This page includes material from many of the exercises in the book. It is designed to save you time and potential errors, since you can cut-and-paste material, rather than having to retype it. (See the book for the complete statement of each problem.)

**Exercise 1.1 **

Build a cipher wheel ...

Click to download a
**Cipher Wheel**
that you can print and cut out to use for Exercise 1.1.

(a)
Encrypt the following plaintext...

`A page of history is worth a volume of logic.`

(b)
Decrypt the following plaintext...

`AOLYLHYLUVZLJYLAZILAALYAOHUAOLZLJYLALZAOHALCLYFIVKFNBLZZLZ`

(c)
Decrypt the following plaintext...

`XJHRFTNZHMZGAHIUETXZJNBWNUTRHEPOMDNBJMAUGORFAOIZOCC`

**Exercise 1.2 **

Decrypt each of the following Caesar encryptions...

(a)
`LWKLQNWKDWLVKDOOQHYHUVHHDELOOERDUGORYHOBDVDWUHH`

(b)
`UXENRBWXCUXENFQRLQJUCNABFQNWRCJUCNAJCRXWORWMB`

(c)
`BGUTBMBGZTFHNLXMKTIPBMAVAXXLXTEPTRLEXTOXKHHFYHKMAXFHNLX`

**Exercise 1.3 **

(a)
Encrypt the plaintext message:
`The gold is hidden in the garden.`

(c)
Use your decryption table from (b) to decrypt the following message.

`IBXLX JVXIZ SLLDE VAQLL DEVAU QLB`

**Exercise 1.4 **

Each of the following messages has been encrypted using a simple
substitution cipher. Decrypt them.

(a)
*A Piratical Treasure*

`
JNRZR BNIGI BJRGZ IZLQR OTDNJ GRIHT USDKR ZZWLG OIBTM NRGJN
IJTZJ LZISJ NRSBL QVRSI ORIQT QDEKJ JNRQW GLOFN IJTZX QLFQL
WBIMJ ITQXT HHTBL KUHQL JZKMM LZRNT OBIMI EURLW BLQZJ GKBJT
QDIQS LWJNR OLGRI EZJGK ZRBGS MJLDG IMNZT OIHRK MOSOT QHIJL
QBRJN IJJNT ZFIZL WIZTO MURZM RBTRZ ZKBNN LFRVR GIZFL KUHIM
MRIGJ LJNRB GKHRT QJRUU RBJLW JNRZI TULGI EZLUK JRUST QZLUK
EURFT JNLKJ JNRXR S
`

(b)
*A Botanical Code*

`
KZRNK GJKIP ZBOOB XLCRG BXFAU GJBNG RIXRU XAFGJ BXRME MNKNG
BURIX KJRXR SBUER ISATB UIBNN RTBUM NBIGK EBIGR OCUBR GLUBN
JBGRL SJGLN GJBOR ISLRS BAFFO AZBUN RFAUS AGGBI NGLXM IAZRX
RMNVL GEANG CJRUE KISRM BOOAZ GLOKW FAUKI NGRIC BEBRI NJAWB
OBNNO ATBZJ KOBRC JKIRR NGBUE BRINK XKBAF QBROA LNMRG MALUF
BBG
`

(c)
*A Brilliant Detective*

`
GSZES GNUBE SZGUG SNKGX CSUUE QNZOQ EOVJN VXKNG XGAHS AWSZZ
BOVUE SIXCQ NQESX NGEUG AHZQA QHNSP CIPQA OIDLV JXGAK CGJCG
SASUB FVQAV CIAWN VWOVP SNSXV JGPCV NODIX GJQAE VOOXC SXXCG
OGOVA XGNVU BAVKX QZVQD LVJXQ EXCQO VKCQG AMVAX VWXCG OOBOX
VZCSO SPPSN VAXUB DVVAX QJQAJ VSUXC SXXCV OVJCS NSJXV NOJQA
MVBSZ VOOSH VSAWX QHGMV GWVSX CSXXC VBSNV ZVNVN SAWQZ ORVXJ
CVOQE JCGUW NVA
`

**Exercise 1.7 **

... compute the following quotients and remainders.

(a) 34787 divided by 353.

(b) 238792 divided by 7843.

(c) 9829387493 divided by 873485.

(d) 1498387487 divided by 76348.

**Exercise 1.8 **

... compute the following
remainders, without bothering to compute the associated quotients.

(a) The remainder of 78745 divided by 127.

