EEE-5305: Network and Information

Security

Introduction to Security

Dr. Mosabber Uddin Ahmed

 Syllabus
• Requirements for network security: examples of types of network attack;
passive and active; communication channel and network management,
traffic related protection by encryption and authentication, Digital
signatures, Management controls, Importance of trusted parties in system
management, Overhead, cost and other management aspects.
• Algorithms and standards: private key systems and DES, Public key
systems and RSA. Analysis of strength of protection, Weak keys, Attack by
exhaustive search, Calculation of required key length, Types of analytic
attack, Relationship with information and coding theory.
• Key management: Diffie-Hellman key exchange, RSA key management,
Public key certificates, Overall system management and management
controls.
• Systems for network security: VPN security, Wireless (including wireless
LANs) security, LAN security, Internet security and the IPSec protocol.
 Texts
• Cryptography and Network Security Principles
and Practice, William Stallings, Prentice Hall,
Fifth edition
• Cryptography and Network Security, Behrouz
A. Forouzan and Debdeep Mukhopadhyay,
McGraw Hill, Second Edition
 References

• Network Security: Private communication in a

public world, Kaufman, C, Perlman, R and
Speciner, M., Prentice Hall, 2002.

• Applied Cryptography, Schneier, B., John

Wiley, 1996
Concepts
These three concepts form what is often referred
to as the CIA triad (Figure 1.1).

• Confidentiality (covers both data

confidentiality and privacy): preserving
authorized restrictions on information access
and disclosure, including means for protecting
personal privacy and proprietary information.
A loss of confidentiality is the unauthorized
disclosure of information.
• Integrity (covers both data and system
integrity): Guarding against improper
information modification or destruction, and
includes ensuring information non-repudiation
and authenticity. A loss of integrity is the
unauthorized modification or destruction of
information.

• Availability: Ensuring timely and reliable access

to and use of information. A loss of availability
is the disruption of access to or use of
information or an information system.
 Although the use of the CIA triad to define
security objectives is well established, some in
the security field feel that additional concepts
are needed to present a complete picture. Two
of the most commonly mentioned are:
• Authenticity: The property of being genuine
and being able to be verified and trusted;
confidence in the validity of a transmission, a
message, or message originator.
• Accountability: The security goal that generates
the requirement for actions of an entity to be
traced uniquely to that entity.
 Low Impact
• The loss could be expected to have a limited adverse effect on
organizational operations, organizational assets, or
individuals.
• A limited adverse effect means that, for example, the loss of
confidentiality, integrity, or availability might
– (i) cause a degradation in mission capability to an extent
and duration that the organization is able to perform its
primary functions, but the effectiveness of the functions is
noticeably reduced;
– (ii) result in minor damage to organizational assets;
– (iii) result in minor financial loss; or
– (iv) result in minor harm to individuals.
 Moderate Impact
• The loss could be expected to have a serious adverse effect on
organizational operations, organizational assets, or
individuals.
• A serious adverse effect means that, for example, the loss
might
– (i) cause a significant degradation in mission capability to
an extent and duration that the organization is able to
perform its primary functions, but the effectiveness of the
functions is significantly reduced;
– (ii) result in significant damage to organizational assets;
– (iii) result in significant financial loss; or
– (iv) result in significant harm to individuals that does not
involve loss of life or serious, life-threatening injuries.
 High Impact
• The loss could be expected to have a severe or catastrophic
adverse effect on organizational operations, organizational
assets, or individuals.
• A severe or catastrophic adverse effect means that, for
example, the loss might
– (i) cause a severe degradation in or loss of mission
capability to an extent and duration that the organization
is not able to perform one or more of its primary
functions;
– (ii) result in major damage to organizational assets;
– (iii) result in major financial loss; or
– (iv) result in severe or catastrophic harm to individuals
involving loss of life or serious life threatening injuries.
Examples of Security Requirements
• confidentiality – student grades
• integrity – patient information
• availability – authentication service
• authenticity – admission ticket
• non-repudiation – stock sell order
 Computer Security Challenges
1. not simple – easy to get it wrong
2. must consider potential attacks
3. procedures used counter-intuitive
4. involve algorithms and secret info
5. must decide where to deploy mechanisms
6. battle of wits between attacker / admin
7. not perceived on benefit until fails
8. requires regular monitoring
a process, not an event
9. too often an after-thought
10. regarded as impediment to using system
Security Attacks
 Handling Attacks
– Passive attacks – focus on Prevention
• Easy to stop
• Hard to detect
– Active attacks – focus on Detection and Recovery
• Hard to stop
• Easy to detect
 Security Service
– enhance security of data processing systems and
information transfers of an organization
– intended to counter security attacks
– using one or more security mechanisms
– often replicates functions normally associated
with physical documents
• which, for example, have signatures, dates; need
protection from disclosure, tampering, or destruction;
be notarized or witnessed; be recorded or licensed
Security Services
Model for Network Security
 Model for Network Security
• using this model requires us to:
1. design a suitable algorithm for the security
transformation
2. generate the secret information (keys) used by
the algorithm
3. develop methods to distribute and share the
secret information
4. specify a protocol enabling the principals to use
the transformation and secret information for a
security service
Model for Network Access Security
 Model for Network Access Security
 using this model requires us to:
1. select appropriate gatekeeper functions to
identify users
2. implement security controls to ensure
only authorised users access designated
information or resources
 note that model does not include:
1. monitoring of system for successful
penetration
2. monitoring of authorized users for misuse
3. audit logging for forensic uses, etc.
EEE-5305: Network and Information
Security

