| 20 74 68 65 20 73 65 6e | 64 65 72 20 69 73 20 63 | the sen|der is c|
|00000be0| 6f 75 6e 74 69 6e 67 20 | 6f 6e 20 74 68 65 20 73 |ounting |on the s|
|00000bf0| 79 73 74 65 6d 20 74 6f | 0a 70 72 6f 76 69 64 65 |ystem to|.provide|
|00000c00| 20 61 6c 6c 20 74 68 65 | 20 6e 65 65 64 65 64 20 | all the| needed |
|00000c10| 73 65 63 75 72 69 74 79 | 2e 0a 5c 70 71 20 55 73 |security|..\pq Us|
|00000c20| 75 61 6c 6c 79 20 6f 6e | 65 20 61 73 73 75 6d 65 |ually on|e assume|
|00000c30| 73 20 74 68 65 20 70 65 | 72 73 6f 6e 20 74 72 79 |s the pe|rson try|
|00000c40| 69 6e 67 20 74 6f 20 62 | 72 65 61 6b 20 74 68 65 |ing to b|reak the|
|00000c50| 20 63 6f 64 65 20 69 73 | 20 6f 6e 6c 79 0a 77 6f | code is| only.wo|
|00000c60| 72 6b 69 6e 67 20 77 69 | 74 68 20 74 68 65 20 63 |rking wi|th the c|
|00000c70| 69 70 68 65 72 74 65 78 | 74 2e 20 20 48 6f 77 65 |iphertex|t.  Howe|
|00000c80| 76 65 72 2c 20 74 68 65 | 72 65 20 61 72 65 20 73 |ver, the|re are s|
|00000c90| 69 74 75 61 74 69 6f 6e | 73 20 69 6e 20 77 68 69 |ituation|s in whi|
|00000ca0| 63 68 0a 62 6f 74 68 20 | 70 6c 61 69 6e 74 65 78 |ch.both |plaintex|
|00000cb0| 74 20 61 6e 64 20 63 69 | 70 68 65 72 74 65 78 74 |t and ci|phertext|
|00000cc0| 20 6f 66 20 61 20 70 72 | 65 76 69 6f 75 73 6c 79 | of a pr|eviously|
|00000cd0| 20 65 6e 63 6f 64 65 64 | 20 6d 65 73 73 61 67 65 | encoded| message|
|00000ce0| 20 61 72 65 20 0a 61 76 | 61 69 6c 61 62 6c 65 2e | are .av|ailable.|
|00000cf0| 20 20 46 6f 72 20 65 78 | 61 6d 70 6c 65 2c 20 49 |  For ex|ample, I|
|00000d00| 20 6f 66 74 65 6e 20 6b | 65 65 70 20 65 6e 63 72 | often k|eep encr|
|00000d10| 79 70 74 65 64 20 76 65 | 72 73 69 6f 6e 73 20 6f |ypted ve|rsions o|
|00000d20| 66 20 65 78 61 6d 69 6e | 61 74 69 6f 6e 73 0a 6f |f examin|ations.o|
|00000d30| 6e 20 61 20 6d 61 69 6e | 66 72 61 6d 65 20 63 6f |n a main|frame co|
|00000d40| 6d 70 75 74 65 72 2c 20 | 6f 6e 6c 79 20 64 65 63 |mputer, |only dec|
|00000d50| 6f 64 69 6e 67 20 74 68 | 65 6d 20 6a 75 73 74 20 |oding th|em just |
|00000d60| 62 65 66 6f 72 65 20 68 | 61 76 69 6e 67 20 74 68 |before h|aving th|
|00000d70| 65 6d 0a 70 72 69 6e 74 | 65 64 2c 20 61 6e 64 20 |em.print|ed, and |
|00000d80| 64 65 6c 65 74 69 6e 67 | 20 74 68 65 20 70 6c 61 |deleting| the pla|
|00000d90| 69 6e 74 65 78 74 20 66 | 69 6c 65 20 69 6d 6d 65 |intext f|ile imme|
|00000da0| 64 69 61 74 65 6c 79 20 | 61 66 74 65 72 77 61 72 |diately |afterwar|
|00000db0| 64 2e 20 20 49 66 20 61 | 0a 73 74 75 64 65 6e 74 |d.  If a|.student|
|00000dc0| 20 77 61 73 20 61 62 6c | 65 20 74 6f 20 6c 6f 6f | was abl|e to loo|
|00000dd0| 6b 20 61 74 20 6d 79 20 | 66 69 6c 65 73 2c 20 68 |k at my |files, h|
|00000de0| 65 20 63 6f 75 6c 64 20 | 6b 65 65 70 20 61 20 63 |e could |keep a c|
|00000df0| 6f 70 79 20 6f 66 20 74 | 68 65 0a 65 6e 63 6f 64 |opy of t|he.encod|
|00000e00| 65 64 20 74 65 73 74 20 | 61 6e 64 20 63 6f 6d 70 |ed test |and comp|
|00000e10| 61 72 65 20 74 68 69 73 | 20 77 69 74 68 20 74 68 |are this| with th|
|00000e20| 65 20 74 65 73 74 20 68 | 65 20 74 6f 6f 6b 2e 20 |e test h|e took. |
|00000e30| 20 41 73 20 77 65 20 77 | 69 6c 6c 20 73 65 65 2c | As we w|ill see,|
|00000e40| 0a 74 68 69 73 20 6d 61 | 79 20 62 65 20 76 65 72 |.this ma|y be ver|
|00000e50| 79 20 75 73 65 66 75 6c | 20 69 6e 20 64 65 63 6f |y useful| in deco|
|00000e60| 64 69 6e 67 20 66 75 74 | 75 72 65 20 74 65 73 74 |ding fut|ure test|
|00000e70| 73 2e 0a 5c 70 71 5b 4f | 6e 65 20 63 6f 75 6e 74 |s..\pq[O|ne count|
|00000e80| 65 72 6d 65 61 73 75 72 | 65 20 61 67 61 69 6e 73 |ermeasur|e agains|
|00000e90| 74 20 74 68 69 73 20 74 | 79 70 65 20 6f 66 20 7b |t this t|ype of {|
|00000ea0| 5c 69 74 20 6b 6e 6f 77 | 6e 2d 70 6c 61 69 6e 74 |\it know|n-plaint|
|00000eb0| 65 78 74 20 61 74 74 61 | 63 6b 5c 2f 7d 0a 69 73 |ext atta|ck\/}.is|
|00000ec0| 20 74 6f 20 63 6f 6e 74 | 69 6e 75 61 6c 6c 79 20 | to cont|inually |
|00000ed0| 63 68 61 6e 67 65 20 6b | 65 79 73 2c 20 61 73 73 |change k|eys, ass|
|00000ee0| 75 6d 69 6e 67 20 61 6e | 20 65 6e 63 72 79 70 74 |uming an| encrypt|
|00000ef0| 69 6f 6e 20 75 73 69 6e | 67 20 6f 6e 65 20 6b 65 |ion usin|g one ke|
|00000f00| 79 20 69 73 0a 6e 6f 74 | 20 68 65 6c 70 66 75 6c |y is.not| helpful|
|00000f10| 20 6f 6e 20 61 20 64 69 | 66 66 65 72 65 6e 74 20 | on a di|fferent |
|00000f20| 6b 65 79 2e 20 20 49 74 | 20 63 61 6e 20 62 65 63 |key.  It| can bec|
|00000f30| 6f 6d 65 20 64 69 66 66 | 69 63 75 6c 74 20 74 6f |ome diff|icult to|
|00000f40| 20 6b 65 65 70 20 74 72 | 61 63 6b 0a 6f 66 20 74 | keep tr|ack.of t|
|00000f50| 68 65 20 64 69 66 66 65 | 72 65 6e 74 20 6b 65 79 |he diffe|rent key|
|00000f60| 73 20 69 6e 20 75 73 65 | 2c 20 65 73 70 65 63 69 |s in use|, especi|
|00000f70| 61 6c 6c 79 20 69 66 20 | 74 68 65 79 20 61 72 65 |ally if |they are|
|00000f80| 20 6c 6f 6e 67 2e 5d 0a | 5c 70 71 20 41 20 6d 6f | long.].|\pq A mo|
|00000f90| 72 65 20 64 65 6d 61 6e | 64 69 6e 67 20 73 74 61 |re deman|ding sta|
|00000fa0| 6e 64 61 72 64 20 69 73 | 20 74 68 61 74 20 61 20 |ndard is| that a |
|00000fb0| 63 6f 64 65 20 6d 61 79 | 20 62 65 20 73 61 66 65 |code may| be safe|
|00000fc0| 20 61 67 61 69 6e 73 74 | 20 61 0a 7b 5c 69 74 20 | against| a.{\it |
|00000fd0| 63 68 6f 73 65 6e 2d 70 | 6c 61 69 6e 74 65 78 74 |chosen-p|laintext|
|00000fe0| 20 61 74 74 61 63 6b 7d | 2e 20 20 57 65 20 61 72 | attack}|.  We ar|
|00000ff0| 65 20 69 6d 61 67 69 6e | 69 6e 67 20 74 68 61 74 |e imagin|ing that|
|00001000| 20 74 68 65 20 65 6e 63 | 72 79 70 74 69 6f 6e 20 | the enc|ryption |
|00001010| 69 73 0a 64 6f 6e 65 20 | 62 79 20 61 20 6d 61 63 |is.done |by a mac|
|00001020| 68 69 6e 65 2c 20 61 6e | 64 20 74 68 61 74 20 75 |hine, an|d that u|
|00001030| 6e 61 75 74 68 6f 72 69 | 7a 65 64 20 70 65 72 73 |nauthori|zed pers|
|00001040| 6f 6e 73 20 6d 61 79 20 | 68 61 76 65 20 61 63 63 |ons may |have acc|
|00001050| 65 73 73 20 74 6f 0a 74 | 68 65 20 6d 61 63 68 69 |ess to.t|he machi|
|00001060| 6e 65 20 28 61 6c 74 68 | 6f 75 67 68 20 77 65 20 |ne (alth|ough we |
|00001070| 61 73 73 75 6d 65 20 74 | 68 65 79 20 61 72 65 20 |assume t|hey are |
|00001080| 6f 6e 6c 79 20 75 73 69 | 6e 67 20 69 74 20 69 6e |only usi|ng it in|
|00001090| 20 74 68 65 20 6e 6f 72 | 6d 61 6c 0a 77 61 79 2c | the nor|mal.way,|
|000010a0| 20 6e 6f 74 20 61 6c 6c | 6f 77 65 64 20 74 6f 20 | not all|owed to |
|000010b0| 74 61 6b 65 20 69 74 20 | 61 70 61 72 74 29 2e 0a |take it |apart)..|
|000010c0| 5c 73 75 62 73 65 63 74 | 69 6f 6e 2a 7b 45 78 61 |\subsect|ion*{Exa|
|000010d0| 6d 70 6c 65 20 31 3a 20 | 53 69 6d 70 6c 65 20 73 |mple 1: |Simple s|
|000010e0| 75 62 73 74 69 74 75 74 | 69 6f 6e 7d 0a 54 68 69 |ubstitut|ion}.Thi|
|000010f0| 73 20 69 73 20 74 68 65 | 20 73 69 6d 70 6c 65 20 |s is the| simple |
|00001100| 6c 65 74 74 65 72 2d 66 | 6f 72 2d 6c 65 74 74 65 |letter-f|or-lette|
|00001110| 72 20 6d 65 74 68 6f 64 | 20 66 6f 75 6e 64 20 69 |r method| found i|
|00001120| 6e 20 50 6f 65 27 73 20 | 60 60 54 68 65 20 47 6f |n Poe's |``The Go|
|00001130| 6c 64 0a 42 75 67 27 27 | 20 61 6e 64 20 6d 61 6e |ld.Bug''| and man|
|00001140| 79 20 6f 74 68 65 72 20 | 73 74 6f 72 69 65 73 2e |y other |stories.|
|00001150| 20 20 54 68 65 20 6b 65 | 79 20 69 73 20 61 20 72 |  The ke|y is a r|
|00001160| 65 61 72 72 61 6e 67 65 | 6d 65 6e 74 20 6f 66 20 |earrange|ment of |
|00001170| 74 68 65 0a 32 36 20 6c | 65 74 74 65 72 73 3a 5c |the.26 l|etters:\|
|00001180| 62 65 67 69 6e 7b 6c 73 | 74 7d 5c 74 74 20 41 42 |begin{ls|t}\tt AB|
|00001190| 43 44 45 46 47 48 49 4a | 4b 4c 4d 4e 4f 50 51 52 |CDEFGHIJ|KLMNOPQR|
|000011a0| 53 54 55 56 57 58 59 5a | 5c 5c 20 5c 74 74 0a 61 |STUVWXYZ|\\ \tt.a|
|000011b0| 63 74 71 67 77 72 7a 64 | 65 76 66 62 68 69 6e 73 |ctqgwrzd|evfbhins|
|000011c0| 79 6d 75 6a 78 70 6c 6f | 6b 5c 65 6e 64 7b 6c 73 |ymujxplo|k\end{ls|
|000011d0| 74 7d 0a 20 20 55 73 69 | 6e 67 20 74 68 69 73 20 |t}.  Usi|ng this |
|000011e0| 6b 65 79 2c 20 74 68 65 | 20 70 6c 61 69 6e 74 65 |key, the| plainte|
|000011f0| 78 74 3a 5c 62 65 67 69 | 6e 7b 6c 73 74 7d 5c 74 |xt:\begi|n{lst}\t|
|00001200| 74 20 5c 6c 61 62 65 6c | 7b 70 6c 7d 0a 20 20 54 |t \label|{pl}.  T|
|00001210| 48 45 20 53 45 43 55 52 | 49 54 59 20 4f 46 20 54 |HE SECUR|ITY OF T|
|00001220| 48 45 20 52 53 41 20 45 | 4e 43 4f 44 49 4e 47 20 |HE RSA E|NCODING |
|00001230| 53 43 48 45 4d 45 20 52 | 45 4c 49 45 53 20 4f 4e |SCHEME R|ELIES ON|
|00001240| 20 54 48 45 5c 5c 0a 5c | 74 74 20 46 41 43 54 20 | THE\\.\|tt FACT |
|00001250| 54 48 41 54 20 4e 4f 42 | 4f 44 59 20 48 41 53 20 |THAT NOB|ODY HAS |
|00001260| 42 45 45 4e 20 41 42 4c | 45 20 54 4f 20 44 49 53 |BEEN ABL|E TO DIS|
|00001270| 43 4f 56 45 52 20 48 4f | 57 20 54 4f 20 54 41 4b |COVER HO|W TO TAK|
|00001280| 45 20 5c 5c 20 5c 74 74 | 0a 43 55 42 45 20 52 4f |E \\ \tt|.CUBE RO|
|00001290| 4f 54 53 20 4d 4f 44 20 | 4e 20 57 49 54 48 4f 55 |OTS MOD |N WITHOU|
|000012a0| 54 20 4b 4e 4f 57 49 4e | 47 20 4e 53 20 46 41 43 |T KNOWIN|G NS FAC|
|000012b0| 54 4f 52 53 5c 65 6e 64 | 7b 6c 73 74 7d 0a 62 65 |TORS\end|{lst}.be|
|000012c0| 63 6f 6d 65 73 20 74 68 | 65 20 63 69 70 68 65 72 |comes th|e cipher|
|000012d0| 74 65 78 74 3a 5c 62 65 | 67 69 6e 7b 6c 73 74 7d |text:\be|gin{lst}|
|000012e0| 5c 74 74 0a 20 20 55 5a | 47 20 4d 47 54 4a 59 44 |\tt.  UZ|G MGTJYD|
|000012f0| 55 4f 20 49 57 20 55 5a | 47 20 59 4d 41 20 47 48 |UO IW UZ|G YMA GH|
|00001300| 54 49 51 44 48 52 20 4d | 54 5a 47 42 47 20 59 47 |TIQDHR M|TZGBG YG|
|00001310| 46 44 47 4d 20 49 48 20 | 55 5a 47 5c 5c 20 5c 74 |FDGM IH |UZG\\ \t|
|00001320| 74 0a 57 41 54 55 20 55 | 5a 41 55 20 48 49 43 49 |t.WATU U|ZAU HICI|
|00001330| 51 4f 20 5a 41 4d 20 43 | 47 47 48 20 41 43 46 47 |QO ZAM C|GGH ACFG|
|00001340| 20 55 49 20 51 44 4d 54 | 49 58 47 59 20 5a 49 50 | UI QDMT|IXGY ZIP|
|00001350| 20 55 49 20 55 41 56 47 | 20 5c 5c 20 5c 74 74 0a | UI UAVG| \\ \tt.|
|00001360| 54 4a 43 47 20 59 49 49 | 55 4d 20 42 49 51 20 48 |TJCG YII|UM BIQ H|
|00001370| 20 50 44 55 5a 49 4a 55 | 20 56 48 49 50 44 48 52 | PDUZIJU| VHIPDHR|
|00001380| 20 48 4d 20 57 41 54 55 | 49 59 4d 5c 65 6e 64 7b | HM WATU|IYM\end{|
|00001390| 6c 73 74 7d 0a 54 68 65 | 20 6d 65 73 73 61 67 65 |lst}.The| message|
|000013a0| 73 20 63 61 6e 20 62 65 | 20 6d 61 64 65 20 68 61 |s can be| made ha|
|000013b0| 72 64 65 72 20 74 6f 20 | 64 65 63 6f 64 65 20 28 |rder to |decode (|
|000013c0| 62 75 74 20 61 6c 73 6f | 20 68 61 72 64 65 72 20 |but also| harder |
|000013d0| 74 6f 20 72 65 61 64 21 | 29 0a 62 79 20 6c 65 61 |to read!|).by lea|
|000013e0| 76 69 6e 67 20 6f 75 74 | 20 74 68 65 20 73 70 61 |ving out| the spa|
|000013f0| 63 65 73 20 62 65 74 77 | 65 65 6e 20 77 6f 72 64 |ces betw|een word|
|00001400| 73 2e 0a 5c 70 71 20 4d | 6f 73 74 20 6d 65 73 73 |s..\pq M|ost mess|
|00001410| 61 67 65 73 20 63 61 6e | 20 62 65 20 64 65 63 6f |ages can| be deco|
|00001420| 64 65 64 20 62 79 20 6c | 6f 6f 6b 69 6e 67 20 66 |ded by l|ooking f|
|00001430| 6f 72 20 66 72 65 71 75 | 65 6e 74 6c 79 20 6f 63 |or frequ|ently oc|
|00001440| 63 75 72 69 6e 67 0a 70 | 61 69 72 73 20 6f 66 20 |curing.p|airs of |
|00001450| 6c 65 74 74 65 72 73 20 | 28 7b 5c 74 74 20 54 48 |letters |({\tt TH|
|00001460| 7d 20 61 6e 64 20 7b 5c | 74 74 20 48 45 7d 20 61 |} and {\|tt HE} a|
|00001470| 72 65 20 62 79 20 66 61 | 72 20 74 68 65 20 6d 6f |re by fa|r the mo|
|00001480| 73 74 20 63 6f 6d 6d 6f | 6e 29 2c 0a 75 73 69 6e |st commo|n),.usin|
|00001490| 67 20 74 68 65 73 65 20 | 74 6f 20 69 64 65 6e 74 |g these |to ident|
|000014a0| 69 66 79 20 61 20 66 65 | 77 20 6c 65 74 74 65 72 |ify a fe|w letter|
|000014b0| 73 20 74 6f 20 62 65 67 | 69 6e 2c 20 61 6e 64 20 |s to beg|in, and |
|000014c0| 66 69 6c 6c 69 6e 67 20 | 69 6e 20 74 68 65 0a 72 |filling |in the.r|
|000014d0| 65 6d 61 69 6e 69 6e 67 | 20 6c 65 74 74 65 72 73 |emaining| letters|
|000014e0| 20 6f 6e 65 20 61 74 20 | 61 20 74 69 6d 65 20 28 | one at |a time (|
|000014f0| 60 60 54 68 65 20 47 6f | 6c 64 20 42 75 67 27 27 |``The Go|ld Bug''|
|00001500| 20 67 69 76 65 73 20 61 | 20 67 6f 6f 64 0a 64 65 | gives a| good.de|
|00001510| 73 63 72 69 70 74 69 6f | 6e 2c 20 61 73 20 64 6f |scriptio|n, as do|
|00001520| 20 6d 61 6e 79 20 62 6f | 6f 6b 73 29 2e 0a 5c 70 | many bo|oks)..\p|
|00001530| 71 20 49 6e 20 61 20 6b | 6e 6f 77 6e 2d 70 6c 61 |q In a k|nown-pla|
|00001540| 69 6e 74 65 78 74 20 73 | 69 74 75 61 74 69 6f 6e |intext s|ituation|
|00001550| 2c 20 74 68 65 20 77 68 | 6f 6c 65 20 63 6f 64 65 |, the wh|ole code|
|00001560| 20 69 73 20 6f 62 74 61 | 69 6e 65 64 20 0a 61 6c | is obta|ined .al|
|00001570| 6d 6f 73 74 20 69 6d 6d | 65 64 69 61 74 65 6c 79 |most imm|ediately|
|00001580| 2e 20 20 48 6f 77 65 76 | 65 72 2c 20 69 6e 20 6f |.  Howev|er, in o|
|00001590| 75 72 20 65 78 61 6d 70 | 6c 65 2c 20 74 68 65 20 |ur examp|le, the |
|000015a0| 6c 65 74 74 65 72 73 20 | 7b 5c 74 74 20 4a 7d 2c |letters |{\tt J},|
|000015b0| 0a 7b 5c 74 74 20 50 7d | 2c 20 61 6e 64 20 6f 74 |.{\tt P}|, and ot|
|000015c0| 68 65 72 73 20 64 6f 20 | 6e 6f 74 20 6f 63 63 75 |hers do |not occu|
|000015d0| 72 20 69 6e 20 74 68 65 | 20 70 6c 61 69 6e 74 65 |r in the| plainte|
|000015e0| 78 74 2c 20 73 6f 20 77 | 65 20 63 6f 75 6c 64 20 |xt, so w|e could |
|000015f0| 6e 6f 74 0a 74 65 6c 6c | 20 68 6f 77 20 74 68 65 |not.tell| how the|
|00001600| 79 20 61 72 65 20 65 6e | 63 6f 64 65 64 2e 20 20 |y are en|coded.  |
|00001610| 49 66 20 77 65 20 77 65 | 72 65 20 61 6c 6c 6f 77 |If we we|re allow|
|00001620| 65 64 20 61 20 63 68 6f | 73 65 6e 20 70 6c 61 69 |ed a cho|sen plai|
|00001630| 6e 74 65 78 74 2c 0a 77 | 65 20 77 6f 75 6c 64 20 |ntext,.w|e would |
|00001640| 20 75 73 65 20 61 6c 6c | 20 74 68 65 20 6c 65 74 | use all| the let|
|00001650| 74 65 72 73 20 74 6f 20 | 67 65 74 20 74 68 65 20 |ters to |get the |
|00001660| 65 6e 74 69 72 65 20 6b | 65 79 2e 0a 5c 73 75 62 |entire k|ey..\sub|
|00001670| 73 65 63 74 69 6f 6e 2a | 7b 45 78 61 6d 70 6c 65 |section*|{Example|
|00001680| 20 32 3a 20 54 68 65 20 | 56 69 67 65 6e 5c 60 65 | 2: The |Vigen\`e|
|00001690| 72 65 20 63 69 70 68 65 | 72 20 61 6e 64 20 6f 6e |re ciphe|r and on|
|000016a0| 65 2d 74 69 6d 65 20 70 | 61 64 73 7d 0a 54 68 69 |e-time p|ads}.Thi|
|000016b0| 73 20 63 69 70 68 65 72 | 20 77 6f 72 6b 73 20 62 |s cipher| works b|
|000016c0| 79 20 72 65 70 6c 61 63 | 69 6e 67 20 65 61 63 68 |y replac|ing each|
|000016d0| 20 6c 65 74 74 65 72 20 | 62 79 20 61 6e 6f 74 68 | letter |by anoth|
