STAFF NAME: Dr. P.

SIVAKUMAR
CLASS: IV – IT-A/ VII SEM
SUBJECT: IT T73 / CRYPTOGRAPHY AND NETWORK SECURITY
ACADEMIC YEAR :2024-25 ODD SEM

Course Objectives: To learn about wired and wireless network security with
various cryptographic techniques, which include private and public keys
algorithms along with attacks types.

Syllabus:
UNIT – I CLASSICAL CRYPTOSYSTEM
Security trends – Security Attacks and services – Classical Encryption
Techniques –– Symmetric cipher model– Basic Number theory –Pseudorandom
Number Generation - Stream Ciphers - RC4.
UNIT – II BLOCK CIPHER
Simple DES – DES – Modes of operation – Triple DES – AES – RSA – Attacks –
Primality test – factoring.

UNIT – III MESSAGE AUTHENTICATION

Discrete Logarithms – Computing discrete logs – Diffie-Hellman key exchange –
ElGamal Public key cryptosystems – Hash functions – Secure Hash - MD5 – Digital
signatures – RSA – ElGamal Digital signature scheme.

UNIT – IV NETWORK SECURITY

Key Management and Distribution: X.509, PKI – Electronic Mail security – PGP –
IP security – Web Security – SSL, TLS.

UNIT – V WIRELESS NETWORK SECURITY

Wireless Network Security- IEEE 802.11 Wireless LANs - Protocol Overview and
Security - Wireless Application Protocol (WAP) - Protocol Overview – Wireless
Transport Layer Security (WTLS), WAP end-to-end Security
TOTAL: 45

1
 CRYPTOGRAPHY AND NETWORK SECURITY -UNIT-1
INTRODUCTION:
Computer data often travels from one computer to another, leaving
the safety of its protected physical surroundings. Once the data is out of hand,
people with bad intention could modify or forge your data, either for
amusement or for their own benefit.
Cryptography can reformat and transform our data, making it safer on
its trip between computers. The technology is based on the essentials of secret
codes, augmented by modern mathematics that protects our data in powerful
ways.

• Computer Security - generic name for the collection of tools designed to

protect data and to prevent hackers
• Network Security - measures to protect data during their transmission
• Internet Security - measures to protect data during their transmission
over a collection of interconnected networks

Basic Concepts
Cryptography: Cryptography The art or science encompassing the principles and
methods of transforming an intelligible message into one that is unintelligible,
and then retransforming that message back to its original form.

Plaintext : The original intelligible message

Cipher text: The transformed message

Cipher: An algorithm for transforming an intelligible message into one that is

unintelligible by transposition and/or substitution methods

Key : Some critical information used by the cipher, known only to the sender&
receiver

Encipher (encode): The process of converting plaintext to cipher text using a

cipher and a key

Decipher (decode) :The process of converting cipher text back into plaintext
using a cipher and a key

2
Cryptanalysis: The study of principles and methods of transforming an
unintelligible message back into an intelligible message without knowledge of
the key. Also called code breaking

Cryptology Both cryptography and cryptanalysis

Code : An algorithm for transforming an intelligible message into an

unintelligible one using a code-book

The OSI Security Architecture:

Security Attacks, Services and Mechanisms

To assess the security needs of an organization effectively, the

manager responsible for security needs some systematic way of defining
the requirements for security and characterization of approaches to satisfy
those requirements. One approach is to consider three aspects of
information security:

Security attack – Any action that compromises the security of

information owned by an organization.
Security mechanism – A mechanism that is designed to detect,
prevent or recover from a security attack.
Security service – A service that enhances the security of the data
processing systems and the information transfers of an organization. The
services are intended to counter security attacks and they make use of one
or more security mechanisms to provide the service.

The OSI (open system interconnection) security architecture provides a

systematic framework for defining security attacks, mechanisms and
services

3
SECURITY SERVICES
X.800 defines a security service as a service that is provided by a protocol layer
of communicating open systems and that ensures adequate security of the
systems or of data transfers.

X.800 divides the security services in to five categories and 14 specific services.

1.Confidentiality: Ensures t h a t t h e i n f o r m a t i o n i n a c o m p u t e r
s y s t e m a n d transmitted information are accessible only for reading by
authorized parties. Eg., printing, displaying and other forms of disclosure.
• Connection Confidentiality: The protection of all user data on connection.

• Connectionless Confidentiality : The protection of all user data in a single

data block
• Selective-Field Confidentiality: The confidentiality of selected fields within
the user data on a connection or in a single data block.

• Traffic Flow Confidentiality: The protection of the information that might

be derived from observation of traffic flows.

2.Authentication: Ensures that the origin of a message or electronic document

is correctly identified, with an assurance that the identity is not false.
• Peer Entity Authentication: Used in association with a logical connection
to provide confidence in the identity of the entities connected.

• Data Origin Authentication : In a connectionless transfer, provides

assurance that the source of received data is as claimed

3.Integrity: Ensures that only authorized parties are able to modify computer
system assets and transmitted information. Modification includes writing,
changing status, deleting, creating and delaying or replaying of transmitted
messages.
• Connection Integrity with Recovery: Provides for the integrity of all user
data on a connection and detects any modification, insertion, deletion, or
replay of any data within an entire data sequence, with recovery
attempted.

4
 • Connection Integrity without Recovery: As above, but provides only
detection without recovery.
• Selective-Field Connection Integrity: Provides for the integrity of selected
fields within the user data of a data block transferred over a connection
and takes the form of determination of whether the selected fields have
been modified, inserted, deleted, or replayed.
• Connectionless Integrity: Provides for the integrity of a single
connectionless data block and may take the form of detection of data
modification. Additionally, a limited form of replay detection may be
provided.
• Selective-Field Connectionless Integrity: Provides for the integrity of
selected fields within a single connectionless data block; takes the form
of determination of whether the selected fields have been modified.

4.Non repudiation: Requires that neither the sender nor the receiver of a
message be able to deny the transmission.
• Nonrepudiation, Origin : Proof that the message was sent by the
specified party.
• Nonrepudiation, Destination : Proof that the message was received
by the specified party.

5.Access control: Requires that access to information resources may be

controlled by or the target system.
6.Availability: Requires that computer system assets be available to authorized
parties when needed.

5
SECURITY ATTACKS
ATTACKS : An assault on system security that derives from an intelligent threat;
that is, an intelligent act that is a deliberate attempt to evade security services
and violate the security policy of a system.

There are four general categories of attack which are listed below based on
the theoretical concepts:

Interruption

An asset of the system is destroyed or becomes unavailable or unusable.

This is an attack on availability e.g., destruction of piece of hardware,
cutting of a communication line or Disabling of file management system.

Interception

An unauthorized party gains access to an asset. This is an attack

on confidentiality. Unauthorized party could be a person, a program
or a computer.e.g., wire tapping to capture data in the network, illicit
copying of files.

Sender Receiver

Eavesdropper or forger

6
Modification

An unauthorized party not only gains access to but tampers with an asset.
This is an attack on integrity. e.g., changing values in data file, altering a
program, modifying the contents of messages being transmitted in a
network.

