Chapter Introduction to Cryptography1 Caesar Cipher2 Affine Cipher3 Vigenere Cipher4 Autokey Cipher5 Hill Cipher6 Verman’s Telegraph Cipher7 Exponential Cipher8 RSA Cipher9 Knapsack Cipher10 ElGamal Cipher
June 8, 2017 1 / 44
..
Hello
.
(Plaintext)
.
§♯♯♣♯
.
(Ciphertext)
.
Hello
.
(Plaintext)
.
Enciphering
.
Deciphering
.Key
June 8, 2017 2 / 44
Caesar Cipher (Shift cipher)
Plaintext: A B C D . . .X Y ZCiphertext: D E F G . . .A B C
A B C D E F G H I J K L M00 01 02 03 04 05 06 07 08 09 10 11 12N O P Q R S T U V W X Y Z13 14 15 16 17 18 19 20 21 22 23 24 25
C = P + 3 (mod 26)P = C − 3 (mod 26)
.Example..
......
Plaintext: GOOD = 06 14 14 03C=P+3 (mod 26)Ciphertext: 09 17 17 06 = JRRH
June 8, 2017 3 / 44
Problem of Caesar Cipher
.Example..
......
Decipher
”FKHQBLBDQJ”by Caesar Cipher.
June 8, 2017 4 / 44
Affine Cipher
C = aP + b (mod 26)P = a−1(C − b) (mod 26), gcd(a, 26) = 1
.Remark:..
......
♯{(a, b) ∈ Z26 × Z26 | gcd(a, 26) = 1} = 12× 26 = 312
aφ(26) = a12 = 1(mod 26)a−1 = a11(mod 26)P = a11(C − 3)(mod 26)
.Example..
......
Plaintext: GOOD = 06 14 14 03a=5, b=7 C=5P+7 (mod 26)Ciphertext: 11 25 25 22 = LZZW
June 8, 2017 5 / 44
Problem of Affine Cipher
.Example..
......
Decipher
”RTUEDWJ”by Affine Cipher using C ≡ 9P + 9(mod 26).
June 8, 2017 6 / 44
Vigenere Cipher
Keyword : READY= 17 04 00 03 24 (no repeated).Example..
......
Plaintext: ATTACK AT ONCE00 19 19 00 02 10 00 19 14 13 02 04
Key +) 17 04 00 03 24 17 04 00 03 24 17 0417 23 19 03 00 01 04 19 17 11 19 08
Ciphertext: RXTDAB ET RLTI
.Vigenere Cipher..
......
Keyword: b1, b2, . . . , bn, where 0 ≤ bi ≤ 25
Ci ≡ Pi + bi(mod 26), 1 ≤ i ≤ nPi ≡ Ci − bi(mod 26), 1 ≤ i ≤ n
June 8, 2017 7 / 44
Problem of Vigenere Cipher
.Example..
......
Decipher
”XIGOGIPLZ”by Vigenere Cipher using the Key ”MATH”.
June 8, 2017 8 / 44
Autokey Cipher (Modifying Vigenere Cipher)
Keyword = seed +Plaintext.Example..
......
Plaintext: ONE IF BY DAWNseed = KKeyword K ONE IF BY DAWN
14 13 04 08 05 01 24 03 00 22 13Key +) 10 14 13 04 08 05 01 24 03 00 22
24 01 17 12 13 06 25 01 03 22 09Ciphertext: YBR MN GZ BDWJ
Enciphering:={
C1 ≡ P1 + S(mod 26)Ck ≡ Pk + Pk−1(mod 26) 2 ≤ k ≤ n
Deciphering:={
P1 ≡ C1 − S(mod 26)Pk ≡ Ck − Pk−1(mod 26) 2 ≤ k ≤ n
June 8, 2017 9 / 44
Hill Cipher
Divid the plaintext into blocks of n letters.For n = 2, P1,P2 ⇒ C1,C2 by{
C1 ≡ aP1 + bP2(mod 26)C2 ≡ cP1 + dP2(mod 26) gcd(ad − bc, 26) = 1
.Example..
......
