If we define a hash function (or compression function) h that will hash an n-bit binary string to an m-bit binary string, we can view h as a function from Z2 to Z2m. It is tempting to define h using integer operations modulo 2m. We show in this exercise that some simple constructions of this type are insecure and should therefore be avoided.
a. Suppose that u = m > 1 and h : Z2 m → Z2m is defined as
h(x) = x2 + ax + b mod 2m.
Prove that it is easy to solve Second Preimage for any x Z2m without having to solve a quadratic equation.