|000016e0| 65 72 20 6c 65 74 74 65 | 72 20 61 20 0a 73 70 65 |er lette|r a .spe|
|000016f0| 63 69 66 69 65 64 20 6e | 75 6d 62 65 72 20 6f 66 |cified n|umber of|
|00001700| 20 70 6f 73 69 74 69 6f | 6e 73 20 66 75 72 74 68 | positio|ns furth|
|00001710| 65 72 20 69 6e 20 74 68 | 65 20 61 6c 70 68 61 62 |er in th|e alphab|
|00001720| 65 74 2e 20 20 46 6f 72 | 20 65 78 61 6d 70 6c 65 |et.  For| example|
|00001730| 0a 7b 5c 74 74 20 4a 7d | 20 69 73 20 35 20 70 6f |.{\tt J}| is 5 po|
|00001740| 73 69 74 69 6f 6e 73 20 | 66 75 72 74 68 65 72 20 |sitions |further |
|00001750| 74 68 61 6e 20 7b 5c 74 | 74 20 45 7d 2e 20 20 7b |than {\t|t E}.  {|
|00001760| 5c 74 74 20 44 7d 20 69 | 73 20 35 20 70 6f 73 69 |\tt D} i|s 5 posi|
|00001770| 74 69 6f 6e 73 0a 61 66 | 74 65 72 20 7b 5c 74 74 |tions.af|ter {\tt|
|00001780| 20 59 7d 2e 20 20 28 7b | 5c 74 74 20 59 2c 5a 2c | Y}.  ({|\tt Y,Z,|
|00001790| 41 2c 42 2c 43 2c 44 7d | 29 20 20 54 68 65 20 6b |A,B,C,D}|)  The k|
|000017a0| 65 79 20 69 73 20 61 20 | 73 65 71 75 65 6e 63 65 |ey is a |sequence|
|000017b0| 20 6f 66 20 0a 73 68 69 | 66 74 20 61 6d 6f 75 6e | of .shi|ft amoun|
|000017c0| 74 73 2e 20 20 49 66 20 | 74 68 65 20 73 65 71 75 |ts.  If |the sequ|
|000017d0| 65 6e 63 65 20 69 73 20 | 6f 66 20 6c 65 6e 67 74 |ence is |of lengt|
|000017e0| 68 7e 31 30 2c 20 74 68 | 65 20 31 73 74 2c 20 31 |h~10, th|e 1st, 1|
|000017f0| 31 74 68 2c 20 32 31 73 | 74 2c 0a 5c 64 6f 74 73 |1th, 21s|t,.\dots|
|00001800| 20 6c 65 74 74 65 72 73 | 20 6f 66 20 74 68 65 20 | letters| of the |
|00001810| 70 6c 61 69 6e 74 65 78 | 74 20 61 72 65 20 70 72 |plaintex|t are pr|
|00001820| 6f 63 65 73 73 65 64 20 | 75 73 69 6e 67 20 74 68 |ocessed |using th|
|00001830| 65 20 66 69 72 73 74 20 | 6d 65 6d 62 65 72 0a 6f |e first |member.o|
|00001840| 66 20 74 68 65 20 6b 65 | 79 2e 20 20 54 68 65 20 |f the ke|y.  The |
|00001850| 73 65 63 6f 6e 64 20 6d | 65 6d 62 65 72 20 6f 66 |second m|ember of|
|00001860| 20 74 68 65 20 6b 65 79 | 20 70 72 6f 63 65 73 73 | the key| process|
|00001870| 65 73 20 70 6c 61 69 6e | 74 65 78 74 20 6c 65 74 |es plain|text let|
|00001880| 74 65 72 73 0a 32 2c 20 | 31 32 2c 20 32 32 2c 20 |ters.2, |12, 22, |
|00001890| 5c 64 6f 74 73 20 61 6e | 64 20 73 6f 20 66 6f 72 |\dots an|d so for|
|000018a0| 74 68 2e 20 20 49 66 20 | 77 65 20 6f 6d 69 74 20 |th.  If |we omit |
|000018b0| 73 70 61 63 65 73 20 66 | 72 6f 6d 20 74 68 65 20 |spaces f|rom the |
|000018c0| 70 6c 61 69 6e 74 65 78 | 74 0a 6f 6e 20 70 61 67 |plaintex|t.on pag|
|000018d0| 65 7e 5c 70 61 67 65 72 | 65 66 7b 70 6c 7d 5c 20 |e~\pager|ef{pl}\ |
|000018e0| 20 61 6e 64 20 75 73 65 | 20 74 68 65 20 6b 65 79 | and use| the key|
|000018f0| 2d 73 65 71 75 65 6e 63 | 65 3a 24 24 33 5c 20 31 |-sequenc|e:$$3\ 1|
|00001900| 5c 20 37 5c 20 32 33 5c | 20 31 30 5c 20 35 5c 20 |\ 7\ 23\| 10\ 5\ |
|00001910| 31 39 5c 20 31 34 5c 20 | 0a 31 39 5c 20 32 34 24 |19\ 14\ |.19\ 24$|
|00001920| 24 77 65 20 6f 62 74 61 | 69 6e 20 5c 62 65 67 69 |$we obta|in \begi|
|00001930| 6e 7b 6c 73 74 7d 20 5c | 74 74 0a 57 49 4c 50 4f |n{lst} \|tt.WILPO|
|00001940| 48 4e 46 42 52 20 42 50 | 4d 51 52 4a 4b 47 54 43 |HNFBR BP|MQRJKGTC|
|00001950| 20 51 44 56 41 53 53 5a | 47 56 46 5c 5c 20 5c 74 | QDVASSZ|GVF\\ \t|
|00001960| 74 0a 48 4e 4c 4f 4f 51 | 42 53 4c 4d 20 51 55 4f |t.HNLOOQ|BSLM QUO|
|00001970| 42 50 46 56 48 4d 46 20 | 44 55 55 4c 4c 54 57 4d |BPFVHMF |DUULLTWM|
|00001980| 41 59 20 56 43 4c 42 58 | 46 55 5a 58 52 5c 5c 20 |AY VCLBX|FUZXR\\ |
|00001990| 5c 74 74 0a 52 45 50 50 | 4d 54 4f 53 4b 46 20 52 |\tt.REPP|MTOSKF R|
|000019a0| 58 41 4c 44 46 44 53 56 | 53 20 45 46 59 4c 59 59 |XALDFDSV|S EFYLYY|
|000019b0| 4c 41 48 42 20 51 58 50 | 51 52 54 4e 48 44 4c 5c |LAHB QXP|QRTNHDL\|
|000019c0| 5c 20 5c 74 74 0a 52 58 | 50 4b 51 53 4c 54 54 41 |\ \tt.RX|PKQSLTTA|
|000019d0| 20 57 50 59 50 5c 65 6e | 64 7b 6c 73 74 7d 0a 28 | WPYP\en|d{lst}.(|
|000019e0| 57 65 20 68 61 76 65 20 | 64 69 76 69 64 65 64 20 |We have |divided |
|000019f0| 74 68 65 20 63 69 70 68 | 65 72 74 65 78 74 20 69 |the ciph|ertext i|
|00001a00| 6e 74 6f 20 67 72 6f 75 | 70 73 20 6f 66 20 74 65 |nto grou|ps of te|
|00001a10| 6e 20 6c 65 74 74 65 72 | 73 20 66 6f 72 0a 63 6f |n letter|s for.co|
|00001a20| 6e 76 65 6e 69 65 6e 63 | 65 2e 20 20 54 68 65 20 |nvenienc|e.  The |
|00001a30| 64 69 76 69 73 69 6f 6e | 20 69 6e 74 6f 20 6c 69 |division| into li|
|00001a40| 6e 65 73 20 69 73 20 61 | 72 62 69 74 72 61 72 79 |nes is a|rbitrary|
|00001a50| 2e 29 0a 5c 70 71 20 54 | 68 69 73 20 74 79 70 65 |.).\pq T|his type|
|00001a60| 20 6f 66 20 63 69 70 68 | 65 72 20 77 61 73 20 63 | of ciph|er was c|
|00001a70| 6f 6e 73 69 64 65 72 65 | 64 20 76 65 72 79 20 73 |onsidere|d very s|
|00001a80| 65 63 75 72 65 20 61 74 | 20 6f 6e 65 20 74 69 6d |ecure at| one tim|
|00001a90| 65 0a 28 24 5c 73 69 6d | 31 36 30 30 24 29 2c 20 |e.($\sim|1600$), |
|00001aa0| 62 75 74 20 69 73 20 6e | 6f 74 20 72 65 61 6c 6c |but is n|ot reall|
|00001ab0| 79 20 64 69 66 66 69 63 | 75 6c 74 2e 20 20 53 75 |y diffic|ult.  Su|
|00001ac0| 70 70 6f 73 65 20 77 65 | 20 67 75 65 73 73 20 74 |ppose we| guess t|
|00001ad0| 68 61 74 0a 74 68 65 20 | 66 69 72 73 74 20 6c 65 |hat.the |first le|
|00001ae0| 74 74 65 72 20 69 73 20 | 7b 5c 74 74 20 54 7d 2e |tter is |{\tt T}.|
|00001af0| 20 20 54 68 69 73 20 69 | 6d 70 6c 69 65 73 20 74 |  This i|mplies t|
|00001b00| 68 65 20 65 6c 65 76 65 | 6e 74 68 20 6c 65 74 74 |he eleve|nth lett|
|00001b10| 65 72 20 0a 69 73 20 7b | 5c 74 74 20 59 7d 2c 20 |er .is {|\tt Y}, |
|00001b20| 74 68 65 20 32 31 73 74 | 20 6c 65 74 74 65 72 20 |the 21st| letter |
|00001b30| 69 73 20 7b 5c 74 74 20 | 4e 7d 2c 20 65 74 63 2e |is {\tt |N}, etc.|
|00001b40| 20 20 4e 6f 77 20 6c 6f | 6f 6b 20 61 74 20 74 68 |  Now lo|ok at th|
|00001b50| 65 0a 74 77 6f 2d 6c 65 | 74 74 65 72 20 63 6f 6d |e.two-le|tter com|
|00001b60| 62 69 6e 61 74 69 6f 6e | 73 20 74 68 61 74 20 6f |bination|s that o|
|00001b70| 63 63 75 72 20 66 72 6f | 6d 20 64 69 66 66 65 72 |ccur fro|m differ|
|00001b80| 65 6e 74 20 70 6f 73 73 | 69 62 6c 69 6c 69 74 69 |ent poss|ibliliti|
|00001b90| 65 73 20 66 6f 72 20 74 | 68 65 0a 73 65 63 6f 6e |es for t|he.secon|
|00001ba0| 64 20 6c 65 74 74 65 72 | 3a 5c 62 65 67 69 6e 7b |d letter|:\begin{|
|00001bb0| 6c 73 74 7d 7b 5c 74 74 | 0a 54 49 20 59 50 20 4e |lst}{\tt|.TI YP N|
|00001bc0| 44 20 45 4e 20 4e 55 20 | 41 55 20 53 43 20 4f 45 |D EN NU |AU SC OE|
|00001bd0| 20 4f 58 20 42 46 20 4e | 58 20 4f 58 20 54 50 7d | OX BF N|X OX TP}|
|00001be0| 5c 71 75 61 64 28 6e 6f | 20 73 68 69 66 74 20 6f |\quad(no| shift o|
|00001bf0| 66 20 32 6e 64 20 6c 65 | 74 74 65 72 29 5c 5c 0a |f 2nd le|tter)\\.|
|00001c00| 5c 74 74 20 54 4a 20 59 | 51 20 4e 45 20 45 4f 20 |\tt TJ Y|Q NE EO |
|00001c10| 4e 56 20 41 56 20 53 44 | 20 4f 46 20 4f 59 20 42 |NV AV SD| OF OY B|
|00001c20| 47 20 4e 59 20 4f 59 20 | 54 51 5c 5c 20 5c 74 74 |G NY OY |TQ\\ \tt|
|00001c30| 0a 54 4b 20 59 52 20 4e | 46 20 45 50 20 4e 57 20 |.TK YR N|F EP NW |
|00001c40| 41 57 20 53 45 20 4f 47 | 20 4f 5a 20 42 48 20 4e |AW SE OG| OZ BH N|
|00001c50| 5a 20 4f 5a 20 54 52 5c | 5c 20 5c 74 74 0a 54 4c |Z OZ TR\|\ \tt.TL|
|00001c60| 20 59 53 20 4e 47 20 45 | 51 20 4e 58 20 41 58 20 | YS NG E|Q NX AX |
|00001c70| 53 46 20 4f 48 20 4f 41 | 20 42 49 20 4e 41 20 4f |SF OH OA| BI NA O|
|00001c80| 41 20 54 53 5c 5c 0a 5c | 71 75 61 64 28 73 6b 69 |A TS\\.\|quad(ski|
|00001c90| 70 70 69 6e 67 20 6f 76 | 65 72 20 73 6f 6d 65 20 |pping ov|er some |
|00001ca0| 69 6e 20 74 68 65 20 6d | 69 64 64 6c 65 29 5c 5c |in the m|iddle)\\|
|00001cb0| 20 5c 74 74 0a 54 46 20 | 59 4d 20 4e 41 20 45 4b | \tt.TF |YM NA EK|
|00001cc0| 20 4e 52 20 41 52 20 53 | 5a 20 4f 42 20 4f 55 20 | NR AR S|Z OB OU |
|00001cd0| 42 45 20 4e 55 20 4f 55 | 20 54 4d 5c 5c 20 5c 74 |BE NU OU| TM\\ \t|
|00001ce0| 74 0a 54 47 20 59 4e 20 | 4e 42 20 45 4c 20 4e 53 |t.TG YN |NB EL NS|
|00001cf0| 20 41 53 20 53 41 20 4f | 43 20 4f 56 20 42 44 20 | AS SA O|C OV BD |
|00001d00| 4e 56 20 4f 56 20 54 4e | 5c 5c 20 5c 74 74 0a 54 |NV OV TN|\\ \tt.T|
|00001d10| 48 20 59 4f 20 4e 43 20 | 45 4d 20 4e 54 20 41 54 |H YO NC |EM NT AT|
|00001d20| 20 53 42 20 4f 44 20 4f | 57 20 42 45 20 4e 57 20 | SB OD O|W BE NW |
|00001d30| 4f 57 20 54 4f 5c 65 6e | 64 7b 6c 73 74 7d 0a 54 |OW TO\en|d{lst}.T|
|00001d40| 68 65 20 6c 61 73 74 20 | 6c 69 6e 65 20 69 73 20 |he last |line is |
|00001d50| 74 68 65 20 60 60 72 69 | 67 68 74 20 61 6e 73 77 |the ``ri|ght answ|
|00001d60| 65 72 2e 27 27 20 20 41 | 6c 74 68 6f 75 67 68 20 |er.''  A|lthough |
|00001d70| 69 74 20 73 68 6f 77 73 | 20 73 65 76 65 72 61 6c |it shows| several|
|00001d80| 0a 62 61 64 20 63 6f 6d | 62 69 6e 61 74 69 6f 6e |.bad com|bination|
|00001d90| 73 20 28 7b 5c 74 74 20 | 4e 43 20 4e 54 20 53 42 |s ({\tt |NC NT SB|
|00001da0| 20 4e 57 7d 29 2c 20 6d | 6f 73 74 6c 79 20 63 61 | NW}), m|ostly ca|
|00001db0| 75 73 65 64 20 62 79 20 | 74 68 65 20 6c 61 73 74 |used by |the last|
|00001dc0| 0a 6c 65 74 74 65 72 20 | 6f 66 20 6f 6e 65 20 77 |.letter |of one w|
|00001dd0| 6f 72 64 20 62 65 69 6e | 67 20 61 64 6a 61 63 65 |ord bein|g adjace|
|00001de0| 6e 74 20 74 6f 20 74 68 | 65 20 66 69 72 73 74 20 |nt to th|e first |
|00001df0| 6c 65 74 74 65 72 20 6f | 66 20 74 68 65 20 6e 65 |letter o|f the ne|
|00001e00| 78 74 0a 77 6f 72 64 2c | 20 69 74 20 6c 6f 6f 6b |xt.word,| it look|
|00001e10| 73 20 62 65 74 74 65 72 | 20 74 68 61 6e 20 74 68 |s better| than th|
|00001e20| 65 20 6f 74 68 65 72 20 | 70 6f 73 73 69 62 6c 65 |e other |possible|
|00001e30| 20 72 6f 77 73 2e 20 20 | 4f 6e 63 65 20 74 68 65 | rows.  |Once the|
|00001e40| 0a 73 65 63 6f 6e 64 20 | 6c 65 74 74 65 72 20 68 |.second |letter h|
|00001e50| 61 73 20 62 65 65 6e 20 | 69 64 65 6e 74 69 66 69 |as been |identifi|
|00001e60| 65 64 2c 20 74 68 65 20 | 73 61 6d 65 20 61 70 70 |ed, the |same app|
|00001e70| 72 6f 61 63 68 20 63 61 | 6e 20 62 65 20 75 73 65 |roach ca|n be use|
|00001e80| 64 0a 74 6f 20 67 65 74 | 20 74 68 65 20 74 68 69 |d.to get| the thi|
|00001e90| 72 64 20 6c 65 74 74 65 | 72 2e 20 54 68 69 73 20 |rd lette|r. This |
|00001ea0| 61 70 70 72 6f 61 63 68 | 20 69 73 20 65 61 73 69 |approach| is easi|
|00001eb0| 6c 79 20 61 75 74 6f 6d | 61 74 65 64 20 75 73 69 |ly autom|ated usi|
|00001ec0| 6e 67 0a 61 20 74 61 62 | 6c 65 20 6f 66 20 64 69 |ng.a tab|le of di|
|00001ed0| 67 72 61 6d 73 2e 5c 70 | 71 20 49 74 20 69 73 20 |grams.\p|q It is |
|00001ee0| 6e 65 63 65 73 73 61 72 | 79 20 74 6f 20 6b 6e 6f |necessar|y to kno|
|00001ef0| 77 20 74 68 65 20 66 69 | 72 73 74 20 6c 65 74 74 |w the fi|rst lett|
|00001f00| 65 72 0a 61 6e 64 20 74 | 68 65 20 6c 65 6e 67 74 |er.and t|he lengt|
|00001f10| 68 20 6f 66 20 74 68 65 | 20 6b 65 79 2d 73 65 71 |h of the| key-seq|
|00001f20| 75 65 6e 63 65 2e 20 49 | 66 20 77 65 20 61 73 73 |uence. I|f we ass|
|00001f30| 75 6d 65 20 74 68 65 20 | 6c 65 6e 67 74 68 20 69 |ume the |length i|
|00001f40| 73 0a 6e 6f 74 20 74 6f | 6f 20 6c 61 72 67 65 2c |s.not to|o large,|
|00001f50| 20 61 20 70 72 6f 67 72 | 61 6d 20 63 61 6e 20 6a | a progr|am can j|
|00001f60| 75 73 74 20 74 72 79 20 | 61 6c 6c 20 70 6f 73 73 |ust try |all poss|
|00001f70| 69 62 69 6c 69 74 69 65 | 73 2c 20 65 76 65 6e 74 |ibilitie|s, event|
|00001f80| 75 61 6c 6c 79 0a 63 68 | 6f 6f 73 69 6e 67 20 74 |ually.ch|oosing t|
|00001f90| 68 65 20 70 6c 61 69 6e | 74 65 78 74 20 77 68 69 |he plain|text whi|
|00001fa0| 63 68 20 6c 6f 6f 6b 73 | 20 62 65 73 74 2e 5c 66 |ch looks| best.\f|
|00001fb0| 6f 6f 74 6e 6f 74 65 7b | 4d 69 6b 65 20 4d 65 6e |ootnote{|Mike Men|
|00001fc0| 64 65 6c 73 6f 6e 2c 0a | 61 20 73 74 75 64 65 6e |delson,.|a studen|
|00001fd0| 74 20 69 6e 20 74 68 69 | 73 20 63 6f 75 72 73 65 |t in thi|s course|
|00001fe0| 20 69 6e 20 31 39 38 39 | 2c 20 77 72 6f 74 65 20 | in 1989|, wrote |
|00001ff0| 61 20 70 72 6f 67 72 61 | 6d 20 74 6f 20 69 6d 70 |a progra|m to imp|
|00002000| 6c 65 6d 65 6e 74 20 74 | 68 69 73 20 0a 61 6c 67 |lement t|his .alg|
|00002010| 6f 72 69 74 68 6d 2e 20 | 20 41 6e 6f 74 68 65 72 |orithm. | Another|
|00002020| 20 6d 65 74 68 6f 64 20 | 20 77 6f 75 6c 64 20 63 | method | would c|
|00002030| 68 6f 6f 73 65 20 74 68 | 65 20 73 68 69 66 74 0a |hoose th|e shift.|
|00002040| 61 6d 6f 75 6e 74 20 66 | 6f 72 20 65 61 63 68 20 |amount f|or each |
|00002050| 6d 65 6d 62 65 72 20 6f | 66 20 74 68 65 20 63 79 |member o|f the cy|
|00002060| 63 6c 65 20 77 68 69 63 | 68 20 67 69 76 65 73 20 |cle whic|h gives |
|00002070| 74 68 65 20 62 65 73 74 | 20 6c 65 74 74 65 72 20 |the best| letter |
|00002080| 66 72 65 71 75 65 6e 63 | 79 2e 7d 0a 5c 73 75 62 |frequenc|y.}.\sub|
|00002090| 73 75 62 73 65 63 74 69 | 6f 6e 2a 7b 4f 6e 65 2d |subsecti|on*{One-|
|000020a0| 74 69 6d 65 20 70 61 64 | 73 7d 0a 5c 70 71 20 41 |time pad|s}.\pq A|
|000020b0| 20 6c 6f 6e 67 20 6b 65 | 79 2d 73 65 71 75 65 6e | long ke|y-sequen|
|000020c0| 63 65 20 6d 61 6b 65 73 | 20 74 68 69 73 20 61 70 |ce makes| this ap|
|000020d0| 70 72 6f 61 63 68 20 6d | 6f 72 65 20 64 69 66 66 |proach m|ore diff|
|000020e0| 69 63 75 6c 74 2c 20 73 | 69 6e 63 65 0a 77 65 20 |icult, s|ince.we |
|000020f0| 68 61 76 65 20 66 65 77 | 65 72 20 72 6f 77 73 2e |have few|er rows.|
|00002100| 20 20 54 68 65 20 65 78 | 74 72 65 6d 65 20 63 61 |  The ex|treme ca|
|00002110| 73 65 20 69 73 20 74 68 | 61 74 20 69 6e 20 77 68 |se is th|at in wh|
|00002120| 69 63 68 20 74 68 65 20 | 6b 65 79 2d 25 0a 73 65 |ich the |key-%.se|
|00002130| 71 75 65 6e 63 65 20 69 | 73 20 61 73 20 6c 6f 6e |quence i|s as lon|
|00002140| 67 20 61 73 20 74 68 65 | 20 70 6c 61 69 6e 74 65 |g as the| plainte|
|00002150| 78 74 20 69 74 73 65 6c | 66 2e 20 20 54 68 69 73 |xt itsel|f.  This|
|00002160| 20 6c 65 61 64 73 20 74 | 6f 20 61 0a 74 68 65 6f | leads t|o a.theo|
|00002170| 72 65 74 69 63 61 6c 6c | 79 20 7b 5c 69 74 20 75 |reticall|y {\it u|
|00002180| 6e 62 72 65 61 6b 61 62 | 6c 65 5c 2f 7d 20 63 69 |nbreakab|le\/} ci|
|00002190| 70 68 65 72 2e 20 20 46 | 6f 72 20 61 6e 79 20 70 |pher.  F|or any p|
|000021a0| 6f 73 73 69 62 6c 65 20 | 70 6c 61 69 6e 25 0a 74 |ossible |plain%.t|
|000021b0| 65 78 74 2c 20 74 68 65 | 72 65 20 69 73 20 61 20 |ext, the|re is a |
|000021c0| 6b 65 79 20 66 6f 72 20 | 77 68 69 63 68 20 74 68 |key for |which th|
|000021d0| 65 20 67 69 76 65 6e 20 | 63 69 70 68 65 72 74 65 |e given |cipherte|
