Affine Cipher Project 1 Introduction

Aﬃne Cipher Project

141KECBZ0H5CRK1HUZK1CGPCR.5PUGUZU1WCU.CM1CUBHUCAK.6.Z5WCP1RK1UCH5 WC0EPU1KECU.C141KEC.UB1KXC,,RBHKV1PCWGRQ15P7CHCUHV1C.6CU9.CRGUG1P

Directions: • Answer all numbered questions completely. • Show non-trivial work, and put your ﬁnal answer in the box provided.

• Questions without boxes should be answered in complete sentences in the space provided.

1 Introduction

Cryptography is the study of secret codes, or the secure transmission of information that nobody except the desired recipient can read. By the end of this project, you will be able to decipher the quote printed above. The mathematical study of ciphers will lead us through a world in which the number line is a closed curve, and fractions do not exist.

This project is designed to help you to: • read and understand deﬁnitions and notation

• observe patterns and generalize • think logically, analytically, and abstractly • express problems and solutions precisely

• follow examples • combine ideas to solve problems and create applications

1 2 Caesar Cipher

A cipher is a function or algorithm for translating plaintext into encrypted ciphertext. Throughout history, governments and merchants have used ciphers to safely transmit sensitive information.

Julius Caesar is said to have use a simple system of substituting each letter with the letter 3 spots over, wrapping around the alphabet if necessary. Here is the mapping: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Space and punctuation are discarded. The message “POMPEY” gets encrypted to “SRPSHB”. To decrypt a message, the recipient just inverts the process.

1. Encrypt the plaintext “ATTACKATDAWN”.

2. Decrypt the ciphertext “WKHTXLFNEURZQIRAMXPSVRYHUWKHODCBGRJ”.

3. There is nothing special about a shift of three. Encrypt “ATTACKATDAWN” using a shift of ﬁve.

4. There are 26 letters in the alphabet, so a shift of 13 can be repeated to restore the original plaintext. This is known as the ROT13 system, and is used modern-day to hide answers, punchlines, and spoilers. Use ROT13 to decode the answer:

Is it right to pay taxes to Caesar or not? TVIRGBPNRFNEJUNGVFPNRFNEF

2 3 Modular Numbers: Zn

Think about the numbers on a clock, except replace the 12 with a zero. This set of numbers is called Z12.

Z12 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}

Notice that this is a discrete set of integers. We will not be interested in fractional values between them. Starting at zero, what happens if you make one complete revolution? You might say that 12 hours have passed, but the hand points to 0. Since the clock position of 12 and 0 is the same, we say these numbers are equivalent. Similarly, 13 is equivalent to 1, 14 is equivalent to 2, etc. (think about military time). Mathematically, we write

12 (mod 12) = 0 13 (mod 12) = 1 14 (mod 12) = 2

We can also describe the equivalence using a triple-equal sign:

12 ≡ 0 (mod 12) 13 ≡ 1 (mod 12) 14 ≡ 2 (mod 12)

We’re just using the cyclical pattern to equate numbers that occur 12 units apart. We call 12 the base. You can add or subtract the base to get equivalent numbers. For example, to ﬁnd numbers equivalent to 8 (mod 12), start at 8 and repeatedly add or subtract 12. These are all equivalent:

−4 ≡ 8 ≡ 20 ≡ 32 (mod 12) since they correspond to the same position on the clock. Numbers that are equal in this way are referred to as aliases or members of the same equivalence class. You evaluate a number (mod 12) by ﬁnding out the position (between 0 and 11) that it is equivalent to. For example, to evaluate 27 (mod 12), start at 27 and repeatedly subtract 12 until you get inside Z12. The answer is 3, which we write by saying

27 (mod 12) = 3

We could also write 27 ≡ 3 (mod 12). Hence 27 is an alias of 3.

3 5. Evaluate the following.