{C1 ≡ 2P1 + 3P2(mod 26)C2 ≡ 5P1 + 8P2(mod 26)
Plaintext: BUY NOW ≡ BU YN OW ≡ 01 20 24 13 14 22Ciphertext: 10 09 09 16 16 12 ≡ KJJQQMFor (C1,C2)=(10,09),{
P1 ≡ 8C1 − 3C2(mod 26) ≡ 8(10)− 3(09) ≡ 01P2 ≡ −5C1 + 2C2(mod 26) ≡ −5(10) + 2(09) ≡ 20
Decipher to BU.
June 8, 2017 10 / 44
Problem of Hill Cipher
.Example..
......
The ciphertext
”ZZ”has been enciphered by Hill cipher{
C1 ≡ 5P1 + 2P2(mod 26)C2 ≡ 3P1 + 7P2(mod 26)
Given the plaintext.
June 8, 2017 11 / 44
Verman’s Telegraph Cipher (Nonalphabetic Cpher)
Baudot code:
A = 11000 B = 10011 C = 01110 D = 10010 E = 10000F = 10110 G = 01011 H = 00101 I = 01100 J = 11010K = 11110 L = 01001 M = 00111 N = 00110 O = 00011P = 01101 Q = 11101 R = 01010 S = 10100 T = 00001U = 11100 V = 01111 W = 11001 X = 10111 Y = 10101Z = 10001
.Example..
......
Plaintext=YES 10101 10000 10100Keyword(any) +) 10101 01010 10101Ciphertext 00000 11010 00001
Enciphering:= C ≡ P + K (mod 2)Deciphering:= P ≡ C + K = P + K + K ≡ P (mod 2)
June 8, 2017 12 / 44
Problem of Verman Cipher
.Example..
......
Decipher
”10010 01001 10011 11010 00000”by Verman’s Telegraph Cipher using Keyword
”1010101010101010101010101”
.
June 8, 2017 13 / 44
Exponential Cipher
1 p is a prime, k exponent with gcd (k, p-1)=1.
2 Encode: A B C . . . X Y Z00 01 02 . . . 23 24 25
3 Group the plaintext in blocks of m letters, where2525 . . . 25︸ ︷︷ ︸
m times< p < 2525 . . . 25︸ ︷︷ ︸
m+1 timesp = 4283, m = 2 by 2525 < 4283 < 252525.p = 670417, m = 3 by 252525 < 670417 < 25252525.
4 Encode a block B using
C ≡ Bk (mod p), 0 ≤ C < p
Remark: it cannot covert to letters.5 Let d be inverse of k modulo p-1. (i.e.dk ≡ 1 (mod p − 1)).
dk = 1 + r(p − 1)
Cd = Bdk = B1+r(p−1) = B(Bp−1)r ≡ B1r = B (mod p)
June 8, 2017 14 / 44
Encipher of Exponential Cipher
.Example..
......
p=2621, p − 1 = 2620 = 22 ∗ 5 ∗ 131. take k=11m=2, since 2525 < 2621 < 252525
Plaintext= DE EP YO GU RT0304 0415 2414 0620 1719
(0304)11 ≡ 0065 (mod 2621)
(0415)11 ≡ 0415 (mod 2621)
(2414)11 ≡ 1323 (mod 2621)
(0620)11 ≡ 1567 (mod 2621)
(1719)11 ≡ 0150 (mod 2621)
ciphertext= 0065 0415 1323 1567 0150
June 8, 2017 15 / 44
Decipher of Exponential Cipher
.Example..
......
p=2621, k=11, where gcd(2620,11)=1
By extended Euclidean algorithm,
a q y2620 − 119111 238 52 5 11 2 0
1=(-5)(2620)+1191*111191 ∗ 11 ≡ 1 (mod 2620)
decode C = 0065
(0065)1191 ≡ 0304 (mod 2621)
0304 = DE
June 8, 2017 16 / 44
Problem of Exponential Cipher
.Example..
......
The ciphertext from an exponential cipher with key (p, k) = (41, 27) is
”13 25 37”Find the plaintext.