(b) The remainder of 2837647 divided by 4387.

(c) The remainder of 8739287463 divided by 18754.

(d) The remainder of 4536782793 divided by 9784537.

**Exercise 1.9 **

Use the Euclidean algorithm to compute the following greatest common
divisors.

(a) gcd(291,252).

(b) gcd(16261,85652).

(c) gcd(139024789,93278890).

(d) gcd(16534528044,8332745927).

**Exercise 1.12(c) **

Use your program to compute g=gcd(a,b) and integer solutions to the
equation au+bv=g for the following pairs (a,b).

(i) (527,1258)

(ii) (228,1056)

(iii) (163961,167181)

(iv) (3892394,239847)

**Exercise 1.28 **

Compute the following ord_{p} values.

(a)
Compute ord_{2}(2816).

(b)
Compute ord_{7}(2222574487).

(c)
Compute ord_{p}(46375) for each of p=3, 5, 7, and 11.

**Exercise 1.39 **

A *transposition cipher* is a cipher in which the letters of
the plaintext remain the same, but their order is rearranged. ...

(a)
Use this transposition cipher to encrypt the first 25 letters
of the message

`Four score and seven years ago our forefathers ...`

(b)
The following message was encrypted using this
transpostion cipher. Decrypt it.

`WNOOA HTUFN EHRHE NESUV ICEME`

(c)
There are many variations on this type of cipher. ...
Try to decrypt the following ciphertext ...

`WHNCE STRHT TEOOH ALBAT DETET SADHE`

`LEELL QSFMU EEEAT VNLRI ATUDR HTEEA`

**Exercise 1.44 **

(a)
Convert the 12 bit binary number 110101100101 into a decimal integer
between 0 and 2^{12}–1.

(b) Convert the decimal integer m=37853 into a binary number.

(c) Convert the decimal integer m=9487428 into a binary number.

(d) Use exclusive or (XOR) to "add" the bit strings 11001010 ⊕ 10011010.

(e) Convert the decimal numbers 8734 and 5177 into binary numbers, combine them using XOR, and convert the result back into a decimal number.

**Exercise 1.46 **

...
Demonstrate your attack by finding the private key used to encrypt the
16 bit ciphertext c=1001010001010111 if you know that the
corresponding plaintext is m=0010010000101100.

**Exercise 1.48 **

Eve intercepts the following two ciphertexts:

c_{1} = 12849217045006222,
and
c_{2} = 6485880443666222.

Use the gcd method ... to find Bob and Alice's private key.

**Exercise 2.28 **

Use the Pohlig–Hellman Algorithm to solve the discrete logarithm
problem...

(a) p = 433, g = 7, a = 166.

(b) p = 746497, g = 10, a = 243278.

(c)
p = 41022299, g = 2, a = 39183497.
(Hint: p=2*29^{5}+1.)

(d) p = 1291799, g = 17, a = 192988. (Hint: p–1 has a factor of 709.)

**Exercises 2.34 and 2.35 **

Let **a** and **b** be the polynomials

**a** = x^{5} + 3x^{4} - 5x^{3}
- 3x^{2} + 2x + 2,

**b** = x^{5} + x^{4} - 2x^{3}
+ 4x^{2} + x + 5.

Use the Euclidean algorithm...

Here are computer-friendly (cut-and-paste) versions of the
same polyomials:

**a** = x^5 + 3x^4 - 5x^3 - 3x^2 + 2x + 2

**b** = x^5 + x^4 - 2x^3 + 4x^2 + x + 5

**Exercises 2.37 **

Click here for a
PDF version of Table 2.5
that you can print and use to fill in the blanks.

**Exercises 3.5(b) **

Solve the following congruences. ...

(i)
x^{577} ≡ 60 (mod 1463).

(ii)
x^{959} ≡ 1583 (mod 1625).

(iii)
x^{133957} ≡ 224689 (mod 2134440).

**Exercises 3.8 **

For each of the given values of N=pq and (p-1)(q-1), use
the method described in Remark 3.10 to determine p and q.

(a) N = pq = 352717 and (p – 1)(q – 1) = 351520.

(b) N = pq = 77083921 and (p – 1)(q – 1) = 77066212.

(c) N = pq = 109404161 and (p – 1)(q – 1) = 109380612.

(d) N = pq = 172205490419 and (p – 1)(q – 1) = 172204660344.