(a) 18 (mod 12) (d) −3 (mod 12)

(b) 37 (mod 12) (e) 124 (mod 12)

6. List 4 aliases of 7 (mod 12).

7. True or false?

(a)3 ≡ 39 (mod 12) (c) 18 ≡ 48 (mod 12)

(b) 17 ≡ 125 (mod 12) (d) −33 ≡ 51 (mod 12)

8. If x ≡ y (mod 12) then you know that the diﬀerence, x − y, is divisible by .

9. You know that 27 (mod 12) = 3. What is the remainder when you divide 27 by 12 ? .

There is nothing special about 12. For example, we could work in base 7, where the universe of numbers is

Z7 = {0, 1, 2, 3, 4, 5, 6}

4 Zn always goes from zero up to n − 1 (one less than the base). Reducing an integer to its equivalent member of Z7 works the same as it did in base 12. For example,

11 (mod 7) = 4 or put another way 11 ≡ 4 (mod 7) since 11 and 4 are 7 units apart. Also, notice that 4 is the remainder when you divide 11 by 7. As another example, let’s evaluate −13 (mod 5). Start at -13, and repeatedly add 5 until you’re in Z5 = {0, 1, 2, 3, 4}. −13, −8, −3, 2 Therefore we know that −13 (mod 5) = 2. You can get this answer in Excel; click on a cell and type:

=mod(-13,5) Notice that -13 and 2 are 15 units apart. In general, two numbers are aliases if the diﬀerence between them is a multiple of the base.

10. Evaluate mod the given base:

(a) 9 (mod 5) (f) 24 (mod 3)

(b) −4 (mod 17) (g) 24 (mod 4)

(h) −14 (mod 5) (d) 56 (mod 26)

(e) 27 (mod 6) (i) −14 (mod 7)

11. True or false?

(a)3 ≡ 31 (mod 7) (c)3 ≡ 31 (mod 4)

(b)3 ≡ 31 (mod 5) (d) 119 ≡ 0 (mod 13)

12. List 4 aliases of 1 (mod 26).

5 4 Addition and subtraction

Addition can be visualized as a clockwise rotation around the Zn clock. Subtraction moves counter-clockwise. In general, add or subtract as usual, and then reduce the answer modulo the base. For example:

5 + 11 (mod 12) = 16 (mod 12) = 4

It looks strange to say that 5 + 11 = 4, but it should make sense given the cyclic nature of these number systems. If you start at 5 o’clock and add 11 hours, then the clock reads 4 o’clock. Subtraction works similarly:

7 − 22 (mod 12) = −15 (mod 12) = 9

13. Do the following arithmetic:

(a) 4 + 5 (mod 7) (e) 10 + 20 (mod 26)

(b) 1 + 1 (mod 2) (f) 10 − 20 (mod 26)

(d) 13 + 7 (mod 5) (h) 12 + 12 + 12 + 12 (mod 41)

You can do simple algebra in modular arithmetic, but make sure your answer is within the correct range. For example, let’s solve: x + 7 ≡ 4 (mod 9) Subtract 7 from both sides to get x = −3, but it’s not quite right since we only accept answers that lie in the set Z9 = {0, 1, 2, ··· , 8}. Realizing that −3 ≡ 6 (mod 9), the correct answer is x = 6. You can check your answer by verifying that 6 + 7 (mod 9) = 13 (mod 9) = 4

14. Solve each equation. List all possible answers in Zn where n is the base.

(a)8+ x ≡ 3 (mod 12) (c) 35 + x ≡ 0 (mod 41)

(b) x − 7 ≡ 5 (mod 17) (d) x + x ≡ 4 (mod 12)

6 5 Caesar Cipher Revisited

The Caesar cipher can be described in terms of modular arithmetic. Imagine a 26 position clock, where each letter of the alphabet corresponds to a number in Z26.

