Cryptography Kinder Garden Number theory and Classical Cryptosystems Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/10/2010 INCS 741: Cryptography 10/4/20091Dr. Monther Aldwairi

Basic Number Theory 10/4/20092Dr. Monther Aldwairi

Divisibly Definition Let a and b be integers with a≠0 a divides b if there is an integer q such that b=aq a divides b is denoted by a|b, Proposition 1.For every a≠0, a|0, a|a and 1|b 2.If a|b and b|c, then a|c 3.If a|b and a|c, then a|(sb+tc) for all integers s, t. 10/4/20093Dr. Monther Aldwairi

Prime Numbers Definition A number a >1 is a prime number if it is only divisible by 1 and itself. Examples: 2, 3, 5, 7, 11, 13 ―Numbers that are not prime are composites = (ab) Theorem Every positive integer can be expressed as a unique multiplication of prime numbers raised to different powers Example 504= Corollary Assuming p is prime, If p|abc…z then p must divide one of the factors a, b, c, …, z 10/4/20094Dr. Monther Aldwairi

Greatest Common Divisor (GCD) Definition The greatest common divisor of a and b is the largest positive integer dividing both a and b and is denoted by gcd(a,b) Examples: gcd(12,15)=3, gcd(13,7)=1 ―a and b are relatively prime if the gcd(a,b) =1 Euclidean Algorithm Suppose a>b a =q 1 b + r 1 b =q 2 r 1 + r 2 r 1 =q 3 r 2 + r 3,until r k-1 =q k+1 r k,then gcd(a,b)=r k 10/4/20095Dr. Monther Aldwairi

Congruence Modulo operation 6 mod 4 = 2 or 6 ≡ 2 (mod 4) read 6 is congruent to 2 mod 4 Definition Let a, r, m ∈ Ζ (where Ζ is a set of all integers) and m≠0. a ≡ r (mod m), if m|(a – r) m is called the modulus. r is called the remainder ‒ In other words, a and r differ by multiple of m a = q · m + r 0 ≤ r < m 10/4/20096Dr. Monther Aldwairi

Congruence /cont. Propositions 1.a ≡ a (mod m) 2.a ≡ 0 (mod m) if and only if m|a 3.a ≡ r (mod m) if and only if r ≡ a (mod m) 4. If a ≡ r and r ≡ c (mod m), then a ≡ c (mod m) Examples 12 ≡ 7 mod 5 9 ≡ 3 (mod 6) if and only if 3 ≡ 9 (mod 6) 14 ≡ 8 and 8 ≡ 2 (mod 6), then 14 ≡ 2 (mod m) 10/4/20097Dr. Monther Aldwairi

Modular Arithmetic Work on the set of integers mod m, denoted as Z m ={0,1,2,…, m-1} and perform addition, subtraction and multiplication with congruencies Proposition Let a,b,c,d,m ∈ Ζ with m≠0. and suppose a ≡ b (mod m), and c ≡ d (mod m), then a+c ≡ b+d (mod m), a ‒ c ≡ b ‒ d (mod m), ac ≡ bd (mod m) If the result of addition or multiplication is larger than m ‒ 1 take the Modula Example: m = 9  Ζ 9 = {0, 1, 2, 3, 4, 5, 6, 7, 8} = 14 ≡ 5 mod 9 6 × 8 = 48 ≡ 3 mod 9 10/4/20098Dr. Monther Aldwairi

Modular Arithmetic Properties Z m 1. The additive identity is 0: a + 0 = a 2. The additive inverse of a is -a = m – a s.t. a + (-a) ≡ 0 mod m 3. Addition is closed i.e if a, b ∈ Ζ m then a + b ∈ Ζ m 4. Addition is commutative a + b = b + a 5. Addition is associative (a + b) + c = a + (b + c) 6. Multiplicative identity is 1: a × 1 ≡ a mod m 7. The multiplicative inverse of a exists if gcd(a, m) = 1 and denoted as a -1 s.t. a -1 × a ≡ 1 mod m 8. Multiplication is closed i.e if a, b ∈ Ζ m then a × b ∈ Ζ m 9. Multiplication is commutative a × b = b × a 10. Multiplication is associative (a × b) × c = a × (b × c) 10/4/20099Dr. Monther Aldwairi

