-
AN INTRODUCTION TO CRYPTOGRAPHY
Allison Mackay
Advisor Dr. Mihai Caragiu
CONTENTS
1. Rudiments of number theory 2. Euler’s Phi function 3.
Classical cryptosystems and one time pad 4. Modular exponentiation
5. The RSA cryptosystem
2000 MATHEMATICS SUBJECT CLASSIFICATION: 11T71, 11A07
-
1. Rudiments of Number Theory
1.1. Residue class rings – abstract definitions Let . Define to
be the set of all possible remainders when dividing byn , that
is,
2n ≥ n
{ }0,1,..., 1n n= − On we have an addition modulo n n
( ) ( ), mo i j i j nd+ , a multiplication modulo n
( ) ( ), mo i j i j nd⋅ , two distinguished constants:
0,1 n∈ , and an “opposite” function
( )mod x x n− . Together with these operations,
( ), , ,0,1+ ⋅ − n is a commutative ring with identity, that is,
the
following axioms are satisfied:
( ) ( )( ) 00
x y y xx y z x y
x x
z
x x
+ = +
+ + = + +
+ − =
+ =
( ) ( )
( )1
x y y xx y z x y zx xx y z x y x z
⋅ = ⋅
⋅ ⋅ = ⋅ ⋅
⋅ =
⋅ + = ⋅ + ⋅
-
Examples In { }2 0,1= we have 1 1 0+ = and ( )
2 2 2x y x y+ = + In { }7 0,1,2,3,4,5,6= we have 3 4 0+ = and 3
4 5⋅ =In { }6 0,1,2,3,4,5= we have 3 4 1+ = and 3 4 0⋅ =In { }80
0,1,...,79= we have 43 1=
1.2. Invertible elements in n An element is called “invertible”
if there exists an element such that
nx∈ny∈
1x y⋅ = Note that in the case that such an element y exists, it
is necessarily unique, and is denoted by 1x− . Examples
143∈ is invertible and 13 5− =
197∈ is invertible and 17 11− =
42∈ is not invertible.
-
Finding inverses in n( ) ( )gcd ,d a b x y d ax by= ⇒ ∃ ∃ =
+
Example: ( )37, 29 gcd , 1,
11, 14a b d a bx y= = ⇒ = =
= = −( )1 37 11 29 14= ⋅ + ⋅ −
EXTENDED EUCLIDEAN ALGORITHM q r x y – 37 1 0 – 29 0 1 1 8 1 –1
3 5 –3 4 1 3 4 –5 1 2 –7 9 2 1 11 –14
To find the inverse of na∈ , run the Extended Euclidean
Algorithm to find such that
, ,d x y( )gcd ,d a= n yandd ax n= + . If then a has
no inverse. If , then1d >
1d = 1 moda x n− = . For example the inverse of in is29 37 14
mod37− , that is 23:
13729 23 in
− =
-
2. The Euler’s Phi Function.
Definition
( ) n number of invertible elements in nφ = Example ( )10 4φ = ,
because the invertible elements in are
precisely 1, . 10
3,7,9 Equivalently
( ) ( ){ }# 0,..., 1| gcd , 1n x n x nφ = = − =
THEOREM ( )1 2
1 11 1 ... 1k
n np p p
φ⎛ 1 ⎞⎛ ⎞⎛ ⎞
= − − −⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠ ⎝ ⎠
where 1 2, ,..., kp p p are all prime factors of . n
Example: 1 1(10) 10 1 1 42 5
φ ⎛ ⎞⎛ ⎞⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠
= − − =
-
PROOF. We want to count the number of elements
{ }0,1,..., 1x n∈ − satisfying the ( )gcd , 1x n = . Note that
the condition ( )gcd , 1k n = is equivalent to
1 | ,..., |kp x p x Let iA be the set of elements { }0,1,..., 1x
n∈ − with |ip x . Then the union 1 2 ... kA A∪ ∪ ∪ A represents the
set of all elements { }0,1,..., 1x n∈ − which are divisible by at
least one of the primes 1,..., kp p , that is, which are NOT
relatively prime to . By the inclusion-exclusion principle n
( )
( )
1
11 2
1
1 2
1 2
...
.... 1 ...
... 1...
