cryptography kinder garden number theory and classical cryptosystems

Cryptography Kinder Garden

Number theory and Classical Cryptosystems

Dr. Monther AldwairiNew York Institute of

Technology- Amman Campus10/10/2010

INCS 741: Cryptography

10/4/2009 1Dr. Monther Aldwairi

Basic Number Theory


Prime Numbers

DefinitionA number a >1 is a prime number if it is only

divisible by 1 and itself.Examples: 2, 3, 5, 7, 11, 13―Numbers that are not prime are composites = (ab)

TheoremEvery positive integer can be expressed as a unique

multiplication of prime numbers raised to different powers

Example 504=23327

CorollaryAssuming p is prime, If p|abc…z then p must

divide one of the factors a, b, c, …, z 10/4/2009 4Dr. Monther Aldwairi

Greatest Common Divisor (GCD)

DefinitionThe greatest common divisor of a and b is the largest

positive integer dividing both a and b and is denoted by gcd(a,b)

Examples: gcd(12,15)=3, gcd(13,7)=1―a and b are relatively prime if the gcd(a,b) =1

Euclidean AlgorithmSuppose a>b a =q1b + r1

b =q2r1 + r2

r1=q3r2 + r3 ,until

rk-1=qk+1rk ,then

gcd(a,b)=rk10/4/2009 5Dr. Monther Aldwairi

Congruence

Modulo operation6 mod 4 = 2 or 6 ≡ 2 (mod 4)read 6 is congruent to 2 mod 4

DefinitionLet a, r, m ∈ Ζ (where Ζ is a set of all integers)

and m≠0. a ≡ r (mod m), if m|(a – r)m is called the modulus.r is called the remainder‒ In other words, a and r differ by multiple of

ma = q · m + r 0 ≤ r < m10/4/2009 6Dr. Monther Aldwairi

Congruence /cont.

Propositions1. a ≡ a (mod m)2. a ≡ 0 (mod m) if and only if m|a3. a ≡ r (mod m) if and only if r ≡ a (mod m) 4. If a ≡ r and r ≡ c (mod m), then a ≡ c (mod

m)

Examples12 ≡ 7 mod 5 9 ≡ 3 (mod 6) if and only if 3 ≡ 9 (mod 6) 14 ≡ 8 and 8 ≡ 2 (mod 6), then 14 ≡ 2 (mod

m)10/4/2009 7Dr. Monther Aldwairi

Modular Arithmetic

Work on the set of integers mod m, denoted as Zm ={0,1,2,…, m-1} and perform addition, subtraction and multiplication with congruencies

PropositionLet a,b,c,d,m ∈ Ζ with m≠0. and suppose a ≡ b (mod m), and c ≡ d (mod m), thena+c ≡ b+d (mod m), a ‒ c ≡ b ‒ d (mod m), ac ≡

bd (mod m)If the result of addition or multiplication is larger

than m ‒ 1 take the ModulaExample: m = 9 Ζ9 = {0, 1, 2, 3, 4, 5, 6, 7, 8}6 + 8 = 14 ≡ 5 mod 96 × 8 = 48 ≡ 3 mod 910/4/2009 8Dr. Monther Aldwairi

Modular Arithmetic Properties Zm

1. The additive identity is 0: a + 0 = a2. The additive inverse of a is -a = m – a

s.t. a + (-a) ≡ 0 mod m3. Addition is closed i.e if a, b ∈ Ζm then a + b ∈ Ζm

4. Addition is commutative a + b = b + a5. Addition is associative (a + b) + c = a + (b + c)6. Multiplicative identity is 1: a × 1 ≡ a mod m7. The multiplicative inverse of a exists if gcd(a, m) = 1

anddenoted as a-1 s.t. a-1 × a ≡ 1 mod m8. Multiplication is closed i.e if a, b ∈ Ζm then a × b ∈ Ζm

9. Multiplication is commutative a × b = b × a10. Multiplication is associative (a × b) × c = a × (b ×

c)


Division

If a and m are relatively prime we can divide both sides of the congruence by a.

