Math 373/578: Using matlab in Cryptography (Spring 2010)

Place: Room 303, Armstrong Hall

Preparations:
(1) visit

http://www.math.wvu.edu/~hjlai/Teaching/Math373-578/Math373_Matlab/

and download all the files into a folder (Math373-Matlab)

(2) Open Matlab, change the current directory to this folder. (Click the logo at the right end
of ”current Directory” for ”Browse for folder”, and change the folder).
(3) Start working on the mathematics.

(4) Ordinary Computations (Review)

Example Compute 27 + 135/5.

>> 2^7 + 135/5

ans =
155

Example Compute 11(126/(9 + 7) − 2( 72/12)).

>> 11*(126/9+7 - 2^(72/12))

ans =
-473
√
Example Compute 62 − 1024.

>> 6^2 - \sqrt{1024}

ans =
4

1
Part 1: Number Theory Basics
(1) Factor 123456 into primes.

factor(123456)

(2) For x, y ∈ Z − {0}, find gcd(x, y).

gcd(x,y)

Example: Find gcd(23456, 987654).

gcd(23456, 987654)
Ans =
2
Thus 2 = gcd(23456, 987654).

(3) For x, y ∈ Z − {0}, find u, v such that gcd(x, y) = ux + vy.

[a,b,c]=gcd(x,y)

Example: Find u, v such that gcd(23456, 987654) = 23456u + 987654v.

>> [d,u,v]=gcd(23456, 987654)
d =
2
u =
-3158
v =
75
This means u = −3158 and v = 75. Thus 2 = gcd(23456, 987654) = 23456·(−3158)+987654·75.

(4) Solve equation ax + by = 1 when (a, b) = 1.

Example a = 65337 and b = 3511, what is the relationship between this problem and the
example in (3)?
[d,u,v]=gcd(65337, 3511)
How do you interpret the answers?

(5) Knowing n, we can find φ(n) and factor n by

n = 1234567
eulerphi(n)
factor(n)
This can be used for deciphering an RSA coded message in the future. However, Matlab may
have trouble factoring numbers bigger than 109 .

2
Part 2: Operations involving integers modulo m
(1) Given m > 1 and a ∈ Z, find b ∈ Z with 0 ≤ b < m such that a ≡ b (mod m).

mod (a,m)

(2) Given m > 1 and a, b ∈ Z, find c ∈ Z with 0 ≤ c < m such that a + b ≡ c (mod m). (Do
the same for subtractions and multiplications)

mod (a+b,m)

(3) Find multiplicative inverse of a (mod m) (assuming that we have already known that a and
m are relatively prime).
Example: Find the multiplicative inverse of 8787 (mod 91919).

>> powermod(8787, -1, 91919)

ans =
71374

Thus 8787−1 ≡ 71734 (mod 91919).

(4) Find multiplicative inverse of a (mod m) (assuming that we do not know if a and m are
relatively prime).
Example: Determine if 23456 has an inverse mod 987654, if it does, find it.

>> [d,u,v] = gcd(23456, 987654)

d =
2
u =
-3158
v =
75

This means the gcd(23456, 987654) = 2, and so the inverse does not exist.

Example: Determine if 23456 has an inverse mod 987651, if it does, find it.

>> [d,u,v] = gcd(23456, 987651)

d =
1
u =
256892
v =
-6101

This means the gcd(23456, 987651) = 1 = 256892 · 23456 + (−6101) · 987651, and so 23456−1 ≡
256892 (mod 987651).

(5) Find modular exponentiation.

Example: Compute 234567 (mod 9871)

3
>> powermod(234, 567, 9871)
ans =
5334

Thus 234567 ≡ 5334 (mod 9871).

(6) Solving equations.

Example: Solve 7654x ≡ 2389 (mod 65537). What do we do? We first find the multiplicative
inverse of the coefficient of x.

>> powermod(7654, -1, 65537)

ans =
54637
>> mod(ans*2389, 65537)
ans =
43626

Thus the answer is x ≡ 43626 (mod 65537).

(8) Computation modulo m (Reviews)

Example Compute (234)(456) (mod 789).

>> mod(234*456, 789)

ans =
189

Example Compute 234 + 456 (mod 567).

>> mod(234*456, 789)

ans =
123

Example Compute 234567 (mod 9871).

>> powermod(234, 456, 9871)

ans =
5334

Example Compute multiplicative inverse of 8787 (mod 91919).

