1. Classical Cryptography Some Simple Cryptosystems • Shift Cipher, • Substitution Cipher, • Affine Cipher, • Vigenere Cipher, • Hill Cipher, • Permutation Cipher, • Stream Cipher Modular Arithmetic Cryptanalysis 1 Classical Cryptography Definition 1.1 : A cryptosystem is a five-tuple ( P, C, H, E, D ), where the following conditions are satisfied: 1. P is a finite set of possible plaintexts 2. C is a finite set of possible ciphertexts 3. H the keyspace, is a finite set of possible keys 4. For each K ∈ H, there is an encryption rule eK∈ E : P → C and a corresponding decryption rule d K∈ D: C → P such that ∀ x∈ C, d K (eK(x)) = x Oscar x y x Alice Encrypter Decrypter Bob Secure chanel K Key source 2 Modular Arithmetic Definition 1.2 : Suppose a and b are integers, and m is positive integer. Then we write a ≡ b (mod m) if m divides b-a. • a ≡ b mod m if and only if ( a-b) = k×m for some k •Zm the equivalence class under mod m • Canonical form Z m = {0,1,2,…,m-1}, we use the positive remainder as the standard representation. • -1 ≡ m -1 mod m • (Z m, +, ×, 0, 1) is a ring +, × are closed Associative and commutative Operation × distributes over + 0 is the identity for + and 1 for × Additive inverse and multiplicative inverse 3 Shift Cipher Cryptosystem 1.1 : (Shift Cipher) Let P = C = H = Z 26 . For 0 ≤ K ≤ 25, define eK(x) = (x+K) mod 26 (x ∈Z26 ) and dK(y) = (y-K) mod 26 (y ∈Z26 ) A B C D E F G H I J K L M N 0 1 2 3 4 5 6 7 8 9 10 11 12 13 O P Q R S T U V W X Y Z 14 15 16 17 18 19 20 21 22 23 24 25 Example 1.1 : K=11 and the plaintext is wewillmeetatmidnight. Then the ciphertext is HPHTWWXPPELEXTOYTRSE. 1. eK and dK should be efficiently computable 2. An opponent, upon seeing a ciphertext string y, should be unable to determine the key K that was used, or the plaintext string x. 3. Process of attempting to compute the key K is called cryptanalysis . 4 Substitution Cipher Cryptosystem 1.2 : (Substitution Cipher) Let P = C = Z 26 and H consist all permutations on Z 26 . For each permutation π ∈ H, define eπ (x) = π(x) -1 and dπ(y) = π (y) -1 where π is the inverse permutation to π and x,y ∈Z26 . A B C D E F G H I J K L M N 0 1 2 3 4 5 6 7 8 9 10 11 12 13 O P Q R S T U V W X Y Z 14 15 16 17 18 19 20 21 22 23 24 25 A permutation π can be x a b c d e f g h i J k l m n o p q r s t u v w x y z π(x) X N Y A H P O G Z Q W B T S F L R C V M U E K J D I 5 Congruence Equations • Consider the congruence equation ax = b (mod m), a, b ∈ Zm • 5x = 8 mod 12 x = 4 a unique solution in Z 12 • 3x = 8 mod 12 no solution • 3x = 9 mod 12 x can be 3, 7, or 11 multiple solutions in Z 12 • gcd(5,12) = 1 • gcd(3,12) = 3 Theorem 1.1: ax = b (mod m) has a unique solution in Z m for every number b in Z m iff gcd(a,m) = 1 Definition 1.3 : Suppose a ≥1 and m ≥2 are integers. If gcd(a,m)=1, then we say that a and m are relatively prime . 6 Multiplicative Inverses Definition 1.4 : Suppose a ∈Zm. The multiplicative inverse of a modulo m is an element b ∈Zm such that ab=ba=1 mod m. 1. If the multiplicative inverse of a exists, it is unique. Denoted by a -1 2. If b is the inverse of a, then a is the inverse of b. 3. a in Z m has a multiplicative inverse in Z m if and only if gcd(a, m)=1 * Multiplication Group Z m = {a ∈Zm : gcd(a, m) = 1} * Euler phi function φ(m) = | Z m | n ei ei ei −1 Theorem 1.2 m = ∏ pi φ(m) = ∏( pi − pi ). i=1 * Z 26 = {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25} * -1 (Z 26 ) = {1, 9, 21, 15, 3, 19, 7, 23, 11, 5, 17, 25} * If p is a prime, then Z p = {1, 2, …, p-1}. Note: (Z p, +, ×, 0, 1) is a field . 