FINDING N-TH ROOTS IN NILPOTENT GROUPS AND ...
FINDING N-TH ROOTS IN NILPOTENT GROUPS AND ...
FINDING N-TH ROOTS IN NILPOTENT GROUPS AND ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>F<strong>IN</strong>D<strong>IN</strong>G</strong> N-<strong>TH</strong> <strong>ROOTS</strong> <strong>IN</strong> <strong>NILPOTENT</strong> <strong>GROUPS</strong>... 589<br />
a<br />
n<br />
Note that when the modulus is n = p t1<br />
1 pt2 2 · · · ptm m , we use the Jacobi symbol,<br />
, defined by<br />
<br />
a<br />
t1 a<br />
=<br />
n p1<br />
t2 tm a a<br />
· · · ,<br />
p2 pm<br />
where the symbols on the right-hand side are Legendre symbols.<br />
Proposition 8.4. Let p be a prime such that p ≡ 3 (mod 4). The<br />
solutions of x2 ≡ a (mod p) are x ≡ ±a p+1<br />
4 (mod p).<br />
Proposition 8.5. Let n = pq, where p and q are distinct odd primes. Let<br />
0 < a < n and (a,n) = 1. Then x 2 ≡ a (mod n) has exactly four solutions<br />
modulo n.<br />
Example 8.6. Let n = 103·107 = 11021. Suppose we know that x 2 ≡ 860<br />
(mod 11021) has solution. Then we need to solve<br />
and<br />
x 2 ≡ 860 ≡ 36 (mod 103)<br />
x 2 ≡ 860 ≡ 4 (mod 107).<br />
Since 103 ≡ 3 (mod 4) and 107 ≡ 3 (mod 4), we know that the solutions are<br />
and<br />
x ≡ ±36 26 ≡ ±97 ≡ ±6 (mod 103)<br />
x ≡ ±4 27 ≡ ±105 ≡ ±2 (mod 107),<br />
respectively. By the Chinese Remainder Theorem,<br />
x ≡ ±109 (mod 11021) or x ≡ ±212 (mod 11021).<br />
8.2. Rabin Public Key Encryption<br />
As usual, we assume that Alice and Bob are sending messages through an<br />
insecure channel. Alice will choose two large primes, p and q, which will be<br />
private. Her public key is n = pq. Bob sends his message m by computing<br />
c ≡ m 2 (mod n) and sending c to Alice. Alice recovers the message by using<br />
the methods discussed above, but she has four possible values for m.<br />
In order for Eve, the eavesdropper, to recover the message, she will need to<br />
know the factors p and q. Factoring n and computing square roots modulo n<br />
are computationally equivalent. Therefore, security of this encryption scheme<br />
lies on the assumption that factoring n is computationally intractable.