|000021e0| 78 74 20 63 6f 6d 65 73 | 20 66 72 6f 6d 0a 74 68 |xt comes| from.th|
|000021f0| 61 74 20 70 6c 61 69 6e | 74 65 78 74 2e 5c 70 71 |at plain|text.\pq|
|00002200| 20 54 68 69 73 20 74 79 | 70 65 20 6f 66 20 63 69 | This ty|pe of ci|
|00002210| 70 68 65 72 20 68 61 73 | 20 72 65 70 6f 72 74 65 |pher has| reporte|
|00002220| 64 6c 79 20 62 65 65 6e | 20 75 73 65 64 0a 62 79 |dly been| used.by|
|00002230| 20 73 70 69 65 73 2c 20 | 77 68 6f 20 77 65 72 65 | spies, |who were|
|00002240| 20 66 75 72 6e 69 73 68 | 65 64 20 77 69 74 68 20 | furnish|ed with |
|00002250| 6e 6f 74 65 62 6f 6f 6b | 73 20 63 6f 6e 74 61 69 |notebook|s contai|
|00002260| 6e 69 6e 67 20 70 61 67 | 65 20 61 66 74 65 72 0a |ning pag|e after.|
|00002270| 70 61 67 65 20 6f 66 20 | 72 61 6e 64 6f 6d 6c 79 |page of |randomly|
|00002280| 20 67 65 6e 65 72 61 74 | 65 64 20 6b 65 79 2d 73 | generat|ed key-s|
|00002290| 65 71 75 65 6e 63 65 2e | 20 20 4e 6f 74 69 63 65 |equence.|  Notice|
|000022a0| 20 74 68 61 74 20 69 74 | 20 69 73 20 65 73 73 65 | that it| is esse|
|000022b0| 6e 74 69 61 6c 0a 74 68 | 61 74 20 65 61 63 68 20 |ntial.th|at each |
|000022c0| 6b 65 79 2d 73 65 71 75 | 65 6e 63 65 20 62 65 20 |key-sequ|ence be |
|000022d0| 75 73 65 64 20 6f 6e 6c | 79 20 6f 6e 63 65 20 28 |used onl|y once (|
|000022e0| 68 65 6e 63 65 20 74 68 | 65 20 6e 61 6d 65 20 6f |hence th|e name o|
|000022f0| 66 20 74 68 65 0a 73 79 | 73 74 65 6d 29 2e 20 20 |f the.sy|stem).  |
|00002300| 4f 74 68 65 72 77 69 73 | 65 20 74 68 65 20 61 70 |Otherwis|e the ap|
|00002310| 70 72 6f 61 63 68 20 66 | 6f 72 20 56 69 67 65 6e |proach f|or Vigen|
|00002320| 5c 60 65 72 65 20 73 79 | 73 74 65 6d 73 20 64 65 |\`ere sy|stems de|
|00002330| 73 63 72 69 62 65 64 0a | 61 62 6f 76 65 20 63 6f |scribed.|above co|
|00002340| 75 6c 64 20 62 65 20 74 | 72 69 65 64 2c 20 73 69 |uld be t|ried, si|
|00002350| 6e 63 65 20 77 65 20 77 | 6f 75 6c 64 20 68 61 76 |nce we w|ould hav|
|00002360| 65 20 61 74 20 6c 65 61 | 73 74 20 74 77 6f 20 72 |e at lea|st two r|
|00002370| 6f 77 73 20 74 6f 0a 77 | 6f 72 6b 20 77 69 74 68 |ows to.w|ork with|
|00002380| 2e 5c 70 71 20 4f 6e 65 | 2d 74 69 6d 65 20 70 61 |.\pq One|-time pa|
|00002390| 64 73 20 73 65 65 6d 20 | 70 72 61 63 74 69 63 61 |ds seem |practica|
|000023a0| 6c 20 69 6e 20 73 69 74 | 75 61 74 69 6f 6e 73 20 |l in sit|uations |
|000023b0| 77 68 65 72 65 20 6f 6e | 65 0a 61 67 65 6e 74 20 |where on|e.agent |
|000023c0| 69 73 20 63 6f 6d 6d 75 | 6e 69 63 61 74 69 6e 67 |is commu|nicating|
|000023d0| 20 77 69 74 68 20 61 20 | 63 65 6e 74 72 61 6c 20 | with a |central |
|000023e0| 63 6f 6d 6d 61 6e 64 2e | 20 20 54 68 65 79 20 62 |command.|  They b|
|000023f0| 65 63 6f 6d 65 20 6c 65 | 73 73 0a 61 74 74 72 61 |ecome le|ss.attra|
|00002400| 63 74 69 76 65 20 69 66 | 20 73 65 76 65 72 61 6c |ctive if| several|
|00002410| 20 61 67 65 6e 74 73 20 | 6d 61 79 0a 6e 65 65 64 | agents |may.need|
|00002420| 20 74 6f 20 63 6f 6d 6d | 75 6e 69 63 61 74 65 20 | to comm|unicate |
|00002430| 77 69 74 68 20 65 61 63 | 68 20 6f 74 68 65 72 2e |with eac|h other.|
|00002440| 20 20 54 68 65 20 6f 6e | 65 2d 74 69 6d 65 20 66 |  The on|e-time f|
|00002450| 65 61 74 75 72 65 20 69 | 73 20 6c 6f 73 74 0a 69 |eature i|s lost.i|
|00002460| 66 20 58 20 61 6e 64 20 | 59 20 69 6e 61 64 76 65 |f X and |Y inadve|
|00002470| 72 74 65 6e 74 6c 79 20 | 75 73 65 20 74 68 65 20 |rtently |use the |
|00002480| 73 61 6d 65 20 70 61 67 | 65 20 74 6f 20 74 61 6c |same pag|e to tal|
|00002490| 6b 20 61 73 20 57 20 61 | 6e 64 20 5a 20 61 72 65 |k as W a|nd Z are|
|000024a0| 0a 75 73 69 6e 67 2e 20 | 20 41 6c 73 6f 20 63 61 |.using. | Also ca|
|000024b0| 70 74 75 72 65 20 6f 66 | 20 58 27 73 20 65 71 75 |pture of| X's equ|
|000024c0| 69 70 6d 65 6e 74 20 6d | 61 6b 65 73 20 69 74 20 |ipment m|akes it |
|000024d0| 70 6f 73 73 69 62 6c 65 | 20 74 6f 20 6f 76 65 72 |possible| to over|
|000024e0| 68 65 61 72 0a 61 20 63 | 6f 6e 76 65 72 73 61 74 |hear.a c|onversat|
|000024f0| 69 6f 6e 20 62 65 74 77 | 65 65 6e 20 59 20 61 6e |ion betw|een Y an|
|00002500| 64 20 5a 2e 0a 5c 73 75 | 62 73 65 63 74 69 6f 6e |d Z..\su|bsection|
|00002510| 2a 7b 45 78 61 6d 70 6c | 65 20 33 3a 20 41 20 54 |*{Exampl|e 3: A T|
|00002520| 72 61 6e 73 70 6f 73 69 | 74 69 6f 6e 20 53 79 73 |ransposi|tion Sys|
|00002530| 74 65 6d 7d 0a 49 6e 20 | 74 68 69 73 20 73 79 73 |tem}.In |this sys|
|00002540| 74 65 6d 2c 20 77 65 20 | 77 69 6c 6c 20 61 73 73 |tem, we |will ass|
|00002550| 75 6d 65 20 65 76 65 72 | 79 20 6c 69 6e 65 20 6f |ume ever|y line o|
|00002560| 66 20 74 68 65 20 6d 65 | 73 73 61 67 65 20 69 73 |f the me|ssage is|
|00002570| 20 36 33 0a 63 68 61 72 | 61 63 74 65 72 73 20 6c | 63.char|acters l|
|00002580| 6f 6e 67 2e 20 20 54 68 | 65 20 6b 65 79 20 69 73 |ong.  Th|e key is|
|00002590| 20 61 20 70 65 72 6d 75 | 74 61 74 69 6f 6e 20 6f | a permu|tation o|
|000025a0| 66 20 74 68 65 20 6e 75 | 6d 62 65 72 73 20 66 72 |f the nu|mbers fr|
|000025b0| 6f 6d 0a 31 20 74 6f 20 | 36 33 2c 20 61 6e 64 20 |om.1 to |63, and |
|000025c0| 65 61 63 68 20 6c 69 6e | 65 20 6f 66 20 74 68 65 |each lin|e of the|
|000025d0| 20 70 6c 61 69 6e 74 65 | 78 74 20 69 73 20 72 65 | plainte|xt is re|
|000025e0| 61 72 72 61 6e 67 65 64 | 20 75 73 69 6e 67 20 74 |arranged| using t|
|000025f0| 68 65 0a 70 65 72 6d 75 | 74 61 74 69 6f 6e 20 74 |he.permu|tation t|
|00002600| 6f 20 70 72 6f 64 75 63 | 65 20 74 68 65 20 63 6f |o produc|e the co|
|00002610| 72 72 65 73 70 6f 6e 64 | 69 6e 67 20 63 69 70 68 |rrespond|ing ciph|
|00002620| 65 72 74 65 78 74 2e 20 | 20 46 6f 72 20 65 78 61 |ertext. | For exa|
|00002630| 6d 70 6c 65 0a 69 66 20 | 74 68 65 20 6b 65 79 20 |mple.if |the key |
|00002640| 69 73 20 24 24 31 5c 20 | 31 31 5c 20 32 31 5c 64 |is $$1\ |11\ 21\d|
|00002650| 6f 74 73 36 31 5c 20 38 | 5c 20 31 38 5c 64 6f 74 |ots61\ 8|\ 18\dot|
|00002660| 73 35 34 24 24 28 77 65 | 20 77 6f 75 6c 64 20 72 |s54$$(we| would r|
|00002670| 65 61 6c 6c 79 20 77 61 | 6e 74 0a 74 6f 20 75 73 |eally wa|nt.to us|
|00002680| 65 20 61 20 6d 6f 72 65 | 20 63 6f 6d 70 6c 69 63 |e a more| complic|
|00002690| 61 74 65 64 20 70 65 72 | 6d 75 74 61 74 69 6f 6e |ated per|mutation|
|000026a0| 29 20 61 6e 64 20 77 65 | 20 75 73 65 20 74 68 65 |) and we| use the|
|000026b0| 20 73 61 6d 65 0a 70 6c | 61 69 6e 74 65 78 74 20 | same.pl|aintext |
|000026c0| 61 73 20 69 6e 20 74 68 | 65 20 70 72 65 76 69 6f |as in th|e previo|
|000026d0| 75 73 20 74 77 6f 20 65 | 78 61 6d 70 6c 65 73 2c |us two e|xamples,|
|000026e0| 20 77 65 20 6f 62 74 61 | 69 6e 3a 5c 62 65 67 69 | we obta|in:\begi|
|000026f0| 6e 7b 6c 73 74 7d 5c 74 | 74 0a 54 54 52 4e 52 54 |n{lst}\t|t.TTRNRT|
|00002700| 20 55 48 4f 4d 4f 20 53 | 46 45 43 45 20 48 59 53 | UHOMO S|FECE HYS|
|00002710| 47 45 48 20 52 45 44 45 | 4e 20 45 20 4e 48 53 20 |GEH REDE|N E NHS |
|00002720| 45 20 41 20 4c 45 20 49 | 20 49 5c 20 5c 20 5c 20 |E A LE I| I\ \ \ |
|00002730| 43 54 43 45 5c 20 5c 20 | 5c 20 4f 20 53 49 5c 5c |CTCE\ \ |\ O SI\\|
|00002740| 20 5c 74 74 0a 46 4e 5c | 20 5c 20 45 54 20 41 48 | \tt.FN\| \ ET AH|
|00002750| 42 43 54 5c 20 5c 20 44 | 4e 44 4f 20 41 4f 42 54 |BCT\ \ D|NDO AOBT|
|00002760| 52 41 20 54 41 4c 4f 4f | 20 54 59 20 49 57 20 43 |RA TALOO| TY IW C|
|00002770| 42 45 4f 20 4b 25 0a 5c | 20 5c 20 53 45 56 5c 20 |BEO K%.\| \ SEV\ |
|00002780| 5c 20 48 20 41 53 5c 20 | 5c 20 54 4f 45 20 48 45 |\ H AS\ |\ TOE HE|
|00002790| 5c 5c 20 5c 74 74 0a 43 | 20 48 4e 4f 5c 20 5c 20 |\\ \tt.C| HNO\ \ |
|000027a0| 4f 57 4f 41 5c 20 5c 20 | 5c 20 5c 20 5c 20 53 5c |OWOA\ \ |\ \ \ S\|
|000027b0| 20 5c 20 55 4d 4f 47 52 | 5c 20 5c 20 54 49 57 43 | \ UMOGR|\ \ TIWC|
|000027c0| 5c 20 5c 20 52 4e 4b 25 | 0a 5c 20 5c 20 5c 20 42 |\ \ RNK%|.\ \ \ B|
|000027d0| 4f 55 20 53 5c 20 5c 20 | 53 54 49 54 5c 20 5c 20 |OU S\ \ |STIT\ \ |
|000027e0| 4f 20 4e 46 5c 20 5c 20 | 45 44 54 4e 5c 65 6e 64 |O NF\ \ |EDTN\end|
|000027f0| 7b 6c 73 74 7d 0a 57 65 | 20 61 72 65 20 75 73 69 |{lst}.We| are usi|
|00002800| 6e 67 20 74 68 65 20 76 | 65 72 73 69 6f 6e 20 6f |ng the v|ersion o|
|00002810| 66 20 74 68 65 20 70 6c | 61 69 6e 74 65 78 74 20 |f the pl|aintext |
|00002820| 69 6e 63 6c 75 64 69 6e | 67 20 62 6c 61 6e 6b 73 |includin|g blanks|
|00002830| 2e 20 20 54 68 65 0a 73 | 65 63 6f 6e 64 20 6c 69 |.  The.s|econd li|
|00002840| 6e 65 20 6f 66 20 74 68 | 65 20 70 6c 61 69 6e 74 |ne of th|e plaint|
|00002850| 65 78 74 20 68 61 73 20 | 35 35 20 63 68 61 72 61 |ext has |55 chara|
|00002860| 63 74 65 72 73 2c 20 73 | 6f 20 77 65 20 61 64 64 |cters, s|o we add|
|00002870| 20 38 20 62 6c 61 6e 6b | 73 0a 6f 6e 20 74 68 65 | 8 blank|s.on the|
|00002880| 20 65 6e 64 2e 0a 5c 70 | 71 20 4f 6e 65 20 6d 65 | end..\p|q One me|
|00002890| 74 68 6f 64 20 6f 66 20 | 64 65 63 6f 64 69 6e 67 |thod of |decoding|
|000028a0| 20 6c 6f 6f 6b 73 20 61 | 74 20 61 20 63 6f 6c 75 | looks a|t a colu|
|000028b0| 6d 6e 20 6f 66 20 74 68 | 65 20 63 69 70 68 65 72 |mn of th|e cipher|
|000028c0| 74 65 78 74 20 61 6e 64 | 0a 61 73 6b 73 20 77 68 |text and|.asks wh|
|000028d0| 61 74 20 6f 74 68 65 72 | 20 63 6f 6c 75 6d 6e 20 |at other| column |
|000028e0| 63 6f 75 6c 64 20 69 6d | 6d 65 64 69 61 74 65 6c |could im|mediatel|
|000028f0| 79 20 66 6f 6c 6c 6f 77 | 20 69 74 2e 20 20 46 6f |y follow| it.  Fo|
|00002900| 72 20 65 78 61 6d 70 6c | 65 2c 0a 69 74 20 69 73 |r exampl|e,.it is|
|00002910| 20 70 6f 73 73 69 62 6c | 65 20 74 68 61 74 20 74 | possibl|e that t|
|00002920| 68 65 20 63 6f 6c 75 6d | 6e 20 66 6f 6c 6c 6f 77 |he colum|n follow|
|00002930| 69 6e 67 20 7b 5c 74 74 | 20 4f 42 4f 7d 20 28 74 |ing {\tt| OBO} (t|
|00002940| 68 65 20 74 65 6e 74 68 | 0a 63 69 70 68 65 72 74 |he tenth|.ciphert|
|00002950| 65 78 74 20 63 6f 6c 75 | 6d 6e 29 20 69 73 20 7b |ext colu|mn) is {|
|00002960| 5c 74 74 20 55 41 4f 7d | 20 28 74 68 65 20 38 74 |\tt UAO}| (the 8t|
|00002970| 68 29 2c 20 62 75 74 20 | 74 68 65 20 63 6f 6c 75 |h), but |the colu|
|00002980| 6d 6e 20 7b 5c 74 74 20 | 54 46 43 7d 20 77 6f 75 |mn {\tt |TFC} wou|
|00002990| 6c 64 0a 79 69 65 6c 64 | 20 74 68 65 20 69 6d 70 |ld.yield| the imp|
|000029a0| 72 6f 62 61 62 6c 65 20 | 74 77 6f 2d 6c 65 74 74 |robable |two-lett|
|000029b0| 65 72 20 63 6f 6d 62 69 | 6e 61 74 69 6f 6e 20 7b |er combi|nation {|
|000029c0| 5c 74 74 20 42 46 7d 2e | 0a 5c 70 71 20 41 73 20 |\tt BF}.|.\pq As |
|000029d0| 61 6c 77 61 79 73 2c 20 | 61 20 6c 6f 6e 67 65 72 |always, |a longer|
|000029e0| 20 6d 65 73 73 61 67 65 | 20 69 73 20 65 61 73 69 | message| is easi|
|000029f0| 65 72 20 74 6f 20 64 65 | 63 6f 64 65 2e 20 20 55 |er to de|code.  U|
|00002a00| 6e 6c 69 6b 65 20 73 69 | 6d 70 6c 65 0a 73 75 62 |nlike si|mple.sub|
|00002a10| 73 74 69 74 75 74 69 6f | 6e 2c 20 69 74 20 73 65 |stitutio|n, it se|
|00002a20| 65 6d 73 20 74 68 61 74 | 20 62 6c 61 6e 6b 73 20 |ems that| blanks |
|00002a30| 6d 61 6b 65 20 74 68 65 | 20 64 65 63 6f 64 69 6e |make the| decodin|
|00002a40| 67 20 70 72 6f 63 65 73 | 73 20 6d 6f 72 65 20 0a |g proces|s more .|
|00002a50| 64 69 66 66 69 63 75 6c | 74 2e 0a 5c 70 71 20 57 |difficul|t..\pq W|
|00002a60| 68 61 74 20 61 62 6f 75 | 74 20 61 20 6b 6e 6f 77 |hat abou|t a know|
|00002a70| 6e 2d 70 6c 61 69 6e 74 | 65 78 74 20 61 74 74 61 |n-plaint|ext atta|
|00002a80| 63 6b 3f 20 53 69 6e 63 | 65 20 74 68 65 72 65 20 |ck? Sinc|e there |
|00002a90| 69 73 20 6f 6e 6c 79 20 | 6f 6e 65 20 0a 59 20 69 |is only |one .Y i|
|00002aa0| 6e 20 74 68 65 20 66 69 | 72 73 74 20 6c 69 6e 65 |n the fi|rst line|
|00002ab0| 20 6f 66 20 74 68 65 20 | 70 6c 61 69 6e 74 65 78 | of the |plaintex|
|00002ac0| 74 2c 20 77 65 20 63 61 | 6e 20 74 65 6c 6c 20 74 |t, we ca|n tell t|
|00002ad0| 68 61 74 20 63 6f 6c 75 | 6d 6e 7e 31 32 0a 6f 66 |hat colu|mn~12.of|
|00002ae0| 20 74 68 65 20 70 6c 61 | 69 6e 74 65 78 74 20 69 | the pla|intext i|
|00002af0| 73 20 63 6f 6c 75 6d 6e | 7e 32 31 20 6f 66 20 74 |s column|~21 of t|
|00002b00| 68 65 20 63 69 70 68 65 | 72 74 65 78 74 2c 20 62 |he ciphe|rtext, b|
|00002b10| 75 74 20 74 68 65 72 65 | 20 61 72 65 0a 6f 74 68 |ut there| are.oth|
|00002b20| 65 72 20 74 68 69 6e 67 | 73 20 77 65 20 63 61 6e |er thing|s we can|
|00002b30| 27 74 20 74 65 6c 6c 2e | 20 20 49 6e 20 74 68 69 |'t tell.|  In thi|
|00002b40| 73 20 65 78 61 6d 70 6c | 65 2c 20 74 68 65 72 65 |s exampl|e, there|
|00002b50| 20 61 72 65 20 38 20 63 | 6f 6c 75 6d 6e 73 0a 6f | are 8 c|olumns.o|
|00002b60| 66 20 74 68 72 65 65 20 | 62 6c 61 6e 6b 73 20 61 |f three |blanks a|
|00002b70| 74 20 74 68 65 20 65 6e | 64 20 6f 66 20 74 68 65 |t the en|d of the|
|00002b80| 20 70 6c 61 69 6e 74 65 | 78 74 2c 20 61 6e 64 20 | plainte|xt, and |
|00002b90| 77 65 20 63 61 6e 27 74 | 20 62 65 20 73 75 72 65 |we can't| be sure|
|00002ba0| 0a 77 68 69 63 68 20 6f | 66 20 74 68 65 73 65 20 |.which o|f these |
|00002bb0| 63 6f 72 72 65 73 70 6f | 6e 64 73 20 74 6f 20 77 |correspo|nds to w|
|00002bc0| 68 69 63 68 20 6f 66 20 | 74 68 65 20 61 6c 6c 2d |hich of |the all-|
|00002bd0| 62 6c 61 6e 6b 20 63 69 | 70 68 65 72 74 65 78 74 |blank ci|phertext|
|00002be0| 0a 63 6f 6c 75 6d 6e 73 | 2e 20 20 28 69 74 20 64 |.columns|.  (it d|
|00002bf0| 6f 65 73 6e 27 74 20 6d | 61 74 74 65 72 20 66 6f |oesn't m|atter fo|
|00002c00| 72 20 74 68 69 73 20 6d | 65 73 73 61 67 65 2c 20 |r this m|essage, |
|00002c10| 62 75 74 20 77 65 20 77 | 6f 75 6c 64 20 6c 69 6b |but we w|ould lik|
|00002c20| 65 20 74 6f 0a 6b 6e 6f | 77 20 74 68 65 20 65 6e |e to.kno|w the en|
|00002c30| 74 69 72 65 20 6b 65 79 | 20 74 6f 20 64 65 61 6c |tire key| to deal|
|00002c40| 20 77 69 74 68 20 6c 6f | 6e 67 65 72 20 70 6c 61 | with lo|nger pla|
|00002c50| 69 6e 74 65 78 74 73 20 | 69 6e 20 74 68 65 20 66 |intexts |in the f|
|00002c60| 75 74 75 72 65 29 0a 41 | 20 63 61 72 65 66 75 6c |uture).A| careful|
|00002c70| 6c 79 20 63 68 6f 73 65 | 6e 20 70 6c 61 69 6e 74 |ly chose|n plaint|
|00002c80| 65 78 74 20 63 61 6e 20 | 67 69 76 65 20 75 73 20 |ext can |give us |
|00002c90| 74 68 65 20 65 6e 74 69 | 72 65 20 6b 65 79 20 61 |the enti|re key a|
|00002ca0| 74 20 6f 6e 63 65 2e 0a | 5c 73 65 63 74 69 6f 6e |t once..|\section|
|00002cb0| 7b 49 6e 74 72 6f 64 75 | 63 74 69 6f 6e 20 74 6f |{Introdu|ction to|
|00002cc0| 20 4e 75 6d 62 65 72 20 | 54 68 65 6f 72 79 5c 6c | Number |Theory\l|
|00002cd0| 61 62 65 6c 7b 6e 75 6d | 74 68 7d 7d 5c 73 75 62 |abel{num|th}}\sub|
|00002ce0| 73 65 63 74 69 6f 6e 7b | 43 6f 6e 67 72 75 65 6e |section{|Congruen|
