Embed Size (px)
Citation preview
Math 373/578: Using matlab in Cryptography (Spring 2010)
Place: Room 303, Armstrong Hall
Preparations:(1) visit
http://www.math.wvu.edu/~hjlai/Teaching/Math373-578/Math373_Matlab/
and download all the files into a folder (Math373-Matlab)
(2) Open Matlab, change the current directory to this folder. (Click the logo at the right endof ”current Directory” for ”Browse for folder”, and change the folder).
(3) Start working on the mathematics.
(4) Ordinary Computations (Review)
Example Compute 27 + 135/5.
>> 2^7 + 135/5ans =
155
Example Compute 11(126/(9 + 7)− 2(72/12)).
>> 11*(126/9+7 - 2^(72/12))ans =
-473
Example Compute 62 −√
1024.
>> 6^2 - \sqrt{1024}ans =
4
1
Part 1: Number Theory Basics
(1) Factor 123456 into primes.
factor(123456)
(2) For x, y ∈ Z− {0}, find gcd(x, y).
gcd(x,y)
Example: Find gcd(23456, 987654).
gcd(23456, 987654)Ans =
2
Thus 2 = gcd(23456, 987654).
(3) For x, y ∈ Z− {0}, find u, v such that gcd(x, y) = ux + vy.
[a,b,c]=gcd(x,y)
Example: Find u, v such that gcd(23456, 987654) = 23456u + 987654v.
>> [d,u,v]=gcd(23456, 987654)d =
2u =
-3158v =
75
This means u = −3158 and v = 75. Thus 2 = gcd(23456, 987654) = 23456·(−3158)+987654·75.
(4) Solve equation ax + by = 1 when (a, b) = 1.Example a = 65337 and b = 3511, what is the relationship between this problem and theexample in (3)?
[d,u,v]=gcd(65337, 3511)
How do you interpret the answers?
(5) Knowing n, we can find φ(n) and factor n by
n = 1234567eulerphi(n)factor(n)
This can be used for deciphering an RSA coded message in the future. However, Matlab mayhave trouble factoring numbers bigger than 109.
2
Part 2: Operations involving integers modulo m(1) Given m > 1 and a ∈ Z, find b ∈ Z with 0 ≤ b < m such that a ≡ b (mod m).
mod (a,m)
(2) Given m > 1 and a, b ∈ Z, find c ∈ Z with 0 ≤ c < m such that a + b ≡ c (mod m). (Dothe same for subtractions and multiplications)
mod (a+b,m)
(3) Find multiplicative inverse of a (mod m) (assuming that we have already known that a andm are relatively prime).Example: Find the multiplicative inverse of 8787 (mod 91919).
>> powermod(8787, -1, 91919)ans =
71374
Thus 8787−1 ≡ 71734 (mod 91919).
(4) Find multiplicative inverse of a (mod m) (assuming that we do not know if a and m arerelatively prime).Example: Determine if 23456 has an inverse mod 987654, if it does, find it.
>> [d,u,v] = gcd(23456, 987654)d =
2u =
-3158v =
75
This means the gcd(23456, 987654) = 2, and so the inverse does not exist.
Example: Determine if 23456 has an inverse mod 987651, if it does, find it.
>> [d,u,v] = gcd(23456, 987651)d =
1u =
256892v =
-6101
This means the gcd(23456, 987651) = 1 = 256892 · 23456 + (−6101) · 987651, and so 23456−1 ≡256892 (mod 987651).
(5) Find modular exponentiation.Example: Compute 234567 (mod 9871)
3
>> powermod(234, 567, 9871)ans =
5334
Thus 234567 ≡ 5334 (mod 9871).
(6) Solving equations.Example: Solve 7654x ≡ 2389 (mod 65537). What do we do? We first find the multiplicativeinverse of the coefficient of x.
>> powermod(7654, -1, 65537)ans =
54637>> mod(ans*2389, 65537)ans =
43626
Thus the answer is x ≡ 43626 (mod 65537).
(8) Computation modulo m (Reviews)
Example Compute (234)(456) (mod 789).
>> mod(234*456, 789)ans =
189
Example Compute 234 + 456 (mod 567).
>> mod(234*456, 789)ans =
123
Example Compute 234567 (mod 9871).
