Network Security and Cryptography (BTCS 701-18)

Chapter-2
Math Background

Modular Arithmetic
Modular arithmetic is a system of arithmetic for integers, where values reset to zero and begin to
increase again, after reaching a certain predefined value, called the modulus (modulo). Modular
arithmetic is widely used in computer science and cryptography.
What is Modular Arithmetic?
In modular arithmetic, we select an integer, n, to be our “modulus”. Then our system of numbers
only includes the numbers 0, 1, 2, 3, ..., n-1. In order to have arithmetic make sense, we have the
numbers “wrap around” once they reach n.

Example: If we pick the modulus 5, then our solutions are required to be in the set 0, 1, 2, 3,
{
4 . We have 2+1=3 and 2+2=4 as usual. Then 2+3=5, which is not in our set, so it wraps around }
giving 2+3=0. Then 2+4=6, which wraps around to be 1.
This may seem strange, but in fact we use it everyday! Consider a clock, we go from 1 o’clock to 2
o’clock, ..., 11 o’clock, 12 o’clock, then back to 1 o’clock, and so on. This is an example of when
the modulus is 12 and for clocks we use 1, 2, ..., 12 instead of 0,1,
}{ } {
..., 11 , but these are the same because we consider 0 and 12 to be the same in terms of wrapping
around.

How do we write modular arithmetic?

Continuing the example above with modulus 5, we write:
2+1 = 3 (mod 5) = 3
2+2 = 4 (mod 5) = 4
2+3 = 5 (mod 5) = 0
2+4 = 6 (mod 5) = 1

Challenge question! What is 134 (mod 5)?

It might help us to think about modular arithmetic as the remainder when we divide by the
modulus. For example 214 (mod 5) = 4 since 214 = 42 with remainder 4 (because 214 =
42*5 +4)
5

1
Network Security and Cryptography (BTCS 701-18)
Using the Caesar Cipher:
Line up the wheelsso that the “a” lines up with “D”. Now hold the wheelso that it doesn’t turn.
Convert the ciphertext into plaintext using the wheel to solve the followingriddle!
Riddle: What do you get if you divide the circumference of a jack-o-lantern by its diameter?
Answer: SXPSNLQ SL

Now line up with wheels so that “a” lines up with “R”.

Riddle:Why was the math book sad?
Answer: ZK YRU KFF DREP GIFSCVDJ
What if you find a secret message on the floor, and you don’t know the “key” of how to turn the
wheel? Can you still crack the secret message? Give it a try!
Hint: If you see a one letter word, what could it be?
Secret Message: Q VQHCUH YD JXU VYUBT MYJX XYI SEMI SEKDJUT DYDUJO EV
JXUC, RKJ MXUD XU HEKDTUT JXUC KF XU XQT EDU XKDTHUT.

Secret Message: YJIJUUNU URWNB QJEN BX VDLQ RW LXVVXW. RC’B J BQJVN

CQNH’UU WNENA VNNC.

Secret Message: YMWJJ TZY TK YBT UJTUQJ XYWZLLQJ BNYM KWFHYNTSX.

It’s time to put our cryptography skills to use!

We will split everyone into two teams. Each person will write down the name of your favorite type
of candy or candy bar. Then you will encrypt it picking a shift of the wheel, so if you pick “nerds”
and a shift of lining up “a” and “B” then n O, e F, etc. Don’tsay your candy type out loud → →
and don’t tell anyone your shift! Once everyone has encoded their favorite type of candy, the two
teams will switch and whichever team decrypts all the candy types fastest wins some real candy!

You can fill out the lines below if it helps you encrypt your candy name, but don’t let the other
team see it!

Candy name:
Line up the wheels so that the lowercase letter lines up with the capital letter . Encrypted candy
name:

2
Network Security and Cryptography (BTCS 701-18)
How do Modular Arithmetic and Caesar Ciphers relate?

Since there are 26 letters in the English alphabet, let’s relate the letters a-zby numbers 0-25 as
shown by the diagram below.

Notice going from “a” to “D” was a shift of 3 letters over. Thus we can encrypt the word
“pumpkin” by relating “p” with 15 on the wheel, adding 3 to get 18, and then we turnthis back into
a letter, which gives us “S”. Similarly “u” → 20 → 23 → X.