Classical Encryption Techniques

Dr. Mosabber Uddin Ahmed

 Some Basic Terminology
• plaintext - original message
• ciphertext - coded message
• cipher - algorithm for transforming plaintext to ciphertext
• key - info used in cipher known only to sender/receiver
• encipher (encrypt) - converting plaintext to ciphertext
• decipher (decrypt) - recovering ciphertext from plaintext
• cryptography - study of encryption principles/methods
• cryptanalysis (codebreaking) - study of principles/ methods
of deciphering ciphertext without knowing key
• cryptology - field of both cryptography and cryptanalysis
 Cryptography
• can characterize cryptographic system by:
– type of encryption operations used
• Substitution: replace one element in plaintext with another
• Transposition: re-arrange elements
• Product systems: multiple stages of substitutions and
transpositions
– number of keys used
• single-key or private or symmetric
• two-key or public or asymmetric
– way in which plaintext is processed
• Block cipher: process one block of elements at a time
• Stream cipher: process input elements continuously
 Symmetric Encryption
• or conventional / private-key / single-key
• sender and recipient share a common key
• all classical encryption algorithms are private-
key
• was only type prior to invention of public-key
in 1970’s
• and by far most widely used
Symmetric Cipher Model
 Requirements and Assumptions
• two requirements for secure use of symmetric
encryption:
– a strong encryption algorithm
– a secret key known only to sender / receiver
• mathematically have:
Y = E(K, X)
X = D(K, Y)
Assumptions:
• assume encryption algorithm is known
• implies a secure channel to distribute key
If either succeed all key use compromised
 Classical Substitution Ciphers
• where letters of plaintext are replaced by
other letters or by numbers or symbols
• or if plaintext is viewed as a sequence of bits,
then substitution involves replacing plaintext
bit patterns with ciphertext bit patterns
 Monoalphabetic Cipher Security
• now have a total of 26! = 4 x 1026 keys
• with so many keys, might think is secure
• but would be !!!WRONG!!!
• problem is language characteristics
 Language Redundancy and Cryptanalysis