>> powermod(234, 456, 9871)ans =
5334
Example Compute multiplicative inverse of 8787 (mod 91919).
>> powermod(8787, -1, 91919)ans =
71374
(9) Shift Ciphers and Affine Ciphers
(A) Decoding with Shift-cipherExample Decrypt the Ceasar-encrypted message ’wklvverxogehtxlwhhdvb’
4
allshift(’wklvvkrxogehtxlwhhdvb’)wklvvkrxogehtxlwhhdvbxlmwwlsyphfiuymxiiewcymnxxmtzqigjvznyjjfxdznoyynuarjhkwaozkkgyeaopzzovbskilxbpallhzfbpqaapwctljmycqbmmiagcqrbbqxdumknzdrcnnjbhdrsccryevnloaesdookciestddszfwompbfteppldjftueetagxpnqcgufqqmekguvffubhyqordhvgrrnflhvwggvcizrpseiwhssogmiwxhhwdjasqtfjxittphnjxyiixekbtrugkyjuuqiokyzjjyflcusvhlzkvvrjplzakkzgmdvtwimalwwskqmabllahnewuxjnbmxxtlrnbcmmbiofxvykocnyyumsocdnncjpgywzlpdozzvntpdeoodkqhzxamqepaawouqefppelriaybnrfqbbxpvrfgqqfmsjbzcosgrccyqwsghrrgntkcadpthsddzrxthisshouldbequiteeasyuijttipvmecfrvjuffbtzvjkuujqwnfdgswkvggcua
A study of the output indicates that the plain text should be ’thisshouldbequiteeasy’ or ’thisshould be quite easy’
(B) Using Affine cipher to encode plain text.Example Encrypt the plain text ’meetmeinstlouis’ with an affine cipher E3,7(x) ≡ 3x + 7 inZ26.
>> affinecrypt(’meetmeinstlouis’, 3, 7)ans =rttmrtfujmoxpfj
(C) Using Affine cipher to decrypt cipher text.Example The cipher text ’rttmrtfujmoxpfj’ was encrypted using the affine function 3x + 7 inZ26. Decrypt it.(Step 1:) Solve y ≡ 3x + 7 (mod 26) for x. Since 1 = gcd(3, 26) = (9)(3) + (−1)(26), 3−1 ≡ 9(mod 26). As (9)(7) ≡ 63 ≡ 11 (mod 26), multiplying both sides of the equation by 9 to get9y ≡ x + 11 (mod 26), and so x ≡ 9y − 11 ≡ 9y + 15 (mod 26).This can also be done by using matlab:
>> powermod(3, -1, 26)
5
and =9
>> mod(-9*7, 26)ans =
15
(Step 2) Knowing that the decrypt function is x ≡ 9y + 15, we can decrypt the message by
>> affinecrypt(’rttmrtfujmoxpfj’, 9, 15)ans =meetmeinstlouis
6
Part 3: Numbers with different bases(1) Converting and Base-b number to a base-10 number
To convert a base-b number n = (dk−1dk−2 · · · d1d0)b to base-10, by definition, the answer is
n = n = dk−1bk−1 + dk−2b
k−2 + · · ·+ d1b + d0.
Example Convert a number-26 number (HPAC)26 to base-10. We can first get the corre-sponding numerical values H = 7, P = 15, A = 0 and C = 2, and get the answer by
>> n = 7*26^3 + 15*26^2 + 2n =
133174
(2) Converting and Base-10 number to a base-b number
Example Convert the base-10 number n = 133174 to base-26.
>> n = 133174n =
133174>> d0 = mod(133174, 26)d0 =
2>> n1 = (n - 2)/26n1 =
5122>>d1 = mod(n1, 26)d1 =
0>> n2 = (n1 - 0)/26n2 =
197>>d2 = mod(n2, 26)d2 =
15>> n3 = (n2 - 15)/26n3 =
7>>d3 = mod(n3, 26)d3 =
7
Thus the answer is n = (7 15 0 2)26 = (HPAC)26.
(3) Operations of base-b numbers
There are many ways to perform the operations of base-b numbers. One way to use matlab is
7
to first convert the base-b numbers to base-10, and use matlab to do the operations, then usematlab to convert the answers back to base-b.
