1 / 41

Classical Ciphers – 2

Affine and Substitution ciphers Number Theory: gcd, Euler phi function, Euclidean and extended Euclidean algorithms. Classical Ciphers – 2. CSCI284 Spring 2004 GWU. Questions on HW? Project?. Second module requires other input: m, the modulus

paul2
Télécharger la présentation

Classical Ciphers – 2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Affine and Substitution ciphers • Number Theory: gcd, Euler phi function, Euclidean and extended Euclidean algorithms Classical Ciphers – 2 CSCI284 Spring 2004 GWU

  2. Questions on HW? Project? • Second module requires other input: • m, the modulus • the message is 50 symbols modulo m, each a 10-bit symbol • Project proposals due: March 1 • Exceptions due: Feb 9 CS284/Spring04/GWU/Vora/Classical Ciphers

  3. Affine Cipher – Example 1 a and b define the key What are the requirements for this to be a valid encryption function? What’s wrong with this? y = ax + b mod m b CS284/Spring04/GWU/Vora/Classical Ciphers

  4. Affine Cipher – Example 2 y = ax + b mod m What’s wrong with this? b CS284/Spring04/GWU/Vora/Classical Ciphers

  5. Affine Cipher – Example 3 What’s wrong with this? b CS284/Spring04/GWU/Vora/Classical Ciphers

  6. Try m=6, b=1, check all a y = ax + b = ax + 1 mod 6 a=1 y = x + 1 mod 6; x = y-1 mod 6 a=2 y = 2x +1 mod 6; x = 2-1(y-1) mod 6 CS284/Spring04/GWU/Vora/Classical Ciphers

  7. Affine cipher - definition e(x) = ax + b mod m d(y) = a-1(y-b) mod m Is this possible for all a? Try on example: m = 6. Find a-1 for all a  Zm CS284/Spring04/GWU/Vora/Classical Ciphers

  8. GCD: definition The gcd (Greatest Common Divisor) of two integers m and n denoted gcd(m, n) is the largest non-negative integer that divides both m and n. CS284/Spring04/GWU/Vora/Classical Ciphers

  9. Properties of integers - I Fact 1: gcd(m,n) = 1   integers a, b, such that am + bn = 1 Proof: Need to show: • Suppose gcd(m,n) = 1 a, b, such that am + bn = 1 2. Suppose  a, b, such that am + bn = 1gcd(m,n) = 1 CS284/Spring04/GWU/Vora/Classical Ciphers

  10. Proof of: gcd(m,n) = 1  a, b, such that am + bn = 1 Suppose gcd(m,n) = 1 Let k be any integer of the form Am + Bn for integers A and B Let g be the smallest non-negative integer of this form (want to show g = 1) Then k = Cg + r, 0  r < g CS284/Spring04/GWU/Vora/Classical Ciphers

  11. Proof contd.: gcd(m,n) = 1  a, b, such that am + bn = 1 k = Cg + r, 0  r < g where r = Am + Bn – Cg = Am + Bn – C(A’m +B’n) = A’’m + B’’n = 0 (as g was smallest such non-negative integer and r < g) CS284/Spring04/GWU/Vora/Classical Ciphers

  12. Proof contd.: gcd(m,n) = 1  a, b, such that am + bn = 1 k = Cg + r; r = 0 Hence g divides all integers of the form Am + Bn, in particular, g divides m (B = 0) and n (A = 0) • g = 1 (as gcd(m,n) = 1) •  a, b, such that am + bn = 1 (as g is of form Am + Bn) CS284/Spring04/GWU/Vora/Classical Ciphers

  13. Proof of: a, b, such that am + bn = 1 gcd(m,n) = 1 2. Suppose  a, b, such that am + bn = 1 gcd(m,n) divides m and n Hence it divides am + bn for all a, b Hence it divides 1 gcd(m,n) = 1 CS284/Spring04/GWU/Vora/Classical Ciphers

  14. Theorem: multiplicative inverse in a commutative ring The multiplicative inverse of a mod m Zm exists if and only if gcd(a, m) = 1. It is denoted a-1 Proof: Suppose gcd(a,m) = 1  integers x, y, such that ax + my = 1 ax  1 (mod m) x = a-1 CS284/Spring04/GWU/Vora/Classical Ciphers

