Math 373/578: Using matlab in Cryptography (Spring 2012)

Place: Room 422, Armstrong Hall

Preparations:

(1) visit

http://www.math.wvu.edu/~hjlai/Math373_Matlab/

and download all the files into a folder (Math373-Matlab)

(2) Open Matlab, change the current directory to this folder. (Click the logo at the right end

of ”current Directory” for ”Browse for folder”, and change the folder).

(3) Start working on the mathematics.

(4) Ordinary Computations (Review)

Example Compute 27 + 135/5.

>> 2^7 + 135/5

ans =

155

Example Compute 11(126/(9 + 7)− 2(72/12)).

>> 11*(126/9+7 - 2^(72/12))

ans =

-473

Example Compute 62 −√

1024.

>> 6^2 - \sqrt{1024}

ans =

4

1

Part 1: Number Theory Basics

(1) Factor 123456 into primes.

factor(123456)

(2) For x, y ∈ Z− {0}, find gcd(x, y).

gcd(x,y)

Example: Find gcd(23456, 987654).

gcd(23456, 987654)

Ans =

2

Thus 2 = gcd(23456, 987654).

(3) For x, y ∈ Z− {0}, find u, v such that gcd(x, y) = ux+ vy.

[a,b,c]=gcd(x,y)

Example: Find u, v such that gcd(23456, 987654) = 23456u+ 987654v.

>> [d,u,v]=gcd(23456, 987654)

d =

2

u =

-3158

v =

75

This means u = −3158 and v = 75. Thus 2 = gcd(23456, 987654) = 23456·(−3158)+987654·75.

(4) Solve equation ax+ by = 1 when (a, b) = 1.

Example a = 65337 and b = 3511, what is the relationship between this problem and the

example in (3)?

[d,u,v]=gcd(65337, 3511)

How do you interpret the answers?

(5) Knowing n, we can find φ(n) and factor n by

n = 1234567

eulerphi(n)

factor(n)

This can be used for deciphering an RSA coded message in the future. However, Matlab may

have trouble factoring numbers bigger than 109.

2

Part 2: Operations involving integers modulo m(1) Given m > 1 and a ∈ Z, find b ∈ Z with 0 ≤ b < m such that a ≡ b (mod m).

mod (a,m)

(2) Given m > 1 and a, b ∈ Z, find c ∈ Z with 0 ≤ c < m such that a + b ≡ c (mod m). (Do

the same for subtractions and multiplications)

mod (a+b,m)

(3) Find multiplicative inverse of a (mod m) (assuming that we have already known that a and

m are relatively prime).

Example: Find the multiplicative inverse of 8787 (mod 91919).

>> powermod(8787, -1, 91919)

ans =

71374

Thus 8787−1 ≡ 71734 (mod 91919).

(4) Find multiplicative inverse of a (mod m) (assuming that we do not know if a and m are

relatively prime).

Example: Determine if 23456 has an inverse mod 987654, if it does, find it.

>> [d,u,v] = gcd(23456, 987654)

d =

2

u =

-3158

v =

75

This means the gcd(23456, 987654) = 2, and so the inverse does not exist.

Example: Determine if 23456 has an inverse mod 987651, if it does, find it.

>> [d,u,v] = gcd(23456, 987651)

d =

1

u =

256892

v =

-6101

This means the gcd(23456, 987651) = 1 = 256892 · 23456 + (−6101) · 987651, and so 23456−1 ≡256892 (mod 987651).

(5) Find modular exponentiation.

Example: Compute 234567 (mod 9871)

3

>> powermod(234, 567, 9871)

ans =

5334

Thus 234567 ≡ 5334 (mod 9871).

(6) Solving equations.

Example: Solve 7654x ≡ 2389 (mod 65537). What do we do? We first find the multiplicative

inverse of the coefficient of x.

>> powermod(7654, -1, 65537)

ans =

54637

>> mod(ans*2389, 65537)

ans =

43626

Thus the answer is x ≡ 43626 (mod 65537).

(8) Computation modulo m (Reviews)

Example Compute (234)(456) (mod 789).

>> mod(234*456, 789)

ans =

189

Example Compute 234 + 456 (mod 567).

>> mod(234*456, 789)

ans =

123

Example Compute 234567 (mod 9871).

>> powermod(234, 456, 9871)

ans =

5334

Example Compute multiplicative inverse of 8787 (mod 91919).