Sender Receiver

Eavesdropper
or forger

Fabrication

An unauthorized party inserts counterfeit objects into the system. This is an

attack on authenticity. e.g., insertion of spurious message in a network or
addition of records to a file.

Sender Receiver

Eavesdropper
or forger

Cryptographic Attacks – Practical approaches based attacks:

Passive Attacks
Passive attacks are in the nature of eavesdropping on, or monitoring of,
transmissions. The goal of the opponent is to obtain information that is
being transmitted.
Passive attacks are of two types:
Release of message contents: A telephone conversation, an e-mail message
and a transferred file may contain sensitive or confidential information. We
would like to prevent the opponent from learning the contents of these
transmissions.

Traffic analysis: If we had encryption protection in place, an opponent might

still be able to observe the pattern of the message.

7
 The opponent could determine the location and identity of communication
hosts and could observe the frequency a n d l e n g t h o f m e s s a g e s b e i n g
exchanged. This information might be useful in guessing the nature of
communication that was taking place.

Passive attacks are very difficult to detect because they do not involve any
alteration of data. However, it is feasible to prevent the success of these
attacks.

Active attacks

Active attacks: An Active attack attempts to alter system resources or

effect their operations. Active attack involve some modification of the data
stream or creation of false statement. Types of active attacks are as
following:
1. Masquerade –
Masquerade attack takes place when one entity pretends to be
different entity. A Masquerade attack involves one of the other form
of active attacks.

2. Modification of messages –
It means that some portion of a message is altered or that message
is delayed or reordered to produce an unauthorized effect. For
example, a message meaning “Allow JOHN to read confidential file
X” is modified as “Allow Smith to read confidential file X”.

8
3. Repudiation –
This attack is done by either sender or receiver. The sender or
receiver can deny later that he/she has send or receive a message.
For example, customer ask his Bank “To transfer an amount to
someone” and later on the sender(customer) deny that he had made
such a request. This is repudiation.

4. Replay –
It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.

5. Denial of Service –
It prevents normal use of communication facilities. This attack may
have a specific target. For example, an entity may suppress all
messages directed to a particular destination. Another form of
service denial is the disruption of an entire network wither by
disabling the network or by overloading it by messages so as to
degrade performance.

9
Passive attacks:

A Passive attack attempts to learn or make use of information from the

system but does not affect system resources. Passive Attacks are in the
nature of eavesdropping on or monitoring of transmission. The goal of
the opponent is to obtain information is being transmitted. Types of

Passive attacks are as following:

1. The release of message content –

Telephonic conversation, an electronic mail message or a
transferred file may contain sensitive or confidential information. We
would like to prevent an opponent from learning the contents of
these transmissions.

10
 2. Traffic analysis –
Suppose that we had a way of masking (encryption) of information,
so that the attacker even if captured the message could not extract
any information from the message.
The opponent could determine the location and identity of
communicating host and could observe the frequency and length of
messages being exchanged. This information might be useful in
guessing the nature of the communication that was taking place.

SECURITY MECHANISM:
A mechanism that is designed to detect, prevent or recover from a
security attack. It can be divided in to two types.
1. SPECIFIC SECURITY MECHANISMS: may be incorporated into the
appropriate protocol layer in order to provide some of the OSI security
service.
2. PERVASIVE SECURITY MECHANISMS: mechanism that are not specific
to any particular OSI security service.

SPECIFIC SECURITY MECHANISMS

Encipherment : The use of mathematical algorithms to transform data into a
form that is not readily intelligible. The transformation and subsequent recovery
of the data depend on an algorithm and zero or more encryption keys.

Digital Signature : Data appended to, or a cryptographic transformation of, a

data unit that allows a recipient of the data unit to prove the source and integrity
of the data unit and protect against forgery (e.g., by the recipient).

11
Access Control : A variety of mechanisms that enforce access rights to
resources.

Data Integrity : A variety of mechanisms used to assure the integrity of a data

unit or stream of data units.

Authentication Exchange : A mechanism intended to ensure the identity of an

entity by means of information exchange.

Traffic Padding : The insertion of bits into gaps in a data stream to frustrate
traffic analysis attempts.

Routing Control : Enables selection of particular physically secure routes for

certain data and allows routing changes, especially when a breach of security is
suspected.

Notarization : The use of a trusted third party to assure certain properties of a

data exchange.

PERVASIVE SECURITY MECHANISMS

Mechanisms those are not specific to any particular OSI security service or
protocol layer.

Trusted Functionality : That which is perceived to be correct with respect to

some criteria (e.g., as established by a security policy).

Security Label : The marking bound to a resource (which may be a data unit)
that names or designates the security attributes of that resource.

Event Detection : Detection of security-relevant events.

Security Audit Trail : Data collected and potentially used to facilitate a security
audit, which is an independent review and examination of system records and
activities.

12
The model for Network Security:
Encryption/Decryption methods fall into two categories.
1.Symmetric key 2. Public key
In symmetric key algorithms, the encryption and decryption keys are known both
to sender and receiver. The encryption key is shared and the decryption key is
easily calculated from it. In many cases, the encryption and decryption keys are
the same. In public key cryptography, encryption key is made public,
but it is computationally infeasible to find the decryption key without the
information known to the receiver.

A MODEL FOR NETWORK SECURITY

13
A message is to be transferred from one party to another across some sort of
internet. The two parties, who are the principals in this transaction, must
cooperate for the exchange to take place.
A logical information channel is established by defining a route through the
internet from source to destination and by the cooperative use of
communication protocols (e.g., TCP/IP) by the two principals.

All the techniques for providing security have two components:

1. A security-related transformation on the information to be sent.

2. Some secret information shared by the two principals and, it is hoped,
unknown to the opponent.
A trusted third party may be needed to achieve secure transmission. For
example, a third party may be responsible for distributing the secret
information to the two principals while keeping it from any opponent

Using this model requires us to:

• Design a suitable algorithm for the security transformation

• Generate the secret information (keys) used by the algorithm
• Develop methods to distribute and share the secret information
• Specify a protocol enabling the principals to use the transformation
and secret information for a security service.

SYMMETRIC KEY / CONVENTIONAL ENCRYPTION ALGORITHMS:

In symmetric key algorithms, the encryption and decryption keys are

known both to sender and receiver. The encryption key is shared and the
decryption key is easily calculated from it. In many cases, the encryption and
decryption keys are the same.

A symmetric encryption scheme has five ingredients.

Plaintext: This is the original message or data that is fed into the algorithm as
input.
Encryption algorithm: The encryption algorithm performs various
substitutions and transformations on the plaintext.

14
 Secret key: The secret key is also input to the encryption algorithm. The key is
a value independent of the plaintext and of the algorithm. The algorithm will
produce a different output depending on the specific key being used at the
time. The exact substitutions and transformations performed by the algorithm
depend on the key.
Ciphertext: This is the unreadable message produced as output by an
Encryption algorithm.
Decryption algorithm: This is essentially the encryption algorithm run in
reverse. It takes the ciphertext and the secret key and produces the original
plaintext.