Challenge Questions!

1) What number did we “add” in the second riddle to encrypt the message?

2) If adding 3 took us from the plaintext to the ciphertext, what do you think we would do to go
from the ciphertext back to the plaintext?

3) How many different ways can you encrypt a message using a Caesar cipher? Hint: What does
“adding” 26 do?

4) From your experience cracking the secret messages do you think it is relatively easy or hard to
test all combinations to crack someone’s secret message?

5) Can you think of something we could do to make secret messages more secure?

3
Network Security and Cryptography (BTCS 701-18)

How to Crack the Caesar Cipher:

As we’ve discovered, there are only 25 different shifts we can use to encrypt a message with a
Caesar cipher. Because of this, the Caesar cipher is considered to be a very weak type of
cryptography. We call the act of testing all 25 options until finding the key, the method of brute
force.
However, even if we couldn’t use brute force the Caesar cipher is still considered to be
weak. This is because each letter of the alphabet (say “a”) always gets encrypted to the same letter
(which depends on your shift). Also two different letters cannot go to the same letter (meaning we
cannot send “a” to “N” and send “b” to “N”. Because of this one-to-one correspondence, another
method of cracking the Caesar cipher is with frequency analysis. In the English language, the
most common letter is “e” which occurs 12.7% of the time!
This means that on average every 8th letter in a sentence is an “e”. Just look at that last sentence
and notice how many “e”’s were in it! The second most common letter is “t” which occurs 9.1% of
the time. The third most common letter is “a” which occurs 8.2% of the time. The frequencies of
each letter are shown below.

The way to use frequency analysis to break the Caesar cipher is as follows. First count of the
number of “A”’s in the ciphertext, the number of “B”’s in the ciphertext, the number of “C”’s, etc.
Then when you plot those values on a graph, you should see the same pattern of spikes, but shifted
in a different position. This will be the shift or “key” to the Caesar cipher! It’s important to note
that this method is not good for short ciphertexts (such as a single word) because the frequencies
of a short text could be off. Also this method is not full-proof: there is a book Gadsby by Ernest
Vincen Wright that does not contain the letter “e” (think of how much work writing that book must
have been!).

4
Network Security and Cryptography (BTCS 701-18)

The Vigen`ere Cipher

A major weakness of the Caesar cipher is that there are not many ways to encrypt a message. Also
long messages encrypted with the Caesar cipher are easily cracked using “fre- quency analysis”. A
stronger cipher is the Vigen`ere cipher. Here’s how it works!

1) Pick any small integer (say 3). This will be the “key length”
2) Now since we chose 3 above, we need to pick 3 different numbers to be our shifts (say shift 2,
shift 9, and shift 21).
3) We encode our secret message by shifting the 1st, 4th, 7th, ... letters by 2. The 2nd, 5th, 8th, ...
letters we shift by 9. And the 3rd, 6th, 9th ... letters we shift by 21.

For example: Encrypting the word “pineapple” we have: “p”

15 17 “R”
→→→
“i” 8 17 “R”
→→→
“n” 13 13+21 = 34 (mod 26) = 8 “I”
→→→
“e” 4 6 “G”
→→→
“a” 0 9 “J”
→→→
“p” 15 15+21=36 (mod 26) = 10 “K”
→→→
“p” 15 17 “R”
→→→
“l” 11 20 “U”
→→→
“e” 4 4+21=25 “Z”
→→→
So “pineapple” became “RRIGJKRUZ”.

Notice if we had picked the number 1 in the first step of the process we have the Caesar cipher!

Let’s try it out!

One way people use the Vigen`ere cipher is to pick a short codeword, say “dog”. This means your key
length will be 3 because “dog” has 3 letters. It also means your first shift is d=3 on the wheel.
Your second shift is o=14, and your third shift is g=6. These are the shifts that the person writing
the secret message uses, so do decode the message you will subtract 6 from the 1st, 4th, 7th, etc
letters, and so on.