>> powermod(8787, -1, 91919)

ans =

71374

(9) Shift Ciphers and Affine Ciphers

(A) Decoding with Shift-cipher

Example Decrypt the Ceasar-encrypted message ’wklvverxogehtxlwhhdvb’

4

allshift(’wklvvkrxogehtxlwhhdvb’)

wklvvkrxogehtxlwhhdvb

xlmwwlsyphfiuymxiiewc

ymnxxmtzqigjvznyjjfxd

znoyynuarjhkwaozkkgye

aopzzovbskilxbpallhzf

bpqaapwctljmycqbmmiag

cqrbbqxdumknzdrcnnjbh

drsccryevnloaesdookci

estddszfwompbfteppldj

ftueetagxpnqcgufqqmek

guvffubhyqordhvgrrnfl

hvwggvcizrpseiwhssogm

iwxhhwdjasqtfjxittphn

jxyiixekbtrugkyjuuqio

kyzjjyflcusvhlzkvvrjp

lzakkzgmdvtwimalwwskq

mabllahnewuxjnbmxxtlr

nbcmmbiofxvykocnyyums

ocdnncjpgywzlpdozzvnt

pdeoodkqhzxamqepaawou

qefppelriaybnrfqbbxpv

rfgqqfmsjbzcosgrccyqw

sghrrgntkcadpthsddzrx

thisshouldbequiteeasy

uijttipvmecfrvjuffbtz

vjkuujqwnfdgswkvggcua

A study of the output indicates that the plain text should be ’thisshouldbequiteeasy’ or ’this

should be quite easy’

(B) Using Affine cipher to encode plain text.

Example Encrypt the plain text ’meetmeinstlouis’ with an affine cipher E3,7(x) ≡ 3x + 7 in

Z26.

>> affinecrypt(’meetmeinstlouis’, 3, 7)

ans =

rttmrtfujmoxpfj

(C) Using Affine cipher to decrypt cipher text.

Example The cipher text ’rttmrtfujmoxpfj’ was encrypted using the affine function 3x+ 7 in

Z26. Decrypt it.

(Step 1:) Solve y ≡ 3x + 7 (mod 26) for x. Since 1 = gcd(3, 26) = (9)(3) + (−1)(26), 3−1 ≡ 9

(mod 26). As (9)(7) ≡ 63 ≡ 11 (mod 26), multiplying both sides of the equation by 9 to get

9y ≡ x+ 11 (mod 26), and so x ≡ 9y − 11 ≡ 9y + 15 (mod 26).

This can also be done by using matlab:

>> powermod(3, -1, 26)

5

and =

9

>> mod(-9*7, 26)

ans =

15

(Step 2) Knowing that the decrypt function is x ≡ 9y + 15, we can decrypt the message by

>> affinecrypt(’rttmrtfujmoxpfj’, 9, 15)

ans =

meetmeinstlouis

6

Part 3: Numbers with different bases(1) Converting and Base-b number to a base-10 number

To convert a base-b number n = (dk−1dk−2 · · · d1d0)b to base-10, by definition, the answer is

n = n = dk−1bk−1 + dk−2b

k−2 + · · ·+ d1b+ d0.

Example Convert a number-26 number (HPAC)26 to base-10. We can first get the corre-

sponding numerical values H = 7, P = 15, A = 0 and C = 2, and get the answer by

>> n = 7*26^3 + 15*26^2 + 2

n =

133174

(2) Converting and Base-10 number to a base-b number

Example Convert the base-10 number n = 133174 to base-26.

>> n = 133174

n =

133174

>> d0 = mod(133174, 26)

d0 =

2

>> n1 = (n - 2)/26

n1 =

5122

>>d1 = mod(n1, 26)

d1 =

0

>> n2 = (n1 - 0)/26

n2 =

197

>>d2 = mod(n2, 26)

d2 =

15

>> n3 = (n2 - 15)/26

n3 =

7

>>d3 = mod(n3, 26)

d3 =

7

Thus the answer is n = (7 15 0 2)26 = (HPAC)26.

(3) Operations of base-b numbers

There are many ways to perform the operations of base-b numbers. One way to use matlab is

7

to first convert the base-b numbers to base-10, and use matlab to do the operations, then use

matlab to convert the answers back to base-b.

Example Multiply HE by IS in Z26.

Step 1: Convert HE = 7(26) + 4 = 186 and IS = 8(28) + 18 = 226.

Step 2: Compute the base-10 multiplication.