Example Multiply HE by IS in Z26.Step 1: Convert HE = 7(26) + 4 = 186 and IS = 8(28) + 18 = 226.Step 2: Compute the base-10 multiplication.Step 3: Convert the answer back to Base-26.
8
Part 4: Discrete Log and RSA
(1) Find a Primitive Root
Example Find a primitive root for the prime p = 65537
>> primitiveroot(65537)ans =
3
Thus 3 is a primitive root for 65537. (Remark: the function ”primitiveroot” finds the small-est primitive root of the input number.)
(2) Example: Computing Discrete Log Find ind132 (7), or log2(7) (mod 13).
For n = 1:12;a = powermod(2,n,13);if a == 7; disp(n);endendn = 11
Therefore, log2(7) = 11 (mod 13). This can be verified by
>> powermod(2,11,13)ans =
7
(3) Example: Pohlig-Hellman Exponentiation Cipher Choose p = 263, e = 73. Notethat φ(263) = 262, and Euclidean Algorithm gives gcd(262, 73) = (−61)(73) + (17)(262) = 1.
>> [a,b,c] = gcd(73, 262)a =
1b =
-61c =
17
Thus d = −17 ≡ 201 (mod 262)For the cipher text c = (246, 18, 156, 0, 256, 127, 18, 156, 96, 256, 235, 0, 132, 68), which will bedecrypted by m = f−1(c) ≡ cd (mod 262). (Use powermod, for example). (Note: try to usepositive d. Using negative d would sometimes cause computation errors).
>> d=201d =
201
9
>> p=263p =
263>> c = [246 18 156 0 256 127 18 156 96 256 235 0 132 68]c =
Columns 1 through 5246 18 156 0 256
Columns 6 through 10127 18 156 96 256
Columns 11 through 14235 0 132 68
>> m = powermod(c, d, p)m =
Columns 1 through 519 17 4 0 18
Columns 6 through 1020 17 4 8 18
Columns 11 through 1411 0 13 3
This process gives
246201 ≡ 19; 18201 ≡ 17; 156201 ≡ 4; 0201 ≡ 0; 256201 ≡ 18; 127201 ≡ 20; 18201 ≡ 17;
156201 ≡ 4; 96201 ≡ 8; 256201 ≡ 18; 235201 ≡ 11; 0201 ≡ 0; 132201 ≡ 13; 68201 ≡ 3.
and so the cipher text is (19, 17, 4, 0, 18, 20, 17, 4, 8, 18, 11, 0, 13, 3), which means, with Z26 al-phabet, treasure island.
(4) Example: Diffie-Hellman Key Exchange Let p = 907, a = 2, x = 32 and y = 153.To find the exchange key, compute x ≡ 319 ≡ 3
>> p = 907p =
907>> a = primitiveroot(p)a =
2>> x = 32x =
32>> xx = powermod(a, x, p)xx =
311>> y = 153y =
153>> yy = powermod(a, y, p)
10
yy =633
Thus x ≡ 232 ≡ 311 and y ≡ 2153 ≡ 633 (mod 907), and so the common key can be computedby k = xy (mod p)
>> k = powermod(xx,y,p)k =
121
or by k = yx (mod p)
>> k = powermod(yy,x,p)k =
121
(5) Example: Finding p and q when given n = pq and φ(n).
Given n = pq = 1009427 and φ(n) = 1007400. To find p and q, we compute
>> n = 1009427n =1009427>> f = eulerphi(n)f =1007400>> s = n - f + 1s =
2028>> d = sqrt(s^2 - 4*n)d =
274>> p = (s + d)/2p =
1151>> q = (s-d)/2q =
877
Therefore, p = 1151 and q = 877.
(6) Example: RSA with a single letter plain text Let p = 167, q = 547, n = 91349,e = 5 and cipher text c ≡ 88291 (mod n). To find plain text m, we first find φ(n) = 90636,
>> n = 91349n =
91349>> eulerphi(n)ans =
90636
11
and compute (using Euclidean Algorithm)
>> [a,b,c] = gcd(5, 90636)a =
1b =
-18127c =
1
1 = gcd(5, 90636) = 5(−18127) + (1)(90636),
and so d = −18127 ≡ 72509 (mod 90636).To find m, compute
>> powermod(88291, 72509, n)ans =
12345
or
>> powermod(88291, -18127, n)ans =
12345
to getm = cd ≡ 8829172509 ≡ 12345 (mod n).