**Exercises 3.9 **

A decryption exponent for an RSA public key (N,e) is an integer d with
the property that...

(b) Let N = 38749709. Eve's magic box tells her that the encryption exponent e = 10988423 has decryption exponent d = 16784693 and that the encryption exponent e = 25910155 has decryption exponent d = 11514115. Use this information to factor N.

(c)
Let N = 225022969. Eve's magic box tells her the following three
encryption/decryption pairs for N:

(70583995,4911157),
(173111957,7346999), (180311381,29597249).

Use this information to factor N.

(d)
Let N = 1291233941. Eve's magic box tells her the following three
encryption/decryption pairs for N:

(1103927639,76923209),
(1022313977,106791263), (387632407,7764043).

Use this information to factor N.

**Exercises 3.12 **

Alice decides to use RSA with the public key N = 1889570071.
In order to guard against transmission errors, Alice has Bob encrypt
his message twice, once using the encryption exponent e_{1} =
1021763679 and once using the encryption exponent e_{2} =
519424709. Eve intercepts the two encrypted messages

c_{1}=1244183534 and c_{2}=732959706.

Assuming that Eve also knows N and the two encryption
exponents e_{1} and e_{2}, ... help Eve recover Bob's
plaintext without finding a factorization of N.

**Exercises 3.14 **

Use the Miller–Rabin test on each of the following numbers. ...

(a) n = 1105.

(b) n = 294409.

(c) n = 294439.

(d) n = 118901509.

(e) n = 118901521.

(f) n = 118901527.

(g) n = 118915387.

**Exercises 3.21 **

Use Pollard's p–1 method to factor each of the following
numbers.

(a) 1739 (b) 220459 (c) 48356747

**Exercises 3.24 **

For each of the listed values of N, k, and b_{init}, factor N
by making a list of values ...

(a)
N = 143041,
k = 247,
b_{init} = 1.

(b)
N = 1226987,
k = 3,
b_{init} = 36.

(c)
N = 2510839,
k = 21,
b_{init} = 90.

**Exercises 3.27(c) **

The following is a list of 20 randomly chosen numbers between 1
and 1000, sorted from smallest to largest. Which of these numbers are
10-power-smooth? Which of them are 10-smooth?

{84, 141, 171, 208, 224, 318, 325, 366, 378, 390, 420, 440,
504, 530, 707, 726, 758, 765, 792, 817}

**Exercises 3.41 **

Perform the following encryptions and decryptions using the
Goldwasser–Micali public key cryptosystem...

(a)
Bob's public key is the pair N = 1842338473 and a = 1532411781. Alice
encrypts three bits and sends Bob the ciphertext blocks

1794677960, 525734818, and 420526487.

Decrypt Alice's message using the factorization
N = pq = 32411*56843.

(c)
Bob's public key is N = 781044643 and a = 568980706. Encrypt the
three bits 1, 1, 0 using, respectively, the three random values

r =705130839,
r = 631364468,
r = 67651321.

**Exercises 4.10 **

Encrypt each of the following Vigenere plaintexts using the given
keyword ...

(a)
Keyword: `hamlet`

Plaintext: `To be, or not to be, that is the question.`

(b)
Keyword: `fortune`

Plaintext: `The treasure is buried under the big W.`

**Exercises 4.11 **

Decrypt each of the following Vigenere ciphertexts using the given
keyword ...

(a)
Keyword: `condiment`

Ciphertext:

`rsghz bmcxt dvfsq hnigq xrnbm `

`pdnsq smbtr ku `

(b)
Keyword: `rabbithole`

Ciphtertext:

`khfeq ymsci etcsi gjvpw ffbsq`

`moapx zcsfx epsox yenpk daicx`

`cebsm ttptx zooeq laflg kipoc`

`zswqm taujw ghboh vrjtq hu `

**Exercises 4.13 **

**s** =
`I am the very model of a modern major general.`

**t** =
`I have information vegatable, animal, and mineral.`

**Exercises 4.14 **

**s _{1}** =

**Exercises 4.15 **

(a)

s_{1} =
`RCZBWBFHSLPSCPILHBGZJTGBIBJGLYIJIBFHCQQFZBYFP`

s_{2} =
`KHQWGIZMGKPOYRKHUITDUXLXCWZOTWPAHFOHMGFEVUEJJ`

(b)