June 8, 2017 17 / 44
RSA Cipher(generlization of exponential cipher)
1 n=p*q, p and q are large prime number, n is a key2 Find an exponent k with gcd(k, ϕ(n))=1.
3 Encode: A B C . . . X Y Z00 01 02 . . . 23 24 25
4 Group the plaintext in blocks of m letters, where2525 . . . 25︸ ︷︷ ︸
m times< n < 2525 . . . 25︸ ︷︷ ︸
m+1 times5 Encode a block B using
C ≡ Bk (mod n)
6 Decode: Let d be inverse of k modulo ϕ(n). (i.e.dk ≡ 1 (mod ϕ(n))).dk = 1 + rϕ(n)
Cd = Bdk = B1+rϕ(n) = B(Bϕ(n))r ≡ B1r = B (mod n)
June 8, 2017 18 / 44
Encipher of RSA Cipher.Example..
......
n=p*q=37*73=2701, ϕ(n) = 36 ∗ 72 = 2592
k=47, gcd(47,2592)=1m=2, since 2525 < 2701 < 252525
Plaintext= NO WAY TODAYB= NO WA YT OD AY
1314 2200 2419 1403 0024(1314)47 ≡ 1241 (mod 2701)
(2200)47 ≡ 1993 (mod 2701)
(2419)47 ≡ 1044 (mod 2701)
(1403)47 ≡ 2081 (mod 2701)
(0024)47 ≡ 0873 (mod 2701)
ciphertext = 1241 1993 1044 2081 0873
June 8, 2017 19 / 44
Decipher of RSA Cipher.Example..
......
n=2701, k=47, where gcd(47,ϕ(n))=1 and ϕ(n) = 2592
By extended Euclidean algorithm,
a q y2592 − 110347 55 207 6 35 1 22 2 11 2 0
1=(-20)*2592+1103*471103 ∗ 47 ≡ 1 (mod 2592)
decode C = 1241
(1241)1103 ≡ 1314 (mod 2701)
1314 = NO
June 8, 2017 20 / 44
Problem of RSA Cipher
.Example..
......
The ciphertext from a RSA cipher with key (n, k) = (35, 5) is
”09 20 16 09 12”Find the plaintext. (Note: 2573 = 31× 83)
June 8, 2017 21 / 44
Knapsack cryposystem
.Knapsack Problem..
......
Given a set of positive integers a1, a2, . . . , an and an integer S, the problemasks that which of those integers add together to S? i.e. solve the equation
S = a1x1 + a2x2 + · · ·+ anxn, xi = 0 or 1
.Example..
......
For (a1, a2, a3, a4, a5) = (2, 7, 8, 11, 12) and S = 21,
21 = 2 + 7 + 12 = 2 + 8 + 11
For system 21 = 2x1 + 7x2 + 8x3 + 11x4 + 12x5 with solutionsx1 = x2 = x5 = 1, x3 = x4 = 0 or x1 = x3 = x4 = 1, x2 = x5 = 0
June 8, 2017 22 / 44
Knapsack cryposystem
.Example..
......
For ai = 2i−1 and S < 2n, the system
S = a1x1 + a2x2 + · · ·+ anxn
with solution: Binary expansion of S
.Definition..
......A sequence a1, a2, . . . , an is superincreasing if ai > a1 + a2 + · · ·+ ai−1 fori = 2, 3, . . . , n
Rremark: Above example is superincresing by
2i > 1 + 2 + 22 + . . . 2i−1 = 2i − 1
June 8, 2017 23 / 44
Knapsack cryposystem
.Example..
......