Here the original message, referred to as plaintext, is converted into

apparently random nonsense, referred to as cipher text.
The encryption process consists of an algorithm and a key. The key is a value
independent of the plaintext. Changing the key changes the output of the
algorithm.
Once the cipher text is produced, it may be transmitted. Upon reception,
the cipher text can be transformed back to the original plaintext by using a
decryption algorithm and the same key that was used for encryption.
The security depends on several factors. First, the encryption algorithm must
be powerful enough that it is impractical to decrypt a message on the basis of
cipher text alone. Beyond that, the security depends on the secrecy of the
key, not the secrecy of the algorithm.
Two requirements for secure use of symmetric encryption:
• A strong encryption algorithm
• A secret key known only to sender / receiver

15
 Y = EK(X)
X = DK(Y)

• assume encryption algorithm is known

• implies a secure channel to distribute key
Encryption Requirements *
There are two requirements for secure use of conventional encryption:
1. The encryption algorithm must be strong.
o At a minimum, an opponent who knows the algorithm and has access
to one or more ciphertexts would be unable to decipher the ciphertext
or figure out the key.
o In a stronger form, the opponent should be unable to decrypt
ciphertexts or discover the key even if he or she has a number of
ciphertexts together with the plaintext for each ciphertext.
2. Sender and receiver must have obtained copies of the secret key in a
secure fashion and must keep the key secure. If someone can discover the
key and knows the algorithm, all communication using this key is
readable.

A source produces a message in plaintext, X = [X1, X2… XM] where M are

the number of letters in the message. A key of the form K = [K1, K2…
KJ] is generated. If the key is generated at the source, then it must be
provided to the destination by means of some secure channel.

With the message X and the encryption key K as input, the encryption algorithm
forms the cipher text Y = [Y1, Y2, YN]. This can be expressed as Y = EK(X).
The intended receiver, in possession of the key , is able to invert the
transformation:
X = DK(Y)
An opponent, observing Y but not having access to K or X, may attempt
to recover X or K or both. It is assumed that the opponent knows the encryption
and decryption algorithms.
If the opponent is interested in only this particular message, then the focus of
effort is to recover X by generating a plaintext estimate. Often if the opponent
is interested in being able to read future messages as well, in which case an
attempt is made to recover K by generating an estimate

16
Differentiate symmetric and asymmetric encryption?
➢ symmetric : It is a form of cryptosystem in which encryption and
decryption performed using the same key. Eg: DES, AES.
➢ asymmetric : It is a form of cryptosystem in which encryption and
decryption Performed using two keys. Eg:RSA,ECC

Symmetric Cipher Model

Cryptography :It is a science of writing Secret code using mathematical
techniques. The many schemes used for enciphering constitute the area of
study known as cryptography.
cryptanalysis : Cryptanalysis: techniques used for deciphering or decrypting
a message without the knowledge of the enciphering or encrypting details
is said to be cryptanalysis.
Cryptology: the study of cryptography and cryptanalysis together is called
cryptology.
Cryptography :

• Cryptography is the science of ciphering and deciphering messages.

• A cipher is a message that has been transformed into a nonhuman
readable format.
• Deciphering is reversing a cipher into the original text.
• Cryptanalysis is the art of deciphering ciphers without the knowledge of
the key used to cipher them.
• Cryptology combines the techniques of both cryptography and
cryptanalyst.

17
Characterization of cryptosystem:

Cryptographic systems are generally classified along 3 independent dimensions:

• Type of operations used for transforming plain text to cipher text

All the encryption algorithms are based on two general principles:
substitution, in which each element in the plaintext is mapped into
another element and transposition, in which elements in the plaintext are
rearranged.
• The number of keys used

If the sender and receiver uses same key then it is said to be symmetric key
(or) single key (or) conventional encryption.

If the sender and receiver use different keys then it is said to be public key
encryption.

• The way in which the plain text is processed

A block cipher processes the input and block of elements at a time,
producing output block for each input block.
A stream cipher processes the input elements continuously, producing output
element one at a time, as it goes along.

Cryptanalysis:
Study of deciphering techniques without the knowledge of Enciphering.
The process of attempting to discover plain text (X) or key (K) or both is known as
cryptanalysis. The strategy used by the cryptanalysis depends on the nature
of the encryption scheme and the information available to the cryptanalyst.
There are various types of cryptanalytic attacks based on the amount of
information known to the cryptanalyst.
Cipher text only – A copy of cipher text alone is known to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the cipher text and
the corresponding plaintext.

18
 Chosen plaintext – The cryptanalysts gains temporary access to the
encryption machine. They cannot open it to find the key, however; they can
encrypt a large number of suitably chosen plaintexts and try to use the
resulting cipher texts to deduce the key.

Chosen cipher text – The cryptanalyst obtainstemporary access to the

decryption machine, uses it to decrypt several string of symbols, and tries
to use the results to deduce the key.

Brute-force attack- The attacker tries every possible key on a piece of ciphertext
until an intelligible translation into plaintext is obtained.
On average, half of all possible keys must be tried to achieve success.
➢ An encryption scheme is unconditionally if the ciphertext generated by the
scheme does not contain enough information to determine uniquely the
corresponding plaintext, no matter how much ciphertext is available.

➢ An encryption scheme is said to be computationally secure if either of the

foregoing two criteria are met. The rub is that it is very difficult to estimate
the amount of effort required to crypto analyze ciphertext successfully.

CLASSICAL ENCRYPTION TECHNIQUES

There are two basic building blocks of all encryption techniques:

substitution and transposition.

Substitution Techniques: A substitution technique is one in which the letters

of plaintext are replaced by other letters or by numbers or symbols. If the
plaintext is viewed as a sequence of bits, then substitution involves replacing
plaintext bit patterns with cipher text bit patterns.

Transposition Techniques – it is one which performs some sort of permutation

on the plaintext letters.
• Substitution Techniques
➢ Caesar Cipher
➢ Monoalphabetic Ciphers
➢ Playfair Cipher

19
 ➢ Hill Cipher
➢ Polyalphabetic Ciphers
➢ One-Time Pad
• Transposition Techniques – rail fence

1. Caesar cipher (or) shift cipher

The earliest known use of a substitution cipher and the simplest was by
Julius Caesar. The Caesar cipher involves replacing each letter of the
alphabet with the letter standing 3 places further down the alphabet.
e.g., plain text : pay more money
Cipher text : SDB PRUH PRQHB

Note that the alphabet is wrapped around, so that letter following „z‟ is „a‟.
For each plaintext letter p, substitute the cipher text letter c such that
C = E(p) = (p+3) mod 26
A shift may be any amount, so that general Caesar algorithm is
C = E (p) = (p+k) mod 26
Where k takes on a value in the range 1 to 25. The decryption algorithm is
simply
P = D(C) = (C-k) mod 26

With only 25 possible keys, the Caesar cipher is far from secure. A dramatic
increase in the key space can be achieved by allowing an arbitrary substitution.
Recall the assignment for the Caesar cipher:

Plain: a b c d e f g h i j k l m n o p q r s t u v w x y z
cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
Three important characteristics of this problem enabled us to use a brute-force
cryptanalysis:

1. The encryption and decryption algorithms are known

2. There are only 25 keys to try.
3. The language of the plaintext is known and easily recognizable.

20
 2. Playfair Ciphers
• It is a multiple letters encryption Technique
• The Playfair algorithm is based on the 5*5 matrix of letters constructed
using a keyword. Consider keyword as monarchy
• The matrix is constructed by filling the letters of keyword from left to right
and from top to bottom then filling the remaining letters using the
remaining alphabets.
• The letters I and J come as one letter.
M O N A R

C H Y B D
E F G I/J K
L P Q S T
U V W X Z

• The plaintext is encrypted two letters at a time according to the following

rule:
Rule 1:
Repeating plaintext letter are in the same pair are separated with a filler letter
such as X. Eg: Plaintext- Balloon
Ciphertext - Balxloxon
Rule 2:
Two Plaintext letters that fall in the same row of the matrix are each replaced
by the letter to the right with the first element of the row circularly following the
last.
Plaintext-EF
Ciphertext-FG

Rule 3:
Two Plaintext letters that fall in the same column of the matrix are each replaced
by the letter to the beneath with the top element of the column circularly

21
following the last.
Plaintext-FA
Ciphertext-AL
Rule 4:
Otherwise each plaintext letters in a pair is replaced by the letter lies in its own
row and the column occupied by the other plaintext letter.

F G I

A K C

L M B

Plaintext: IM
Ciphertext: BG

• Despite this level of confidence in its security, the playfair cipher is

relatively easy to break because it still leaves much of the structure of the
plaintext language intact. A few hundred letters of ciphertext are
generally sufficient.
Plaintext = meet me at the school house
Splitting two letters as a unit => me et me at th es ch o x ol ho us ex
Corresponding cipher text => CL KL CL RS PD IL HY AV MP HF XL IU

Strength of playfair cipher

Playfair cipher is a great advance over simple mono alphabetic ciphers. Since
there are 26 letters, 26x26 = 676 diagrams are possible, so
identification of individual diagram is more difficult.

22
 3. Monoalphabetic Ciphers

This approach is referred to as a monoalphabetic substitution cipher, because

a single cipher alphabet (mapping from plain alphabet to cipher alphabet) is
used per message.

As a first step, the relative frequency of the letters can be determined and
compared to a standard frequency distribution for English.

If the message were long enough, this technique alone might be sufficient, but
because this is a relatively short message, we cannot expect an exact match. In
any case, the relative frequencies of the letters in the ciphertext (in percentages)
are as follows.

4. Hill Cipher

An interesting multiletter cipher is the Hill cipher, developed by the

mathematician Lester Hill in 1929.
The encryption algorithm takes m successive plaintext letters and substitutes for
then m cipher text letters.
The substitution is determined by m linear equations in which each character is
assigned a numerical value (a = 0, b = 1 ... z = 25). For m = 3, the system can be
described as follows:

c1 = (k11* P1 + k12*P2 + k13*P3) mod 26

c2 = (k21*P1 + k22*P2 + k23*P3) mod 26
This is demonstrated as follows:
c3 = (k31*P1 + k32*P2 + k33*P3) mod 26
This can be expressed in term of column vectors and matrices:
(or) C = KP mod 26

23
Where C and P are column vectors of length 3, representing the plaintext and
ciphertext, and K is a 3 x 3 matrix, representing the encryption key. Operations
are performed mod 26.
For example, consider the plaintext ="pay more money" and use the encryption
key. The first three letters of the plaintext are represented by the vector

k=

• The ciphertext for the entire plaintext is LNSHDLEWMTRW.

• Decryption requires using the inverse of the matrix K. The inverse K1 of a
matrix K is defined by the equation = K1 = I,
• The inverse of a matrix does not always exist, but when it does, it satisfies
the preceding equation. In this case, the inverse is:

In general terms, the Hill system can be expressed as follows:

C = E (K, P) = KP mod 26
C P = D (K, P) = K1

▪ As with Playfair, the strength of the Hill cipher is that it completely hides
single-letter frequencies.
▪ Indeed, with Hill, the use of a larger matrix hides more frequency
information. Thus a 3 x 3 Hill cipher hides not only single-letter but also
two-letter frequency information.

24
Polyalphabetic Ciphers / Vigenère cipher.
Another way to improve on the simple mono-alphabetic technique is to use
different mono-alphabetic substitutions as one proceeds through the plaintext
message.
The general name for this approach is polyalphabetic substitution cipher.

All these techniques have the following features in common:

1. A set of related mono-alphabetic substitution rules is used.
2. A key determines which particular rule is chosen for a given
transformation.

Table: The Modern Vigenère Table

✓ The best known, and one of the simplest, such algorithm is referred to as
the Vigenère cipher.
✓ In this scheme, the set of related monoalphabetic substitution rules
consists of the 26 Caesar ciphers, with shifts of 0 through 25.
✓ Each cipher is denoted by a key letter, which is the ciphertext letter that
substitutes for the plaintext letter a. Thus, a Caesar cipher with a shift of 3
is denoted by the key value d..

25
 To encrypt a message, a key is need that is as long as the message. Usually the
key is a repeating keyword. For example, if the keyword is deceptive, the
message “We are discovered save yourself “is encrypted as follows:

Key: deceptivedeceptivedeceptive
Plaintext: wearediscoveredsaveyourself
Ciphertext: ZICVTWONGRZGVTWAVZHCQYGLMGJ

✓ Decryption is equally simple. A key letter again identifies the row.

✓ The position of the ciphertext letter in that row determines the column,
and the plaintext letter is at the top of that column.
✓ The strength of this cipher is that there are multiple ciphertext letters for
each plaintext letter, one for each unique letter of the keyword.
✓ Thus, the letter frequency information is obscured.However,not all
knowledge of the plaintext structure is lost

One-Time Pad
✓ An Army Signal Corp officer, Joseph Mauborgne, proposed an improvement to
the Vernam cipher that yields the ultimate in security.
✓ Mauborgne suggested using a random key that is as long as the message, so that
the key need not be repeated.
✓ In addition, the key is to be used to encrypt and decrypt a single message, and
then is discarded.
✓ Each new message requires a new key of the same length as the new message.
Such a scheme, known as a one-time pad, is unbreakable. It produces random
output that bears no statistical relationship to the plaintext.
✓ Because the ciphertext contains no information whatsoever about the plaintext,
there is simply no way to break the code.
We now show two different decryptions using two different keys:
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: pxlmvmsydofuyrvzwc tnlebnecvgdupahfzzlmnyih
Plaintext: mr mustard with the candlestick in the hall
Ciphertext: ANKYODKYUREPFJBYOJDSPLREYIUNOFDOIUERFPLUYTS
Key: mfugpmiydgaxgoufhklllmhsqdqogtewbqfgyovuhwt
Plaintext: miss scarlet with the knife in the library

26
Transposition Techniques
• A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a
transposition cipher.
• The simplest such cipher is the rail fence technique, in which the plaintext
is written down as a sequence of diagonals and then read off as a
sequence of rows.
• For example, to encipher the message "meet me after the toga party" with
a rail fence of depth 2, we write the following:

mematrhtgpryetefeteoaat
The encrypted message is
MEMATRHTGPRYETEFETEOAAT
This sort of thing would be trivial to cryptanalyze. A more complex scheme is to
write the message in a rectangle, row by row, and read the message off, column
by column, but permute the order of the columns. The order of the columns then
becomes the key to the algorithm. For example,
Key: 4 3 1 2 5 6 7
Plaintext: a t t a c k p
ostpone
duntilt
woamxyz
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
✓ A pure transposition cipher is easily recognized because it has the same
letter frequencies as the original plaintext.
✓ For the type of columnar transposition just shown, cryptanalysis is fairly
straightforward and involves laying out the ciphertext in a matrix and
playing around with column positions.
✓ The transposition cipher can be made significantly more secure by
performing more than one stage of transposition.