Step 3: Convert the answer back to Base-26.

8

Part 4: Discrete Log and RSA

(1) Find a Primitive Root

Example Find a primitive root for the prime p = 65537

>> primitiveroot(65537)

ans =

3

Thus 3 is a primitive root for 65537. (Remark: the function ”primitiveroot” finds the small-

est primitive root of the input number.)

(2) Example: Computing Discrete Log Find ind132 (7), or log2(7) (mod 13).

For n = 1:12;

a = powermod(2,n,13);

if a == 7; disp(n);

end

end

n = 11

Therefore, log2(7) = 11 (mod 13). This can be verified by

>> powermod(2,11,13)

ans =

7

(3) Example: Pohlig-Hellman Exponentiation Cipher Choose p = 263, e = 73. Note

that φ(263) = 262, and Euclidean Algorithm gives gcd(262, 73) = (−61)(73) + (17)(262) = 1.

>> [a,b,c] = gcd(73, 262)

a =

1

b =

-61

c =

17

Thus d = −17 ≡ 201 (mod 262)

For the cipher text c = (246, 18, 156, 0, 256, 127, 18, 156, 96, 256, 235, 0, 132, 68), which will be

decrypted by m = f−1(c) ≡ cd (mod 262). (Use powermod, for example). (Note: try to use

positive d. Using negative d would sometimes cause computation errors).

>> d=201

d =

201

9

>> p=263

p =

263

>> c = [246 18 156 0 256 127 18 156 96 256 235 0 132 68]

c =

Columns 1 through 5

246 18 156 0 256

Columns 6 through 10

127 18 156 96 256

Columns 11 through 14

235 0 132 68

>> m = powermod(c, d, p)

m =

Columns 1 through 5

19 17 4 0 18

Columns 6 through 10

20 17 4 8 18

Columns 11 through 14

11 0 13 3

This process gives

246201 ≡ 19; 18201 ≡ 17; 156201 ≡ 4; 0201 ≡ 0; 256201 ≡ 18; 127201 ≡ 20; 18201 ≡ 17;

156201 ≡ 4; 96201 ≡ 8; 256201 ≡ 18; 235201 ≡ 11; 0201 ≡ 0; 132201 ≡ 13; 68201 ≡ 3.

and so the cipher text is (19, 17, 4, 0, 18, 20, 17, 4, 8, 18, 11, 0, 13, 3), which means, with Z26 al-

phabet, treasure island.

(4) Example: Diffie-Hellman Key Exchange Let p = 907, a = 2, x = 32 and y = 153.

To find the exchange key, compute x ≡ 319 ≡ 3

>> p = 907

p =

907

>> a = primitiveroot(p)

a =

2

>> x = 32

x =

32

>> xx = powermod(a, x, p)

xx =

311

>> y = 153

y =

153

>> yy = powermod(a, y, p)

10

yy =

633

Thus x ≡ 232 ≡ 311 and y ≡ 2153 ≡ 633 (mod 907), and so the common key can be computed

by k = xy (mod p)

>> k = powermod(xx,y,p)

k =

121

or by k = yx (mod p)

>> k = powermod(yy,x,p)

k =

121

(5) Example: Finding p and q when given n = pq and φ(n).

Given n = pq = 1009427 and φ(n) = 1007400. To find p and q, we compute

>> n = 1009427

n =

1009427

>> f = eulerphi(n)

f =

1007400

>> s = n - f + 1

s =

2028

>> d = sqrt(s^2 - 4*n)

d =

274

>> p = (s + d)/2

p =

1151

>> q = (s-d)/2

q =

877

Therefore, p = 1151 and q = 877.

(6) Example: RSA with a single letter plain text Let p = 167, q = 547, n = 91349,

e = 5 and cipher text c ≡ 88291 (mod n). To find plain text m, we first find φ(n) = 90636,

>> n = 91349

n =

91349

>> eulerphi(n)

ans =

90636

11

and compute (using Euclidean Algorithm)

>> [a,b,c] = gcd(5, 90636)

a =

1

b =

-18127

c =

1

1 = gcd(5, 90636) = 5(−18127) + (1)(90636),

and so d = −18127 ≡ 72509 (mod 90636).

To find m, compute

>> powermod(88291, 72509, n)

ans =

12345

or

>> powermod(88291, -18127, n)

ans =

12345

to get

m = cd ≡ 8829172509 ≡ 12345 (mod n).