1 1 11 1 1 ... 1
k i i ji i j
ki j l k
i j l
n
i i j i j li i j i j l
k
A A A A A
A A A A A A
n n n np p p p p p p p p
np p p
<
−
< <
−
< < <
= − +
+ + + −
= − + + + −
⎡ ⎤⎛ ⎞⎛ ⎞⎛ ⎞= − − − −⎢ ⎥⎜ ⎟⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠ ⎝ ⎠⎣ ⎦
∑ ∑
∑
∑ ∑ ∑
∪ ∪ ∩
∩ ∩ ∩ ∩ ∩
k
=
=
Therefore
( ) 11 2
1 1... 1 1 ... 1kk
n n A A n 1p p p
φ⎛ ⎞⎛ ⎞⎛ ⎞
= − = − − −⎜ ⎟⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠ ⎝ ⎠
∪ ∪
-
SPECIAL CASE
, with , distinct primesn pq p q= Then
( ) ( )(1 1 1 11 1 ( )( ) 1p qn n pq p qp q p q
φ⎛ ⎞⎛ ⎞ − −
= − − = = − −⎜ ⎟⎜ ⎟⎝ ⎠⎝ ⎠
)1
If and if we know , with , distinct primesn pq p q= nand ( )nφ
then we can factor . n
Indeed, since ( ) ( )( ) ( ) (1 1 1 1n p q pq p q n p q) ,φ = −
− = + − + = + − +
it follows that ( )1p q n nφ+ = + − . Once we know the product
pq = nand the sum ( )1p q n nφ+ = + − , the primes can be
determined by solving a quadratic equation,
,p q( )( )2 1 0x n n x nφ− + − + = .
-
EULER’S THEOREM
Let be an integer and let 2n ≥ na∈ be an invertible element.
Then
( ) 1 in n na
φ =
Example: Let n=10 and let a=3 (an invertible element in ). Then
10 (10)φ =4 (see previous example) and
in . 43 81= =1 10
PROOF: The set consisting of the invertible elements of form
a
group under multiplication – the group n
( )nU of units of the ring . Sincen ( ) ( )nn Uφ = and since any
element of a finite group (
x
),G ⋅ satisfies 1Gx = , the result follows.
SPECIAL CASE – FERMAT’S THEOREM
Let pbe a prime number, and let ,pa a 0∈ ≠ . Then 1 1 in p pa−
=
-
3. Classical cryptosystems
Letter – by letter encryption by using an affine cryptosystem:
the encryption formula is given by a function of the form 26 26: f
x ax→ + b , where is the (numerical representation of) the
alphabet, while is an invertible element in the ring (that is,
26
26a∈26 { }1,3,5,7,9,11,15,17,19,21,23,25a∈ ).
THE ALPHABET
A B C D E F G H I J K L M N O0 1 2 3 4 5 6 7 8 9 10 11 12 13
14
P Q R S T U V W X Y Z 15 16 17 18 19 20 21 22 23 24 25
Example: the affine encryption 9 2x x 0+ mod 26 transforms the
plaintext “FRIDAY” into the cyphertext “NROVUC”.
-
Decryption: inverting a linear function
( ): , n nf f x ax b→ = + , na b∈ , a invertible
( ) ( )1 1 1ax b y ax y b a ax a y b x a y a b1− − −+ = ⇒ = − ⇒
= − ⇒ = − −
Thus the inverse of f is given by
( )1 1 1: , n n 1f f x a x a− − −→ = b−−
6
Example: For the affine encryption
9 20 mod 2x x + the decryption formula will be given by
1 19 9x x 20− −− ⋅ that is,
3 18 mod 2x x 6+ Double Letter Encryption uses a similar
process, but it is more difficult to perform a frequency analysis
on blocks of two letters especially on short messages, and is
therefore more secure. Blocks of two letters
or digraphs from AA to ZZ can be changed to numerical code using
the form: (qx)
( ) 2 67626(26) qx q x =→ + ∈
-
For example, the message “MEET ME AT FOUR” would be broken up
into digraphs as ME ET ME AT FO UR, and disregarding spaces would
become: 316 123 316 19 144 537 This numerical code would then be
encrypted using a formula such as:
103 5mod676x x− The encrypted numerical code would be: 95 496 95
600 631 550 Finally, this numerical code is translated into the
scrambled plaintext: “DR TC DR XC YH VE” To decode this message the
receiver would use the decryption formula:
1 1103 103 (5)mod676x x− −+ or
571 151mod676x x + , and then divide that numerical code by 26
to get the decrypted digraph ( being the quotient and
the remainder). ( )qx q
x
-
Double letter encryption follows this pattern: Digraph ( )qx
↓ Numerical Code
↓ Encryption with Key
↓ Numerical Code
↓ Encrypted Message
Multiple letter encryption also follows this pattern for triples
of letters using , quadruples using ,etc. 326Z 426Z
( )( ) ( )( )
( ) { }
1 2 1
1
0
...
