Class Notes for Cryptologic Mathematics (FYS 100) Tim McDevitt Frank Arnold (2012) ELIZABETHTOWN COLLEGE E-mail address: [email protected] August 27, 2013 Contents Preface vii Introduction 1 0.1. What is Cryptology? 1 0.2. Types of Ciphers 3 0.3. Mathematical Ciphers 6 0.4. Types of Cryptologic Attacks 7 0.5. Notation and Terminology 7 Exercises 8 Chapter 1. Modular Arithmetic 11 1.1. Fundamental Theorem of Arithmetic 11 1.2. Greatest Common Divisors 12 1.3. Euclidean Algorithm 12 1.4. Extended Euclidean Algorithm 14 1.5. Relatively Prime Numbers 15 1.6. Modular Arithmetic 15 1.7. Solving Linear Congruences 19 1.8. Additive Cipher 23 1.9. Cryptanalysis of the Additive Cipher 25 1.10. Affine Cipher 27 1.11. Cryptanalysis of the Affine Cipher 27 Exercises 28 Chapter 2. Probability 33 2.1. Counting 33 2.2. Probability 36 2.3. Index of Coincidence 39 2.4. Vigenère Cipher 41 Exercises 45 Chapter 3. Recursion 49 3.1. Recursion 49 3.2. Binary Arithmetic 50 3.3. Data as Bits 51 3.4. Encryption of Binary Data 52 3.5. Linear Feedback Shift Registers 53 Exercises 55 Chapter 4. Matrices 57 4.1. Matrix Arithmetic 57 4.2. Hill Cipher 60 4.3. Cryptanalysis of the Hill Cipher 61 Exercises 64 v vi CONTENTS Chapter 5. Modular Exponentiation 67 5.1. Square and Multiply Algorithm 67 5.2. Mathematical Induction 68 5.3. Euler Phi Function 69 5.4. Fermat’s Little Theorem 72 5.5. Euler’s Theorem 75 5.6. Diffie-Hellman Key Exchange 76 5.7. RSA Encryption 78 Exercises 79 Bibliography 83 Preface The first author has taught cryptology as a First-Year Seminar at Elizabethtown College for several years using Robert Lewand’s fine book [4]. However, less than half of the author’s students are math or science majors, so Lewand’s rigorous approach is often under-appreciated. These notes follow much of the same material, but they rely fairly heavily on student intuition instead of rigorous proof, as is usually done in calculus courses. Proofs or arguments are reserved for those situations where results are not intuitively clear to the students. For instance, students don’t struggle with the transitivity of divisibility for integers (if a b and b c, then a c), but Fermat’s little theorem requires a proof. Other situations warrant justifications thatj fall shortj of proofs,j but are still convincing to students. For example, we don’t formally prove that the Euclidean algorithm always finds the gcd of two positive integers, but we demonstrate that it has to work with “generalizeable examples”. Since our audience includes first-year students who are not math or science majors, we have tried to minimize the use of terminology and mathematical jargon. Students interested in more details should consult textbooks on number theory or algebra, or just wait patiently for an opportunity to take those courses. The second author is a former (2008) student of this course who has provided a student’s perspective on the presentation of the material. As a result, the style of writing is informal in an attempt to teach some math and to develop enthusiasm for cryptology. Please note that this text does not address the history of cryptology in a systematic way so that we can focus on the mathematics. Students of cryptology should appreciate the impact of cryptology on historical events, but that knowledge will have to be obtained from other sources (c.f. [3] and [10]). Throughout the notes are several hyperlinks to Mathematica notebooks that are helpful for cryptologic calculations or for demonstrating mathematical concepts. The entire set of notebooks can be found at users.etown.edu/m/mcdevittt/. The file cipher.nb contains code that implements most of the encryption algorithms in the book. Readers may also enjoy using the FREE software package ECrypt(www2.etown.edu/ ECrypt/ECrypt.htm ). The current (2013) version of ECrypt is a .jar file, so it should be platform indepen- dent, provided that your computer has Java installed. ECrypt doesn’t have to be installed; just download it and run it. It has a graphical user interface (GUI) that enables users to easily implement the crypto- graphic algorithms in this course. It also provides special tools for cryptanalysis, a recursive calculator, and a calculator for modular arithmetic. Future versions of this book will have chapters dedicated to elliptic curves and to the encryption and cryptanalysis of historical ciphers applied to image and sound files as described in [5]. vii Introduction 0.1. What is Cryptology? Classically, cryptology was used to send and receive secret messages and its users were often military leaders or diplomats. For Admiral Alice to send General Bob a secret message, she would have to encrypt or encipher her message using a method that she and Bob had previously agreed upon. When Bob receives the message, he has to