Cryptography

Set of Residues

The modulo operation creates a set, which in modular

arithmetic is referred to as the set of least residues
modulo n, or Zn.

Figure Some Zn sets

12/25/2023 2
 Inverses

When we are working in modular arithmetic, we often need to

find the inverse of a number relative to an operation. We are
normally looking for an additive inverse (relative to an addition
operation) or a multiplicative inverse (relative to a multiplication
operation).

12/25/2023 3
 Additive Inverse

In Zn, two numbers a and b are additive inverses of each other if

Note

In modular arithmetic, each integer has

an additive inverse. The sum of an
integer and its additive inverse is
congruent to 0 modulo n.
12/25/2023 4
 Multiplicative Inverse
In Zn, two numbers a and b are the multiplicative inverse of each
other if

Note

In modular arithmetic, an integer may or

may not have a multiplicative inverse.
When it does, the product of the integer
and its multiplicative inverse is
congruent to 1 modulo n.
12/25/2023 5
 Example
Find the multiplicative inverse of 8 in Z10.
Solution
There is no multiplicative inverse because gcd (10, 8) = 2 ≠ 1. In
other words, we cannot find any number between 0 and 9 such
that when multiplied by 8, the result is congruent to 1.
Example
Find all multiplicative inverses in Z10.

Solution
There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers
0, 2, 4, 5, 6, and 8 do not have a multiplicative inverse.
6
 Note

The extended Euclidean algorithm finds

the multiplicative inverses of b in Zn
when n and b are given and
gcd (n, b) = 1.
The multiplicative inverse of b is the
value of t after being mapped to Zn.

12/25/2023 7
 Fermat's Theorem
• ap-1 mod p = 1
– where p is prime and gcd(a,p)=1
• also known as Fermat’s Little Theorem
• useful in public key and primality testing

12/25/2023 8
 Euler Totient Function ø(n)
• when doing arithmetic modulo n
• complete set of residues is: 0..n-1
• reduced set of residues is those numbers
(residues) which are relatively prime to n
– eg for n=10,
– complete set of residues is {0,1,2,3,4,5,6,7,8,9}
– reduced set of residues is {1,3,7,9}
• number of elements in reduced set of residues
is called the Euler Totient Function ø(n)
12/25/2023 9
 Euler Totient Function ø(n)
• to compute ø(n) need to count number of
elements to be excluded
• in general need prime factorization, but
– for p (p prime) ø(p) = p-1
– for p.q (p,q prime) ø(p.q) = (p-1)(q-
1)
• eg.
– ø(37) = 36
– ø(21) = (3–1)×(7–1) = 2×6 = 12
12/25/2023 10
 Euler's Theorem
• a generalisation of Fermat's Theorem
• aø(n)mod n = 1
– where gcd(a,n)=1
• eg.
– a=3;n=10; ø(10)=4;
– hence 34 = 81 = 1 mod 10
– a=2;n=11; ø(11)=10;
– hence 210 = 1024 = 1 mod 11

12/25/2023 11
 Modular Exponentiation
5350 mod 7

1. 350= 256+64+16+8+4+2
(350)10 =(101011110)2

2. 52 mod 7 = 25 mod 7= 4
54 mod 7 = (52 )2 mod 7 = 16 mod 7 =2
58 mod 7 =(54 )2 mod 7 = 4 mod 7 =4
516 mod 7 = (58 )2 mod 7 = 16 mod 7 =2
564 mod 7 =(516)4 mod 7 = 16 mod 7 =2
5256 mod 7 =(564)4 mod 7 = 16 mod 7 =2

3. 5350 mod 7

=5256+64+16+8+4+2 mod 7
= 2.2.2.4.2.4 mod 7
= 256 mod 7
12/25/2023 12
=4
 Public-Key Cryptography
• probably most significant advance in the 3000
year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number theoretic
concepts to function
• complements rather than replaces private key
crypto
12/25/2023 13
 Security of Public Key Schemes
• like private key schemes brute force exhaustive
search attack is always theoretically possible
• but keys used are too large (>512bits)
• security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
• more generally the hard problem is known, but is
made hard enough to be impractical to break
• requires the use of very large numbers
• hence is slow compared to private key schemes

