EE 418 Network Security and Cryptography Lecture #3

Similar documents
EE 418: Network Security and Cryptography

Classical Cryptography

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Linear Congruences. The solutions to a linear congruence ax b (mod m) are all integers x that satisfy the congruence.

Fermat s little theorem. RSA.

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Cryptography, Number Theory, and RSA

The number theory behind cryptography

NUMBER THEORY AMIN WITNO

1 Introduction to Cryptology

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

Data security (Cryptography) exercise book

Number Theory - Divisibility Number Theory - Congruences. Number Theory. June 23, Number Theory

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Assignment 2. Due: Monday Oct. 15, :59pm

SOLUTIONS TO PROBLEM SET 5. Section 9.1

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

DUBLIN CITY UNIVERSITY

LECTURE 3: CONGRUENCES. 1. Basic properties of congruences We begin by introducing some definitions and elementary properties.

DUBLIN CITY UNIVERSITY

b) Find all positive integers smaller than 200 which leave remainder 1, 3, 4 upon division by 3, 5, 7 respectively.

6. Find an inverse of a modulo m for each of these pairs of relatively prime integers using the method

Math 1111 Math Exam Study Guide

Introduction to Modular Arithmetic

CHAPTER 2. Modular Arithmetic

Solutions for the Practice Questions

Distribution of Primes

MA 111, Topic 2: Cryptography

p 1 MAX(a,b) + MIN(a,b) = a+b n m means that m is a an integer multiple of n. Greatest Common Divisor: We say that n divides m.

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Drill Time: Remainders from Long Division

Algorithmic Number Theory and Cryptography (CS 303)

Solutions for the Practice Final

Math 255 Spring 2017 Solving x 2 a (mod n)

Sheet 1: Introduction to prime numbers.

The congruence relation has many similarities to equality. The following theorem says that congruence, like equality, is an equivalence relation.

Public-Key Cryptosystem Based on Composite Degree Residuosity Classes. Paillier Cryptosystem. Harmeet Singh

Exam 1 7 = = 49 2 ( ) = = 7 ( ) =

Number Theory/Cryptography (part 1 of CSC 282)

Final exam. Question Points Score. Total: 150

Primitive Roots. Chapter Orders and Primitive Roots

Wilson s Theorem and Fermat s Theorem

Solutions to Problem Set 6 - Fall 2008 Due Tuesday, Oct. 21 at 1:00

Number Theory and Public Key Cryptography Kathryn Sommers

Modular Arithmetic. Kieran Cooney - February 18, 2016

Collection of rules, techniques and theorems for solving polynomial congruences 11 April 2012 at 22:02

Calculators will not be permitted on the exam. The numbers on the exam will be suitable for calculating by hand.

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Modular Arithmetic. claserken. July 2016

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

Math 127: Equivalence Relations

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Solutions to Exam 1. Problem 1. a) State Fermat s Little Theorem and Euler s Theorem. b) Let m, n be relatively prime positive integers.

Numbers (8A) Young Won Lim 5/22/17

Numbers (8A) Young Won Lim 6/21/17

Numbers (8A) Young Won Lim 5/24/17

Number Theory. Konkreetne Matemaatika

Block Ciphers Security of block ciphers. Symmetric Ciphers

Math 1111 Math Exam Study Guide

University of British Columbia. Math 312, Midterm, 6th of June 2017

Overview. The Big Picture... CSC 580 Cryptography and Computer Security. January 25, Math Basics for Cryptography

Public Key Encryption

LECTURE 7: POLYNOMIAL CONGRUENCES TO PRIME POWER MODULI

Constructions of Coverings of the Integers: Exploring an Erdős Problem

Applications of Fermat s Little Theorem and Congruences

To be able to determine the quadratic character of an arbitrary number mod p (p an odd prime), we. The first (and most delicate) case concerns 2

ElGamal Public-Key Encryption and Signature

The Chinese Remainder Theorem

Introduction to Cryptography

CPSC 467: Cryptography and Computer Security

Carmen s Core Concepts (Math 135)

TMA4155 Cryptography, Intro

Two congruences involving 4-cores

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 24 February 2012

Algorithmic Number Theory and Cryptography (CS 303)

CMPSCI 250: Introduction to Computation. Lecture #14: The Chinese Remainder Theorem David Mix Barrington 4 October 2013

