An Introduction to Cryptography

weyrharrasΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

89 εμφανίσεις





AN INTRODUCTION TO
CRYPTOGRAPHY



Allison Mackay




Advisor Dr. Mihai Caragiu

CONTENTS

1. Rudiments of number theory
2. Euler’s Phi function
3. Classical cryptosystems and one time pad
4. Modular exponentiation
5. The RSA cryptosystem



2000 MATHEMATICS SUBJECT CLASSIFICATION: 11T71, 11A07





1. Rudiments of Number Theory

1.1. Residue class rings – abstract definitions


Let. Define to be the set of all possible remainders
when dividing by
n
, that is,
2n ≥
n
]
{
}
0,1,...,1
n
n
=
−]

On we have an addition modulo
n
]
n
( )
(
)
, mo i j i j n
d
+
6
,
a multiplication modulo
n
( )
(
)
, mo i j i j n
d

6
,
two distinguished constants:
0,1
n

]
,
and an “opposite” function
(
)
mod x x
n

6
.
Together with these operations,
(
)
,,,0,1
+
⋅ −

n
]

is a commutative ring with identity, that is, the
following axioms are satisfied:

( ) ( )
( )
0
0
x
y y x
x
y z x y
x x
z
x
x
+ = +
+ + = + +
+ − =
+ =

( ) ( )
( )
1
x
y y
x
x
y
z x
y
z
x x
x
y
z x
y
x z

= ⋅
⋅ ⋅ = ⋅ ⋅
⋅ =

+ = ⋅ + ⋅



Examples
In
{
}
2
0,1
=]
we have
1 1
0
+
=
and
(
)
2
2 2
x y x y
+
= +

In
{
}
7
0,1,2,3,4,5,6
=]
we have
3 4
0
+
=
and
3 4 5⋅ =
In
{
}
6
0,1,2,3,4,5
=]
we have
3 4
1
+
=
and
3 4

0⋅ =
In
{
}
80
0,1,...,79
=]
we have
4
3 1
=


1.2.

Invertible elements in

n
]

An element is called “invertible” if there exists
an element such that
n
x∈]
n
y∈]
1x y

=

Note that in the case that such an element
y
exists, it
is necessarily unique, and is denoted by
1
x

.

Examples

14
3∈]
is invertible and
1
3 5

=

19
7∈]
is invertible and
1
7 1
1

=

4
2∈]
is not invertible.






Finding inverses in
n
]
( )
(
)
gcd,d a b x y d ax by
= ⇒∃ ∃ =
+

Example:
(
)
37,29 gcd,1,
11,14
a b d a b
x y
= = ⇒ = =
= = −
( )
1 37 11 29 14
= ⋅ + ⋅ −


EXTENDED EUCLIDEAN ALGORITHM
q

r

x
y

37
1
0

29
0
1
1
8
1
–1
3
5
–3
4
1
3
4
–5
1
2
–7
9
2
1
11
–14

To find the inverse of
n
a

]
, run the Extended
Euclidean Algorithm to find such
that
,,d x y
(
)
gcd,d a
=
n y
andd a
x n
=
+
. If then ahas
no inverse. If, then
1d >
1d =
1
moda x
n

=
.
For example the inverse of in is
29
37
]
14 mod37

,
that is 23:
1
37
29 23 in

=
]



2. The Euler’s Phi Function.
Definition

( )
n
number of invertible elements in n
φ
= ]


Example
(
)
10 4
φ
=
, because the invertible elements in are
precisely
1,
.
10
]
3,7,9

Equivalently

( )
(
)
{
}
#0,...,1| gcd,1n x n x nφ = = − =



THEOREM
( )
1 2
1 1
1 1...1
k
n n
p p p
φ

1

⎛ ⎞⎛ ⎞
= − − −


⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠ ⎝


where
1 2
,,...,
k
p
p
p
are all prime factors of .
n


Example:
1 1
(10) 10 1 1 4
2 5
φ
⎛ ⎞⎛ ⎞
⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠
= − − =




PROOF.
We want to count the number of elements
{
}
0,1,...,1x n


satisfying the
(
)
gcd,1x n
=
.
Note that the condition
(
)
gcd,1k n
=
is equivalent to
1
|
,...,
|
k
p x p
x

Let
i
A
be the set of elements
{
}
0,1,...,1x n


with
|
i
p
x
.
Then the union
1 2
...
k
A
A
∪ ∪ ∪
A
represents the set of all
elements
{
}
0,1,...,1x n


which are divisible by at least
one of the primes
1
,...,
k
p
p
, that is, which are NOT
relatively prime to . By the inclusion-exclusion principle
n

