Math 373/578: Using matlab in Cryptography (Spring 2012) Place: Room 422, Armstrong Hall Preparations: (1) visit http://www.math.wvu.edu/~hjlai/Math373_Matlab/ and download all the files into a folder (Math373-Matlab) (2) Open Matlab, change the current directory to this folder. (Click the logo at the right end of "current Directory" for "Browse for folder", and change the folder). (3) Start working on the mathematics. (4) Ordinary Computations (Review) Example Compute 27 + 135=5. >> 2^7 + 135/5 ans = 155 Example Compute 11(126=(9 + 7) − 2(72=12)). >> 11*(126/9+7 - 2^(72/12)) ans = -473 p Example Compute 62 − 1024. >> 6^2 - \sqrt{1024} ans = 4 1 Part 1: Number Theory Basics (1) Factor 123456 into primes. factor(123456) (2) For x; y 2 Z − f0g, find gcd(x; y). gcd(x,y) Example: Find gcd(23456; 987654). gcd(23456, 987654) Ans = 2 Thus 2 = gcd(23456; 987654). (3) For x; y 2 Z − f0g, find u; v such that gcd(x; y) = ux + vy. [a,b,c]=gcd(x,y) Example: Find u; v such that gcd(23456; 987654) = 23456u + 987654v. >> [d,u,v]=gcd(23456, 987654) d = 2 u = -3158 v = 75 This means u = −3158 and v = 75. Thus 2 = gcd(23456; 987654) = 23456·(−3158)+987654·75. (4) Solve equation ax + by = 1 when (a; b) = 1. Example a = 65337 and b = 3511, what is the relationship between this problem and the example in (3)? [d,u,v]=gcd(65337, 3511) How do you interpret the answers? (5) Knowing n, we can find φ(n) and factor n by n = 1234567 eulerphi(n) factor(n) This can be used for deciphering an RSA coded message in the future. However, Matlab may have trouble factoring numbers bigger than 109. 2 Part 2: Operations involving integers modulo m (1) Given m > 1 and a 2 Z, find b 2 Z with 0 ≤ b < m such that a ≡ b (mod m). mod (a,m) (2) Given m > 1 and a; b 2 Z, find c 2 Z with 0 ≤ c < m such that a + b ≡ c (mod m). (Do the same for subtractions and multiplications) mod (a+b,m) (3) Find multiplicative inverse of a (mod m) (assuming that we have already known that a and m are relatively prime). Example: Find the multiplicative inverse of 8787 (mod 91919). >> powermod(8787, -1, 91919) ans = 71374 Thus 8787−1 ≡ 71734 (mod 91919). (4) Find multiplicative inverse of a (mod m) (assuming that we do not know if a and m are relatively prime). Example: Determine if 23456 has an inverse mod 987654, if it does, find it. >> [d,u,v] = gcd(23456, 987654) d = 2 u = -3158 v = 75 This means the gcd(23456; 987654) = 2, and so the inverse does not exist. Example: Determine if 23456 has an inverse mod 987651, if it does, find it. >> [d,u,v] = gcd(23456, 987651) d = 1 u = 256892 v = -6101 This means the gcd(23456; 987651) = 1 = 256892 · 23456 + (−6101) · 987651, and so 23456−1 ≡ 256892 (mod 987651). (5) Find modular exponentiation. Example: Compute 234567 (mod 9871) 3 >> powermod(234, 567, 9871) ans = 5334 Thus 234567 ≡ 5334 (mod 9871). (6) Solving equations. Example: Solve 7654x ≡ 2389 (mod 65537). What do we do? We first find the multiplicative inverse of the coefficient