CLASSICAL CRYPTOGRAPHY AND RSA - 123seminarsonly.com · 2011. 11. 28. · AN INTRODUCTION TO CRYPTOGRAPHY Allison Mackay Advisor Dr. Mihai Caragiu CONTENTS 1. Rudiments of number

AN INTRODUCTION TO CRYPTOGRAPHY

Allison Mackay

Advisor Dr. Mihai Caragiu

CONTENTS

1. Rudiments of number theory 2. Euler’s Phi function 3. Classical cryptosystems and one time pad 4. Modular exponentiation 5. The RSA cryptosystem

2000 MATHEMATICS SUBJECT CLASSIFICATION: 11T71, 11A07

1. Rudiments of Number Theory

1.1. Residue class rings – abstract definitions Let . Define to be the set of all possible remainders when dividing byn , that is,

2n ≥ n

{ }0,1,..., 1n n= − On we have an addition modulo n n

( ) ( ), mo i j i j nd+ , a multiplication modulo n

( ) ( ), mo i j i j nd⋅ , two distinguished constants:

0,1 n∈ , and an “opposite” function

( )mod x x n− . Together with these operations,

( ), , ,0,1+ ⋅ − n is a commutative ring with identity, that is, the

following axioms are satisfied:

( ) ( )( ) 00

x y y xx y z x y

x x

z

x x

+ = +

+ + = + +

+ − =

+ =

( ) ( )

( )1

x y y xx y z x y zx xx y z x y x z

⋅ = ⋅

⋅ ⋅ = ⋅ ⋅

⋅ =

⋅ + = ⋅ + ⋅

Examples In { }2 0,1= we have 1 1 0+ = and ( )

2 2 2x y x y+ = + In { }7 0,1,2,3,4,5,6= we have 3 4 0+ = and 3 4 5⋅ =In { }6 0,1,2,3,4,5= we have 3 4 1+ = and 3 4 0⋅ =In { }80 0,1,...,79= we have 43 1=

1.2. Invertible elements in n An element is called “invertible” if there exists an element such that

nx∈ny∈

1x y⋅ = Note that in the case that such an element y exists, it is necessarily unique, and is denoted by 1x− . Examples

143∈ is invertible and 13 5− =

197∈ is invertible and 17 11− =

42∈ is not invertible.

Finding inverses in n( ) ( )gcd ,d a b x y d ax by= ⇒ ∃ ∃ = +

Example: ( )37, 29 gcd , 1,

11, 14a b d a bx y= = ⇒ = =

= = −( )1 37 11 29 14= ⋅ + ⋅ −

EXTENDED EUCLIDEAN ALGORITHM q r x y – 37 1 0 – 29 0 1 1 8 1 –1 3 5 –3 4 1 3 4 –5 1 2 –7 9 2 1 11 –14

To find the inverse of na∈ , run the Extended Euclidean Algorithm to find such that

, ,d x y( )gcd ,d a= n yandd ax n= + . If then a has

no inverse. If , then1d >

1d = 1 moda x n− = . For example the inverse of in is29 37 14 mod37− , that is 23:

13729 23 in

− =

2. The Euler’s Phi Function.

Definition

( ) n number of invertible elements in nφ = Example ( )10 4φ = , because the invertible elements in are

precisely 1, . 10

3,7,9 Equivalently

( ) ( ){ }# 0,..., 1| gcd , 1n x n x nφ = = − =

THEOREM ( )1 2

1 11 1 ... 1k

n np p p

φ⎛ 1 ⎞⎛ ⎞⎛ ⎞

= − − −⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠ ⎝ ⎠

where 1 2, ,..., kp p p are all prime factors of . n

Example: 1 1(10) 10 1 1 42 5

φ ⎛ ⎞⎛ ⎞⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠

= − − =

PROOF. We want to count the number of elements

{ }0,1,..., 1x n∈ − satisfying the ( )gcd , 1x n = . Note that the condition ( )gcd , 1k n = is equivalent to

1 | ,..., |kp x p x Let iA be the set of elements { }0,1,..., 1x n∈ − with |ip x . Then the union 1 2 ... kA A∪ ∪ ∪ A represents the set of all elements { }0,1,..., 1x n∈ − which are divisible by at least one of the primes 1,..., kp p , that is, which are NOT relatively prime to . By the inclusion-exclusion principle n

( )

( )

1

11 2

1

1 2

1 2

...