If gcd(a,m) =1 then their exist a multiplicative inverse for a mod m denoted as a-1.

Example: What does the division 4/5 mod 7 mean?

4/5 mod 7 ≡ 4 × 5-1 mod 7Does 5-1 mod 7 exist ?It exists because gcd(5,7) = 1.5-1 mod 7 = 3therefore, 4/5 mod 7= 4 × 3 = 12 mod 7 ≡ 5

mod 710/4/2009 10Dr. Monther Aldwairi

Linear Equations

PropositionLet a,b,c,m ∈ Ζ with m≠0If ab ≡ ac (mod m), Then b ≡ c (mod m)

only if gcd(a,m)=1Example: Solve 2x+11 ≡ 5 (mod 15)2x ≡ ‒6 (mod 15)gcd(2,15)=1 then division is allowedx ≡ ‒ 3 ≡ 12(mod 15)


Exponentiation

PropositionThe modulo operation can be applied whenever we

want(a + b) mod m = [(a mod m) + (b mod m) ] mod m(a × b) mod m = [(a mod m) × (b mod m) ] mod m

Exponentiation ExampleExample: 38 mod 7 = ?38 mod 7 = 6561 mod 7 = 2 since 6561 = 937 × 7 +

2.Or38 = 34 × 34 = 32 × 32 × 32 × 32

38 mod 7 = [(32 mod 7)×(32 mod 7)×(32 mod 7)×(32

mod 7)] mod 738 mod 7 = 2 × 2 × 2 × 2 mod 7 = 16 mod 7 = 210/4/2009 12Dr. Monther Aldwairi

Substitution Ciphers Monoalphabetic Ciphers

Classical Crypto Systems


Conventions

plaintext in lowercase and CIPHERTEXT in caps

Letters of the alphabet and assigned number as follows

Spaces and punctuation are omittedMakes decryption easierGives information about the structure of the messageSpaces would dominate the leter fequency counts10/4/2009 14Dr. Monther Aldwairi

Shift Cipher

• Shift each letter by k places, k is the keyLet P = C = K= Ζ26 and x ∈ P, y ∈ C, k ∈ KEncryption: y=Ek(x) = x + k mod 26.Decryption: x=Dk(y) = x ‒ k mod 26.

• When k = 3 the shift cipher is called Caesar Cipher.

• ExampleLet the key k = 3Plaintext : x = A T T A C K = (0, 19, 19, 0, 2, 10).Ciphertext : y = (0+3 mod 26, 19+3 mod 26, …) y = (3, 22, 22, 3, 5, 13) = D W W D F N


Attacks on Shift Cipher

• Known plaintext, chosen plain text or ciphertext easily break the Shift Cipher

• Ciphertext only; Eve has two choice1.Exhaustive search, only 25 possible

keys2.Frequency count if the message is long

enough– In english e is by far the most common

letter, then T,A,R,N,I,O, S.10/4/2009 16Dr. Monther Aldwairi

Affine Cipher

• The key k = (α, β) and α, β ∈ Ζ26

– Assume gcd(α,26)=1 – α ∈ {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}

• Encryption: Ek(x) = y = α · x + β (mod 26).• Example: k = (α, β) = (3, 2) y = 3x +2

Plaintext : X = A T T A C K = (0, 19, 19, 0, 2, 10).Ciphertext : Y = (3×0 + 2 mod 26, 3×19+2 mod

26, …) Y = (2, 7, 7, 2, 8, 6) = C H H C I G

• Decryption: Dk(y) = x = α -1 ( y – β) (mod 26).