>> powermod(8787, -1, 91919)

ans =
71374

(9) Shift Ciphers and Affine Ciphers

(A) Decoding with Shift-cipher
Example Decrypt the Ceasar-encrypted message ’wklvverxogehtxlwhhdvb’

4
allshift(’wklvvkrxogehtxlwhhdvb’)
wklvvkrxogehtxlwhhdvb
xlmwwlsyphfiuymxiiewc
ymnxxmtzqigjvznyjjfxd
znoyynuarjhkwaozkkgye
aopzzovbskilxbpallhzf
bpqaapwctljmycqbmmiag
cqrbbqxdumknzdrcnnjbh
drsccryevnloaesdookci
estddszfwompbfteppldj
ftueetagxpnqcgufqqmek
guvffubhyqordhvgrrnfl
hvwggvcizrpseiwhssogm
iwxhhwdjasqtfjxittphn
jxyiixekbtrugkyjuuqio
kyzjjyflcusvhlzkvvrjp
lzakkzgmdvtwimalwwskq
mabllahnewuxjnbmxxtlr
nbcmmbiofxvykocnyyums
ocdnncjpgywzlpdozzvnt
pdeoodkqhzxamqepaawou
qefppelriaybnrfqbbxpv
rfgqqfmsjbzcosgrccyqw
sghrrgntkcadpthsddzrx
thisshouldbequiteeasy
uijttipvmecfrvjuffbtz
vjkuujqwnfdgswkvggcua
A study of the output indicates that the plain text should be ’thisshouldbequiteeasy’ or ’this
should be quite easy’

(B) Using Affine cipher to encode plain text.

Example Encrypt the plain text ’meetmeinstlouis’ with an affine cipher E3,7 (x) ≡ 3x + 7 in
Z26 .
>> affinecrypt(’meetmeinstlouis’, 3, 7)
ans =
rttmrtfujmoxpfj
(C) Using Affine cipher to decrypt cipher text.
Example The cipher text ’rttmrtfujmoxpfj’ was encrypted using the affine function 3x + 7 in
Z26 . Decrypt it.
(Step 1:) Solve y ≡ 3x + 7 (mod 26) for x. Since 1 = gcd(3, 26) = (9)(3) + (−1)(26), 3−1 ≡ 9
(mod 26). As (9)(7) ≡ 63 ≡ 11 (mod 26), multiplying both sides of the equation by 9 to get
9y ≡ x + 11 (mod 26), and so x ≡ 9y − 11 ≡ 9y + 15 (mod 26).
This can also be done by using matlab:
>> powermod(3, -1, 26)

5
and =
9
>> mod(-9*7, 26)
ans =
15

(Step 2) Knowing that the decrypt function is x ≡ 9y + 15, we can decrypt the message by

>> affinecrypt(’rttmrtfujmoxpfj’, 9, 15)

ans =
meetmeinstlouis

6
Part 3: Numbers with different bases
(1) Converting and Base-b number to a base-10 number
To convert a base-b number n = (dk−1 dk−2 · · · d1 d0 )b to base-10, by definition, the answer is

n = n = dk−1 bk−1 + dk−2 bk−2 + · · · + d1 b + d0 .

Example Convert a number-26 number (HP AC)26 to base-10. We can first get the corre-
sponding numerical values H = 7, P = 15, A = 0 and C = 2, and get the answer by

>> n = 7*26^3 + 15*26^2 + 2

n =
133174

(2) Converting and Base-10 number to a base-b number

Example Convert the base-10 number n = 133174 to base-26.

>> n = 133174
n =
133174
>> d0 = mod(133174, 26)
d0 =
2
>> n1 = (n - 2)/26
n1 =
5122
>>d1 = mod(n1, 26)
d1 =
0
>> n2 = (n1 - 0)/26
n2 =
197
>>d2 = mod(n2, 26)
d2 =
15
>> n3 = (n2 - 15)/26
n3 =
7
>>d3 = mod(n3, 26)
d3 =
7

Thus the answer is n = (7 15 0 2)26 = (HP AC)26 .

(3) Operations of base-b numbers

There are many ways to perform the operations of base-b numbers. One way to use matlab is

7
to first convert the base-b numbers to base-10, and use matlab to do the operations, then use
matlab to convert the answers back to base-b.
Example Multiply HE by IS in Z26 .
Step 1: Convert HE = 7(26) + 4 = 186 and IS = 8(28) + 18 = 226.
Step 2: Compute the base-10 multiplication.
Step 3: Convert the answer back to Base-26.