( )
( )
1
1
1 2
1
1 2
1 2
...
....1...
...1
...
1 1 1
1 1 1...1
k i i j
i i j
k
i j l k
i j l
n
i i j i j l
i i j i j l
k
A A A A A
A A A A A A
n n n n
p p p p p p p p p
n
p p p
<

< <

< < <
= − +
+ + + −
= − + + + −
⎡ ⎤
⎛ ⎞⎛ ⎞⎛ ⎞
= − − − −
⎢ ⎥
⎜ ⎟⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠ ⎝ ⎠
⎣ ⎦
∑ ∑

∑ ∑ ∑
∪ ∪ ∩
∩ ∩ ∩ ∩ ∩
k
=
=


Therefore
( )
1
1 2
1 1
...1 1...1
k
k
n n A A n
1
p
p p
φ


⎛ ⎞⎛ ⎞
= − = − − −


⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠ ⎝

∪ ∪




SPECIAL CASE

, with , distinct primesn pq p q
=


Then

( )
( )(
1 1 1 1
1 1 ( )( ) 1
p q
n n pq p q
p q p q
φ
⎛ ⎞⎛ ⎞ − −
= − − = = − −
⎜ ⎟⎜ ⎟
⎝ ⎠⎝ ⎠
)
1



If and if we know
, with , distinct primesn pq p q
=
n
and
( )
n
φ
then we can factor.
n


Indeed, since
( ) ( )( )
(
) (
1 1 1 1n p q pq p q n p q
)
,
φ
= − − = + − + = + − +

it follows that
(
)
1p q n n
φ
+ = + −
. Once we know the
product
p
q =
n
and the sum
( )
1p q n n
φ
+
= + −
, the
primes can be determined by solving a quadratic
equation,
,
p q
(
)
( )
2
1 0x n n x nφ− + − + =
.




EULER’S THEOREM


Let be an integer and let
2n ≥
n
a

]
be an invertible
element. Then

(
)
1 in
n
n
a
φ
= ]


Example: Let n=10 and let a=3 (an invertible element
in

). Then
10
]
(10)
φ
=4 (see previous example) and
in
.
4
3 81
= =
1
10
]

PROOF: The set consisting of the invertible elements of form a
group under multiplication – the group
n
]
(
)
n
U
]
of units of the
ring. Since
n
]
(
)
(
)
n
n Uφ = ]
and since any element of a
finite group
(
x
)
,G

satisfies
1
G
x
=
, the result follows.


SPECIAL CASE

FERMAT’S THEOREM


Let
p
be a prime number, and let
,
p
a a
0

≠]
. Then
1
1 in
p
p
a

=
]




3. Classical cryptosystems

Letter – by letter encryption by using an affine
cryptosystem: the encryption formula is given by a
function of the form
26 26
:
f
x ax→ +] ] 6
b
,
where is the (numerical representation of) the
alphabet, while is an invertible element in the
ring (that is,
26
]
26
a∈]
26
]
{
}
1,3,5,7,9,11,15,17,19,21,23,25a∈
).

THE ALPHABET

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14

P
Q
R
S
T
U
V
W
X
Y
Z
15
16
17
18
19
20
21
22
23
24
25


Example: the affine encryption
9 2x x
0
+
6
mod 26
transforms the plaintext “FRIDAY” into the
cyphertext “NROVUC”.






Decryption: inverting a linear function
(
)
: ,
n n
f
f x ax b
→ =] ]
+

,
n
a b

]
, ainvertible

(
)
(
)
1 1 1
ax b y ax y b a ax a y b x a y a b
1

− −
+ = ⇒ = − ⇒ = − ⇒ = −



Thus the inverse of
f
is given by

(
)
1 1 1
: ,
n n
1
f
f x a x a
− − −
→ =] ]
b


6


Example: For the affine encryption
9 20 mod 2x x
+
6

the decryption formula will be given by
1 1
9 9x x
20



⋅6

that is,
3 18 mod 2x x
6
+
6


Double Letter Encryption uses a similar process, but
it is more difficult to perform a frequency analysis on
blocks of two letters especially on short messages,
and is therefore more secure. Blocks of two letters
or digraphs from AA to ZZ can be changed to
numerical code using the form:
(
qx
)
(
)
2
676
26
(26) qx q x
=
→ + ∈
]
]


For example, the message “MEET ME AT FOUR”
would be broken up into digraphs as ME ET ME AT
FO UR, and disregarding spaces would become:

316 123 316 19 144 537

This numerical code would then be encrypted using a
formula such as:
103 5mod676x x