Attacks on Affine Cipher• 12 choice of α and 26 choices for β 312 keys.• Ciphertext only: exhaustive search or frequency

analysis• Known plaintext: two letters in the plaintext and

corresponding ciphertext letters would suffice to find the key.Example : plaintext: IF=(8, 5) and ciphertext PQ=(15,

16)8 · α + β ≡ 15 mod 265 · α + β ≡ 16 mod 26 ⇒ α = 17 and β = 9

• Chosen plaintext ab y1 = α · 0 + β y2= α + β • Chosen ciphertext AB yields the decryption

function


Frequency Count Cryptanalysis

• key concept - monoalphabetic substitution ciphers do not change relative letter frequencies

• calculate letter frequencies for ciphertext compare counts/plots against known values


English Letters Frequencies


Ployalphabetic CiphersSubstitution Ciphers

Classical Crypto Systems


Ployalphabetic Ciphers

• Designed to flatten the frequency distribution by using multiple encryption functions

Example E1(x)= 3x (mod 26),

E2(x)=5x+13 (mod 26)

• Encrypt odd positioned letters using E1 and even positioned letters using E2

• Ultimately, have 26 different functions• Use a keyword to know what function to

use10/4/2009 22Dr. Monther Aldwairi

Vigenère Cipher• Multiple caesar ciphers• Use a key to select which alphabet is used for

each letter of the message– key is multiple letters long K = k1 k2 ... Kd

1.write the plaintext out2.write the keyword repeated above it with

numeral values3.use each key letter as a caesar cipher key4.encrypt the corresponding plaintext letter5.keyword deceptive (3,4,2,4,15,19,8,21,4)k: deceptivedeceptivedeceptivep: wearediscoveredsaveyourselfc: ZICVTWQNGRZGVTWAVZHCQYGLMGJ10/4/2009 23Dr. Monther Aldwairi

10/4/2009 Dr. Monther Aldwairi 24

Attacks on Vigenère Cipher

• Chosen plaintext will easily yield the key– Try aaaaaaa….–With enough known plaintext k=y-x

• Chosen ciphertext try AAAAA… results in key negative

• Known ciphertext only– Find the key length– Find the key


Finding The Key

• Write the ciphertext twice (under each other) with one shifted by the potential key length.

• Mark repeated letters (matching the letter below) and count the number of coincidences

• The shift with the most repeated coincidences is the best guess for the key length

• Now examine the frequencies for 1st , 10th , 19th … and 2nd, 11th,20th …


Shift

Shift of 4

ZICVTWQNGRZGVTWAVZHCQYGLMGJ


2

Shift 9



310/4/2009 Dr. Monther Aldwairi 27

Letter Frequencies in Cryptanalysis

• Most common letters in English e, t, a, o, i, n, s, h, r

• Other letters are fairly rare: z, q, x, j, k, v• Guess the most common such as E and

use it to figure the key• Verify the key is correct by making sure

rare letters have low frequencies• Tables of common pairs/triple letters?!


Letter Pairs Tables

• Entry 12 in row WR column means that combination appears 12 times

• Entry 14 in N row and W column means NW appears 14 times


W B R S I V A P N W 3 4 12 2 4 10 14 3 1 B 4 4 0 11 5 5 2 4 20 R 5 5 0 1 1 5 0 3 0 S 1 0 5 0 1 3 5 2 0 I 1 8 10 1 0 2 3 0 0 V 8 10 0 0 2 2 0 3 1 A 7 3 4 2 5 4 0 1 0 P 0 8 6 0 1 1 4 0 0 N 14 3 0 1 1 1 0 7 0

Letter Pairs (Digrams)

• Most common was W, B, R, S, I W=e• The vowels a, i, o tend to avoid each other‒ S, I, P

• 80% of letters that precede n are vowels (WSIP)‒ R, A

• The letter h often appears before e and rarely after it‒ N=h

• Most common combination is th‒ B=t

• Continue the analysis10/4/2009 30Dr. Monther Aldwairi

Transportation Ciphers

• An encryption in which the letters of the plaintext are rearranged.

