Cryptography and Network Security

UNIT-1

Syllabus: Set of Integers, Binary Operations, Divisibility-Properties, Euclidean Algorithm, Extended

Euclidean Algorithm, Modularity- Operations, Set of Residues, Congruence, Properties, Residue
Classes, Inverse- Additive and Multiplicative Inverse, Addition and Multiplication Tables, Associated
sets

Set of Integers

 The set of integers, denoted by Z, contains all integral numbers (with no fraction). from negative
infinity to positive infinity.

Binary Operations

 In cryptography, we are interested in three binary operations applied to the set of integers.

 A binary operation takes two inputs and creates one output.

  The following shows the results of the three binary operations on two integers.

 Because each input can be either positive or negative, we can have four cases for each
operation.

Integer Division

In integer arithmetic, if we divide a by n, we can get q and r . The relationship between these four
integers can be shown as

a=q×n+r

Properties of Divisibility

 If a/1, then a = +1 or -1.

 If a/b and b/a, then a = +b or –b.

 Any b ≠ 0 divides 0.

 If a/b and b/c, then a/c.

Example:

11/66 and 66/198 then 11/198

 If b/g and b/h, then b/(mg + nh) for arbitrary integers m and n.

Proof:

If b/g, then g is of the form g = b * g1 for some integer g1.

If b/h, then h is of the form h = b * h1 for some integer h1.

So mg + nh = mbg1 + nbh1 = b * (mg1 + nh1)

So b divides mg1+nh1
Divisibility Algorithm

 Given any positive integer n and any nonnegative integer a, if we divide a by n, we get an integer
quotient q and an integer remainder r that obey the following relationship:

a = qn + r 0<=r<n; q = [a/n]

Euclidean Algorithm

 It is a simple procedure for determining the greatest common divisor of two positive integers.

 The greatest common divisor of a and b is the largest integer that divides both a and b.

 We also define gcd(0, 0) = 0.

 More formally, the positive integer c is said to be the greatest common divisor of a and b if

1. c is a divisor of a and of b.

2. Any divisor of a and b is a divisor of c.

 An equivalent definition is the following:

gcd(a, b) = max[k, suchthatk/a and k/b]

 In general, gcd(a, b) = gcd(|a| , |b|).

Find the greatest common divisor of 2740 and 1760.
Extended Euclidean Algorithm

 Given two integers a and b we need to often find other 2 integers s and t such that
sxa+txb=gcd(a,b).

 The extended euclidean algorithm can calculate the gcd(a,b) and at the same time calculate the
values of s and t.

 Steps:

 Initialize r1->a,r2->b

s1->1,s2->0

t1->0,t2->1

 Repeat the following steps until r2>0

1. Find quotient q->r1/r2

2. Update the r1,r2 values as r->r1-q*r2, r1->r2,r2->r

3. Update s1,s2 values as s->s1-q*s2,s1->s2,s2->s

4. Update t1,t2 values as t->t1-q*t2,t1->t2,t2->t

 When r2<=0 get the gcd, s and t values as

Gcd(a,b)->r1, s->s1, t->t1

Given a=161 and b=28, find the gcd(a,b) and values of s and t

Modular Arithmetic

 The division relationship (a = q × n + r) discussed in the previous section has two inputs (a and n)
and two outputs (q and r).

 In modular arithmetic, we are interested in only one of the outputs, the remainder r.

Modulo Operator

 The modulo operator is shown as mod.

 The second input (n) is called the modulus.

 The output r is called the residue.

Find the result of the following operations:

• a. 27 mod 5 b. 36 mod 12

• c. −18 mod 14 d. −7 mod 10

 • Dividing 27 by 5 results in r = 2

• Dividing 36 by 12 results in r = 0.

• Dividing −18 by 14 results in r = −4. After adding the modulus r = 10

• Dividing −7 by 10 results in r = −7. After adding the modulus to −7, r = 3.

Set of Residues

 The modulo operation creates a set, which in modular arithmetic is referred to as the set of
least residues modulo n, or Zn.

Congruence

 To show that two integers are congruent, we use the congruence operator ( ≡ ). For example, we
write:
Congruence-Residue Classes

 A residue class [z] or [z]n is the set of integers congruent modulo n.

Operations on Zn

 The three binary operations that we discussed for the set Z can also be defined for the set Zn.

 The result may need to be mapped to Zn using the mod operator.

Perform the following operations (the inputs come from Zn):

• a. Add 7 to 14 in Z15.

• b. Subtract 11 from 7 in Z13.

• c. Multiply 11 by 7 in Z20.
Properties of Modulo

 In arithmetic, we often need to find the remainder of powers of 10 when divided by an integer.

