The Mathematics of Public-Key Cryptography, Lecture 8

October 5, 2000

Summary of material covered in lecture 8

• Wiener's attack on low decryption exponents: see "Notes" on the course home page
  • continued fraction expansions using the Euclidean algorithm
  • computing convergents
  • approximating b/n by t/a
  • testing for the correct convergent
• existence of square roots of "a" modulo n (n odd, gcd(a,n)=1)
  • if n is a prime or prime power, then "a" has either 0 or 2 square roots, depending on the Legendre symbol a mod p
  • for general odd n, the number of square roots is either 2^k or 0, where k is the number of distinct prime divisors of n