|00002cf0| 63 65 73 7d 0a 54 68 65 | 20 63 6f 6e 67 72 75 65 |ces}.The| congrue|
|00002d00| 6e 63 65 20 24 5c 63 6f | 20 61 62 6e 24 20 28 60 |nce $\co| abn$ (`|
|00002d10| 60 24 61 24 20 69 73 20 | 63 6f 6e 67 72 75 65 6e |`$a$ is |congruen|
|00002d20| 74 20 74 6f 20 24 62 24 | 20 6d 6f 64 20 24 6e 24 |t to $b$| mod $n$|
|00002d30| 27 27 29 20 73 61 79 73 | 20 74 68 61 74 2c 0a 77 |'') says| that,.w|
|00002d40| 68 65 6e 20 64 69 76 69 | 64 65 64 20 62 79 20 24 |hen divi|ded by $|
|00002d50| 6e 24 2c 20 24 61 24 20 | 61 6e 64 20 24 62 24 20 |n$, $a$ |and $b$ |
|00002d60| 68 61 76 65 20 74 68 65 | 20 73 61 6d 65 20 72 65 |have the| same re|
|00002d70| 6d 61 69 6e 64 65 72 2e | 0a 24 24 5c 63 6f 7b 31 |mainder.|.$$\co{1|
|00002d80| 30 30 7d 7b 33 34 7d 7b | 31 31 7d 5c 71 71 75 61 |00}{34}{|11}\qqua|
|00002d90| 64 5c 63 6f 7b 2d 36 7d | 7b 31 30 7d 7b 38 7d 24 |d\co{-6}|{10}{8}$|
|00002da0| 24 0a 49 6e 20 74 68 65 | 20 73 65 63 6f 6e 64 20 |$.In the| second |
|00002db0| 63 6f 6e 67 72 75 65 6e | 63 65 2c 20 77 65 20 61 |congruen|ce, we a|
|00002dc0| 72 65 20 75 73 69 6e 67 | 20 24 2d 36 3d 38 28 2d |re using| $-6=8(-|
|00002dd0| 31 29 2b 32 24 2e 20 57 | 65 20 61 6c 77 61 79 73 |1)+2$. W|e always|
|00002de0| 20 68 61 76 65 0a 24 5c | 63 6f 20 61 62 6e 24 20 | have.$\|co abn$ |
|00002df0| 66 6f 72 20 73 6f 6d 65 | 20 24 30 5c 6c 65 20 62 |for some| $0\le b|
|00002e00| 5c 6c 65 20 6e 2d 31 24 | 2c 20 61 6e 64 20 77 65 |\le n-1$|, and we|
|00002e10| 20 61 72 65 20 75 73 75 | 61 6c 6c 79 20 63 6f 6e | are usu|ally con|
|00002e20| 63 65 72 6e 65 64 20 77 | 69 74 68 0a 74 68 61 74 |cerned w|ith.that|
|00002e30| 20 24 62 24 2e 20 20 49 | 66 20 24 5c 63 6f 20 61 | $b$.  I|f $\co a|
|00002e40| 62 6e 24 20 61 6e 64 20 | 24 63 5c 65 71 75 69 76 |bn$ and |$c\equiv|
|00002e50| 20 64 24 2c 20 77 65 20 | 63 61 6e 20 61 64 64 20 | d$, we |can add |
|00002e60| 6f 72 20 6d 75 6c 74 69 | 70 6c 79 0a 24 24 5c 63 |or multi|ply.$$\c|
|00002e70| 6f 20 7b 61 2b 63 7d 7b | 62 2b 64 7d 6e 5c 71 71 |o {a+c}{|b+d}n\qq|
|00002e80| 75 61 64 20 5c 63 6f 7b | 61 63 7d 7b 62 64 7d 6e |uad \co{|ac}{bd}n|
|00002e90| 24 24 0a 44 69 76 69 73 | 69 6f 6e 20 64 6f 65 73 |$$.Divis|ion does|
|00002ea0| 20 6e 6f 74 20 61 6c 77 | 61 79 73 20 77 6f 72 6b | not alw|ays work|
|00002eb0| 3a 20 24 5c 63 6f 36 7b | 31 38 7d 7b 31 32 7d 24 |: $\co6{|18}{12}$|
|00002ec0| 20 62 75 74 20 24 33 5c | 6e 6f 74 5c 65 71 75 69 | but $3\|not\equi|
|00002ed0| 76 39 24 2e 0a 5c 73 75 | 62 73 65 63 74 69 6f 6e |v9$..\su|bsection|
|00002ee0| 7b 54 68 65 20 47 72 65 | 61 74 65 73 74 20 43 6f |{The Gre|atest Co|
|00002ef0| 6d 6d 6f 6e 20 44 69 76 | 69 73 6f 72 7d 0a 46 6f |mmon Div|isor}.Fo|
|00002f00| 72 20 24 61 24 20 61 6e | 64 20 24 62 24 2c 20 74 |r $a$ an|d $b$, t|
|00002f10| 68 65 20 6e 75 6d 62 65 | 72 20 24 28 61 2c 62 29 |he numbe|r $(a,b)|
|00002f20| 24 20 69 73 20 74 68 65 | 20 6c 61 72 67 65 73 74 |$ is the| largest|
|00002f30| 20 6e 75 6d 62 65 72 20 | 77 68 69 63 68 0a 64 69 | number |which.di|
|00002f40| 76 69 64 65 73 20 24 61 | 24 20 61 6e 64 20 24 62 |vides $a|$ and $b|
|00002f50| 24 20 65 76 65 6e 6c 79 | 2e 20 24 24 28 35 36 2c |$ evenly|. $$(56,|
|00002f60| 39 38 29 3d 31 34 5c 71 | 71 75 61 64 28 37 36 2c |98)=14\q|quad(76,|
|00002f70| 31 39 30 29 3d 33 38 24 | 24 5c 62 65 67 69 6e 7b |190)=38$|$\begin{|
|00002f80| 54 68 7d 0a 5c 6c 61 62 | 65 6c 7b 54 31 7d 46 6f |Th}.\lab|el{T1}Fo|
|00002f90| 72 20 61 6e 79 20 24 61 | 2c 62 24 20 74 68 65 72 |r any $a|,b$ ther|
|00002fa0| 65 20 61 72 65 20 69 6e | 74 65 67 65 72 73 20 24 |e are in|tegers $|
|00002fb0| 78 2c 79 24 20 77 69 74 | 68 20 24 61 78 2b 62 79 |x,y$ wit|h $ax+by|
|00002fc0| 3d 28 61 2c 62 29 24 5c | 65 6e 64 7b 54 68 7d 0a |=(a,b)$\|end{Th}.|
|00002fd0| 50 72 6f 6f 66 3a 20 54 | 68 65 20 65 71 75 61 74 |Proof: T|he equat|
|00002fe0| 69 6f 6e 20 63 61 6e 20 | 62 65 20 73 6f 6c 76 65 |ion can |be solve|
|00002ff0| 64 20 62 79 20 6d 61 6b | 69 6e 67 20 61 20 73 65 |d by mak|ing a se|
|00003000| 71 75 65 6e 63 65 20 6f | 66 20 73 69 6d 70 6c 69 |quence o|f simpli|
|00003010| 66 79 69 6e 67 0a 73 75 | 62 73 74 69 74 75 74 69 |fying.su|bstituti|
|00003020| 6f 6e 73 3a 5c 62 65 67 | 69 6e 7b 65 71 6e 61 72 |ons:\beg|in{eqnar|
|00003030| 72 61 79 2a 7d 33 30 78 | 2b 36 39 79 26 3d 26 33 |ray*}30x|+69y&=&3|
|00003040| 5c 5c 33 30 78 27 2b 39 | 79 26 3d 26 33 5c 71 75 |\\30x'+9|y&=&3\qu|
|00003050| 61 64 5b 78 27 3d 78 2b | 32 79 5d 5c 5c 0a 33 78 |ad[x'=x+|2y]\\.3x|
|00003060| 27 2b 39 79 27 26 3d 26 | 33 5c 71 75 61 64 5b 79 |'+9y'&=&|3\quad[y|
|00003070| 27 3d 79 2b 33 78 27 5d | 5c 5c 33 78 27 27 2b 30 |'=y+3x']|\\3x''+0|
|00003080| 79 27 26 3d 26 33 5c 71 | 75 61 64 5b 78 27 27 3d |y'&=&3\q|uad[x''=|
|00003090| 78 27 2b 33 79 27 5d 5c | 65 6e 64 7b 65 71 6e 61 |x'+3y']\|end{eqna|
|000030a0| 72 72 61 79 2a 7d 0a 49 | 74 20 69 73 20 65 61 73 |rray*}.I|t is eas|
|000030b0| 79 20 74 6f 20 73 65 65 | 20 74 68 61 74 20 24 78 |y to see| that $x|
|000030c0| 27 27 3d 31 24 2c 20 24 | 79 27 3d 30 24 20 69 73 |''=1$, $|y'=0$ is|
|000030d0| 20 61 20 73 6f 6c 75 74 | 69 6f 6e 20 74 6f 20 74 | a solut|ion to t|
|000030e0| 68 65 20 66 69 6e 61 6c | 0a 65 71 75 61 74 69 6f |he final|.equatio|
|000030f0| 6e 20 61 6e 64 20 77 65 | 20 67 65 74 20 61 20 73 |n and we| get a s|
|00003100| 6f 6c 75 74 69 6f 6e 20 | 74 6f 20 74 68 65 20 6f |olution |to the o|
|00003110| 72 69 67 69 6e 61 6c 20 | 65 71 75 61 74 69 6f 6e |riginal |equation|
|00003120| 20 62 79 20 77 6f 72 6b | 69 6e 67 0a 62 61 63 6b | by work|ing.back|
|00003130| 77 61 72 64 73 3a 24 24 | 78 27 3d 78 27 27 2d 33 |wards:$$|x'=x''-3|
|00003140| 79 27 3d 31 5c 71 75 61 | 64 20 79 3d 79 27 2d 33 |y'=1\qua|d y=y'-3|
|00003150| 78 27 3d 2d 33 5c 71 75 | 61 64 20 78 3d 78 27 2d |x'=-3\qu|ad x=x'-|
|00003160| 32 79 3d 37 24 24 0a 5c | 70 71 20 57 65 20 63 6f |2y=7$$.\|pq We co|
|00003170| 75 6c 64 20 61 6c 73 6f | 20 73 6f 6c 76 65 20 61 |uld also| solve a|
|00003180| 6e 20 65 71 75 61 74 69 | 6f 6e 20 6c 69 6b 65 20 |n equati|on like |
|00003190| 24 33 30 78 2b 36 39 79 | 3d 31 35 24 20 62 79 20 |$30x+69y|=15$ by |
|000031a0| 6d 75 6c 74 69 70 6c 79 | 69 6e 67 0a 6f 75 72 20 |multiply|ing.our |
|000031b0| 73 6f 6c 75 74 69 6f 6e | 3a 20 24 79 3d 2d 31 35 |solution|: $y=-15|
|000031c0| 24 2c 20 24 78 3d 33 35 | 24 2e 20 20 49 74 20 73 |$, $x=35|$.  It s|
|000031d0| 68 6f 75 6c 64 20 62 65 | 20 63 6c 65 61 72 20 74 |hould be| clear t|
|000031e0| 68 61 74 20 74 68 65 20 | 65 71 75 61 74 69 6f 6e |hat the |equation|
|000031f0| 0a 77 69 6c 6c 20 68 61 | 76 65 20 6e 6f 20 73 6f |.will ha|ve no so|
|00003200| 6c 75 74 69 6f 6e 20 69 | 6e 20 69 6e 74 65 67 65 |lution i|n intege|
|00003210| 72 73 20 69 66 20 31 35 | 20 69 73 20 72 65 70 6c |rs if 15| is repl|
|00003220| 61 63 65 64 20 62 79 20 | 73 6f 6d 65 74 68 69 6e |aced by |somethin|
|00003230| 67 0a 74 68 61 74 20 69 | 73 20 6e 6f 74 20 61 20 |g.that i|s not a |
|00003240| 6d 75 6c 74 69 70 6c 65 | 20 6f 66 20 24 28 33 30 |multiple| of $(30|
|00003250| 2c 36 39 29 3d 33 24 2e | 5c 70 71 20 41 6c 6c 20 |,69)=3$.|\pq All |
|00003260| 6f 74 68 65 72 20 69 6e | 74 65 67 65 72 20 73 6f |other in|teger so|
|00003270| 6c 75 74 69 6f 6e 73 20 | 6f 66 0a 24 33 30 78 2b |lutions |of.$30x+|
|00003280| 36 39 79 3d 31 35 24 20 | 6d 61 79 20 62 65 20 6f |69y=15$ |may be o|
|00003290| 62 74 61 69 6e 65 64 20 | 62 79 20 63 68 61 6e 67 |btained |by chang|
|000032a0| 69 6e 67 20 74 68 65 20 | 66 69 72 73 74 20 73 6f |ing the |first so|
|000032b0| 6c 75 74 69 6f 6e 3a 0a | 24 24 79 3d 2d 31 35 2b |lution:.|$$y=-15+|
|000032c0| 5c 66 72 61 63 7b 33 30 | 7d 33 74 5c 71 75 61 64 |\frac{30|}3t\quad|
|000032d0| 20 78 3d 33 35 2d 5c 66 | 72 61 63 7b 36 39 7d 33 | x=35-\f|rac{69}3|
|000032e0| 74 5c 71 75 61 64 5c 68 | 62 6f 78 7b 66 6f 72 20 |t\quad\h|box{for |
|000032f0| 24 74 24 20 69 6e 74 65 | 67 65 72 7d 24 24 0a 5c |$t$ inte|ger}$$.\|
|00003300| 70 71 20 49 66 20 77 65 | 20 64 6f 20 74 68 65 20 |pq If we| do the |
|00003310| 70 72 6f 63 65 73 73 20 | 69 6c 6c 75 73 74 72 61 |process |illustra|
|00003320| 74 65 64 20 6f 6e 20 74 | 68 65 20 70 72 65 76 69 |ted on t|he previ|
|00003330| 6f 75 73 20 70 61 67 65 | 20 66 6f 72 20 61 6e 79 |ous page| for any|
|00003340| 0a 65 71 75 61 74 69 6f | 6e 20 24 61 78 2b 62 79 |.equatio|n $ax+by|
|00003350| 3d 28 61 2c 62 29 24 2c | 20 77 65 20 65 76 65 6e |=(a,b)$,| we even|
|00003360| 74 75 61 6c 6c 79 20 67 | 65 74 20 6f 6e 65 20 6f |tually g|et one o|
|00003370| 66 20 74 68 65 20 63 6f | 65 66 66 69 63 69 65 6e |f the co|efficien|
|00003380| 74 73 0a 61 73 20 7a 65 | 72 6f 20 61 6e 64 20 74 |ts.as ze|ro and t|
|00003390| 68 65 20 6f 74 68 65 72 | 20 61 73 20 24 28 61 2c |he other| as $(a,|
|000033a0| 62 29 24 2e 20 20 5b 49 | 6e 20 66 61 63 74 2c 20 |b)$.  [I|n fact, |
|000033b0| 74 68 69 73 20 70 72 6f | 63 65 73 73 20 69 73 20 |this pro|cess is |
|000033c0| 75 73 75 61 6c 6c 79 0a | 70 72 65 73 65 6e 74 65 |usually.|presente|
|000033d0| 64 20 61 73 20 60 60 45 | 75 63 6c 69 64 27 73 20 |d as ``E|uclid's |
|000033e0| 61 6c 67 6f 72 69 74 68 | 6d 20 66 6f 72 20 66 69 |algorith|m for fi|
|000033f0| 6e 64 69 6e 67 20 74 68 | 65 20 67 72 65 61 74 65 |nding th|e greate|
|00003400| 73 74 20 63 6f 6d 6d 6f | 6e 0a 64 69 76 69 73 6f |st commo|n.diviso|
|00003410| 72 2e 27 27 5d 0a 5c 70 | 71 20 49 74 20 69 73 20 |r.''].\p|q It is |
|00003420| 69 6d 70 6f 72 74 61 6e | 74 20 74 68 61 74 20 74 |importan|t that t|
|00003430| 68 69 73 20 70 72 6f 63 | 65 73 73 20 69 73 20 66 |his proc|ess is f|
|00003440| 65 61 73 69 62 6c 65 20 | 5b 6f 6e 20 61 20 63 6f |easible |[on a co|
|00003450| 6d 70 75 74 65 72 5d 0a | 65 76 65 6e 20 69 66 20 |mputer].|even if |
|00003460| 24 61 24 20 61 6e 64 20 | 24 62 24 20 61 72 65 20 |$a$ and |$b$ are |
|00003470| 73 65 76 65 72 61 6c 20 | 68 75 6e 64 72 65 64 20 |several |hundred |
|00003480| 64 69 67 69 74 73 20 6c | 6f 6e 67 2e 20 20 49 74 |digits l|ong.  It|
|00003490| 20 69 73 20 65 61 73 79 | 0a 74 6f 20 73 68 6f 77 | is easy|.to show|
|000034a0| 20 74 68 61 74 20 74 68 | 65 20 6c 61 72 67 65 72 | that th|e larger|
|000034b0| 20 6f 66 20 74 68 65 20 | 74 77 6f 20 63 6f 65 66 | of the |two coef|
|000034c0| 66 69 63 69 65 6e 74 73 | 20 64 65 63 72 65 61 73 |ficients| decreas|
|000034d0| 65 73 20 62 79 20 61 74 | 20 0a 6c 65 61 73 74 20 |es by at| .least |
|000034e0| 24 31 2f 32 24 20 65 76 | 65 72 79 20 74 77 6f 20 |$1/2$ ev|ery two |
|000034f0| 65 71 75 61 74 69 6f 6e | 73 2c 20 68 65 6e 63 65 |equation|s, hence|
|00003500| 20 74 68 61 74 20 69 6e | 20 74 77 65 6e 74 79 20 | that in| twenty |
|00003510| 65 71 75 61 74 69 6f 6e | 73 0a 74 68 65 20 6c 61 |equation|s.the la|
|00003520| 72 67 65 72 20 63 6f 65 | 66 66 69 63 69 65 6e 74 |rger coe|fficient|
|00003530| 20 68 61 73 20 64 65 63 | 72 65 61 73 65 64 20 62 | has dec|reased b|
|00003540| 79 20 24 32 5e 7b 2d 31 | 30 7d 3c 31 30 5e 7b 2d |y $2^{-1|0}<10^{-|
|00003550| 33 7d 24 2c 20 73 6f 0a | 61 20 36 30 30 2d 64 69 |3}$, so.|a 600-di|
|00003560| 67 69 74 20 6e 75 6d 62 | 65 72 20 77 6f 75 6c 64 |git numb|er would|
|00003570| 20 6e 6f 74 20 72 65 71 | 75 69 72 65 20 6d 6f 72 | not req|uire mor|
|00003580| 65 20 74 68 61 6e 20 34 | 30 30 30 20 65 71 75 61 |e than 4|000 equa|
|00003590| 74 69 6f 6e 73 2e 0a 5b | 74 68 69 73 20 61 6e 61 |tions..[|this ana|
|000035a0| 6c 79 73 69 73 20 63 61 | 6e 20 62 65 20 69 6d 70 |lysis ca|n be imp|
|000035b0| 72 6f 76 65 64 5d 0a 5c | 70 71 20 57 65 20 70 6f |roved].\|pq We po|
|000035c0| 69 6e 74 65 64 20 6f 75 | 74 20 65 61 72 6c 69 65 |inted ou|t earlie|
|000035d0| 72 20 74 68 61 74 20 64 | 69 76 69 73 69 6f 6e 20 |r that d|ivision |
|000035e0| 64 6f 65 73 20 6e 6f 74 | 20 77 6f 72 6b 20 77 69 |does not| work wi|
|000035f0| 74 68 20 63 6f 6e 67 72 | 75 65 6e 63 65 73 2e 0a |th congr|uences..|
|00003600| 41 6e 20 69 6d 70 6f 72 | 74 61 6e 74 20 61 70 70 |An impor|tant app|
|00003610| 6c 69 63 61 74 69 6f 6e | 20 6f 66 20 54 68 65 6f |lication| of Theo|
|00003620| 72 65 6d 7e 5c 72 65 66 | 7b 54 31 7d 20 69 73 20 |rem~\ref|{T1} is |
|00003630| 74 68 61 74 20 69 74 20 | 64 6f 65 73 20 77 6f 72 |that it |does wor|
|00003640| 6b 20 66 6f 72 20 70 72 | 69 6d 65 0a 6e 75 6d 62 |k for pr|ime.numb|
|00003650| 65 72 73 2e 5c 62 65 67 | 69 6e 7b 43 6f 7d 20 49 |ers.\beg|in{Co} I|
|00003660| 66 20 70 20 69 73 20 61 | 20 70 72 69 6d 65 20 6e |f p is a| prime n|
|00003670| 75 6d 62 65 72 2c 20 24 | 5c 63 6f 20 7b 61 72 7d |umber, $|\co {ar}|
|00003680| 7b 61 73 7d 70 24 20 61 | 6e 64 20 0a 24 61 5c 6e |{as}p$ a|nd .$a\n|
|00003690| 6f 74 5c 65 71 75 69 76 | 20 30 24 2c 20 74 68 65 |ot\equiv| 0$, the|
|000036a0| 6e 20 24 72 5c 65 71 75 | 69 76 20 73 24 2e 5c 65 |n $r\equ|iv s$.\e|
|000036b0| 6e 64 7b 43 6f 7d 0a 50 | 72 6f 6f 66 3a 20 53 69 |nd{Co}.P|roof: Si|
|000036c0| 6e 63 65 20 24 70 24 20 | 69 73 20 61 20 70 72 69 |nce $p$ |is a pri|
|000036d0| 6d 65 2c 0a 24 28 61 2c | 70 29 3d 31 24 2c 20 73 |me,.$(a,|p)=1$, s|
|000036e0| 6f 20 54 68 65 6f 72 65 | 6d 7e 5c 72 65 66 7b 54 |o Theore|m~\ref{T|
|000036f0| 31 7d 20 73 61 79 73 20 | 74 68 65 72 65 20 61 72 |1} says |there ar|
|00003700| 65 20 69 6e 74 65 67 65 | 72 20 24 78 2c 79 24 20 |e intege|r $x,y$ |
|00003710| 77 69 74 68 20 24 61 78 | 2b 70 79 3d 31 24 2e 0a |with $ax|+py=1$..|
|00003720| 48 65 6e 63 65 20 24 24 | 5c 63 6f 20 7b 61 78 7d |Hence $$|\co {ax}|
|00003730| 31 70 5c 71 75 61 64 5c | 68 62 6f 78 7b 61 6e 64 |1p\quad\|hbox{and|
|00003740| 7d 5c 71 75 61 64 20 72 | 5c 65 71 75 69 76 28 31 |}\quad r|\equiv(1|
|00003750| 29 72 5c 65 71 75 69 76 | 20 61 78 72 5c 65 71 75 |)r\equiv| axr\equ|
|00003760| 69 76 20 78 61 72 0a 5c | 65 71 75 69 76 5c 63 6f |iv xar.\|equiv\co|
|00003770| 20 7b 78 61 73 7d 73 70 | 24 24 0a 5c 62 65 67 69 | {xas}sp|$$.\begi|
|00003780| 6e 7b 43 6f 7d 49 66 20 | 70 20 69 73 20 61 20 70 |n{Co}If |p is a p|
|00003790| 72 69 6d 65 20 6e 75 6d | 62 65 72 20 61 6e 64 20 |rime num|ber and |
|000037a0| 24 61 5c 6e 6f 74 5c 65 | 71 75 69 76 30 24 7e 6d |$a\not\e|quiv0$~m|
|000037b0| 6f 64 7e 24 70 24 2c 20 | 74 68 65 6e 0a 66 6f 72 |od~$p$, |then.for|
|000037c0| 20 61 6e 79 20 24 62 24 | 2c 20 74 68 65 72 65 20 | any $b$|, there |
|000037d0| 69 73 20 24 79 24 20 77 | 69 74 68 20 24 5c 63 6f |is $y$ w|ith $\co|
|000037e0| 7b 61 79 7d 62 70 24 2e | 5c 65 6e 64 7b 43 6f 7d |{ay}bp$.|\end{Co}|
