Inverse

I Last time, we discuss Euclid’s algorithm and uses it to show that for
a prime number p, any integer that is non-zero modulo p has an
inverse modulo p.
I Like, 5 is the inverse of 9 mod 11 as 9 × 5 = 45 ≡ 1 (mod 11).
I In arithmetic modulo 11, we say things like
2/9 = 2 × 5 = 10 ≡ −1 (mod 11).
I Such inverses can indeed be found reasonably quickly via Euclid’s
algorithm in practice, even if all the integers involved has hundreds
of digits.
I For example, look at gcd(21, 13) = gcd(13, 8) = gcd(8, 5) =
gcd(5, 3) = gcd(3, 2) = gcd(2, 1) = 1.
I In binary, this is gcd(10101, 1101) = gcd(1101, 1000) =
gcd(1000, 101) = gcd(101, 11) = gcd(11, 10) = gcd(10, 1) = 1.
I The number of digits has to decrease by at least one every two
steps. So if we are dealing with integers with < 1024 binary digits,
the algorithm has to give us the answer in 2048 steps (in fact
slightly faster - the worst case in a bit less than 1500 steps).
The field Fp

I So we have a data structure for which we can add, subtract,

multiply and divide. It’s like the rational numbers, and such
structure is called a field.
I To be precise, a field is a set with 0, 1 and equipped with addition
and multiplication such that
1. a + b = b + a.
2. (a + b) + c = a + (b + c).
3. a + 0 = 0 + a.
4. For any a there is a −a with a + (−a) = 0.
5. ab = ba
6. (ab)c = a(bc),
7. a·1=1·a
8. a(b + c) = ab + ac
9. For any a 6= 0 there is an a−1 with a · a−1 = 1.
I One then define (or rather writes) a − b := a + (−b), a/b := a · b −1 .
(The := symbol reads ”be defined as.”)
Finite fields

I A finite field is, evidently, a field that has only finitely many
elements. Fp is a finite field.
I Some tricky issue appears: even though we represent elements in Fp
by integers - and there are infinitely many integers, we identify 0
with p and 1 with p + 1, ... so that there are only finitely many
possibilities left.
I The typically way to list them is {0, 1, 2, ..., p − 1}. It’s common to
identify Fp as {0, 1, 2, ..., p − 1}.
I Occasionally, one want to think about −1 ∈ Fp , −2 ∈ Fp , ... etc.
For this reason we keep the flexibility that any integer is allowed to
represent an element in Fp , so that −1 and p − 1 gives the same
element.
I Next week (I think) we will see that there are some other finite
fields, to be used for various purpose.
The basic cipher with Fp
I Now, suppose Cheng-Chiang and Juan wants to exchange some
secret message. They can decide some large prime p
I Say p = 65543, a bit larger than 216 .
I Cheng-Chiang and Juan agrees to group their message into a
sequence of 2-bytes packages. Each 2-bytes package is a sequence of
16 zeros and ones and can be read as 0 ≤ n < 216 . They also
choose a random integer as “key” - how about k := 2020 - and
encrypt each data n by sending m := n × 2020 mod p.
I To decrypt it, one computes 2020−1 ∈ Fp for preparation and
compute n = m × 2020−1 mod p (as an integer between 0 and p).
I Suppose their method is known or guessed, then after a lot of
transmissions p will likely be inferred by looking at the range of m
sent. But if their key k is safe, then it’s probably ok? (With much
larger p in computer age, of course).
I The first trouble, I suppose, is that if somebody stole/guess any
sample of (m, n), then they can infer k from k = m/n in Fp .
I The classical way is then to use a password book for the password
(i.e. key) k and change the password every hour. But we don’t want
to store a password book before we visit an website. In fact, when
we visit an website we don’t even have a first password!
Diffie-Hellman
In fact, when we visit an website we don’t even have a first password!

I In 1976, Whitfield Diffie and Martin Hellman published the following

idea to generate a password in public.
I It goes like this: Let’s keep p = 65543. Cheng-Chiang chooses a
positive integer - say α. Juan also chooses one - say δ. Both α and
δ are private - they keep to themselves.
I They decide some number in common, say b = 2020. Without a
method to securely communicate earlier, it is assumed that B is
overheard.
I They compute A = b α mod p and D = b δ mod p. They
communicate A and D to each other. Again, it is assumed that A
and D are overheard.
I They compute k := Aδ = (b α )δ = b αδ = (b δ )α = D α , all modulo p.
The highlight is that to compute this number it suffices to know
either δ or α, but not necessarily both!
I This k is agreed to be their key.
Discrete logarithm
k = Aδ = D α is agreed to be their key.

I Why is this a good idea?

I Let’s examine what is (assumed) public: all the roman letters p, b,
A = b α and D = b δ are assumed to be public.
I There doesn’t seem to be a direct way to compute k unless one try
to figure out α or δ first.
I If these are done in the rational numbers, then we can say
α = logb A. This log can be computed via various approximations.
I But in modulo arithmetic - say p = 13, b = 2 and α = 8 so that
b α = 256 ≡ 9 (mod 13). Is there a way to look at 9 and 2 and
decide “log2 9 = 8” in Fp ?
I Like, when p has hundreds of digits? That will be our topic next
time.