8
Part 4: Discrete Log and RSA
(1) Find a Primitive Root

Example Find a primitive root for the prime p = 65537

>> primitiveroot(65537)
ans =
3

Thus 3 is a primitive root for 65537. (Remark: the function ”primitiveroot” finds the small-
est primitive root of the input number.)

(2) Example: Computing Discrete Log Find ind13

2 (7), or log2 (7) (mod 13).

For n = 1:12;
a = powermod(2,n,13);
if a == 7; disp(n);
end
end
n = 11

Therefore, log2 (7) = 11 (mod 13). This can be verified by

>> powermod(2,11,13)
ans =
7

(3) Example: Pohlig-Hellman Exponentiation Cipher Choose p = 263, e = 73. Note

that φ(263) = 262, and Euclidean Algorithm gives gcd(262, 73) = (−61)(73) + (17)(262) = 1.

>> [a,b,c] = gcd(73, 262)

a =
1
b =
-61
c =
17

Thus d = −17 ≡ 201 (mod 262)

For the cipher text c = (246, 18, 156, 0, 256, 127, 18, 156, 96, 256, 235, 0, 132, 68), which will be
decrypted by m = f −1 (c) ≡ cd (mod 262). (Use powermod, for example). (Note: try to use
positive d. Using negative d would sometimes cause computation errors).

>> d=201
d =
201

9
>> p=263
p =
263
>> c = [246 18 156 0 256 127 18 156 96 256 235 0 132 68]
c =
Columns 1 through 5
246 18 156 0 256
Columns 6 through 10
127 18 156 96 256
Columns 11 through 14
235 0 132 68
>> m = powermod(c, d, p)
m =
Columns 1 through 5
19 17 4 0 18
Columns 6 through 10
20 17 4 8 18
Columns 11 through 14
11 0 13 3

This process gives

246201 ≡ 19; 18201 ≡ 17; 156201 ≡ 4; 0201 ≡ 0; 256201 ≡ 18; 127201 ≡ 20; 18201 ≡ 17;

156201 ≡ 4; 96201 ≡ 8; 256201 ≡ 18; 235201 ≡ 11; 0201 ≡ 0; 132201 ≡ 13; 68201 ≡ 3.
and so the cipher text is (19, 17, 4, 0, 18, 20, 17, 4, 8, 18, 11, 0, 13, 3), which means, with Z26 al-
phabet, treasure island.

(4) Example: Diffie-Hellman Key Exchange Let p = 907, a = 2, x = 32 and y = 153.

To find the exchange key, compute x ≡ 319 ≡ 3
>> p = 907
p =
907
>> a = primitiveroot(p)
a =
2
>> x = 32
x =
32
>> xx = powermod(a, x, p)
xx =
311
>> y = 153
y =
153
>> yy = powermod(a, y, p)

10
yy =
633
Thus x ≡ 232 ≡ 311 and y ≡ 2153 ≡ 633 (mod 907), and so the common key can be computed
by k = xy (mod p)
>> k = powermod(xx,y,p)
k =
121
or by k = y x (mod p)
>> k = powermod(yy,x,p)
k =
121

(5) Example: Finding p and q when given n = pq and φ(n).

Given n = pq = 1009427 and φ(n) = 1007400. To find p and q, we compute
>> n = 1009427
n =
1009427
>> f = eulerphi(n)
f =
1007400
>> s = n - f + 1
s =
2028
>> d = sqrt(s^2 - 4*n)
d =
274
>> p = (s + d)/2
p =
1151
>> q = (s-d)/2
q =
877
Therefore, p = 1151 and q = 877.

(6) Example: RSA with a single letter plain text Let p = 167, q = 547, n = 91349,
e = 5 and cipher text c ≡ 88291 (mod n). To find plain text m, we first find φ(n) = 90636,
>> n = 91349
n =
91349
>> eulerphi(n)
ans =
90636

11
and compute (using Euclidean Algorithm)
>> [a,b,c] = gcd(5, 90636)
a =
1
b =
-18127
c =
1

1 = gcd(5, 90636) = 5(−18127) + (1)(90636),

and so d = −18127 ≡ 72509 (mod 90636).