12/25/2023 14
 RSA
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key scheme
• uses large integers (e.g., 1024 bits)
• security due to cost of factoring large numbers

12/25/2023 15
 RSA Key Setup
• each user generates a public/private key pair by:
• selecting two large primes at random - p,q
• computing their system modulus n=p.q
-define ø(n)=(p-1)(q-1)
• selecting at random the encryption key e
• where 1<e<ø(n), gcd(e,ø(n))=1
• solve following equation to find decryption key d
– e.d=1 mod ø(n) and 0≤d≤n
• publish their public encryption key: PU={e,n}
• keep secret private decryption key: PR={d,n}

12/25/2023 16
 RSA Use
• to encrypt a message M the sender:
– obtains public key of recipient PU={e,n}
– computes: C = Me mod n, where 0≤M<n
• to decrypt the ciphertext C the owner:
– uses their private key PR={d,n}
– computes: M = Cd mod n
• note that the message M must be smaller
than the modulus n

12/25/2023 17
 Why RSA Works
• because of Euler's Theorem:
• aø(n)mod N = 1
– where gcd(a,N)=1
• in RSA have:
– N=p.q
– ø(N)=(p-1)(q-1)
– carefully chosen e & d to be inverses mod ø(N)
– hence e.d=1+k.ø(N) for some k
• hence :
Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))k =
M1.(1)k = M1 = M mod N
12/25/2023 18
 RSA Example - Key Setup
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x 10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}

12/25/2023 19
 RSA Example - En/Decryption
• sample RSA encryption/decryption is:
• given message M = 88
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88

12/25/2023 20
 https://www.chiragbhalodia.com/
12/25/2023 2021/09/rsa-algorithm-with-
example.html
 Exercise
• P and Q are two prime numbers. P=3, and
Q=11. Take public key e=3. If original message
is 00111011, then what will be cipher text
value and private key value according to RSA
algorithm? Again calculate plain text value
from cipher text.

12/25/2023 22
 Efficient Decryption
• decryption uses exponentiation to power d
– this is likely large, insecure if not
• can use the Chinese Remainder Theorem
(CRT) to compute mod p & q separately. then
combine to get desired answer
– approx 4 times faster than doing directly
• only owner of private key who knows values of
p & q can use this technique

12/25/2023 24
 RSA Security
• possible approaches to attacking RSA are:
– brute force key search (infeasible given size of
numbers)
– mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n)
– chosen ciphertext attacks (given properties of
RSA)

12/25/2023 25
Diffie-Hellman Key Exchange
Color Mixing Example
 The Problem of Key Exchange
• One of the main problems of symmetric key
encryption is it requires a secure & reliable
channel for the shared key exchange.

• The Diffie-Hellman Key Exchange protocol

offers a way in which a public channel can be
used to create a confidential shared key.
 A Difficult One-Way Problem
• The first thing we require is a simple real-
world operation that is easy to Do but hard to
Undo.
– You can ring a bell but not unring one.
– Toothpaste is easy to squeeze out of a tube but
famously hard to put back in.

• In our example we will use Mixing Colors.

– Easy to mix 2 colors, hard to unmix
Alice & Bob with Eve listening wish to make
a secret shared color
Step 1 - Both publicly agree to a shared
color
Step 2 - Each picks a secret color
Step 3 - Each adds their secret color to the
shared color
Step 4 - Each sends the other their new
mixed color
Each combines the shared color from the other
with their own secret color
Diffie-Hellman Key Exchange
Adding Mathematics
Discrete Logarithm Problem

for every integer a coprime to p, there is an integer k such that gk ≡ a (mod p).
Such k is called the discrete logarithm of a to the base g modulo p. g is the
primitive root.

Intuitively means that it’s hard to take logarithms

base g because there are many candidates.