Let x be the number corresponding to a plaintext letter, and y be the number corresponding to a ciphertext letter. For example, with a Caesar cipher shift of 3 positions, we may have ’J’ (x = 9) mapping to ’M’ (y = 12). Caesar’s encryption function can be written algebraically as:

y = f(x) = x + 3 (mod 26)

To be more general (pun intended), we could have an shift of b characters.

y = f(x) = x + b (mod 26)

Subtracting b from both sides, we see that the inverse function used to decrypt messages is

x = f −1(y) = y − b (mod 26)

For example, using b = 3, the map between plaintext ’J’ and ciphertext ’M’ is represented by:

y = f(9) = 9 + 3 (mod 26) = 12

x = f −1(12) = 12 − 3 (mod 26) = 9

15. Use the Caesar cipher with b = 7 to encrypt your “SHZA” name.

7 16. Is it true that f(x) = x + 13 (mod 26) is the same as f(x) = x − 13 (mod 26) ? Explain.

17. Write a function that is the same as f(x) = x − 10 (mod 26), but does not use subtraction.

8 6 Multiplication

After multiplying numbers in Zn, reduce result modulo the base. For example:

3 · 7 (mod 12) = 21 (mod 12) = 9 − 2 · 5 (mod 3) = −10 (mod 3) = 2

We can even set up a multiplication table like you did in elementary school, but this one will look a little diﬀerent. Here is the (mod 12) multiplication table: × 0 1 2 3 4 5 6 7 8 9 10 11 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 8 9 10 11 2 0 2 4 6 8 10 0 2 4 6 8 10 3 0 3 6 9 0 3 6 9 0 3 6 9 4 0 4 8 0 4 8 0 4 8 0 4 8 5 0 5 10 3 8 1 6 11 4 9 2 7 6 0 6 0 6 0 6 0 6 0 6 0 6 7 0 7 2 9 4 11 6 1 8 3 10 5 8 0 8 4 0 8 4 0 8 4 0 8 4 9 0 9 6 3 0 9 6 3 0 9 6 3 10 0 10 8 6 4 2 0 10 8 6 4 2 11 0 11 10 9 8 7 6 5 4 3 2 1 This table is symmetric, and you should notice lots of patterns. Let’s compute 9 · 7 (mod 12): • Reducing 63 (mod 12), we get that the answer is 3. • Alternatively, look up the answer in the table by ﬁnding the entry for the 9 row and the 7 column. Sure enough, the answer is 3. The table is also useful for solving simple equations. Here are some examples: • To solve 5x ≡ 4 (mod 12), look for a 4 in the 5 row. The only answer is x = 8. • To solve 3x ≡ 6 (mod 12), look for a 6 in the 3 row. This row repeats, and there are several answers: 2, 6, and 10. • To solve 3x ≡ 5 (mod 12), look for a 5 in the 3 row. There is no solution! Remember, fractions like 5/3 don’t exist.

9 18. Compute the following:

(a)7 · 4 (mod 12) (e)9 · 5 (mod 41)

(b)3 · 10 (mod 12) (f)3 · 4 (mod 2)

(d)5 2 (mod 11) (h)5 · (2 + 7) (mod 26)

19. Is multiplication commutative? Explain.

20. Use the table to solve the equation (if possible). List all solutions in Z12.

(a)7 x ≡ 2 (mod 12) (e)3 x ≡ 9 (mod 12)

(b)5 x ≡ 1 (mod 12) (f)9 x ≡ 3 (mod 12)

(d)3 x ≡ 8 (mod 12) (h) x2 ≡ 5 (mod 12)

21. Which rows in the mod 12 multiplication do not repeat (all entries are unique)?

22. Which rows in the mod 12 table contain a ’1’ ?

23. List the prime factors of 12.

10 24. Which non-zero numbers in Z12 have no prime factors in common with 12?

