Classical Cryptography

Prof. Zeph Grunschlag

 Classical Cryptosystem
A CRYPTOSYSTEM is a 5-tuple
(P , C , K , E , D ) satisfying
1. P is a finite set of possible plaintexts
2. C is a finite set of possible ciphertexts
3. K is a finite set of possible keys
4. E is a finite set of encryption rules indexed by K
so for each K ∈ K there is a function eK : P → C
5. D is a finite set of decryption rules indexed by K
so for each K ∈ K there is a function dK : C → P
6. for each K ∈ K , dK ◦ eK = identity

2
 Message:
a string of blocks
Typically message is a string of plaintexts:

• message x = x1x2 · · · xn
• n is the number of plaintext blocks
• ciphertext string is y = y1y2 · · · yn
• for all i yi = eK (xi), xi = dK (yi)
• Sometimes write e(K, x) instead of eK (x)
3
Shift Cipher disk
4
 Shift Cipher
• Z26 denotes the set {0, 1, ... , 25} with
addition and multiplication taken modulo 26
The shift cipher is the cryptosystem
defined by taking

• P = C = K = Z26
• eK (x) = (x + K) mod 26
• dK (y) = (y − K) mod 26
Letters are identified with numbers:
A=0, B=1, .... , Z=25

5
 Group
• Generalize shift cipher to any group:
DEF: A commutative group is a tuple
(G,+) which satisfies
1. Closed:
∀x, y ∈ G, x + y ∈ G
2. Associative:
∀x, y, z ∈ G, (x + y) + z = x + (y + z)
3. Identity/zero:
∃0 ∈ G, ∀x ∈ G, x + 0 = 0 + x = x
4. Inverses:
∀x ∈ G, ∃y ∈ G, x + y = y + x = 0
5. Commutative (or abelian):
∀x, y ∈ G, x + y = y + x
6
 Ring
• Often, addition too easily cracked
• Extra structure obfuscates: multiplication
DEF: A commutative ring is a 3-tuple
(R,+,· ) which satisfies:
1. (R,+) is a commutative group
2. R is closed under “·” -which is associative,
commutative and has identity 1 ∈ R
3. Distributive:
∀x, y, z ∈ R, x(y + z) = xy + xz and (x + y)z = xz + yz
7
 Translational Group
Cipher
Taking any group G (even non-commutative)
can generalize shift cipher by using G ’s
“addition” rule:

• P =C =K =G
• eK (x) = x + K and dK (x) = x + (−K)
• G is translated by the element K
8
 Ring’s Multiplicative
Group R*
• Should only use keys that are invertible:
DEF: The multiplicative group of a ring R
-denoted by R*- is the set of all elements
which have a multiplicative inverse in R.
Mathematically, set of invertible elements:
R∗ = {x ∈ R | ∃y ∈ R, x · y = y · x = 1}

• ∗
Z26 = {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25}

9
 Field

• When almost every element in ring is

invertible (except 0 which can’t be) ring is
called field
DEF: A field is a commutative ring F such that
F* = F - {0}

• Z26 is not a field

10
 Zm and the Euler
Phi Function !(m)
DEF: The ring Zm is the set {0, 1, . . . , m − 1}
with addition and multiplication taken mod m.
LEMMA: x is invertible in Zm iff gcd(x, m) = 1.
COR: Zm is a field iff m is prime.
DEF: !(m) = |Z
∗
m|. In other words, !(m) is
the number of elements in Zm which are
relatively prime to m.

11
 Formula for Euler Phi
Function
THM: If the prime factorization of m is given
n
by m = ! pei i where n is the number of
i=1
prime factors, pi is the i’th prime which
appears ei times in m, then
n
!(m) = "(pi − 1)pei i−1
i=1
COR: For one prime !(p) = p − 1
COR: For two different primes
!(p · q) = (p − 1)(q − 1)
12
 Affine Ring Cipher
Can define a general cipher over any ring, even
non-commutative rings (where multiplication
non-commutative, but addition commutative).

• P =C =R
• K = R ×R∗

• For K = (a, b)
• eK (x) = ax + b and dK (y) = a−1
(y − b)
When R = Z26 this is the affine cipher.
13
 Substitution Cipher
Shift and Affine cipher have limited key spaces.
Better to use all possible permutations of Z26 :

• P = C = Z26
• K consists of all permutations ! of Z26 .
• e!(x) = !(x) and d!(y) = ! (y)
−1

In practice, may use keyword to remember ! .

14
 Matrices
Given any ring R can define a bigger non-
commutative ring Mn(R)consisting of all n by n
square matrices with entries in R.

• Addition done coordinate-by-coordinate.

• Multiplication harder
 (c.f. Rosen
1 0 0 ··· 0
 §2.7)

• Identity is I = 0. 1 0 · · · 0. 

n
• .
0 0 0 ··· 1
.

