CSCI284 Spring 2004

1
Classical Ciphers 2

• Affine and Substitution ciphers
• Number Theory gcd, Euler phi function,
  Euclidean and extended Euclidean algorithms

• CSCI284 Spring 2004
• GWU

2
Questions on HW? Project?

• Second module requires other input
• m, the modulus
• the message is 50 symbols modulo m, each a 10-bit
  symbol
• Project proposals due March 1
• Exceptions due Feb 9

3
Affine Cipher Example 1
a and b define the key What are the requirements
for this to be a valid encryption
function? Whats wrong with this?
y ax b mod m
b
4
Affine Cipher Example 2
y ax b mod m
Whats wrong with this?
b
5
Affine Cipher Example 3
Whats wrong with this?
b
6
Try m6, b1, check all a

• y ax b ax 1 mod 6
• a1 y x 1 mod 6 x y-1 mod 6
• a2 y 2x 1 mod 6 x 2-1(y-1) mod 6

7
Affine cipher - definition

• e(x) ax b mod m
• d(y) a-1(y-b) mod m
• Is this possible for all a?
• Try on example m 6. Find a-1 for all a ? Zm

8
GCD definition

• The gcd (Greatest Common Divisor) of two integers
  m and n denoted gcd(m, n) is the largest
  non-negative integer that divides both m and n.

9
Properties of integers - I

• Fact 1
• gcd(m,n) 1
• ? ? integers a, b, such that am bn 1
• Proof
• Need to show
• Suppose gcd(m,n) 1?? a, b, such that am bn
  1
• 2. Suppose ? a, b, such that am bn 1?gcd(m,n)
  1

10
Proof of gcd(m,n) 1? ? a, b, such that am
bn 1

• Suppose gcd(m,n) 1
• Let k be any integer of the form Am Bn
• for integers A and B
• Let g be the smallest non-negative integer of
  this form
• (want to show g 1)
• Then k Cg r, 0 ? r lt g

11
Proof contd. gcd(m,n) 1? ? a, b, such that
am bn 1

• k Cg r, 0 ? r lt g where
• r Am Bn Cg
• Am Bn C(Am Bn)
• Am Bn
• 0
• (as g was smallest such non-negative integer and
  r lt g)

12
Proof contd. gcd(m,n) 1? ? a, b, such that
am bn 1

• k Cg r r 0
• Hence g divides all integers of the form Am Bn,
  in particular, g divides m (B 0) and n (A 0)
• g 1 (as gcd(m,n) 1)
• ? a, b, such that am bn 1
• (as g is of form Am Bn)

13
Proof of ? a, b, such that am bn 1 ?
gcd(m,n) 1

• 2. Suppose ? a, b, such that am bn 1
• gcd(m,n) divides m and n
• Hence it divides am bn for all a, b
• Hence it divides 1
• ?gcd(m,n) 1

14
Theorem multiplicative inverse in a commutative
ring

• The multiplicative inverse of a mod m ? Zm exists
  if and only if gcd(a, m) 1. It is denoted a-1
• Proof
• Suppose gcd(a,m) 1
• ?? integers x, y, such that ax my 1
• ?ax ? 1 (mod m)
• ?x a-1

15
Theorem multiplicative inverse in a commutative
ring contd.

• The multiplicative inverse of a mod m ? Zm exists
  if and only if gcd(a, m) 1. It is denoted a-1
• Proof
• Suppose a-1 exists, call it X
• aX ? 1 (mod m)
• aX Ym 1 for some integer Y
• gcd(a, m) 1

16
Affine Cipher

• P C Zm
• K (a, b) ? Zm X Zm gcd(a, m) 1
• eK(x) (axb) mod m
• dK(y) a-1(y-b) mod m

17
Affine cipher examples

• Encrypt
• firstletstrythekasiskitest
• Using key

18
Cryptanalysis of the Affine Cipher

• OZOBDNEYOUEYHOBITJOTMBQTOVVQQAUWNMTIQIQTAYQRVEUSQJ
  MQHONABTQXNMZACOIOBXQEJAHONSQEBTJAQTNAATRITJAYOMVR
  EFOTTJAAXGAEDTJAVOCBJAVAOXQYOFMBAWHTJADVOGQTEBAHOT
  JNMBGMBGTJARAVVRAUOWQAJMQHONABTQOVCOIQSAAHTJADNEBT
  XEENVEUSAX.

19

• Ciphertext frequency
• A27 O21 T20 Q18 J13 B13 E12 V11 N10 M9 H7 X6 I6
  R5 U5 Y5 D4 G4 S4 C3 W3 Z2 F2 P0 K0 L0
• English language frequency per 1000
• e127 t91 a82 o75 i70 n67 s63 h61 r60 d43 l40 c28
  u28 m24 w23 f22 g20 y20 p19 b15 v10 k8 j2 q1 x1
  z1

20
Complexity of attacks

• Brute Force attack for alphabet of size n
• How difficult is it to break this?
• How many possible keys?
• m2? m?