To find m, compute
>> powermod(88291, 72509, n)
ans =
12345
or
>> powermod(88291, -18127, n)
ans =
12345
to get
m = cd ≡ 8829172509 ≡ 12345 (mod n).
(7) Example: (RSA signature scheme) Given the system parameters n = 466727, φ(n) =
465336 d = 296123, and m = 10101. If c = 369510 is received, decide whether the signature
should be accepted and rejected.
Solution: First find e such that ed ≡ 1 (mod φ(n)).
>> n = 466727
n =
466727
>> f = eulerphi(n)
f =
465336
>> d = 296123
d =
296123
>> [a,b,c]=gcd(d,f)
a =
1
b =
11
c =
-7

12
Thus 1 = gcd(296123, 465336) = (11)(296123) + (−7)(465336), and so e ≡ 11. Then compute
ce (mod n),

>> c = 369510
c =
369510
>> e = 11
e =
11
>> powermod(c,e,n)
ans =
10101

Since m = 10101, the signature is accepted.

(8) Example: (ElGamal Cipher) Suppose A and B are using the ElGamal public-key
cipher to communicate with p = 1213 and e = 15. Suppose A sends a cipher tex c = (661, 193)
to B. Find the plain text m.
Solution: Here t = 193 and r = 661. Compute

>> p = 1213
p =
1213
>> t=193
t =
193
>> r=661
r =
661
>> e = 15
e =
15
>> r1 = powermod(r, -e, p)
r1 =
924
>> mod(t*r1, p)
ans =
21

Therefore,
m =≡ tr−e ≡ 193 · 924 ≡ 21 (mod 1213).
(9) Example: (ElGamal signature scheme) Bob receives m = 121 from Alice, together
with
(i) sigk (m, r) = (h, g) = (480, 532), and
(ii) sigk (m, r) = (h, g) = (480, 21), Bob downloads Alice’s KE = (p, a, b) = (641, 3, 88). Which
signature should Bob accepts? which one he should reject?

13
Solution: (i) For sigk (m, r) = (h, g) = (480, 532), Bob recognizes that b = 88, h = 480, and
g = 532. He computes

>> p = 641
p =
641
>> a = 3
a =
3
>> b = 88
b =
88
>> h = 480
h =
480
>> g = 532
g =
532
>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)
d =
191
>> m = 121
m =
121
>> s = powermod(a, m, p)
s =
300

Since s 6≡ d (mod 641), this should be rejected.

(ii) For sigk (m, r) = (h, g) = (480, 21), Bob uses the previous data except g = 21. So he does
the following computation.

>> g = 21
g =
21
>> d = mod(powermod(b, h, p) * powermod(h, g, p), p)
d =
300
>> s = powermod(a, m, p)
s =
300

As d ≡ s (mod 641), Bob accepts it.

14
Part 5: Chinese Remainder Theorem
(1) Chinese Remainder Theorem Applications
Example: Find a solution x for the system
(
x ≡ 3 (mod 5)
.
x ≡ 2 (mod 7)

>> crt([3,2], [5,7])

ans =
23

15
Part 6: Operations involving matrices modulo m
(1) Creating a Matrix; Computing Inverse of a Matrix mod 26

(A) Input a matrix  

1 2 3
Example Create a matrix M =  4 5 6 .
 
7 8 10

>> M = [1 2 3; 4 5 6; 7 8 10]
M =
1 2 3
4 5 6
7 8 10
(B) Example Compute the inverse of M mod 26. To do that, we first compute the inverse
of M as it is a real number matrix. Then converted it to an integer valued matrix. In the last
step, we take mod 26 in every entry, as shown below.
Step 1: Compute the inverse of M . (We need the comment ”format rat;” to out put the
rational numbers. Without it, the output might be decimals, and the next step will not work
out easily.)
>> format rat;
>> Minv = inv(M)
Minv =
-2/3 -4/3 1
-2/3 11/3 -2
1 -2 1
Step 2: Need to rationalize this matrix before we take modulo m. Note that every fractional
entry of Minv has a denominator 3. Multiply everything by 3 to make it an integer valued
matrix. (You can also multiply 27 here as 27 ≡ 1 (mod 26)).
>> M1=(Minv*3)
M1 =
-2 -4 3
-2 11 -6
3 -6 3
Step 3: Find the inverse of M (mod 26) by modifying M 1. Note that 3−1 ≡ 9 (mod 26)
>> M2=round(mod(M1*9, 26))
M2 =
8 16 1
8 21 24
1 24 1
Then M −1 = M 2.

16
(2) Matrix Computations in matlab
Example 1 Create a matrix  
1 13 2
A= 3 4 1 .
 