One way to organize creating a Vigen`ere cipher is as follows:

1) Start with a blank grid with three rows:

5
Network Security and Cryptography (BTCS 701-18)
2) Fill in the middle line with the message you’d like to encrypt:

3) Pick your code word and write it on top (including the shifts these letters correspond to). Also
convert your message letters to the corresponding numbers they represent:

4) Repeat the code across the top, then add down the numbers (mod 26) and convert those number
back into letters:

You could use a similar system to decode Vigen`ere ciphers, using - instead of + for the codeword.

6
Network Security and Cryptography (BTCS 701-18)

Let’s try it out! Suppose we arranged our secret codeword to be “dog” and I sent you the secret
message below. Try to decode it! I’ve started the table for you!

Secret Message: ZVE GCKV BUEBJB HGOY ZR QOUQRHG? HHQGXGK WVKUS OV BU

SCOQH.
7
Network Security and Cryptography (BTCS 701-18)

Now you try to create a secret message! Pick a codeword and encrypt your name (or any other
secret message you’d like!) using the grids below to help guide you.
Trade with someone else and try to decrypt their name (or secret message). Make sure you ask
them for the codeword!:

8
Network Security and Cryptography (BTCS 701-18)

Challenge Questions!

1) How would you decrypt the Vigen`ere cipher used to encrypt “pineapple”?

2) In general, if your friend said they encrypted a Vingen`ere cipher using the key (5,11,1, 2), how
would you decrypt their ciphertext?
3) If you pick the integer 3 in the first step of the Vigen`ere process, how many different ways could
you encrypt a message? What if you pick the integer 5?

4) In the Caesar cipher, the same letter always got turned into the same letter (for ex- ample the “p”
in pumpkin always turned into an “S”. Does this happen in the Vigen`ere cipher? Hint: look at what
happened to “pineapple”.

5) Also in the Caesar cipher you could not encrypt two different letters to be the same letter
(meaning if “p” “S” then nothing else can go to “S”). Is this true of the Vigen`ere cipher too?
→
Hint: again look at what happened to “pineapple”.

6) Is this more or less secure than the Caesar cipher? By a little or a lot?

Extreme Challenge Question!

In the Caesar cipher and Vigen`ere cipher we encrypted the words by adding to the value of the letter
(mod 26). And thus we could decrypt by subtracting that value (mod 26). Now instead of adding
(mod 26), couldweusemultiplication (mod 26)? Wellit’s certainlyeasyto say “sure multiply by 3
then take the answer modulo 26”, but then how would you decrypt? What would it mean to
“divide” (mod 26)?

9
Network Security and Cryptography (BTCS 701-18)

The Euclidean Algorithm and the Extended Euclidean Algorithm

The Euclidean Algorithm

The Euclidean algorithm is an efficient method to compute the greatest common divisor (gcd)
of two integers. It was first published in Book VII of Euclid's Elements sometime around 300
BC.

We write gcd(a, b) = d to mean that d is the largest number that will divide both a and b. If
gcd(a, b) = 1 then we say that a and b are coprime or relatively prime. The gcd is sometimes
called the highest common factor (hcf).

Algorithm: (Euclidean algorithm) Computing the greatest common divisor of two integers.
(Ref: [MENE97], 2.104)

INPUT: Two non-negative integers a and b with a ≥ b. OUTPUT: gcd(a, b).

1. While b > 0, do
a. Set r = a mod b,
b. a = b,
c. b = r
2. Return a.

The proof uses the division algorithm which states that for any two integers a and b with b > 0
there is a unique pair of integers q and r such that a = qb + r and 0 <= r < b. Essentially, a gets
smaller with each step, and so, being a positive integer, it must eventually converge to a solution
(i.e. it cannot get smaller than 1).

If you have negative values for a or b, just use the absolute values |a| and |b| in the above
algorithm. By convention, if b = 0 then the gcd is a.

Typical Exam Questions

Every exam in number theory has a question on the Euclidean algorithm. They are a gift. Spend
your last night before the exam practising it. Here's how we like to lay it out (the comments are
just for guidance; they are not needed in a formal solution).

10
Network Security and Cryptography (BTCS 701-18)

Question 1(a): Find gcd(421, 111).

Answer:
We use the Euclidean algorithm as follows:

421 = 111 x 3 + 88 (larger number on left)

111 = 88 x 1 + 23 (shift left)
88 = 23 x 3 + 19 (note how 19 moves down the "diagonal")
23 = 19 x 1 + 4
19 = 4 x 4 + 3
4 = 3 x 1 + 1 (last non-zero remainder is 1)
3=1x3+0

The last non-zero remainder is 1 and therefore gcd(421, 111) = 1.