12/25/2023 36
 primitive root modulo p

For a given prime number p, a primitive root g is an integer such that the set of
residues {g1 mod p,g2 mod p ,g3 mod p,…,gp−1 mod p} covers all integers from 1 to
p−1 (excluding p).

• The powers of g cover all residues modulo p, creating a complete set.

• g and p are coprime (their greatest common divisor is 1).

Example: Consider g=3,p=7:

1. 31 mod 7=3
2. 32 mod 7=2
3. 33 mod 7=6
4. 34 mod 7=4
5. 35 mod 7=5
6. 36 mod 7=1 (resets to 1)
g=3 is a primitive root because it generates all residues from 1 to p−1 without
repetition.

12/25/2023 37
• We will rely on the formula below being an
easy problem one direction and hard in
reverse.
• a = gk mod p
– Easy: given g, k, & p, solve for a
– Hard: given a, g, & p, solve for k
Pick g < p
• g must be a primitive root of p. (g <p)
• A primitive root generates the finite field p.
• Every n in {1, 2, …, p-1} can be written as gk mod p
• Example: 2 is a primitive root of 5
20 = 1 21 = 2 22 = 4 23 = 3 (mod 5)
Definition : A field is a nonempty set F of elements with two operations
“+” and “‧” satisfying the following axioms.
– (i) F is closed under + and ‧; i.e., a+b and a‧b are in F.
– (ii) Commutative laws: a+b=b+a, a‧b=b‧a
– (iii) Associative laws: (a+b)+c=a+(b+c) , (a‧b)‧c=a‧(b‧c)
– (iv) Distributive law: a‧(b+c) = a‧b + a‧c
– (v) (vi) Identity: a+0 = a , a‧1 = a for all a F. 0 ‧a = 0.
– (vii) Additive inverse (viii) Multiplicative inverse

12/25/2023 39
 Diffie-Hellman Setup
• all users agree on global parameters:
– large prime integer or polynomial q
– α a primitive root mod q
• each user (eg. A) generates their key
– chooses a secret key (number): xA < q
xA
– compute their public key: yA = α mod q
• each user makes public that key yA
 Diffie-Hellman Calculation

• shared session key for users A & B is KAB:

xA.xB
KAB = α mod q
xB
= yA mod q (which B can compute)
xA
= yB mod q (which A can compute)
• KAB is used as session key in private-key encryption scheme
between Alice and Bob
• if Alice and Bob subsequently communicate, they will have
the same key as before, unless they choose new public-
keys
• attacker know q and public key YA, not possible to
calculate private key XA, nor shared session key
 Alice & Bob have a shared encryption key,
unknown to Eve
• Alice & Bob have created a shared secret key,
s, unknown to Eve
• The shared secret key can now be used to
encrypt & decrypt messages by both parties.
 Example
1. Parameter Setup:
Choose, prime number p=23 and primitive root modulo p=5.
2. Private Key Generation:
– Alice chooses a private key a=6.
– Bob chooses a private key b=15.
3. Public Key Calculation:
– Alice calculates her public key A using the formula A=56 mod 23
A=8
– Bob calculates his public key B using the formula B=515 mod 23
B=19
4. Key Exchange:
– Alice and Bob exchange their public keys (8 and 19) over the insecure channel.
5. Shared Secret Calculation:
– Alice calculates the shared secret using Ba mod p
shared Secret key by Alice=196 mod 23
=2
– Bob calculates the shared secret using Ab mod p:
Shared Secret by Bob=815 mod 23
=2

6. Result:
Both Alice and Bob have the same shared secret (2) without exchanging their private keys over the insecure
12/25/2023 43
channel.
• In a public key cryptosystem using RSA,user
uses two prime numbers 5 and 7. He chooses
11 as encryption key, find out decryption key.
What will be the cipher text if plain text is 2?

12/25/2023 44
• Alice and Bob want to establish a shared secret key using Diffie-Hellman
key exchange. They agree on a prime number p = 17 and a primitive root g
= 3. Alice's private key a is 5, and Bob's private key b is 8. Calculate the
shared secret key.

12/25/2023 45