.... 1 ...

... 1...

1 1 11 1 1 ... 1

k i i ji i j

ki j l k

i j l

n

i i j i j li i j i j l

k

A A A A A

A A A A A A

n n n np p p p p p p p p

np p p

<

−

< <

−

< < <

= − +

+ + + −

= − + + + −

⎡ ⎤⎛ ⎞⎛ ⎞⎛ ⎞= − − − −⎢ ⎥⎜ ⎟⎜ ⎟⎜ ⎟

⎝ ⎠⎝ ⎠ ⎝ ⎠⎣ ⎦

∑ ∑

∑

∑ ∑ ∑

∪ ∪ ∩

∩ ∩ ∩ ∩ ∩

k

=

=

Therefore

( ) 11 2

1 1... 1 1 ... 1kk

n n A A n 1p p p

φ⎛ ⎞⎛ ⎞⎛ ⎞

= − = − − −⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠ ⎝ ⎠

∪ ∪

SPECIAL CASE

, with , distinct primesn pq p q= Then

( ) ( )(1 1 1 11 1 ( )( ) 1p qn n pq p qp q p q

φ⎛ ⎞⎛ ⎞ − −

= − − = = − −⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠

)1

If and if we know , with , distinct primesn pq p q= nand ( )nφ then we can factor . n

Indeed, since ( ) ( )( ) ( ) (1 1 1 1n p q pq p q n p q) ,φ = − − = + − + = + − +

it follows that ( )1p q n nφ+ = + − . Once we know the product pq = nand the sum ( )1p q n nφ+ = + − , the primes can be determined by solving a quadratic equation,

,p q( )( )2 1 0x n n x nφ− + − + = .

EULER’S THEOREM

Let be an integer and let 2n ≥ na∈ be an invertible element. Then

( ) 1 in n na

φ =

Example: Let n=10 and let a=3 (an invertible element in ). Then 10 (10)φ =4 (see previous example) and

in . 43 81= =1 10

PROOF: The set consisting of the invertible elements of form a

group under multiplication – the group n

( )nU of units of the ring . Sincen ( ) ( )nn Uφ = and since any element of a finite group (

x

),G ⋅ satisfies 1Gx = , the result follows.

SPECIAL CASE – FERMAT’S THEOREM

Let pbe a prime number, and let ,pa a 0∈ ≠ . Then 1 1 in p pa− =

3. Classical cryptosystems

Letter – by letter encryption by using an affine cryptosystem: the encryption formula is given by a function of the form 26 26: f x ax→ + b , where is the (numerical representation of) the alphabet, while is an invertible element in the ring (that is,

26

26a∈26 { }1,3,5,7,9,11,15,17,19,21,23,25a∈ ).

THE ALPHABET

A B C D E F G H I J K L M N O0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

P Q R S T U V W X Y Z 15 16 17 18 19 20 21 22 23 24 25

Example: the affine encryption 9 2x x 0+ mod 26 transforms the plaintext “FRIDAY” into the cyphertext “NROVUC”.

Decryption: inverting a linear function

( ): , n nf f x ax b→ = + , na b∈ , a invertible

( ) ( )1 1 1ax b y ax y b a ax a y b x a y a b1− − −+ = ⇒ = − ⇒ = − ⇒ = − −

Thus the inverse of f is given by

( )1 1 1: , n n 1f f x a x a− − −→ = b−−

6

Example: For the affine encryption

9 20 mod 2x x + the decryption formula will be given by

1 19 9x x 20− −− ⋅ that is,

3 18 mod 2x x 6+ Double Letter Encryption uses a similar process, but it is more difficult to perform a frequency analysis on blocks of two letters especially on short messages, and is therefore more secure. Blocks of two letters

or digraphs from AA to ZZ can be changed to numerical code using the form: (qx)

( ) 2 67626(26) qx q x =→ + ∈

For example, the message “MEET ME AT FOUR” would be broken up into digraphs as ME ET ME AT FO UR, and disregarding spaces would become: 316 123 316 19 144 537 This numerical code would then be encrypted using a formula such as:

103 5mod676x x− The encrypted numerical code would be: 95 496 95 600 631 550 Finally, this numerical code is translated into the scrambled plaintext: “DR TC DR XC YH VE” To decode this message the receiver would use the decryption formula:

1 1103 103 (5)mod676x x− −+ or

571 151mod676x x + , and then divide that numerical code by 26 to get the decrypted digraph ( being the quotient and

the remainder). ( )qx q

x

Double letter encryption follows this pattern: Digraph ( )qx

↓ Numerical Code

↓ Encryption with Key

↓ Numerical Code

↓ Encrypted Message

Multiple letter encryption also follows this pattern for triples of letters using , quadruples using ,etc. 326Z 426Z

( )( ) ( )( )

( ) { }

1 2 1

1

0

...

26 0,1,..., 26 1

k k

ki k

ii

letter letter letter letter

letter

− −

−

=

↓

↓

⋅ ∈ −∑

0

For example: The quadruple “four” would be encrypted by:

4

0 1 2 3

26

(26 ) (26 ) (26 ) (26 )17(1) 20(26) 14(676) 5(17576) 97871r u o f+ + + =

+ + + = ∈

The One-Time Pad

The One-Time Pad, which is also known as the Vernan cipher was created by Gilbert Vernan (AT&T) in 1917 (U.S. Patent 01310719). It is the only currently known unconditionally secure cryptosystem. The inconvenience lies in the fact that the persons communicating secretly have to trade pads, and also in the fact that the length of the key must be at least equal to the length of the message to be encrypted. Using MATLAB to generate a (quasi)random sequence of elements of : 26

function otp = otp(n)n=input('enter n: ');x=rand(1,n);for I=1:n; y(I)=floor(26*x(I));endotp=y;

The one-time pad would basically add, term-by-term, the terms of the random sequence to the terms of the sequence representing the numerical values of the letters in the plaintext. The unconditional security of the one-time-pad is contingent on the good randomness properties of the key.

The advantages of the one time pad compared with other classical systems are evident especially in short messages. Consider a battle in which a general wished to send a message of either “ADVANCE” or “RETREAT”. Using the affine cryptosystem, the two A’s in advance or the two E’s in retreat would be encrypted to the same letter and simply by looking at their placement, one could easily break the code. However, with the one time pad, the encryption is completely random and without the key, it would be impossible to decipher which seven letter message the general had sent.

A RANDOM SEQUENCE OF ONE THOUSAND LETTERS First we used the "o program to generate a random sequence of 1000 elements of . A second program translates each element of the random string generated previously into a letter (viewed as a string of length one). Finally a third program is used to concatenate the one thousand strings of length one into a single character string of length 1000.

tp"26

iybvexpdtqqusyjiibejzrcdpunmukmawzfanqrxgdzvelqsyazkunwkqkxzwsnyiijgqwxocygtnnusmzasncbmhvpcgkkutiamftyyoegnvlrjkzarkxtuwufuszsebmthhgwfoduobtiuvdvzmkmoeznrlhljqglumzpfnfivkvukwadbekfktyirkeqkdgyhfrnmirfogghvonfgzfvbyrhbimgzwyaukvmkeychvidvkfnycbjuzxxvpflskeqqbdloiralavaicjawqsyzmylyzjiadnpgwofhakhibgiyoyxzbzvhcxhonqfsasbbdscbvamyxjkrafyeotephcovvlrqzjcaxvasolyoejvcswfdxfcqauvktnceddibzkexilmcwrvhbkfvnjmnnfykuzmjssvgadhemycqdduiujueqjxnkvhhfocqlmovutqbqyawdkkksgrfnqpldtcwchsgvtbbzrvayqhkfpdvlmzqrycmkxurwaupivujnqelysqxyoazblxnoetvrlaidhkbqwkehtjaiqveailyzzglmiwdoibgvdvkzrhckcazxqicpltiuxnrquigmuqszjfiypgviaevcbtqoirvxypzllyvphnrhjzqqnmkgfuebtbmmgqlgjpzwedpxgvwwjcteoixgchjxzgiaimitdezrtxmwbprhbyqaxmwztwsnfkotkaggopbmdrmcqcwpveybqwnchpeobvfdzqtssgshulbmrxfzbzpuozrptxcatqadjzfcmrhalzhzvhswylkwsgsmmirgxmqhrdyvgrzozyibbekpbofnequaupyrarqtjzsmvesjhjvrtsbcthhkmbnlyqcmbexsdkztswvlgrehuijymdmysjbdtmkqngypfzrtkypatcnxjexjtjmzigjuujobljtezrxjkkkjbdznxdvbedvobjhonczluqwqygjblqc