25. By hand, ﬁll in the (mod 7) multiplication table. × 0 1 2 3 4 5 6 0 1 2 3 4 5 6

26. Is there a ’1’ in each non-zero row of the (mod 7) multiplication table?

27. Solve the following:

(a)1 x ≡ 1 (mod 7) (c)3 x ≡ 1 (mod 7) (e)5 x ≡ 1 (mod 7)

(b)2 x ≡ 1 (mod 7) (d)4 x ≡ 1 (mod 7) (f)6 x ≡ 1 (mod 7)

11 Here are the Excel steps to create a Zn multiplication table. Instructions are for base 10, but you can easily adjust them for other bases. • Start a new sheet. • Type “0” in cell B1.

• Type “=B1+1” in cell C1. • Click on C1; drag the dark square at the southeast corner of that cell to the right until you get to 9. • Type “0” in cell A2.

• Type “=A2+1” in cell A3. • Click on A3; drag the dark square at the southeast corner of that cell down until you get to 9. • Type “=mod(B$1*$A2,10)” in cell B2. • Drag the dark square from B2 across that row (it should ﬁll in all zeros).

• Drag the dark square for B2, C2, ··· , K2 down to ﬁll out each column. • Put borders around the cells in your table before printing it out. You might need to use Excel’s shrink to ﬁt option when you print. Once you see how it’s done, a quicker way to see the table is to use this web app:

http://massey.limfinity.com/207/multtable.php

28. Create Zn multiplication tables for the following bases. Attach your printouts (shrink to ﬁt on a page).

(a) mod 15 (use Excel) (b) mod 26 (use web) (c) mod 41 (use web)

29. Each row of the multiplication tables either contains a ’1’, or it doesn’t. How does that relate to whether or not the row repeats?

30. Later on, we will want to choose a base so that each non-zero row of the multiplication contains a ’1’. Does the base have this feature?

(a) base 7 (c) base 15 (e) base 41

(b) base 12 (d) base 26

12 31. Make a hypothesis about what bases will have a ’1’ in each non-zero row. You may want to create a few more multiplication tables to conﬁrm your hypothesis.

32. Which rows of the mod 15 table do not repeat? How do they relate to the prime factors of 15?

33. Which rows of the mod 26 table do not repeat? How do they relate to the prime factors of 26?

13 7 Inverses (Division)

Remember that division is deﬁned as the inverse of multiplication. 1 12 ÷ 3 = 12 · = 4 3 Together, a number and its inverse must multiply to 1. For example, in normal arithmetic 1 3 · 3−1 = 3 · = 1 3 In modular arithmetic, fractions do not exist, so non-zero numbers are not guaranteed to have inverses. But many do, depending on what base you’re in. Consult this (mod 10) multiplication table: × 0 1 2 3 4 5 6 7 8 9 0 0 0 0 0 0 0 0 0 0 0 1 0 1 2 3 4 5 6 7 8 9 2 0 2 4 6 8 0 2 4 6 8 3 0 3 6 9 2 5 8 1 4 7 4 0 4 8 2 6 0 4 8 2 6 5 0 5 0 5 0 5 0 5 0 5 6 0 6 2 8 4 0 6 2 8 4 7 0 7 4 1 8 5 2 9 6 3 8 0 8 6 4 2 0 8 6 4 2 9 0 9 8 7 6 5 4 3 2 1

Let’s see if 3−1 exists (mod 10). In other words, try to solve 3x ≡ 1 (mod 10). From the table, you can observe that 3 · 7 ≡ 1 (mod 10). Since these two numbers multiply together to give 1, they are inverses.

3−1 (mod 10) = 7 7−1 (mod 10) = 3

Notice, however, that we are out of luck when we search for 2−1 (mod 10). There is no “1” in the 2 row, 1 because there is no solution to 2x ≡ 1 (mod 10). Remember that fractions like 2 aren’t allowed. Hence 2−1 (mod 10) does not exist. If we were in base 7 instead then you can check that 2 · 4 = 1 (mod 7) so that 2−1 (mod 7) = 4. Here are some more examples, for which you may refer to the multiplication tables.