Math 319 Problem Set #7 Solution 18 April 2002

Diffie-Hellman key-exchange protocol

Lecture 8. Outline. 1. Modular Arithmetic. Clock Math!!! 2. Inverses for Modular Arithmetic: Greatest Common Divisor. 3. Euclid s GCD Algorithm

An interesting class of problems of a computational nature ask for the standard residue of a power of a number, e.g.,

1.6 Congruence Modulo m

The Chinese Remainder Theorem

Degree project NUMBER OF PERIODIC POINTS OF CONGRUENTIAL MONOMIAL DYNAMICAL SYSTEMS

SOLUTIONS FOR PROBLEM SET 4

Successful Implementation of the Hill and Magic Square Ciphers: A New Direction

Chapter 4 The Data Encryption Standard

THE NUMBER OF PERMUTATIONS WHICH FORM ARITHMETIC PROGRESSIONS MODULO m

Lecture 1: Introduction

Introduction. and Z r1 Z rn. This lecture aims to provide techniques. CRT during the decription process in RSA is explained.

Purple. Used by Japanese government. Not used for tactical military info. Used to send infamous 14-part message

Practice Midterm 2 Solutions

MATH 324 Elementary Number Theory Solutions to Practice Problems for Final Examination Monday August 8, 2005

ALGEBRA: Chapter I: QUESTION BANK

Foundations of Cryptography

Implementation / Programming: Random Number Generation

Modular Arithmetic: refresher.

A Cryptosystem Based on the Composition of Reversible Cellular Automata

Classification of Ciphers

Transcription:

EE 418 Network Security and Cryptography Lecture #3 October 6, 2016 Classical cryptosystems. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Outline: 1. The Shift Cipher 2. The Substitution Cipher 3. The Affine Cipher 4. The Euclidean Algorithm Methods of making communicated messages unintelligible to attackers have been important throughout history. In today s lecture, we cover some classical (historical) cryptosystems that were primarily used before the advent of computers. In doing so, we will make use of number theory, especially modular arithmetic we just reviewed. We start with the shift cipher. 1 The Shift Cipher The shift cipher is one of the oldest known cryptosystems, often attributed to Julius Caesar. The idea used in this cryptosystem is to replace each letter in an alphabet by another letter at a distance K from it. Formally, let s associate each letter A, B,..., Z with an integer 0,..., 25. If we allow the key K to be any integer with 0 K 25, the shift cipher can be defined as: P = C = K = Z 26. For 0 K 25, y = e K (x) = (x + K) mod 26, (1) x = d K (y) = (y K) mod 26. (2) Example: Let K = 3 and let the plaintext be shift. Assume each letter is shifted right (or left) by 3 places. We then get VKLIW as the cipher for the right shift, ir PEFCQ, for the left shift. 1

Is the Shift Cipher Secure? NO. Let s try a brute force attack: Assume Eve knows a shift cipher algorithm is used for encryption, and she observes the ciphertext V KLIW. Given the small cardinality of the key space, Eve can try all the Handout # 1 7 possible 26 shifts in right direction. Upon shifting, the following plaintexts are obtained: shift, and so on. Since, shift is the only dictionary word in the list of 26 possible words, Eve can assume that it is indeed the plaintext that was encrypted. Thus, Eve not only recovers the plaintext, but also infers the original key K = 3. vkliw 1st left shift ujkhv 2nd left shift tijgu 3rd left shift Fig. 3. Brute force attack on the shift cipher. Fig. 1. Brute force attack on shift cipher. 2 The Substitution Cipher In the shift cipher cryptosystem, each letter (alphabet) of the plaintext is replaced with an alphabet at a fixed distance determined by the key K. Given the keyspace, K = Z 26, there are only 26 possible keys in this cipher. The substitution cipher overcomes this limitation, and provides a much larger keyspace. The idea of the substitution cipher is to replace each alphabet of the plaintext with an alphabet at an arbitrary distance. Formally, we can describe this cryptosystem as follows. Let P = C = Z 26. The keyspace K includes all possible permutations of the 26 symbols, 0, 1,..., 25. For each permutation π K: y = e π (x) = π(x), (3) d π (y) = π 1 (y). (4) 2