21
Examples

• If m p, p 1 invertible elements
• If m pq,
• 1, 2, 3, p, ..2p, ..3p, qp ? q numbers
  divisible by p
• 1, 2, 3, q, ..2q, ..3q, pq ? p numbers
  divisible by q
• pq only number counted twice. No other numbers.
• pq p q 1 (p-1)(q-1) invertible elements
• What if m ? i1r piei

22
Need induction

• How do we show that
• 123 .n (n1)n/2
• How do we show that
• aarar2ar3 arn a(rn1-1)/r-1

23
Euler phi function

• Number of invertible elements of Zm for m ?
  i1r piei is Euler phi or totient function
• ?(m) ? i1r piei -1(pi -1)
• Examples ?(180), ?(24)

24
Theorem number of invertible elements in a
commutative ring

• Proof by induction over r
• First we show it is true for r1 i.e. if m pe
• Exactly one pth of the numbers are divisible by p
• ?(pe) pe pe-1 pe-1(p-1)

25
Theorem number of invertible elements in a
commutative ring

• Now, assume true for rk, show true for rk1
• i.e. add one more new prime raised to any power
• ?(? i1k piei ) ? i1k piei -1(pi -1)
• ? ?(? i1k1 piei ) ?
• Note we also know ?(pe) pe-1(p-1)
• i.e. what is ?(xy) when ?(x) and ?(y) are known,
  and x and y are relatively prime

26
ax b for 0 ? a lt y 1 ? b ? x
x
1 2 3 x x
1 2x 1 (y-1)x 1
yx
Rel prime to x iff b rel. prime to x Rel. prime
to y iff ? Need to also write as Ay B
y
27
Chinese Remainder Theorem

• There is exactly one number modulo xy which is
  bmodx and Bmody if x and y are relatively prime.
• Proof Suppose not. Then
• ax b Ay B
• cx b Cy B
• ?(a-c)x (A-C)y
• y (a-c)x ? y (a-c) because x and y rel. prime
• a my c
• first number mxy cx b second number
  modulo xy

28
Now look at ring Zm when m xy

• Size of ring is xy.
• See numbers mod x x of them
• Numbers mod y y of them
• Thus, a number mod m is represented uniquely by
  the pair (a, b) (its remainder modx, and
  remainder mod y)
• A number is rel. prime to both x and y iff a and
  b are rel. prime to x and y respectively
• There are ?(x) ? ?(y) numbers rel. prime to xy

29
Back to Euler

• ?(? i1k piei ) ? i1k piei -1(pi -1)
• ? ?(? i1k1 piei ) ?
• Note we also know ?(pe) pe-1(p-1)

30
Problems from text

• 1.11
• An involutory key is defined as the key for which
  the encryption function is identical to the
  decryption function.
• Suppose that K (a, b) is a key in an Affine
  Cipher over Zn Prove that K is an involutory key
  if and only if a-1 mod n a and b(a1) ? 0 (mod
  n)
• Determine all the involutory keys in the affine
  cipher over Z15
• Suppose that n pq, where p and q are distinct
  odd primes. Prove that the number of involutory
  keys in the Affine Cipher over Zn is npq1

31
How do we generate an encryption key for an
affine cipher?
32
Euclidean Algorithmconsidered first non-trivial
algorithm

• gcd(m, n) / m gt n /
• (a, b) (m, n) / Initialize /
• while (b?0) (a, b) (b, a bq) /Where q
  ?a/b? /
• return(a)
• Works because
• gcd(a, b) gcd(b, a b?a/b?)
• gcd(a, b) b if ba

33
Try

• gcd(17, 101)
• gcd(57, 93)

34
Proof that Euclidean algorithm works

• For ith step, (a, b)i say total k steps
• (a, b)0 (m, n)
• (a, b)k-1 (?b, b)
• Prove that gcd(m, n) gcd(a, b)i
• Prove that it stops
• Hence

35
Extended Euclidean algorithm

• Find s, t such that gcd(m, n) sm tn
• Let gcd(a, b)i siai tibi
• Last but one step
• bk-1ak-1? gcd(a, b)k-1 bk-1 ? sk-10 tk-11
• 2. In general
• If gcd(a, b)i siai tibi
• What is si-1 ti-1?

36
Extended Euclidean algorithm

• bk-1 gcd(a, b)i gcd(a, b)i-1 siai tibi
• sibi-1 ti(ai-1 bi-1qi-1)
• tiai-1 (si tiqi-1) bi-1
• So, si-1 ti and ti-1 si tiqi-1
• Go back up the euclidean algorithm
• (s, t) (0, 1) / Initialize /
• while (b?0) (s, t) (t, s-tq)
• return((s,t))

37
Examples

• gcd(17, 101)
• gcd(57, 93)
• What good?
• Write algorithm for multiplicative inverse of x
  mod m

38
Solve congruences

• What is x?
• 17x ? 3 mod 101
• 5x ? 2 mod 7

39
Euclidean Algorithm References

• See
• Text, section 5.2.1
• http//www.uoregon.edu/koch/math233/Euclid.pdf
• http//www.nku.edu/christensen/031MAT494euclid.do
  c

40
Substitution Cipher

• Each letter goes to another
• Key is the lookup table, consists of 2n elements
  for alphabet size n
• Statistical attacks
• Brute force attack requires

41
Problem

• A particular letter goes to a fixed other letter.
  Monoalphabetic cipher
• Need polyalphabetic ciphers