Professional Documents
Culture Documents
2
Message:
a string of blocks
Typically message is a string of plaintexts:
• message x = x1x2 · · · xn
• n is the number of plaintext blocks
• ciphertext string is y = y1y2 · · · yn
• for all i yi = eK (xi), xi = dK (yi)
• Sometimes write e(K, x) instead of eK (x)
3
Shift Cipher disk
4
Shift Cipher
• Z26 denotes the set {0, 1, ... , 25} with
addition and multiplication taken modulo 26
The shift cipher is the cryptosystem
defined by taking
• P = C = K = Z26
• eK (x) = (x + K) mod 26
• dK (y) = (y − K) mod 26
Letters are identified with numbers:
A=0, B=1, .... , Z=25
5
Group
• Generalize shift cipher to any group:
DEF: A commutative group is a tuple
(G,+) which satisfies
1. Closed:
∀x, y ∈ G, x + y ∈ G
2. Associative:
∀x, y, z ∈ G, (x + y) + z = x + (y + z)
3. Identity/zero:
∃0 ∈ G, ∀x ∈ G, x + 0 = 0 + x = x
4. Inverses:
∀x ∈ G, ∃y ∈ G, x + y = y + x = 0
5. Commutative (or abelian):
∀x, y ∈ G, x + y = y + x
6
Ring
• Often, addition too easily cracked
• Extra structure obfuscates: multiplication
DEF: A commutative ring is a 3-tuple
(R,+,· ) which satisfies:
1. (R,+) is a commutative group
2. R is closed under “·” -which is associative,
commutative and has identity 1 ∈ R
3. Distributive:
∀x, y, z ∈ R, x(y + z) = xy + xz and (x + y)z = xz + yz
7
Translational Group
Cipher
Taking any group G (even non-commutative)
can generalize shift cipher by using G ’s
“addition” rule:
• P =C =K =G
• eK (x) = x + K and dK (x) = x + (−K)
• G is translated by the element K
8
Ring’s Multiplicative
Group R*
• Should only use keys that are invertible:
DEF: The multiplicative group of a ring R
-denoted by R*- is the set of all elements
which have a multiplicative inverse in R.
Mathematically, set of invertible elements:
R∗ = {x ∈ R | ∃y ∈ R, x · y = y · x = 1}
• ∗
Z26 = {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}
9
Field
10
Zm and the Euler
Phi Function !(m)
DEF: The ring Zm is the set {0, 1, . . . , m − 1}
with addition and multiplication taken mod m.
LEMMA: x is invertible in Zm iff gcd(x, m) = 1.
COR: Zm is a field iff m is prime.
DEF: !(m) = |Z
∗
m|. In other words, !(m) is
the number of elements in Zm which are
relatively prime to m.
11
Formula for Euler Phi
Function
THM: If the prime factorization of m is given
n
by m = ! pei i where n is the number of
i=1
prime factors, pi is the i’th prime which
appears ei times in m, then
n
!(m) = "(pi − 1)pei i−1
i=1
COR: For one prime !(p) = p − 1
COR: For two different primes
!(p · q) = (p − 1)(q − 1)
12
Affine Ring Cipher
Can define a general cipher over any ring, even
non-commutative rings (where multiplication
non-commutative, but addition commutative).
• P =C =R
• K = R ×R∗
• For K = (a, b)
• eK (x) = ax + b and dK (y) = a−1
(y − b)
When R = Z26 this is the affine cipher.
13
Substitution Cipher
Shift and Affine cipher have limited key spaces.
Better to use all possible permutations of Z26 :
• P = C = Z26
• K consists of all permutations ! of Z26 .
• e!(x) = !(x) and d!(y) = ! (y)
−1
14
Matrices
Given any ring R can define a bigger non-
commutative ring Mn(R)consisting of all n by n
square matrices with entries in R.
16
Inverting modular
matrices in matlab
1. Define the matrix A using nested brackets.
2. Compute the determinant d and store it.
3. Determine if d is relatively prime to 26. If
not, matrix not invertible so STOP.
4. ELSE, invert d mod-26 using extended gcd
and store value in e.
5. Invert A in matlab, multiply result by d*e,
and reduce mod-26
17
Non-invertible A
matlab code:
matlab example 1
18
matlab example 2
>> A = [ [21 10] ; [18 5] ]; >> B = round(B)
>> d = det(A) B =
d = -75 45 -90
>> [g, e, t] = gcd(d,26) -162 189
g = 1 >> B = mod(B,26)
e = 9 B =
t = 26 19 14
>> B = A^-1 20 7
B = >> C = A*B
-0.0667 0.1333 C =
0.2400 -0.2800 599 364
>> B = B*d*e 442 287
B = >> mod(C,26)
45.0000 -90.0000 ans =
-162.0000 189.0000 1 0
0 1
19
Hill Cipher patent
20
Hill Cipher
DEF: Mn(m) is the ring of all n by n matrices
with entries in Zm and arithmetic operations
all taken modulo m. The Hill Cipher:
so g(K) = z0z1z2 . . .
3. For each z ∈ L there is an encryption
function ez with inverse dz as before.
NOTE: Stinson defines this as synchronous.
22
Vigenère Square
23
Vigenère Cipher
Vigenère is the stream variant of shift cipher:
• P = C = L = Z26
• Keys are length-n strings: K = (Z26) n
Components:
• key and light boards
• plugboard
• rotors
• reflector
27
Enigma Design
The Enigma is a stream A A B B C C D D E E
Components:
• key and light boards
• plugboard
• rotors
• reflector
28
Enigma Math
Enigma’s structure defined
by 5 permutations on Z26
p, !a, !b, !c, r
• p - plugboard perm. A A B B C C D D E E
• r - reflector perm.
!−1
• same for all sessions
!c c
• idempotent
• no fixed points r
Encryption formula:
e = p!−1 −1 −1
c !b !a r!c!b!a p
29
Enigma Cryptosystem
Stream cipher defined by:
• P = C = L = Z26
• K = {rotor settings} X {plugboard settings}
• 3 rotors each with 26 settings
• 5 cables each transposing two letters
• Ignoring rotor ordering, rotor choices,
ringstellung - don’t change basic idea
• ei = p!−1 −1 −1
c,i b,i !a,i r!c,i!b,i!a,i p
!
LEMMA: Encryption is the same as
decryption. In other words, di = ei .
Proof: Check that e is idempotent using
encryption formula.
31