opbfgycfopakugokecpoo

4. MODULAR EXPONENTIATION

Assume we are given an element na∈ and we want to calculate the power K na ∈ for some very large . K Calculating ( ) ( )2 3 2 4 3, , , ,..., Ka a a a a a a a a= ⋅ = ⋅ will take a substantial amount of time (we will need about multiplications, which for an extremely large (think about 100 digit numbers) is unfeasible.

KK

THE FAST EXPONENTIATION BY REPEATED SQUARING

Calculate

( ) ( )( ) ( )

0 1 0 2 1

3 2 1

2 22 2 2 2 2

2 22 2 2 2

, ,

,...,t t

a a a a a a

a a a a−

⎛ ⎞ ⎛= = =⎜ ⎟ ⎜⎝ ⎠ ⎝

⎛ ⎞ ⎛ ⎞= =⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠

,⎞⎟⎠

,

where2 is the largest power of 2that is less than or equal to . t K

By using the base 2 expansion of , we get K12 ... 2 rd dK = + + with 1 20 ... rd d d t≤ < < < ≤ .

Then we multiply( )in n and we get, by using exponent laws,

1 22 2 ...

dd d tKa a a a2= ⋅ ⋅ ⋅

It turns out that the above exponentiation algorithm is much more efficient (we need about ( )2logO K

=

⋅

multiplications!) EXAMPLE: 1217, 5613, 315703a K n= = =We need to compute 5613 3157031217a = ∈Write the exponent in base 2: K 21010111101101That is,

0 2 3 5 6 7 8 10 125613 2 2 2 2 2 2 2 2 21 4 8 32 64 128 256 1024 4096

= + + + + + + + ++ + + + + + + +

0 25613 2 21217 1217 1217 ...⇒ = ⋅ Then, in we have: 315703

021217 1217= 1217P → 12 21217 1217 218277= =

22 21217 218277 214781= = 1217 214781 302096P → ⋅ =32 21217 214781 39898= = 302096 39898 117074P → ⋅ =42 21217 39898 75878= =

52 21217 75878 310976= = 117074 310976 18561P → ⋅ =62 21217 310976 245319= = 18561 245319 297293P → ⋅ =

72 21217 245319 211683= = 297293 211683 269505P → ⋅ =82 21217 211683 71481= = 269505 71481 289845P → ⋅ =

92 21217 71481 196009= = 102 21217 196009 51496= = 289845 51496 51686P → ⋅ =

112 21217 51496 248519= = 122 21217 248519 84065= = 51686 84065 278904P → ⋅ =

THEREFORE 5613 3157031217 278904a = = ∈

5. THE RSA CRYPTOSYSTEM

5.1. THE RSA SETUP: WHAT SHOULD ALICE DO?

To set up an RSA cryptosystem, Alice will have to do the following: • First she will pick up two large primes ,p q (these will

not be made public) and will calculate the product

N pq= The large number will be made public. N

• Next she calculates ( ) ( )( )1N p q 1φ = − − and keeps (N )φ for herself.

• She then picks up an integerewhich is invertible ( )mod Nφ . The number will be made public. This will be Alice’s public

eencryption key. In a

public directory everybody could see the numbers e and . N

• Finally she uses the Extended Euclidean Algorithm to calculate the inverse ( )1 mod Nd e φ−= . This will be the private decryption key for Alice.

Now assume that Bob wants to send Alice a message. We will assume the message is represented by an element

(if the message is large, Bob will break it into pieces, each piece of the message being represented as an element of ).