(7) Example: (RSA signature scheme) Given the system parameters n = 466727, φ(n) =465336 d = 296123, and m = 10101. If c = 369510 is received, decide whether the signatureshould be accepted and rejected.
Solution: First find e such that ed ≡ 1 (mod φ(n)).
>> n = 466727n =
466727>> f = eulerphi(n)f =
465336>> d = 296123d =
296123>> [a,b,c]=gcd(d,f)a =
1b =
11c =
-7
12
Thus 1 = gcd(296123, 465336) = (11)(296123) + (−7)(465336), and so e ≡ 11. Then computece (mod n),
>> c = 369510c =
369510>> e = 11e =
11>> powermod(c,e,n)ans =
10101
Since m = 10101, the signature is accepted.
(8) Example: (ElGamal Cipher) Suppose A and B are using the ElGamal public-keycipher to communicate with p = 1213 and e = 15. Suppose A sends a cipher tex c = (661, 193)to B. Find the plain text m.
Solution: Here t = 193 and r = 661. Compute
>> p = 1213p =
1213>> t=193t =
193>> r=661r =
661>> e = 15e =
15>> r1 = powermod(r, -e, p)r1 =
924>> mod(t*r1, p)ans =
21
Therefore,m =≡ tr−e ≡ 193 · 924 ≡ 21 (mod 1213).
(9) Example: (ElGamal signature scheme) Bob receives m = 121 from Alice, togetherwith(i) sigk(m, r) = (h, g) = (480, 532), and(ii) sigk(m, r) = (h, g) = (480, 21), Bob downloads Alice’s KE = (p, a, b) = (641, 3, 88). Whichsignature should Bob accepts? which one he should reject?
13
Solution: (i) For sigk(m, r) = (h, g) = (480, 532), Bob recognizes that b = 88, h = 480, andg = 532. He computes
>> p = 641p =
641>> a = 3a =
3>> b = 88b =
88>> h = 480h =
480>> g = 532g =
532>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)d =
191>> m = 121m =
121>> s = powermod(a, m, p)s =
300
Since s 6≡ d (mod 641), this should be rejected.(ii) For sigk(m, r) = (h, g) = (480, 21), Bob uses the previous data except g = 21. So he doesthe following computation.
>> g = 21g =
21>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)d =
300>> s = powermod(a, m, p)s =
300
As d ≡ s (mod 641), Bob accepts it.
14
Part 5: Chinese Remainder Theorem
(1) Chinese Remainder Theorem ApplicationsExample: Find a solution x for the system{
x ≡ 3 (mod 5)x ≡ 2 (mod 7)
.
>> crt([3,2], [5,7])ans =
23
15
Part 6: Operations involving matrices modulo m(1) Creating a Matrix; Computing Inverse of a Matrix mod 26
(A) Input a matrix
Example Create a matrix M =
1 2 34 5 67 8 10
.
>> M = [1 2 3; 4 5 6; 7 8 10]M =
1 2 34 5 67 8 10
(B) Example Compute the inverse of M mod 26. To do that, we first compute the inverseof M as it is a real number matrix. Then converted it to an integer valued matrix. In the laststep, we take mod 26 in every entry, as shown below.
Step 1: Compute the inverse of M . (We need the comment ”format rat;” to out put therational numbers. Without it, the output might be decimals, and the next step will not workout easily.)
>> format rat;>> Minv = inv(M)Minv =
-2/3 -4/3 1-2/3 11/3 -21 -2 1
Step 2: Need to rationalize this matrix before we take modulo m. Note that every fractionalentry of Minv has a denominator 3. Multiply everything by 3 to make it an integer valuedmatrix. (You can also multiply 27 here as 27 ≡ 1 (mod 26)).
>> M1=(Minv*3)M1 =
-2 -4 3-2 11 -63 -6 3
Step 3: Find the inverse of M (mod 26) by modifying M1. Note that 3−1 ≡ 9 (mod 26)
>> M2=round(mod(M1*9, 26))M2 =
8 16 18 21 241 24 1
Then M−1 = M2.
16
(2) Matrix Computations in matlab
Example 1 Create a matrix
A =
1 13 23 4 1−2 16 1
.