|000037f0| 0a 50 72 6f 6f 66 3a 20 | 57 65 20 73 68 6f 77 65 |.Proof: |We showe|
|00003800| 64 20 69 6e 20 74 68 65 | 20 70 72 65 63 65 64 69 |d in the| precedi|
|00003810| 6e 67 20 70 72 6f 6f 66 | 20 74 68 61 74 20 74 68 |ng proof| that th|
|00003820| 65 72 65 20 69 73 20 24 | 78 24 20 77 69 74 68 0a |ere is $|x$ with.|
|00003830| 24 5c 63 6f 20 7b 61 78 | 7d 31 70 24 2e 20 20 4c |$\co {ax|}1p$.  L|
|00003840| 65 74 20 24 79 3d 62 78 | 24 2e 0a 5c 62 65 67 69 |et $y=bx|$..\begi|
|00003850| 6e 7b 43 6f 7d 5b 54 68 | 65 20 60 60 43 68 69 6e |n{Co}[Th|e ``Chin|
|00003860| 65 73 65 20 52 65 6d 61 | 69 6e 64 65 72 20 54 68 |ese Rema|inder Th|
|00003870| 65 6f 72 65 6d 27 27 5d | 20 49 66 20 24 28 70 2c |eorem'']| If $(p,|
|00003880| 71 29 3d 31 24 2c 20 74 | 68 65 6e 0a 66 6f 72 20 |q)=1$, t|hen.for |
|00003890| 61 6e 79 20 24 61 2c 62 | 24 2c 20 74 68 65 72 65 |any $a,b|$, there|
|000038a0| 20 69 73 20 61 6e 20 24 | 6e 24 20 77 69 74 68 20 | is an $|n$ with |
|000038b0| 24 24 5c 63 6f 20 6e 61 | 70 5c 71 75 61 64 0a 5c |$$\co na|p\quad.\|
|000038c0| 68 62 6f 78 7b 61 6e 64 | 7d 5c 71 75 61 64 5c 63 |hbox{and|}\quad\c|
|000038d0| 6f 20 6e 62 71 24 24 5c | 65 6e 64 7b 43 6f 7d 0a |o nbq$$\|end{Co}.|
|000038e0| 50 72 6f 6f 66 3a 20 54 | 68 65 6f 72 65 6d 7e 5c |Proof: T|heorem~\|
|000038f0| 72 65 66 7b 54 31 7d 20 | 69 6d 70 6c 69 65 73 20 |ref{T1} |implies |
|00003900| 74 68 65 72 65 20 61 72 | 65 20 69 6e 74 65 67 65 |there ar|e intege|
|00003910| 72 73 20 24 78 2c 79 24 | 20 73 75 63 68 20 74 68 |rs $x,y$| such th|
|00003920| 61 74 0a 24 24 70 78 2b | 61 3d 71 79 2b 62 5c 71 |at.$$px+|a=qy+b\q|
|00003930| 75 61 64 5c 68 62 6f 78 | 7b 73 6f 20 6c 65 74 20 |uad\hbox|{so let |
|00003940| 7d 6e 3d 70 78 2b 61 24 | 24 0a 5c 73 75 62 73 65 |}n=px+a$|$.\subse|
|00003950| 63 74 69 6f 6e 7b 50 6f | 77 65 72 73 20 6d 6f 64 |ction{Po|wers mod|
|00003960| 75 6c 6f 20 61 20 70 72 | 69 6d 65 7d 54 68 65 20 |ulo a pr|ime}The |
|00003970| 73 65 71 75 65 6e 63 65 | 20 24 24 61 5c 71 75 61 |sequence| $$a\qua|
|00003980| 64 20 61 5e 32 5c 71 75 | 61 64 0a 61 5e 33 5c 64 |d a^2\qu|ad.a^3\d|
|00003990| 6f 74 73 5c 71 75 61 64 | 5c 68 62 6f 78 7b 6d 6f |ots\quad|\hbox{mo|
|000039a0| 64 20 7d 70 24 24 20 68 | 61 73 20 6d 61 6e 79 20 |d }p$$ h|as many |
|000039b0| 61 70 70 6c 69 63 61 74 | 69 6f 6e 73 20 69 6e 20 |applicat|ions in |
|000039c0| 63 72 79 70 74 6f 67 72 | 61 70 68 79 2e 0a 42 65 |cryptogr|aphy..Be|
|000039d0| 66 6f 72 65 20 6c 6f 6f | 6b 69 6e 67 20 61 74 20 |fore loo|king at |
|000039e0| 74 68 65 6f 72 65 74 69 | 63 61 6c 20 70 72 6f 70 |theoreti|cal prop|
|000039f0| 65 72 74 69 65 73 2c 20 | 74 68 65 20 65 78 61 6d |erties, |the exam|
|00003a00| 70 6c 65 20 62 65 6c 6f | 77 20 28 64 6f 6e 65 0a |ple belo|w (done.|
|00003a10| 75 73 69 6e 67 20 61 20 | 70 6f 63 6b 65 74 20 63 |using a |pocket c|
|00003a20| 61 6c 63 75 6c 61 74 6f | 72 29 20 73 68 6f 75 6c |alculato|r) shoul|
|00003a30| 64 20 6d 61 6b 65 20 63 | 6c 65 61 72 20 74 68 61 |d make c|lear tha|
|00003a40| 74 20 69 74 20 69 73 20 | 70 72 61 63 74 69 63 61 |t it is |practica|
|00003a50| 6c 0a 74 6f 20 63 6f 6d | 70 75 74 65 20 74 68 65 |l.to com|pute the|
|00003a60| 73 65 20 6e 75 6d 62 65 | 72 73 2c 20 65 76 65 6e |se numbe|rs, even|
|00003a70| 20 77 68 65 6e 20 6d 61 | 6e 79 20 64 69 67 69 74 | when ma|ny digit|
|00003a80| 73 20 61 72 65 20 69 6e | 76 6f 6c 76 65 64 2e 0a |s are in|volved..|
|00003a90| 5c 70 71 20 53 75 70 70 | 6f 73 65 20 77 65 20 77 |\pq Supp|ose we w|
|00003aa0| 61 6e 74 20 74 6f 20 63 | 6f 6d 70 75 74 65 20 24 |ant to c|ompute $|
|00003ab0| 34 33 32 5e 7b 36 37 38 | 7d 24 7e 6d 6f 64 7e 39 |432^{678|}$~mod~9|
|00003ac0| 38 37 2e 20 20 54 68 65 | 20 62 61 73 69 63 20 74 |87.  The| basic t|
|00003ad0| 72 69 63 6b 0a 69 73 20 | 74 6f 20 73 74 61 72 74 |rick.is |to start|
|00003ae0| 20 77 69 74 68 20 61 20 | 6e 75 6d 62 65 72 20 61 | with a |number a|
|00003af0| 6e 64 20 6b 65 65 70 20 | 73 71 75 61 72 69 6e 67 |nd keep |squaring|
|00003b00| 3a 0a 24 24 34 33 32 5e | 32 3d 31 38 36 36 32 34 |:.$$432^|2=186624|
|00003b10| 5c 65 71 75 69 76 38 31 | 5c 71 75 61 64 34 33 32 |\equiv81|\quad432|
|00003b20| 5e 34 5c 65 71 75 69 76 | 38 31 5e 32 5c 65 71 75 |^4\equiv|81^2\equ|
|00003b30| 69 76 36 33 39 5c 71 75 | 61 64 34 33 32 5e 38 5c |iv639\qu|ad432^8\|
|00003b40| 65 71 75 69 76 0a 36 33 | 39 5e 32 5c 65 71 75 69 |equiv.63|9^2\equi|
|00003b50| 76 36 39 30 5c 64 6f 74 | 73 34 33 32 5e 7b 35 31 |v690\dot|s432^{51|
|00003b60| 32 7d 5c 65 71 75 69 76 | 38 35 38 24 24 0a 53 69 |2}\equiv|858$$.Si|
|00003b70| 6e 63 65 20 24 36 37 38 | 3d 35 31 32 2b 31 32 38 |nce $678|=512+128|
|00003b80| 2b 33 32 2b 34 2b 32 24 | 2c 20 24 24 34 33 32 5e |+32+4+2$|, $$432^|
|00003b90| 7b 36 37 38 7d 5c 65 71 | 75 69 76 28 38 31 29 28 |{678}\eq|uiv(81)(|
|00003ba0| 36 33 39 29 5c 64 6f 74 | 73 28 38 35 38 29 0a 5c |639)\dot|s(858).\|
|00003bb0| 65 71 75 69 76 32 30 34 | 5c 71 71 75 61 64 5c 68 |equiv204|\qquad\h|
|00003bc0| 62 6f 78 7b 28 49 20 68 | 6f 70 65 21 29 7d 24 24 |box{(I h|ope!)}$$|
|00003bd0| 43 61 6c 63 75 6c 61 74 | 69 6f 6e 73 20 77 69 74 |Calculat|ions wit|
|00003be0| 68 20 65 78 70 6f 6e 65 | 6e 74 73 20 0a 69 6e 76 |h expone|nts .inv|
|00003bf0| 6f 6c 76 65 20 6e 6f 74 | 2d 74 6f 6f 2d 6d 61 6e |olve not|-too-man|
|00003c00| 79 20 6d 75 6c 74 69 70 | 6c 69 63 61 74 69 6f 6e |y multip|lication|
|00003c10| 73 2e 20 20 49 66 20 74 | 68 65 20 6e 75 6d 62 65 |s.  If t|he numbe|
|00003c20| 72 73 20 68 61 76 65 20 | 73 65 76 65 72 61 6c 0a |rs have |several.|
|00003c30| 68 75 6e 64 72 65 64 20 | 64 69 67 69 74 73 2c 20 |hundred |digits, |
|00003c40| 68 6f 77 65 76 65 72 2c | 20 69 74 20 69 73 20 6e |however,| it is n|
|00003c50| 65 63 65 73 73 61 72 79 | 20 74 6f 20 64 65 73 69 |ecessary| to desi|
|00003c60| 67 6e 20 73 70 65 63 69 | 61 6c 20 73 75 62 25 0a |gn speci|al sub%.|
|00003c70| 72 6f 75 74 69 6e 65 73 | 20 74 6f 20 64 6f 20 74 |routines| to do t|
|00003c80| 68 65 20 6d 75 6c 74 69 | 70 6c 69 63 61 74 69 6f |he multi|plicatio|
|00003c90| 6e 73 20 28 73 65 65 20 | 4b 6e 75 74 68 2c 20 76 |ns (see |Knuth, v|
|00003ca0| 6f 6c 75 6d 65 7e 32 29 | 2e 0a 5c 70 71 20 4c 65 |olume~2)|..\pq Le|
|00003cb0| 74 20 75 73 20 6c 6f 6f | 6b 20 61 74 20 74 68 65 |t us loo|k at the|
|00003cc0| 20 73 65 71 75 65 6e 63 | 65 20 6f 66 20 70 6f 77 | sequenc|e of pow|
|00003cd0| 65 72 73 20 6f 66 20 32 | 20 6d 6f 64 20 31 31 3a |ers of 2| mod 11:|
|00003ce0| 0a 24 24 32 5c 20 34 5c | 20 38 5c 20 35 5c 20 31 |.$$2\ 4\| 8\ 5\ 1|
|00003cf0| 30 5c 20 39 5c 20 37 5c | 20 33 5c 20 36 5c 20 31 |0\ 9\ 7\| 3\ 6\ 1|
|00003d00| 24 24 45 61 63 68 20 6e | 75 6d 62 65 72 20 66 72 |$$Each n|umber fr|
|00003d10| 6f 6d 20 31 20 74 6f 20 | 31 30 20 61 70 70 65 61 |om 1 to |10 appea|
|00003d20| 72 73 0a 69 6e 20 74 68 | 65 20 73 65 71 75 65 6e |rs.in th|e sequen|
|00003d30| 63 65 2e 5c 62 65 67 69 | 6e 7b 54 68 7d 5c 6c 61 |ce.\begi|n{Th}\la|
|00003d40| 62 65 6c 7b 70 72 6f 6f | 74 7d 4c 65 74 20 24 70 |bel{proo|t}Let $p|
|00003d50| 24 20 62 65 20 61 20 70 | 72 69 6d 65 2e 20 20 54 |$ be a p|rime.  T|
|00003d60| 68 65 72 65 0a 69 73 20 | 61 6e 20 24 61 24 20 73 |here.is |an $a$ s|
|00003d70| 75 63 68 20 74 68 61 74 | 20 66 6f 72 20 65 76 65 |uch that| for eve|
|00003d80| 72 79 20 24 31 5c 6c 65 | 20 62 5c 6c 65 20 70 2d |ry $1\le| b\le p-|
|00003d90| 31 24 2c 20 74 68 65 72 | 65 20 69 73 20 24 31 5c |1$, ther|e is $1\|
|00003da0| 6c 65 20 78 5c 6c 65 0a | 70 2d 31 24 20 73 75 63 |le x\le.|p-1$ suc|
|00003db0| 68 20 74 68 61 74 20 24 | 5c 63 6f 7b 61 5e 78 7d |h that $|\co{a^x}|
|00003dc0| 62 70 24 2e 5c 65 6e 64 | 7b 54 68 7d 0a 49 74 20 |bp$.\end|{Th}.It |
|00003dd0| 69 73 20 6e 6f 74 20 61 | 6c 77 61 79 73 20 74 68 |is not a|lways th|
|00003de0| 65 20 63 61 73 65 20 74 | 68 61 74 20 24 61 3d 32 |e case t|hat $a=2|
|00003df0| 24 2e 20 20 54 68 65 20 | 70 6f 77 65 72 73 20 6f |$.  The |powers o|
|00003e00| 66 20 32 20 6d 6f 64 7e | 37 20 61 72 65 0a 32 2c |f 2 mod~|7 are.2,|
|00003e10| 7e 34 2c 7e 31 20 61 66 | 74 65 72 20 77 68 69 63 |~4,~1 af|ter whic|
|00003e20| 68 20 74 68 65 20 73 65 | 71 75 65 6e 63 65 20 72 |h the se|quence r|
|00003e30| 65 70 65 61 74 73 20 61 | 6e 64 20 77 65 20 6e 65 |epeats a|nd we ne|
|00003e40| 76 65 72 20 67 65 74 20 | 33 2c 20 35 2c 20 6f 72 |ver get |3, 5, or|
|00003e50| 20 36 2e 0a 5c 70 71 20 | 54 68 65 20 70 72 6f 6f | 6..\pq |The proo|
|00003e60| 66 20 6f 66 20 54 68 65 | 6f 72 65 6d 7e 5c 72 65 |f of The|orem~\re|
|00003e70| 66 7b 70 72 6f 6f 74 7d | 20 72 65 71 75 69 72 65 |f{proot}| require|
|00003e80| 73 20 73 65 76 65 72 61 | 6c 20 73 74 65 70 73 2c |s severa|l steps,|
|00003e90| 20 73 6f 20 77 65 0a 77 | 69 6c 6c 20 67 69 76 65 | so we.w|ill give|
|00003ea0| 20 69 74 20 6c 61 74 65 | 72 2e 20 20 46 6f 72 20 | it late|r.  For |
|00003eb0| 6e 6f 77 2c 20 77 65 20 | 77 61 6e 74 20 74 6f 20 |now, we |want to |
|00003ec0| 6c 6f 6f 6b 20 61 74 20 | 73 6f 6d 65 20 6f 66 20 |look at |some of |
|00003ed0| 69 74 73 20 63 6f 6e 73 | 65 71 75 65 6e 63 65 73 |its cons|equences|
|00003ee0| 2e 0a 5c 62 65 67 69 6e | 7b 43 6f 7d 4c 65 74 20 |..\begin|{Co}Let |
|00003ef0| 24 61 24 20 62 65 20 61 | 73 20 69 6e 20 54 68 65 |$a$ be a|s in The|
|00003f00| 6f 72 65 6d 7e 5c 72 65 | 66 7b 70 72 6f 6f 74 7d |orem~\re|f{proot}|
|00003f10| 2e 20 54 68 65 6e 20 24 | 5c 63 6f 7b 61 5e 7b 70 |. Then $|\co{a^{p|
|00003f20| 2d 31 7d 7d 31 70 24 2e | 0a 5c 6c 61 62 65 6c 7b |-1}}1p$.|.\label{|
|00003f30| 50 46 7d 5c 65 6e 64 7b | 43 6f 7d 50 72 6f 6f 66 |PF}\end{|Co}Proof|
|00003f40| 3a 20 57 65 20 6b 6e 6f | 77 20 74 68 61 74 20 24 |: We kno|w that $|
|00003f50| 61 5e 64 5c 65 71 75 69 | 76 31 24 20 66 6f 72 20 |a^d\equi|v1$ for |
|00003f60| 73 6f 6d 65 20 24 31 5c | 6c 65 20 64 5c 6c 65 20 |some $1\|le d\le |
|00003f70| 70 2d 31 24 2e 20 20 49 | 66 0a 24 64 3c 70 2d 31 |p-1$.  I|f.$d<p-1|
|00003f80| 24 2c 20 74 68 65 20 73 | 65 71 75 65 6e 63 65 20 |$, the s|equence |
|00003f90| 6f 66 20 70 6f 77 65 72 | 73 20 6f 66 20 24 61 24 |of power|s of $a$|
|00003fa0| 20 77 6f 75 6c 64 20 73 | 74 61 72 74 20 72 65 70 | would s|tart rep|
|00003fb0| 65 61 74 69 6e 67 20 62 | 65 66 6f 72 65 0a 77 65 |eating b|efore.we|
|00003fc0| 20 67 6f 74 20 61 6c 6c | 20 74 68 65 20 6e 75 6d | got all| the num|
|00003fd0| 62 65 72 73 3a 20 24 61 | 5e 7b 64 2b 31 7d 5c 65 |bers: $a|^{d+1}\e|
|00003fe0| 71 75 69 76 20 61 24 2c | 20 24 61 5e 7b 64 2b 32 |quiv a$,| $a^{d+2|
|00003ff0| 7d 5c 65 71 75 69 76 20 | 61 5e 32 24 2c 20 65 74 |}\equiv |a^2$, et|
|00004000| 63 2e 0a 5c 62 65 67 69 | 6e 7b 43 6f 7d 5c 6c 61 |c..\begi|n{Co}\la|
|00004010| 62 65 6c 7b 46 65 7d 46 | 6f 72 20 61 6e 79 20 24 |bel{Fe}F|or any $|
|00004020| 62 5c 6e 6f 74 5c 65 71 | 75 69 76 30 24 2c 0a 20 |b\not\eq|uiv0$,. |
|00004030| 24 5c 63 6f 7b 62 5e 7b | 70 2d 31 7d 7d 31 70 24 |$\co{b^{|p-1}}1p$|
|00004040| 2e 5c 65 6e 64 7b 43 6f | 7d 50 72 6f 6f 66 3a 20 |.\end{Co|}Proof: |
|00004050| 4c 65 74 20 24 61 24 20 | 62 65 0a 61 73 20 69 6e |Let $a$ |be.as in|
|00004060| 20 54 68 65 6f 72 65 6d | 7e 5c 72 65 66 7b 70 72 | Theorem|~\ref{pr|
|00004070| 6f 6f 74 7d 2e 20 55 73 | 69 6e 67 20 43 6f 72 6f |oot}. Us|ing Coro|
|00004080| 6c 6c 61 72 79 7e 5c 72 | 65 66 7b 50 46 7d 20 24 |llary~\r|ef{PF} $|
|00004090| 24 62 5e 7b 70 2d 31 7d | 0a 5c 65 71 75 69 76 20 |$b^{p-1}|.\equiv |
|000040a0| 61 5e 7b 78 28 70 2d 31 | 29 7d 5c 65 71 75 69 76 |a^{x(p-1|)}\equiv|
|000040b0| 5c 6c 65 66 74 28 61 5e | 7b 70 2d 31 7d 5c 72 69 |\left(a^|{p-1}\ri|
|000040c0| 67 68 74 29 5e 78 5c 65 | 71 75 69 76 31 24 24 0a |ght)^x\e|quiv1$$.|
|000040d0| 5c 62 65 67 69 6e 7b 43 | 6f 7d 49 66 20 24 5c 63 |\begin{C|o}If $\c|
|000040e0| 6f 20 78 79 7b 28 70 2d | 31 29 7d 24 2c 20 74 68 |o xy{(p-|1)}$, th|
|000040f0| 65 6e 20 24 5c 63 6f 20 | 7b 62 5e 78 7d 7b 62 5e |en $\co |{b^x}{b^|
|00004100| 79 7d 70 24 5c 65 6e 64 | 7b 43 6f 7d 0a 50 72 6f |y}p$\end|{Co}.Pro|
|00004110| 6f 66 3a 20 46 6f 72 20 | 73 6f 6d 65 20 69 6e 74 |of: For |some int|
|00004120| 65 67 65 72 20 24 72 24 | 2c 20 24 79 3d 72 28 70 |eger $r$|, $y=r(p|
|00004130| 2d 31 29 2b 78 24 20 61 | 6e 64 20 62 79 20 43 6f |-1)+x$ a|nd by Co|
|00004140| 72 6f 6c 6c 61 72 79 7e | 5c 72 65 66 7b 46 65 7d |rollary~|\ref{Fe}|
|00004150| 0a 24 24 62 5e 79 5c 65 | 71 75 69 76 5c 63 6f 7b |.$$b^y\e|quiv\co{|
|00004160| 5c 6c 65 66 74 28 62 5e | 7b 70 2d 31 7d 5c 72 69 |\left(b^|{p-1}\ri|
|00004170| 67 68 74 29 5e 72 62 5e | 78 7d 7b 62 5e 78 7d 70 |ght)^rb^|x}{b^x}p|
|00004180| 24 24 0a 5c 62 65 67 69 | 6e 7b 4c 65 7d 5c 6c 61 |$$.\begi|n{Le}\la|
|00004190| 62 65 6c 7b 64 69 7d 4c | 65 74 20 24 62 5c 6e 6f |bel{di}L|et $b\no|
|000041a0| 74 5c 65 71 75 69 76 30 | 24 2c 20 24 64 24 20 74 |t\equiv0|$, $d$ t|
|000041b0| 68 65 20 73 6d 61 6c 6c | 65 73 74 0a 70 6f 73 69 |he small|est.posi|
|000041c0| 74 69 76 65 20 6e 75 6d | 62 65 72 20 73 75 63 68 |tive num|ber such|
|000041d0| 20 74 68 61 74 20 24 62 | 5e 64 5c 65 71 75 69 76 | that $b|^d\equiv|
|000041e0| 31 24 2e 20 20 54 68 65 | 6e 20 66 6f 72 20 61 6e |1$.  The|n for an|
|000041f0| 79 20 24 65 3e 30 24 20 | 77 69 74 68 20 24 62 5e |y $e>0$ |with $b^|
|00004200| 65 0a 5c 65 71 75 69 76 | 20 31 24 20 20 24 64 24 |e.\equiv| 1$  $d$|
|00004210| 20 64 69 76 69 64 65 73 | 20 24 65 24 20 65 76 65 | divides| $e$ eve|
|00004220| 6e 6c 79 2e 20 49 6e 20 | 70 61 72 74 69 63 75 6c |nly. In |particul|
|00004230| 61 72 2c 20 62 79 20 43 | 6f 72 6f 6c 6c 61 72 79 |ar, by C|orollary|
|00004240| 7e 5c 72 65 66 7b 46 65 | 7d 2c 0a 24 64 24 20 64 |~\ref{Fe|},.$d$ d|
|00004250| 69 76 69 64 65 73 20 24 | 70 2d 31 24 20 65 76 65 |ivides $|p-1$ eve|
|00004260| 6e 6c 79 2e 5c 65 6e 64 | 7b 4c 65 7d 50 72 6f 6f |nly.\end|{Le}Proo|
|00004270| 66 3a 20 49 66 20 24 64 | 24 20 64 6f 65 73 20 6e |f: If $d|$ does n|
|00004280| 6f 74 20 64 69 76 69 64 | 65 20 24 65 24 2c 20 74 |ot divid|e $e$, t|
|00004290| 68 65 6e 0a 24 65 3d 64 | 72 2b 73 24 20 66 6f 72 |hen.$e=d|r+s$ for|
|000042a0| 20 73 6f 6d 65 20 24 30 | 3c 73 3c 64 24 2c 20 62 | some $0|<s<d$, b|
|000042b0| 75 74 20 24 24 62 5e 73 | 5c 65 71 75 69 76 20 62 |ut $$b^s|\equiv b|
|000042c0| 5e 7b 65 7d 5c 6c 65 66 | 74 28 62 5e 64 5c 72 69 |^{e}\lef|t(b^d\ri|
|000042d0| 67 68 74 29 25 0a 5e 7b | 2d 72 7d 5c 65 71 75 69 |ght)%.^{|-r}\equi|
|000042e0| 76 31 24 24 20 77 6f 75 | 6c 64 20 63 6f 6e 74 72 |v1$$ wou|ld contr|
|000042f0| 61 64 69 63 74 20 74 68 | 65 20 64 65 66 69 6e 69 |adict th|e defini|