Nx∈

N

First Bob looks up in the public directory under the user “Alice” and finds out the numbers and . N e Then Bob uses fast exponentiation to compute the power

e Ny x= ∈ This will be the enciphered message (“cipher text”) going over the wire. Finally, Alice receives Ny∈ and uses the private decryption key to decipherd y , by calculating . d Ny x= ∈

PROOF OF dy x= Since ( )1 mod Nd e φ−= , we have

( )1 , for some de k N kφ= + ∈ Say ( )nx U∈ . Then

( ) ( ) ( )1 1kd k N Nd e de ky x x x x x xφ φ+ ⎡ ⎤= = = = ⋅ = ⋅ x=⎣ ⎦ .

One can show that also holds true for all other . dy = x nx∈

APPENDIX 1

MATLAB PROGRAMS WRITTEN IN THE COURSE OF THE PRESENT RESEARCH

function nlet=nlet(x) n=size(x,2); nlet=codel(x(1)); for I=1:n; z=codel(x(I)); nlet=strcat(z,nlet); end;

function aencrypt=aencrypt(x,a,b) y=strcode(x); n=size(y,2); for I=1:n; z(I)=mod(a*y(I)+b,26); end for I=1:n; w(I)=codel(z(I)); end aencrypt=w

function codel = codel(n) if n ==0; codel='a'; elseif n ==1; codel='b'; elseif n ==2; codel='c'; elseif n ==3; codel='d'; elseif n ==4; codel='e'; elseif n ==5; codel='f'; elseif n ==6; codel='g'; elseif n ==7; codel='h'; elseif n ==8; codel='i'; elseif n ==9; codel='j'; elseif n ==10; codel='k'; elseif n ==11; codel='l'; elseif n ==12; codel='m'; elseif n ==13; codel='n'; elseif n ==14; codel='o'; elseif n ==15; codel='p'; elseif n ==16; codel='q'; elseif n ==17; codel='r'; elseif n ==18; codel='s'; elseif n ==19; codel='t'; elseif n ==20; codel='u'; elseif n ==21; codel='v'; elseif n ==22; codel='w'; elseif n ==23; codel='x'; elseif n ==24; codel='y'; else codel='z'; end

function lcode = lcode(letter) if letter =='a'; lcode=0 elseif letter =='b'; lcode=1 elseif letter =='c'; lcode=2 elseif letter =='d'; lcode=3 elseif letter =='e'; lcode=4 elseif letter =='f'; lcode=5 elseif letter =='g'; lcode=6 elseif letter =='h'; lcode=7 elseif letter =='i'; lcode=8 elseif letter =='j'; lcode=9 elseif letter =='k'; lcode=10 elseif letter =='l'; lcode=11 elseif letter =='m'; lcode=12 elseif letter =='n'; lcode=13 elseif letter =='o'; lcode=14 elseif letter =='p'; lcode=15 elseif letter =='q'; lcode=16 elseif letter =='r'; lcode=17 elseif letter =='s'; lcode=18 elseif letter =='t'; lcode=19 elseif letter =='u'; lcode=20 elseif letter =='v'; lcode=21 elseif letter =='w'; lcode=22 elseif letter =='x'; lcode=23 elseif letter =='y'; lcode=24 else lcode=25 end

function otp = otp(n) x=rand(1,n); for I=1:n; y(I)=floor(26*x(I)); end otp=y;

function adecrypt=adecrypt(x,a,b) y=strcode(x); n=size(y,2); c=mod(a^(11),26); for I=1:n; z(I)=mod(c*(y(I)-b),26); end for I=1:n; w(I)=codel(z(I)); end adecrypt=w

ONE TIME PAD ENCRYPTION/DECRYPTION function otpencrypt=otpencrypt(x,onetime) y=strcode(x); n=size(y,2); for I=1:n; z(I)=mod(y(I)+onetime(I),26); end for I=1:n; w(I)=codel(z(I)); end otpencrypt=w function otpdecrypt=otpdecrypt(x,onetime) y=strcode(x); n=size(y,2); for I=1:n; z(I)=mod(y(I)-onetime(I),26); end for I=1:n; w(I)=codel(z(I)); end otpdecrypt=w

REFERENCES

1. Douglas R. Stinson, Cryptography – Theory and Practice, Second Edition, Chapman & Hall, 2002

2. Sarah Flannery, In Code – A Mathematical Journey, Algonquin Books of Chapel Hill, 2002

3. One-time Pad, http://en.wikipedia.org/wiki/One-time_pad