(7) Example: (RSA signature scheme) Given the system parameters n = 466727, φ(n) =

465336 d = 296123, and m = 10101. If c = 369510 is received, decide whether the signature

should be accepted and rejected.

Solution: First find e such that ed ≡ 1 (mod φ(n)).

>> n = 466727

n =

466727

>> f = eulerphi(n)

f =

465336

>> d = 296123

d =

296123

>> [a,b,c]=gcd(d,f)

a =

1

b =

11

c =

-7

12

Thus 1 = gcd(296123, 465336) = (11)(296123) + (−7)(465336), and so e ≡ 11. Then compute

ce (mod n),

>> c = 369510

c =

369510

>> e = 11

e =

11

>> powermod(c,e,n)

ans =

10101

Since m = 10101, the signature is accepted.

(8) Example: (ElGamal Cipher) Suppose A and B are using the ElGamal public-key

cipher to communicate with p = 1213 and e = 15. Suppose A sends a cipher tex c = (661, 193)

to B. Find the plain text m.

Solution: Here t = 193 and r = 661. Compute

>> p = 1213

p =

1213

>> t=193

t =

193

>> r=661

r =

661

>> e = 15

e =

15

>> r1 = powermod(r, -e, p)

r1 =

924

>> mod(t*r1, p)

ans =

21

Therefore,

m =≡ tr−e ≡ 193 · 924 ≡ 21 (mod 1213).

(9) Example: (ElGamal signature scheme) Bob receives m = 121 from Alice, together

with

(i) sigk(m, r) = (h, g) = (480, 532), and

(ii) sigk(m, r) = (h, g) = (480, 21), Bob downloads Alice’s KE = (p, a, b) = (641, 3, 88). Which

signature should Bob accepts? which one he should reject?

13

Solution: (i) For sigk(m, r) = (h, g) = (480, 532), Bob recognizes that b = 88, h = 480, and

g = 532. He computes

>> p = 641

p =

641

>> a = 3

a =

3

>> b = 88

b =

88

>> h = 480

h =

480

>> g = 532

g =

532

>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)

d =

191

>> m = 121

m =

121

>> s = powermod(a, m, p)

s =

300

Since s 6≡ d (mod 641), this should be rejected.

(ii) For sigk(m, r) = (h, g) = (480, 21), Bob uses the previous data except g = 21. So he does

the following computation.

>> g = 21

g =

21

>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)

d =

300

>> s = powermod(a, m, p)

s =

300

As d ≡ s (mod 641), Bob accepts it.

14

Part 5: Chinese Remainder Theorem

(1) Chinese Remainder Theorem Applications

Example: Find a solution x for the system{x ≡ 3 (mod 5)

x ≡ 2 (mod 7).

>> crt([3,2], [5,7])

ans =

23

15

Part 6: Operations involving matrices modulo m(1) Creating a Matrix; Computing Inverse of a Matrix mod 26

(A) Input a matrix

Example Create a matrix M =

1 2 3

4 5 6

7 8 10

.

>> M = [1 2 3; 4 5 6; 7 8 10]

M =

1 2 3

4 5 6

7 8 10

(B) Example Compute the inverse of M mod 26. To do that, we first compute the inverse

of M as it is a real number matrix. Then converted it to an integer valued matrix. In the last

step, we take mod 26 in every entry, as shown below.

Step 1: Compute the inverse of M . (We need the comment ”format rat;” to out put the

rational numbers. Without it, the output might be decimals, and the next step will not work

out easily.)

>> format rat;

>> Minv = inv(M)

Minv =

-2/3 -4/3 1

-2/3 11/3 -2

1 -2 1

Step 2: Need to rationalize this matrix before we take modulo m. Note that every fractional

entry of Minv has a denominator 3. Multiply everything by 3 to make it an integer valued

matrix. (You can also multiply 27 here as 27 ≡ 1 (mod 26)).

>> M1=(Minv*3)

M1 =

-2 -4 3

-2 11 -6

3 -6 3

Step 3: Find the inverse of M (mod 26) by modifying M1. Note that 3−1 ≡ 9 (mod 26)

>> M2=round(mod(M1*9, 26))

M2 =

8 16 1

8 21 24

1 24 1

Then M−1 = M2.

16

(2) Matrix Computations in matlab

Example 1 Create a matrix

A =

1 13 2

3 4 1

−2 16 1

.>> A = [1 13 2; 3 4 1; -2 16 1]

A =

1 13 2

3 4 1

-2 16 1

Example 2 Define a row vector (1, 2, 4, 5, 6).