26 0,1,..., 26 1
k k
ki k
ii
letter letter letter letter
letter
− −
−
=
↓
↓
⋅ ∈ −∑
0
-
For example: The quadruple “four” would be encrypted by:
4
0 1 2 3
26
(26 ) (26 ) (26 ) (26 )17(1) 20(26) 14(676) 5(17576) 97871r u o
f+ + + =
+ + + = ∈
The One-Time Pad
The One-Time Pad, which is also known as the Vernan cipher was
created by Gilbert Vernan (AT&T) in 1917 (U.S. Patent
01310719). It is the only currently known unconditionally secure
cryptosystem. The inconvenience lies in the fact that the persons
communicating secretly have to trade pads, and also in the fact
that the length of the key must be at least equal to the length of
the message to be encrypted. Using MATLAB to generate a
(quasi)random sequence of elements of : 26
-
function otp = otp(n)n=input('enter n: ');x=rand(1,n);for I=1:n;
y(I)=floor(26*x(I));endotp=y;
The one-time pad would basically add, term-by-term, the terms of
the random sequence to the terms of the sequence representing the
numerical values of the letters in the plaintext. The unconditional
security of the one-time-pad is contingent on the good randomness
properties of the key.
-
The advantages of the one time pad compared with other classical
systems are evident especially in short messages. Consider a battle
in which a general wished to send a message of either “ADVANCE” or
“RETREAT”. Using the affine cryptosystem, the two A’s in advance or
the two E’s in retreat would be encrypted to the same letter and
simply by looking at their placement, one could easily break the
code. However, with the one time pad, the encryption is completely
random and without the key, it would be impossible to decipher
which seven letter message the general had sent.
-
A RANDOM SEQUENCE OF ONE THOUSAND LETTERS First we used the "o
program to generate a random sequence of 1000 elements of . A
second program translates each element of the random string
generated previously into a letter (viewed as a string of length
one). Finally a third program is used to concatenate the one
thousand strings of length one into a single character string of
length 1000.
tp"26
iybvexpdtqqusyjiibejzrcdpunmukmawzfanqrxgdzvelqsyazkunwkqkxzwsnyiijgqwxocygtnnusmzasncbmhvpcgkkutiamftyyoegnvlrjkzarkxtuwufuszsebmthhgwfoduobtiuvdvzmkmoeznrlhljqglumzpfnfivkvukwadbekfktyirkeqkdgyhfrnmirfogghvonfgzfvbyrhbimgzwyaukvmkeychvidvkfnycbjuzxxvpflskeqqbdloiralavaicjawqsyzmylyzjiadnpgwofhakhibgiyoyxzbzvhcxhonqfsasbbdscbvamyxjkrafyeotephcovvlrqzjcaxvasolyoejvcswfdxfcqauvktnceddibzkexilmcwrvhbkfvnjmnnfykuzmjssvgadhemycqdduiujueqjxnkvhhfocqlmovutqbqyawdkkksgrfnqpldtcwchsgvtbbzrvayqhkfpdvlmzqrycmkxurwaupivujnqelysqxyoazblxnoetvrlaidhkbqwkehtjaiqveailyzzglmiwdoibgvdvkzrhckcazxqicpltiuxnrquigmuqszjfiypgviaevcbtqoirvxypzllyvphnrhjzqqnmkgfuebtbmmgqlgjpzwedpxgvwwjcteoixgchjxzgiaimitdezrtxmwbprhbyqaxmwztwsnfkotkaggopbmdrmcqcwpveybqwnchpeobvfdzqtssgshulbmrxfzbzpuozrptxcatqadjzfcmrhalzhzvhswylkwsgsmmirgxmqhrdyvgrzozyibbekpbofnequaupyrarqtjzsmvesjhjvrtsbcthhkmbnlyqcmbexsdkztswvlgrehuijymdmysjbdtmkqngypfzrtkypatcnxjexjtjmzigjuujobljtezrxjkkkjbdznxdvbedvobjhonczluqwqygjblqc
opbfgycfopakugokecpoo
-
4. MODULAR EXPONENTIATION
Assume we are given an element na∈ and we want to calculate the
power K na ∈ for some very large . K Calculating ( ) ( )2 3 2 4 3,
, , ,..., Ka a a a a a a a a= ⋅ = ⋅ will take a substantial amount
of time (we will need about multiplications, which for an extremely
large (think about 100 digit numbers) is unfeasible.
