1. Classical Cryptography Some Simple Cryptosystems • Shift Cipher, • Substitution Cipher, • Affine Cipher, • Vigenere Cipher, • Hill Cipher, • Permutation Cipher, • Stream Cipher Modular Arithmetic, Number theory, and Group Cryptanalysis The RSA Cryptosystem 1 Classical Cryptography Definition 1.1: A cryptosystem is a five-tuple (P, C, H, E, D), where the following conditions are satisfied: 1. P is a finite set of possible plaintexts 2. C is a finite set of possible ciphertexts 3. H the keyspace, is a finite set of possible keys 4. For each K H, there is an encryption rule eK E : P C and a corresponding decryption rule dK D: C P such that x C, dK (eK(x)) = x Oscar x y x Alice Encrypter Decrypter Bob Secure chanel K Key source 2 Modular Arithmetic Definition 1.2: Suppose a and b are integers, and m is positive integer. Then we write a b (mod m) if m divides b-a. • a b mod m if and only if (a-b) = km for some k •Zm the equivalence class under mod m • Canonical form Zm = {0,1,2,…,m-1}, we use the positive remainder as the standard representation. • -1 m -1 mod m • (Zm, +, 0) is a Group . + is closed . Associative: (a + b) + c = a + (b + c) . Commutative: a + b = b + a (abelian group) . 0 is the identity for +: a + 0 = a + 0 = a . Additive inverse: (-a) + a = a + (-a) = 0 3 Modular Arithmetic • (Zm, +, , 0, 1) is a Ring . +, are closed . +, are associative and commutative (abelian ring) . Operation distributes over +: a (b + c) = a b + a c . 0 is the identity for + and 1 for . Additive inverse • (Zp, +, , 0, 1) is a Field (when p is a prime number.) . +, are closed . +, are associative and commutative . Operation distributes over + . 0 is the identity for + and 1 for . Additive inverse and multiplicative inverse 4 Shift Cipher Cryptosystem 1.1: (Shift Cipher) Let P = C = H = Z26. For 0 K 25, define eK(x) = (x+K) mod 26 (xZ26) and dK(y) = (y-K) mod 26 (yZ26) A B C D E F G H I J K L M N 0 1 2 3 4 5 6 7 8 9 10 11 12 13 O P Q R S T U V W X Y Z 14 15 16 17 18 19 20 21 22 23 24 25 Example 1.1: K=11 and the plaintext is wewillmeetatmidnight. Then the ciphertext is HPHTWWXPPELEXTOYTRSE. 1. eK and dK should be efficiently computable 2. An opponent, upon seeing a ciphertext string y, should be unable to determine the key K that was used, or the plaintext string x. 3. Process of attempting to compute the key K is called cryptanalysis. 5 Substitution Cipher Cryptosystem 1.2: (Substitution Cipher) Let P = C = Z26 and H consist all permutations on Z26. For each permutation H, define e (x) = (x) -1 and d(y) = (y) -1 where is the inverse permutation to and x,yZ26. A B C D E F G H I J K L M N 0 1 2 3 4 5 6 7 8 9 10 11 12 13 O P Q R S T U V W X Y Z 14 15 16 17 18 19 20 21 22 23 24 25 A permutation can be x a b c d e f g h i j k l m n o p q r s t u v w x y z (x) X N Y A H P O G Z Q W B T S F L R C V M U E K J D I 6 Congruence Equations • Consider the congruence equation ax = b (mod m), a, b Zm • 5x = 8 mod 12 x = 4 a unique solution in Z12 • 3x = 8 mod 12 no solution • 3x = 9 mod 12 x can be 3, 7, or 11 multiple solutions in Z12 • gcd(5,12) = 1 • gcd(3,12) = 3 Theorem 1.1: ax = b (mod m) has a unique solution in Zm for every number b in Zm iff gcd(a,m) = 1 Definition 1.3: Suppose a1 and m2 are integers. If gcd(a,m)=1, then we say that a and m are relatively prime. 7 Multiplicative Inverses Definition 1.4: Suppose aZm. The multiplicative inverse of a modulo m is an element bZm such that ab=ba=1 mod m. 1. If the multiplicative inverse of a exists, it is unique. Denoted by a-1 2. If b is the inverse of a, then a is the inverse of b. 3. a in Zm has a multiplicative inverse in Zm if and only if gcd(a, m)=1 * Multiplication Group Z m = {aZm : gcd(a, m) = 1} * Euler phi function (m) = | Z m | n ei ei ei 1 Theorem 1.2 m pi (m) ( pi pi ). i1 * Z 26 = {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25} * -1 (Z 26) = {1, 9, 21, 15, 3, 19, 7, 23, 11, 5, 17, 25} * If p is a prime, then Z p = {1, 2, …, p-1}. Note: (Zp, +, , 0, 1) is a field. 