−2 16 1
>> A = [1 13 2; 3 4 1; -2 16 1]
A =
1 13 2
3 4 1
-2 16 1
Example 2 Define a row vector (1, 2, 4, 5, 6).
>> x = [1, 2, 4, 5, 6]
x =
1 2 4 5 6
Example 3 Define a column vector (1, 2, 4, 5, 6)T .
>> y = [1; 2; 4; 5; 6]
y =
1
2
4
5
6
Example 3 Compute the matrix multiplication
  
1 13 2 2 7 1
 3 4 1   0 1 12  .
  
−2 16 1 −2 0 1
We can first define these matrix and then multiply them together.
>> A = [1 13 2; 3 4 1; -2 16 1]
A =
1 13 2
3 4 1
-2 16 1
>> B = [2 7 1; 0 1 12; -2 0 1]
B =
2 7 1
0 1 12
-2 0 1
>> C = A*B
If we want to compute the matrix multiplication in Zm , for example, computing AB in Z26 ,
then we use the following comment.
>> mod(A*B, 26)

17
Part 7: Ciphers using blocks of size larger than 1
(1) Example: (encryption using blocks of size 3, or trigraphs)
Choice of Parameters: Let p = 281, q = 167. Then n = 46927. Pick e = 39423. Thus
the enciphering key is (46927, 39423) and the deciphering key is (46927, 26767). In order to use
the English Alphabet in the messages, Bob also tells Alice to use base-N representation of the
numerics with N = 26. Alice can key in the encryption keys.
>> n = 46927
n =
46927
>> e = 39423
e =
39423
Bob needs to compute the deciphering key:
>> f = eulerphi(n)
f =
46480
>> d = powermod(e, -1, f)
d =
26767
Encoding Process: To send a message Y ES to Bob, Alice first finds the numerical equivalent
of Y ES = (24 4 18)26 7→ P = 24(26)2 + 4(26) + 18 = 16346 (in base-10).
>> m = 24*(26)^2 + 4*(26) + 18
m =
16346
Next, Alice computes C = P m = 1634639423 ≡ 21166 (mod 46927) in Zn :
>> c= powermod(m,e, n)
c =
21166
Alice then converts C to Base-26 numbers (You can use matlab to combine all of the
following steps. I write down these steps for you to see what we are actually doing).
Find the first digit:
>> mod(c, 26)
ans =
2
Find the second digit
>> c = (c-2)/26
c =
814
>> mod(c, 26)
ans =
8

18
Find the third digit
>> c = (c-8)/26
c =
31
>> mod(c, 26)
ans =
5
(As long as the current value of c = 31 > 26, Alice needs to continue) to find the four digit.
Find the third digit
>> c = (c-5)/26
c =
1
Alice now stops as the current value of c = 1 < 26. This is obtained:
c = 21166 = (1582)26 7→ BFIC,
and so Alice sends BFIC to Bob.

Decoding Process: Bob receives BFIC, and converts it to a base-10 number

c = 1(26)3 + 5(26)2 + 8(26) + 2 = 21166,
by matlab:
>> c = 1*(26)^3 + 5*(26)^2 + 8*(26) + 2
c =
21166
Then as Bob knows KD = (n, d), he computes m = cd ≡ 16346 (mod n) by matlab:
>> m = powermod(c, d, n)
m =
16346
Then Bob converts m to the base-26 numbers to find their English equivalent.
>> mod(m, 26)
ans =
18
>> m = (m-18)/26
m =
628
>> mod(m, 26)
ans =
4
>> m = (m-4)/26
m =
24
(Bob stops as the current value is less than 26). So the message is (24 4 18)26 7→ YES.

19
Part 8: Elliptic Curve Computations
(1) Graph the elliptic curve y 2 = x3 − x over the real number field R.

>> v =’y^2 - x*(x-1)*(x+1)’

v =
y^2 - x*(x-1)*(x+1)
>> ezplot(v, [-1,3,-5,5])

(2) Determine the elements in an elliptic curve over a finite field.

In this example, we are to determine all the elements on the elliptic curve over the finite
field F = Z17 :
E = {(x, y) : y 2 = x3 + x (mod 17)} ∪ {O}.
To do that, we first compute the square table over F , which tells us what element in F can
have a square root. This can be done by using powermod in matlab.

>> for k = [1:16], [k; powermod(k,2,17)]’, end

ans =
0 0
ans =
1 1
ans =
2 4
ans =
3 9
ans =
4 16
ans =
5 8
ans =
6 2
ans =
7 15
ans =
8 13
ans =
9 13
ans =
10 15
ans =
11 2
ans =
12 8
ans =
13 16
ans =

20
 14 9
ans =
15 4
ans =
16 1

This generates the following square root table mod p (p = 17 here).