>> A = [1 13 2; 3 4 1; -2 16 1]A =
1 13 23 4 1-2 16 1
Example 2 Define a row vector (1, 2, 4, 5, 6).
>> x = [1, 2, 4, 5, 6]x =
1 2 4 5 6
Example 3 Define a column vector (1, 2, 4, 5, 6)T .
>> y = [1; 2; 4; 5; 6]y =
12456
Example 3 Compute the matrix multiplication 1 13 23 4 1−2 16 1
2 7 1
0 1 12−2 0 1
.
We can first define these matrix and then multiply them together.
>> A = [1 13 2; 3 4 1; -2 16 1]A =
1 13 23 4 1-2 16 1
>> B = [2 7 1; 0 1 12; -2 0 1]B =
2 7 10 1 12-2 0 1
>> C = A*B
If we want to compute the matrix multiplication in Zm, for example, computing AB in Z26,then we use the following comment.
>> mod(A*B, 26)
17
Part 7: Ciphers using blocks of size larger than 1(1) Example: (encryption using blocks of size 3, or trigraphs)
Choice of Parameters: Let p = 281, q = 167. Then n = 46927. Pick e = 39423. Thusthe enciphering key is (46927, 39423) and the deciphering key is (46927, 26767). In order to usethe English Alphabet in the messages, Bob also tells Alice to use base-N representation of thenumerics with N = 26. Alice can key in the encryption keys.
>> n = 46927n =
46927>> e = 39423e =
39423
Bob needs to compute the deciphering key:
>> f = eulerphi(n)f =
46480>> d = powermod(e, -1, f)d =
26767
Encoding Process: To send a message Y ES to Bob, Alice first finds the numerical equivalentof Y ES = (24 4 18)26 7→ P = 24(26)2 + 4(26) + 18 = 16346 (in base-10).
>> m = 24*(26)^2 + 4*(26) + 18m =
16346
Next, Alice computes C = Pm = 1634639423 ≡ 21166 (mod 46927) in Zn:
>> c= powermod(m,e, n)c =
21166
Alice then converts C to Base-26 numbers (You can use matlab to combine all of thefollowing steps. I write down these steps for you to see what we are actually doing).Find the first digit:
>> mod(c, 26)ans =
2
Find the second digit
>> c = (c-2)/26c =
814>> mod(c, 26)ans =
8
18
Find the third digit
>> c = (c-8)/26c =
31>> mod(c, 26)ans =
5
(As long as the current value of c = 31 > 26, Alice needs to continue) to find the four digit.Find the third digit
>> c = (c-5)/26c =
1
Alice now stops as the current value of c = 1 < 26. This is obtained:
c = 21166 = (1582)26 7→ BFIC,
and so Alice sends BFIC to Bob.
Decoding Process: Bob receives BFIC, and converts it to a base-10 number
c = 1(26)3 + 5(26)2 + 8(26) + 2 = 21166,
by matlab:
>> c = 1*(26)^3 + 5*(26)^2 + 8*(26) + 2c =
21166
Then as Bob knows KD = (n, d), he computes m = cd ≡ 16346 (mod n) by matlab:
>> m = powermod(c, d, n)m =
16346
Then Bob converts m to the base-26 numbers to find their English equivalent.
>> mod(m, 26)ans =
18>> m = (m-18)/26m =
628>> mod(m, 26)ans =
4>> m = (m-4)/26m =
24
(Bob stops as the current value is less than 26). So the message is (24 4 18)26 7→ YES.
19
Part 8: Elliptic Curve Computations(1) Graph the elliptic curve y2 = x3 − x over the real number field R.
>> v =’y^2 - x*(x-1)*(x+1)’v =y^2 - x*(x-1)*(x+1)>> ezplot(v, [-1,3,-5,5])
(2) Determine the elements in an elliptic curve over a finite field.In this example, we are to determine all the elements on the elliptic curve over the finite
field F = Z17:E = {(x, y) : y2 = x3 + x (mod 17)} ∪ {O}.
To do that, we first compute the square table over F , which tells us what element in F canhave a square root. This can be done by using powermod in matlab.
>> for k = [1:16], [k; powermod(k,2,17)]’, endans =
0 0ans =
1 1ans =
2 4ans =
3 9ans =
4 16ans =
5 8ans =
6 2ans =
7 15ans =
8 13ans =
9 13ans =
10 15ans =
11 2ans =
12 8ans =
13 16ans =
20
14 9ans =
15 4ans =
16 1
This generates the following square root table mod p (p = 17 here).