|00004300| 74 69 6f 6e 20 6f 66 20 | 24 64 24 2e 0a 5c 73 75 |tion of |$d$..\su|
|00004310| 62 73 65 63 74 69 6f 6e | 7b 50 72 69 6d 69 74 69 |bsection|{Primiti|
|00004320| 76 65 20 72 6f 6f 74 73 | 7d 0a 54 68 65 6f 72 65 |ve roots|}.Theore|
|00004330| 6d 7e 5c 72 65 66 7b 70 | 72 6f 6f 74 7d 20 73 68 |m~\ref{p|root} sh|
|00004340| 6f 77 65 64 20 74 68 61 | 74 20 69 66 20 24 70 24 |owed tha|t if $p$|
|00004350| 20 69 73 20 61 20 70 72 | 69 6d 65 2c 20 74 68 65 | is a pr|ime, the|
|00004360| 72 65 20 69 73 20 61 6e | 20 24 61 24 20 73 75 63 |re is an| $a$ suc|
|00004370| 68 20 74 68 61 74 0a 74 | 68 65 20 65 71 75 61 74 |h that.t|he equat|
|00004380| 69 6f 6e 20 24 24 5c 63 | 6f 7b 61 5e 78 7d 62 70 |ion $$\c|o{a^x}bp|
|00004390| 24 24 68 61 73 20 61 20 | 73 6f 6c 75 74 69 6f 6e |$$has a |solution|
|000043a0| 20 66 6f 72 20 61 6e 79 | 20 24 62 5c 6e 6f 74 5c | for any| $b\not\|
|000043b0| 65 71 75 69 76 30 24 2e | 0a 53 75 63 68 20 61 6e |equiv0$.|.Such an|
|000043c0| 20 24 61 24 20 69 73 20 | 63 61 6c 6c 65 64 20 61 | $a$ is |called a|
|000043d0| 20 7b 5c 69 74 20 70 72 | 69 6d 69 74 69 76 65 20 | {\it pr|imitive |
|000043e0| 72 6f 6f 74 5c 2f 7d 20 | 6f 66 20 24 70 24 2c 20 |root\/} |of $p$, |
|000043f0| 61 6e 64 20 24 78 24 0a | 69 73 20 63 61 6c 6c 65 |and $x$.|is calle|
|00004400| 64 20 74 68 65 20 7b 5c | 69 74 20 64 69 73 63 72 |d the {\|it discr|
|00004410| 65 74 65 20 6c 6f 67 61 | 72 69 74 68 6d 5c 2f 7d |ete loga|rithm\/}|
|00004420| 20 6f 66 20 24 62 24 2e | 5c 70 71 20 57 65 20 73 | of $b$.|\pq We s|
|00004430| 68 6f 77 65 64 20 69 6e | 0a 74 68 65 20 62 65 67 |howed in|.the beg|
|00004440| 69 6e 6e 69 6e 67 20 6f | 66 20 73 65 63 74 69 6f |inning o|f sectio|
|00004450| 6e 7e 5c 72 65 66 7b 6e | 75 6d 74 68 7d 20 74 68 |n~\ref{n|umth} th|
|00004460| 61 74 20 69 74 20 69 73 | 20 65 61 73 79 20 74 6f |at it is| easy to|
|00004470| 20 6f 62 74 61 69 6e 20 | 24 62 24 20 67 69 76 65 | obtain |$b$ give|
|00004480| 6e 0a 24 61 24 20 61 6e | 64 20 24 78 24 2e 20 20 |n.$a$ an|d $x$.  |
|00004490| 46 69 6e 64 69 6e 67 20 | 24 78 24 20 67 69 76 65 |Finding |$x$ give|
|000044a0| 6e 20 24 61 24 20 61 6e | 64 20 24 62 24 20 69 73 |n $a$ an|d $b$ is|
|000044b0| 20 6d 75 63 68 20 68 61 | 72 64 65 72 2e 20 20 4d | much ha|rder.  M|
|000044c0| 61 6e 79 20 6d 6f 64 65 | 72 6e 0a 65 6e 63 72 79 |any mode|rn.encry|
|000044d0| 70 74 69 6f 6e 20 73 79 | 73 74 65 6d 73 20 61 72 |ption sy|stems ar|
|000044e0| 65 20 62 61 73 65 64 20 | 6f 6e 20 74 68 65 20 66 |e based |on the f|
|000044f0| 61 63 74 20 74 68 61 74 | 20 6e 6f 20 65 66 66 69 |act that| no effi|
|00004500| 63 69 65 6e 74 20 77 61 | 79 20 6f 66 0a 63 6f 6d |cient wa|y of.com|
|00004510| 70 75 74 69 6e 67 20 64 | 69 73 63 72 65 74 65 20 |puting d|iscrete |
|00004520| 6c 6f 67 61 72 69 74 68 | 6d 73 20 69 73 20 6b 6e |logarith|ms is kn|
|00004530| 6f 77 6e 2e 0a 5c 70 71 | 20 4e 6f 20 65 66 66 69 |own..\pq| No effi|
|00004540| 63 69 65 6e 74 20 6d 65 | 74 68 6f 64 20 66 6f 72 |cient me|thod for|
|00004550| 20 61 6c 77 61 79 73 20 | 66 69 6e 64 69 6e 67 20 | always |finding |
|00004560| 70 72 69 6d 69 74 69 76 | 65 20 72 6f 6f 74 73 20 |primitiv|e roots |
|00004570| 69 73 20 6b 6e 6f 77 6e | 2e 0a 48 6f 77 65 76 65 |is known|..Howeve|
|00004580| 72 2c 20 69 74 20 69 73 | 20 6f 66 74 65 6e 20 70 |r, it is| often p|
|00004590| 6f 73 73 69 62 6c 65 20 | 74 6f 20 66 69 6e 64 20 |ossible |to find |
|000045a0| 6f 6e 65 20 69 6e 20 73 | 70 65 63 69 61 6c 20 63 |one in s|pecial c|
|000045b0| 61 73 65 73 2e 0a 57 65 | 20 77 69 6c 6c 20 75 73 |ases..We| will us|
|000045c0| 65 20 24 70 3d 31 32 32 | 33 24 20 61 73 20 61 6e |e $p=122|3$ as an|
|000045d0| 20 65 78 61 6d 70 6c 65 | 2e 20 20 24 70 2d 31 3d | example|.  $p-1=|
|000045e0| 32 5c 63 64 6f 74 31 33 | 5c 63 64 6f 74 34 37 24 |2\cdot13|\cdot47$|
|000045f0| 2e 20 42 79 20 4c 65 6d | 6d 61 7e 25 0a 5c 72 65 |. By Lem|ma~%.\re|
|00004600| 66 7b 64 69 7d 2c 20 69 | 66 20 24 61 24 20 69 73 |f{di}, i|f $a$ is|
|00004610| 20 6e 6f 74 20 61 20 70 | 72 69 6d 69 74 69 76 65 | not a p|rimitive|
|00004620| 20 72 6f 6f 74 2c 20 74 | 68 65 6e 20 77 65 20 77 | root, t|hen we w|
|00004630| 69 6c 6c 20 65 69 74 68 | 65 72 20 68 61 76 65 0a |ill eith|er have.|
|00004640| 24 61 5e 7b 32 36 7d 24 | 2c 20 24 61 5e 7b 39 34 |$a^{26}$|, $a^{94|
|00004650| 7d 24 2c 20 6f 72 20 24 | 5c 63 6f 7b 61 5e 7b 36 |}$, or $|\co{a^{6|
|00004660| 31 31 7d 7d 31 7b 31 32 | 32 33 7d 24 2e 20 20 24 |11}}1{12|23}$.  $|
|00004670| 61 3d 32 24 20 61 6e 64 | 20 33 20 66 61 69 6c 2c |a=2$ and| 3 fail,|
|00004680| 20 62 75 74 0a 24 61 3d | 35 24 20 73 61 74 69 73 | but.$a=|5$ satis|
|00004690| 66 69 65 73 20 61 6c 6c | 20 74 68 72 65 65 20 63 |fies all| three c|
|000046a0| 6f 6e 64 69 74 69 6f 6e | 73 2c 20 73 6f 20 69 74 |ondition|s, so it|
|000046b0| 20 69 73 20 61 20 70 72 | 69 6d 69 74 69 76 65 20 | is a pr|imitive |
|000046c0| 72 6f 6f 74 2e 20 20 28 | 77 65 0a 63 6f 75 6c 64 |root.  (|we.could|
|000046d0| 20 74 65 6c 6c 20 74 68 | 61 74 20 24 61 3d 34 24 | tell th|at $a=4$|
|000046e0| 20 77 6f 75 6c 64 20 6e | 6f 74 20 62 65 20 61 20 | would n|ot be a |
|000046f0| 70 72 69 6d 69 74 69 76 | 65 20 72 6f 6f 74 20 77 |primitiv|e root w|
|00004700| 69 74 68 6f 75 74 20 74 | 65 73 74 69 6e 67 2e 20 |ithout t|esting. |
|00004710| 20 57 68 79 3f 29 0a 5c | 70 71 20 49 74 20 69 73 | Why?).\|pq It is|
|00004720| 20 65 61 73 79 20 74 6f | 20 73 68 6f 77 20 74 68 | easy to| show th|
|00004730| 61 74 2c 20 69 66 20 24 | 61 24 20 69 73 20 61 20 |at, if $|a$ is a |
|00004740| 70 72 69 6d 69 74 69 76 | 65 20 72 6f 6f 74 2c 20 |primitiv|e root, |
|00004750| 24 61 5e 78 24 20 69 73 | 20 61 0a 70 72 69 6d 69 |$a^x$ is| a.primi|
|00004760| 74 69 76 65 20 72 6f 6f | 74 20 69 66 20 61 6e 64 |tive roo|t if and|
|00004770| 20 6f 6e 6c 79 20 69 66 | 20 24 28 78 2c 70 2d 31 | only if| $(x,p-1|
|00004780| 29 3d 31 24 2e 20 20 49 | 6e 20 74 68 69 73 20 65 |)=1$.  I|n this e|
|00004790| 78 61 6d 70 6c 65 2c 20 | 74 68 69 73 20 6d 65 61 |xample, |this mea|
|000047a0| 6e 73 0a 74 68 65 20 6e | 75 6d 62 65 72 20 6f 66 |ns.the n|umber of|
|000047b0| 20 70 72 69 6d 69 74 69 | 76 65 20 72 6f 6f 74 73 | primiti|ve roots|
|000047c0| 20 69 73 24 24 31 32 32 | 32 5c 6c 65 66 74 28 5c | is$$122|2\left(\|
|000047d0| 66 72 61 63 31 32 5c 72 | 69 67 68 74 29 5c 6c 65 |frac12\r|ight)\le|
|000047e0| 66 74 28 5c 66 72 61 63 | 0a 7b 31 32 7d 7b 31 33 |ft(\frac|.{12}{13|
|000047f0| 7d 5c 72 69 67 68 74 29 | 5c 6c 65 66 74 28 5c 66 |}\right)|\left(\f|
|00004800| 72 61 63 7b 34 36 7d 7b | 34 37 7d 5c 72 69 67 68 |rac{46}{|47}\righ|
|00004810| 74 29 3d 35 35 32 24 24 | 54 68 75 73 2c 20 69 66 |t)=552$$|Thus, if|
|00004820| 20 77 65 20 68 61 64 20 | 6a 75 73 74 20 63 68 6f | we had |just cho|
|00004830| 73 65 6e 0a 24 61 24 20 | 61 74 20 72 61 6e 64 6f |sen.$a$ |at rando|
|00004840| 6d 2c 20 74 68 65 20 70 | 72 6f 62 61 62 69 6c 69 |m, the p|robabili|
|00004850| 74 79 20 74 68 61 74 20 | 69 74 20 77 6f 75 6c 64 |ty that |it would|
|00004860| 20 62 65 20 61 20 70 72 | 69 6d 69 74 69 76 65 20 | be a pr|imitive |
|00004870| 72 6f 6f 74 20 69 73 0a | 24 5c 61 70 70 72 6f 78 |root is.|$\approx|
|00004880| 2e 34 35 24 2e 20 20 43 | 68 6f 6f 73 69 6e 67 20 |.45$.  C|hoosing |
|00004890| 24 61 24 20 61 74 20 72 | 61 6e 64 6f 6d 20 61 6e |$a$ at r|andom an|
|000048a0| 64 20 74 65 73 74 69 6e | 67 20 75 6e 74 69 6c 20 |d testin|g until |
|000048b0| 77 65 20 66 6f 75 6e 64 | 20 61 0a 70 72 69 6d 69 |we found| a.primi|
|000048c0| 74 69 76 65 20 72 6f 6f | 74 20 77 6f 75 6c 64 20 |tive roo|t would |
|000048d0| 6e 6f 74 20 62 65 20 65 | 78 70 65 63 74 65 64 20 |not be e|xpected |
|000048e0| 74 6f 20 74 61 6b 65 20 | 74 6f 6f 20 6c 6f 6e 67 |to take |too long|
|000048f0| 2e 0a 5c 70 71 20 54 68 | 69 73 20 69 73 20 61 6e |..\pq Th|is is an|
|00004900| 20 65 78 61 6d 70 6c 65 | 20 6f 66 20 61 20 7b 5c | example| of a {\|
|00004910| 69 74 20 70 72 6f 62 61 | 62 69 6c 69 73 74 69 63 |it proba|bilistic|
|00004920| 20 61 6c 67 6f 72 69 74 | 68 6d 7d 2e 20 20 49 74 | algorit|hm}.  It|
|00004930| 20 69 73 20 70 6f 73 73 | 69 62 6c 65 0a 66 6f 72 | is poss|ible.for|
|00004940| 20 69 74 20 74 6f 20 74 | 61 6b 65 20 61 20 6c 6f | it to t|ake a lo|
|00004950| 6e 67 20 74 69 6d 65 2c | 20 62 75 74 20 74 68 65 |ng time,| but the|
|00004960| 20 61 6d 6f 75 6e 74 20 | 6f 66 20 74 69 6d 65 20 | amount |of time |
|00004970| 6e 65 65 64 65 64 20 6f | 6e 20 61 76 65 72 61 67 |needed o|n averag|
|00004980| 65 20 69 73 0a 72 65 61 | 73 6f 6e 61 62 6c 79 20 |e is.rea|sonably |
|00004990| 73 6d 61 6c 6c 2e 20 20 | 57 65 20 77 69 6c 6c 20 |small.  |We will |
|000049a0| 73 65 65 20 6d 61 6e 79 | 20 6f 74 68 65 72 20 70 |see many| other p|
|000049b0| 72 6f 62 61 62 69 6c 69 | 73 74 69 63 20 61 6c 67 |robabili|stic alg|
|000049c0| 6f 72 69 74 68 6d 73 20 | 6c 61 74 65 72 2e 0a 5c |orithms |later..\|
|000049d0| 73 75 62 73 75 62 73 65 | 63 74 69 6f 6e 2a 7b 50 |subsubse|ction*{P|
|000049e0| 72 6f 6f 66 20 6f 66 20 | 54 68 65 6f 72 65 6d 20 |roof of |Theorem |
|000049f0| 5c 72 65 66 7b 70 72 6f | 6f 74 7d 7d 0a 4c 65 74 |\ref{pro|ot}}.Let|
|00004a00| 20 24 61 5c 6e 6f 74 5c | 65 71 75 69 76 30 24 2c | $a\not\|equiv0$,|
|00004a10| 20 24 64 24 20 62 65 20 | 74 68 65 20 73 6d 61 6c | $d$ be |the smal|
|00004a20| 6c 65 73 74 20 70 6f 73 | 69 74 69 76 65 20 6e 75 |lest pos|itive nu|
|00004a30| 6d 62 65 72 20 66 6f 72 | 20 77 68 69 63 68 20 24 |mber for| which $|
|00004a40| 61 5e 64 0a 5c 65 71 75 | 69 76 31 24 20 28 74 68 |a^d.\equ|iv1$ (th|
|00004a50| 65 72 65 20 6d 75 73 74 | 20 62 65 20 73 75 63 68 |ere must| be such|
|00004a60| 20 61 20 24 64 24 20 73 | 69 6e 63 65 20 24 61 5e | a $d$ s|ince $a^|
|00004a70| 4b 5c 65 71 75 69 76 20 | 61 5e 4c 24 20 69 6d 70 |K\equiv |a^L$ imp|
|00004a80| 6c 69 65 73 20 24 61 5e | 7b 4b 2d 4c 7d 0a 5c 65 |lies $a^|{K-L}.\e|
|00004a90| 71 75 69 76 31 24 29 2e | 20 20 49 66 20 24 64 3d |quiv1$).|  If $d=|
|00004aa0| 70 2d 31 24 2c 20 24 61 | 24 20 69 73 20 61 20 70 |p-1$, $a|$ is a p|
|00004ab0| 72 69 6d 69 74 69 76 65 | 20 72 6f 6f 74 2e 20 20 |rimitive| root.  |
|00004ac0| 49 66 20 24 64 3c 70 2d | 31 24 2c 20 77 65 20 77 |If $d<p-|1$, we w|
|00004ad0| 69 6c 6c 0a 66 69 6e 64 | 20 24 61 27 2c 64 27 24 |ill.find| $a',d'$|
|00004ae0| 20 77 69 74 68 20 24 64 | 27 3e 64 24 2e 20 20 49 | with $d|'>d$.  I|
|00004af0| 66 20 24 64 27 3c 70 2d | 31 24 20 74 68 65 20 70 |f $d'<p-|1$ the p|
|00004b00| 72 6f 63 65 73 73 20 69 | 73 20 72 65 70 65 61 74 |rocess i|s repeat|
|00004b10| 65 64 20 75 6e 74 69 6c | 0a 77 65 20 65 76 65 6e |ed until|.we even|
|00004b20| 74 75 61 6c 6c 79 20 6f | 62 74 61 69 6e 20 61 20 |tually o|btain a |
|00004b30| 70 72 69 6d 69 74 69 76 | 65 20 72 6f 6f 74 2e 5c |primitiv|e root.\|
|00004b40| 62 65 67 69 6e 7b 4c 65 | 7d 54 68 65 72 65 20 61 |begin{Le|}There a|
|00004b50| 72 65 20 61 74 20 6d 6f | 73 74 20 24 64 24 0a 73 |re at mo|st $d$.s|
|00004b60| 6f 6c 75 74 69 6f 6e 73 | 20 74 6f 20 61 20 63 6f |olutions| to a co|
|00004b70| 6e 67 72 75 65 6e 63 65 | 20 69 6e 76 6f 6c 76 69 |ngruence| involvi|
|00004b80| 6e 67 20 61 20 70 6f 6c | 79 6e 6f 6d 69 61 6c 20 |ng a pol|ynomial |
|00004b90| 6f 66 20 64 65 67 72 65 | 65 20 24 64 24 3a 0a 24 |of degre|e $d$:.$|
|00004ba0| 24 5c 63 6f 7b 78 5e 64 | 2b 5c 61 6c 70 68 61 5f |$\co{x^d|+\alpha_|
|00004bb0| 31 78 5e 7b 64 2d 31 7d | 2b 5c 64 6f 74 73 5c 61 |1x^{d-1}|+\dots\a|
|00004bc0| 6c 70 68 61 5f 64 7d 30 | 70 24 24 49 6e 20 70 61 |lpha_d}0|p$$In pa|
|00004bd0| 72 74 69 63 75 6c 61 72 | 2c 20 74 68 65 72 65 20 |rticular|, there |
|00004be0| 61 72 65 20 61 74 0a 6d | 6f 73 74 20 24 64 24 20 |are at.m|ost $d$ |
|00004bf0| 24 78 24 20 77 69 74 68 | 20 24 78 5e 64 5c 65 71 |$x$ with| $x^d\eq|
|00004c00| 75 69 76 31 24 2e 5c 6c | 61 62 65 6c 7b 42 7d 0a |uiv1$.\l|abel{B}.|
|00004c10| 5c 65 6e 64 7b 4c 65 7d | 7b 5c 62 66 20 50 72 6f |\end{Le}|{\bf Pro|
|00004c20| 6f 66 3a 7d 20 54 68 69 | 73 20 63 61 6e 20 62 65 |of:} Thi|s can be|
|00004c30| 20 70 72 6f 76 65 64 20 | 69 6e 0a 74 68 65 20 73 | proved |in.the s|
|00004c40| 61 6d 65 20 77 61 79 20 | 61 73 20 74 68 65 20 63 |ame way |as the c|
|00004c50| 6f 72 72 65 73 70 6f 6e | 64 69 6e 67 20 74 68 65 |orrespon|ding the|
|00004c60| 6f 72 65 6d 20 69 6e 20 | 6f 72 64 69 6e 61 72 79 |orem in |ordinary|
|00004c70| 20 61 6c 67 65 62 72 61 | 3a 20 69 66 20 24 78 3d | algebra|: if $x=|
|00004c80| 5c 62 65 74 61 24 0a 69 | 73 20 61 20 73 6f 6c 75 |\beta$.i|s a solu|
|00004c90| 74 69 6f 6e 2c 20 74 68 | 65 20 70 6f 6c 79 6e 6f |tion, th|e polyno|
|00004ca0| 6d 69 61 6c 20 63 61 6e | 20 62 65 20 77 72 69 74 |mial can| be writ|
|00004cb0| 74 65 6e 20 61 73 20 24 | 28 78 2d 5c 62 65 74 61 |ten as $|(x-\beta|
|00004cc0| 29 24 20 74 69 6d 65 73 | 20 61 20 70 6f 6c 79 25 |)$ times| a poly%|
|00004cd0| 0a 6e 6f 6d 69 61 6c 20 | 6f 66 20 64 65 67 72 65 |.nomial |of degre|
|00004ce0| 65 20 24 64 2d 31 24 2c | 20 77 68 69 63 68 20 62 |e $d-1$,| which b|
|00004cf0| 79 20 69 6e 64 75 63 74 | 69 6f 6e 20 68 61 73 20 |y induct|ion has |
|00004d00| 24 5c 6c 65 20 64 2d 31 | 24 20 73 6f 6c 75 74 69 |$\le d-1|$ soluti|
|00004d10| 6f 6e 73 2e 0a 5c 70 71 | 20 57 65 20 72 65 74 75 |ons..\pq| We retu|
|00004d20| 72 6e 20 74 6f 20 74 68 | 65 20 70 72 6f 6f 66 20 |rn to th|e proof |
|00004d30| 6f 66 20 54 68 65 6f 72 | 65 6d 7e 5c 72 65 66 7b |of Theor|em~\ref{|
|00004d40| 70 72 6f 6f 74 7d 2e 20 | 54 68 65 20 73 65 71 75 |proot}. |The sequ|
|00004d50| 65 6e 63 65 20 0a 24 24 | 61 5c 71 75 61 64 20 61 |ence .$$|a\quad a|
|00004d60| 5e 32 5c 71 75 61 64 20 | 61 5e 33 5c 64 6f 74 73 |^2\quad |a^3\dots|
|00004d70| 20 5c 63 6f 20 7b 61 5e | 64 7d 31 70 24 24 63 6f | \co {a^|d}1p$$co|
|00004d80| 6e 73 69 73 74 73 20 6f | 66 20 24 64 24 20 64 69 |nsists o|f $d$ di|
|00004d90| 66 66 65 72 65 6e 74 20 | 73 6f 6c 75 74 69 6f 6e |fferent |solution|
|00004da0| 73 0a 6f 66 20 24 78 5e | 64 5c 65 71 75 69 76 31 |s.of $x^|d\equiv1|
|00004db0| 24 2e 20 20 49 66 20 24 | 64 3c 70 2d 31 24 2c 20 |$.  If $|d<p-1$, |
|00004dc0| 6c 65 74 20 24 62 24 20 | 62 65 20 61 6e 79 20 6e |let $b$ |be any n|
|00004dd0| 6f 6e 2d 6d 65 6d 62 65 | 72 20 6f 66 20 74 68 65 |on-membe|r of the|
|00004de0| 20 73 65 71 75 65 6e 63 | 65 2c 0a 77 69 74 68 20 | sequenc|e,.with |
|00004df0| 24 65 24 20 74 68 65 20 | 73 6d 61 6c 6c 65 73 74 |$e$ the |smallest|