 human languages are redundant

 letters are not equally commonly used
 in English E is by far the most common letter
 followed by T,R,N,I,O,A,S
 other letters like Z,J,K,Q,X are fairly rare
 have tables of single, double & triple letter
frequencies for various languages
English Letter Frequencies
 Use in Cryptanalysis
• key concept - monoalphabetic substitution ciphers
do not change relative letter frequencies
• discovered by Arabian scientists in 9th century
• calculate letter frequencies for ciphertext
• compare counts/plots against known values
• if caesar cipher look for common peaks/troughs
– peaks at: A-E-I triple, NO pair, RST triple
– troughs at: JK, X-Z
• for monoalphabetic must identify each letter
– tables of common double/triple letters help
 Example Cryptanalysis
• given ciphertext:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
• count relative letter frequencies (see text)
• guess P & Z are e and t
• guess ZW is th and hence ZWP is the
• proceeding with trial and error finally get:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
 Playfair Cipher
not even the large number of keys in a
monoalphabetic cipher provides security
one approach to improving security was to
encrypt multiple letters
the Playfair Cipher is an example
invented by Charles Wheatstone in 1854, but
named after his friend Baron Playfair
 Playfair Key Matrix
 a 5X5 matrix of letters based on a keyword
 fill in letters of keyword (sans duplicates)
 fill rest of matrix with other letters
 Special: Treat I and J as same letter
 eg. using the keyword MONARCHY
M O N A R
C H Y B D
E F G I/J K
L P Q S T
U V W X Z
 Encrypting and Decrypting
1. Operate on pair of letters (digram) at a time
2. Special: if digram with same letters, separate
by special letter (e.g. x)
3. Plaintext in same row: replace with letters to
right
4. Plaintext in same column: replace with letters
below
5. Else, replace by letter in same row as it and
same column as other plaintext letter
 Security of Playfair Cipher
 security much improved over monoalphabetic
 since have 26 x 26 = 676 digrams
 would need a 676 entry frequency table to analyse
(verses 26 for a monoalphabetic)
 and correspondingly more ciphertext
 was widely used for many years
 eg. by US & British military in WW1
 it can be broken, given a few hundred letters
 since still has much of plaintext structure
 Polyalphabetic Ciphers
 polyalphabetic substitution ciphers
 improve security using multiple cipher alphabets
 make cryptanalysis harder with more alphabets to guess
and flatter frequency distribution
 use a key to select which alphabet is used for each letter of
the message
 use each alphabet in turn
 repeat from start after end of key is reached
 Examples:
• Vigenere cipher
• Vernam cipher (see textbook)
• One time pad
 Vigenère Cipher
• simplest polyalphabetic substitution cipher
• effectively multiple caesar ciphers
• key is multiple letters long K = k1 k2 ... kd
• ith letter specifies ith alphabet to use
• use each alphabet in turn
• repeat from start after d letters in message
• decryption simply works in reverse
 Example of Vigenère Cipher
 write the plaintext out
 write the keyword repeated above it
 use each key letter as a caesar cipher key
 encrypt the corresponding plaintext letter
 eg using keyword deceptive
key: deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGLMGJ
 Security of Vigenère Ciphers
• have multiple ciphertext letters for each
plaintext letter
• hence letter frequencies are obscured
• but not totally lost
• start with letter frequencies
– see if look monoalphabetic or not
• if not, then need to determine number of
alphabets, since then can attach each
 Autokey Cipher
• ideally want a key as long as the message
• Vigenère proposed the autokey cipher
• with keyword is prefixed to message as key
• knowing keyword can recover the first few letters
• use these in turn on the rest of the message
• but still have frequency characteristics to attack
• eg. given key deceptive
key: deceptivewearediscoveredsav
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA
 Vernam Cipher
ultimate defense is to use a key as long as the
plaintext
with no statistical relationship to it
invented by AT&T engineer Gilbert Vernam in
1918
originally proposed using a very long but
eventually repeating key
 One-Time Pad
• if a truly random key as long as the message is used,
the cipher will be secure
• called a One-Time pad
• is unbreakable since ciphertext bears no statistical
relationship to the plaintext
• since for any plaintext & any ciphertext there exists
a key mapping one to other
• can only use the key once though
• problems in generation & safe distribution of key
 Transposition Ciphers
now consider classical transposition or
permutation ciphers
these hide the message by rearranging the
letter order
without altering the actual letters used
can recognise these since have the same
frequency distribution as the original text
 Rail Fence cipher
• write message letters out diagonally over a number
of rows
• then read off cipher row by row
• eg. write message out as:
m e m a t r h t g p r y
e t e f e t e o a a t
• giving ciphertext
MEMATRHTGPRYETEFETEOAAT
 Row Transposition Ciphers
is a more complex transposition
write letters of message out in rows over a
specified number of columns
then reorder the columns according to some
key before reading off the rows
Key: 4312567
Column Out 4 3 1 2 5 6 7
Plaintext: a t t a c k p
o stpone
d unti l t
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
 Product Ciphers
• ciphers using substitutions or transpositions are not
secure because of language characteristics
• hence consider using several ciphers in succession to
make harder, but:
– two substitutions make a more complex substitution
– two transpositions make more complex transposition
– but a substitution followed by a transposition makes a new
much harder cipher
• this is bridge from classical to modern ciphers
 Rotor Machines
• before modern ciphers, rotor machines were most
common complex ciphers in use
• widely used in WW2
– German Enigma, Allied Hagelin, Japanese Purple
• implemented a very complex, varying substitution
cipher
• used a series of cylinders, each giving one
substitution, which rotated and changed after each
letter was encrypted
• with 3 cylinders have 263=17576 alphabets
Hagelin Rotor Machine
Rotor Machine Principles
 Summary
• have considered:
– classical cipher techniques and terminology
– monoalphabetic substitution ciphers
– cryptanalysis using letter frequencies
– Playfair cipher
– polyalphabetic ciphers
– transposition ciphers
– product ciphers and rotor machines
– stenography
EEE-5305: Network and Information
Security