>> x = [1, 2, 4, 5, 6]

x =

1 2 4 5 6

Example 3 Define a column vector (1, 2, 4, 5, 6)T .

>> y = [1; 2; 4; 5; 6]

y =

1

2

4

5

6

Example 3 Compute the matrix multiplication 1 13 2

3 4 1

−2 16 1

2 7 1

0 1 12

−2 0 1

.We can first define these matrix and then multiply them together.

>> A = [1 13 2; 3 4 1; -2 16 1]

A =

1 13 2

3 4 1

-2 16 1

>> B = [2 7 1; 0 1 12; -2 0 1]

B =

2 7 1

0 1 12

-2 0 1

>> C = A*B

If we want to compute the matrix multiplication in Zm, for example, computing AB in Z26,

then we use the following comment.

>> mod(A*B, 26)

17

Part 7: Ciphers using blocks of size larger than 1(1) Example: (encryption using blocks of size 3, or trigraphs)

Choice of Parameters: Let p = 281, q = 167. Then n = 46927. Pick e = 39423. Thus

the enciphering key is (46927, 39423) and the deciphering key is (46927, 26767). In order to use

the English Alphabet in the messages, Bob also tells Alice to use base-N representation of the

numerics with N = 26. Alice can key in the encryption keys.

>> n = 46927

n =

46927

>> e = 39423

e =

39423

Bob needs to compute the deciphering key:

>> f = eulerphi(n)

f =

46480

>> d = powermod(e, -1, f)

d =

26767

Encoding Process: To send a message Y ES to Bob, Alice first finds the numerical equivalent

of Y ES = (24 4 18)26 7→ P = 24(26)2 + 4(26) + 18 = 16346 (in base-10).

>> m = 24*(26)^2 + 4*(26) + 18

m =

16346

Next, Alice computes C = Pm = 1634639423 ≡ 21166 (mod 46927) in Zn:

>> c= powermod(m,e, n)

c =

21166

Alice then converts C to Base-26 numbers (You can use matlab to combine all of the

following steps. I write down these steps for you to see what we are actually doing).

Find the first digit:

>> mod(c, 26)

ans =

2

Find the second digit

>> c = (c-2)/26

c =

814

>> mod(c, 26)

ans =

8

18

Find the third digit

>> c = (c-8)/26

c =

31

>> mod(c, 26)

ans =

5

(As long as the current value of c = 31 > 26, Alice needs to continue) to find the four digit.

Find the third digit

>> c = (c-5)/26

c =

1

Alice now stops as the current value of c = 1 < 26. This is obtained:

c = 21166 = (1582)26 7→ BFIC,

and so Alice sends BFIC to Bob.

Decoding Process: Bob receives BFIC, and converts it to a base-10 number

c = 1(26)3 + 5(26)2 + 8(26) + 2 = 21166,

by matlab:

>> c = 1*(26)^3 + 5*(26)^2 + 8*(26) + 2

c =

21166

Then as Bob knows KD = (n, d), he computes m = cd ≡ 16346 (mod n) by matlab:

>> m = powermod(c, d, n)

m =

16346

Then Bob converts m to the base-26 numbers to find their English equivalent.

>> mod(m, 26)

ans =

18

>> m = (m-18)/26

m =

628

>> mod(m, 26)

ans =

4

>> m = (m-4)/26

m =

24

(Bob stops as the current value is less than 26). So the message is (24 4 18)26 7→ YES.

19

Part 8: Elliptic Curve Computations(1) Graph the elliptic curve y2 = x3 − x over the real number field R.

>> v =’y^2 - x*(x-1)*(x+1)’

v =

y^2 - x*(x-1)*(x+1)

>> ezplot(v, [-1,3,-5,5])

(2) Determine the elements in an elliptic curve over a finite field.

In this example, we are to determine all the elements on the elliptic curve over the finite

field F = Z17:

E = {(x, y) : y2 = x3 + x (mod 17)} ∪ {O}.

To do that, we first compute the square table over F , which tells us what element in F can

have a square root. This can be done by using powermod in matlab.

>> for k = [1:16], [k; powermod(k,2,17)]’, end

ans =

0 0

ans =

1 1

ans =

2 4

ans =

3 9

ans =

4 16

ans =

5 8

ans =

6 2

ans =

7 15

ans =

8 13

ans =

9 13

ans =

10 15

ans =

11 2

ans =

12 8

ans =

13 16

ans =

20

14 9

ans =

15 4

ans =

16 1

This generates the following square root table mod p (p = 17 here).