6


The encrypted numerical code would be:

95 496 95 600 631 550

Finally, this numerical code is translated into the
scrambled plaintext:

“DR TC DR XC YH VE”

To decode this message the receiver would use the
decryption formula:
1 1
103 103 (5)mod676x x


+6

or
571 151mod676x x
+
6
,
and then divide that numerical code by 26 to get the
decrypted digraph ( being the quotient and
the remainder).
( )
qx
q
x
Double letter encryption follows this pattern:
Digraph
(
)
qx




N
umerical Code



Encryption with Key




N
umerical Code



Encrypted Message

Multiple letter encryption also follows this pattern for
triples of letters using, quadruples using,etc.
3
26
Z
4
26
Z
( )( )
(
)
(
)
( )
{ }
1 2 1
1
0
...


26 0,1,...,26 1
k k
k
i k
i
i
letter letter letter letter
letter
− −

=


⋅ ∈ −

0




For example: The quadruple “four” would be
encrypted by:

4
0 1 2 3
26
(26 ) (26 ) (26 ) (26 )
17(1) 20(26) 14(676) 5(17576) 97871
r u o f+ + + =
+ + + = ∈]

The One-Time Pad



The One-Time Pad, which is also known as the Vernan
cipher was created by Gilbert Vernan (AT&T) in 1917
(U.S. Patent
01310719
). It is the only currently known
unconditionally secure cryptosystem. The inconvenience
lies in the fact that the persons communicating secretly
have to trade pads, and also in the fact that the length of the
key must be at least equal to the length of the message to be
encrypted.





Using MATLAB to generate a (quasi)random sequence of
elements of:
26
]








function otp = otp(n)
n=input('enter n: ');
x=rand(1,n);
for I=1:n;
y(I)=floor(26*x(I));
end
otp=y;



The one-time pad would basically add, term-by-term,
the terms of the random sequence to the terms of the
sequence representing the numerical values of the letters in
the plaintext. The unconditional security of the one-time-
pad is contingent on the good randomness properties of the
key.













The advantages of the one time pad compared with
other classical systems are evident especially in short
messages. Consider a battle in which a general wished to
send a message of either “ADVANCE” or “RETREAT”.
Using the affine cryptosystem, the two A’s in advance or
the two E’s in retreat would be encrypted to the same letter
and simply by looking at their placement, one could easily
break the code. However, with the one time pad, the
encryption is completely random and without the key, it
would be impossible to decipher which seven letter
message the general had sent.




















A RANDOM SEQUENCE OF ONE THOUSAND LETTERS

First we used the
"o
program to generate a random sequence of 1000
elements of. A second program translates each element of the random
string generated previously into a letter (viewed as a string of length one).
Finally a third program is used to concatenate the one thousand strings of
length one into a single character string of length 1000.
tp"
26
]


iybvexpdtqqusyjiibejzrcdpunmukmawzfanqrxgdzvelqsyazk
unwkqkxzwsnyiijgqwxocygtnnusmzasncbmhvpcgkkutiamf
tyyoegnvlrjkzarkxtuwufuszsebmthhgwfoduobtiuvdvzmkmo
eznrlhljqglumzpfnfivkvukwadbekfktyirkeqkdgyhfrnmirfog
ghvonfgzfvbyrhbimgzwyaukvmkeychvidvkfnycbjuzxxvpfl
skeqqbdloiralavaicjawqsyzmylyzjiadnpgwofhakhibgiyoyxz
bzvhcxhonqfsasbbdscbvamyxjkrafyeotephcovvlrqzjcaxvas
olyoejvcswfdxfcqauvktnceddibzkexilmcwrvhbkfvnjmnnfyk
uzmjssvgadhemycqdduiujueqjxnkvhhfocqlmovutqbqyawdk
kksgrfnqpldtcwchsgvtbbzrvayqhkfpdvlmzqrycmkxurwaupi
vujnqelysqxyoazblxnoetvrlaidhkbqwkehtjaiqveailyzzglmiw
doibgvdvkzrhckcazxqicpltiuxnrquigmuqszjfiypgviaevcbtqo
irvxypzllyvphnrhjzqqnmkgfuebtbmmgqlgjpzwedpxgvwwjc
teoixgchjxzgiaimitdezrtxmwbprhbyqaxmwztwsnfkotkaggo
pbmdrmcqcwpveybqwnchpeobvfdzqtssgshulbmrxfzbzpuoz
rptxcatqadjzfcmrhalzhzvhswylkwsgsmmirgxmqhrdyvgrzoz
yibbekpbofnequaupyrarqtjzsmvesjhjvrtsbcthhkmbnlyqcmb
exsdkztswvlgrehuijymdmysjbdtmkqngypfzrtkypatcnxjexjtj
mzigjuujobljtezrxjkkkjbdznxdvbedvobjhonczluqwqygjblqc
opbfgycfopakugokecpoo