At each step, take the larger number, divide by the other and then round down your answer to
an integer value. So 421 / 111 = 3.793 gives 3. Then find the remainder, 421 - 111 x 3 = 88, so
we can write out the line as 421 = 111 x 3 + 88. Repeat for the smaller number (111) until the
remainder is zero. The last non-zero remainder is the gcd, in this case 1. (Once you have 1 as a
remainder, the last line is not really necessary, but we keep it in for completeness.)

In our view, it really helps to be strict in how you lay out the solution. Otherwise you'll get
flustered in an exam and make a mistake. Note how we always write each line with the quotient
(111) on the left followed by the divisor (3). If you do that you always have the correct number
ready to "shift left" to the other side on the next line.

Note how, if we lay it out this way, each number moves down a diagonal from top right to
bottom left. This gives you a check as you go along.

421 = 111 x 3 + 88
111 = 88 x 1 + 23
88 = 23 x 3 + 19
23 = 19 x 1 + 4
19 = 4 x 4 + 3
4=3x1+1
3=1x3+0

Here's another example. Question 2(a): Find gcd(93, 219).

11
Network Security and Cryptography (BTCS 701-18)

219 = 93 x 2 + 33
93 = 33 x 2 + 27
33 = 27 x 1 + 6
27 = 6 x 4 + 3
6=3x2+0
The last non-zero remainder is 3 and therefore gcd(93, 219) = 3.

The Extended Euclidean Algorithm

The Extended Euclidean Algorithm is just a fancier way of doing what we did Using the
Euclidean algorithm above. It involves using extra variables to compute ax + by = gcd(a, b) as
we go through the Euclidean algorithm in a single pass. It's more efficient to use in a computer
program. But if you are doing a calculation by hand, honestly, it's simpler just to use the method
above.

Algorithm: Extended Euclidean algorithm. (Ref: [MENE97], Algorithm 2.107)

INPUT: Two non-negative integers a and b with a ≥ b. OUTPUT: d = gcd(a, b) and integers x
and y satifying ax + by = d.

1. If b = 0 then set d = a, x = 1, y = 0, and return(d, x, y).

2. Set x2 = 1, x1 = 0, y2 = 0, y1 = 1
3. While b > 0, do
a. q = floor(a/b), r = a - qb, x = x2 - qx1, y = y2 - q y1.
b. a = b, b = r, x2 = x1, x1 = x, y2 = y1, y1 = y.
4. Set d = a, x = x2, y = y2, and return(d, x, y).

There are more efficient methods to do both the Euclidean algorithm and the extended
Euclidean algorithm on a computer using binary techniques. See [MENE97] algorithms 14.54
and 14.61, and the Binary GCD code below.

Computer programs

Using the Euclidean Algorithm to find the gcd

int gcd(int a, int b)
{
int r;
if (a < 0) a = -a;

12
Network Security and Cryptography (BTCS 701-18)

if (b < 0) b = -b;
if (b > a) { /* swap */
r = b; b = a; a = r;
}
while (b > 0) {
r = a % b;
a = b;
b = r;
}
return a;
}

Prime numbers cryptography:

13
Network Security and Cryptography (BTCS 701-18)

Go check your e-mail. You’ll notice that the webpage address starts with “https://”. The
“s” at the end stands for “secure” meaning that a process called SSL is being used to encode
the contents of your inbox and prevent people from hacking your account. The heart of SSL
– as well as pretty much every other computer security or encoding system – is something
called a public key encryption scheme. The first article below describes how a public key
encryption scheme works, and the second explains the mathematics behind it: prime numbers
and mod n arithmetic.