Block Ciphers and DES

Dr. Mosabber Uddin Ahmed

EEE-5305: Network and Information
Security

Block Cipher Operation

Dr. Mosabber Uddin Ahmed

 Origins
 clear a replacement for DES was needed
 have theoretical attacks that can break it
 have demonstrated exhaustive key search attacks
 can use Triple-DES – but slow, has small blocks
 US NIST issued call for ciphers in 1997
 15 candidates accepted in Jun 98
 5 were shortlisted in Aug-99
 Rijndael was selected as the AES in Oct-2000
 issued as FIPS PUB 197 standard in Nov-2001
 The AES Cipher - Rijndael
 designed by Rijmen-Daemen in Belgium
 has 128/192/256 bit keys, 128 bit data
 an iterative rather than feistel cipher
 processes data as block of 4 columns of 4 bytes
 operates on entire data block in every round
 designed to be:
 resistant against known attacks
 speed and code compactness on many CPUs
 design simplicity
 AES
Encryption
Process
 AES Structure
 data block of 4 columns of 4 bytes is state
 key is expanded to array of words
 has 9/11/13 rounds in which state undergoes:
 byte substitution (1 S-box used on every byte)
 shift rows (permute bytes between groups/columns)
 mix columns (subs using matrix multiply of groups)
 add round key (XOR state with key material)
 view as alternating XOR key & scramble data bytes
 initial XOR key material & incomplete last round
 with fast XOR & table lookup implementation
AES Structure
 Some Comments on AES
1. an iterative rather than feistel cipher
2. key expanded into array of 32-bit words
1. four words form round key in each round
3. 4 different stages are used as shown
4. has a simple structure
5. only AddRoundKey uses key
6. AddRoundKey a form of Vernam cipher
7. each stage is easily reversible
8. decryption uses keys in reverse order
9. decryption does recover plaintext
10. final round has only 3 stages
 Substitute Bytes
 a simple substitution of each byte
 uses one table of 16x16 bytes containing a
permutation of all 256 8-bit values
 each byte of state is replaced by byte indexed by
row (left 4-bits) & column (right 4-bits)
 eg. byte {95} is replaced by byte in row 9 column 5
 which has value {2A}
 S-box constructed using defined transformation
of values in GF(28)
 designed to be resistant to all known attacks
Substitute Bytes
Substitute Bytes Example
 Shift Rows
 a circular byte shift in each row
 1st row is unchanged
 2nd row does 1 byte circular shift to left
 3rd row does 2 byte circular shift to left
 4th row does 3 byte circular shift to left
 decrypt inverts using shifts to right
 since state is processed by columns, this step
permutes bytes between the columns
Shift Rows
 Mix Columns
 each column is processed separately
 each byte is replaced by a value
dependent on all 4 bytes in the column
 effectively a matrix multiplication in GF(28)
using prime poly m(x) =x8+x4+x3+x+1
Mix Columns
Mix Columns Example
 AES Arithmetic
 uses arithmetic in the finite field GF(28)
 with irreducible polynomial
m(x) = x8 + x4 + x3 + x + 1
which is (100011011) or {11b}
 e.g.
{02} • {87} mod {11b} = (1 0000 1110) mod {11b}
= (1 0000 1110) xor (1 0001 1011) = (0001 0101)
 Mix Columns
 can express each col as 4 equations
 to derive each new byte in col
 decryption requires use of inverse matrix
 with larger coefficients, hence a little harder
 have an alternate characterisation
 each column a 4-term polynomial
 with coefficients in GF(28)
 and polynomials multiplied modulo (x4+1)
 coefficients based on linear code with
maximal distance between codewords
 Add Round Key
 XOR state with 128-bits of the round key
 again processed by column (though
effectively a series of byte operations)
 inverse for decryption identical
 since XOR own inverse, with reversed keys
 designed to be as simple as possible
 a form of Vernam cipher on expanded key
 requires other stages for complexity / security
Add Round Key
AES Round
 AES Key Expansion
 takes 128-bit (16-byte) key and expands
into array of 44/52/60 32-bit words
 start by copying key into first 4 words
 then loop creating words that depend on
values in previous & 4 places back
 in 3 of 4 cases just XOR these together
 1st word in 4 has rotate + S-box + XOR round
constant on previous, before XOR 4th back
AES Key Expansion
 Key Expansion Rationale
 designed to resist known attacks
 design criteria included
 knowing part key insufficient to find many more
 invertible transformation
 fast on wide range of CPU’s
 use round constants to break symmetry
 diffuse key bits into round keys
 enough non-linearity to hinder analysis
 simplicity of description
 AES
Example
Key
Expansion
 AES
Example
Encryption
 AES
Example
Avalanche
 AES Decryption
 AES decryption is not identical to
encryption since steps done in reverse
 but can define an equivalent inverse
cipher with steps as for encryption
 but using inverses of each step
 with a different key schedule
 works since result is unchanged when
 swap byte substitution & shift rows
 swap mix columns & add (tweaked) round key
AES Decryption
 Implementation Aspects
 can efficiently implement on 8-bit CPU
 byte substitution works on bytes using a table
of 256 entries
 shift rows is simple byte shift
 add round key works on byte XOR’s
 mix columns requires matrix multiply in GF(28)
which works on byte values, can be simplified
to use table lookups & byte XOR’s
 Implementation Aspects
 can efficiently implement on 32-bit CPU
 redefine steps to use 32-bit words
 can precompute 4 tables of 256-words
 then each column in each round can be
computed using 4 table lookups + 4 XORs
 at a cost of 4Kb to store tables
 designers believe this very efficient
implementation was a key factor in its
selection as the AES cipher
 Summary
 have considered:
 the AES selection process
 the details of Rijndael – the AES cipher
 looked at the steps in each round
 the key expansion
 implementation aspects
EEE-5305: Network and Information
Security