of x. >> powermod(7654, -1, 65537) ans = 54637 >> mod(ans*2389, 65537) ans = 43626 Thus the answer is x ≡ 43626 (mod 65537). (8) Computation modulo m (Reviews) Example Compute (234)(456) (mod 789). >> mod(234*456, 789) ans = 189 Example Compute 234 + 456 (mod 567). >> mod(234*456, 789) ans = 123 Example Compute 234567 (mod 9871). >> powermod(234, 456, 9871) ans = 5334 Example Compute multiplicative inverse of 8787 (mod 91919). >> powermod(8787, -1, 91919) ans = 71374 (9) Shift Ciphers and Affine Ciphers (A) Decoding with Shift-cipher Example Decrypt the Ceasar-encrypted message 'wklvverxogehtxlwhhdvb' 4 allshift('wklvvkrxogehtxlwhhdvb') wklvvkrxogehtxlwhhdvb xlmwwlsyphfiuymxiiewc ymnxxmtzqigjvznyjjfxd znoyynuarjhkwaozkkgye aopzzovbskilxbpallhzf bpqaapwctljmycqbmmiag cqrbbqxdumknzdrcnnjbh drsccryevnloaesdookci estddszfwompbfteppldj ftueetagxpnqcgufqqmek guvffubhyqordhvgrrnfl hvwggvcizrpseiwhssogm iwxhhwdjasqtfjxittphn jxyiixekbtrugkyjuuqio kyzjjyflcusvhlzkvvrjp lzakkzgmdvtwimalwwskq mabllahnewuxjnbmxxtlr nbcmmbiofxvykocnyyums ocdnncjpgywzlpdozzvnt pdeoodkqhzxamqepaawou qefppelriaybnrfqbbxpv rfgqqfmsjbzcosgrccyqw sghrrgntkcadpthsddzrx thisshouldbequiteeasy uijttipvmecfrvjuffbtz vjkuujqwnfdgswkvggcua A study of the output indicates that the plain text should be 'thisshouldbequiteeasy' or 'this should be quite easy' (B) Using Affine cipher to encode plain text. Example Encrypt the plain text 'meetmeinstlouis' with an affine cipher E3;7(x) ≡ 3x + 7 in Z26. >> affinecrypt('meetmeinstlouis', 3, 7) ans = rttmrtfujmoxpfj (C) Using Affine cipher to decrypt cipher text. Example The cipher text 'rttmrtfujmoxpfj' was encrypted using the affine function 3x + 7 in Z26. Decrypt it. (Step 1:) Solve y ≡ 3x + 7 (mod 26) for x. Since 1 = gcd(3; 26) = (9)(3) + (−1)(26), 3−1 ≡ 9 (mod 26). As (9)(7) ≡ 63 ≡ 11 (mod 26), multiplying both sides of the equation by 9 to get 9y ≡ x + 11 (mod 26), and so x ≡ 9y − 11 ≡ 9y + 15 (mod 26). This can also be done by using matlab: >> powermod(3, -1, 26) 5 and = 9 >> mod(-9*7, 26) ans = 15 (Step 2) Knowing that the decrypt function is x ≡ 9y + 15, we can decrypt the message by >> affinecrypt('rttmrtfujmoxpfj', 9, 15) ans = meetmeinstlouis 6 Part 3: Numbers with different bases (1) Converting and Base-b number to a base-10 number To convert a base-b number n = (dk−1dk−2 ··· d1d0)b to base-10, by definition, the answer is k−1 k−2 n = n = dk−1b + dk−2b + ··· + d1b + d0: Example Convert a number-26 number (HP AC)26 to base-10. We can first get the corre- sponding numerical values H = 7;P = 15;A = 0 and C = 2, and get the answer by >> n = 7*26^3 + 15*26^2 + 2 n = 133174 (2) Converting and Base-10 number to a base-b number Example Convert the base-10 number n = 133174 to base-26. >> n = 133174 n = 133174 >> d0 = mod(133174, 26) d0 = 2 >> n1 = (n - 2)/26 n1 = 5122 >>d1 = mod(n1, 26) d1 = 0 >> n2 = (n1 - 0)/26 n2 = 197 >>d2 = mod(n2, 26) d2 = 15 >> n3 = (n2 - 15)/26 n3 = 7 >>d3 = mod(n3, 26) d3 = 7 Thus