1. A Primer on Public-key Encryption

Adapted from a suppliment to The Atlantic magazine, September 2002. By Charles Mann.
Public-key encryption is complicated in detail but simple in outline. The article below is
an outline of the principles of the most common variant of public-key cryptography, which
is known as RSA, after the initials of its three inventors.
A few terms first: cryptology, the study of codes and ciphers, is the union of cryptography
(codemaking) and cryptanalysis (codebreaking). To cryptologists, codes and ciphers are not
the same thing. Codes are lists of prearranged substitutes for letters, words, or phrases – i.e.
“meet at the theater” for “fly to Chicago.” Ciphers employ mathematical procedures called
algorithms to transform messages into unreadable jumbles. Most cryptographic algorithms
use keys, which are mathematical values that plug into the algorithm. If the algorithm says
to encipher a message by replacing each letter with its numerical equivalent (A = 1, B = 2,
and so on) and then multiplying the results by some number X, X represents the key to the
algorithm. If the key is 5, “attack,” for example, turns into “5 100 100 5 15 55.” With a key
of 6, it becomes “6 120 120 6 18 66.” (Nobody would actually use this cipher, though; all
the resulting numbers are divisible by the key, which gives it away.) Cipher algorithms and
cipher keys are like door locks and door keys. All the locks from a given company may work
in the same way, but all the keys will be different.
In non-public-key crypto systems, controlling the keys is a constant source of trouble.
Cryp- tographic textbooks usually illustrate the difficulty by referring to three mythical
people named Alice, Bob, and Eve. In these examples, Alice spends her days sending secret
messages to Bob; Eve, as her name indicates, tries to eavesdrop on those messages by
obtaining the key. Because Eve might succeed at any time, the key must be changed
frequently. In practice this cannot be easily accomplished. When Alice sends a new key to
Bob, she must ensure that Eve doesn’t read the message and thus learn the new key. The
obvious way to prevent eavesdropping is to use the old key (the key that Alice wants to
replace) to encrypt the message containing the new key (the key that Alice wants Bob to
employ in the future). But Alice can’t do this if there is a chance that Eve knows the old key.
Alice could rely on a special backup key that she uses only to encrypt new keys, but
presumably this key, too, would need to be changed. Problems multiply when Alice wants to
send messages to other people. Obviously, Alice shouldn’t use the key she uses to encrypt
messages to Bob to communicate with other people – she doesn’t want one compromised
key to reveal everything. But managing the keys for a large group is an administrative horror;
a hundred- user network needs 4,950 separate keys, all of which need regular changing. In
the 1980s, Schneier says, U.S. Navy ships had to store so many keys to communicate with
other vessels that the paper records were loaded aboard with forklifts.
Public-key encryption makes key-management much easier. It was invented in 1976 by
two Stan- ford mathematicians, Whitfield Diffie and Martin Hellman. Their discovery can
be phrased simply:
enciphering schemes should be asymmetric. For thousands of years all ciphers were

14
Network Security and Cryptography (BTCS 701-18)
symmetric – the key for encrypting a message was identical to the key for decrypting it, but
used, so to speak, in reverse. To change “5 100 100 5 15 55” or “6 120 120 6 18 66” back
into “attack,” for instance, one simply reverses the encryption by dividing the numbers with
the key, instead of multiplying them, and then replaces the numbers with their equivalent
letters. Thus sender and receiver must both have the key, and must both keep it secret. The
symmetry, Diffie and Hellman realized, is the origin of the key-management problem. The
solution is to have an encrypting key that is different from the decrypting key – one key to
encipher a message, and another, different key to decipher it. With an asymmetric cipher,
Alice could send encrypted messages to Bob without providing him with a secret key. In
fact, Alice could send him a secret message even if she had never before communicated with
him in any way.
“If this sounds ridiculous, it should,” Schneier wrote in Secrets and Lies (2001). “It sounds
impossible. If you were to survey the world’s cryptographers in 1975, they would all have
told you it was impossible.” One year later, Diffie and Hellman showed that it was possible,
after all. (Later the British Secret Service revealed that it had invented these techniques
before Diffie and Hellman, but kept them secret – and apparently did nothing with them.)
To be precise, Diffie and Hellman demonstrated only that public-key encryption was
possible in theory. Another year passed before three MIT mathematicians – Ronald L. Rivest,
Adi Shamir, and Leonard M. Adleman – figured out a way to do it in the real world. At the
base of the Rivest- Shamir-Adleman, or RSA, encryption scheme is the mathematical task
of factoring. Factoring a number means identifying the prime numbers which, when
multiplied together, produce that number. Thus 126,356 can be factored into 2 x 2 x 31 x
1,019, where 2, 31, and 1,019 are all
1
prime. (A given number has only one set of prime factors.) Surprisingly,
mathematicians regard factoring numbers – part of the elementary-school curriculum – as a
fantastically difficult task. Despite the efforts of such luminaries as Fermat, Gauss, and
Fibonacci, nobody has ever discovered a consistent, usable method for factoring large
numbers. Instead, mathematicians try potential factors by invoking complex rules of thumb,
looking for numbers that divide evenly. For big numbers the process is horribly time-
consuming, even with fast computers. The largest number yet factored is 155 digits long. It
took 292 computers, most of them fast workstations, more than seven months.
Note something odd. It is easy to multiply primes together. But there is no easy way to
take the product and reduce it back to its original primes. In crypto jargon, this is a
“trapdoor”: a function that lets you go one way easily, but not the other. Such one-way
functions, of which this is perhaps the simplest example, are at the bottom of all public-key
encryption. They make asymmetric ciphers possible.
To use RSA encryption, Alice first secretly chooses two prime numbers, p and q, each
more than a hundred digits long. This is easier than it may sound: there are an infinite supply
of prime numbers. Last year a Canadian college student found the biggest known prime:
−
13466917
2 1. It has 4,053,946 digits; typed without commas in standard 12-point type, the
number would be more than ten miles long. Fortunately Alice doesn’t need one nearly that
big. She runs a program that randomly selects two prime numbers for her and then she
multiplies them by each other, producing pq, a still bigger number that is, naturally, not
prime. This is Alice’s“public key.” (In fact, creating the key is more complicated than I
suggest here, but not wildly so.)