Pseudo-Random Numbers and Stream

Ciphers
EEE-5305: Network and Information
Security

Number Theory
 Basic Concepts in Number
Theory and Finite Fields
 will now introduce finite fields
 of increasing importance in cryptography
 AES, Elliptic Curve, IDEA, Public Key
 concern operations on “numbers”
 where what constitutes a “number” and the
type of operations varies considerably
 start with basic number theory concepts
 Divisors
 say a non-zero number b divides a if for
some m have a=mb (a,b,m all integers)
 that is b divides into a with no remainder
 denote this b|a
 and say that b is a divisor of a
 eg. all of 1,2,3,4,6,8,12,24 divide 24
 eg. 13 | 182; –5 | 30; 17 | 289; –3 | 33; 17 | 0
 Properties of Divisibility
 If a|1, then a = ±1.
 If a|b and b|a, then a = ±b.
 Any b /= 0 divides 0.
 If a | b and b | c, then a | c
 e.g. 11 | 66 and 66 | 198 so 11 | 198
 If b|g and b|h, then b|(mg + nh)
for arbitrary integers m and n
e.g. b = 7; g = 14; h = 63; m = 3; n = 2
7|14 and 7|63 hence 7 | 42+126 = 168
 Division Algorithm
 ifdivide a by n get integer quotient q and
integer remainder r such that:
 a = qn + r where 0 <= r < n; q = floor(a/n)
 remainder r often referred to as a residue
Greatest Common Divisor (GCD)

a common problem in number theory

 GCD (a,b) of a and b is the largest integer
that divides evenly into both a and b
 eg GCD(60,24) = 12
 define gcd(0, 0) = 0
 often want no common factors (except 1)
define such numbers as relatively prime
 eg GCD(8,15) = 1
 hence 8 & 15 are relatively prime
 Example GCD(1970,1066)
1970 = 1 x 1066 + 904 gcd(1066, 904)
1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 = 1 x 4 + 2 gcd(4, 2)
4 = 2 x 2 + 0 gcd(2, 0)
 GCD(1160718174, 316258250)
Dividend Divisor Quotient Remainder
a = 1160718174 b = 316258250 q1 = 3 r1 = 211943424
b = 316258250 r1 = 211943424 q2 = 1 r2 = 104314826
r1 = 211943424 r2 = 104314826 q3 = 2 r3 = 3313772
r2 = 104314826 r3 = 3313772 q4 = 31 r4 = 1587894
r3 = 3313772 r4 = 1587894 q5 = 2 r5 = 137984
r4 = 1587894 r5 = 137984 q6 = 11 r6 = 70070
r5 = 137984 r6 = 70070 q7 = 1 r7 = 67914
r6 = 70070 r7 = 67914 q8 = 1 r8 = 2156
r7 = 67914 r8 = 2156 q9 = 31 r9 = 1078
r8 = 2156 r9 = 1078 q10 = 2 r10 = 0
 Modular Arithmetic
 define modulo operator “a mod n” to be
remainder when a is divided by n
 where integer n is called the modulus
 b is called a residue of a mod n
 since with integers can always write: a = qn + b