Division If a and m are relatively prime we can divide both sides of the congruence by a. If gcd(a,m) =1 then their exist a multiplicative inverse for a mod m denoted as a -1. Example: What does the division 4/5 mod 7 mean? 4/5 mod 7 ≡ 4 × 5 -1 mod 7 Does 5 -1 mod 7 exist ? It exists because gcd(5,7) = mod 7 = 3 therefore, 4/5 mod 7= 4 × 3 = 12 mod 7 ≡ 5 mod 7 10/4/200910Dr. Monther Aldwairi

Linear Equations Proposition Let a,b,c,m ∈ Ζ with m≠0 If ab ≡ ac (mod m), Then b ≡ c (mod m) only if gcd(a,m)=1 Example: Solve 2x+11 ≡ 5 (mod 15) 2x ≡ ‒ 6 (mod 15) gcd(2,15)=1 then division is allowed x ≡ ‒ 3 ≡ 12(mod 15) 10/4/200911Dr. Monther Aldwairi

Exponentiation Proposition The modulo operation can be applied whenever we want (a + b) mod m = [(a mod m) + (b mod m) ] mod m (a × b) mod m = [(a mod m) × (b mod m) ] mod m Exponentiation Example Example: 3 8 mod 7 = ? 3 8 mod 7 = 6561 mod 7 = 2 since 6561 = 937 × Or 3 8 = 3 4 × 3 4 = 3 2 × 3 2 × 3 2 × mod 7 = [(3 2 mod 7)×(3 2 mod 7)×(3 2 mod 7)×(3 2 mod 7)] mod mod 7 = 2 × 2 × 2 × 2 mod 7 = 16 mod 7 = 2 10/4/200912Dr. Monther Aldwairi

Substitution Ciphers Monoalphabetic Ciphers Classical Crypto Systems 10/4/200913Dr. Monther Aldwairi

Conventions plaintext in lowercase and CIPHERTEXT in caps Letters of the alphabet and assigned number as follows Spaces and punctuation are omitted Makes decryption easier Gives information about the structure of the message Spaces would dominate the leter fequency counts 10/4/200914Dr. Monther Aldwairi

Shift Cipher Shift each letter by k places, k is the key Let P = C = K= Ζ 26 and x ∈ P, y ∈ C, k ∈ K Encryption: y=E k (x) = x + k mod 26. Decryption: x=D k (y) = x ‒ k mod 26. When k = 3 the shift cipher is called Caesar Cipher. Example Let the key k = 3 Plaintext : x = A T T A C K = (0, 19, 19, 0, 2, 10). Ciphertext : y = (0+3 mod 26, 19+3 mod 26, …) y = (3, 22, 22, 3, 5, 13) = D W W D F N 10/4/200915Dr. Monther Aldwairi

Attacks on Shift Cipher Known plaintext, chosen plain text or ciphertext easily break the Shift Cipher Ciphertext only; Eve has two choice 1.Exhaustive search, only 25 possible keys 2.Frequency count if the message is long enough – In english e is by far the most common letter, then T,A,R,N,I,O, S. 10/4/200916Dr. Monther Aldwairi

Affine Cipher The key k = (α, β) and α, β ∈ Ζ 26 – Assume gcd(α,26)=1 – α ∈ {1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25} Encryption: E k (x) = y = α · x + β (mod 26). Example: k = (α, β) = (3, 2)  y = 3x +2 Plaintext : X = A T T A C K = (0, 19, 19, 0, 2, 10). Ciphertext : Y = (3×0 + 2 mod 26, 3×19+2 mod 26, …) Y = (2, 7, 7, 2, 8, 6) = C H H C I G Decryption: Dk(y) = x = α -1 ( y – β) (mod 26). 10/4/200917Dr. Monther Aldwairi