• 7−1 (mod 11) = 8 since 7 · 8 ≡ 1 (mod 11) • 7 is its own inverse (mod 12). 7 · 7 ≡ 1 (mod 12) 7−1 (mod 12) = 7

• 7−1 (mod 13) = 2 since 7 · 2 ≡ 1 (mod 13) • 3 has no inverse (mod 12) since there is no number that multiplies by 3 to give 1.

• In base 10, all odd numbers except for 5 have multiplicitive inverses.

14 34. Find the inverse (mod 10) if it exists

(a)5 −1 (mod 10) (b)9 −1 (mod 10) (c)1 −1 (mod 10)

35. Find the following inverses if possible

(a)5 −1 (mod 7) (e)5 −1 (mod 12) (i) 10−1 (mod 26)

(b)3 −1 (mod 7) (f)5 −1 (mod 7) (j)1 −1 (mod 12)

(d)9 −1 (mod 12) (h)5 −1 (mod 26) (l) 10−1 (mod 41)

36. Is inversion a symmetric relationship? In other words, if a−1 = b does b−1 = a? Give an example.

37. Suppose 3 · 4 ≡ 1. What base must you be in?

38. Suppose you want to choose a base so that every non-zero number has an inverse. Then each row of the multiplication table must have a “1” in it. What numerical property must the base have?

15 8 Solving Equations in Zn It has been demonstrated that solutions to simple equations may not exist, or may not be unique. Fortunately, when the coeﬃcient of x has an inverse, a linear equation have a unique solution, and the inverse provides a means to ﬁnd it. For example, let’s solve 7x ≡ 11 (mod 15) by multiplying both sides by 7−1 (mod 15) = 13.

x ≡ 7−1 · 11 ≡ 13 · 11 ≡ 143 ≡ 8 (mod 15) Therefore x = 8 is the unique solution to this problem. You can check the answer by verifying that 7 · 8 ≡ 11 (mod 15). When no inverse exists, an equation may have multiple solutions, or none at all. For example 3−1 (mod 12) doesn’t exist. This equation: 3x ≡ 6 (mod 12) has several solutions (x = 2, 6, 10), but this one:

3x ≡ 7 (mod 12) has none. Regardless, you can get the solution(s) from the multiplication table.

39. Solve the equation if possible. List all solutions in Zn

(a)7 x ≡ 2 (mod 15) (i)3 x ≡ 6 (mod 7)

(b)7 x ≡ 2 (mod 26) (j) 7(x − 1) ≡ 3x + 1 (mod 12)

(d)4 x ≡ 2 (mod 7) (l) 3(x − 5) ≡ 13 (mod 26)

(e) 23x ≡ 4 (mod 41) (m)3 x + 1 ≡ 5 (mod 7)

(f)5 x − 7 ≡ 0 (mod 12) (n) 3(x + 1) ≡ 5 (mod 7)

(g)7 x ≡ 5 (mod 12) (o) 3(x + 1) ≡ 8x + 7 (mod 26)

(h)9 x + 10 ≡ 3 (mod 12) (p)2 x + 5 ≡ 4(2 − x) (mod 15)

16 9 Aﬃne Cipher

Remember the Caesar cipher function

y = f(x) = x + b (mod 26)

Instead of simply adding a shift, we could ﬁrst multiply x by some factor m. This generalization makes an aﬃne function: y = f(x) = mx + b (mod 26) where m 6= 0. For example, let’s choose m = 5 and b = 3, then the mapping looks like: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ 3 8 13 18 23 2 7 12 17 22 1 6 11 16 21 0 5 10 15 20 25 4 9 14 19 24 D I N S X C H M R W B G L Q V A F K P U Z E J O T Y