 usually chose smallest positive remainder as residue
• ie. 0 <= b <= n-1
 process is known as modulo reduction
• eg. -12 mod 7 = -5 mod 7 = 2 mod 7 = 9 mod 7
 a & b are congruent if: a mod n = b mod n
 when divided by n, a & b have same remainder
 eg. 100 mod 11 = 34 mod 11
so 100 is congruent to 34 mod 11
Modular Arithmetic Operations
 can perform arithmetic with residues
 uses a finite number of values, and loops
back from either end
Zn = {0, 1, . . . , (n – 1)}
 modular arithmetic is when do addition &
multiplication and modulo reduce answer
 can do reduction at any point, ie
 a+b mod n = [a mod n + b mod n] mod n
Modular Arithmetic Operations
1. [(a mod n) + (b mod n)] mod n
= (a + b) mod n
2. [(a mod n) – (b mod n)] mod n
= (a – b) mod n
3. [(a mod n) x (b mod n)] mod n
= (a x b) mod n
e.g.
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2 (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4 (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5 (11 x 15) mod 8 = 165 mod 8 = 5
Modulo 8 Addition Example
+ 0 1 2 3 4 5 6 7
0 0 1 2 3 4 5 6 7
1 1 2 3 4 5 6 7 0
2 2 3 4 5 6 7 0 1
3 3 4 5 6 7 0 1 2
4 4 5 6 7 0 1 2 3
5 5 6 7 0 1 2 3 4
6 6 7 0 1 2 3 4 5
7 7 0 1 2 3 4 5 6
Modulo 8 Multiplication
+ 0 1 2 3 4 5 6 7
0 0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 7
2 0 2 4 6 0 2 4 6
3 0 3 6 1 4 7 2 5
4 0 4 0 4 0 4 0 4
5 0 5 2 7 4 1 6 3
6 0 6 4 2 0 6 4 2
7 0 7 6 5 4 3 2 1
Modular Arithmetic Properties
 Euclidean Algorithm
 an efficient way to find the GCD(a,b)
 uses theorem that:
 GCD(a,b) = GCD(b, a mod b)
 Euclidean Algorithm to compute GCD(a,b) is:
Euclid(a,b)
if (b=0) then return a;
else return Euclid(b, a mod b);
Extended Euclidean Algorithm
 calculates not only GCD but x & y:
ax + by = d = gcd(a, b)
 useful for later crypto computations
 follow sequence of divisions for GCD but
assume at each step i, can find x &y:
r = ax + by
 at end find GCD value and also x & y
 if GCD(a,b)=1 these values are inverses
 Finding Inverses
EXTENDED EUCLID(m, b)
1. (A1, A2, A3)=(1, 0, m);
(B1, B2, B3)=(0, 1, b)
2. if B3 = 0
return A3 = gcd(m, b); no inverse
3. if B3 = 1
return B3 = gcd(m, b); B2 = b–1 mod m
4. Q = A3 div B3
5. (T1, T2, T3)=(A1 – Q B1, A2 – Q B2, A3 – Q B3)
6. (A1, A2, A3)=(B1, B2, B3)
7. (B1, B2, B3)=(T1, T2, T3)
8. goto 2
Inverse of 550 in GF(1759)
Q A1 A2 A3 B1 B2 B3
— 1 0 1759 0 1 550
3 0 1 550 1 –3 109
5 1 –3 109 –5 16 5
21 –5 16 5 106 –339 4
1 106 –339 4 –111 355 1