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

0 1 4 9 16 8 2 15 13 13 15 2 8 16 9 4 1

Clearly, (0, 0) ∈ E. Then, we compute x = 1, 2, · · · , 16 to solve the equation y2 = x3 + x

in Z17. For x = 1, y2 = 1 + 1 and so the square root table gives y = ±6. Hence (1,±6) ∈ E.

For x = 2, we have y2 = 8 + 2 = 10. the square root table tell us that there is no solution,

and so we move onto the case x = 3. The following matlab comment computes all the needed

information.

>> for x = [0:16], [x; mod(x^3+x, 17)]’, end

ans =

0 0

ans =

1 2

ans =

2 10

ans =

3 13

ans =

4 0

ans =

5 11

ans =

6 1

ans =

7 10

ans =

8 10

ans =

9 7

ans =

10 7

ans =

11 16

ans =

12 6

ans =

13 0

21

ans =

14 4

ans =

15 7

ans =

16 15

In this way, we have

E = {(0, 0), (1,±6), (3,±8), (4, 0), (6,±1), (11,±4), (13, 0), (14,±2), (16,±7), O}.

(3) Add points (1, 3) + (3, 5) and (1, 3) +O on the curve y2 = x3 + 24x+ 13 (mod 29). (Recall

that O represent the infinity).

>> addell([1,3], [3,5], 24, 13, 29)

ans =

26

>> addell([1,3], [inf, inf], 24, 13, 29)

ans =

1 3

>>

(4) Computing kP . For P = (1, 3) and an integer k > 0, we are to compute kP on the curve

y2 = x3 + 24x+ 13 (mod 29).

If we want to compute k · P for one value of k, say k = 7, then we can do the following.

>> multell([1,3], 7, 24, 13, 29)

ans =

15 6

Therefore, 7(1, 3) = (15, 6).

Now we compute k(1, 3) for each value of k = 1, 2, 3, · · · , 8.

>> multsell([1,3], 8, 24, 13, 29)

ans =

1 3

11 10

23 28

0 10

19 7

18 19

15 6

20 24

Therefore,

2P = (11, 10)

3P = (23, 28)

22

4P = (0, 10)

5P = (19, 7)

6P = (18, 19)

7P = (15, 6)

8P = (20, 24)

(5) Example: What happens when P +−P?

Let us add (1, 3) and (1,−3) on y2 ≡ x3 + 24x+ 13 (mod 29).

>> addell([1,3], [1,-3], 24, 13, 29)

ans =

1/0 1/0

Therefore, the answer is O = (inf, inf). Note that the 0 in the denominators is a 0 mod 29.

(For example, the denominator could have been 58, as an integer).

(6) Computing nP by the double-and-add algorithm for the elliptic curve E below over F =

Z1999:

y2 = x3 + 1828x+ 1675,

with P = (1756, 348) and n = 11.

Initialization: Q = P = (1756, 348) and R = O.

Iteration:

(Step 1) n = 11 is odd, R := R+Q = P +O = P = (1756, 348), Q := 2Q = (1526, 1612).

>> multell([1756,348],2,1828, 1675, 1999)

ans =

1526 1612

Update n := b11/2c = 5.

(Step 2) n = 5 is odd, R := R + Q = (1756, 348) + (1526, 1612) = (1362, 998), Q := 2Q =

(1675, 1579).

>> addell([1756,348], [1526,1612], 1828, 1675, 1999)

ans =

1362 998

>> multell([1526,1612],2,1828, 1675, 1999)

ans =

1657 1579

Update n := b5/2c = 2.

(Step 3) n = 2 is even, Q := 2Q = (1849, 225).

23

>> multell([1657,1579],2,1828, 1675, 1999)

ans =

1849 225

Update n := b2/2c = 1.

(Step 4) n = 1 is odd, R := R+Q = (1362, 998) + (1849, 225) = (1068, 1540), Q := 2Q.

>> addell([1362,998], [1849,225], 1828, 1675, 1999)

ans =

1068 1540

Update n := b1/2c = 0. (Since we know that n = 1 after the updating, we will stop at the next

step and so there is no need to actually compute 2Q.)

(Step 5) n = 0, stop, and answer that 11 · P = R = (1068, 1540).

24