|00004e00| 20 70 6f 73 69 74 69 76 | 65 20 6e 75 6d 62 65 72 | positiv|e number|
|00004e10| 20 77 69 74 68 20 24 62 | 5e 65 5c 65 71 75 69 76 | with $b|^e\equiv|
|00004e20| 31 24 2e 20 0a 49 66 20 | 24 65 3e 64 24 2c 20 77 |1$. .If |$e>d$, w|
|00004e30| 65 20 6d 61 79 20 74 61 | 6b 65 20 24 61 27 3d 62 |e may ta|ke $a'=b|
|00004e40| 24 2c 20 73 6f 20 77 65 | 20 77 69 6c 6c 20 61 73 |$, so we| will as|
|00004e50| 73 75 6d 65 20 24 65 5c | 6c 65 20 64 24 20 66 72 |sume $e\|le d$ fr|
|00004e60| 6f 6d 20 6e 6f 77 20 6f | 6e 2e 20 20 0a 42 79 20 |om now o|n.  .By |
|00004e70| 4c 65 6d 6d 61 7e 5c 72 | 65 66 7b 42 7d 2c 20 24 |Lemma~\r|ef{B}, $|
|00004e80| 62 5e 64 5c 6e 6f 74 5c | 65 71 75 69 76 31 24 2c |b^d\not\|equiv1$,|
|00004e90| 20 77 68 69 63 68 20 69 | 6d 70 6c 69 65 73 20 24 | which i|mplies $|
|00004ea0| 65 24 20 64 6f 65 73 20 | 6e 6f 74 20 64 69 76 69 |e$ does |not divi|
|00004eb0| 64 65 0a 24 64 24 20 61 | 6e 64 20 24 65 2f 28 64 |de.$d$ a|nd $e/(d|
|00004ec0| 2c 65 29 3e 31 24 2e 20 | 0a 24 24 5c 68 62 6f 78 |,e)>1$. |.$$\hbox|
|00004ed0| 7b 4c 65 74 5c 71 75 61 | 64 7d 61 27 3d 61 5e 7b |{Let\qua|d}a'=a^{|
|00004ee0| 28 64 2c 65 29 7d 62 5c | 71 71 75 61 64 20 63 3d |(d,e)}b\|qquad c=|
|00004ef0| 5c 66 72 61 63 20 0a 64 | 7b 28 64 2c 65 29 7d 24 |\frac .d|{(d,e)}$|
|00004f00| 24 54 6f 20 63 6f 6d 70 | 6c 65 74 65 20 74 68 65 |$To comp|lete the|
|00004f10| 20 70 72 6f 6f 66 2c 20 | 77 65 20 77 69 6c 6c 20 | proof, |we will |
|00004f20| 73 68 6f 77 20 74 68 61 | 74 20 69 66 20 24 61 27 |show tha|t if $a'|
|00004f30| 5e 78 5c 65 71 75 69 76 | 31 24 2c 0a 74 68 65 6e |^x\equiv|1$,.then|
|00004f40| 20 24 78 24 20 69 73 20 | 64 69 76 69 73 69 62 6c | $x$ is |divisibl|
|00004f50| 65 20 62 79 20 24 63 65 | 3d 64 65 2f 28 64 2c 65 |e by $ce|=de/(d,e|
|00004f60| 29 3e 64 24 2e 5c 70 71 | 0a 53 69 6e 63 65 20 24 |)>d$.\pq|.Since $|
|00004f70| 28 63 2c 65 29 3d 31 24 | 2c 20 54 68 65 6f 72 65 |(c,e)=1$|, Theore|
|00004f80| 6d 7e 5c 72 65 66 7b 54 | 31 7d 20 69 6d 70 6c 69 |m~\ref{T|1} impli|
|00004f90| 65 73 20 74 68 65 72 65 | 20 61 72 65 20 24 4b 2c |es there| are $K,|
|00004fa0| 4c 24 0a 77 69 74 68 20 | 24 63 4b 2b 65 4c 3d 31 |L$.with |$cK+eL=1|
|00004fb0| 24 2e 20 49 66 20 24 61 | 27 5e 78 5c 65 71 75 69 |$. If $a|'^x\equi|
|00004fc0| 76 31 24 2c 20 74 68 65 | 6e 20 24 61 27 5e 7b 63 |v1$, the|n $a'^{c|
|00004fd0| 78 7d 5c 65 71 75 69 76 | 20 62 5e 7b 63 78 7d 5c |x}\equiv| b^{cx}\|
|00004fe0| 65 71 75 69 76 31 24 2e | 0a 42 79 20 4c 65 6d 6d |equiv1$.|.By Lemm|
|00004ff0| 61 7e 5c 72 65 66 7b 64 | 69 7d 2c 20 24 63 78 3d |a~\ref{d|i}, $cx=|
|00005000| 65 4d 24 20 66 6f 72 20 | 73 6f 6d 65 20 69 6e 74 |eM$ for |some int|
|00005010| 65 67 65 72 20 24 4d 24 | 20 61 6e 64 0a 24 24 78 |eger $M$| and.$$x|
|00005020| 3d 28 63 4b 2b 65 4c 29 | 78 3d 65 28 4b 4d 2b 4c |=(cK+eL)|x=e(KM+L|
|00005030| 78 29 24 24 73 6f 20 24 | 78 3d 65 78 27 24 20 66 |x)$$so $|x=ex'$ f|
|00005040| 6f 72 20 73 6f 6d 65 20 | 69 6e 74 65 67 65 72 20 |or some |integer |
|00005050| 24 78 27 24 2e 20 20 54 | 6f 67 65 74 68 65 72 20 |$x'$.  T|ogether |
|00005060| 77 69 74 68 0a 24 61 27 | 5e 78 5c 65 71 75 69 76 |with.$a'|^x\equiv|
|00005070| 31 24 20 61 6e 64 20 4c | 65 6d 6d 61 7e 5c 72 65 |1$ and L|emma~\re|
|00005080| 66 7b 64 69 7d 2c 20 74 | 68 69 73 20 69 6d 70 6c |f{di}, t|his impl|
|00005090| 69 65 73 20 66 6f 72 20 | 73 6f 6d 65 20 69 6e 74 |ies for |some int|
|000050a0| 65 67 65 72 20 24 4e 24 | 0a 24 24 28 64 2c 65 29 |eger $N$|.$$(d,e)|
|000050b0| 65 78 27 3d 64 4e 5c 52 | 69 67 68 74 61 72 72 6f |ex'=dN\R|ightarro|
|000050c0| 77 20 65 78 27 3d 63 4e | 5c 52 69 67 68 74 61 72 |w ex'=cN|\Rightar|
|000050d0| 72 6f 77 20 28 63 4b 2b | 65 4c 29 78 27 3d 63 28 |row (cK+|eL)x'=c(|
|000050e0| 4b 78 27 2b 4c 4e 29 24 | 24 73 6f 0a 24 78 27 24 |Kx'+LN)$|$so.$x'$|
|000050f0| 20 69 73 20 64 69 76 69 | 73 69 62 6c 65 20 62 79 | is divi|sible by|
|00005100| 20 24 63 24 2e 0a 5c 73 | 65 63 74 69 6f 6e 7b 45 | $c$..\s|ection{E|
|00005110| 6e 63 72 79 70 74 69 6f | 6e 20 74 65 63 68 6e 69 |ncryptio|n techni|
|00005120| 71 75 65 73 20 62 61 73 | 65 64 20 6f 6e 20 70 6f |ques bas|ed on po|
|00005130| 77 65 72 73 20 61 6e 64 | 20 63 6f 6e 67 72 75 65 |wers and| congrue|
|00005140| 6e 63 65 73 7d 0a 5c 73 | 75 62 73 65 63 74 69 6f |nces}.\s|ubsectio|
|00005150| 6e 7b 54 68 65 20 44 69 | 66 66 69 65 2d 48 65 6c |n{The Di|ffie-Hel|
|00005160| 6c 6d 61 6e 20 6b 65 79 | 20 65 78 63 68 61 6e 67 |lman key| exchang|
|00005170| 65 20 70 72 6f 63 65 64 | 75 72 65 7d 0a 41 20 61 |e proced|ure}.A a|
|00005180| 6e 64 20 42 20 61 72 65 | 20 63 6f 6d 6d 75 6e 69 |nd B are| communi|
|00005190| 63 61 74 69 6e 67 2e 20 | 20 43 20 68 65 61 72 73 |cating. | C hears|
|000051a0| 20 65 76 65 72 79 74 68 | 69 6e 67 20 41 20 61 6e | everyth|ing A an|
|000051b0| 64 20 42 20 73 61 79 2e | 0a 41 20 61 6e 64 20 42 |d B say.|.A and B|
|000051c0| 20 77 61 6e 74 20 74 6f | 20 61 67 72 65 65 20 6f | want to| agree o|
|000051d0| 6e 20 61 20 6e 75 6d 62 | 65 72 2c 20 77 69 74 68 |n a numb|er, with|
|000051e0| 6f 75 74 20 43 20 6b 6e | 6f 77 69 6e 67 20 77 68 |out C kn|owing wh|
|000051f0| 61 74 20 74 68 65 20 0a | 6e 75 6d 62 65 72 20 69 |at the .|number i|
|00005200| 73 2e 20 49 74 20 6d 61 | 79 20 62 65 2c 20 66 6f |s. It ma|y be, fo|
|00005210| 72 20 65 78 61 6d 70 6c | 65 2c 20 74 68 61 74 20 |r exampl|e, that |
|00005220| 41 7e 61 6e 64 7e 42 20 | 70 6c 61 6e 20 74 6f 20 |A~and~B |plan to |
|00005230| 75 73 65 20 74 68 65 0a | 6e 75 6d 62 65 72 20 61 |use the.|number a|
|00005240| 73 20 74 68 65 20 6b 65 | 79 20 66 6f 72 20 66 75 |s the ke|y for fu|
|00005250| 74 75 72 65 20 65 6e 63 | 6f 64 65 64 20 6d 65 73 |ture enc|oded mes|
|00005260| 73 61 67 65 73 2e 0a 54 | 68 65 20 70 72 6f 63 65 |sages..T|he proce|
|00005270| 64 75 72 65 20 28 61 6c | 73 6f 20 6f 66 74 65 6e |dure (al|so often|
|00005280| 20 63 61 6c 6c 65 64 20 | 61 20 7b 5c 69 74 20 70 | called |a {\it p|
|00005290| 72 6f 74 6f 63 6f 6c 5c | 2f 7d 29 3a 0a 5c 70 71 |rotocol\|/}):.\pq|
|000052a0| 20 41 20 61 6e 64 20 42 | 20 61 67 72 65 65 20 6f | A and B| agree o|
|000052b0| 6e 20 61 20 28 6c 61 72 | 67 65 29 20 70 72 69 6d |n a (lar|ge) prim|
|000052c0| 65 20 24 70 24 20 61 6e | 64 20 61 20 70 72 69 6d |e $p$ an|d a prim|
|000052d0| 69 74 69 76 65 20 72 6f | 6f 74 20 24 61 24 2e 0a |itive ro|ot $a$..|
|000052e0| 54 68 65 73 65 20 6e 75 | 6d 62 65 72 73 20 61 72 |These nu|mbers ar|
|000052f0| 65 20 61 6c 73 6f 20 6b | 6e 6f 77 6e 20 74 6f 20 |e also k|nown to |
|00005300| 43 2e 20 20 41 20 73 65 | 63 72 65 74 6c 79 20 63 |C.  A se|cretly c|
|00005310| 68 6f 6f 73 65 73 20 61 | 20 28 6c 61 72 67 65 29 |hooses a| (large)|
|00005320| 0a 6e 75 6d 62 65 72 20 | 24 58 5f 31 24 2c 20 42 |.number |$X_1$, B|
|00005330| 20 73 65 63 72 65 74 6c | 79 20 63 68 6f 6f 73 65 | secretl|y choose|
|00005340| 73 20 24 58 5f 32 24 2e | 20 20 24 61 5e 7b 58 5f |s $X_2$.|  $a^{X_|
|00005350| 31 7d 24 20 61 6e 64 20 | 24 61 5e 7b 58 5f 32 7d |1}$ and |$a^{X_2}|
|00005360| 24 0a 20 6d 6f 64 7e 24 | 70 24 20 61 72 65 20 70 |$. mod~$|p$ are p|
|00005370| 75 62 6c 69 63 6c 79 20 | 61 6e 6e 6f 75 6e 63 65 |ublicly |announce|
|00005380| 64 20 28 68 65 6e 63 65 | 20 6b 6e 6f 77 6e 20 74 |d (hence| known t|
|00005390| 6f 20 43 29 2e 20 20 54 | 68 65 20 73 65 63 72 65 |o C).  T|he secre|
|000053a0| 74 20 6e 75 6d 62 65 72 | 0a 77 69 6c 6c 20 62 65 |t number|.will be|
|000053b0| 20 24 53 3d 61 5e 7b 58 | 5f 31 58 5f 32 7d 24 7e | $S=a^{X|_1X_2}$~|
|000053c0| 6d 6f 64 7e 24 70 24 2e | 0a 24 24 5c 68 62 6f 78 |mod~$p$.|.$$\hbox|
|000053d0| 7b 41 20 63 61 6c 75 6c | 61 74 65 73 20 7d 53 5c |{A calul|ates }S\|
|000053e0| 65 71 75 69 76 5c 6c 65 | 66 74 28 61 5e 7b 58 5f |equiv\le|ft(a^{X_|
|000053f0| 32 7d 5c 72 69 67 68 74 | 29 5e 7b 58 5f 31 7d 5c |2}\right|)^{X_1}\|
|00005400| 71 71 75 61 64 0a 5c 68 | 62 6f 78 7b 42 20 63 61 |qquad.\h|box{B ca|
|00005410| 6c 63 75 6c 61 74 65 73 | 20 7d 53 5c 65 71 75 69 |lculates| }S\equi|
|00005420| 76 5c 6c 65 66 74 28 61 | 5e 7b 58 5f 31 7d 5c 72 |v\left(a|^{X_1}\r|
|00005430| 69 67 68 74 29 5e 7b 58 | 5f 32 7d 24 24 0a 41 20 |ight)^{X|_2}$$.A |
|00005440| 70 6f 73 73 69 62 6c 65 | 20 64 72 61 77 62 61 63 |possible| drawbac|
|00005450| 6b 20 74 6f 20 74 68 69 | 73 20 73 79 73 74 65 6d |k to thi|s system|
|00005460| 20 69 73 20 74 68 61 74 | 20 6e 65 69 74 68 65 72 | is that| neither|
|00005470| 20 41 20 6e 6f 72 20 42 | 20 63 6f 6e 74 72 6f 6c | A nor B| control|
|00005480| 73 0a 77 68 61 74 20 24 | 53 24 20 69 73 2e 20 20 |s.what $|S$ is.  |
|00005490| 49 66 20 24 53 24 20 69 | 73 20 6e 6f 74 20 61 20 |If $S$ i|s not a |
|000054a0| 73 61 74 69 73 66 61 63 | 74 6f 72 79 20 6e 75 6d |satisfac|tory num|
|000054b0| 62 65 72 2c 20 74 68 65 | 79 20 6d 61 79 20 68 61 |ber, the|y may ha|
|000054c0| 76 65 0a 74 6f 20 72 65 | 70 65 61 74 20 74 68 65 |ve.to re|peat the|
|000054d0| 20 70 72 6f 74 6f 63 6f | 6c 2e 0a 5c 70 71 20 44 | protoco|l..\pq D|
|000054e0| 69 66 66 69 65 20 61 6e | 64 20 48 65 6c 6c 6d 61 |iffie an|d Hellma|
|000054f0| 6e 20 73 75 67 67 65 73 | 74 20 74 68 65 20 70 72 |n sugges|t the pr|
|00005500| 6f 63 65 64 75 72 65 20 | 63 61 6e 20 61 6c 73 6f |ocedure |can also|
|00005510| 20 62 65 20 75 73 65 64 | 20 69 6e 0a 61 20 73 69 | be used| in.a si|
|00005520| 74 75 61 74 69 6f 6e 20 | 69 6e 20 77 68 69 63 68 |tuation |in which|
|00005530| 20 24 6e 24 20 70 65 6f | 70 6c 65 20 6d 75 73 74 | $n$ peo|ple must|
|00005540| 20 66 69 6e 64 2c 20 66 | 6f 72 20 65 61 63 68 20 | find, f|or each |
|00005550| 70 61 69 72 20 6f 66 20 | 70 65 6f 70 6c 65 2c 0a |pair of |people,.|
|00005560| 61 6e 20 61 67 72 65 65 | 64 2d 75 70 6f 6e 20 6e |an agree|d-upon n|
|00005570| 75 6d 62 65 72 2e 20 20 | 46 6f 72 20 24 31 5c 6c |umber.  |For $1\l|
|00005580| 65 20 69 2c 6a 5c 6c 65 | 20 6e 24 20 74 68 65 20 |e i,j\le| n$ the |
|00005590| 6e 75 6d 62 65 72 20 69 | 73 20 24 61 5e 7b 58 5f |number i|s $a^{X_|
|000055a0| 69 58 5f 6a 7d 24 2e 0a | 5c 73 75 62 73 65 63 74 |iX_j}$..|\subsect|
|000055b0| 69 6f 6e 7b 54 68 65 20 | 52 69 76 65 73 74 2d 53 |ion{The |Rivest-S|
|000055c0| 68 61 6d 69 72 2d 41 64 | 6c 65 6d 61 6e 20 70 75 |hamir-Ad|leman pu|
|000055d0| 62 6c 69 63 20 6b 65 79 | 20 73 79 73 74 65 6d 7d |blic key| system}|
|000055e0| 0a 41 20 73 65 74 73 20 | 75 70 20 61 20 73 79 73 |.A sets |up a sys|
|000055f0| 74 65 6d 20 73 6f 20 74 | 68 61 74 20 61 6e 79 6f |tem so t|hat anyo|
|00005600| 6e 65 20 63 61 6e 20 73 | 65 6e 64 20 68 69 6d 20 |ne can s|end him |
|00005610| 61 6e 20 65 6e 63 6f 64 | 65 64 0a 6d 65 73 73 61 |an encod|ed.messa|
|00005620| 67 65 2c 20 62 75 74 20 | 6f 6e 6c 79 20 41 20 77 |ge, but |only A w|
|00005630| 69 6c 6c 20 62 65 20 61 | 62 6c 65 20 74 6f 20 64 |ill be a|ble to d|
|00005640| 65 63 6f 64 65 20 69 74 | 2e 20 20 54 68 65 20 6d |ecode it|.  The m|
|00005650| 65 73 73 61 67 65 20 69 | 73 20 72 65 70 72 65 73 |essage i|s repres|
|00005660| 65 6e 74 65 64 0a 61 73 | 20 61 20 6e 75 6d 62 65 |ented.as| a numbe|
|00005670| 72 20 24 4d 24 2e 20 20 | 54 68 65 20 65 6e 63 6f |r $M$.  |The enco|
|00005680| 64 69 6e 67 20 69 73 20 | 64 6f 6e 65 20 62 79 20 |ding is |done by |
|00005690| 61 20 70 75 62 6c 69 63 | 6c 79 20 6b 6e 6f 77 6e |a public|ly known|
|000056a0| 20 66 75 6e 63 74 69 6f | 6e 20 24 66 28 4d 29 24 | functio|n $f(M)$|
|000056b0| 2c 0a 77 69 74 68 20 41 | 20 74 68 65 20 6f 6e 6c |,.with A| the onl|
|000056c0| 79 20 70 65 72 73 6f 6e | 20 77 68 6f 20 6b 6e 6f |y person| who kno|
|000056d0| 77 73 20 68 6f 77 20 74 | 6f 20 63 6f 6d 70 75 74 |ws how t|o comput|
|000056e0| 65 20 24 66 5e 7b 2d 31 | 7d 24 2e 0a 41 20 63 68 |e $f^{-1|}$..A ch|
|000056f0| 6f 6f 73 65 73 20 74 77 | 6f 20 6c 61 72 67 65 20 |ooses tw|o large |
|00005700| 70 72 69 6d 65 73 20 24 | 70 24 2c 20 24 71 24 20 |primes $|p$, $q$ |
|00005710| 77 68 69 63 68 20 68 65 | 20 6b 65 65 70 73 20 73 |which he| keeps s|
|00005720| 65 63 72 65 74 2e 20 20 | 48 65 20 61 6e 6e 6f 75 |ecret.  |He annou|
|00005730| 6e 63 65 73 0a 24 6e 3d | 70 71 24 20 61 6e 64 20 |nces.$n=|pq$ and |
|00005740| 61 6e 6f 74 68 65 72 20 | 6e 75 6d 62 65 72 20 24 |another |number $|
|00005750| 64 24 2c 20 77 69 74 68 | 20 24 28 64 2c 70 2d 31 |d$, with| $(d,p-1|
|00005760| 29 3d 28 64 2c 71 2d 31 | 29 3d 31 24 20 28 6f 6e |)=(d,q-1|)=1$ (on|
|00005770| 65 20 77 61 79 20 74 6f | 0a 64 6f 20 74 68 69 73 |e way to|.do this|
|00005780| 20 69 73 20 74 6f 20 63 | 68 6f 6f 73 65 20 24 64 | is to c|hoose $d|
|00005790| 24 20 61 20 70 72 69 6d | 65 20 6c 61 72 67 65 72 |$ a prim|e larger|
|000057a0| 20 74 68 61 6e 20 24 70 | 2f 32 24 20 61 6e 64 20 | than $p|/2$ and |
|000057b0| 24 71 2f 32 24 2e 29 0a | 54 68 65 20 65 6e 63 6f |$q/2$.).|The enco|
|000057c0| 64 69 6e 67 20 69 73 20 | 24 24 66 28 4d 29 5c 65 |ding is |$$f(M)\e|
|000057d0| 71 75 69 76 20 4d 5e 64 | 5c 68 62 6f 78 7b 0a 6d |quiv M^d|\hbox{.m|
|000057e0| 6f 64 20 6e 7d 24 24 77 | 68 65 72 65 20 24 4d 24 |od n}$$w|here $M$|
|000057f0| 20 61 6e 64 20 24 66 28 | 4d 29 24 20 61 72 65 20 | and $f(|M)$ are |
|00005800| 62 6f 74 68 20 24 5c 6c | 65 20 6e 2d 31 24 2e 0a |both $\l|e n-1$..|
|00005810| 57 65 20 68 61 76 65 20 | 73 65 65 6e 20 24 66 24 |We have |seen $f$|
|00005820| 20 63 61 6e 20 62 65 20 | 63 6f 6d 70 75 74 65 64 | can be |computed|
|00005830| 20 69 6e 20 61 20 72 65 | 61 6c 69 73 74 69 63 20 | in a re|alistic |
|00005840| 61 6d 6f 75 6e 74 20 6f | 66 20 74 69 6d 65 0a 65 |amount o|f time.e|
|00005850| 76 65 6e 20 69 66 20 24 | 4d 24 2c 20 24 64 24 2c |ven if $|M$, $d$,|
|00005860| 20 24 6e 24 20 61 72 65 | 20 6d 61 6e 79 20 64 69 | $n$ are| many di|
|00005870| 67 69 74 73 20 6c 6f 6e | 67 2e 0a 5c 70 71 20 41 |gits lon|g..\pq A|
|00005880| 20 63 6f 6d 70 75 74 65 | 73 20 24 4d 24 20 66 72 | compute|s $M$ fr|
|00005890| 6f 6d 20 24 4d 5e 64 24 | 20 75 73 69 6e 67 20 68 |om $M^d$| using h|
|000058a0| 69 73 20 6b 6e 6f 77 6c | 65 64 67 65 20 6f 66 20 |is knowl|edge of |
|000058b0| 24 70 24 2c 20 24 71 24 | 2e 20 42 79 0a 20 43 6f |$p$, $q$|. By. Co|
|000058c0| 72 6f 6c 6c 61 72 79 20 | 38 2c 20 24 24 5c 68 62 |rollary |8, $$\hb|
|000058d0| 6f 78 7b 49 66 20 7d 5c | 63 6f 20 7b 64 65 7d 31 |ox{If }\|co {de}1|
|000058e0| 7b 28 70 2d 31 29 7d 5c | 68 62 6f 78 7b 20 74 68 |{(p-1)}\|hbox{ th|
|000058f0| 65 6e 20 7d 5c 63 6f 7b | 5c 6c 65 66 74 28 4d 5e |en }\co{|\left(M^|
|00005900| 64 5c 72 69 67 68 74 29 | 5e 65 7d 0a 31 70 24 24 |d\right)|^e}.1p$$|
