Chapter 1

Introduction to Cryptography and Data

Security

1.1 Literature Recommendations

Course Textbook:

Introduction to Cryptography with Coding Theory. Wade Trappe and Lawrence C. Wash-

ington. Prentice Hall, 2nd edition.

Reference Books:

1. Applied Cryptography: Protocols, Algorithms and Secure Code in C. Bruce Schneier.

John Wiley & Sons, 2nd Edition.

2. Cryptography: Theory and Practice. Doug Stinson. Chapman & Hall/CRC, 3rd

Edition.
 2

1.2 Overview

Brief History of Cryptography

• Private-Key Cryptography:

All encryption and decryption schemes dating from BC to 1976.

• Public-Key Cryptography:

In 1976 the first public-key cryptographic scheme was introduced by Diffie-Hellman key ex-

change protocol.

• Hybrid Approach:

In current cryptographic protocols, very often hybrid schemes are are applied which use both

private and public key algorithms.

Figure 1.1: Overview of Cryptology

 3

1.3 Private-Key Cryptosystems

Sometimes these schemes are also referred to as symmetric, single-key and secret-key approaches.

Problem Statement:

Alice and Bob want to communicate over an unsecure channel, e.g. computer network or satellite

link. They want to prevent Oscar, the bad guy, from listening.

Solution:

Use of private-key cryptosystems, which have been around since BC, such that if Oscar reads the

encrypted version y of the message x over an unsecure channel, he will not be able to understand

its content.

Figure 1.2: Private-Key Cryptosystem

 4

Some Important Definitions:

1. • x is called the “plaintext”

• P = {x1 , x2 , . . . , xp } is the finite “plaintext space”

2. • y is called the “ciphertext”

• C = {y1 , y2 , . . . , yc } is the finite “ciphertext space”

3. • k is called the “key”

• K = {k1 , k2 , . . . , kl } is the finite “key space”

4. • There are l encryption functions eki : P → C or (eki (x) = y)

• There are l decryption functions dki : C → P or (dki (y) = x)

• eki and dki are inverse functions : dki (y) = dki (eki (x)) = x for all ki ∈ K

Example: Data Encryption Standard (DES)

1. P = C = {0, 1, 2, . . . , 264 − 1} (each xi has 64 bits: xi = 010 . . . 0110)

2. K = {0, 1, 2, . . . , 256 − 1} (each ki has 56 bits)

3. encryption (ek ) and decryption (dk ) will be described in Chapter 4

 5

1.4 Cryptanalysis

Definition: The science of recovering the plaintext x from the ciphertext y without the knowledge

of the key (Oscar’s job).

Kerckhoff ’s Principles (also known as the rules of cryptanalysis):

1. Oscar knows the cryptosystem, i.e. the encryption and decryption algorithms. Hence, the

security of the cryptosystem does not depend on the obscurity of the algorithm.

2. Oscar does not know the key and the security of the cryptosystem depends on the secrecy of

the key.

1.4.1 Attacks against Cryptoalgorithms

1. Ciphertext-Only Attack

Oscar’s knowledge: some y1 = ek (x1 ), y2 = ek (x2 ), . . .

Oscar’s goal: obtain x1 , x2 , . . . or the key k

2. Known Plaintext Attack

Oscar’s knowledge: some pairs (x1 , y1 = ek (x1 )), (x2 , y2 = ek (x2 )) . . .

Oscar’s goal: obtain the key k

3. Chosen Plaintext Attack

Oscar’s knowledge: some pairs (x1 , y1 = ek (x1 )), (x2 , y2 = ek (x2 )) . . . of which he can choose

x1 , x 2 , . . .

Oscar’s goal: obtain the key k

4. Chosen Ciphertext Attack

Oscar’s knowledge: some pairs (x1 , y1 = ek (x1 )), (x2 , y2 = ek (x2 )) . . . of which he can choose

y1 , y 2 , . . .

Oscar’s goal: obtain the key k

 6

1.5 Some Number Theory

Modulo Operation:

Question: What is 12 mod 9?

Answer: 12 mod 9 = 3 or 12 ≡ 3 (mod 9)

Definition: Let a, r, m ∈ Z where Z is the set of all integers, 0 ≤ r < m and m > 0. If m divides

a − r, we write

r = a mod m

or

r ≡ a (mod m)

where m is called the modulus and r is called the remainder.

 7

Remarks on the Modulo Operation:

• How is the remainder computed?

It is always possible to write a ∈ Z, such that a = q · m + r where 0 ≤ r < m. Hence, since

a − r = q · m, a ≡ r (mod m).

Example:

For a = 42 and m = 9

42 = 4 · 9 + 6, and therefore 42 ≡ 6 (mod 9).

• Maple command: “mod”

r := 42 mod 9 returns r = 6.

• C programming command: “%” (C can return a negative value)

r = 42 % 9 returns r = 6,

but r = −42 % 9 returns r = −6.

Note that −6 ≡ −6 + 9 ≡ 3 (mod 9).