  15. Theorem: multiplicative inverse in a commutative ring – contd. The multiplicative inverse of a mod m Zm exists if and only if gcd(a, m) = 1. It is denoted a-1 Proof: Suppose a-1 exists, call it X • aX  1 (mod m) • aX + Ym = 1 for some integer Y • gcd(a, m) = 1 CS284/Spring04/GWU/Vora/Classical Ciphers

  16. Affine Cipher P = C = Zm K = {(a, b)  Zm X Zm gcd(a, m) =1} eK(x) = (ax+b) mod m dK(y) = a-1(y-b) mod m CS284/Spring04/GWU/Vora/Classical Ciphers

  17. Affine cipher examples Encrypt firstletstrythekasiskitest Using key: CS284/Spring04/GWU/Vora/Classical Ciphers

  18. Cryptanalysis of the Affine Cipher OZOBDNEYOUEYHOBITJOTMBQTOVVQQAUWNMTIQIQTAYQRVEUSQJMQHONABTQXNMZACOIOBXQEJAHONSQEBTJAQTNAATRITJAYOMVREFOTTJAAXGAEDTJAVOCBJAVAOXQYOFMBAWHTJADVOGQTEBAHOTJNMBGMBGTJARAVVRAUOWQAJMQHONABTQOVCOIQSAAHTJADNEBTXEENVEUSAX. CS284/Spring04/GWU/Vora/Classical Ciphers

  19. Ciphertext frequency A27 O21 T20 Q18 J13 B13 E12 V11 N10 M9 H7 X6 I6 R5 U5 Y5 D4 G4 S4 C3 W3 Z2 F2 P0 K0 L0 English language frequency per 1000 e127 t91 a82 o75 i70 n67 s63 h61 r60 d43 l40 c28 u28 m24 w23 f22 g20 y20 p19 b15 v10 k8 j2 q1 x1 z1 CS284/Spring04/GWU/Vora/Classical Ciphers

  20. Complexity of attacks Brute Force attack for alphabet of size n How difficult is it to break this? How many possible keys? m2? m? CS284/Spring04/GWU/Vora/Classical Ciphers

  21. Examples • If m = p, p – 1 invertible elements • If m = pq, 1, 2, 3, …p, ..2p, ..3p, …qpq numbers divisible by p 1, 2, 3, …q, ..2q, ..3q, …pqp numbers divisible by q pq only number counted twice. No other numbers. • pq – p – q + 1 = (p-1)(q-1) invertible elements What ifm =  i=1rpiei CS284/Spring04/GWU/Vora/Classical Ciphers

  22. Need induction • How do we show that 1+2+3 ….+n = (n+1)n/2 • How do we show that a+ar+ar2+ar3 … +arn = a(rn+1-1)/r-1 CS284/Spring04/GWU/Vora/Classical Ciphers

  23. Euler phi function Number of invertible elements of Zm for m =  i=1rpiei is Euler “phi” or “totient” function: (m) =  i=1rpiei -1(pi -1) Examples: (180), (24) CS284/Spring04/GWU/Vora/Classical Ciphers

  24. Theorem: number of invertible elements in a commutative ring Proof by induction over r • First we show it is true for r=1 i.e. if m = pe Exactly one pth of the numbers are divisible by p (pe) = pe – pe-1 = pe-1(p-1) CS284/Spring04/GWU/Vora/Classical Ciphers

  25. Theorem: number of invertible elements in a commutative ring Now, assume true for r=k, show true for r=k+1 i.e. add one more newprime raised to any power ( i=1kpiei ) =  i=1kpiei -1(pi -1)  ( i=1k+1piei ) = ? Note: we also know (pe)= pe-1(p-1) i.e. what is (xy) when (x) and (y) are known, and x and y are relatively prime CS284/Spring04/GWU/Vora/Classical Ciphers

  26. ax + b for 0  a < y 1  b  x x 1 2 3 x x + 1 2x + 1 (y-1)x + 1 yx Rel prime to x iff b rel. prime to x Rel. prime to y iff ? Need to also write as Ay + B y CS284/Spring04/GWU/Vora/Classical Ciphers

  27. Chinese Remainder Theorem There is exactly one number modulo xy which is bmodx and Bmody if x and y are relatively prime. Proof: Suppose not. Then: ax + b = Ay + B cx + b = Cy + B (a-c)x = (A-C)y • y | (a-c)x  y | (a-c) because x and y rel. prime • a = my + c • first number = mxy + cx + b = second number modulo xy CS284/Spring04/GWU/Vora/Classical Ciphers