π 1 denotes inverse permutation to π. Is the Substitution Cipher Secure? Brute force attack: Since a key consists of a permutation of the 26 letters, the keyspace is very large (26! 4.0 10 26 ). Hence, the key space in the substitution cipher is much larger than the key space of the shift cipher, and a brute force attack (exhaustive) search will take a long time. However, other attacks are feasible against the substitution cipher. For example, frequency analysis may allow us to break this cipher, as we will show next week. 3 The Affine Cipher The idea of the affine cipher is to first scale and then shift, which is known as the affine transformation. y = e K (x) = (ax + b) mod 26, (5) d K (y) = a 1 (y b) mod 26. (6) In this scheme, the pair (a, b) denotes the cryptographic key K used for encryption/decryption. Here we need to know which pairs (a, b) are valid keys that yield an injective encryption function, and we need to know a 1 for decryption. Note: if a = 1, the affine cipher becomes identical to the shift cipher. Handout # 1 9 x X ax y=ax+b + + ax X x a ENCRYPTION b -b DECRYPTION a -1 Fig. 4. Schematic of the affine cipher cryptosystem Fig. 2. Schematic of the affine cipher cryptosystem 7.1 Decryption of the Affine Cipher Definition 2. The modular multiplicative inverse of an integer a Z m modulo m, denotedasa 1 3.1 Modular modmultiplicative m, isanelementa Inverse Z m such that aa a a 1 (mod m). Many of the cryptosystems If m is prime, every covered non-zero in this element course of Zinvolve m has afinding multiplicative the multiplicative inverse. The modular inverse multiplicative inverse of an integer a Z m can be found using either the Extended Euclidean Algorithm, or the of an integer a under modulo arithmetic with base integer m, and the Affine cipher is the first such cryptosystem that we Direct Modular Exponentiation method. Given the multiplicative inverse, the congruence y ax + b will consider. (mod Therefore, 26) canlet s be solved startfor byx defining/reviewing as follows. what the modular multiplicative inverse is. Definition 1. The modular multiplicative inverse ax y ofb an (mod integer 26), a Z m modulo m, denotes as a 1 (8) (mod m) is an element a Z m such that: a 1 (ax) 1 (y b) (mod 26), (9) a 1 a a a (ax) (a 1 a 1 (mod m) a)x 1x x (mod 26), (10) (7) x = a 1 (y b) mod 26. (11) 3.2 Decryption with Affine Cipher An example of an affine cipher. Given the modular multiplicative inverse, the congruence y ax+b (mod 26) can be solved for x as follows: Let a =9andb = 3. Let the plaintext be d that corresponds to the numerical value 3, based on table 1. ax y b (mod 26) (8) a 1 (ax) e K (d) a 1 =(9 (y b) 3+3)mod (mod 26) 26=4. (12) (9) For the decryption part, a 1 (ax) (a 1 a)x 1x x (mod 26) d K (4) = a 1 (4 b) x = mod26=9 a 1 (y 1 b) (4(mod 3) mod 26) 26 = 9 1 (mod 26) = 3, (13) (10) (11) which is the multiplicative inverse of 9 (mod 26), i.e. 9 3 1 (mod 26). Example: Let a = 9 and b = 3. Let the plaintext be d that corresponds to the numerical value 3,. 7.2 Problem with choice of a e K (d) = (9 3 + 3) mod 26 = 4. (12) Not all choices of a have a multiplicative inverse. As an example, consider the case where a =13 and b = 3. Assume the plaintext is the word busted. Using the table above, we can compute cipher for busted as follows. 3 e K (1) = (13 1+3)mod26=16=Q. (14)

