ECE Lecture 5 Mathematical Background: Modular Arithmetic Motivation: Public-key ciphers RSA as a trap-door one-way function PUBLIC KEY message ciphertext M C = f(m) = M e mod N C RSA keys PUBLIC KEY PRIVATE KEY { e, N } { d, P, Q } M = f - (C) = C d mod N PRIVATE KEY N = P Q P, Q - large prime numbers e d º mod ((P-)(Q-)) P, Q: N: e: d: P, Q - large prime numbers N = P Q gcd(e, P-) = and gcd(e, Q-) = e d º mod ((P-)(Q-))
Mini-RSA keys PUBLIC KEY PRIVATE KEY { e, N } { d, P, Q } Mini-RSA as a trap-door one-way function PUBLIC KEY message ciphertext M= C = f() = 3 mod 55 = C= P, Q: N: P = 5 Q = N = P Q = 55 M = f - (C) = 7 mod 55 = e: gcd(e, 5-) = and gcd(e, -) = e=3 d: 3 d º mod d=7 PRIVATE KEY N = 5 5, - prime numbers 3 7 º mod ((5-)(-)) General Notation Z integers Basic definitions $ - there exists " - for all $! - there exists unique Î - belongs to Ï - does not belong to
Divisibility a b a divides b a is a divisor of a b iff $ c Î Z such that b = c a b True or False? -3 7 7 3-3 5 3 7-5 a b a does not divide b a is not a divisor of b Prime vs. composite numbers An integer p ³ is said to be prime if its only positive divisors are and p. Otherwise, p is called composite. See Prime or composite? 9 5 7 3 3 7 39 7 The Prime Pages: prime number research, records, and resources by Chris Caldwell http://www.utm.edu/research/primes 3
Greatest common divisor Greatest common divisor of a and b, denoted by gcd(a, b), is the largest positive integer that divides both a and b. d = gcd (a, b) iff ) d a and d b ) if c a and c b then c d gcd (, ) = gcd (-5, 5) = gcd (5, 3) = gcd (3, 5) = gcd (, ) = gcd (, 9) = Relatively prime integers Two integers a and b are relatively prime or co-prime if gcd(a, b) = Properties of the greatest common divisor gcd (a, b) = gcd (a-kb, b) for any k Î Z
Quotient and remainder Given integers a and n, n> $! q, r Î Z such that a = q n + r and r < n 3 mod 5 = -3 mod 5 = q quotient r remainder (of a divided by n) q = a n = a div n r = a - q n = a a n n = = a mod n Integers coungruent modulo n Two integers a and b are congruent modulo n (equivalent modulo n) written a º b iff a mod n = b mod n or a = b + kn, k Î Z or n a - b Laws of modular arithmetic 5
Rules of addition, subtraction and multiplication modulo n a + b mod n = ((a mod n) + (b mod n)) mod n a - b mod n = ((a mod n) - (b mod n)) mod n 9 3 mod 5 = 5 5 mod = a b mod n = ((a mod n) (b mod n)) mod n Laws of modular arithmetic Modular Multiplication: Example Regular addition a+b = a+c iff b=c Modular addition a+b º a+c (mod n) iff b º c (mod n) º (mod ) 3 º 7 (mod ) 3 º 7 (mod ) Regular multiplication If a b = a c and a ¹ then b = c Modular multiplication If a b º a c (mod n) and gcd (a, n) = then b º c (mod n) x x mod x 5 x mod 3 5 7 3 5 7 5 7 3
Euclid s Algorithm for computing gcd(a,b) Algorithms i - - q i q - q q r - = max(a, b) r - = min(a, b) r r + = - mod q i = - t- t q t- r t- = gcd(a, b) r t = + = - - q i Properties of the greatest common divisor Euclid s Algorithm Example: gcd(3, ) gcd (a, b) = gcd (a-kb, b) = gcd(b, a-kb) for any k Î Z gcd (-, ) = gcd(, - - q i ) = gcd(, + ) for any q i Î Z i - - q i + = - mod q r - = max(a, b) = q - = 3 q = r - = min(a, b) =3 r = = gcd(3, ) r = q i = - + = - - q i 7
Multiplicative inverse modulo n The multiplicative inverse of a modulo n is an integer [!!!] x such that a x º (mod n) The multiplicative inverse of a modulo n is denoted by a - mod n (in some books a or a * ). According to this notation: a a - º (mod n) i - - t- t q i Extended Euclid s Algorithm () q - = ë n/a û q q q t- r - = n r - = a r r = x i a + y i n r t- r t = x i x - = x - = x x x t- x t y i y - = y - = y y y t- y t r t- = x t- a + y t- n q i = - + = - - q i x i+ = x i- - q i x i y i+ = y i- - q i y i Extended Euclid s Algorithm () r t- = x t- a + y t- n Extended Euclid s Algorithm Example z = - mod 7 r t- = x t- a + y t- n º x t- a (mod n) If r t- = gcd (a, n) = then x t- a º (mod n) and as a result x t- = a - mod n
Extended Euclid s Algorithm for computing z = a - mod n Extended Euclid s Algorithm Example z = - mod 7 i - - t- t q i q - = ë n/a û q q q t- r - = n r - = a r r r t- = r t = x i x - = x - = x x x t- = a - mod n x t = ±n q i = - + = - - q i x i+ = x i- - q i x i i - - 3 q i q - = 5 q = q = 5 q = q 3 = r - = 7 r - = r = 7 r = 3 r = r 3 = r = x i q i = - x - = x - = + = - - q i x =-5 x i+ = x i- - q i x i x = x = -35 x 3 = = - mod 7 x = -7 Note: If r t- ¹ the inverse does not exist Check: mod 7 = Solving equations of the form a x º b mod n (linear congruences) The equation a x º b mod n has. one solution iff gcd(a, n) = x = a - b (mod n). no solutions iff d = gcd(a, n) ¹, and d b 3. d solutions iff d = gcd(a, n) ¹, and d b The solutions are x, x + n/d, x + n/d, x + 3 n/d,, x + (d-) n/d, where x = (a/d) - (b/d) (mod n/d) Solving equations of the form a x º b mod n (linear congruences) Case : Case : x n n Case 3: n/d x n/d n/d n 9