KK
THE FAST EXPONENTIATION BY REPEATED SQUARING
Calculate
( ) ( )( ) ( )
0 1 0 2 1
3 2 1
2 22 2 2 2 2
2 22 2 2 2
, ,
,...,t t
a a a a a a
a a a a−
⎛ ⎞ ⎛= = =⎜ ⎟ ⎜⎝ ⎠ ⎝
⎛ ⎞ ⎛ ⎞= =⎜ ⎟ ⎜ ⎟⎝ ⎠ ⎝ ⎠
,⎞⎟⎠
,
where2 is the largest power of 2that is less than or equal to .
t K
By using the base 2 expansion of , we get K12 ... 2 rd dK = + +
with 1 20 ... rd d d t≤ < < < ≤ .
Then we multiply( )in n and we get, by using exponent laws,
1 22 2 ...
dd d tKa a a a2= ⋅ ⋅ ⋅
-
It turns out that the above exponentiation algorithm is much
more efficient (we need about ( )2logO K
=
⋅
multiplications!) EXAMPLE: 1217, 5613, 315703a K n= = =We need
to compute 5613 3157031217a = ∈Write the exponent in base 2: K
21010111101101That is,
0 2 3 5 6 7 8 10 125613 2 2 2 2 2 2 2 2 21 4 8 32 64 128 256
1024 4096
= + + + + + + + ++ + + + + + + +
0 25613 2 21217 1217 1217 ...⇒ = ⋅ Then, in we have: 315703
021217 1217= 1217P → 12 21217 1217 218277= =
22 21217 218277 214781= = 1217 214781 302096P → ⋅ =32 21217
214781 39898= = 302096 39898 117074P → ⋅ =42 21217 39898 75878=
=
52 21217 75878 310976= = 117074 310976 18561P → ⋅ =62 21217
310976 245319= = 18561 245319 297293P → ⋅ =
72 21217 245319 211683= = 297293 211683 269505P → ⋅ =82 21217
211683 71481= = 269505 71481 289845P → ⋅ =
92 21217 71481 196009= = 102 21217 196009 51496= = 289845 51496
51686P → ⋅ =
112 21217 51496 248519= = 122 21217 248519 84065= = 51686 84065
278904P → ⋅ =
THEREFORE 5613 3157031217 278904a = = ∈
-
5. THE RSA CRYPTOSYSTEM
5.1. THE RSA SETUP: WHAT SHOULD ALICE DO?
To set up an RSA cryptosystem, Alice will have to do the
following: • First she will pick up two large primes ,p q (these
will
not be made public) and will calculate the product
N pq= The large number will be made public. N
• Next she calculates ( ) ( )( )1N p q 1φ = − − and keeps (N )φ
for herself.
• She then picks up an integerewhich is invertible ( )mod Nφ .
The number will be made public. This will be Alice’s public
eencryption key. In a
public directory everybody could see the numbers e and . N
• Finally she uses the Extended Euclidean Algorithm to calculate
the inverse ( )1 mod Nd e φ−= . This will be the private decryption
key for Alice.
-
Now assume that Bob wants to send Alice a message. We will
assume the message is represented by an element
(if the message is large, Bob will break it into pieces, each
piece of the message being represented as an element of ).
Nx∈
N
First Bob looks up in the public directory under the user
“Alice” and finds out the numbers and . N e Then Bob uses fast
exponentiation to compute the power
e Ny x= ∈ This will be the enciphered message (“cipher text”)
going over the wire. Finally, Alice receives Ny∈ and uses the
private decryption key to decipherd y , by calculating . d Ny x=
∈
PROOF OF dy x= Since ( )1 mod Nd e φ−= , we have
( )1 , for some de k N kφ= + ∈ Say ( )nx U∈ . Then
( ) ( ) ( )1 1kd k N Nd e de ky x x x x x xφ φ+ ⎡ ⎤= = = = ⋅ = ⋅
x=⎣ ⎦ .