4. MODULAR EXPONENTIATION

Assume we are given an element
n
a

]
and we want to calculate
the power
K
n
a

]
for some very large.
K

Calculating
(
)
(
)
2 3 2 4 3
,,,,...,
K
a a a a a a a a a= ⋅ = ⋅
will take
a substantial amount of time (we will need about multiplications,
which for an extremely large (think about 100 digit numbers) is
unfeasible.
K
K

THE FAST EXPONENTIATION BY REPEATED SQUARING

Calculate
(
)
(
)
( ) ( )
0 1 0 2 1
3 2 1
2 2
2 2 2 2 2
2 2
2 2 2 2
,,
,...,
t t
a a a a a a
a a a a

⎛ ⎞ ⎛
= = =
⎜ ⎟ ⎜
⎝ ⎠ ⎝
⎛ ⎞ ⎛ ⎞
= =
⎜ ⎟ ⎜ ⎟
⎝ ⎠ ⎝ ⎠
,



,
where
2
is the largest power of
2
that is less than or equal to.
t
K

By using the base 2 expansion of, we get
K
1
2...2
r
d d
K
= + +
with
1 2
0...
r
d d d
t

< < < ≤
.

Then we multiply
(
)
in
n
]
and we get, by using exponent laws,

1 2
2 2
...
dd d
t
K
a a a a
2
=
⋅ ⋅ ⋅




It turns out that the above exponentiation algorithm is much more
efficient (we need about
(
)
2
logO
K
=

multiplications!)

EXAMPLE:
1217,5613,315703
a K n= = =
We need to compute
5613
315703
1217a = ∈]
Write the exponent in base 2:
K
2
1010111101101
That is,
0 2 3 5 6 7 8 10 12
5613 2 2 2 2 2 2 2 2 2
1 4 8 32 64 128 256 1024 4096
= + + + + + + + +
+ + + + + + + +

0 2
5613 2 2
1217 1217 1217...⇒ = ⋅
Then, in we have:
315703
]

0
2
1217 1217=

1217
P


1
2 2
1217 1217 218277= =


2
2 2
1217 218277 214781= =

1217 214781 302096
P
→ ⋅ =
3
2 2
1217 214781 39898= =

302096 39898 117074P → ⋅ =
4
2 2
1217 39898 75878= =


5
2 2
1217 75878 310976= =

117074 310976 18561
P
→ ⋅ =
6
2 2
1217 310976 245319= =

18561 245319 297293
P
→ ⋅ =
7
2 2
1217 245319 211683= =

297293 211683 269505
P
→ ⋅ =
8
2 2
1217 211683 71481= =

269505 71481 289845
P
→ ⋅ =

9
2 2
1217 71481 196009= =


10
2 2
1217 196009 51496= =

289845 51496 51686
P
→ ⋅ =

11
2 2
1217 51496 248519= =

12
2 2
1217 248519 84065= =

51686 84065 278904
P
→ ⋅ =

THEREFORE
5613
315703
1217 278904a
=
= ∈]




5. THE RSA CRYPTOSYSTEM



5.1. THE RSA SETUP: WHAT SHOULD ALICE DO?


To set up an RSA cryptosystem, Alice will have to do the
following:

• First she will pick up two large primes
,
p
q
(these
will
not
be made public) and will calculate the product

N p
q
=

The large number will be made public.
N
• Next she calculates
(
)
(
)
(
)
1N p q
1
φ
=
− −
and keeps
(
N
)
φ
for herself.
• She then picks up an integer
e
which is
invertible
(
)
mod N
φ
. The number will be made
public. This will be Alice’s public
e
encryption key
. In a
public directory everybody could see the numbers
e

and .
N
• Finally she uses the Extended Euclidean Algorithm to
calculate the inverse
(
)
1
mod Nd e
φ

=
. This will
be the
private decryption key
for Alice.

Now assume that Bob wants to send Alice a message.
We will assume the message is represented by an element
(if the message is large, Bob will break it into
pieces, each piece of the message being represented as an
element of ).
N
x∈]
N
]

First Bob looks up in the public directory under the user
“Alice” and finds out the numbers and .
N
e

Then Bob uses fast exponentiation to compute the power

e
N
y x
=
∈]


This will be the enciphered message (“cipher text”) going
over the wire.