s_{1} =
`
NTDCFVDHCTHKGUNGKEPGXKEWNECKEGWEWETWKUEVHDKKCDGCWXKDEEAMNHGNDIWUVWSSCTUNIGDSWKE
`

s_{2} =
`
IGWSKGEHEXNGECKVWNKVWNKSUTEHTWHEKDNCDXWSIEKDAECKFGNDCPUCKDNCUVWEMGEKWGEUTDGTWHD
`

**Exercises 4.16 (Figure 4.4) **

`
nhqrk vvvfe fwgjo mzjgc kocgk lejrj wossy wgvkk hnesg kwebi
bkkcj vqazx wnvll zetjc zwgqz zwhah kwdxj fgnyw gdfgh bitig
mrkwn nsuhy iecru ljjvs qlvvw zzxyv woenx ujgyr kqbfj lvjzx
dxjfg nywus rwoar xhvvx ssmja vkrwt uhktm malcz ygrsz xwnvl
lzavs hyigh rvwpn ljazl nispv jahym ntewj jvrzg qvzcr estul
fkwis tfylk ysnir rddpb svsux zjgqk xouhs zzrjj kyiwc zckov
qyhdv rhhny wqhyi rjdqm iwutf nkzgd vvibg oenwb kolca mskle
cuwwz rgusl zgfhy etfre ijjvy ghfau wvwtn xlljv vywyj apgzw
trggr dxfgs ceyts tiiih vjjvt tcxfj hciiv voaro lrxij vjnok
mvrgw kmirt twfer oimsb qgrgc
`

**Exercises 4.17 (Figure 4.5) **

`
togmg gbymk kcqiv dmlxk kbyif vcuek cuuis vvxqs pwwej koqgg
phumt whlsf yovww knhhm rcqfq vvhkw psued ugrsf ctwij khvfa
thkef fwptj ggviv cgdra pgwvm osqxg hkdvt whuev kcwyj psgsn
gfwsl jsfse ooqhw tofsh aciin gfbif gabgj adwsy topml ecqzw
asgvs fwrqs fsfvq rhdrs nmvmk cbhrv kblxk gzi
`

**Exercises 4.18 (Figure 4.6) **

`
mgodt beida psgls akowu hxukc iawlr csoyh prtrt udrqh cengx
uuqtu habxw dgkie ktsnp sekld zlvnh wefss glzrn peaoy lbyig
uaafv eqgjo ewabz saawl rzjpv feyky gylwu btlyd kroec bpfvt
psgki puxfb uxfuq cvymy okagl sactt uwlrx psgiy ytpsf rjfuw
igxhr oyazd rakce dxeyr pdobr buehr uwcue ekfic zehrq ijezr
xsyor tcylf egcy
`

**Exercises 4.19 **

(a)
Encrypt the following message using the autokey cipher:

Keyword: `LEAR`

Plaintext: `Come not between the dragon and his wrath.`

(b)
Decrypt the following message using the autokey cipher:

Keyword: `CORDELIA`

Ciphertext: `pckkm yowvz ejwzk knyzv vurux cstri tgac`

(c)
Eve intercepts an autokey ciphertext and manages to steal the
accompanying plaintext:

Plaintext: `ifmusicbethefoodofloveplayon`

Ciphertext: `azdzwqvjjfbwnqphhmptjsszfjci`

Help Eve to figure out the keyword that was used for encryption.

**Exercises 5.11 **

Convert the proof of Proposition 5.18 into an algorithm...

(a) 349.
(b) 9337.
(c) 38728.
(d) 8379483273489.

**Exercises 5.18 **

Use the Elliptic Curve Factorization Algorithm to factor
each of the numbers N using the given elliptic curve E and point P.

(a)
N = 589,
E : Y^{2} = X^{3} + 4X + 9,
P = (2,5).

(b)
N = 26167,
E : Y^{2} = X^{3} + 4X + 128,
P = (2,12).

(c)
N = 1386493,
E : Y^{2} = X^{3} + 3X – 3,
P = (1,1).

(d)
N = 28102844557,
E : Y^{2} = X^{3} + 18X – 453,
P = (7,4).

**Exercises 5.24 **

Implement the algorithm in Exercise 523 and...

(a) n = 931, (b) n = 32755, (c) n = 82793729188.

**Exercises 6.1 **

Alice uses the congruential cryptosystem with
q = 918293817 and private key (f,g) = (19928,18643).

(b) Alice receives the ciphertext e = 619168806 from Bob. What is the plaintext?