• Columnar Transportation as an example• The plaintext are arranged into n rows

• The resulting ciphertext is formed by traversing the columns x1 x4 x7 x2 x1…

• Use key to rearrange columns10/4/2009 31Dr. Monther Aldwairi

Block Ciphers

• In Stream ciphers every letter plaintext corresponds to a letter in CIPHERTEXT such as shift and Affine

• Block ciphers encrypt a block of letters to overcome this problem.– DES operates on 64 bit and AES on 128 bit

blocks• Electronic Codebook (ECB) mode converts

a block of plaintext to a block of CIPHERTEXT independently and at onetime.

• Cipher Block Chaining (CBC) and Cipher Feedback (CFB) modes use feedback from cipher block to encrypt subsequent blocks.


Playfair Cipher /Key

• The key is a word with repeated letters removed– Schoolbus Scholbu

• A 5 × 5 matrix based on the key is constructed with the remaining alphabets with( i and j) treated as one letter.


s c h o l b u a d e f g i k m n p q r t v w x y z

Playfair Cipher/Ek(x)

• Remove spaces and divide plaintext into groups of two letters.– If double letters insert x and regroup– Add extra x to complete the last group?!– dinner is ready di nx ne ri sr ea dy

1. If both letters fall in the same row, replace each with letter to right – “ea" becomes“BD“

2. If both letters fall in the same column, replace each with the letter below it – “dy" encrypts as “KO“

3.Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair– “di" encrypts as “AK“10/4/2009 34Dr. Monther Aldwairi

Playfair Cipher Security

• Susceptible to frequency count attacks– Count common digrams! 26 × 26 = 676

digrams table– Corresponds to the English most common

digrams such as: th, he, an , in, re, es

• Each letter has only 5 possible corresponding ciphertext letters (4 in row and one below)

• Common pairs XY and YX giveup corners of rectangles with er and re (most common digrams)


Hill Cipher/Ek(x)

Example: Let n=3 and the key is an n × n matrix whose entries are integers in Ζ26.

and the plaintext be ABC = (0, 1, 2) then the encryption operation is a vector-matrix multiplication

AXW


Hill Cipher/Dk(y)

In order to decrypt we need the inverse of key matrix M, which is

Multiple the encrypted text by the inverse N

ABC


Matrix Inverse in mod m

For a matrix M to have in Inverse mod m.

gdc(Determinant(M), m) = 1

?


Hill Cipher Security

• CIPHERTEXT only is difficult!– Changing one letter in plaintext changes n

letters in CIPHERTEXT making frequency count less effective.

• Known plaintext attack can easily find M given n

• Chosen plaintext of baa.., abaa...,…, aa…b– i.e. chosentext = I– CIPHERTEXT=M

• Chosen CIPHERTEXT of BAA.., ABAA…,…, AA…B– i.e. CIPHERTEXT = I– plaintext=N


Shannon Properties of a Good Cryptosystem

• Diffusion– Changing one character in plaintext

results in several ciphertext changing and visa versa.

–Hill Cipher has that property• Confusion– The key doesn’t relate in a simple way to

ciphertext. Each character of the ciphertext should depend on several parts of the key.

– In Hill Cipher one character in ciphertext depends on a key matrix column10/4/2009 40Dr. Monther Aldwairi

One-Time Pads

• Unbreakable cryptosystem!• Represent the message as binary (ASCII)– Ek(x)=K+x mod 2– Ek(x)=K x– Decryption uses the same key Dk(y)=K y– Key is used once and discarded

• Unbreakable for a ciphertext only attack.• Known plain and cipher texts reveal the

one time key only. Which is never used again


One-Time Pad Issues

• Keys generation and exchange– Long and expensive to transmit– Pseudo random number generators are

not secure

• One way functions such as DES and SHA– xj=f(s+j) for j =1,2,3…

– bj is the least significant bit of xj.


cryptography kinder garden number theory and classical cryptosystems

Documents