27
 ✓ The result is a more complex permutation that is not easily reconstructed.
Thus, if the foregoing message is re-encrypted using the same algorithm,

Key: 4 3 1 2 5 6 7
Input: t t n a a p t
mtsuoao
dwcoixk
nlypetz
Output: NSCYAUOPTTWLTMDNAOIEPAXTTOKZ
✓ To visualize the result of this double transposition, designate the letters in
the original plaintext message by the numbers designating their position.

✓ Thus, with 28 letters in the message, the original sequence of letters is

01 02 03 04 05 06 07 08 09 10 11 12 13 14
15 16 17 18 19 20 21 22 23 24 25 26 27 28
After the first transposition we have
03 10 17 24 04 11 18 25 02 09 16 23 01 08
15 22 05 12 19 26 06 13 20 27 07 14 21 28
Which has a somewhat regular structure? But after the second transposition, we
have
17 09 05 27 24 16 12 07 10 02 22 20 03 25
15 13 04 23 19 14 11 01 26 21 18 08 06 28
This is a much less structured permutation and is much more difficult to crypt
analyze.

28
Rotor Machine Principles:
The basic principle of the rotor machine is illustrated in Figure. The machine
consists of a set of independently rotating cylinders through which electrical
pulses can flow.
Each cylinder has 26 input pins and 26 output pins, with internal wiring that
connects each input pin to a unique output pin. If we associate each input and
output pin with a letter of the alphabet, then a single cylinder defines a
monoalphabetic substitution.
If an operator depresses the key for the letter A, an electric signal is applied to
the first pin of the first cylinder and flows through the internal connection to the
twenty-fifth output pin. Consider a machine with a single cylinder.
After each input key is depressed, the cylinder rotates one position, so that the
internal connections are shifted accordingly. Thus, a different monoalphabetic
substitution cipher is defined. After 26 letters of plaintext, the cylinder would be
back to the initial position. Thus, we have a polyalphabetic substitution algorithm
with a period of 26.
A single-cylinder system is trivial and does not present a formidable
cryptanalytic task. The power of the rotor machine is in the use of multiple
cylinders, in which the output pins of one cylinder are connected to the input
pins of the next.

Figure shows a three-cylinder system. With multiple cylinders, the one closest
to the operator input rotates one pin position with each keystroke. The right
half of Figure shows the system's configuration after a single keystroke.

For every complete rotation of the inner cylinder, the middle cylinder rotates
one pin position. Finally, for every complete rotation of the middle cylinder, the
outer cylinder rotates one pin position. The result is that there are 26 " 26 " 26
= 17,576 different substitution alphabets used before the system repeats.

29
Steganography:
A plaintext message may be hidden in any one of the two ways. The methods of
steganography conceal the existence of the message, whereas the methods of
cryptography render the message unintelligible to outsiders by various
transformations of the text.
A simple form of steganography, but one that is time consuming to construct is
one in which an arrangement of words or letters within an apparently
innocuous text spells out the real message.
e.g., (i) the sequence of first letters of each word of the overall message spells
out the real (Hidden) message.
(ii) Subset of the words of the overall message is used to convey the hidden
message.
Various other techniques have been used historically, some of them are
Character marking – selected letters of printed or typewritten text are
overwritten in pencil. The marks are ordinarily not visible unless the paper is
held to an angle to bright light.

30
Invisible ink – a number of substances can be used for writing but leave no
visible trace until heat or some chemical is applied to the paper.
Pin punctures – small pin punctures on selected letters are ordinarily not
visible unless the paper is held in front of the light.
Typewritten correction ribbon – used between the lines typed with a black
ribbon, the results of typing with the correction tape are visible only under a
strong light.
Drawbacks of steganography
1.Requires a lot of overhead to hide a relatively few bits of information.
2.Once the system is discovered, it becomes virtually worthless.

Explain the RC4 in details?

• RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
• A stream cipher is one that encrypts a digital data stream one bit or one
byte at a time. It is a variable key-size stream cipher with byte-oriented
operations.

• The algorithm is based on the use of a random permutation. Analysis

shows that the period of the cipher is overwhelmingly likely to be greater
than 10100. Eight to sixteen machine operations are required per output
byte, and the cipher can be expected to run very quickly in software.

• RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security)

standards that have been defined for communication between Web
browsers and servers. It is also used in the WEP (Wired Equivalent Privacy)
protocol and the newer WiFi Protected Access (WPA) protocol that are
part of the IEEE 802.11 wireless LAN standard.

• RC4 was kept as a trade secret by RSA Security.

• The RC4 algorithm is remarkably simply and quite easy to explain. A
variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to
initialize a 256-byte state vector S, with elements S[0], S[1],..., S[255].

31
 • At all times, S contains a permutation of all 8-bit numbers from 0 through
255. For encryption and decryption, a byte k (see Figure 6.8) is generated
from S by selecting one of the 255 entries in a systematic fashion.

• As each value of k is generated, the entries in S are once again permuted.

Initialization of S:

✓ To begin, the entries of S are set equal to the values from 0 through
255 in ascending order; that is; S[0] = 0, S[1] = 1,..., S[255] = 255. A
temporary vector, T, is also created.

✓ If the length of the key K is 256 bytes, then K is transferred to T.

Otherwise, for a key of length keylen bytes, the first keylen elements
of T are copied from K and then K is repeated as many times as
necessary to fill out T.

✓ These preliminary operations can be summarized as follows:

/* Initialization */
For i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen]

✓ Next we use T to produce the initial permutation of S. This involves

starting with S[0] and going through to S[255], and, for each S[i], swapping
S[i] with another byte in S according to a scheme dictated by T[i]:
/* Initial Permutation of S */
j = 0;
For i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S

still contains all the numbers from 0 through 255.

32
Stream Generation:

✓ Once the S vector is initialized, the input key is no longer used. Stream
generation involves cycling through all the elements of S[i], and, for each
S[i], swapping S[i] with another byte in S according to a scheme dictated
by the current configuration of S. After S[255] is reached, the process
continues, starting over again at S[0]:

/* Stream Generation */
i, j = 0;
While (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];

To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the
value k with the next byte of ciphertext.