decrypt or decipher her message to read it. Often, the method of encryption would rely on a key - some special number(s) or word(s) that only Alice and Bob know. Prior to the computer age, encryption methods were relatively simple, not explicitly mathematical, and often not very secure. Messages were relatively short and there was very little systematic research certifying the security of cryptologic methods. Today, however, messages can be very long. As of this writing (2010), a typical JPEG file from a digital camera is over 1 MB, which is roughly equivalent to a text file of a million characters. Contemporary encryption methods tend to use very sophisticated mathematics and there is a great deal of systematic research. The US Department of Commerce certifies certain algorithms so that users can be confident that their communications are secure, and these algorithms can be very complicated.1 In addition to the transmission and reception of secret messages, modern cryptology also involves less well- known operations such as key exchange, digital signatures, random number generation, hashing, etc..., but this book focuses, for the most part, on mathematical versions of historical methods. These methods require what is probably unfamiliar mathematics and, although they are no longer useful, they evolved into today’s methods so it is still useful to be familiar with them. The only exception is our dicussion of public key systems, which currently enjoy widespread use. Another important difference between classical and modern cryptography is frequency of use. In the past, the average individual had no practical reason to encrypt messages, but today we all use cryptographic algorithms without even knowing it when we use our cell phones or email or make online purchases. There- fore, modern cryptology is directly applicable to our daily lives in very important ways. Finally, the nature of characters in encryption algorithms has changed in modern times. In the past, messages were composed using characters from a fixed alphabet, so, for example, two English speakers might use a 26-letter alphabet abcdefghijklmnopqrstuvwxyz, or they might use a 52-letter alphabet that includes capital letters, or they might include digits and punctuation. In this course, we will frequently assume a 26-letter alphabet. Computers store files in terms of bits that we can regard as an alphabet of only two characters: 0 and 1. This includes Word R , and Excel R documents, JPEG images, MPEG movies etc... Modern encryption algorithms operate at the bit level on a computer, so all computer files can be encrypted in the exact same way, regardless of how we interpret those bits as text, pictures, movies, etc... Cryptology is an umbrella term for cryptography and cryptanalysis. Cryptography involves the creation and use of algorithms that pass private information between two parties with the goal of obscuring the 1For example, see the NIST document FIPS 197 that takes 51 pages to describe AES. The good news is that the description is very good and very clear, unlike IRS documents. 1 2 INTRODUCTION Figure 0.1: Can you read the message hidden in this poem that is revealed by the stencil? information from unintended recipients. Classically, users might hope that adversaries would not know what encryption algorithms were being used, but that is an unrealistic expectation today. Today, we have to assume that adversaries know what algorithms we are using, so the security of a method depends entirely on the difficulty of recovering the secret key. Symmetric, or private key, systems, require both sender and receiver to know the same secret key, but modern public key systems enable parties to communicate securely without previously establishing a secret key. Cryptanalysis is the study of cryptographic algorithms with the intent of recovering secret messages without knowing the secret key. We can think of cryptanalysis as the activity of an adversary who obtains an encrypted message and tries to recover the original message without knowing the key, but cryptanalysis could also be the activity of an analyst who is studying the security of a given method. Loosely speaking, we can think of cryptographers as the defense and cryptanalysts as the offense, but both sides must know what the other is capable of to do their jobs properly. We also want to distinguish cryptography from steganography, which seeks to hide the very existence of a message. For example, the children’s activity of writing a note in invisible ink is an example of steganog- raphy as is the use of a stencil to hide a message in a book. (See Figure 0.1.) Of course, steganography can be combined with cryptography to provide extra security. Although steganography can be very interesting, we won’t discuss it in this book.