355 is inverse of 550

 Group
a set S of elements or “numbers”
 may be finite or infinite
 with
some operation ‘.’ so G=(S,.)
 Obeys CAIN:
 Closure: a,b in S, then a.b in S
 Associative law: (a.b).c = a.(b.c)
 has Identity e: e.a = a.e = a
 has iNverses a-1: a.a-1 = e
 if commutative a.b = b.a
 then forms an abelian group
 Cyclic Group
 defineexponentiation as repeated
application of operator
 example: a3 = a.a.a
 and let identity be: e=a0
agroup is cyclic if every element is a
power of some fixed element a
 i.e., b = ak for some a and every b in group
a is said to be a generator of the group
 Ring
 a set of “numbers”
 with two operations (addition and multiplication)
which form:
 an abelian group with addition operation
 and multiplication:
 has closure
 is associative
 distributive over addition: a(b+c) = ab + ac
 if multiplication operation is commutative, it
forms a commutative ring
 if multiplication operation has an identity and no
zero divisors, it forms an integral domain
 Field
a set of numbers
 with two operations which form:
 abelian group for addition
 abelian group for multiplication (ignoring 0)
 ring
 have hierarchy with more axioms/laws
 group -> ring -> field
Group, Ring, Field
 Finite (Galois) Fields
 finitefields play a key role in cryptography
 can show number of elements in a finite
field must be a power of a prime pn
 known as Galois fields
 denoted GF(pn)
 in particular often use the fields:
 GF(p)
 GF(2n)
 Galois Fields GF(p)
 GF(p) is the set of integers {0,1, … , p-1}
with arithmetic operations modulo prime p
 these form a finite field
 since have multiplicative inverses
 find inverse with Extended Euclidean algorithm
 hence arithmetic is “well-behaved” and can
do addition, subtraction, multiplication, and
division without leaving the field GF(p)
GF(7) Multiplication Example
 0 1 2 3 4 5 6
0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6
2 0 2 4 6 1 3 5
3 0 3 6 2 5 1 4
4 0 4 1 5 2 6 3
5 0 5 3 1 6 4 2
6 0 6 5 4 3 2 1
 Polynomial Arithmetic
 can compute using polynomials
f(x) = anxn + an-1xn-1 + … + a1x + a0 = ∑ aixi
• n.b. not interested in any specific value of x
• which is known as the indeterminate
 several alternatives available
 ordinary polynomial arithmetic
 poly arithmetic with coefs mod p
 poly arithmetic with coefs mod p and
polynomials mod m(x)
Ordinary Polynomial Arithmetic
 add or subtract corresponding coefficients
 multiply all terms by each other
 eg
let f(x) = x3 + x2 + 2 and g(x) = x2 – x + 1
f(x) + g(x) = x3 + 2x2 – x + 3
f(x) – g(x) = x3 + x + 1
f(x) x g(x) = x5 + 3x2 – 2x + 2
 Polynomial Arithmetic with
Modulo Coefficients
 when computing value of each coefficient