Attacks on Affine Cipher 12 choice of α and 26 choices for β  312 keys. Ciphertext only: exhaustive search or frequency analysis Known plaintext: two letters in the plaintext and corresponding ciphertext letters would suffice to find the key. Example : plaintext: IF=(8, 5) and ciphertext PQ=(15, 16) 8 · α + β ≡ 15 mod 26 5 · α + β ≡ 16 mod 26 ⇒ α = 17 and β = 9 Chosen plaintext ab  y 1 = α · 0 + β  y 2 = α + β Chosen ciphertext AB yields the decryption function 10/4/200918Dr. Monther Aldwairi

Frequency Count Cryptanalysis key concept - monoalphabetic substitution ciphers do not change relative letter frequencies calculate letter frequencies for ciphertext compare counts/plots against known values 10/4/200919Dr. Monther Aldwairi

English Letters Frequencies 10/4/200920Dr. Monther Aldwairi

Ployalphabetic Ciphers Substitution Ciphers Classical Crypto Systems 10/4/200921Dr. Monther Aldwairi

Ployalphabetic Ciphers Designed to flatten the frequency distribution by using multiple encryption functions Example E 1 (x)= 3x (mod 26), E 2 (x)=5x+13 (mod 26) Encrypt odd positioned letters using E 1 and even positioned letters using E 2 Ultimately, have 26 different functions Use a keyword to know what function to use 10/4/200922Dr. Monther Aldwairi

Vigenère Cipher Multiple caesar ciphers Use a key to select which alphabet is used for each letter of the message – key is multiple letters long K = k 1 k 2... K d 1.write the plaintext out 2.write the keyword repeated above it with numeral values 3.use each key letter as a caesar cipher key 4.encrypt the corresponding plaintext letter 5.keyword deceptive (3,4,2,4,15,19,8,21,4) k: deceptivedeceptivedeceptive p: wearediscoveredsaveyourself c: ZICVTWQNGRZGVTWAVZHCQYGLMGJ 10/4/200923Dr. Monther Aldwairi

10/4/2009Dr. Monther Aldwairi24

Attacks on Vigenère Cipher Chosen plaintext will easily yield the key – Try aaaaaaa…. – With enough known plaintext k=y-x Chosen ciphertext try AAAAA… results in key negative Known ciphertext only – Find the key length – Find the key 10/4/200925Dr. Monther Aldwairi

Finding The Key Write the ciphertext twice (under each other) with one shifted by the potential key length. Mark repeated letters (matching the letter below) and count the number of coincidences The shift with the most repeated coincidences is the best guess for the key length Now examine the frequencies for 1 st, 10 th, 19 th … and 2 nd, 11 th,20 th … 10/4/200926Dr. Monther Aldwairi

Shift Shift of 4 ZICVTWQNGRZGVTWAVZHCQYGLMGJ 2 Shift 9 ZICVTWQNGRZGVTWAVZHCQYGLMGJ 3 10/4/2009Dr. Monther Aldwairi27

Letter Frequencies in Cryptanalysis Most common letters in English e, t, a, o, i, n, s, h, r Other letters are fairly rare: z, q, x, j, k, v Guess the most common such as E and use it to figure the key Verify the key is correct by making sure rare letters have low frequencies Tables of common pairs/triple letters?! 10/4/200928Dr. Monther Aldwairi

Letter Pairs Tables Entry 12 in row WR column means that combination appears 12 times Entry 14 in N row and W column means NW appears 14 times 10/4/200929Dr. Monther Aldwairi

Letter Pairs (Digrams) Most common was W, B, R, S, I  W=e The vowels a, i, o tend to avoid each other ‒ S, I, P 80% of letters that precede n are vowels (WSIP) ‒ R, A The letter h often appears before e and rarely after it ‒ N=h Most common combination is th ‒ B=t Continue the analysis 10/4/200930Dr. Monther Aldwairi

Transportation Ciphers An encryption in which the letters of the plaintext are rearranged. Columnar Transportation as an example The plaintext are arranged into n rows The resulting ciphertext is formed by traversing the columns x 1 x 4 x 7 x 2 x 1 … Use key to rearrange columns 10/4/200931Dr. Monther Aldwairi