Solve the superincreasing Knapsack problem
28 = 3x1 + 5x2 + 11x3 + 20x4 + 41x5
Solution:1 41 > 28 ⇒ x5 = 0
2 20 < 28 and 3 + 5 + 11 < 20 < 28 ⇒ x4 = 1
8 = 3x1 + 5x2 + 11x3
3 11 > 8 ⇒ x3 = 08 = 3x1 + 5x2
4 x1 = 1 and x2 = 1
June 8, 2017 24 / 44
In grneral, for superincreasing Knapsack problem
S = a1x1 + a2x2 + · · ·+ anxn
xn =
{1 if S ≥ an0 if S < an
xj =
{1 if S −
∑ni=j+1 xiai ≥ aj
0 if S −∑n
i=j+1 xiai < aj j = n − 1, n − 2, . . . , 1
1 When S ≥ an, let xn = 0
n∑i=1
aixi =n−1∑i=1
aixi ≤n−1∑i=1
ai < an ≤ S ” ⇒⇐ ”
2 When S −∑n
i=j+1 xiai ≥ aj, let xj = 0
n∑i=1
aixi ≤j−1∑i=1
ai +n∑
i=j+1
aixi < aj +n∑
i=j+1
ai ≤ S ” ⇒⇐ ”
June 8, 2017 25 / 44
Knapsack Cipher
1 take a superincreasing sequence a1, a2, . . . , an
2 take m s.t. m > 2an
3 take integer a s.t. gcd(a,m)=1 with inverse a.4 aai ≡ bi (mod m), 1 ≤ i ≤ n ⇒ 0 < bi < m
If bi = 0 i.e. aai ≡ 0 (mod m) ⇒ m|aai⇒ m|ai since gcd(a,m)=1 ” ⇒⇐ ” since m > 2an > ai
5 Enciphering: Covert the plaintext into binary sequence M using binaryequivalent of letter
A B C . . . X Y Z(0) (1) (2) . . . (23) (24) (25)
00000 00001 00010 . . . 10111 11000 11001Split M into blocks of n digits
6 For block x1x2 . . . xn, we obtain a cipertext by
S = b1x1 + b2x2 + · · ·+ bnxn
June 8, 2017 26 / 44
Deciphering:S′ ≡ aS (mod m), 0 ≤ S′ < mS′ ≡ ab1x1 + ab2x2 + · · ·+ abnxn (mod m)
≡ aaa1x1 + aaa2x2 + · · ·+ aaanxn (mod m)≡ a1x1 + a2x2 + · · ·+ anxn (mod m)
Since 0 ≤ S′ < m and0 ≤ a1x1 + a2x2 + · · ·+ anxn ≤ a1 + a2 + · · ·+ an < 2an < mwe have
′S = a1x1 + a2x2 + · · ·+ anxn
Since a1, a2, . . . , an is superincreasing , it is solvable.
June 8, 2017 27 / 44
Knapsack Cipher.Example..
......
secret key: superincresing seq 3, 5, 11, 20, 41m=85, a=44 gcd(a,m)=1public key bi ≡ aai (mod m)47, 50, 59, 30, 19Plaintext HELP USM= 00111 00100 01011 01111 10100 10010108=47*0+50*0+59*1+30*1+19*159=47*0+50*0+59*1+30*0+19*099=47*0+50*1+59*0+30*1+19*1158=47*0+50*1+59*1+30*1+19*1106=47*1+50*0+59*1+30*0+19*077=47*1+50*0+59*0+30*1+19*0Ciphertext: 108, 59, 99, 158, 106, 77
June 8, 2017 28 / 44
Knapsack Cipher
Deciphering: 44 = 29 i.e. solution of 44x ≡ 1 (mod 85)
108 ∗ 29(mod85) = 72 = 3x1 + 5x2 + 11x3 + 20x4 + 41x5with solution x1 = x2 = 0 and x3 = x4 = x5 = 1First block is 00111 ⇔ H59 ∗ 29(mod85) = 11 = 3x1 + 5x2 + 11x3 + 20x4 + 41x5with solution x1 = x2 = x4 = x5 = 0 and x3 = 1Second block is 00100 ⇔ E99 ∗ 29(mod85) = 66 = 3x1 + 5x2 + 11x3 + 20x4 + 41x5with solution x1 = x3 = 0 and x2 = x4 = x5 = 1Second block is 01011 ⇔ L
...
June 8, 2017 29 / 44
Knapsack Cipher.Example..
......
secret key: superincresing seq 3, 5, 11, 20, 41, 83, 179, 344, 690,1042m=2618, a=929 gcd(a,m)=1
By extended Euclidean algorithm,
a q y2618 − 31929 2 11760 1 9169 4 284 2 11 84 0
1 = (−11) ∗ 2618 + 31 ∗ 929 ≡ 31 ∗ 929 (mod 2618)
a = 929−1 = 31
public key: bi ≡ aai (mod m)169, 2027, 2365, 254, 1437, 1185, 1357, 180, 2218, 1976
June 8, 2017 30 / 44
.Example..
......
Plaintext NOT NOWM= 0110101110, 1001101101, 01110101109584=169*0+2027*1+2365*1+254*0+1437*1
+1185*0+1357*1+180*1+2218*1+1976*05373=169*1+2027*0+2365*0+254*1+1437*1
+1185*0+1357*1+180*1+2218*0+1976*18229=169*0+2027*1+2365*1+254*1+1437*0
+1185*1+1357*0+180*1+2218*1+1976*0Ciphertext: 9584, 5373, 8229Deciphering: 929−1 = 31 i.e. solution of 929x ≡ 1 (mod 2618)9584 ∗ 31 = 1270 (mod 2618)1270 = 3x1 + 5x2 + 11x3 + 20x4 + 41x5 + 83x6
+179x7 + 344x8 + 690x9 + 1042x10with solution 0110101110 ⇔ NO
June 8, 2017 31 / 44
Problem of Knapsack Cipher
.Example..
......
The ciphertext from a Knapsack cipher using the superincreasing sequence2, 3, 7, 13, 27, modulus m = 60, and multiplier a = 7 is
”49 63 61 49 23”Find the plaintext.
June 8, 2017 32 / 44
ElGamal Cipher
1 Selecting a prime p and a primitive root r of p.2 A integer k, 2 ≤ k ≤ p − 2,
a ≡ rk(mod p); 0 ≤ a ≤ p − 1
3 (p, r, a) is public key4 k private key.
.Example..
......
Take p = 113 with primitive root r = 3. Choose k = 37
337 = 24 = a (mod 113)
(113, 3, 24) is public key37 private key.
June 8, 2017 33 / 44
ElGamal Cipher
1 Encode: The message is first converted to its numerical M byA B C . . . X Y Z00 01 02 . . . 23 24 25
2 If M ≥ p, then M is split into blocks, each block containing the same(even) number of digits.
3 If B is first block, B =⇒ (C1,C2), where
C1 ≡ r j(mod p)
C2 ≡ Ba j(mod p)
2 ≤ j ≤ p − 2; For security, the choice of j can be changed from blockto block.
June 8, 2017 34 / 44
ElGamal CipherDecode:
P = C2Cp−1−k1 (mod p)
by
P ≡ C2Cp−1−k1 ≡ (Ba j)(r j)p−1−k
≡ B(r k) j(r j(p−1)−jk)≡ B(r p−1) j
≡ B (mod p).Example..
......
Deliver the messageSELL NOW
to a person who has secret key k = 15 and public key
(p, r, a) = (43, 3, 22)
, where 22 ≡ 315 (mod 43)
June 8, 2017 35 / 44
ElGamal Cipher
Encode:M = 18041111131422 with Blocks 18 04 11 11 13 14 22
Select an interger j, 2 ≤ j ≤ 41, take j = 23 by
C1 ≡ r j ≡ 3 23 ≡ 34(mod 43)
C2 ≡ Ba j ≡ 18 · (22) 23 = 17(mod 43)
ciphertext is of the form
(34, 17), (34, 42), (34, 08), (34, 08), (34, 29), (34, 18), (34, 16)
andM′ = 17420808291816
June 8, 2017 36 / 44
ElGamal Cipher
Decode:(C1,C2) = (34, 17) =⇒ B = 18 by
P ≡ C2Cp−1−k1 ≡ 17 · (34)43−1−15
≡ 17 · (34)27≡ 18 (mod 43)
B= 18 04 11 11 13 14 22S E L L N O W
.Remark..
......
Encode In last block B = 22, take j = 31,
C1 ≡ r j ≡ 3 31 ≡ 33(mod 43)
C2 ≡ Ba j ≡ 18 · (22) 31 = 35(mod 43)
Decode P ≡ C2Cp−1−k1 ≡ 35 · (33)27 ≡ 22 (mod 43)
June 8, 2017 37 / 44
Problem of ElGamal Cipher
.Example..
