Cryptography RSA Cryptosystem

Theorem: Let . Let be numbers s. t. ) ) (distinct) and chooses )). Then for any we have:

Principles of RSA: Provider of public key chooses randomly primes randomly ) s. t. ( Public key: where ) and precoded message ), where and , we can easily find ) ) s. t. )) We denote ) - private key. By the theorem: ) ))

Given public key Enciphering: Deciphering: Given

) of residues modulo n

Proof: Again we have: ( We have to show: ) We have 4 cases: 1) )

)

))

By Euler-Fermat we know that From this s. t. ) ) ) )

) and we also know that ( ). So the Euler-Fermat theorem can be rewritten as ). Multiplying both sides by we obtain

)) .

2)

but

does not ) . Euler-Fermat guarantees that ) ), so we can raise both sides to the power of , yielding )) . From this we can conclude that ). Also recall that ) ) ) ). So ). This gives us the ).

As we know ) Recall that

) )

following results:

But we have stated earlier that

, so

which follows that:

) 3) but does not

Follows the same logic as 2) 4) If then ) which follows that )

Frequency Analysis
The most common letters in English text are E (~12%), T (~9%), A (~8.5%), O, N, I, S, R, H (all about 6% to 7.5%), followed by D (~5%) and L (~4%). It is probably easy to identify E, T and A. (Though you may confuse T and A.) The next six most frequently occurring letters in the ciphertext are likely to represent O, N, I, S, R, H in some order. And there are only 6! = 720 different orders to try. When you try the right order there will be so many recognizable words that the rest will be easy.

Affine ciphers
Recall that a translation cipher is a substitution cipher of the form ) . The key is the ) instead. Now the single number n. One slight improvement one can try is to use key is the pair of numbers (m, n). Ciphers of this form are called affine ciphers. The multiplier m has to ) to yield a permutation of the numbers 0 to 25. This follows be coprime to 26 for easily from the coprime cancellation property.

Decimations
The plaintext can be thought of as a sequence of residues modulo 26. So is a natural number less than 26, and is the length of the message. The keyword also a sequence of residues modulo 26. Here is the period. Define , where each is

, etc. More precisely, for each let , where is the residue of . The ciphertext is , where the term is the mod 26 residue of . In particular the sequence is simply an alphabetic shift of the sequence To get you just add to ). with period and index to be the sequence )

We define the decimation of

Frequencies of Letters in Decimations

The most common letters in English text are E (~12%), T (~9%), A (~8.5%), O, N, I, S, R, H (all about 6% to 7.5%), followed by D (~5%) and L (~4%). Any decimation of typical English text will also exhibit these frequencies. Obviously the encoded text will have a different letter to be more frequent but we can compare the letters and frequencies to determine what the key is as the letters are just shifted

Coincidence Index
The coincidence index of a piece of text is the probability that two randomly chosen letters are the same. If the relative frequencies of the 26 letters are then the coincidence index is . For English text the coincidence index is usually about 0.065. Alphabetic shifts do not change the coincidence index, so in a Vignere cipher with period m, the decimations will still have a coincidence ) for index of about 0.065. We now just compute the coincidence index of until we find an that gives a value greater than 0.06

Digraphs
A digraph is a pair of adjacent letters. If all digraphs occurred with the same frequency then this number would be ) , but because some are much more common than others, typical English text gives a much higher value than this. The )-decimation takes the digraph and, if the period is , takes the digraph after the first. Taking the coincidence index of these digraphs will indicate whether or not the letters were adjacent in the plaintext. There is also another method known as Coincidence Discriminant. It checks the probability that a randomly chosen digraph, , occurs in a piece of text. It then checks the individual occurrences of and letters. The coincidence discriminant is defined to be )

Arithmetic and Computation Writing Numbers in Different Base: Any number where all s satisfy: , and is the base we are writing the number in. In base notation is written as ) . The number of digits needed to represent a number is bounded by . But , giving us , thus the number of digits is bounded by . Number of digit operations: When multiplying an integer with digits with an integer with ) digits, the number of operations required is bounded by , where we have multiplications and ) additions (in base 10). We can say that there are fewer than 2 bit operations as an estimate Number of binary operations: Involve arithmetic with numbers in base 2. Multiplication and Division When performing this task, we only multiply 1s and 0s. When multiplying by 0, the answer is simply 0 and when multiplying by 1, it does nothing. So the task is reduced to just the addition portion of long multiplication. We already said that when an integer with digits with an integer with digits, the ) number of operations required is bounded by . But we do not have to worry about the number of multiplications as is just copied and shifted to the left. So the number of bit ) ) operations is simply bounded by ). The number of terms to add is bounded by . As an estimate we can say the number of bit operations is fewer than . Similar logic for division. We count the number of multiplications and subtractions, which turns out to take bit operations Addition When adding an integer with additions, so is bounded by operations is at most . Big O Notation ) is )) as if ) is less than a constant times ) for all large enough of bits such that the digits with an integer with digits, if then we do at most operations. If we add 2 digit numbers then the number of can be uniquely written in the form:

Definition: An algorithm to perform an operation involving integers (respectively) is said to be a polynomial time algorithm if there exist integers number of bit operations required is )

Applied to RSA We need to make sure that all the computations done by RSA scheme are of polynomial complexity in , where is the main parameter in RSA. In terms of Big O Notation, this means that such ) ) that every computation in RSA takes We need to find a random integer we use the Euclidean Algorithm to find Theorem: Let . To find ) ) it takes ) which is coprime with ) )) ) ) binary operations ) ). To do this

Lemma: The sequence of remainders for all . Proof: If the quotient is then certainly so

generated by the Euclidean Algorithm has the property that

as . Hence

. Assuming

, if we divide

into

This tells us that if we divided by 2, we decrease the number of bits by 1. So the number of bits decrease by 1 every 2 steps, meaning the number of steps required to reach 0 is twice the number of bits in the ) integer we started with, ie. ). The number of steps required to divide a number is ) ). So the total the same as the number of steps to multiply a number, so the number of steps is ) ) ) ) ) number of steps is Second Important Computation in RSA To encrypt, we have for a given operations does this take? Assume that , and given to compute modulo . How many binary

. Do the following: ) ) )

If is a bit integer, then squaring will result in binary operations, resulting in a bit integer. The residue is then found by dividing by which requires operations, giving a total of binary operations. It will take less than operations to find the residue of modulo if is a bit integer. So we now have a total of ) ) bit operations.

Pollard Rho Factorization Consider a very large composite integer and let be its smallest prime factor. Suppose we are able to choose a random sequence with . It is not possible for all the elements in the sequence to be distinct because of the pigeonhole principle, so there must be some number ) for some . We then check if ) . We do this by finding the probability that the s are distinct. Prob ( and are distinct modulo ) = . and is distinct from .
) ) )

. Since modulo

will result in

possible residues and only

one of them is the same as Prob ( is distinct from

are distinct modulo ) =

. Since there are only

two of them that will be the same as Prob ( If

are all distinct from each other modulo ) = then the probability is around 0.6 but if

then the probability is around 0.135.

To factorize we find the ) for ). Finding the gcd greater than 1 is what we want but is very inefficient to compute so many gcds, but there is a solution to this problem. Proposition: Suppose that is a sequence of natural numbers satisfying ) for all , where is a polynomial function, eg. . Suppose also that ) for some that is a divisor of . Then there exists a number such that ). Proof: If ) it follows that ). If we let consecutive integers must contain some multiple of ; so one of must be a multiple of . Let , be this number. Since )
) ) ) ) )

) and and

. Any set of , it follows that

) ) )

It follows that
)

Elgamal Cryptosystem Step 1: Bob releases for Alice a public key ) where and , where order which in its factorization has a large prime. Bob then chooses a random (private) residue and ) Step 2: Alice encrypts her message . She then computes Step 3: Alice sends and the encrypted message Step 4: Bob finds the original message using the inverse key ( Doing the calculation by hand: It is very difficult to calculate discrete logarithms but we can still decrypt the message by hand. Example: Your Elgamal public key is (3937201; 158; 7111), your private key being 3. You receive the message (61320; 62799). Decrypt it. Solution: We only need to use the message and the private key. The message is in the form so and ) . Our goal is to find . To do this we do the following: ) ) ) ) ) ) ) ), ) ) ) ) ) ) and by choosing a random ) ) in the form ) or )) has an

Find the multiplicative inverse of 61320 which turns out to be 2026323. ) Which turns out to be 2000000 ) ) )

Number Theory
Theorem 1: Let ) and Proof: We know that Rearranging for and and we obtain ) and suppose that ) ) and ). Then

. We can rewrite this as and . and . Adding them together we obtain: ) ) ) )

Similarly: ) ) ) ) ) Theorem 2: Let Proof: Assuming that that be integers such that ) . If ) then it follows that . such

, from the Extended Euclidean Algorithm, there are integers

Multiplying both sides by

we obtain: ) ) ) ) ). It then follows that

We know that

) and it is also obvious that ) )

Corollary 1: Let

. If

is a prime such that

, then

or

. and or . Since . is a prime

) Proof: Suppose is a prime such that , and let . Then the only positive integers that are divisors of are 1 and . So either Case 1: Suppose Case 2: Suppose . Then . Since and , it means that ) .