As the name suggests, public keys are not secret; indeed, the Alices of this world often
post them on the Internet or attach them to the bottom of their e-mail. When Bob wants to
 15
Network Security and Cryptography (BTCS 701-18)

send Alice a secret message, he first converts the text of the message into a number. Perhaps,
as before, he transforms “attack” into “5 100 100 5 15 55.” Then he obtains Alice’s public
key – that is, the number pq – by looking it up on a Web site or copying it from her e-mail.
(Note here that Bob does not use his own key to send Alice a message, as in regular
encryption. Instead, he uses Alice’s key.) Having found Alice’s public key, he plugs it into a
special algorithm invented by Rivest, Shamir, and Adleman to encrypt the message.
At this point the three mathematicians’ cleverness becomes evident. Bob knows the
product pq, because Alice has displayed it on her Web site. But he almost certainly does not
know p and q themselves, because they are its only factors, and factoring large numbers is
effectively impossible. Yet the algorithm is constructed in such a way that to decipher the
message the recipient must know both p and q individually. Because only Alice knows p and
q, Bob can send secret messages to Alice without ever having to swap keys. Anyone else
who wants to read the message will somehow have to factor pq back into the prime numbers
p and q.2
In the real world, public-key encryption is practically never used to encrypt actual
messages. The reason is that it requires so much computation – even on computers, public
key is very slow. According to a widely cited estimate by Schneier, public-key crypto is
about a thousand times slower than conventional cryptography. As a result, public-key
cryptography is more often used as a solution to the key-management problem, rather than
as direct cryptography. People employ public-key to distribute regular, private keys, which
are then used to encrypt and decrypt actual messages. In other words, Alice and Bob send
each other their public keys. Alice generates a symmetric key that she will only use for a
short time (usually, in the trade, called a session key), encrypts it with Bob’s public key, and
sends it to Bob, who decrypts it with his private key. Now that Alice and Bob both have the
session key, they can exchange messages. When Alice wants to begin a new round of
messages, she creates another session key. Systems that use both symmetric and public-key
cryptography are called hybrid, and almost every available public-key system, such as PGP
is a hybrid.
2. The math behind RSA encryption
Adapted from a text by math educator Tom Davis. You can find this material, and more, at
http://mathcircle.berkeley.edu/BMC3/rsa/node4.html
It is very simple to multiply numbers together, especially with computers. But it can be
very difficult to factor numbers. For example, if I ask you to multiply together 34537 and
99991, it is a simple matter to punch those numbers into a calculator and 3453389167. But
the reverse problem is much harder.
Suppose I give you the number 1459160519. I’ll even tell you that I got it by multiplying
together two integers. Can you tell me what they are? This is a very difficult problem. A
computer can factor that number fairly quickly, but (although there are some tricks) it
basically does it by trying most of the possible combinations. For any size number, the
computer has to check something that is of the order of the size of the square-root of the
number to be factored. In this case, that square-root is roughly 38000.
Now it doesn’t take a computer long to try out 38000 possibilities, but what if the number
to be factored is not ten digits, but rather 400 digits? The square-root of a number with 400
digits is a number with 200 digits. The lifetime of the universe is approximately 1018
seconds - an 18 digit number. Assuming a computer could test one million factorizations per
24
second, in the lifetime of the universe it could check 10 possibilities. But for a 400
200
digit product, there are 10 possibilities. This means the computer would have to
run for 10176 times the life of the universe to factor the large number.
 16
Network Security and Cryptography (BTCS 701-18)

