cryptopals

Matasano's cryptopals challenges (cryptopals.com).
Log | Files | Refs | README | LICENSE
commit 3e883defb0f3dc4b70804ad8522d31e1349230be
parent 366d50d1b96c53baebf425aa76bc5a955db3cc1a
Author: Jared Tobin <jared@jtobin.io>
Date:   Sat, 19 Aug 2023 18:44:54 -0230

Fix typos.

Diffstat:

Mdocs/s5.md | 11++++++-----


1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/s5.md b/docs/s5.md
@@ -367,8 +367,9 @@ In any case, RSA: one finds two n-bit primes, 'p' and 'q', and uses
 their product to construct a modulus N = (p - 1) (q - 1). The public
 key is (N, e) for 'e' a number relatively prime to that modulus, and
 the private key is (N, d), for d such that ed = 1 mod N (i.e., 'd' is
-congruent mod N to the inverse of e). "Relatively prime" means, for two
-numbers 'a' and 'b', that they have a greatest common denominator of 1.
+congruent mod N to the inverse of e). "Relatively prime" or "coprime"
+means, for two numbers 'a' and 'b', that they have a greatest common
+denominator of 1.
 
 Encryption and decryption are then just modular exponentiation
 operations using the keys. To go from Natural to ByteString and back,
@@ -418,7 +419,7 @@ functions, as well as invmod and roll & unroll.
 #### 5.40
 
 The problem behind the Chinese Remainder Theorem, as formulated by one
-孫子 and passed on to me via Wikipedia, is:
+孫子 (not *that* 孫子) and passed on to me via Wikipedia, is:
 
 > There are certain things whose number is unknown. If we count them by
 > threes, we have two left over; by fives, we have three left over; and
@@ -431,8 +432,8 @@ Remainder Theorem states that such a solution always exists given
 certain conditions (notably that the moduli are pairwise coprime).
 
 In our case, for plaintext 'm' and ciphertexts c0, c1, and c2, we have
-that m ^ 3 is congruent modulo to c0 mod n0, c1 mod n1, and c2 mod n2.
-The Chinese Remainder Theorem asserts that there exists some 'c' that is
+that m ^ 3 is congruent to c0 mod n0, c1 mod n1, and c2 mod n2. The
+Chinese Remainder Theorem asserts that there exists some 'c' that is
 congruent to m ^ 3 modulo `n0 * n1 * n2`. The trick here (this is known
 as Håstad's attack, apparently) is that since m is smaller than every n,
 we have that m ^ 3 is smaller than `n0 * n1 * n2`, and so that 'c' is