For the decryption part, d K (4) = a 1 (4 b) mod 26 = 9 1 (4 3) mod 26 = 9 1 (mod 26) = 3, (13) which is the multiplicative inverse of 9 (mod 26), i.e. 9 3 1 (mod 26). 3.3 Problem with the Choice of a Not all choices of a have a multiplicative inverse. As an example, consider the case where a = 13 and b = 3. Assume the plaintext is the word busted. Using English letters conversion table, we can compute cipher for busted as follows. i.e. busted QDDQDQ. e K (1) = (13 1 + 3) mod 26 = 16 = Q. (14) e K (20) = (13 20 + 3) mod 26 = 3 = D. (15) e K (18) = (13 18 + 3) mod 26 = 3 = D. (16) e K (19) = (13 19 + 3) mod 26 = 16 = Q. (17) e K (4) = (13 4 + 3) mod 26 = 3 = D. (18) e K (3) = (13 3 + 3) mod 26 = 3 = Q. (19) Since multiple plaintexts will result in this ciphertext (for instance, the word dealer also encrypts to QDDQDQ), no unique decryption is possible here. This is due to the fact that a = 13 does not have a multiplicative inverse in Z 26. For your interest you can also work out the example for a = 2, and see that affine cipher does not work. It is thus important to characterize the integers that have multiplicative inverses mod 26, and in doing so, we have to review the concepts of prime number and greatest common divisor. Definition 2. An integer p > 1 is a prime number if it has not positive divisors other that 1 and p. If the size of our keyspace, m is a prime number, then every non-zero element Z m has a multiplicative inverse. Definition 3. Given two integers a and b, the greatest common divisor of a and b (denoted gcd (a, b)) is equal to the largest integer c that divides both a and b. Theorem 1. An integer a has an inverse (mod m) if and only if there exist numbers p and q such thar ap + qm = 1 (mod m) (20) Proof. Let s rewrite equation (20) as: 1 = ap + qm ap (mod m) (21) Equation (21) implies that a has a modular multiplicative inverse p (mod m). Let s now recall that some number r 1 (mod m) if and only we can write: for some b, implying that ap 1 (mod m) if and only if it holds that: r + bm = 1 (22) ap + mq = 1 (23) for some q. Equation (23) is, in turn, valid only if gcd(a, m) = 1. To see why, let c = gcd (a, m) and suppose c > 1. Then there exist positive integers α, β satisfying a = αc and m = βc. If ap + mq = 1 for some p, q, then pcα + qcα = 1, hence c(pα + qα) = 1. This is a contradiction since there are no positive integers that divide 1 (except 1 itself). The other direction of the theorem is also true: if gcd(a, m) = 1, then there exist integers p, q satisfying equation (20). These integers can be computed using the extended Euclidean algorithm, and integer p is a modular multiplicative inverse of a (mod m). 4

Theorem 2. If gcd(a, m) = 1 then ax y (mod m) has a unique solution. Example: Given m = 26, for a = 13 we have gcd(13, 26) = 13 1. Also if a = 2 then gcd(2, 26) = 2. But for a = 9, gcd(9, 26) = 1 and hence the affine cipher works. Similarly for a = 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25 we have gcd(a, 26) = 1. Hence, a can take a total of 12 values with unique inverses in Z 26, and b can take any of the 26 values in Z 26. Therefore the key space is limited to 12 26 = 312 values for K, and a brute force attack (exhaustive search is possible). 3.4 Computation of the Cardinality of the Key Space for the Affine Cipher Theorem 3 (Unique Factorization). For any integer m, there exists an integer n, a set of distinct primes p 1,..., p n, and a set of integers e 1,..., e n satisfying m = p e1 1 pe2 2 pen n (24) Furthermore, the sequences p 1,..., p n and e 1,..., e n are unique up to reordering of the p i s. Example: For x = 432, 432 = 2 4 3 3. (25) This factorization is unique up to a rearrangement of the terms on the right hand side (i.e., we can write 3 3 2 4 instead). Definition 4. Two integers a 1 and m 2 are said to be relatively prime if gcd(a, m) = 1. The number of integers in Z m that are relatively prime to m is known as the Euler-phi function, denoted by φ(m). Theorem 4. Let m = n i=1 where p i are distinct primes and e i > 0, 1 i n. Then φ(m) = n (p ei i i=1 p ei i, (26) p ei 1 i ). (27) Based on Theorem 2, the cardinality of the key space for the affine cipher is mφ(m). Example: For m = 60 and, 60 = 2 2 3 1 5 1, (28) φ(m) = (4 2) (3 1) (5 1) = 16. (29) The cardinality of the key space 60 16 = 960 keys. Sources for Today s Lecture: 1. Douglas R. Stinson, Cryptography, Theory and Practice, 3rd edition. CRC Press, 2005, p. 1 19. 2. Wade Trappe and Lawrence C. Washington Introduction to Cryptography with Coding Theory. Prentice Hall, 2002, p. 1 26 and 59 74. 3. Neil Daswani, Christoph Kern, and Anita Kesavan Foundations of Security, What Every Programmer Needs to Know. Apress, 2007, p. 203 221. 5

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback