Lecture 4

Cryptography

Text : Behrouz A. Forouzan, Cryptography and network security, MH 2008

1
TECHNIQUES

Cryptography
Steganography

Cryptography, a word with Greek origins, means “secret writing.”

However, we use the term to refer to the science and art of transforming
messages to make them secure and immune to attacks.

The word steganography, with origin in Greek, means “covered writing.”

2
Image of a tree. Removing all but the 2 least
significant bits of each color component produces an
almost completely black image. Making that image
85 times brighter produces the image left.

Image of a cat extracted from above image.

3
Catch me if you can…

4
Chapter 3
Traditional
Symmetric-Key Ciphers
§ Additive cipher
§ Multiplicative cipher
§ Affine cipher
§ Vigenere cipher

5
Symmetric-key cipher : Locking and unlocking with the same key

6
 3.2.1 Additive Cipher
Called a shift cipher and sometimes a Caesar cipher.

When the cipher is additive, the plaintext, ciphertext, and key are integers in
Z26. Caesar used a key of 3 for his communications.

7
 3.2.1 Continued -Additive Cipher
Example 3.3, 3.4
An additive cipher with key = 15.

We apply the encryption algorithm to the plaintext, character by character:

We apply the decryption algorithm to the plaintext character by character:

8
 3.2.1 Continued -Additive Cipher
Brute-force attack
Example 3.5
Eve has intercepted the ciphertext “UVACLYFZLJBYL”. Show how she can use a
brute-force attack to break the cipher.

Solution
Eve tries keys from 1 to 7. With a key of 7, the plaintext is “not very secure”, which
makes sense.

9
 3.2.1 Continued -Multiplicative Cipher

In a multiplicative cipher, the plaintext and ciphertext are integers in Z26; the
key is an integer in Z26*.

What is the key domain for any multiplicative cipher?

The key needs to be in Z26*.
This set has only 12 members: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.

10
 3.2.1 Continued -Multiplicative Cipher

Example 3.8

A multiplicative cipher with a key of 7.

11
 3.2.1 Continued - Affine Cipher

The affine cipher uses a pair of keys in which

the first key is from Z26* and the second is from Z26.

The size of the key domain is 26 × 12 = 312.

12
 3.2.1 Continued - Affine Cipher
Example 3.10
An affine cipher with the encoding key pair (7, 2)
Encryption with key pair (7, 2)

Decryption with key pair (7-1, -2) = (15, -2)

The additive cipher is a special case of an affine cipher in which k1 = 1.

The multiplicative cipher is a special case of affine cipher in which k2 = 0.

13
 3.2.2 Continued - Vigenere Cipher

Example 3.16
We can encrypt the message “She is listening” using the 6-character
keyword “PASCAL”.

14
 Try
1. Find the multiplicative inverse of each of the following integers in Z100 using the extended Euclid
algorithm.
(1) 37 (2) 3 (3) 71
2. Suppose that spaces, periods, question marks, and digits ( 0 to 9 ) are added to the plaintext to
increase the key domain of simple ciphers.
(1) What is the size of the key domain if an additive cipher is used?
(2) What is the size of the key domain if a multiplicative cipher is used?
(3) What is the size of the key domain if an affine cipher is used?

3. Use a brute-force attack to decipher the following message enciphered by Alice using an additive
cipher. Suppose that Alice always uses a key that is close to her birthday, which is on the 13th of
the month:
Cipher text = “TCTBNPIIPRZIDBDGGDLTKTCXCVUGDBIWTTPHI”

4. Use the Vigenere cipher with keyword “SMART” to encipher the message “Life is full of surprises.”

15
Modern Cipher Systems

Symmetric-key cryptography is based on sharing secrecy.

Asymmetric-key cryptography is based on personal secrecy.

Ciphers Secrecy Number of Operations Applications

keys

Symmetric Sharing nC2=n(n-1)/2 Substitution and Messages

Ciphers secrecy shared secret permutation of symbols encryption
keys (characters, or bits)
DES, AES
Asymmetric Personal n personal keys- Applying mathematical Short messages
Ciphers secrecy a public key functions to numbers Authentication
and a private Digital signature
RSA, ElGamal key

16
Modern
Symmetric-Key Ciphers
Chapter 6 DES 1975
Chapter 7 AES 2001

17
DES

The Data Encryption Standard (DES) is a symmetric-key block cipher

published by the National Institute of Standards and Technology
(NIST).

In 1973, NIST published a RFP for a national symmetric-key cryptosystem.

IBM’s Lucifer was accepted as DES.
In March 1975, DES was published as a draft of the Federal Information
Processing Standard.
# keys = 72,000,000,000,000,000 è
18
DES STRUCTURE

The encryption process is made of

two permutations (P-boxes), which
we call initial and final permutations,
and sixteen Feistel rounds.

19
AES

The Advanced Encryption Standard (AES) is a symmetric-key block

cipher published as FIPS 197 by the National Institute of Standards and
Technology in December 2001.

Candidates : 21 > 15 > 5 > 1 (Rijndael: security, cost, implementation)

AES has defined three versions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or 256), but
the round keys are always 128 bits.

20
AES STRUCTURE

21
Modern
Asymmetric-Key Ciphers
Chapter 10 RSA

22
10.1.1 Keys

Asymmetric key cryptography uses two separate keys:

one private and one public.

23
10.1.2 General Idea

The burden of providing security is mostly on the shoulders of

the receiver (Bob, in this case).

Bob needs to create two keys : one private and one public.
Bob is responsible for distributing the public key to the
community. (Chapter 15)

24
 10.1.4 Trapdoor One-Way Function
The main idea behind asymmetric-key cryptography is the concept of the
trapdoor one-way function.

One-Way Function (OWF) n=p×q

p = 397
1. f is easy to compute. n = 159197
q = 401
2. f −1 is difficult to compute.

Trapdoor One-Way Function (TOWF)

3. Given y and a trapdoor, x can be

computed easily.

A trapdoor is a door set into a floor or ceiling. An

entrance to secret passageway.

25
 10.1.4 Continued

Example 10.1 When n is large, n = p × q is a one-way function. Given p

and q , it is always easy to calculate n ; given n, it is very difficult to
compute p and q. This is the factorization problem.

Example 10.2 When n is large, the function y = xk mod n is a trapdoor

one-way function. Given x, k, and n, it is easy to calculate y. Given y, k, and
n, it is very difficult to calculate x. This is the discrete logarithm problem.

However, if we know the trapdoor, k′ such that k × k ′ = 1 mod f(n), we can

use x = yk′ mod n to find x.

26
10-2 RSA CRYPTOSYSTEM

The most common public-key algorithm is the RSA cryptosystem,

named for its inventors (Rivest, Shamir, and Adleman).

27
10.2.1 Introduction

Figure 10.5 Complexity of operations in RSA

28
 10.2.2 Procedure
Figure 10.6 Encryption, decryption, and key generation in RSA

Step 1

Step 2

Step 3

29
10.2.2 Continued
In RSA, p and q must be
at least 512 bits; n must
be at least 1024 bits.

30
 10.2.2 Continued
Proof of RSA

e
Encryption C = P mod n
d
Decryption P = C mod n

a kf ( n )+1 º a mod n Euler’s theorem

31
 10.2.3 Some Trivial Examples

Example 10.5 Step 1 : Bob chooses 7 and 11 as p and q and calculates

n = 77. The value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then d is 37. Note
that e × d mod 60 = 1 (they are inverses of each.) Step 2 : Now imagine
that Alice wants to send the plaintext 5 to Bob. She uses the public
exponent 13 to encrypt 5.

Step 3 : Bob receives the ciphertext 26 and uses the private key 37 to
decipher the ciphertext:

32
 10.2.3 Continued

Example 10.6 Step 2 : Now assume that another person, John, wants to
send a message to Bob. John can use the same public key announced by
Bob (probably on his website), 13; John’s plaintext is 63. John calculates
the following:

Step 3 : Bob receives the ciphertext 28 and uses his private key 37 to
decipher the ciphertext:

33
 10.2.3 Continued

Example 10.7 Step 1 : Jennifer creates a pair of keys for herself. She chooses p
= 397 and q = 401. She calculates n = 159197. She then calculates f(n) = 158400.
She then chooses e = 343 and d = 12007. Show how Ted can send a message to
Jennifer if he knows e and n.

Step 2 : Suppose Ted wants to send the message “NO” to Jennifer. He changes
each character to a number (from 00 to 25), with each character coded as two
digits. He then concatenates the two coded characters and gets a four-digit
number. The plaintext is 1314.

34
Try
n Given n = 221 and e = 5, find d.
n Given p = 19, q = 23, and e = 3, find n, f(n), and d.

35
Mathematics of Cryptography
Euclid algorithm to find GCD(a, b) and inverse of d in Zn.
Euler’s totient functions and Euler Theorem
Fast modular exponentiation.

36
Euclid Algorithm
Euclid algorithm to find GCD(a, b) and (s, t) such that

i ri qi si ti
0 161 1 0
1 28 5 0 1
2 21 1 1 -5
3 7 3 -1 6
4 0

We get gcd (161, 28) = 7, s = −1 and t = 6.

37
Additive Inverses in Zn
In Zn, two numbers a and b are additive inverses of each other if

Find all additive inverse pairs in Z10.

The six pairs of additive inverses are
(0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5, 5).

38
Multiplicative Inverses in Zn
In Zn, two numbers a and b are the multiplicative inverse of each other if

Find all multiplicative inverses in Z10.

There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers 0, 2, 4, 5, 6, and 8 do
not have a multiplicative inverse.

Find all multiplicative inverse pairs in Z11.

We have six pairs: (1, 1), (2, 6), (3, 4), (5, 9), (7, 8), and (10, 10).

The inverse of b exists only if gcd (n, b) = 1 (mod n)

39
Euclid Algorithm to find inverses
Find the multiplicative inverse of 11 in Z26.

i ri qi si ti
0 26 1 0
1 11 2 0 1
2 4 2 1 -2
3 3 1 -2 5
4 1 3 3 -7 The gcd (26, 11) is 1; the inverse of 11
5 0 is -7 or 19.

Try to find the multiplicative inverse of 23 in Z100. (The gcd (100, 23) is 1; the
inverse of 23 is -13 or 87.)

40
Matlab: Finding the inverse; d = e-1 mod f (n)

function [d] = extEA(e, phi_n) if (gcd ~= 1)

% extEA.m 'e is not invertible'
% extended Euclidean algorithm return
% finding modulo inverse of e mod end
phi(n)
% now compute the inverse d
r1 = phi_n;
r2 = e; t1 = 0; t2 = 1; k = k - 2;
for i=1:k
k = 1; t = t1 - q(i) * t2;
while(r2 > 0) t1 = t2;
q(k) = fix(r1 / r2); t2 = t;
r = mod(r1, r2); end
r1 = r2; d = mod(t, phi_n);
r2 = r; end
k = k + 1;
end
gcd = r1;
Try e-1 mod f (n)
11-1 mod 60
(n= pxq)
(77 = 7 x 11)
15-1 mod 288 (323 = 17 x 19)
20-1 mod 360 (403 = 31 x 13)
49-1 mod 616 (667 = 23 x 29)
41
 9.1.4 Euler’s Phi-Function
Euler’s phi-function, f (n), which is sometimes called the
Euler’s totient function plays a very important role in cryptography.
f (n) = the number of integers which are less than n and coprime to n.

Example 9.7 f(13) = (13 −1) = 12.

Example 9.8 f(10) = f(2) × f(5) = 1 × 4 = 4, because 2 and 5 are primes.

Example 9.9 What is the value of f(240)? We can write 240 = 24 × 31 × 51.
f(240) = (24 −23) × (31 − 30) × (51 − 50) = 64
Find the value of f(29), f(32), f(80), f(100), f(101).

42
 9.1.6 Euler’s Theorem
First Version af ( n ) º 1 mod n
Second Version a kf ( n )+1 º a mod n

Example 9.15 Find the result of 624 mod 35.

Solution We have 624 mod 35 = 6f(35) mod 35 = 1.

Example 9.16 Find the result of 2062 mod 77.

Solution If we let k = 1 on the second version, we have

2062 mod 77 = (20 mod 77) (20f(77) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.

The second version of Euler’s theorem is used in the RSA

cryptosystem.

43
 9.6.1 Modular Exponentiation
Fast Exponentiation

Figure 9.6 The idea behind the square-and-multiply method

44
 9.6.1 Continued
Example 9.45 Figure 9.7 shows the process for calculating y = ax using the
Algorithm 9.7 In this case, x = 22 = (10110)2 in binary. The exponent has five bits.
Calculation of a22 using square-and-multiply method

45
Matlab: Fast modular exponentiation

% modular exponentiation
% modexp.m

function [mexp] = modexp(p, e, n)

mexp = 1;
s = p;
while ( e > 0 ) Try
if ( mod(e, 2) == 1) mexp =
mod(mexp * s, n); n 515 mod 13
end n 1518 mod 17
s = mod(s * s, n); n 45617 mod 17
e = fix(e / 2);
end n 145102 mod 101

46
Pre-Examination on cryptography

1. I have a coin with probability p of HEADS. I flip it n 5. Find all solutions to each of the following linear
times. Pr [at least one HEADS] = equations.
(1) 3x º 4 (mod 5)
2. Solve the following. (2) 4x º 4 (mod 6)
(1) Given gcd(a, b) = 24, find gcd(a, b, 16). (3) 10x º 2 (mod 15)
(2) Given gcd(a, b, c) = 12, find gcd(a, b, c, 16).
(3) Find gcd(200, 180, 450). 6. Find (A´B) mod 16 using the matrices below.
(4) Find gcd(200, 180, 450, 610). é2ù é3 4 6ù é 2 0 1 ù
3. Find the results of the following operations. [3 7 10] ´ êê 4 úú ê1 1 8 ú ´ ê 1 1 0 ú
ê ú ê ú
(1) 22 mod 7. A êë12 úû êë5 8 3úû êë 5 2 4 úû
(2) (273 + 147) mod 10. B A B
(3) (144 ´ 34) mod 12.

4. The following shows the remainders of powers of 10

when divided by 7. We can prove that the pattern will
be repeated for higher powers.
100 mod 7 = 1, 101 mod 7 = 3, 102 mod 7 = 2
103 mod 7 = -1, 104 mod 7 = -3, 105 mod 7 = -2

Using the above information, find the remainder of

an integer when divided by 7. Test your method with
631,453,672.

47