33
Introduction to Number Theory:

➢ remainder r often referred to as a residue

34
Greatest Common Divisor
The greatest common divisor (a,b) of a and b is the largest number that
divides evenly into both a and b.

• Illustrate how we can compute successive instances of GCD(a,b) =

GCD(b,a mod b).
• Note this MUST always terminate since will eventually get a mod b = 0 (ie
no remainder left).
• Answer is then the last non-zero value. In this case GCD(1970,1066)=2.

One of the basic techniques of number theory is the Euclidean algorithm, which
is a simple procedure for determining the greatest common divisor of two
positive integers. Use the notation gcd(a,b) to mean the greatest common
divisor of a and b. The positive integer c is said to be the greatest common divisor
of a and b if c is a divisor of a and of b; and any divisor of a and b is a divisor of
c. We also define gcd(0, 0) = 0.
State that two integers a and b are relatively prime if their only common positive
integer factor is 1, ie GCD(a,b)=1.
Euclidean Algorithm:
It is a simple procedure which is used for determining the GCD of two
integer
GCD(a,b)=gcd(b,a mod b)
Eg:
a=18, b=12 Find gcd(18,12)
GCD (a,b)=gcd(b,a mod b)
gcd (18, 12)=gcd(12, 18 mod 12)
gcd (18, 12)=gcd (12, 6)
gcd (12,6)=gcd(6, 12 mod 6)
gcd (12,6)=gcd (6, 0)
gcd (18,12)=6

35
Algorithm:
EUCLID (a, b)
Step 1: A ←a; B← b
Step 2: if B=0 return A=gcd (a,b)
Step 3: else
R=A mod B
Step 4: A→B
Step 5: B→R
Step 6: goto step2

An important problem is to find multiplicative inverses in such finite fields. Can

show that such inverses always exist, & can extend the Euclidean algorithm to
find them as shown. See text for discussion as to why this works.

36
State Fermat’s theorem and Euler’s theorem
Two theorems that play important t roles in public key cryptography are Fermat’s
theorem and Euler’s theorem.
Fermat Theorem:
✓ Fremat’s theorem states: If p is prime and a is positive integer not
divisible by p, then

ap-1 ≡1 (mod p)
Proof:
✓ Consider the set of positive integers less than p:{1,2,….p-1} and
multiply each element by a, modulo p,to get the set X={a mod p,2a
mod p…………..(p-1)a mod p},None of the elements of X is equal to
zero because p does not divide a. Furthermore no two of the
integers in X are equal.
✓ To see this, assume that ja = ka (mod p) where 1 ≤ j < k ≤ p-1.Because
a is relatively prime5 to p, We can eliminate a from both sides of
the equation resulting in: j = k(mod p).
✓ This last equality is impossible because j and k are both positive
integers less than p.Therefore; we know the (p-1) elements of X are
all positive integers, with no two elements equal.
✓ We can conclude the X consists of the set of integers {1,2,….,p-1} in
same order.Multilplying the numbers in both sets and taking the
result mod p yields

a * 2a * …. * (p-1) = [(1*2*…*(p-1)] (mod p)

a p-1(p-1)! = (p-1)! (mod p)
We can cancel the (p-1)! Term because it is relatively prime p to p. This yields
Equation

37
a=7,p=19
72 = 49≡11(mod 19)
74 ≡ 121≡7(mod 19)
78 ≡ 49 ≡ 11(mod 19)
716 ≡ 121≡7(mod 19)
ap-1=718=716*72≡7*11≡1(mod 19)
An alternative form of Fermat’s theorem is also useful: If p is prime and a is a
positive integer, then
ap ≡ a(mod p)

P=5,a=3 ap=35=243=3(mod5)≡a(mod p)
P=5,a=10 ap=105=100000=10(mod 5)=0(mod 5) ≡
a(mod p)

Euler’s Totient Function:

Euler totient function and written Φ(n),defined as the number of positive
integers less than n and relatively prime to n,By convention Φ(1)=1.
(Or) Φ(p)= p-1

Determine Φ (37) and Φ(35)

Because 37 is prime, all of the positive integers from 1 through 36 are relatively
Prime to 37, Thus Φ(37)=36.
To determine Φ(35), We list all of the positive integers less than 35 that are
relatively prime to it:
1,2,3,4,6,8,9,11,12,13,16,17,18,19,22,23,24,26,27,29,31,32,33,34
There are 24 numbers on the list, so Φ(35) =24

Table lists the first 30 values of Φ (n). The value Φ (1) is without meaning but is
defined to have the value 1.

38
It should be clear that for a prime number p,
Φ (p)=p – 1
Now suppose that we have two prime numbers p and q, with p # q.Then we can
show that for n=pq.
Φ (n) = Φ (pq) = Φ (p) * Φ (q)
= (p-1) * (q-1)
To see that Φ (n)= Φ (p) * Φ (q) ,consider that the set of positive integers less
that n is st {1,….,(pq-1)}.The integers in this set that are not relatively prime to n
are the set {p.2p,….,(q-1)p} and the set {q,2q,…..(p-1)q}.
Table: Some values of Euler’s Totient Function Φ(n)

n Φ (n)
1 1
2 1 n Φ (n)
3 2 11 10
4 2 12 4
5 4 13 12 n Φ (n)
6 2 14 6 21 12
7 6 15 8
22 10
8 4 16 8
23 22
9 6 17 16
24 8
10 4 18 6
25 20
19 18
26 12
20 8
27 18
28 12
29 28
Accordingly, 30 8
Φ(n) = (pq -1) – [(q-1) + ( p-1)]
= pq – (p+q) +1
= (p – 1) * (q – 1)
= Φ (p) * Φ (q)

(21)= (3) * (7) =(3-1) * (7-1) =2*6=12

Where the 12 integers are {1,2,4,5,8,10,11,13,16,17,19,20}

39
Euler’s Theorem:
It states that for every a and n those are relatively prime:
aΦ(n) ≡ 1(mod n)

a=3;n=10; Φ(10)=4 34=81=1(mod 10)=1(mod n)

a=2;n=11; Φ (11)=10 210=1024=1(mod 11)=1(mod n)

Proof:
• Equation 8.4 is true if n is prime, because in that case Φ(n) = (n-1) and
Fermat’s theorem holds. However, it also holds for any integer n. Recall
that Φ(n) is the number of positive integers less than n that are relatively
prime to n. Consider the set of such integers, labelled as follows:
R={x1,x2,......x Φ(n) }
• That is, each element xi of R is a unique integer less than n with
gcd(xi,n)=1.Now multiply each element by a, modulo n:

S= {(ax1 mod n), (ax2 mod n).....,(axΦ(n) mod n)}

The set S is a permutation by R, by the following line of reasoning:
1. Because a is relatively prime to n and xi is relatively prime to n, axi must also
be relatively prime to n. Thus, all the members of S are integers that are less
than n and that are relatively prime to n.
2. There are no duplicates in S.
If axi mod n = axi mod n, then xi=xj

