# Problems of Chapter 6

## 6.1

Symmetric ciphers are faster, operate with shorter keys, and are more likely to survive the possible advent of quantum computers.

## 6.2

In [None]:
from datetime import timedelta

import humanize


def calculate_decryption_time(file_size: int, rate: float) -> timedelta:
    return timedelta(seconds=file_size / rate)


file_size = 10**9  # bytes
rsa_rate = 100 * 10**3 / 8  # bytes/sec
aes_rate = 17 * 10**6 / 8  # bytes/sec

for name, rate in ("RSA", rsa_rate), ("AES", aes_rate):
    print(
        f"Decryption with {name} algorithm will take "
        f"{humanize.precisedelta(calculate_decryption_time(file_size, rate), format='%.0f')}."
    )

## 6.3

In [None]:
import math

n = 120

print(f"Each employee have to store {n - 1} keys.")
print(f"Total number of keys required is {math.comb(120, 2)}.")

## 6.4

1. $15.7 \cdot 3^3 = 423.9$ ms

2. $15.7 \cdot 15^3 = 52987.5$ ms $≈ 53$ sec

3. $1.3 \cdot 1.6^3 = 5.3$ ms

   $1.3 \cdot 3.2^3 = 42.6$ ms

4. The advantage of ECC over the RSA is that the key length has to be increased much more slowly to enhance the security level.

## 6.5

In [None]:
def gcd(a: int, b: int) -> int:
    if a < b:
        a, b = b, a
    while b:
        a, b = b, a % b
    return a

1. $r_0 = 973,\ r_1 = 301$

    | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $\text{gcd}(r_{i-2}, r_{i-1}) = \text{gcd}(r_{i-1}, r_{i})$ |
    | --- | --------------------------------------- | ----------------------------------------------------------- |
    | 2   | $973 = 3 \cdot 301 + 70$                | $\text{gcd}(973, 301) = \text{gcd}(301, 70)$                |
    | 3   | $301 = 4 \cdot 70 + 21$                 | $\text{gcd}(301, 70) = \text{gcd}(70, 21)$                  |
    | 4   | $70 = 3 \cdot 21 + 7$                   | $\text{gcd}(70, 21) = \text{gcd}(21, 7)$                    |
    | 5   | $21 = 3 \cdot 7 + 0$                    | $\text{gcd}(21, 7) = \text{gcd}(7, 0) = 7$                  |

In [None]:
assert gcd(973, 301) == 7


1. $r_0 = 4001,\ r_1 = 2689$

    | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $\text{gcd}(r_{i-2}, r_{i-1}) = \text{gcd}(r_{i-1}, r_{i})$ |
    | --- | --------------------------------------- | ----------------------------------------------------------- |
    | 2   | $4001 = 1 \cdot 2689 + 1312$            | $\text{gcd}(4001, 2689) = \text{gcd}(2689, 1312)$           |
    | 3   | $2689 = 2 \cdot 1312 + 65$              | $\text{gcd}(2689, 1312) = \text{gcd}(1312, 65)$             |
    | 4   | $1312 = 20 \cdot 65 + 12$               | $\text{gcd}(1312, 65) = \text{gcd}(65, 12)$                 |
    | 5   | $65 = 5 \cdot 12 + 5$                   | $\text{gcd}(65, 12) = \text{gcd}(12, 5)$                    |
    | 6   | $12 = 2 \cdot 5 + 2$                    | $\text{gcd}(12, 5) = \text{gcd}(5, 2)$                      |
    | 7   | $5 = 2 \cdot 2+1$                       | $\text{gcd}(5, 2) = \text{gcd}(2, 1)$                       |
    | 8   | $2 = 2 \cdot 1+0$                       | $\text{gcd}(2, 1) = \text{gcd}(1, 0) = 1$                   |

In [None]:
assert gcd(4001, 2689) == 1

## 6.6

In [None]:
def xgcd(a: int, b: int) -> tuple[int, int, int]:
    if a < b:
        a, b = b, a

    r = [b, a]
    s = [0, 1]
    t = [1, 0]

    while r[-1]:
        q = r[-2] // r[-1]
        r[-2], r[-1] = r[-1], r[-2] % r[-1]
        s[-2], s[-1] = s[-1], s[-2] - q * s[-1]
        t[-2], t[-1] = t[-1], t[-2] - q * t[-1]

    return r[-2], s[-2], t[-2]

1. $r_0 = 243,\ r_1 = 198$

   | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $r_i = s_i r_0 + t_i r_1$ |
   | --- | --------------------------------------- | ------------------------- |
   | 2   | $243 = 1 \cdot 198 + 45$                | $45 = [1]r_0 + [−1]r_1$   |
   | 3   | $198 = 4 \cdot 45 + 18$                 | $18 = [−4]r_0 + [5]r_1$   |
   | 4   | $45 = 2 \cdot 18 + 9$                   | $9 = [9]r_0 + [−11]r_1$   |
   | 5   | $18 = 2 \cdot 9 + 0$                    |                           |

In [None]:
assert xgcd(243, 198) == (9, 9, -11)

1. $r_0 = 3587,\ r_1 = 1819$

   | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $r_i = s_i r_0 + t_i r_1$ |
   | --- | --------------------------------------- | ------------------------- |
   | 2   | $3587 = 1 \cdot 1819 + 1768$            | $1768 = [1]r_0 + [−1]r_1$ |
   | 3   | $1819 = 1 \cdot 1768 + 51$              | $51 = [−1]r_0 + [2]r_1$   |
   | 4   | $1768 = 34 \cdot 51 + 34$               | $34 = [35]r_0 + [−69]r_1$ |
   | 5   | $51 = 1 \cdot 34 + 17$                  | $17 = [−36]r_0 + [71]r_1$ |
   | 6   | $34 = 2 \cdot 17 + 0$                   |                           |