the answer is n = (7 15 0 2)26 = (HP AC)26. (3) Operations of base-b numbers There are many ways to perform the operations of base-b numbers. One way to use matlab is 7 to first convert the base-b numbers to base-10, and use matlab to do the operations, then use matlab to convert the answers back to base-b. Example Multiply HE by IS in Z26. Step 1: Convert HE = 7(26) + 4 = 186 and IS = 8(28) + 18 = 226. Step 2: Compute the base-10 multiplication. Step 3: Convert the answer back to Base-26. 8 Part 4: Discrete Log and RSA (1) Find a Primitive Root Example Find a primitive root for the prime p = 65537 >> primitiveroot(65537) ans = 3 Thus 3 is a primitive root for 65537. (Remark: the function "primitiveroot" finds the small- est primitive root of the input number.) 13 (2) Example: Computing Discrete Log Find ind2 (7), or log2(7) (mod 13). For n = 1:12; a = powermod(2,n,13); if a == 7; disp(n); end end n = 11 Therefore, log2(7) = 11 (mod 13). This can be verified by >> powermod(2,11,13) ans = 7 (3) Example: Pohlig-Hellman Exponentiation Cipher Choose p = 263; e = 73. Note that φ(263) = 262, and Euclidean Algorithm gives gcd(262; 73) = (−61)(73) + (17)(262) = 1. >> [a,b,c] = gcd(73, 262) a = 1 b = -61 c = 17 Thus d = −17 ≡ 201 (mod 262) For the cipher text c = (246; 18; 156; 0; 256; 127; 18; 156; 96; 256; 235; 0; 132; 68), which will be decrypted by m = f −1(c) ≡ cd (mod 262). (Use powermod, for example). (Note: try to use positive d. Using negative d would sometimes cause computation errors). >> d=201 d = 201 9 >> p=263 p = 263 >> c = [246 18 156 0 256 127 18 156 96 256 235 0 132 68] c = Columns 1 through 5 246 18 156 0 256 Columns 6 through 10 127 18 156 96 256 Columns 11 through 14 235 0 132 68 >> m = powermod(c, d, p) m = Columns 1 through 5 19 17 4 0 18 Columns 6 through 10 20 17 4 8 18 Columns 11 through 14 11 0 13 3 This process gives 246201 ≡ 19; 18201 ≡ 17; 156201 ≡ 4; 0201 ≡ 0; 256201 ≡ 18; 127201 ≡ 20; 18201 ≡ 17; 156201 ≡ 4; 96201 ≡ 8; 256201 ≡ 18; 235201 ≡ 11; 0201 ≡ 0; 132201 ≡ 13; 68201 ≡ 3: and so the cipher text is (19; 17; 4; 0; 18; 20; 17; 4; 8; 18; 11; 0; 13; 3), which means, with Z26 al- phabet, treasure island. (4) Example: Diffie-Hellman Key Exchange Let p = 907, a = 2, x = 32 and y = 153. To find the exchange key, compute x ≡ 319 ≡ 3 >> p = 907 p = 907 >> a = primitiveroot(p) a = 2 >> x = 32 x = 32 >> xx = powermod(a, x, p) xx = 311 >> y = 153 y = 153 >> yy = powermod(a, y, p) 10 yy = 633 Thus x ≡ 232 ≡ 311 and y ≡ 2153 ≡ 633 (mod 907), and so the common key can be computed by k = xy (mod p) >> k = powermod(xx,y,p) k = 121 or by k = yx (mod p) >> k = powermod(yy,x,p) k = 121 (5) Example: Finding p and q when given n = pq and φ(n). Given n = pq = 1009427 and φ(n) = 1007400. To find p and q, we compute >> n = 1009427 n = 1009427 >> f = eulerphi(n) f = 1007400 >> s = n - f + 1 s = 2028 >> d = sqrt(s^2 - 4*n) d = 274 >> p = (s + d)/2 p = 1151 >> q = (s-d)/2 q = 877 Therefore, p = 1151 and q = 877.