Block Ciphers In Stream ciphers every letter plaintext corresponds to a letter in CIPHERTEXT such as shift and Affine Block ciphers encrypt a block of letters to overcome this problem. – DES operates on 64 bit and AES on 128 bit blocks Electronic Codebook (ECB) mode converts a block of plaintext to a block of CIPHERTEXT independently and at onetime. Cipher Block Chaining (CBC) and Cipher Feedback (CFB) modes use feedback from cipher block to encrypt subsequent blocks. 10/4/200932Dr. Monther Aldwairi

Playfair Cipher /Key The key is a word with repeated letters removed – Schoolbus  Scholbu A 5 × 5 matrix based on the key is constructed with the remaining alphabets with( i and j) treated as one letter. 10/4/200933Dr. Monther Aldwairi

Playfair Cipher/E k (x) Remove spaces and divide plaintext into groups of two letters. – If double letters insert x and regroup – Add extra x to complete the last group?! – dinner is ready  di nx ne ri sr ea dy 1.If both letters fall in the same row, replace each with letter to right – “ea" becomes“BD“ 2.If both letters fall in the same column, replace each with the letter below it – “dy" encrypts as “KO“ 3.Otherwise each letter is replaced by the one in its row in the column of the other letter of the pair – “di" encrypts as “AK“ 10/4/200934Dr. Monther Aldwairi

Playfair Cipher Security Susceptible to frequency count attacks – Count common digrams! 26 × 26 = 676 digrams table – Corresponds to the English most common digrams such as: th, he, an, in, re, es Each letter has only 5 possible corresponding ciphertext letters (4 in row and one below) Common pairs XY and YX giveup corners of rectangles with er and re (most common digrams) 10/4/200935Dr. Monther Aldwairi

Hill Cipher/E k (x) Example: Let n=3 and the key is an n × n matrix whose entries are integers in Ζ 26. and the plaintext be ABC = (0, 1, 2) then the encryption operation is a vector-matrix multiplication  AXW 10/4/200936Dr. Monther Aldwairi

Hill Cipher/D k (y) In order to decrypt we need the inverse of key matrix M, which is Multiple the encrypted text by the inverse N  ABC 10/4/200937Dr. Monther Aldwairi

Matrix Inverse in mod m For a matrix M to have in Inverse mod m. gdc(Determinant(M), m) = 1 ? 10/4/200938Dr. Monther Aldwairi

Hill Cipher Security CIPHERTEXT only is difficult! – Changing one letter in plaintext changes n letters in CIPHERTEXT making frequency count less effective. Known plaintext attack can easily find M given n Chosen plaintext of baa.., abaa...,…, aa…b – i.e. chosentext = I – CIPHERTEXT=M Chosen CIPHERTEXT of BAA.., ABAA…,…, AA…B – i.e. CIPHERTEXT = I – plaintext=N 10/4/200939Dr. Monther Aldwairi

Shannon Properties of a Good Cryptosystem Diffusion – Changing one character in plaintext results in several ciphertext changing and visa versa. – Hill Cipher has that property Confusion – The key doesn’t relate in a simple way to ciphertext. Each character of the ciphertext should depend on several parts of the key. – In Hill Cipher one character in ciphertext depends on a key matrix column 10/4/200940Dr. Monther Aldwairi

One-Time Pads Unbreakable cryptosystem! Represent the message as binary (ASCII) – E k (x)=K+x mod 2 – E k (x)=K x – Decryption uses the same key D k (y)=K y – Key is used once and discarded Unbreakable for a ciphertext only attack. Known plain and cipher texts reveal the one time key only. Which is never used again 10/4/200941Dr. Monther Aldwairi

One-Time Pad Issues Keys generation and exchange – Long and expensive to transmit – Pseudo random number generators are not secure One way functions such as DES and SHA – x j =f(s+j) for j =1,2,3… – b j is the least significant bit of x j. 10/4/200942Dr. Monther Aldwairi

One-Time Pad Issues Keys generation and exchange – Long and expensive to transmit – Pseudo random number generators are not secure One way functions such as DES and SHA – x j =f(s+j) for j =1,2,3… – b j is the least significant bit of x j. 10/4/200943Dr. Monther Aldwairi