Therefore,
Φ(n) Φ(n)
∏(axi mod n) = ∏xi
i=1 i=1
Φ(n) Φ(n)
∏axi = ∏xi (mod n)
i=1 i=1

40
 Φ (n) Φ (n)
∏xi = ∏xi (mod n)
i=1 i=1
This is the same line of reasoning applied to the proof of Fermat’s theorem.
As is the case for Fermat’s theorem, an alternative form of the theorem is also
used.
aΦ(n) ≡ a(mod n)
Again, similar to the case with Fermat’s theorem, the first form of Euler’s
theorem requires that a be relatively prime to n, but this form does not.
Modular Arithmetic:
A given any positive integer ‘N’ and any non-negative integer ‘a’. If we divide
(a/n) we get an integer quotient (q) and integer remainder ® obey the following
relationships

a=qn+r, 0<=r<n

Congruent Modulo:
Two integers a and b are said to be congruent modulo.
If (a mod n)=(b mod n) this can be written as

a≡(b mod n)

Modular Arithmetic Operations:

1. [(a mod n) + (b mod n)] mod n=(a+b) mod n
2. [(a mod n) - (b mod n)] mod n=(a-b) mod n
3. [(a mod n) * (b mod n)] mod n=(a*b) mod n

Eg: a=11, b=15,n=8 ;

Prove Modular Arithmetic [(a mod n) + (b mod n)] mod n=(a+b) mod n]

L.H.S [(11 mod 8) + (15 mod 8)] mod 8 = [3+7] mod 8 = [10 mod 8]
L.H.S=2
R.H.S (a+b) mod n = [11+15] mod 8 = 2
R.H.S=2 ; Hence it is proved.

41
Explain in detail about Finite fields?
A finite field is a field with a finite number of elements.
1. Group, Rings and Field
2. Modular Arithmetic
3. The Euclidean Algorithm
4. Finite Field of the form GF(P)
5. Polynomial Arithmetic
6. Finite Field of the form GF (2n)

1. Group, Rings and Field :

Group (G)
A Group is denoted by {G, .} is a set of elements with a binary
operations
(A1) Closure: If a and b belong to G, then a ·b is also in G.
(A2) Associative: a · (b · c) = (a ·b) · c for all a, b, c in G.
(A3) Identity element: There is an element e in G such that a ·e = e ·a = a for all
a in G.
(A4) Inverse element: For each a in G there is an element a' in G such that a ·a' =
a' ·a = e.
Ring (R) : A Ring R is denoted by { R, +,X} is a set of operations such as
addition and multiplication
(M1) Closure under multiplication: If a and b belong to R, then ab is also in R.
(M2) Associatively of multiplication: a(bc) = (ab)c for all a, b, c in R.
(M3) Distributive laws: a(b + c) = ab + ac for all a, b, c in R.
(a + b)c = ac + bc for all a, b, c in R.

42
 Field (F)
A Field (F) is denoted by {F,+,X} is a set of elements with two binary
operations

43
2. Modular Arithmetic:
A given any positive integer ‘N’ and any non-negative integer ‘a’. If we divide
(a/n) we get an integer quotient (q) and integer remainder ® obey the following
relationships

a=qn+r, 0<=r<n

Congruent Modulo:
Two integers a and b are said to be congruent modulo.
If (a mod n)=(b mod n)
this can be written as
a≡(b mod n)

Modular Arithmetic Operations:

• [(a mod n) + (b mod n)] mod n=(a+b) mod n
• [(a mod n) - (b mod n)] mod n=(a-b) mod n
• [(a mod n) * (b mod n)] mod n=(a*b) mod n

Eg: a=11, b=15,n=8 Prove Modular Arithmetic

[(a mod n) + (b mod n)] mod n=(a+b) mod n]
L.H.S [(11 mod 8) + (15 mod 8)] mod 8 = [3+7] mod 8 = [10 mod 8]
L.H.S=2
R.H.S (a+b) mod n = [11+15] mod 8 = 2
R.H.S=2
Hence it is proved.

44
3. Euclidean Algorithm:
It is a simple procedure which is used for determining the GCD of two
integer.
GCD(a,b )= gcd(b,a mod b)
Eg:
a=18, b=12 Find gcd(18,12)

GCD (a,b)=gcd(b,a mod b)

gcd (18, 12)=gcd(12, 18 mod 12)
gcd (18, 12)=gcd (12, 6)
gcd (12,6)=gcd(6, 12 mod 6)
gcd (12,6)=gcd (6, 0)
gcd (18,12)=6

Algorithm:
EUCLID (a, b)
Step 1: A ←a; B← b
Step 2: if B=0 return A=gcd (a,b)
Step 3: else
R=A mod B
Step 4: A→B
Step 5: B→R
Step 6: goto step2

45
4. Finite Field of the Form GF (P)
GF stands for Galios Field
Step 1: (A1, A2, A3) ← (1, 0, m)
(B1, B2, B3) ← (0, 1, b)
Step 2: If B3=0 return A3=gcd (m, b); no inverse
Step 3: If B3=1 return B2= gcd (m, b);B2=b-1 mod m
Step 4: Q= (A3/B3)
Step 5 :( T1, T2, T3) ← (A1-QA1, A2-QB2, A3-QB3)
Step 6: (A1, A2, A3) ← (B1, B2, B3)
Step 7: (B1, B2, B3) ← (T1, T2, T3)
Step 8: goto step 2
We now proceed to look at an extension to the Euclidean algorithm that will be
important for later computations in the area of finite fields and in encryption
algorithms such as RSA. For given integers a and b, the extended Euclidean
algorithm not only calculate the greatest common divisor d but also two
additional integers x and y that satisfy the following equation: ax + by = d =
gcd(a, b). It should be clear that x and y will have opposite signs.
Can extend the Euclidean algorithm to determine x, y, d, given a and b. We again
go through the sequence of divisions indicated in Equation Set (4.3) and we
assume that at each step i, we can find integers x and y that satisfy r = ax + by.
In each row, we calculate a new remainder r , based on the remainders of the
previous two rows. We know from the original Euclidean algorithm that the
process ends with a remainder of zero and that the greatest common divisor of
a and b is d = gcd(a, b) = r n. But we also have determined that d = r n = axn +
byn.

46
Prime numbers:
An integer p>1 is a prime number if and only if its only divisors are 1 and itself.
Prime numbers play a critical role in number theory and in the techniques.
➢ prime numbers only have divisors of 1 and self
⚫ they cannot be written as a product of other numbers
⚫ note: 1 is prime, but is generally not of interest
➢ eg. 2,3,5,7 are prime, 4,6,8,9,10 are not
➢ prime numbers are central to number theory
➢ list of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97
101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191
193 197 199
The idea of "factoring" a number is important - finding numbers which divide
into it. Taking this as far as can go, by factorising all the factors, we can
eventually write the number as a product of (powers of) primes - its prime
factorisation. Note also that factoring a number is relatively hard compared to
multiplying the factors together to generate the number.