It is, however, not too hard to check to see if a number is prime–in other words to check
to see that it cannot be factored. If it is not prime, it is difficult to factor, but if it is prime, it
is not hard to show it is prime.
So RSA encryption works like this. I will find two huge prime numbers, p and q that have
100 or maybe 200 digits each. I will keep those two numbers secret (they are my private key),
and I will multiply them together to make a number N = pq. That number N is basically my
public key. It is relatively easy for me to get N ; I just need to multiply my two numbers. But
if you know N , it is basically impossible for you to find p and q. To get them, you need to
factor N , which seems to be an incredibly difficult problem.
But exactly how is N used to encode a message, and how are p and q used to decode it?
Below is presented a complete example, but I will use tiny prime numbers so it is easy to
follow the arithmetic. In a real RSA encryption system, keep in mind that the prime
numbers are huge.
In the following example, suppose that person A wants to make a public key, and that
person B wants to use that key to send A a message. In this example, we will suppose that
the message A sends to B is just a number. We assume that A and B have agreed on a method
to encode text as numbers. Here are the steps:

(1) Person A selects two prime numbers. We will use p = 23 and q = 41 for this
example, but keep in mind that the real numbers person A should use should be much
larger. (2) Person A multiplies p and q together to get pq = (23)(41) = 943. 943 is the
“public key”, which he tells to person B (and to the rest of the world, if he wishes). (3)
Person A also chooses another number e which must be relatively prime to (p − 1)(q −
e = 7.
1). In this case, (p −1)(q −1) = (22)(40) = 880, so we could choose the number
This number e is also part of the public key, so B also is told the value of e.
[See
footnote for a remark on why we’re using the number (p 1)(q 1).]
4

−−
(4) Now B knows enough to encode a message to A. Suppose, for this example, that the
message is the number M = 35.
7
(5) B calculates the value of C = Me(mod N ) = 35 (mod 943).
7
(6) 35 = 64339296875 and 64339296875(mod 943) = 545. The number 545 is the
encoding that B sends to A.
(7) Now A wants to decode 545. To do so, he needs to find a number d such that ed =
1(mod (p 1)(q 1)), or in this case, such that 7d = 1(mod 880). A solution is d =
−−
503, since 7 503 = 3521 = 4(880) + 1 = 1(mod 880).
×
503
(8) To find the decoding, A must calculate Cd (mod N) = 545 (mod 943). This looks
like
it will be a horrible calculation, and at first it seems like it is, but notice that 503 =
256 + 128 + 64 + 32 + 16 + 4 + 2 + 1 (this is just the binary expansion of 503). So
this means that

503 256+128+64+32+16+4+2+1 256 128 1

545 = 545 = 545 545 · · · 545 .
 The line above just uses basic rules about how exponents work. Now since we only care
about the result (mod 943), we can calculate all the parts of the product (mod 943). By
repeated squaring of 545, we can get all the exponents that are powers of 2. For example,
·
2
545 (mod 943) = 545 545 =
4 22
297025(mod 943) = 923. Then square again: 545 (mod 943) = (545 ) (mod 943) = 923
·
923 =
851929(mod 943) = 400, and so on. We obtain the following table:

17
Network Security and Cryptography (BTCS 701-18)

5451(mod 943) = 545

5452(mod 943) = 923
5454(mod 943) = 400
5458(mod 943) = 633
= 857
So the result we want is:
= 795 54516(mod 943)
54532(mod 943)
= 215 54564(mod 943)
545128(mod 943)
= 18 545256(mod 943)

= 324

545503(mod 943) = 324 · 18 · 215 · 795 · 857 · 400 · 923 · 545(mod 943) = 35.