8 Affine Cipher * Cryptosystem 1.3: (Affine Cipher) Let P = C = Z26 and H = Z 26Z26. For each K=(a,b) H, define eK (x) = (ax+b) mod 26 (xZ26). and -1 dK(y) = a (y-b) mod 26 (yZ26). Example 1.3 Suppose that K=(a, b)=(7, 3) eK (x) = ? dK(y) = ? dK(eK (x)) = ? Encrypt the plaintext hot. 9 Vigenère Cipher Cryptosystem 1.4: (Vigenere Cipher) Let m be a positive integer. Let m P = C = H = (Z26) . For a K = (k1, k2, …, km) H, define eK (x1, x2, . , xm) = (x1+k1, x2+ k2, …, xm+ km) and dK(y1, y2 , . , ym) = (y1-k1, y2- k2, …, ym- km) where all operations are performed in Z26 Example 1.4 Suppose that m=6 and the key is CIPHER, i.e., K=(2, 8, 15, 7, 4, 17) Encrypt the plaintext Thiscryptosystemisnotsecure. Polyalphabetic cryptosystem: The key of the system contains multiple alphabetic characters 10 Linear Transformation and Matrix y (11x 3x ) mod 26 11 8 1 1 2 (y1, y2 ) (x1, x2 ) mod 26 y2 (8x1 7x2 ) mod 26 3 7 If A=(ai,j) and B=(bi,j) are two lm matrixes, Then the sum A+B is defined as (ai,j+bi,j). If A=(ai,j) is an lm matrix and B=(bi,j) is an mn matrix , then the product AB = (ci,j) is an ln matrix and is defined by the formula m ci, j ai,k bk, j k 1 (Z26)nn : all nn matrixes over Z26. In : the nn identity matrix. For any A(Z26)nn, InA=AIn=A. 0n: the nn zero matrix. For any A(Z26)nn, 0n+A=A+0n=A. ((Z26)nn, 0n, In, +, ) is a ring. 11 The Inverse of a Matrix Definition: Suppose A (Z26)nn. The inverse of A over (Z26)nn is a matrix B (Z26)nn such that AB=BA=In. 1. If the inverse of A exists, it is unique. Denoted by A-1 2. If B is the inverse of A, then A is the inverse of B. Definition 1.5: Suppose A = (ai,j) is an mm matrix. For 1 i m, 1 j m, define Ai,j to be the matrix obtained from A by deleting the ith row and the jth column. The determinant of A, denoted det A, is the value of a1,1 if m=1. If m > 1, the det A is computed recursively from the formula. n i j det A (1) ai, j det Ai,j , where i is fixed and 1 i n j1 det A = a11a22-a12a21 if m=2 det A = a11a22a33+a21a32a13 +a31a12a23 -a13a22a31-a12a21a33 -a11a23a32 if m=3 12 The Inverse of a Matrix Properties: 1. det In = 1. & 2. det (AB)= det A det B Theorem 1.3: Suppose A = (ai,j) is an mm matrix over Zn such that -1 -1 * det A is invertible in Zn. Then A =(det A) A , where A* is the adjoint * * * i+j matrix of A. That is A =(a i,j), a i,j =(-1) det Aj,i. a a a a 1,1 1,2 1 1 2,2 1,2 A A (det A) a2,1 a2,2 a2,1 a1,1 Example 1.6 Example 1.5 10 5 12 11 8 -1 A A-1=? A 3 14 21 A =? 3 7 8 9 11 13 Hill Cipher Cryptosystem 1.5: (Hill Cipher) Let m2 be an integer. Let m P = C = (Z26) and H = GL(m, Z26). For a key K, define eK (x) = xK -1 and dK(y) = yK where GL(m, Z26) = {A (Z26)mm : A is invertible} and all operations are performed in Z26. 11 8 Example 1.5: Suppose the key is K . 3 7 Want to encrypt the plaintext july 7 18 Since July = 9 20 11 24 1 K 23 11 11 8 (9,20)K (9,20) (3,4) DE The ciphertext is 3 7 DELW 11 8 (11,24)K (11,24) (11,22) LW 3 7 14 Permutation Cipher Cryptosystem 1.6: (Permutation Cipher) Let m be a positive integer. m Let P = C = (Z26) and H consist all permutations of {1,…,m}. For a key , define e (x1, x2, …, xm) = (x(1), x(2), …, x(m)) and d (y1, y2 ,...ym ) (y 1 (1) , y 1 (2) ,...y 1 (m) ) where -1 is the inverse permutation to . Example 1.7 Suppose m=6 and the key is the following permutation : x 1 2 3 4 5 6 -1=? (x) 3 5 1 6 4 2 Encrypt the following plaintext: shesellsseashellsbytheseashore 15 Stream Cipher Block cipher: x=x1x2… & a key K y=y1y2… = eK(x1)eK(x2)… Steam cipher: x=x1x2… & a key K a key stream z=z1z2… y y y ..