• Determinants (c.f. Math 1201 or Calculus III)

• Inverses discussed next.
15
 Modular Matrix Inverse
THM: Let A be a square matrix whose entries
are in Zm . A is invertible modulo m iff det(A)
is invertible in Zm . Furthermore the inverse
of A mod-m is given by
A−1 mod m = (det(A)−1 mod m) · (det(A) · A−1)
−1
where A is the inverse of A over R .

• is computed using Gaussian elimination,

A−1

Cramer’s rule, etc.

16
 Inverting modular
matrices in matlab
1. Define the matrix A using nested brackets.
2. Compute the determinant d and store it.
3. Determine if d is relatively prime to 26. If
not, matrix not invertible so STOP.
4. ELSE, invert d mod-26 using extended gcd
and store value in e.
5. Invert A in matlab, multiply result by d*e,
and reduce mod-26
17
 Non-invertible A

matlab code:

>> A = [[21 10];[18 3]]

A =
21 10
18 3
>> d = det(A)
d =
-117
>> [g, e, t] = gcd(d,26)
g =
13
... etc. ... ( gcd = 13, not rel. prime)

matlab example 1
18
 matlab example 2
>> A = [ [21 10] ; [18 5] ]; >> B = round(B)
>> d = det(A) B =
d = -75 45 -90
>> [g, e, t] = gcd(d,26) -162 189
g = 1 >> B = mod(B,26)
e = 9 B =
t = 26 19 14
>> B = A^-1 20 7
B = >> C = A*B
-0.0667 0.1333 C =
0.2400 -0.2800 599 364
>> B = B*d*e 442 287
B = >> mod(C,26)
45.0000 -90.0000 ans =
-162.0000 189.0000 1 0
0 1
19
Hill Cipher patent
20
 Hill Cipher
DEF: Mn(m) is the ring of all n by n matrices
with entries in Zm and arithmetic operations
all taken modulo m. The Hill Cipher:

• Plain and cipher text blocks are taken n

letters at a time: P = C = (Z26) n

• Keys are invertible matrices: K = M n (26)∗

• Encryption/decryption given by matrix

multiplication from the left
eK (x) = K · x and dK (y) = K −1
·y

NOTE: Differs slightly from Stinson p. 18.

21
 Stream Cipher
DEF: A stream cipher (P , C , K , L , E , D , g)
is defined with P , C , and K as before and:
1. L is a finite keystream alphabet
2. g is a function from keys to infinite
keystreams, i.e. g : K → L !

so g(K) = z0z1z2 . . .
3. For each z ∈ L there is an encryption
function ez with inverse dz as before.
NOTE: Stinson defines this as synchronous.
22
Vigenère Square
23
 Vigenère Cipher
Vigenère is the stream variant of shift cipher:

• P = C = L = Z26
• Keys are length-n strings: K = (Z26) n

• Keystreams simply repeat the key ad-

infinitum
g(k) = k · k · k . . . so that zi = k(i mod n)
•
• Encryption functions same as shift-cipher:
ez(x) = (x + z) mod 26 and dz(x) = (x − z) mod 26
24
Enigma (closed)
25
26
 Enigma Design
The Enigma is a stream A A B B C C D D E E

cipher with the key stream

defining a new -seemingly
totally independent-
permutation at each
character.

Components:
• key and light boards
• plugboard
• rotors
• reflector

27
 Enigma Design
The Enigma is a stream A A B B C C D D E E

cipher with the key stream

defining a new -seemingly
totally independent-
permutation at each
character.

Components:
• key and light boards
• plugboard
• rotors
• reflector

28
 Enigma Math
Enigma’s structure defined
by 5 permutations on Z26
p, !a, !b, !c, r
• p - plugboard perm. A A B B C C D D E E

• unchanged for session p p

• idempotent ( p ◦ p = id ) !a !−1
•
a
!a, !b, !c - rotor perm.’s
may change each letter !b !−1
b

• r - reflector perm.
!−1
• same for all sessions
!c c

• idempotent
• no fixed points r
Encryption formula:
e = p!−1 −1 −1
c !b !a r!c!b!a p

29
 Enigma Cryptosystem
Stream cipher defined by:

• P = C = L = Z26
• K = {rotor settings} X {plugboard settings}
• 3 rotors each with 26 settings
• 5 cables each transposing two letters
• Ignoring rotor ordering, rotor choices,
ringstellung - don’t change basic idea

• Keystream z = 1,2,3,4,5,6,... for indexing only

• ez explained next: 30
 Enigma encryption
stream
NOTE: Use i instead of z to index e
Each of the rotor permutations may change
from letter to letter, so index these as well.
Encryption formula implies:

• ei = p!−1 −1 −1
c,i b,i !a,i r!c,i!b,i!a,i p
!
LEMMA: Encryption is the same as
decryption. In other words, di = ei .
Proof: Check that e is idempotent using
encryption formula.
31