Inverses

 When we are working in modular arithmetic, we often need to find the inverse of a number
relative to an operation.

 We are normally looking for an additive inverse (relative to an addition operation) or a

multiplicative inverse (relative to a multiplication operation).

Additive Inverse

 In Zn, two numbers a and b are additive inverses of each other if

 In modular arithmetic, each integer has an additive inverse. The sum of an integer and its
additive inverse is congruent to 0 modulo n.
Find all additive inverse pairs in Z10.

The six pairs of additive inverses are (0, 0), (1, 9), (2, 8), (3, 7), (4, 6), and (5, 5).

Multiplicative Inverse

 In Zn, two numbers a and b are the multiplicative inverse of each other if

 In modular arithmetic, an integer may or may not have a multiplicative inverse.

 When it does, the product of the integer and its multiplicative inverse is congruent to 1 modulo
n.

Find all multiplicative inverses in Z10.

There are only three pairs: (1, 1), (3, 7) and (9, 9). The numbers 0, 2, 4, 5, 6, and 8 do not have a
multiplicative inverse.

Addition and Multiplication Tables

 We need to use Zn when additive inverses are needed; we need to use Zn* when multiplicative
inverses are needed.
  Cryptography often uses two more sets: Zp and Zp*. The modulus in these two sets is a prime
number.

Prime Numbers

 Prime numbers only have divisors of 1 and self they cannot be written as a product of other
numbers. eg. 2,3,5,7 are prime, 4,6,8,9,10 are not

 prime numbers are central to number theory

 List of prime number less than 200 is:

 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127

131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

 An integer p > 1 is a prime number if and only if its only divisors are ± 1 and ±p.

 Any integer a > 1 can be factored in a unique way as a = p1^ a1 * p2 ^a2 * …….* pt^at where p1
< p2 < …..< pt are prime numbers and where each ai is a positive integer.

 This is known as the fundamental theorem of arithmetic; a proof can be found in any text on
number theory.
 91 = 7 x 13

3600 = 24 x 32 x 52

11011 = 7 x 112 x 13

 If P is the set of all prime numbers, then any positive integer a can be written uniquely in the
following form:

 The right-hand side is the product over all possible prime numbers p; for any particular value of
a, most of the exponents ap will be 0.

Relative Prime Numbers

 Two numbers a,b are relatively prime (coprime) if they have no common divisors apart from 1.

– eg. 8 and 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only
common factor.

 Two integers are relatively prime if their only common positive integer factor is 1.

Example:

21 and 22 are relatively prime:

• The factors of 21 are 1, 3, 7 and 21
• The factors of 22 are 1, 2, 11 and 22
(the only common factor is 1)

But 21 and 24 are NOT relatively prime:

• The factors of 21 are 1, 3, 7 and 21
• The factors of 24 are 1, 2, 3, 4, 6, 8, 12 and 24
(the common factors are 1 AND 3)
Fermat’s Theorem

 Fermat’s theorem states the following: If ‘p’ is prime and ‘a’ is a positive integer not divisible by
p, then

 ap-1 ≡ 1 mod p

Proof

 Consider the set of positive integers less than p: {1, 2, …. , p - 1} and multiply each element by a,
modulo p, to get the set X = {a modp, 2a modp, ….. , (p - 1)a modp}.

 None of the elements of X is equal to zero because p does not divide a.

 Furthermore, no two of the integers in X are equal.

 To see this, assume that ja ≡ ka (modp)), where 1<= j < k<=p - 1.

 Because a is relatively prime to p, we can eliminate a from both sides of the equation resulting
in j ≡ k(modp).

 This last equality is impossible, because j and k are both positive integers less than p.

 Therefore, we know that the (p - 1) elements of X are all positive integers with no two elements
equal.

 We can conclude the X consists of the set of integers {1, 2, c , p - 1} in some order.

 Multiplying the numbers in both sets (p and X) and taking the result mod p yields.

 a * 2a * c* (p - 1)a ≡ [(1 * 2 * c* (p - 1)](modp)

 a^p-1 *(p - 1)! ≡ (p - 1)!(modp)

 We can cancel the (p - 1)! term because it is relatively prime to p.

 This yields Equation ap-1 ≡ 1 mod p, which completes the proof.

 An alternative form of Fermat’s theorem is also useful: If p is prime and a is a positive integer,
then a^p ≡ a(modp)

 Note that the first form of the theorem ap-1 ≡ 1 mod p requires that a be relatively prime to p,
but this form does not.