Finally, Alice receives
N
y

]
and uses the private
decryption key to decipher
d
y
, by
calculating.
d
N
y x= ∈]
PROOF OF
d
y x
=

Since
(
)
1
mod Nd e
φ

=
, we have
(
)
1, for some de k N k
φ
= + ∈]

Say
(
)
n
x U
∈ ]
. Then
( )
( ) ( )
1
1
k
d
k N N
d e de k
y x x x x x x
φ φ+
⎡ ⎤
= = = = ⋅ = ⋅
x=


.
One can show that also holds true for all other.
d
y =
x
n
x∈]


APPENDIX 1

MATLAB PROGRAMS WRITTEN IN THE COURSE OF THE PRESENT RESEARCH


function nlet=nlet(x)
n=size(x,2);
nlet=codel(x(1));
for I=1:n;
z=codel(x(I));
nlet=strcat(z,nlet);
end;

function
aencrypt=aencrypt(x,a,b)
y=strcode(x);
n=size(y,2);
for I=1:n;
z(I)=mod(a*y(I)+b,26);
end
for I=1:n;
w(I)=codel(z(I));
end
aencrypt=w

function codel = codel(n)
if n ==0;
codel='a';
elseif n ==1;
codel='b';
elseif n ==2;
codel='c';
elseif n ==3;
codel='d';
elseif n ==4;
codel='e';
elseif n ==5;
codel='f';
elseif n ==6;
codel='g';
elseif n ==7;
codel='h';
elseif n ==8;
codel='i';
elseif n ==9;
codel='j';
elseif n ==10;
codel='k';
elseif n ==11;
codel='l';
elseif n ==12;
codel='m';
elseif n ==13;
codel='n';
elseif n ==14;
codel='o';
elseif n ==15;
codel='p';
elseif n ==16;
codel='q';
elseif n ==17;
codel='r';
elseif n ==18;
codel='s';
elseif n ==19;
codel='t';
elseif n ==20;
codel='u';
elseif n ==21;
codel='v';
elseif n ==22;
codel='w';
elseif n ==23;
codel='x';
elseif n ==24;
codel='y';
else
codel='z';
end

function lcode = lcode(letter)
if letter =='a';
lcode=0
elseif letter =='b';
lcode=1
elseif letter =='c';
lcode=2
elseif letter =='d';
lcode=3
elseif letter =='e';
lcode=4
elseif letter =='f';
lcode=5
elseif letter =='g';
lcode=6
elseif letter =='h';
lcode=7
elseif letter =='i';
lcode=8
elseif letter =='j';
lcode=9
elseif letter =='k';
lcode=10
elseif letter =='l';
lcode=11
elseif letter =='m';
lcode=12
elseif letter =='n';
lcode=13
elseif letter =='o';
lcode=14
elseif letter =='p';
lcode=15
elseif letter =='q';
lcode=16
elseif letter =='r';
lcode=17
elseif letter =='s';
lcode=18
elseif letter =='t';
lcode=19
elseif letter =='u';
lcode=20
elseif letter =='v';
lcode=21
elseif letter =='w';
lcode=22
elseif letter =='x';
lcode=23
elseif letter =='y';
lcode=24
else
lcode=25
end

function otp = otp(n)
x=rand(1,n);
for I=1:n;
y(I)=floor(26*x(I));
end
otp=y;
function
adecrypt=adecrypt(x,a,b)
y=strcode(x);
n=size(y,2);
c=mod(a^(11),26);
for I=1:n;
z(I)=mod(c*(y(I)-b),26);
end
for I=1:n;
w(I)=codel(z(I));
end
adecrypt=w




ONE TIME PAD ENCRYPTION/DECRYPTION

function otpencrypt=otpencrypt(x,onetime)
y=strcode(x);
n=size(y,2);
for I=1:n;
z(I)=mod(y(I)+onetime(I),26);
end
for I=1:n;
w(I)=codel(z(I));
end
otpencrypt=w

function otpdecrypt=otpdecrypt(x,onetime)
y=strcode(x);
n=size(y,2);
for I=1:n;
z(I)=mod(y(I)-onetime(I),26);
end
for I=1:n;
w(I)=codel(z(I));
end
otpdecrypt=w







REFERENCES


1. Douglas R. Stinson, Cryptography – Theory and
Practice, Second Edition, Chapman & Hall, 2002
2. Sarah Flannery, In Code – A Mathematical Journey,
Algonquin Books of Chapel Hill, 2002
3. One-time Pad,
http://en.wikipedia.org/wiki/One-time_pad