Starting with ’D’, you are marching around the alphabet clock with a spacing of 5 positions. Fortunately, there are no repeats, so the function is reversible. In fact, let’s solve for the inverse function. To do this, write down y = f(x), and solve for x.

y ≡ 5x + 3 (mod 26) y − 3 ≡ 5x (mod 26) 5x ≡ y − 3 (mod 26) 5−15x ≡ 5−1(y − 3) (mod 26)

Now use the fact that 5 · 21 ≡ 1 (mod 26) to say that 5−1 (mod 26) = 21. The inverse function is therefore: x = f −1(y) = 21(y − 3) (mod 26) Let’s check this formula. Consider the ciphertext letter ’F’, which corresponds to y = 5. The plaintext would be x = 21(5 − 3) (mod 26) = 42 (mod 26) = 16 and sure enough, x = 16 corresponds to the letter ’Q’.

17 40. Use y = 5x + 3 (mod 26) to encrypt “AFFINE”.

41. Suppose y = f(x) = 7x + 4 (mod 26).

(a) Find the inverse function x = f −1(y).

(b) Use the inverse to decrypt the word “GEAQ”.

42. Suppose you wanted to use the aﬃne cipher y = 2x + 3 (mod 26).

(a) Write out the map: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ ↓ 3 5 D F

(b) Why is this function unusable as a cipher?

18 10 Choosing a Base

It wouldn’t do any good to encrypt a message that could not be decrypted. Therefore any useful cipher function must have an inverse. We have previously alluded to the fact that some bases have these desirable properties: • There are no repeats in any of the non-zero rows. (multiplication is one-to-one)

• Each number in Zn appears in each non-zero row. (multiplication is onto)

• Each non-zero number in Zn has a multiplicitive inverse (there is a ’1’ in each row). You may have guessed that these are all true if and only if n is prime. Let’s see what that implies about a generic aﬃne cipher: y = f(x) = mx + b (mod n) If n is prime, then m−1 (mod n) exists and the cipher function is invertible:

y ≡ mx + b (mod n) y − b ≡ mx (mod n) mx ≡ y − b (mod n) m−1mx ≡ m−1(y − b) (mod n) x ≡ m−1(y − b) (mod n)

So the inverse function x = f −1(y) = m−1(y − b) (mod n) can be used to decrypt the ciphertext. We see now that n = 26 is not a good choice for the base. Let’s augment the Latin alphabet with numerals and punctuation characters to bring the total up to a prime number of n = 41.

A B C D E F G H I J K L M N O P Q R S T 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

U V W X Y Z 0 1 2 3 4 5 6 7 8 9 . ? , - 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

An underscore was inserted as character 0 to stand for a space.

43. If y = f(x) = 5x + 3 (mod 41), then (a) Find the decryption function f −1(y).

19 (b) Demonstrate how to decrypt the character ’K’.

(c) Use the web app http://massey.limfinity.com/207/affinecipher.php to decipher the quote at the beginning of this project.

44. Use the web app to send me an entertaining encrypted message. Tell me the cipher function, the decryption function, and the ciphertext.

20 11 Summary

We have seen how Zn and modular arithmetic provides a framework for abstracting the simple Caesar cipher:

y = x + 3 (mod 26) to create a more general affine cipher: y = mx + b (mod n) Mathematical analysis using functions and algebra allowed us to understand whether an inverse exists and how to find it. The field of cryptography is very rich and complex, and is ubiquitous in modern communications. You have now seen the tip of that iceberg.

Here are a couple of bonus problems:

45. Cryptoanalysis describes the techniques used to break encryptions. Suppose you have discovered that “XFW4H.WFN.WNV.Z” was encrypted with an aﬃne cipher (same 41 character alphabet as above), and that the ﬁrst and last letters of the plaintext are ’D’ and ’M’ respectively. Demonstrate how you can crack this important code.

46. Prove or disprove: there exists n > 2 such that the function f(x) = x2 (mod n) is invertible.