In [None]:
assert xgcd(3587, 1819) == (17, -36, 71)

## 6.7

In [None]:
def minv(a: int, m: int) -> int:
    gcd, _, t = xgcd(m, a)
    if gcd == 1:
        return t % m
    raise ValueError("inverse does not exist")

1. $a = r_1 = 7,\ m = r_0 = 26$

   | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $r_i = s_i r_0 + t_i r_1$ |
   | --- | --------------------------------------- | ------------------------- |
   | 2   | $26 = 3 \cdot 7 + 5$                    | $5 = [1]r_0 + [-3]r_1$    |
   | 3   | $7 = 1 \cdot 5 + 2$                     | $2 = [-1]r_0 + [4]r_1$    |
   | 4   | $5 = 2 \cdot 2 + 1$                     | $1 = [3]r_0 + [-11]r_1$   |
   | 5   | $2 = 2 \cdot 1 + 0$                     |                           |

In [None]:
a, m = 7, 26
i = minv(a, m)

assert i == -11 % m == 15
assert a * i % m == 1

2. $r_1 = a = 19,\ r_0 = m = 999$

   | $i$ | $r_{i-2} = q_{i-1} \cdot r_{i-1} + r_i$ | $r_i = s_i r_0 + t_i r_1$ |
   | --- | --------------------------------------- | ------------------------- |
   | 2   | $999 = 52 \cdot 19 + 11$                | $11 = [1]r_0 + [52]r_1$   |
   | 3   | $19 = 1 \cdot 11 + 8$                   | $8 = [-1]r_0 + [53]r_1$   |
   | 4   | $11 = 1 \cdot 8 + 3$                    | $3 = [2]r_0 + [-105]r_1$  |
   | 5   | $8 = 2 \cdot 3 + 2$                     | $2 = [-5]r_0 + [263]r_1$  |
   | 6   | $3 = 1 \cdot 2 + 1$                     | $1 = [7]r_0 + [-368]r_1$  |
   | 7   | $2 = 2 \cdot 1 + 0$                     |                           |

In [None]:
a, m = 19, 999
i = minv(a, m)

assert i == -368 % m == 631
assert a * i % m == 1

## 6.8

In [None]:
def phi(m: int) -> int:
    return sum(1 for n in range(m) if gcd(m, n) == 1)


for m in 12, 15, 26:
    print(f"\N{Greek Capital Letter Phi}({m}) = {phi(m)}")

## 6.9

1. $m$ is prime:

   $$\Phi(m) = m^1 − m^0 = m − 1$$

2. $m = p \cdot q$, where $p$ and $q$ are primes:

   $$\Phi(m) = \Phi(p \cdot q) = (p^1 − p^0)(q^1 − q^0) = (p − 1)(q − 1)$$

## 6.10

In [None]:
def is_prime(n: int) -> bool:
    return n in (7, 13)


def are_coprime(a: int, b: int) -> bool:
    return gcd(a, b) == 1


def minv(a: int, n: int) -> int:
    if is_prime(n):
        return a ** (n - 2) % n

    if are_coprime(a, n):
        return a ** (phi(n) - 1) % n

    raise ValueError("inverse does not exist")


for a, n in (4, 7), (5, 12), (6, 13):
    print(
        f"{a}\N{Superscript Minus}\N{Superscript One} \N{Identical To} {minv(a, n)} mod {n}"
    )

## 6.11

In [None]:
def verify_euler(m: int) -> bool:
    return not any(are_coprime(a, m) ^ (a ** phi(m) % m == 1) for a in range(m))


assert verify_euler(6) and verify_euler(9)

## 6.12

Formula for finding the multiplicative inverse using Euler's Theorem:
$$
\begin{align*}

a^{\Phi(m)} &\equiv 1 \mod m \\
a^{\Phi(m)−1} &\equiv a^{−1} \mod m

\end{align*}
$$

Plug $m = 26$ into the formula:
$$
\begin{align*}

a^{\Phi(26)−1} &\equiv a^{−1} \mod 26 \\
a^{11} &\equiv a^{-1} \mod 26

\end{align*}
$$


## 6.13

$$
\begin{align*}

r_{-2} &= q_{-1}r_{-1} + r_0          &  r_{-1} &= q_0r_0 + r_1 \\
r_{-2} &= q_{-1}(q_0r_0 + r_1) + r_0  &  r_{-1} &= [q_0]r_0 + [1]r_1 \\
r_{-2} &= [1 + q_{-1}q_0]r_0 + [q_{-1}]r_1 \\
\\
s_{-2} &= 1 + q_{-1}q_0  &  s_{-1} &= q_0 \\
t_{-2} &= q_{-1}         &  t_{-1} &= 1 \\
\\
s_0 &= s_{−2} − q_{−1}s_{−1}  &  s_1 &= s_{−1} − q_0s_{0} \\
t_0 &= t_{−2} − q_{−1}t_{−1}  &  t_1 &= t_{−1} − q_0t_0 \\
\\
s_0 &= 1 + q_{-1}q_0 − q_{−1}q_0 = 1  &  s_1 &= q_0 − q_0 = 0 \\
t_0 &= q_{-1} − q_{−1} = 0            &  t_1 &= 1 \\

\end{align*}
$$