Using this slightly tedious (but simple for a computer) calculation, A can decode B’s
message and obtain the original message N = 35. The fact that this actually works – that the
process in step.
 18
Network Security and Cryptography (BTCS 701-18)

Euler's Totient Function and Euler's Theorem

The Euler's totient function, or phi (φ) function is a very important number theoretic function
having a deep relationship to prime numbers and the so-called order of integers. The totient
φ(n) of a positive integer n greater than 1 is defined to be the number of positive integers less
than n that are coprime to n. φ(1) is defined to be 1. The following table shows the function
values for the first several natural numbers:

n φ(n) numbers coprime to n

111

211

3 2 1, 2

4 2 1,3

5 4 1,2,3,4

6 2 1,5

7 6 1,2,3,4,5,6

8 4 1,3,5,7

9 6 1,2,4,5,7,8

10 4 1,3,7,9

11 10 1,2,3,4,5,6,7,8,9,10

12 4 1,5,7,11

13 12 1,2,3,4,5,6,7,8,9,10,11,12

14 6 1,3,5,9,11,13
8

15 1,2,4,7,8,11,13,14
Can you find some relationships between n and φ(n)? One thing you may have noticed is
that: when n is a prime number (e.g. 2, 3, 5, 7, 11, 13), φ(n) = n-1.

19
Network Security and Cryptography (BTCS 701-18)

But how about the composite numbers? You may also have noticed that, for example, 15 = 3*5
and φ(15) = φ(3)*φ(5) = 2*4 = 8. This is also true for 14,12,10 and 6. However, it does not
hold for 4, 8, 9. For example, 9 = 3*3 , but φ(9) = 6 ≠ φ(3)*φ(3) = 2*2 =4. In fact, this
multiplicative relationship is conditional:
when m and n are coprime, φ(m*n) = φ(m)*φ(n).
The general formula to compute φ(n) is the following:
If the prime factorisation of n is given by n =p1e1*...*pnen, then φ(n) = n *(1 - 1/p1)* ... (1
- 1/pn).
For example:
∙9 = 32, φ(9) = 9* (1-1/3) = 6
∙4 =22, φ(4) = 4* (1-1/2) = 2
∙ 15 = 3*5, φ(15) = 15* (1-1/3)*(1-1/5) = 15*(2/3)*(4/5) =8
Euler’s theorem generalises Fermat’s theorem to the case where the modulus is not prime. It
says that:
if n is a positive integer and a, n are coprime, then aφ(n) ≡ 1 mod n where φ(n) is the Euler's
totient function.
Let's see some examples:
∙ 165 = 15*11, φ(165) = φ(15)*φ(11) = 80. 880 ≡ 1 mod 165
∙ 1716 = 11*12*13, φ(1716) = φ(11)*φ(12)*φ(13) = 480. 7480 ≡ 1 mod 1716 ∙
φ(13) = 12, 912 ≡ 1 mod 13
We can see that Fermat's little theorem is a special case of Euler's Theorem: for any prime n,
φ(n) = n-1 and any number a 0< a <n is coprime to n. From Euler's Theorem, we can easily get
several useful corollaries. First:
if n is a positive integer and a, n are coprime, then aφ(n)+1 ≡ a mod n.
This is because aφ(n)+1 = aφ(n)*a, aφ(n) ≡ 1 mod n and a ≡ a mod n, so aφ(n)+1 ≡ a mod n. From
here, we can go even further:
if n is a positive integer and a, n are coprime, b ≡ 1 mod φ(n), then ab ≡ a mod n.
If b ≡ 1 mod φ(n), then it can be written as b = k*φ(n)+1 for some k. Then ab = ak*φ(n)+1 =
(aφ(n))k*a. Since aφ(n) ≡ 1 mod n, (aφ(n))k ≡ 1k ≡ 1 mod n. Then (aφ(n))k*a ≡ a mod n. This is why
RSA works.
20