Substitution Ciphers (). Monalphabetic (simple) substitution cipher Motivation Breaking ciphers M = m m m 3 m.... m N C = f(m ) f(m ) f(m 3 ) f(m ).... f(m N ) Generally f is a random permutation, e.g., f = a b c d e f g h i j k l m n o p q r s t u v w x y z s l t a v m c e r u b q p d f k h w y g x z j n i o Key = f Number of keys =!» Monalphabetic substitution ciphers Simplifications () A. Caesar Cipher B. Shift Cipher c i = f(m i ) = m i + 3 mod m i = f - (c i ) = c i - 3 mod No key c i = f(m i ) = m i + k mod m i = f - (c i ) = c i - k mod Key = k Number of keys = Historical ciphers Affine Cipher Key: Key = (k, k ) k, k Î [, 5], gcd (k, )= Encryption transformation: c i = f(m i ) = k m i + k mod Decryption transformation: m i = f - (c i ) = k - (c i - k ) mod
Coding characters into numbers A Û B Û C Û D Û 3 E Û F Û 5 G Û H Û 7 I Û J Û 9 K Û L Û M Û N Û 3 O Û P Û 5 Q Û R Û 7 S Û T Û 9 U Û V Û W Û X Û 3 Y Û Z Û 5 Historical ciphers Affine Cipher Example () Key: Key = (k, k ) = (3, ) 3, Î [, 5], gcd (3, )= Encryption transformation: c i = f(m i ) = 3 m i + mod Decryption transformation: k - = 3 - mod = 9 because 3 9 mod = m i = f - (c i ) = 9 (c i - ) mod Historical ciphers Affine Cipher Example () Historical ciphers Affine Cipher Example (3) coding encryption decoding coding decryption decoding N 3 3 3 + mod = Y Y 9 ( ) mod = 3 N S 3 + mod = 3 N N 3 9 (3 ) mod = S A 3 + mod = L L 9 ( ) mod = A
Ciphertext: Breaking the affine cipher () Step : Establish a relative frequency of letters in the ciphertext FMXVE DKAPH FERBN DKRXR SREFM ORUDS DKDVS HVUFE DKAPR KDLYE VLRHH RH A B C D E F G H I J K L M N O P Q R S T U V W X Y Z R - D - 7 E, H, K - 5 Most frequent single letters Average frequency in a random string of letters: =.3 = 3.% Average frequency in a long English text: E 3% T, N, R, I, O, A, S %-9% D, H, L 3.5%-.5% C, F, P, U, M, Y, G, W, V.5%-3% B, X, K, Q, J, Z < % Most frequent digrams, and trigrams Digrams: TH, HE, IN, ER, RE, AN, ON, EN, AT Trigrams: THE, ING, AND, HER, ERE, ENT, THA, NTH, WAS, ETH, FOR, DTH Relative frequency of letters in a long English text by Stallings 7.5.5 3.5.5.75 3 3.5 7.75.5.5 3.75.75 7.75 7.5.75 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z.5.5 9.5 3.5.5.5.5.5
Character frequency in a long English plaintext Character frequency in a long English plaintext a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Character frequency in the corresponding ciphertext for a shift cipher Character frequency in the corresponding ciphertext for a general monoalphabetic substitution cipher a b c d e f g h i j k l m n o p q r s t u v w x y z a b c d e f g h i j k l m n o p q r s t u v w x y z Frequency analysis attack: relevant frequencies Breaking the affine cipher () abcde fgh ijk lm nopqrs tuvw xyz Long English text T a b c d e f g h i j k lm n o p q r s t u v w x y z Ciphertext of the long English text T abcde fgh Ijk lm nopq rs tuvw xyz Short English message M a b c d e f g h I j k lm n o p q r s t u v w x y z Ciphertext of the short English message M Step : Assuming the relative frequency of letters in the corresponding message, derive the corresponding equations Assumption: Most frequent letters in the message: E and T Corresponding equations: E R T D 7 9 3 f(e) = R f(t) = D f() = 7 f(9) = 3 3
Breaking the affine cipher (3) Step 3: Solving a set of equations for unknowns k and k f() = 7 f(9) = 3 k + k º 7 (mod ) 9 k + k º 3 (mod ) 5 k º - (mod ) 5 k º (mod ) Solving equations of the form a x º b mod n (linear congruences) The equation a x º b mod n has. one solution iff gcd(a, n) = x = a - b (mod n). no solutions iff d = gcd(a, n) ¹, and d b 3. d solutions iff d = gcd(a, n) ¹, and d b The solutions are x, x + n/d, x + n/d, x + 3 n/d,, x + (d-) n/d, where x = (a/d) - (b/d) (mod n/d) Solving equations of the form a x º b mod n (linear congruences) Case : Case : x n n Case 3: n/d x n/d n/d n Breaking the affine cipher () Step : Solving the equation of the form a x º b mod n for x = k gcd(5, ) = Thus, one solution 5 k º (mod ) k = (5 - ) mod = 7 mod = However, gcd(k, ) = Thus, ounitial assumption incorrect.