One can show that also holds true for all other . dy = x nx∈
-
APPENDIX 1
MATLAB PROGRAMS WRITTEN IN THE COURSE OF THE PRESENT
RESEARCH
function nlet=nlet(x) n=size(x,2); nlet=codel(x(1)); for I=1:n;
z=codel(x(I)); nlet=strcat(z,nlet); end;
function aencrypt=aencrypt(x,a,b) y=strcode(x); n=size(y,2); for
I=1:n; z(I)=mod(a*y(I)+b,26); end for I=1:n; w(I)=codel(z(I)); end
aencrypt=w
function codel = codel(n) if n ==0; codel='a'; elseif n ==1;
codel='b'; elseif n ==2; codel='c'; elseif n ==3; codel='d'; elseif
n ==4; codel='e'; elseif n ==5; codel='f'; elseif n ==6; codel='g';
elseif n ==7; codel='h'; elseif n ==8; codel='i'; elseif n ==9;
codel='j'; elseif n ==10; codel='k'; elseif n ==11; codel='l';
elseif n ==12; codel='m'; elseif n ==13; codel='n'; elseif n ==14;
codel='o'; elseif n ==15; codel='p'; elseif n ==16; codel='q';
elseif n ==17; codel='r'; elseif n ==18; codel='s'; elseif n ==19;
codel='t'; elseif n ==20; codel='u'; elseif n ==21; codel='v';
elseif n ==22; codel='w'; elseif n ==23; codel='x'; elseif n ==24;
codel='y'; else codel='z'; end
function lcode = lcode(letter) if letter =='a'; lcode=0 elseif
letter =='b'; lcode=1 elseif letter =='c'; lcode=2 elseif letter
=='d'; lcode=3 elseif letter =='e'; lcode=4 elseif letter =='f';
lcode=5 elseif letter =='g'; lcode=6 elseif letter =='h'; lcode=7
elseif letter =='i'; lcode=8 elseif letter =='j'; lcode=9 elseif
letter =='k'; lcode=10 elseif letter =='l'; lcode=11 elseif letter
=='m'; lcode=12 elseif letter =='n'; lcode=13 elseif letter =='o';
lcode=14 elseif letter =='p'; lcode=15 elseif letter =='q';
lcode=16 elseif letter =='r'; lcode=17 elseif letter =='s';
lcode=18 elseif letter =='t'; lcode=19 elseif letter =='u';
lcode=20 elseif letter =='v'; lcode=21 elseif letter =='w';
lcode=22 elseif letter =='x'; lcode=23 elseif letter =='y';
lcode=24 else lcode=25 end
function otp = otp(n) x=rand(1,n); for I=1:n;
y(I)=floor(26*x(I)); end otp=y;
function adecrypt=adecrypt(x,a,b) y=strcode(x); n=size(y,2);
c=mod(a^(11),26); for I=1:n; z(I)=mod(c*(y(I)-b),26); end for
I=1:n; w(I)=codel(z(I)); end adecrypt=w
-
ONE TIME PAD ENCRYPTION/DECRYPTION function
otpencrypt=otpencrypt(x,onetime) y=strcode(x); n=size(y,2); for
I=1:n; z(I)=mod(y(I)+onetime(I),26); end for I=1:n;
w(I)=codel(z(I)); end otpencrypt=w function
otpdecrypt=otpdecrypt(x,onetime) y=strcode(x); n=size(y,2); for
I=1:n; z(I)=mod(y(I)-onetime(I),26); end for I=1:n;
w(I)=codel(z(I)); end otpdecrypt=w
-
REFERENCES
1. Douglas R. Stinson, Cryptography – Theory and Practice,
Second Edition, Chapman & Hall, 2002
2. Sarah Flannery, In Code – A Mathematical Journey, Algonquin
Books of Chapel Hill, 2002
3. One-time Pad, http://en.wikipedia.org/wiki/One-time_pad
http://en.wikipedia.org/wiki/One-time_pad