do calculation modulo some value
 forms a polynomial ring
 couldbe modulo any prime
 but we are most interested in mod 2
 ie all coefficients are 0 or 1
 eg. let f(x) = x3 + x2 and g(x) = x2 + x + 1
f(x) + g(x) = x3 + x + 1
f(x) x g(x) = x5 + x2
 Polynomial Division
 can write any polynomial in the form:
 f(x) = q(x) g(x) + r(x)
 can interpret r(x) as being a remainder
 r(x) = f(x) mod g(x)
 if have no remainder say g(x) divides f(x)
 if g(x) has no divisors other than itself & 1
say it is irreducible (or prime) polynomial
 arithmetic modulo an irreducible
polynomial forms a field
 Polynomial GCD
 can find greatest common divisor for polys
 c(x) = GCD(a(x), b(x)) if c(x) is the poly of greatest
degree which divides both a(x), b(x)
 can adapt Euclid’s Algorithm to find it:
Euclid(a(x), b(x))
if (b(x)=0) then return a(x);
else return
Euclid(b(x), a(x) mod b(x));
 all foundation for polynomial fields as see next
 Modular Polynomial
Arithmetic
 can compute in field GF(2n)
 polynomials with coefficients modulo 2
 whose degree is less than n
 hence must reduce modulo an irreducible poly
of degree n (for multiplication only)
 form a finite field
 can always find an inverse
 can extend Euclid’s Inverse algorithm to find
Example 3
GF(2 )
 Computational
Considerations
 since coefficients are 0 or 1, can represent
any such polynomial as a bit string
 addition becomes XOR of these bit strings
 multiplication is shift & XOR
 cf long-hand multiplication
 modulo reduction done by repeatedly
substituting highest power with remainder
of irreducible poly (also shift & XOR)
 Computational Example
 in GF(23) have (x2+1) is 1012 & (x2+x+1) is 1112
 so addition is
 (x2+1) + (x2+x+1) = x
 101 XOR 111 = 0102
 and multiplication is
 (x+1).(x2+1) = x.(x2+1) + 1.(x2+1)
= x3+x+x2+1 = x3+x2+x+1
 011.101 = (101)<<1 XOR (101)<<0 =
1010 XOR 101 = 11112
 Computational Example (con't)
 in GF(23) have (x2+1) is 1012 & (x2+x+1) is 1112
 polynomial modulo reduction (get q(x) & r(x)) is
 (x3+x2+x+1 ) mod (x3+x+1) = 1.(x3+x+1) + (x2) = x2
 1111 mod 1011 = 1111 XOR 1011 = 01002
 Using a Generator
 equivalentdefinition of a finite field
 a generator g is an element whose
powers generate all non-zero elements
 in F have 0, g0, g1, …, gq-2
 can create generator from root of the
irreducible polynomial
 then implement multiplication by adding
exponents of generator
 Summary
 have considered:
 divisibility & GCD
 modular arithmetic with integers
 concept of groups, rings, fields
 Euclid’s algorithm for GCD & Inverse
 finite fields GF(p)
 polynomial arithmetic in general and in GF(2n)
EEE-5305: Network and Information
Security

Public Key Cryptography