1Mathematical Background:Modular ArithmeticECE 646 - Lecture 4Motivation:Public-key ciphers2RSA as a trap-door one-way functionMC = f(M) = Memod NCM = f-1(C) = Cdmod NPUBLIC KEYPRIVATE KEYN = P ⋅ QP, Q - large prime numberse ⋅ d ≡ 1 mod ((P-1)(Q-1))message ciphertextRSA keysPUBLIC KEYPRIVATE KEY{ e, N }{ d, P, Q }N = P ⋅ Qe ⋅ d ≡ 1 mod ((P-1)(Q-1))P, Q - large prime numbersgcd(e, P-1) = 1 and gcd(e, Q-1) = 1d:P, Q:N:e:3Mini-RSA keysPUBLIC KEYPRIVATE KEY{ e, N }{ d, P, Q }N = P ⋅ Q = 553 ⋅ d ≡ 1 mod 40P = 5 Q = 11gcd(e, 5-1) = 1 and gcd(e, 11-1) = 1d:P, Q:N:e: e=3d=27Mini-RSA as a trap-door one-way functionM=2C = f(2) = 23mod 55 = 8C=8M = f-1(C) = 827mod 55 = 2PUBLIC KEYPRIVATE KEYN = 5 ⋅ 115, 11 - prime numbers3 ⋅ 27 ≡ 1 mod ((5-1)(11-1))message ciphertext4Basic definitionsGeneral NotationZ – integers∀∃- there exists- for all∃!- there exists unique∈ - belongs to∉ - does not belong to5Divisibilitya | b iff ∃ c ∈ Z such that b = c ⋅ aa | b a divides ba is a divisor of ba | b a does not divide ba is not a divisor of bTrue or False?-3 | 18 14 | 7 7 | 63 -13 | 65 14 | 21 14 | 140 | 63 7 | 0 -5 | 0 0 | 06Prime vs. composite numbersAn integer p ≥ 2 is said to be prime if its only positivedivisors are 1 and p. Otherwise, p is called composite.Prime or composite?9 15 7 2 0 1 -13 103 1117 1239 See“The Prime Pages: prime number research, records, and resources”by Chris Caldwellhttp://www.utm.edu/research/primes/7Greatest common divisorGreatest common divisor of a and b, denoted by gcd(a, b),is the largest positive integer that divides both a and b.d = gcd (a, b) iff 1) d | a and d | b2) if c | a and c | b then c ≤ dgcd (8, 44) =gcd (-15, 65) =gcd (45, 30) =gcd (31, 15) =gcd (0, 40) =gcd (121, 169) =8Relatively prime integersTwo integers a and b are relatively prime or co-primeif gcd(a, b) = 1Properties of the greatest common divisorgcd (a, b) = gcd (a-kb, b)for any k ∈∈∈∈ Z9Quotient and remainderGiven integers a and n, n>0∃! q, r ∈ Z such thata = q⋅n + r and 0 ≤ r < nq – quotientr – remainder(of a divided by n)q = an= a div nr = a - q⋅n = a –an⋅n== a mod n32 mod 5 =-32 mod 5 =10Integers coungruent modulo nTwo integers a and b are congruent modulo n(equivalent modulo n) written a ≡≡≡≡ biffa mod n = b mod nora = b + kn, k ∈∈∈∈ Zorn | a - bLaws of modular arithmetic11Rules of addition, subtraction and multiplicationmodulo na + b mod n = ((a mod n) + (b mod n)) mod na - b mod n = ((a mod n) - (b mod n)) mod na ⋅ b mod n = ((a mod n) ⋅ (b mod n)) mod n9 · 13 mod 5 =25 · 25 mod 26 =12Laws of modular arithmeticModular additionModular multiplicationRegular additionRegular multiplicationa+b = a+ciffb=ca+b ≡ a+c (mod n)iffb ≡ c (mod n)If a ⋅ b = a ⋅ cand a ≠ 0thenb = cIf a ⋅ b ≡ a ⋅ c (mod n)and gcd (a, n) = 1thenb ≡ c (mod n)Modular Multiplication: Example18 ≡ 42 (mod 8)6 ⋅ 3 ≡ 6 ⋅ 7 (mod 8)3 ≡ 7 (mod 8)x6 ⋅ x mod 80 1 2 3 4 5 6 70 6 4 2 0 6 4 2x5 ⋅ x mod 80 1 2 3 4 5 