......
The ciphertext from ElGamal cipher with Public key (p, r, a) =(2017, 5, 303) and Private key k = 1999 is
C1 1318 1318 1318 1318 1318 1318 1318 1318C2 536 1381 1967 1699 904 854 1967 1063
Find the plaintext.
June 8, 2017 38 / 44
Digital Signature of ElGamal Cipher
.Digital Signature(數位簽章)..
......
Digital Signature 的使用情境大概如下:假設 A 要傳訊息給 B,但是 B 要如何確認訊息真的是由 A 發送的呢?此時只要 A 在發送前, 利用自己的 private key 將訊息製作簽章碼,再傳給 B,B 再利用 A 的簽章碼進行驗証。如果訊息驗証通過,就可以確定訊息是由 A 所發出;即使訊息在傳送過程中被 C 所攔截,再使用 A 的 public key 還原成原本的訊息,還是沒辦法偽裝成 A 所發送的訊息 (因為這需要 A的 private key)。因此,Digital Signature 在實際應用上是很有意義的,因為這項技術代表了授權機制可以很容易建立起來。
June 8, 2017 39 / 44
Digital Signature of ElGamal Cipher
June 8, 2017 40 / 44
Digital Signature of ElGamal Cipher.Sender use public key (p, r, a) and private key k..
......
1 Selecting a integer j, 1 ≤ j ≤ p − 1 such that (j, p − 1) = 1
2 Take First block B of message M, computes
c ≡ r j (mod p); 0 ≤ c ≤ p − 1
a solution d of linear congruence
jd + kc ≡ B (mod p − 1); 0 ≤ d ≤ p − 2
3 The pair (c, d) is the digital signature appended to the message
.The recipient use the public key (p, r, a) to confirm the signature by..
......
1 V1 ≡ accd (mod p) and V2 ≡ rB (mod p)2 If V1 = V2, then the signature is accepted, otherwise it is
un-accepted. Why?
June 8, 2017 41 / 44
Digital Signature of ElGamal Cipher
若 message M 與附加簽章碼 (c,d) 是 Sender 送出來的, 則 V1 = V2
V1 ≡ accd ≡ (rk)c(rj)d
≡ rkc+jd = rB+s(r−1)
≡ rBrs(r−1)
≡ rB ≡ V2 (mod p)若 message M 與附加簽章碼 (c,d) 被第三者攔截, 並送出假訊息 M’with first block B’ ,B = B′, 與附加簽章碼 (c,d), 則 V1 = V2
V1 ≡ accd ≡ (rk)c(rj)d
≡ rkc+jd = rB+s(r−1)
≡ rBrs(r−1) ≡ rB
≡ rB′ ≡ V2 (mod p)
June 8, 2017 42 / 44
Problem of ElGamal Cipher
.Example..
......
1 Deliver the message SELL NOW; first block B = 18 to a person whohas secret key k = 15 and public key (p, r, a) = (43, 3, 22), where22 ≡ 315 (mod 43)
2 Take j = 25 such that (j, 42) = 1
3 c ≡ rj ≡ 325 ≡ 5 (mod 43)
4 jd + kc ≡ 25d + 15 · 5 ≡ B = 18 (mod 42) with solution d = 33
5 The digital signature (c, d) = (5, 33)
6 Recipient Check: V1 ≡ accd ≡ 225533 ≡ 35 (mod 43)
7 V2 ≡ rB ≡ 318 ≡ 35 (mod 43)
8 V1 = V2 Then the message come from Deliver.
June 8, 2017 43 / 44
Mod[2017, 54] PowerMod[2017, 34, 54]PowerMod[34,−1, 2017] GCD[2017, 1820]PrimitiveRoot[2017] PrimitiveRootList[2017]JacobiSymbol[45, 2017] (45/2017) Divisor[15]DivisorSigma[15] σ(15) Length[Divisors[15]] τ(15)MoebiusMu[15] µ(15) EulerPhi[15] ϕ(15)
��END��
June 8, 2017 44 / 44