The prime factorisation of a number n is when its written as a product of

primes
eg. 91=7x13 ; 3600=24x32x52

Have the concept of “relatively prime” if two number share no common factors
other than 1.
Another common problem is to determine the "greatest common divisor”
GCD(a,b) which is the largest number that divides into both a & b.
➢ two numbers a, b are relatively prime if have no common divisors apart
from 1
47
 ⚫ eg. 8 & 15 are relatively prime since factors of 8 are 1,2,4,8 and of
15 are 1,3,5,15 and 1 is the only common factor
➢ conversely can determine the greatest common divisor by comparing
their prime factorizations and using least powers
⚫ eg. 300=21x31x52 18=21x32 hence GCD(18,300)=21x31x50=6

Two theorems that play important roles in public-key cryptography are

Fermat’s theorem and Euler’s theorem.
Fermat’s theorem (also known as Fermat’s Little Theorem) as listed above,
states an important property of prime numbers.
Fermat's Theorem:
➢ ap-1 = 1 (mod p)
⚫ where p is prime and gcd(a,p)=1
➢ also known as Fermat’s Little Theorem
➢ also have: ap = a (mod p)
➢ useful in public key and primality testing

Euler Totient Function ø(n) :

Now introduce the Euler’s totient function ø(n), defined as the number of
positive integers less than n & relatively prime to n. Note the term “residue”
refers to numbers less than some modulus, and the “reduced set of residues”
to those numbers (residues) which are relatively prime to the modulus (n). Note
by convention that ø(1) = 1. The value ø(1) is without meaning but is defined to
have the value 1.
➢ when doing arithmetic modulo n
➢ complete set of residues is: 0..n-1
➢ reduced set of residues is those numbers (residues) which are relatively
prime to n
⚫ eg for n=10,
48
 ⚫ complete set of residues is {0,1,2,3,4,5,6,7,8,9}
⚫ reduced set of residues is {1,3,7,9}
➢ number of elements in reduced set of residues is called the Euler Totient
Function ø(n)
➢ to compute ø(n) need to count number of residues to be excluded
➢ in general need prime factorization, but
⚫ for p (p prime) ø(p)=p-1
⚫ for p.q (p,q prime) ø(p.q)=(p-1)x(q-1)
For Example
ø(37) = 36
ø(21) = (3–1)x(7–1) = 2x6 = 12
Euler's Theorem :
Euler's Theorem is a generalization of Fermat's Theorem for any number n. As
is the case for Fermat's theorem, an alternative form of the theorem is also
useful. Again, similar to the case with Fermat's theorem, the first form of Euler's
theorem requires that a be relatively prime to n, but this form does not.
A generalisation of Fermat's Theorem
aø(n) = 1 (mod n) for any a,n where gcd(a,n)=1
For Example
a=3;n=10; ø(10)=4;
hence 34 = 81 = 1 mod 10
a=2;n=11; ø(11)=10;
hence 210 = 1024 = 1 mod 11
➢ also have: aø(n)+1 = a (mod n)

49
Primality Testing :
For many cryptographic functions it is necessary to select one or more very large
prime numbers at random. Thus we are faced with the task of determining
whether a given large number is prime. There is no simple yet efficient means
of accomplishing this task.
Traditionally sieve for primes using trial division of all possible prime factors of
some number, but this only works for small numbers.
Alternatively can use repeated statistical primality tests based on properties of
primes, and then for certainty, use a slower deterministic primality test, such as
the AKS test.
Miller Rabin Algorithm
The algorithm shown is due to Miller and Rabin is typically used to test a large
number for primality. The is test based on prime properties that result from
Fermat’s Theorem
➢ algorithm is:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq
2. Select a random integer a, 1<a<n–1
3. if aq mod n = 1 then return (“inconclusive");
4. for j = 0 to k – 1 do
5. if (a2jq mod n = n-1)
then return(“inconclusive")
6. return (“composite")
It is worth noting how many numbers are likely to be rejected before a prime
number is found using the Miller-Rabin test, or any other test for primality. A
result from number theory, known as the prime number theorem, states that
primes near n are spaced on the average one every (ln n) integers. Since you can
ignore even numbers, on average need only test 0.5 ln(n) numbers of size n to
locate a prime.

50
Eg. for numbers round 2^200 would check 0.5 ln(2^200) = 69 numbers on
average. This is only an average, can see successive odd primes, or long runs of
composites.
Chinese Remainder Theorem:
The Chinese remainder theorem is a result about congruence in number theory
and its generalizations in abstract algebra. In its basic form, the Chinese
remainder theorem will determine a number n that when divided by some given
divisors leave given remainders.
In essence, the CRT says it is possible to reconstruct integers in a certain range
from their residues modulo a set of pairwise relatively prime moduli. Thus it is
very useful in speeding up some operations in the RSA public-key scheme, since
it allows you to do perform calculations modulo factors of your modulus, and
then combine the answers to get the actual result. Since the computational cost
is proportional to size, this is faster than working in the full modulus sized
modulus.
➢ It can implement CRT in several ways
➢ to compute A(mod M)
⚫ first compute all ai = A mod mi separately
⚫ determine constants ci below, where Mi = M/mi
⚫ then combine results to get answer using:

Consider the powers of an integer modulo n. By Eulers theorem, for every

relatively prime a, there is at least one power equal to 1 (being ø(n)), but there
may be a smaller value. If the smallest value is m = ø(n) then a is called a
primitive root. If n is prime, then the powers of a primitive root “generate” all

51
 residues mod n. Such generators are very useful, and are used in a number of
public-key algorithms, but they are relatively hard to find.

• For example, what is the lowest number n that when divided by 3 leaves a
remainder of 2, when divided by 5 leaves a remainder of 3, and when divided
by 7 leaves a remainder of 2?

• A common introductory example is a woman who tells a policeman that she lost
her basket of eggs, and that if she took three at a time out of it, she was left with
2, if she took five at a time out of it she was left with 3, and if she took seven at
a time out of it she was left with 2. She then asks the policeman what is the
minimum number of eggs she must have had. The answer to both problems is
23.
ax = b (mod m).

• “There are certain things whose number is unknown. When divided by 3, the
remainder is 2; when divided by 5, the remainder is 3; and when divided by 7,
the remainder is 2. What will be the number of things?”

x = 2 mod (3)
x = 3 mod (5)
x = 2 mod (7)
• Let m1, m2… mn be (pairwise) relatively prime numbers.

Then the system: x = a1 mod (m1) = a2 mod (m2) = …. = an mod mn

Has a unique solution modulo
M = m1m2 … mn.

• The CRT says that only one number of x mod (3x5x7) satisfies all equation x = 23
(mod 105),. x = 23 = 7*3 + 2 = 2 (mod 3),
x = 23 = 4*5 + 3 = 3 (mod 5), x = 23 = 3*7 + 2 = 2 (mod 7)
Suppose I take the solution x and “mod” it by m1:
M1y1 is equal to a1, since M1y1 = 1 mod (m1).
M2y2, M3y3, …, every other term is zero mod(m1), since MK is a multiple of m1.

52