6 70 5 2 7 4 1 6 313AlgorithmsEuclid’s Algorithmfor computing gcd(a,b)i-2-101…t-1trir-2= max(a, b)r-1= min(a, b)r0r1…rt-1 = gcd(a, b)rt=0qiq-1q0q1…qt-1 qi= ri-1riri+1= ri-1- qi⋅⋅⋅⋅ riri+1= ri-1mod ri14Euclid’s AlgorithmExample: gcd(36, 126)i-2-101rir-2= max(a, b) =126r-1= min(a, b) =36r0= 18 = gcd(36, 126)r1= 0qiq-1= 3q0= 2q1qi= ri-1riri+1= ri-1- qi⋅⋅⋅⋅ riri+1= ri-1mod riMultiplicative inverse modulo nThe multiplicative inverse of a modulo n is an integer [!!!]x such thata ⋅⋅⋅⋅ x ≡≡≡≡ 1 (mod n)The multiplicative inverse of a modulo n is denoted bya-1mod n (in some books a or a*).According to this notation:a ⋅⋅⋅⋅ a-1≡≡≡≡ 1 (mod n)15Extended Euclid’s Algorithm (1)i-2-101…t-1trir-2= nr-1= ar0r1…rt-1 rt=0xix-2=0x-1=1x0x1…xt-1xtqiq-1= n/aq0q1…qt-1 qi= ri-1riri+1= ri-1- qi⋅⋅⋅⋅ rixi+1= xi-1- qi⋅⋅⋅⋅ xiyi+1= yi-1- qi⋅⋅⋅⋅ yiyiy-2=1y-1=0y0y1…yt-1ytri= xi⋅⋅⋅⋅ a + yi⋅⋅⋅⋅ nrt-1= xt-1⋅⋅⋅⋅ a + yt-1⋅⋅⋅⋅ nExtended Euclid’s Algorithm (2)rt-1= xt-1⋅⋅⋅⋅ a + yt-1⋅⋅⋅⋅ nrt-1= xt-1⋅⋅⋅⋅ a + yt-1⋅⋅⋅⋅ n ≡≡≡≡ xt-1⋅⋅⋅⋅ a (mod n)If rt-1= gcd (a, n) = 1 thenxt-1⋅⋅⋅⋅ a ≡≡≡≡ 1 (mod n)and as a resultxt-1 = a-1mod n16Extended Euclid’s Algorithmfor computing z = a-1mod ni-2-101…t-1trir-2= nr-1= ar0r1…rt-1 = 1rt=0xix-2=0x-1=1x0x1…xt-1= a-1mod nxt= ±nqiq-1= n/aq0q1…qt-1 qi= ri-1riri+1= ri-1- qi⋅⋅⋅⋅ rixi+1= xi-1- qi⋅⋅⋅⋅ xiIf rt-1≠≠≠≠ 1 the inverse does not existNote: Extended Euclid’s AlgorithmExample z = 20-1mod 117i-2-101234rir-2= 117r-1= 20r0 = 17r1 = 3r2 = 2r3 = 1r4 = 0xix-2= 0x-1= 1x0 =-5x1 = 6x2 = -35x3 = 41 = 20-1mod 117x4 = -117qiq-1= 5q0 = 1q1 = 5 q2 = 1q3 = 2qi= ri-1riri+1= ri-1- qi⋅⋅⋅⋅ rixi+1= xi-1- qi⋅⋅⋅⋅ xiCheck:20 ⋅ 41 mod 117 = 117MotivationBreaking ciphersHistorical ciphersAffine Cipherci= f(mi) = k1⋅ mi+ k2mod 26mi= f-1(ci) = k1-1⋅ (ci- k2) mod 26Key = (k1, k2)k1, k2∈ [0, 25], gcd (k1, 26)=1Encryption transformation:Decryption transformation:Key:18Coding characters into numbersA ⇔ 0B ⇔ 1C ⇔ 2D ⇔ 3E ⇔ 4F ⇔ 5G ⇔ 6H ⇔ 7I ⇔ 8J ⇔ 9K ⇔ 10L ⇔ 11M ⇔ 12N ⇔ 13O ⇔ 14P ⇔ 15Q ⇔ 16R ⇔ 17S ⇔ 18T ⇔ 19U ⇔ 20V ⇔ 21W ⇔ 22X ⇔ 23Y ⇔ 24Z ⇔ 25Historical ciphersAffine Cipher – Example (1)ci= f(mi) = 3 ⋅ mi+ 11 mod 26mi= f-1(ci) = 9 ⋅ (ci- 11) mod 26Key = (k1, k2) = (3, 11)3, 11 ∈ [0, 25], gcd (3, 26)=1Encryption transformation:Decryption transformation:Key:because 3 ⋅ 9 mod 26 = 1k1-1= 3-1mod 26 = 919Historical ciphersAffine Cipher – Example (2)NSAencryption131803 ⋅ 13 + 11 mod 26 = 24coding decodingY3 ⋅ 18 + 11 mod 26 = 13N3 ⋅ 0 + 11 mod 26 = 11LHistorical ciphersAffine Cipher – Example (3)YNLdecryption2413119 ⋅ (24 – 11) mod 26 = 13coding decodingN9 ⋅ (13 – 11) mod 26 = 18S9 ⋅ (11 – 11) mod 26 = 0A20Ciphertext:FMXVE DKAPH FERBN DKRXR SREFM ORUDSDKDVS HVUFE DKAPR KDLYE VLRHH RHA B C D E F G H I J K L M N O P Q R S T U V W X Y ZR - 8D - 7E, H, K - 5Breaking the affine cipher (1)Step 1: Establish a relative frequency of letters in the ciphertextMost frequent single lettersAverage
View Full Document