(c) Bob sends Alice a second message by encrypting the plaintext m = 10220 using the ephemeral key r = 19564. What is the ciphertext that Bob sends to Alice?

**Exercises 6.2 **

Use the algorithm described in Proposition 6.5
to "solve" each of the following subset-sum problems.
If the "solution" that you get is not correct, explain what
went wrong.

(a)
**M** = (3, 7, 19, 43, 89, 195), S = 260.

(b)
**M** = (5, 11, 25, 61, 125, 261), S = 408.

(c)
**M** = (2, 5, 12, 28, 60, 131, 257), S = 334.

(d)
**M** = (4, 12, 15, 36, 75, 162), S = 214.

**Exercises 6.3 **

Alice's public key for a knapsack cryptosystem is

**M** = (5186, 2779, 5955, 2307, 6599, 6771, 6296, 7306, 4115, 7039).

Eve intercepts the encrypted message S = 26560. She also breaks
into Alice's computer and steals Alice's secret multiplier A = 4392,
and secret modulus B = 8387. Use this information to find Alice's
superincreasing private sequence **r** and then decrypt the message.

**Exercises 6.18 **

Alice uses the GGH cryptosystem with private basis

**v**_{1} = (4, 13)
and
**v**_{2} = (-57, -45)

and public basis

**w**_{1} = (25453, 9091)
and
**w**_{2} = (-16096, -5749).

(b)
Bob sends Alice the encrypted message
**e** = (155340, 55483). Use Alice's private basis
to decrypt the message and recover the plaintext. Also determine
Bob's random perturbation **r**.

**Exercises 6.19 **

Alice uses the GGH cryptosystem with private basis

**v**_{1} = (58, 53, -68),
**v**_{2} = (-110, -112, 35),
**v**_{3} = (-10, -119, 123).

and public basis

**w**_{1} = (324850, -1625176, 2734951),
**w**_{2} = (165782, -829409, 1395775),
**w**_{3} = (485054, -2426708, 4083804).

(b)
Bob sends Alice the encrypted message
**e** = (8930810, -44681748, 75192665). Use Alice's private basis
to decrypt the message and recover the plaintext. Also determine
Bob's random perturbation **r**.

**Exercises 6.40 **

Let L be the lattice generated by the rows of the matrix

`
`

**Exercises 6.44 **

Babai's *Closest Plane Algorithm*, is an alternative rounding
method that uses a given basis to solve apprCVP.

(a)
L is the lattice generated by the rows of the matrix

`
`

and the target vector is

(b)
L is the lattice generated by the rows of the matrix

`
`

and the target vector is

**Exercises 6.45 **

You have been spying on George for some time and overhear him receive
a ciphertext e=83493429501 that has been encrypted using the
congruential cryptosystem. You
also know that George's public key is h = 24201896593 and the public
modulus is q = 148059109201. Use Gaussian lattice reduction to
recover George's private key (f,g) and the message m.

**Exercises 6.46 **

Let

**M** =
(81946, 80956, 58407, 51650, 38136, 17032, 39658, 67468, 49203, 9546)

and let S = 168296. Use the LLL algorithm to solve the subset-sum
problem for **M** and S.

**Exercises 6.47 **

Alice and Bob communicate using the GGH cryptosystem. Alice's public key
is the lattice generated by the rows of the matrix
`
`
Bob sends her the encypted message

Use LLL to find a reduced basis for Alice's lattice and then use Babai's algorithm to decrypt Bob's message.

**Exercises 7.1 **

Samantha uses the RSA signature scheme with primes
p = 541 and q = 1223 and public verification exponent v = 159853.

(a) What is Samantha's public modulus? What is her private signing key?

(b) Samantha signs the digital document D = 630579. What is the signature?

**Exercises 7.2 **

Samantha uses the RSA signature scheme with public modulus N = 1562501
and public verification exponent v = 87953. Adam claims that
Samantha has signed each of the documents

D = 119812,
D' = 161153,
D'' = 586036,

and that the associated signatures are

S = 876453,
S' = 870099,
S'' = 602754.

Which of these are valid signatures?

**Exercises 7.3 **

Samantha uses the RSA signature scheme with public modulus
and public verification exponent

N = 27212325191 and
v = 22824469379.

Use whatever method you want to factor N, and then forge Samantha's
signature on the document D = 12910258780.

**Exercises 7.7 **

Suppose that Samantha is using the ElGamal signature scheme and that she
is careless and uses the same ephemeral key e to sign two documents D
and D'.