. It follows from Theorem 2 that

Corollary 2: If

is a prime and

where

, then

for some

Definition 1: Let be a positive integer. A set of integers is called a complete system modulo every integer there is exactly one such that )

if for

Definition 2: Let be a positive integer. A set of integers is called a reduced system modulo if all elements of are coprime and for every integer there is exactly one such that every integer there is exactly one such that ) Definition 3: Let that and be a positive integer. The quantity ) . ) is the number of natural numbers such

) ( )

Definition 4: Let be a prime number and any integer that is not a multiple of . The order of a modulo , written ) is the least positive integer such that ). The Euler-Fermat Theorem: Let , and suppose that ) . Then
)

) Proof: Let ) and let is a reduced system where for each . It is clear that multiplying all the s together, the resulting number is still coprime to . So is ) coprime to . Given , it follows that is also a reduced system. All numbers are congruent to (modulo ) in some order. This means that ) ) ) ) Fermats Little Theorem: Let be a prime, and suppose that and . Then ) ) ) )

Definition 5: A function defined on the positive integers is said to be multiplicative if ) ) ) ) whenever Proposition 1: Let and ). The and are coprime integers ) ). Then and . We have and by )

Proof: Since and , and are both integers. Let . We now have and , which means that definition of gcd, must be an integer, so . Proposition 2: Let Proof: Let that with ) . If with

and (as

, then and

). This means that ) ). But , then

(as ) and must be equal to 1.

). It follows

Multiplicative Functions All integers can be expressed as the product of prime factors, ie. multiplicative function ). ) can be expressed as: ( ( ) ( ) ) ( ( ) ( ) ( ) ) as ( ) as ( ) ) . Consider the

And so on until ) ( ) ( ) )

We can apply this concept to all multiplicative functions. Consider the Euler Phi Function ( ) ( ) ( ) ( ) ( ) ) ) as the number of divisors of ) ( ) ( ) ) ) ) ) ) ) )

Define

and

) as the sum of divisors of )

) )

( Both ) and ) are multiplicative.

Provided In general:

and

are coprime.

Provided that Theorem 3: Let be any positive integer. Then )

) Proof: Denote to be the set of such that and denote to be the number of elements in . It is clear that as every number from 1 to occurs exactly once in . Now denote to be the set as each element in is a multiple of . This means that there is no common divisor left meaning each element in is now coprime to . ). So Denote to be the number of elements in . We see that ) now becomes . If then for some integer . is complementary to and ) complementary to . Replacing with we can rewrite as ) .

is

Lemma: Let

and let

. Then

) ), then and .

Proof: The case when holds as both sides equal 0. Let We use the following property: For , if and then )

We know as and so we can write . We now need to prove that , and , which results in and . Using the above property, if and can multiply through by , giving and . From the above condition it follows that ) can cancel , giving us , meaning that Definition 5: Let be a positive integer, and define ) The function { ) ) as follows:

). As , we . We

is called the Mobius Function

Theorem 4: If

and

are coprime positive integers then

).

) Proof: Suppose that and . If either or is not square free then either ) ) ) or , and in either case it follows that . Since all divisors of contains the divisors of both and . So if either or contains a square of a prime as a divisor then it follows ) that . We now determine the case where both Consider the divisors of and : and are both square free.

This gives

) and

) . Since all s and all s are distinct, so ) ) ) ) ) ) by )

) Theorem 5: Suppose that ) the rule that

is a multiplicative function defined on , and define another function ) for all . Then is multiplicative. then ) and ) if and only if ) ) ) . We have ) )

Proof: We use the rule that if )

) define ) {

as

is multiplicative and the fact that

implies that ). Then

whenever

and

Corollary 3: For each positive integer

Proof: For

, we have ) ) ) )

For

, we can write ) ( is prime and

. So ) ( ) ( ) ) ) are those

We now only have to prove that if s for ( . So ) )

, then (

. The divisors of

as when

then

is not square free. , one for each divisor of 12 and we want

The Mobius inversion formula: Suppose we are numbers to find numbers satisfying simultaneous equations

 ie:

We could solve this the old fashion way using Gaussian Elimination but we can use the Mobius inversion formula allows us to do this without all the work Or ) )