  28. Now look at ring Zm when m = xy Size of ring is xy. See numbers mod x: x of them Numbers mod y: y of them Thus, a number mod m is represented uniquely by the pair: (a, b) (its remainder modx, and remainder mod y) A number is rel. prime to both x and y iff a and b are rel. prime to x and y respectively There are(x) (y) numbers rel. prime to xy CS284/Spring04/GWU/Vora/Classical Ciphers

  29. Back to Euler ( i=1kpiei ) =  i=1kpiei -1(pi -1)  ( i=1k+1piei ) = ? Note: we also know (pe)= pe-1(p-1) CS284/Spring04/GWU/Vora/Classical Ciphers

  30. Problems from text 1.11: An involutory key is defined as the key for which the encryption function is identical to the decryption function. • Suppose that K = (a, b) is a key in an Affine Cipher over Zn Prove that K is an involutory key if and only if a-1 mod n = a and b(a+1)  0 (mod n) • Determine all the involutory keys in the affine cipher over Z15 • Suppose that n = pq, where p and q are distinct odd primes. Prove that the number of involutory keys in the Affine Cipher over Zn is n+p+q+1 CS284/Spring04/GWU/Vora/Classical Ciphers

  31. How do we generate an encryption key for an affine cipher? CS284/Spring04/GWU/Vora/Classical Ciphers

  32. Euclidean Algorithmconsidered first non-trivial algorithm gcd(m, n) /* m > n */ (a, b) := (m, n) /* Initialize */ while (b0) (a, b) := (b, a – b*q) /*Where q = a/b */ return(a) Works because: gcd(a, b) = gcd(b, a – b*a/b) gcd(a, b) = b if b|a CS284/Spring04/GWU/Vora/Classical Ciphers

  33. Try gcd(17, 101) gcd(57, 93) CS284/Spring04/GWU/Vora/Classical Ciphers

  34. Proof that Euclidean algorithm works For ith step, (a, b)i saytotal k steps (a, b)0 = (m, n) (a, b)k-1 = (b, b) • Prove that: gcd(m, n) = gcd(a, b)i • Prove that it stops • Hence: CS284/Spring04/GWU/Vora/Classical Ciphers

  35. Extended Euclidean algorithm Find s, t such that gcd(m, n) = sm +tn Let gcd(a, b)i = siai + tibi • Last but one step: bk-1|ak-1 gcd(a, b)k-1 = bk-1 sk-1=0; tk-1=1 2. In general: If gcd(a, b)i = siai + tibi What is: si-1 ti-1? CS284/Spring04/GWU/Vora/Classical Ciphers

  36. Extended Euclidean algorithm bk-1 = gcd(a, b)i = gcd(a, b)i-1 = siai + tibi = sibi-1 + ti(ai-1 – bi-1*qi-1) = tiai-1 + (si – ti*qi-1)bi-1 So, si-1 = ti and ti-1 = si – ti*qi-1 Go back up the euclidean algorithm: (s, t) := (0, 1) /* Initialize */ while (b0) (s, t) := (t, s-t*q) return((s,t)) CS284/Spring04/GWU/Vora/Classical Ciphers

  37. Examples gcd(17, 101) gcd(57, 93) What good? Write algorithm for multiplicative inverse of x mod m CS284/Spring04/GWU/Vora/Classical Ciphers

  38. Solve congruences What is x? 17x  3 mod 101 5x  2 mod 7 CS284/Spring04/GWU/Vora/Classical Ciphers

  39. Euclidean Algorithm: References See Text, section 5.2.1 http://www.uoregon.edu/~koch/math233/Euclid.pdf http://www.nku.edu/~christensen/031MAT494euclid.doc CS284/Spring04/GWU/Vora/Classical Ciphers

  40. Substitution Cipher Each letter goes to another Key is the lookup table, consists of 2n elements for alphabet size n Statistical attacks Brute force attack requires: CS284/Spring04/GWU/Vora/Classical Ciphers

  41. Problem • A particular letter goes to a fixed other letter. Monoalphabetic cipher • Need polyalphabetic ciphers CS284/Spring04/GWU/Vora/Classical Ciphers

More Related