(c)
Apply your method from (b) to the following example and
recover Samantha's signing key s, where Samantha
is using the prime p = 348149, base g = 113459,
and verfication key v = 185149.

D = 153405,
S_{1} = 208913,
S_{2} = 209176,

D' = 127561,
S_{1}' = 208913,
S_{2}' = 217800.

**Exercises 7.13 **

Samantha uses the GGH digital signature scheme with private
and public bases

**v**_{1} = (-20,-8,1),
**w**_{1} = (-248100,220074,332172),

**v**_{2} = (14,11,23),
**w**_{2} = (-112192,99518,150209),

**v**_{3} = (-18,1,-12),
**w**_{3} = (-216150,191737,289401).

What is her signature on the document

**d** = (834928, 123894, 7812738)?

**Exercises 7.14 **

Samantha uses the GGH digital signature scheme with
public basis

**w**_{1} = (3712318934,-14591032252,11433651072),

**w**_{2} = (-1586446650,6235427140,-4886131219),

**w**_{3} = (305711854,-1201580900,941568527).

She publishes the signature

(6987814629, 14496863295, -9625064603)

on the document

**d** = (5269775, 7294466, 1875937).

If the maximum allowed distance from the signature to the document
is 60, verify that Samantha's signature is valid.

**Exercises 7.15 **

Samantha uses the GGH digital signature scheme with public basis

**w**_{1} = (-1612927239,1853012542,1451467045),

**w**_{2} = (-2137446623,2455606985,1923480029),

**w**_{3} = (2762180674,-3173333120,-2485675809).

Use LLL or some other lattice reduction algorithm to find a good basis
for Samantha's lattice, and then use the good basis to help Eve forge
a signature on the document

**d** = (87398273893, 763829184, 118237397273).

What is the distance from your forged signature lattice vector to
the target vector? (You should be able to get a distance smaller
than 100.)

**Exercises 7.16 **

Samantha uses an NTRU digital signature with (N,q,d) = (11,23,3).

(a)
Samantha's private key is

**f** = (1, -1, 1, 0, 1, 0, -1, 1, 0, -1, 0),

**g** = (0, -1, 0, 1, 1, 0, 0, 1, -1, 1, -1),

**F** = (0, -1, -1, 1, -3, -1, 0, -3, -3, -2, 2),

**G** = (-3, -1, 2, 4, 3, -4, -1, 3, 5, 5, -1).

She uses her private key to sign the digital
document **D**=(**D**_{1},**D**_{2}) given by

**D**_{1} = (0, 8, -6, -6, -5, -1, 9, -2, -6, -4, -6),

**D**_{2} = (9, 9, -10, 2, -3, 2, 6, 6, 5, 0, 8).

Compute the signature **s**.

(b)
Samantha's public verification key is

**h** = (5, 8, -5, -11, 8, 8, 8, 5, 3, -10, 5).

Compute the other part of the
signature **t** ≡ **h** * **s** (mod q) and find the
distance between the lattice vector (**s**,**t**) and the target
vector **D**.

(c)
Suppose that Eve attempts to sign **D** using Samantha's public
vectors (**1**,**h**) and (**0**,**q**). What
signature (**s**',**t**') does she get and how far is it from the
target vector **D**?

**Exercises 7.17 **

Samantha uses an NTRU digital signature with (N,q,d) = (11,23,3).

(a)
She creates a private key using the ternary vectors

**f** = (1, 1, 1, 1, 0, -1, -1, 0, 0, 0, -1),

**g** = (-1, 0, 1, 1, -1, 0, 0, 1, -1, 0, 1).

Use the algorithm described in Table 7.6 to find short
vectors **F** and **G** satsifying
**f** * **G**-**g** * **F** = q.

(b)
Samantha uses the private signing key
(**f**,**g**,**F**,**G**) to sign the digital document
**D**=(**D**_{1},**D**_{2}) given by

**D**_{1} = (5, 5, -5, -10, 3, -7, -3, 2, 0, -5, -11),

**D**_{2} = (8, 9, -10, -7, 6, -3, 1, 4, 4, 4, -7).

What the signature **s**?

(c)
What is Samantha's public verification key **h**?

(d)
Compute **t** ≡ **h** * **s** (mod q) and determine
the distance from the lattice vector (**s**,**t**) to the target
vector **D**.

Return to
Top of Page.

Return to the
*Intro to Math Crypto* Home Page
.