 8

Definition: The “ring Zm ” is a mathematical structure which consists of:

1. The set Zm = {0, 1, 2, . . . , m − 1}

2. Two operations “+” and “×” for all a, b ∈ Zm such that:

• a + b ≡ c (mod m) where c ∈ Zm

• a × b ≡ d (mod m) where d ∈ Zm

Example: m = 9

Z9 = {0, 1, 2, 3, 4, 5, 6, 7, 8}

6 + 8 = 14 ≡ 5 (mod 9)

6 × 8 = 48 ≡ 3 (mod 9)

Properties: Some important properties of the ring Zm = {0, 1, 2, . . . , m − 1}

1. The additive identity is the element zero “0”, i.e. a + 0 ≡ a (mod m) for any a ∈ Zm .

2. The additive inverse “−a” of “a” is such that a + (−a) ≡ 0 (mod m) for any a ∈ Zm .

3. Addition is closed, i.e. for any a, b ∈ Zm , a + b ∈ Zm .

4. Addition is commutative, i.e. for any a, b ∈ Zm , a + b = b + a.

5. Addition is associative, i.e. for any a, b, c ∈ Zm , (a + b) + c = a + (b + c).

6. The multiplicative identity is the element one “1”, i.e. a × 1 ≡ a (mod m) for any a ∈ Zm .

7. The multiplicative inverse “a−1 ” of “a” is such that a × a−1 ≡ 1 (mod m), and an element

a has multiplicative inverse a−1 if and only if gcd(a, m) = 1.

8. Multiplication is closed, i.e. for any a, b ∈ Zm , a × b ∈ Zm .

9. Multiplication is commutative, i.e. for any a, b ∈ Zm , a × b = b × a.

10. Multiplication is associative, i.e. for any a, b, c ∈ Zm , (a × b) × c = a × (b × c).

 9

Remarks on the Ring Zm :

• Roughly speaking, a ring is a mathematical structure in which we can add, subtract, multiply

and sometimes divide.

• Definition: If gcd(a, m) = 1, then a and m are “relatively prime” and the multiplicative

inverse a−1 of a exists in Zm .

Examples:

1. Question: Does multiplicative inverse of 15 exist in Z26 ?

Answer: Yes − gcd(15, 26) = 1

2. Question: Does multiplicative inverse of 14 exist in Z26 ?

Answer: No − gcd(14, 26) 6= 1

• The modulo operation can be applied whenever we want:

(a + b) mod m = [(a mod m) + (b mod m)] mod m.

(a × b) mod m = [(a mod m) × (b mod m)] mod m.

Example: 38 mod 7 =?

1. 38 mod 7 = ((34 mod 7) · (34 mod 7)) mod 7 = 4 · 4 mod 7 = 2 .

2. 38 mod 7 = 6561 mod 7 = 2 .

As we see, it is almost always computationally more advantageous to apply a modulo

reduction as soon as we can.

3. The ring Zm , and thus the integer arithmetic with the modulo operation, is of central

importance to modern public-key cryptography. In the RSA public-key cryptosystem the

integers are represented in a ring Zm where m is typically at least 1024 bits in length.
 10

1.6 Simple Blockciphers

Remember:

Figure 1.3: Classification of Private-Key Cryptosystems

Idea: In block ciphers, the message string is divided into blocks (or cells) of equal length and each

block is encrypted/decrypted separately.

Input: The message string is X = x1 , x2 , x3 , . . . , xn , where xi is one block.

Cipher: The ciphertext is produced as Y = y1 , y2 , y3 , . . . , yn , where yi = ek (xi ) and k is fixed for

all blocks.
 11

1.6.1 Shift Cipher

Shift ciphers are one of the simplest ciphers. In shift ciphers, the letters of the alphabet are assigned

numbers as depicted in Table 1.1.

A B C D E F G H I J K L M

0 1 2 3 4 5 6 7 8 9 10 11 12

N O P Q R S T U V W X Y Z

13 14 15 16 17 18 19 20 21 22 23 24 25

Table 1.1: Shift Cipher Table.

Definition: Shift Cipher

Let P = C = K = Z26 , x ∈ P, y ∈ C, k ∈ K .

Encryption: ek (x) = x + k mod 26.

Decryption: dk (y) = y − k mod 26.

Remark:

If k = 3, the shift cipher is given the special name “Caesar Cipher ”.

Example:

k = 17,

plaintext:

X = x1 , x 2 , . . . , x 6 = A T T A C K .

X = x1 , x2 , . . . , x6 = 0, 19, 19, 0, 2, 10.

encryption:

y1 = x1 + k mod 26 = 0 + 17 mod 26 = 17 = R.

y2 = y3 = 19 + 17 mod 26 = 10 = K.
 12

y4 = 17 = R.

y5 = 2 + 17 mod 26 = 19 = T .

y6 = 10 + 17 mod 26 = 1 = B.

ciphertext: Y = y1 , y2 , . . . , y6 = R K K R T B .

Attacks on the Shift Cipher:

1. Ciphertext-Only: Try all possible keys (|K| = 26). This is known as “brute force attack ” or

“exhaustive search”. Note that secure cryptosystems require a sufficiently large key space.

The minimum requirement today is |K| > 280 , however for long-term security |K| ≥ 2100 is

recommended.

2. In shift ciphers, the same plaintext maps into the same ciphertext, and therefore it can easily

be attacked using letter-frequency analysis.

1.6.2 Affine Cipher

This is an extension of the shift cipher (yi = xi + k mod m).

Definition: Affine Cipher

Let P = C = Z26 .

• encryption: ek (x) = a · x + b mod 26 .

• key: k = (a, b) where a, b ∈ Z26 .

˙ − b) mod 26 .
• decryption: x = a−1 (y

• restriction: gcd(a, 26) = 1 in order for the affine cipher to work since a−1 does not

always exist.

Question: How is a−1 obtained?

Answer: a−1 = a11 mod 26 (the proof for this will be covered in Chapter 6) or by trial-and-error

for the time being.