\documentclass[11pt]{article} \usepackage{amsfonts,amsthm,amsmath,amssymb} \usepackage{array} \usepackage{epsfig} \usepackage{fullpage} \usepackage{color} %%%%%%%%%%%%%%% MACROS specific to this PSET %%%%%%%%%%%%%%%%%%%%%% \newcommand{\lat}{\mathcal{L}} \newcommand{\basis}{\mathbf{B}} \newcommand{\vol}{\mathsf{vol}} \newcommand{\sh}{\lambda_1} %\newcommand{\det}{\mathsf{det}} \newcommand{\Z}{\mathbb{Z}} \newcommand{\R}{\mathbb{R}} \newcommand{\Q}{\mathbb{Q}} \newcommand{\N}{\mathbb{N}} %%%%%%%%% Vectors and Matrices \newcommand{\vecv}{\mathbf{v}} \newcommand{\vecb}{\mathbf{b}} \newcommand{\vecbt}{\widetilde{\vecb}} \newcommand{\vecs}{\mathbf{s}} \newcommand{\vect}{\mathbf{t}} \newcommand{\vecy}{\mathbf{y}} \newcommand{\matB}{\mathbf{B}} \newcommand{\poly}{\mathsf{poly}} \newcommand{\Span}{\mathsf{Span}} \newcommand{\dist}{\mathsf{dist}} \def\rot{\mathsf{Rot}} \def\bydef{\stackrel{\Delta}{=}} \def\matA{\mathbf{A}} \def\vecy{\mathbf{y}} \def\vece{\mathbf{e}} \def\vecz{\mathbf{z}} %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% \title{MAT 301 Problem Set 5\\{\large [Posted: March 23, 2012. Due: 1pm on April 2, 2012. Worth: 100 points]}} \author{} \date{} \begin{document} \maketitle %\input{pset-preamble.tex} %\lecture{1}{Vinod Vaikuntanathan}{September 13, 2011}{October 3, 2011} \def\sslwe{\mathsf{ssLWE}} \def\lwe{\mathsf{LWE}} % Macros for vectors \def\veca{\mathbf{a}} \def\vecs{\mathbf{s}} \def\vecc{\mathbf{c}} \vspace*{-0.7in} \medskip\noindent {\bf Note:} I value {\em succinct} and {\em clearly written} solutions {\em without unnecessary verbiage}. Such solutions will be rewarded with bonus points. \medskip \noindent \begin{enumerate} \item \textbf{Faulty Oracles (50 points)} Let $N$ be an integer, and let $e$ be an integer that is relatively prime to $\phi(N)$. You have access to a faulty oracle that takes as input a number $y \in \mathbb{Z}_N^*$ and return the $e^{th}$ root of $y$, i.e., a number $x$ such that \[ y = x^e \pmod{N} \] There is one little problem though: the oracle can give incorrect answers on as many as half the inputs, namely on half the numbers $y \in \mathbb{Z}_N^*$, it returns an answer $\widetilde{x}$ such that \[ y \neq \widetilde{x}^e \pmod{N} \] Moreoever, the oracle can be incorrect on an {\em arbitrary} set of $|\mathbb{Z}_N^*|/2$ numbers. % have no idea which half it is correct on! Now, you are given a number $z \in \mathbb{Z}_N^*$ and you are asked to find its $e^{th}$ root mod $N$. How will you do this efficiently using the faulty oracle? Your procedure should succeed in finding the answer with probability at least $0.9999999999999 \approx 1 - \frac{1}{2^{25}}$. [{\em Note: You don't have the factorization of $N$, so you can't compute $e^{th}$ roots by yourself efficiently. In other words, you have to rely on the oracle in some way.}] \item \textbf{Secret Sharing (50 points)} Suppose that the teaching staff of a course consists of three professors and two TAs. The solutions to problem sets in the course are encrypted with a key $K$ that is shared between the five staff members. Your goal is to come up with a method of secret-sharing the key so that \begin{enumerate} \item \underline{all the three professors together}, or \item \underline{both the TAs together}, or \item \underline{any TA together with any professor} \end{enumerate} should be able to access the solutions. No other combination of staff members should be able to lay their hands on it (for example, if two professors come together, they should have no idea what the key $K$ is, and therefore, they will not be able to decrypt and figure out the solutions). Assume that the key is a number in $\mathbb{Z}_q$ for some prime number $q$. I will give full points to the solution that minimizes the number of shares (numbers in $\mathbb{Z}_q$) assigned to each staff member. [{\em Hint: Use weights, don't be shy about assigning multiple shares to each person.}] \end{enumerate} \end{document}