7 Affine Cipher * Cryptosystem 1.3 : (Affine Cipher) Let P = C = Z 26 and H = Z 26 ×Z26 . For each K=(a,b) ∈ H, define eK (x) = (ax+b) mod 26 (x ∈Z26 ). and -1 dK(y) = a (y-b) mod 26 (y ∈Z26 ). Example 1.3 Suppose that K=(a, b)=(7, 3) eK (x) = ? dK(y) = ? dK(eK (x)) = ? Encrypt the plaintext hot . 8 Vigenère Cipher Cryptosystem 1.4 : (Vigenere Cipher) Let m be a positive integer. Let m P = C = H = (Z 26 ) . For a K = (k 1, k 2, …, k m) ∈ H, define eK (x1, x 2, . , x m) = (x1+k1, x 2+ k2, …, x m+ km) and dK(y 1, y 2 , . , y m) = (y 1-k1, y 2- k2, …, y m- km) where all operations are performed in Z26 Example 1.4 Suppose that m=6 and the key is CIPHER, i.e., K=(2, 8, 15, 7, 4, 17) Encrypt the plaintext Thiscryptosystemisnotsecure . Polyalphabetic cryptosystem : The key of the system contains multiple alphabetic characters 9 Linear Transformation and Matrix y = (11x + 3x ) mod 26 11 8 1 1 2 (y1, y2 ) = (x1, x2 ) mod 26 y2 = 8( x1 + 7x2 ) mod 26 3 7 If A=(a i,J ) and B=(b i,J ) are two l×m matrixes, Then the sum A+B is defined as (ai,J +bi,J ). If A=(a i,J ) is an l×m matrix and B=(b i,J ) is an m×n matrix , then the product AB = (c i,J ) is an l×n matrix and is defined by the formula m ci, j = ∑ai,k bk, j k =1 (Z 26 )n×n : all n×n matrixes over Z 26 . In : the n ×n identity matrix . For any A ∈(Z 26 )n×n, I nA=AI n=A. 0n: the n ×n zero matrix . For any A ∈(Z 26 )n×n, 0 n+A=A+0 n=A. ((Z 26 )n×n, 0 n, I n, +, ×) is a ring . 10 The Inverse of a Matrix Definition : Suppose A ∈ (Z 26 )n×n. The inverse of A over (Z 26 )n×n is a matrix B ∈ (Z 26 )n×n such that AB=BA=I n. 1. If the inverse of A exists, it is unique. Denoted by A -1 2. If B is the inverse of A, then A is the inverse of B. Definition 1.5 : Suppose A = (a i,J ) is an m×m matrix. For 1 ≤ i ≤ m, 1 ≤ J ≤ m, define A i,J to be the matrix obtained from A by deleting the ith row and the jth column. The determinant of A , denoted det A, is the value of a 1,1 if m=1. If m > 1, the det A is computed recursively from the formula. n i+ j det A = ∑(− )1 ai, j det Ai,j , where i is fixed and 1 ≤ i ≤ n j=1 det A = a 11 a22 -a12 a21 if m=2 det A = a 11 a22 a33 +a 21 a32 a13 +a 31 a12 a23 -a13 a22 a31 -a12 a21 a33 -a11 a23 a32 if m=3 11 The Inverse of a Matrix Properties : 1. det I n = 1. & 2. det (AB)= det A × det B Theorem 1.3 : Suppose A = (a i,J ) is an m ×m matrix over Z n such that -1 -1 * det A is invertible in Z n. Then A =(det A) A , where A* is the adJoint * * * i+J matrix of A. That is A =(a i,J ), a i,J =(-1) det A J,i . a a a − a 1,1 2,1 −1 −1 2,2 2,1 A = A = (det A) a 1,2 a 2,2 − a 1,2 a 1,1 Example 1.6 10 5 12 11 8 -1 A = A-1=? A = 3 14 21 A =? 3 7 8 9 11 12 Hill Cipher Cryptosystem 1.5 : (Hill Cipher) Let m ≥2 be an integer. Let m P = C = (Z 26 ) and H = GL(m, Z 26 ). For a key K, define eK (x) = xK -1 and dK(y) = yK where GL(m, Z 26 ) = {A ∈ (Z 26 )m×m : A is invertible} and all operations are performed in Z26 . 11 8 Example 1.5 : Suppose the key is K = . 3 7 Want to encrypt the plaintext july 7 18 Since July = 9 20 11 24 −1 K = 23 11 11 8 ,9( 20)K = ,9( 20) = )4,3( = DE The ciphertext is 3 7 DELW 11 8 (11,24)K = (11,24) = (11,22) = LW 3 7 13 Permutation Cipher Cryptosystem 1.6 : (Permutation Cipher) Let m be a positive integer. m Let P = C = (Z 26 ) and H consist all permutations of {1,…,m}. For a key π, define eπ (x 1, x 2, …, x m) = (x π(1) , x π(2) , …, x π(m) ) and dπ (y1, y2 ,...ym ) = (yπ −1 )1( , yπ −1 )2( ,...yπ −1 (m) ) where π-1 is the inverse permutation to π.