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 160 1 4 9 16 8 2 15 13 13 15 2 8 16 9 4 1
Clearly, (0, 0) ∈ E. Then, we compute x = 1, 2, · · · , 16 to solve the equation y2 = x3 + x
in Z17. For x = 1, y2 = 1 + 1 and so the square root table gives y = ±6. Hence (1,±6) ∈ E.For x = 2, we have y2 = 8 + 2 = 10. the square root table tell us that there is no solution,and so we move onto the case x = 3. The following matlab comment computes all the neededinformation.
>> for x = [0:16], [x; mod(x^3+x, 17)]’, endans =
0 0ans =
1 2ans =
2 10ans =
3 13ans =
4 0ans =
5 11ans =
6 1ans =
7 10ans =
8 10ans =
9 7ans =
10 7ans =
11 16ans =
12 6ans =
13 0
21
ans =14 4
ans =15 7
ans =16 15
In this way, we have
E = {(0, 0), (1,±6), (3,±8), (4, 0), (6,±1), (11,±4), (13, 0), (14,±2), (16,±7), O}.
(3) Add points (1, 3) + (3, 5) and (1, 3) + O on the curve y2 = x3 + 24x + 13 (mod 29). (Recallthat O represent the infinity).
>> addell([1,3], [3,5], 24, 13, 29)ans =
26>> addell([1,3], [inf, inf], 24, 13, 29)ans =
1 3>>
(4) Computing kP . For P = (1, 3) and an integer k > 0, we are to compute kP on the curvey2 = x3 + 24x + 13 (mod 29).
If we want to compute k · P for one value of k, say k = 7, then we can do the following.
>> multell([1,3], 7, 24, 13, 29)ans =
15 6
Therefore, 7(1, 3) = (15, 6).
Now we compute k(1, 3) for each value of k = 1, 2, 3, · · · , 8.
>> multsell([1,3], 8, 24, 13, 29)ans =
1 311 1023 280 10
19 718 1915 620 24
Therefore,
2P = (11, 10)
3P = (23, 28)
22
4P = (0, 10)
5P = (19, 7)
6P = (18, 19)
7P = (15, 6)
8P = (20, 24)
(5) Example: What happens when P +−P?
Let us add (1, 3) and (1,−3) on y2 ≡ x3 + 24x + 13 (mod 29).
>> addell([1,3], [1,-3], 24, 13, 29)ans =
1/0 1/0
Therefore, the answer is O = (inf, inf). Note that the 0 in the denominators is a 0 mod 29.(For example, the denominator could have been 58, as an integer).
(6) Computing nP by the double-and-add algorithm for the elliptic curve E below over F =Z1999:
y2 = x3 + 1828x + 1675,
with P = (1756, 348) and n = 11.
Initialization: Q = P = (1756, 348) and R = O.
Iteration:(Step 1) n = 11 is odd, R := R + Q = P + O = P = (1756, 348), Q := 2Q = (1526, 1612).
>> multell([1756,348],2,1828, 1675, 1999)ans =
1526 1612
Update n := b11/2c = 5.
(Step 2) n = 5 is odd, R := R + Q = (1756, 348) + (1526, 1612) = (1362, 998), Q := 2Q =(1675, 1579).
>> addell([1756,348], [1526,1612], 1828, 1675, 1999)ans =
1362 998>> multell([1526,1612],2,1828, 1675, 1999)ans =
1657 1579
Update n := b5/2c = 2.
(Step 3) n = 2 is even, Q := 2Q = (1849, 225).
23
>> multell([1657,1579],2,1828, 1675, 1999)ans =
1849 225
Update n := b2/2c = 1.
(Step 4) n = 1 is odd, R := R + Q = (1362, 998) + (1849, 225) = (1068, 1540), Q := 2Q.
>> addell([1362,998], [1849,225], 1828, 1675, 1999)ans =
1068 1540
Update n := b1/2c = 0. (Since we know that n = 1 after the updating, we will stop at the nextstep and so there is no need to actually compute 2Q.)
(Step 5) n = 0, stop, and answer that 11 · P = R = (1068, 1540).
24