Fermat’s and Alternate Fermat’s Theorem Examples

 a = 7, p = 19

 7^2 = 49 ≡ 11 (mod19)
  7^4 ≡ 121 ≡ 7 (mod19)

 7^8 ≡ 49 ≡ 11 (mod19)

 7^16 ≡ 121 ≡ 7 (mod19)

 a^p-1 = 7^18 = 7^16 * 7^2 ≡ 7 * 11 ≡ 1 (mod19)

 p = 5, a = 3 ap = 35 = 243 ≡ 3(mod5) = a(modp)

 p = 5, a = 10 ap = 105 = 100000 ≡ 10(mod5) ≡ 0(mod5) = a(modp)

Euler’s Totient Function

 Euler’s totient function, written f(n), is defined as the number of positive integers less than n
and relatively prime to n.

 By convention, f(1) = 1.

 It should be clear that, for a prime number p, f(p) = p – 1.

 Now suppose that we have two prime numbers p and q with p ≠ q. Then we can show that, for
n = pq,

 ɸ (n) = ɸ (pq) = ɸ (p) * ɸ(q) = (p - 1) * (q - 1)\

 To see that ɸ (n) = ɸ(p) * ɸ (q), consider that the set of positive integers less that n is the set
{1, c, (pq - 1)}.

 The integers in this set that are not relatively prime to n are the set {p, 2p, c, (q - 1)p} and the set
{q, 2q, c, (p - 1)q}.
  Accordingly, ɸ(n) = (pq - 1) - [(q - 1) + (p - 1)] = pq - (p + q) + 1 = (p - 1) * (q - 1) = ɸ (p) * ɸ (q)

 ɸ (21) = ɸ (3) * ɸ (7) = (3 - 1) * (7 - 1) = 2 * 6 = 12 where the 12 integers are {1, 2, 4, 5, 8, 10,

11, 13, 16, 17, 19, 20}.

Euler’s Theorem

 Euler’s theorem states that for every a and n that are relatively prime:

 aø(n) ≡1(mod n)

Proof

 Euler’s equation is true if n is prime, because in that case, ø(n) = (n - 1) and Fermat’s theorem
holds.

 However, it also holds for any integer n. Recall that f(n) is the number of positive integers less
than n that are relatively prime to n.

 Consider the set of such integers, labeled as R = {x1, x2, c, x ø(n)}

 That is, each element xi of R is a unique positive integer less than n with gcd(xi , n) = 1.

 Now multiply each element by a, modulo n: S = {(ax1 mod n), (ax2 mod n), c, (ax ø(n) mod n)

 The set S is a permutation of R, by the following line of reasoning:

1. Because a is relatively prime to n and xi is relatively prime to n, axi must also be relatively prime
to n. Thus, all the members of S are integers that are less than n and that are relatively prime to
n.

2. There are no duplicates in S. If axi mod n = axj mod n, then xi = xj .

Euler’s Theorem Example

 a = 3; n = 10; f(10) = 4 af(n) = 3^4 = 81 = 1 (mod 10) = 1 (mod n)

 a = 2; n = 11; f(11) = 10 af(n) = 2^10 = 1024 = 1 (mod 11) = 1 (mod n)

 As is the case for Fermat’s theorem, an alternative form of the theorem is also useful:

 aø(n)+1 ≡a(mod n)

 Again, similar to the case with Fermat’s theorem, the first form of Euler’s theorem requires that
a be relatively prime to n, but this form does not.
Chinese Remainder Theorem

 The chinese remainder theorem (CRT) is used to solve a set of congruent equations with one
variable but different moduli, which are relatively prime as shown below:

 The chinese Remainder Theorem states that the above equations have a unique solution if the
moduli are relatively prime.

Steps to derive common solution

 The solution to the set of equations follow these steps:

1. Find M=m1*m2*m3*…….*mk where M is the common modulus.

2. Find M1=M/m1,M2=M/m2,……,Mk=M/mk.

3. Find the multiplicative inverse of M1,M2,M3,….,Mk using the corresponding moduli

(m1,m2,m3,…,mk). Call the inverse as M1^-1,M2^-1,….,Mk^-1.

4. The solution to the simultaneous equations is

X=(a1*M1*M1^-1+a2*M2*M2^-1+…….+ak*Mk*Mk^-1)modM

Chinese Remainder Theorem Example

Derive common solution for above equations using Chinese Remainder Theorem
 M=3*5*7=105

 M1=105/3=35, M2=105/5=21, M3=105/7=15

 The inverses are M1^-1=2, M2^-1=1, M3^-1=1

 X=(2*35*2+3*21*1+2*15*1)mod105

 X=23mod105