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
0 1 4 9 16 8 2 15 13 13 15 2 8 16 9 4 1

Clearly, (0, 0) ∈ E. Then, we compute x = 1, 2, · · · , 16 to solve the equation y 2 = x3 + x

in Z17 . For x = 1, y 2 = 1 + 1 and so the square root table gives y = ±6. Hence (1, ±6) ∈ E.
For x = 2, we have y 2 = 8 + 2 = 10. the square root table tell us that there is no solution,
and so we move onto the case x = 3. The following matlab comment computes all the needed
information.

>> for x = [0:16], [x; mod(x^3+x, 17)]’, end

ans =
0 0
ans =
1 2
ans =
2 10
ans =
3 13
ans =
4 0
ans =
5 11
ans =
6 1
ans =
7 10
ans =
8 10
ans =
9 7
ans =
10 7
ans =
11 16
ans =
12 6
ans =
13 0

21
ans =
14 4
ans =
15 7
ans =
16 15

In this way, we have

E = {(0, 0), (1, ±6), (3, ±8), (4, 0), (6, ±1), (11, ±4), (13, 0), (14, ±2), (16, ±7), O}.

(3) Add points (1, 3) + (3, 5) and (1, 3) + O on the curve y 2 = x3 + 24x + 13 (mod 29). (Recall
that O represent the infinity).

>> addell([1,3], [3,5], 24, 13, 29)

ans =
26
>> addell([1,3], [inf, inf], 24, 13, 29)
ans =
1 3
>>

(4) Computing kP . For P = (1, 3) and an integer k > 0, we are to compute kP on the curve
y 2 = x3 + 24x + 13 (mod 29).
If we want to compute k · P for one value of k, say k = 7, then we can do the following.

>> multell([1,3], 7, 24, 13, 29)

ans =
15 6

Therefore, 7(1, 3) = (15, 6).

Now we compute k(1, 3) for each value of k = 1, 2, 3, · · · , 8.

>> multsell([1,3], 8, 24, 13, 29)

ans =
1 3
11 10
23 28
0 10
19 7
18 19
15 6
20 24

Therefore,

2P = (11, 10)
3P = (23, 28)

22
 4P = (0, 10)
5P = (19, 7)
6P = (18, 19)
7P = (15, 6)
8P = (20, 24)

(5) Example: What happens when P + −P ?

Let us add (1, 3) and (1, −3) on y 2 ≡ x3 + 24x + 13 (mod 29).

>> addell([1,3], [1,-3], 24, 13, 29)

ans =
1/0 1/0

Therefore, the answer is O = (inf, inf). Note that the 0 in the denominators is a 0 mod 29.
(For example, the denominator could have been 58, as an integer).

(6) Computing nP by the double-and-add algorithm for the elliptic curve E below over F =
Z1999 :
y 2 = x3 + 1828x + 1675,
with P = (1756, 348) and n = 11.

Initialization: Q = P = (1756, 348) and R = O.

Iteration:
(Step 1) n = 11 is odd, R := R + Q = P + O = P = (1756, 348), Q := 2Q = (1526, 1612).

>> multell([1756,348],2,1828, 1675, 1999)

ans =
1526 1612

Update n := b11/2c = 5.

(Step 2) n = 5 is odd, R := R + Q = (1756, 348) + (1526, 1612) = (1362, 998), Q := 2Q =

(1675, 1579).

>> addell([1756,348], [1526,1612], 1828, 1675, 1999)

ans =
1362 998
>> multell([1526,1612],2,1828, 1675, 1999)
ans =
1657 1579

Update n := b5/2c = 2.

(Step 3) n = 2 is even, Q := 2Q = (1849, 225).

23
>> multell([1657,1579],2,1828, 1675, 1999)
ans =
1849 225

Update n := b2/2c = 1.

(Step 4) n = 1 is odd, R := R + Q = (1362, 998) + (1849, 225) = (1068, 1540), Q := 2Q.

>> addell([1362,998], [1849,225], 1828, 1675, 1999)

ans =
1068 1540

Update n := b1/2c = 0. (Since we know that n = 1 after the updating, we will stop at the next
step and so there is no need to actually compute 2Q.)

(Step 5) n = 0, stop, and answer that 11 · P = R = (1068, 1540).

24