|00005910| 53 69 6d 69 6c 61 72 6c | 79 20 24 5c 63 6f 7b 5c |Similarl|y $\co{\|
|00005920| 6c 65 66 74 28 4d 5e 64 | 5c 72 69 67 68 74 29 5e |left(M^d|\right)^|
|00005930| 65 7d 4d 71 24 20 69 66 | 20 24 5c 63 6f 20 7b 64 |e}Mq$ if| $\co {d|
|00005940| 65 7d 31 7b 28 71 2d 31 | 29 7d 24 2e 0a 24 65 24 |e}1{(q-1|)}$..$e$|
|00005950| 20 73 61 74 69 73 66 69 | 65 73 20 74 68 65 73 65 | satisfi|es these|
|00005960| 20 74 77 6f 20 63 6f 6e | 64 69 74 69 6f 6e 73 20 | two con|ditions |
|00005970| 69 66 20 24 5c 63 6f 7b | 65 64 7d 31 7b 28 70 2d |if $\co{|ed}1{(p-|
|00005980| 31 29 28 71 2d 31 29 7d | 24 2e 20 20 54 68 65 6f |1)(q-1)}|$.  Theo|
|00005990| 72 65 6d 7e 31 0a 73 61 | 79 73 20 77 65 20 63 61 |rem~1.sa|ys we ca|
|000059a0| 6e 20 6c 65 74 20 24 65 | 3d 78 24 2c 20 77 68 65 |n let $e|=x$, whe|
|000059b0| 72 65 20 24 78 24 20 69 | 73 20 61 20 73 6f 6c 75 |re $x$ i|s a solu|
|000059c0| 74 69 6f 6e 20 6f 66 20 | 24 24 64 78 2b 28 70 2d |tion of |$$dx+(p-|
|000059d0| 31 29 28 71 2d 31 29 79 | 3d 31 24 24 0a 53 69 6e |1)(q-1)y|=1$$.Sin|
|000059e0| 63 65 20 24 5c 6c 65 66 | 74 28 4d 5e 64 5c 72 69 |ce $\lef|t(M^d\ri|
|000059f0| 67 68 74 29 5e 65 2d 4d | 24 20 69 73 20 64 69 76 |ght)^e-M|$ is div|
|00005a00| 69 73 69 62 6c 65 20 62 | 79 20 24 70 24 20 61 6e |isible b|y $p$ an|
|00005a10| 64 20 62 79 20 24 71 24 | 2c 20 69 74 20 69 73 0a |d by $q$|, it is.|
|00005a20| 64 69 76 69 73 62 6c 65 | 20 62 79 20 24 70 71 24 |divisble| by $pq$|
|00005a30| 2c 20 68 65 6e 63 65 20 | 77 65 20 63 61 6e 20 72 |, hence |we can r|
|00005a40| 65 63 6f 76 65 72 20 24 | 4d 24 20 66 72 6f 6d 20 |ecover $|M$ from |
|00005a50| 24 4d 5e 64 24 20 62 79 | 20 74 61 6b 69 6e 67 20 |$M^d$ by| taking |
|00005a60| 74 6f 0a 74 68 65 20 24 | 65 24 2d 74 68 20 70 6f |to.the $|e$-th po|
|00005a70| 77 65 72 20 6d 6f 64 20 | 24 70 71 24 2e 0a 5c 70 |wer mod |$pq$..\p|
|00005a80| 71 20 49 74 20 69 73 20 | 63 72 75 63 69 61 6c 20 |q It is |crucial |
|00005a90| 74 6f 20 74 68 65 20 73 | 65 63 75 72 69 74 79 20 |to the s|ecurity |
|00005aa0| 6f 66 20 74 68 69 73 20 | 73 79 73 74 65 6d 20 74 |of this |system t|
|00005ab0| 68 61 74 20 6b 6e 6f 77 | 6c 65 64 67 65 20 6f 66 |hat know|ledge of|
|00005ac0| 0a 24 6e 24 20 64 6f 65 | 73 20 6e 6f 74 20 61 6c |.$n$ doe|s not al|
|00005ad0| 6c 6f 77 20 61 6e 20 65 | 61 76 65 73 64 72 6f 70 |low an e|avesdrop|
|00005ae0| 70 65 72 20 74 6f 20 63 | 61 6c 63 75 6c 61 74 65 |per to c|alculate|
|00005af0| 20 24 70 24 20 61 6e 64 | 20 24 71 24 2e 20 54 68 | $p$ and| $q$. Th|
|00005b00| 65 0a 63 72 75 64 65 20 | 61 70 70 72 6f 61 63 68 |e.crude |approach|
|00005b10| 20 6f 66 20 64 69 76 69 | 64 69 6e 67 20 24 6e 24 | of divi|ding $n$|
|00005b20| 20 62 79 20 61 6c 6c 20 | 6e 75 6d 62 65 72 73 20 | by all |numbers |
|00005b30| 75 70 20 74 6f 20 24 5c | 73 71 72 74 20 6e 24 20 |up to $\|sqrt n$ |
|00005b40| 77 6f 75 6c 64 0a 74 61 | 6b 65 20 24 5c 73 69 6d |would.ta|ke $\sim|
|00005b50| 31 30 5e 7b 35 30 7d 24 | 20 73 74 65 70 73 20 66 |10^{50}$| steps f|
|00005b60| 6f 72 20 61 20 31 30 30 | 2d 64 69 67 69 74 20 24 |or a 100|-digit $|
|00005b70| 6e 24 2e 20 48 6f 77 65 | 76 65 72 2c 20 6d 61 6e |n$. Howe|ver, man|
|00005b80| 79 20 66 61 6d 6f 75 73 | 0a 6d 61 74 68 65 6d 61 |y famous|.mathema|
|00005b90| 74 69 63 69 61 6e 73 20 | 68 61 76 65 20 62 65 65 |ticians |have bee|
|00005ba0| 6e 20 75 6e 61 62 6c 65 | 20 74 6f 20 64 65 76 69 |n unable| to devi|
|00005bb0| 73 65 20 73 69 67 6e 69 | 66 69 63 61 6e 74 6c 79 |se signi|ficantly|
|00005bc0| 20 62 65 74 74 65 72 0a | 66 61 63 74 6f 72 69 6e | better.|factorin|
|00005bd0| 67 20 61 6c 67 6f 72 69 | 74 68 6d 73 2c 20 61 6e |g algori|thms, an|
|00005be0| 64 20 74 68 69 73 20 70 | 72 6f 62 6c 65 6d 20 68 |d this p|roblem h|
|00005bf0| 61 73 20 62 65 65 6e 20 | 73 74 75 64 69 65 64 20 |as been |studied |
|00005c00| 66 6f 72 20 61 74 0a 6c | 65 61 73 74 20 31 30 30 |for at.l|east 100|
|00005c10| 7e 79 65 61 72 73 2e 0a | 5c 70 71 20 4f 6e 65 20 |~years..|\pq One |
|00005c20| 70 72 61 63 74 69 63 61 | 6c 20 64 69 66 66 69 63 |practica|l diffic|
|00005c30| 75 6c 74 79 20 69 6e 20 | 75 73 69 6e 67 20 74 68 |ulty in |using th|
|00005c40| 69 73 20 73 79 73 74 65 | 6d 20 69 73 20 74 68 65 |is syste|m is the|
|00005c50| 20 6e 65 65 64 20 74 6f | 0a 64 6f 20 63 61 6c 63 | need to|.do calc|
|00005c60| 75 6c 61 74 69 6f 6e 73 | 20 77 69 74 68 20 6d 61 |ulations| with ma|
|00005c70| 6e 79 2d 64 69 67 69 74 | 20 6e 75 6d 62 65 72 73 |ny-digit| numbers|
|00005c80| 2c 20 65 73 70 65 63 69 | 61 6c 6c 79 20 74 6f 20 |, especi|ally to |
|00005c90| 66 69 6e 64 20 70 72 69 | 6d 65 73 2e 0a 41 6e 6f |find pri|mes..Ano|
|00005ca0| 74 68 65 72 20 64 69 66 | 66 69 63 75 6c 74 79 20 |ther dif|ficulty |
|00005cb0| 69 73 20 74 68 61 74 20 | 74 68 65 20 69 6e 76 65 |is that |the inve|
|00005cc0| 6e 74 6f 72 73 20 6f 66 | 20 74 68 69 73 20 73 79 |ntors of| this sy|
|00005cd0| 73 74 65 6d 20 68 61 76 | 65 20 70 61 74 65 6e 74 |stem hav|e patent|
|00005ce0| 65 64 0a 69 74 2e 20 20 | 41 6d 61 74 65 75 72 20 |ed.it.  |Amateur |
|00005cf0| 70 72 6f 67 72 61 6d 6d | 65 72 73 20 77 68 6f 20 |programm|ers who |
|00005d00| 68 61 76 65 20 70 6f 73 | 74 65 64 20 69 6d 70 6c |have pos|ted impl|
|00005d10| 65 6d 65 6e 74 61 74 69 | 6f 6e 73 20 6f 6e 20 65 |ementati|ons on e|
|00005d20| 6c 65 63 74 72 6f 6e 69 | 63 0a 62 75 6c 6c 65 74 |lectroni|c.bullet|
|00005d30| 69 6e 20 62 6f 61 72 64 | 73 20 68 61 76 65 20 72 |in board|s have r|
|00005d40| 65 63 65 69 76 65 64 20 | 6c 65 74 74 65 72 73 20 |eceived |letters |
|00005d50| 66 72 6f 6d 20 60 60 52 | 53 41 20 53 65 63 75 72 |from ``R|SA Secur|
|00005d60| 69 74 79 2c 20 49 6e 63 | 27 27 0a 77 61 72 6e 69 |ity, Inc|''.warni|
|00005d70| 6e 67 20 6f 66 20 70 6f | 73 73 69 62 6c 65 20 70 |ng of po|ssible p|
|00005d80| 61 74 65 6e 74 20 69 6e | 66 72 69 6e 67 65 6d 65 |atent in|fringeme|
|00005d90| 6e 74 2e 0a 5c 73 75 62 | 73 65 63 74 69 6f 6e 7b |nt..\sub|section{|
|00005da0| 41 20 70 75 62 6c 69 63 | 20 6b 65 79 20 73 79 73 |A public| key sys|
|00005db0| 74 65 6d 20 61 73 20 68 | 61 72 64 20 61 73 20 66 |tem as h|ard as f|
|00005dc0| 61 63 74 6f 72 69 6e 67 | 5c 6c 61 62 65 6c 7b 52 |actoring|\label{R|
|00005dd0| 61 7d 7d 0a 49 74 20 69 | 73 20 70 6f 73 73 69 62 |a}}.It i|s possib|
|00005de0| 6c 65 20 69 6e 20 74 68 | 65 6f 72 79 20 74 68 61 |le in th|eory tha|
|00005df0| 74 20 74 68 65 72 65 20 | 69 73 20 73 6f 6d 65 20 |t there |is some |
|00005e00| 77 61 79 20 6f 66 20 63 | 6f 6d 70 75 74 69 6e 67 |way of c|omputing|
|00005e10| 20 24 66 5e 7b 2d 31 7d | 24 0a 66 6f 72 20 74 68 | $f^{-1}|$.for th|
|00005e20| 65 20 73 79 73 74 65 6d | 20 69 6e 20 74 68 65 20 |e system| in the |
|00005e30| 70 72 65 76 69 6f 75 73 | 20 73 65 63 74 69 6f 6e |previous| section|
|00005e40| 20 74 68 61 74 20 64 6f | 65 73 20 6e 6f 74 20 69 | that do|es not i|
|00005e50| 6e 76 6f 6c 76 65 20 64 | 65 74 65 72 25 0a 6d 69 |nvolve d|eter%.mi|
|00005e60| 6e 69 6e 67 20 24 70 24 | 20 61 6e 64 20 24 71 24 |ning $p$| and $q$|
|00005e70| 2e 20 49 6e 20 74 68 65 | 20 6f 72 69 67 69 6e 61 |. In the| origina|
|00005e80| 6c 20 52 53 41 20 70 61 | 70 65 72 2c 20 74 68 65 |l RSA pa|per, the|
|00005e90| 20 61 75 74 68 6f 72 73 | 20 73 61 79 0a 5c 62 65 | authors| say.\be|
|00005ea0| 67 69 6e 7b 71 75 6f 74 | 61 74 69 6f 6e 7d 49 74 |gin{quot|ation}It|
|00005eb0| 20 6d 61 79 20 62 65 20 | 70 6f 73 73 69 62 6c 65 | may be |possible|
|00005ec0| 20 74 6f 20 70 72 6f 76 | 65 20 74 68 61 74 20 61 | to prov|e that a|
|00005ed0| 6e 79 20 67 65 6e 65 72 | 61 6c 20 6d 65 74 68 6f |ny gener|al metho|
|00005ee0| 64 0a 6f 66 20 62 72 65 | 61 6b 69 6e 67 20 6f 75 |d.of bre|aking ou|
|00005ef0| 72 20 73 63 68 65 6d 65 | 20 79 69 65 6c 64 73 20 |r scheme| yields |
|00005f00| 61 6e 20 65 66 66 69 63 | 69 65 6e 74 20 66 61 63 |an effic|ient fac|
|00005f10| 74 6f 72 69 6e 67 20 61 | 6c 67 6f 72 69 74 68 6d |toring a|lgorithm|
|00005f20| 2e 20 20 54 68 69 73 0a | 77 6f 75 6c 64 20 65 73 |.  This.|would es|
|00005f30| 74 61 62 6c 69 73 68 20 | 74 68 61 74 20 61 6e 79 |tablish |that any|
|00005f40| 20 77 61 79 20 6f 66 20 | 62 72 65 61 6b 69 6e 67 | way of |breaking|
|00005f50| 20 6f 75 72 20 73 63 68 | 65 6d 65 20 6d 75 73 74 | our sch|eme must|
|00005f60| 20 62 65 20 61 73 20 64 | 69 66 66 25 0a 69 63 75 | be as d|iff%.icu|
|00005f70| 6c 74 20 61 73 20 66 61 | 63 74 6f 72 69 6e 67 2e |lt as fa|ctoring.|
|00005f80| 20 57 65 20 68 61 76 65 | 20 6e 6f 74 20 62 65 65 | We have| not bee|
|00005f90| 6e 20 61 62 6c 65 20 74 | 6f 20 70 72 6f 76 65 20 |n able t|o prove |
|00005fa0| 74 68 69 73 20 63 6f 6e | 6a 65 63 74 75 72 65 2c |this con|jecture,|
|00005fb0| 0a 68 6f 77 65 76 65 72 | 2e 5c 65 6e 64 7b 71 75 |.however|.\end{qu|
|00005fc0| 6f 74 61 74 69 6f 6e 7d | 0a 54 6f 20 73 65 65 20 |otation}|.To see |
|00005fd0| 74 68 65 20 64 69 66 66 | 69 63 75 6c 74 69 65 73 |the diff|iculties|
|00005fe0| 20 69 6e 76 6f 6c 76 65 | 64 20 69 6e 20 74 72 79 | involve|d in try|
|00005ff0| 69 6e 67 20 74 6f 20 70 | 72 6f 76 65 20 73 75 63 |ing to p|rove suc|
|00006000| 68 20 61 20 74 68 69 6e | 67 2c 0a 73 75 70 70 6f |h a thin|g,.suppo|
|00006010| 73 65 20 74 68 61 74 20 | 6f 6e 65 20 63 6f 75 6c |se that |one coul|
|00006020| 64 20 73 68 6f 77 20 74 | 68 61 74 20 6b 6e 6f 77 |d show t|hat know|
|00006030| 6c 65 64 67 65 20 6f 66 | 20 61 20 63 69 70 68 65 |ledge of| a ciphe|
|00006040| 72 74 65 78 74 20 24 66 | 28 4d 29 24 0a 61 6e 64 |rtext $f|(M)$.and|
|00006050| 20 61 20 70 6c 61 69 6e | 74 65 78 74 20 24 4d 24 | a plain|text $M$|
|00006060| 20 65 6e 61 62 6c 65 64 | 20 6f 6e 65 20 74 6f 20 | enabled| one to |
|00006070| 66 69 6e 64 20 24 70 24 | 20 61 6e 64 20 24 71 24 |find $p$| and $q$|
|00006080| 2e 20 20 54 68 65 6e 20 | 6f 6e 65 20 0a 63 6f 75 |.  Then |one .cou|
|00006090| 6c 64 20 66 61 63 74 6f | 72 20 24 6e 24 20 61 73 |ld facto|r $n$ as|
|000060a0| 20 66 6f 6c 6c 6f 77 73 | 3a 5c 62 65 67 69 6e 7b | follows|:\begin{|
|000060b0| 65 6e 75 6d 65 72 61 74 | 65 7d 0a 5c 69 74 65 6d |enumerat|e}.\item|
|000060c0| 20 43 68 6f 6f 73 65 20 | 61 6e 79 20 24 4d 24 2e | Choose |any $M$.|
|000060d0| 5c 69 74 65 6d 20 43 6f | 6d 70 75 74 65 20 24 66 |\item Co|mpute $f|
|000060e0| 28 4d 29 24 2e 20 20 5b | 52 65 6d 65 6d 62 65 72 |(M)$.  [|Remember|
|000060f0| 2c 20 77 65 20 61 72 65 | 20 61 73 73 75 6d 69 6e |, we are| assumin|
|00006100| 67 0a 24 66 24 20 69 73 | 20 70 75 62 6c 69 63 6c |g.$f$ is| publicl|
|00006110| 79 20 61 76 61 69 6c 61 | 62 6c 65 2e 20 20 46 75 |y availa|ble.  Fu|
|00006120| 72 74 68 65 72 6d 6f 72 | 65 2c 20 24 66 28 4d 29 |rthermor|e, $f(M)|
|00006130| 24 20 63 61 6e 27 74 20 | 62 65 20 74 6f 6f 20 68 |$ can't |be too h|
|00006140| 61 72 64 0a 74 6f 20 63 | 6f 6d 70 75 74 65 2c 20 |ard.to c|ompute, |
|00006150| 6f 72 20 74 68 65 20 63 | 6f 64 65 20 77 6f 75 6c |or the c|ode woul|
|00006160| 64 20 62 65 20 69 6d 70 | 72 61 63 74 69 63 61 6c |d be imp|ractical|
|00006170| 2e 5d 5c 69 74 65 6d 20 | 55 73 65 20 74 68 65 20 |.]\item |Use the |
|00006180| 61 73 73 75 6d 65 64 0a | 6d 65 74 68 6f 64 20 74 |assumed.|method t|
|00006190| 6f 20 6f 62 74 61 69 6e | 20 24 70 24 2c 20 24 71 |o obtain| $p$, $q|
|000061a0| 24 2e 5c 65 6e 64 7b 65 | 6e 75 6d 65 72 61 74 65 |$.\end{e|numerate|
|000061b0| 7d 0a 49 6e 20 77 6f 72 | 64 73 2c 20 77 65 20 61 |}.In wor|ds, we a|
|000061c0| 72 65 20 75 6e 61 62 6c | 65 20 74 6f 20 64 69 73 |re unabl|e to dis|
|000061d0| 74 69 6e 67 75 69 73 68 | 20 62 65 74 77 65 65 6e |tinguish| between|
|000061e0| 20 74 68 65 20 73 69 74 | 75 61 74 69 6f 6e 0a 69 | the sit|uation.i|
|000061f0| 6e 20 77 68 69 63 68 20 | 24 66 28 4d 29 24 20 69 |n which |$f(M)$ i|
|00006200| 73 20 6f 62 74 61 69 6e | 65 64 20 66 72 6f 6d 20 |s obtain|ed from |
|00006210| 24 4d 24 20 28 65 61 73 | 79 29 20 61 6e 64 20 74 |$M$ (eas|y) and t|
|00006220| 68 65 20 28 70 72 65 73 | 75 6d 61 62 6c 79 20 64 |he (pres|umably d|
|00006230| 69 66 66 69 63 75 6c 74 | 29 0a 73 69 74 75 61 74 |ifficult|).situat|
|00006240| 69 6f 6e 20 69 6e 20 77 | 68 69 63 68 20 24 4d 24 |ion in w|hich $M$|
|00006250| 20 69 73 20 6f 62 74 61 | 69 6e 65 64 20 66 72 6f | is obta|ined fro|
|00006260| 6d 20 24 66 28 4d 29 24 | 2e 0a 5c 70 71 20 52 61 |m $f(M)$|..\pq Ra|
|00006270| 62 69 6e 20 68 61 73 20 | 73 75 67 67 65 73 74 65 |bin has |suggeste|
|00006280| 64 20 61 6e 20 61 6c 74 | 65 72 6e 61 74 69 76 65 |d an alt|ernative|
|00006290| 20 74 6f 20 74 68 65 20 | 52 53 41 20 73 79 73 74 | to the |RSA syst|
|000062a0| 65 6d 20 69 6e 20 77 68 | 69 63 68 20 74 68 65 72 |em in wh|ich ther|
|000062b0| 65 0a 69 73 20 61 20 64 | 69 72 65 63 74 20 63 6f |e.is a d|irect co|
|000062c0| 6e 6e 65 63 74 69 6f 6e | 20 74 6f 20 66 61 63 74 |nnection| to fact|
|000062d0| 6f 72 69 6e 67 2e 20 20 | 41 73 20 69 6e 20 52 53 |oring.  |As in RS|
|000062e0| 41 2c 20 24 6e 3d 70 71 | 24 20 69 73 20 61 6e 6e |A, $n=pq|$ is ann|
|000062f0| 6f 75 6e 63 65 64 0a 70 | 75 62 6c 69 63 6c 79 2c |ounced.p|ublicly,|
|00006300| 20 77 69 74 68 20 70 72 | 69 6d 65 73 20 24 70 24 | with pr|imes $p$|
|00006310| 2c 20 24 71 24 20 6b 65 | 70 74 20 73 65 63 72 65 |, $q$ ke|pt secre|
|00006320| 74 2e 20 20 46 6f 72 20 | 74 65 63 68 6e 69 63 61 |t.  For |technica|
|00006330| 6c 20 72 65 61 73 6f 6e | 73 2c 20 77 65 0a 61 73 |l reason|s, we.as|
|00006340| 73 75 6d 65 20 24 5c 63 | 6f 20 7b 70 2c 71 7d 33 |sume $\c|o {p,q}3|
|00006350| 34 24 2e 0a 54 68 65 20 | 65 6e 63 6f 64 69 6e 67 |4$..The |encoding|
|00006360| 20 66 75 6e 63 74 69 6f | 6e 20 69 73 20 20 24 24 | functio|n is  $$|
|00006370| 5c 63 6f 20 7b 66 28 4d | 29 7d 7b 4d 5e 32 7d 6e |\co {f(M|)}{M^2}n|
|00006380| 24 24 20 20 0a 20 54 68 | 65 20 77 61 79 20 77 65 |$$  . Th|e way we|
|00006390| 20 61 76 6f 69 64 20 74 | 68 65 20 64 69 66 66 69 | avoid t|he diffi|
|000063a0| 63 75 6c 74 79 20 64 65 | 73 63 72 69 62 65 64 20 |culty de|scribed |
|000063b0| 61 62 6f 76 65 20 69 73 | 20 74 68 61 74 20 74 68 |above is| that th|
|000063c0| 65 72 65 20 61 72 65 20 | 0a 7b 5c 69 74 20 66 6f |ere are |.{\it fo|
|000063d0| 75 72 5c 2f 7d 20 6e 75 | 6d 62 65 72 73 20 24 4d |ur\/} nu|mbers $M|
|000063e0| 5f 31 2c 4d 5f 32 2c 4d | 5f 33 2c 4d 5f 34 24 20 |_1,M_2,M|_3,M_4$ |
|000063f0| 77 69 74 68 20 24 66 28 | 4d 5f 69 29 5c 65 71 75 |with $f(|M_i)\equ|
+--------+-------------------------+-------------------------+--------+--------+
Only 25.0 KB of data is shown above.