Beruflich Dokumente
Kultur Dokumente
RSA Cryptosystem
Theorem: Let , . Let be numbers s. t. 1( ()). Then for any we have:
( ) ( )
Principles of RSA: Provider of public key chooses randomly primes , (distinct) and chooses
randomly < () s. t.
Public key: , where =
gcd, () = 1
Enciphering:(1 , 2 , , , ), where ( )
We have to show:
We have 4 cases:
1) gcd(, ) = 1
1 ()
( ) ( )
| 1 1
|
|
|
( )
Frequency Analysis
The most common letters in English text are E (~12%), T (~9%), A (~8.5%), O, N, I, S, R, H (all about 6%
to 7.5%), followed by D (~5%) and L (~4%). It is probably easy to identify E, T and A. (Though you may
confuse T and A.) The next six most frequently occurring letters in the ciphertext are likely to represent O,
N, I, S, R, H in some order. And there are only 6! = 720 different orders to try. When you try the right order
there will be so many recognizable words that the rest will be easy.
Affine ciphers
Recall that a translation cipher is a substitution cipher of the form + ( 26) . The key is the
single number n. One slight improvement one can try is to use + ( 26) instead. Now the
key is the pair of numbers (m, n). Ciphers of this form are called affine ciphers. The multiplier m has to
be coprime to 26 for + ( 26) to yield a permutation of the numbers 0 to 25. This follows
easily from the coprime cancellation property proved last week.
Decimations
The plaintext can be thought of as a sequence of residues modulo 26. So = 1 2 3 , where each
is a natural number less than 26, and is the length of the message. The keyword = 1 2 is
also a sequence of residues modulo 26. Here is the period.
Define +1 = 1 , +2 = 2 , etc. More precisely, for each let = , where is the residue of
. The ciphertext is = 1 2 3 , where the term is the mod 26 residue of
+ . In particular the sequence 1 +1 2 +1 is simply an alphabetic shift of the sequence
1 +1 2+1 To get +1 you just add 1 to +1 ( 26).
Coincidence Index
The coincidence index of a piece of text is the probability that two randomly chosen letters are the same.
2
If the relative frequencies of the 26 letters are 0 , 1 , , 25 then the coincidence index is 25
=0 .
For English text the coincidence index is usually about 0.065. Alphabetic shifts do not change the
coincidence index, so in a Vignere cipher with period m, the decimations will still have a coincidence
index of about 0.065. We now just compute the coincidence index of (, 1, ) for = 1, 2, 3,
until we find an that gives a value greater than 0.06
Digraphs
A digraph is a pair of adjacent letters. If all digraphs occurred with the same frequency then this number
1
26
would be ( )2 , but because some are much more common than others, typical English text gives a much
higher value than this. The (, )-decimation takes the , digraph and, if the period is , takes the
digraph after the first. Taking the coincidence index of these digraphs will indicate whether or not the
letters were adjacent in the plaintext. There is also another method known as Coincidence Discriminant.
It checks the probability that a randomly chosen digraph, , occurs in a piece of text. It then checks the
individual occurrences of and letters. The coincidence discriminant is defined to be , ( )2
Number Theory
Theorem 1: Let , , , , and suppose that ( ) and ( ). Then
+ + ( ) and ( )
Similarly:
+ = + + ( + )
( + ) ( + ) = ( + )
+ + ( )
= ( + )( + )
= + ( + + )
= ( + + )
( )
Proof: Assuming that gcd(, ) = 1, from the Extended Euclidean Algorithm, there are integers , such
that
Multiplying both sides by we obtain:
+ = 1
() + () =
Proof: Suppose is a prime such that |, and let gcd(, ) = . Then | and |. Since is a prime
the only positive integers that are divisors of are 1 and . So either = 1 or = .
Definition 2: Let be a positive integer. A set of integers is called a reduced system modulo if all
elements of are coprime and for every integer there is exactly one such that every integer
there is exactly one such that ( )
Definition 3: Let be a positive integer. The quantity () is the number of natural numbers such
that < and gcd(, ) = 1.
() = 1
= 1
Definition 4: Let be a prime number and any integer that is not a multiple of . The order of a
modulo , written () is the least positive integer such that 1 ( ).
Fermats Little Theorem: Let be a prime, and suppose that and . Then 1 1 ( )
All integers can be expressed as the product of prime factors, ie. = 1 1 2 2 3 3 . Consider the
multiplicative function (). () can be expressed as:
1 1 2 2 3 3 = 1 1 2 2 3 3 as gcd1 1 , 2 2 3 3 = 1
1 1 2 2 3 3 = 1 1 2 2 (3 3 ) as gcd2 2 , 3 3 = 1
And so on until
() = 1 1 2 2 ( )
We can apply this concept to all multiplicative functions.
Consider the Euler Phi Function
1
= 1 = (1 )
() = 1 1 2 2 ( )
1 1 2 2 3 3 = 1 1 (1
1
1
1
1
)2 2 (1 )3 3 (1 ) (1 )
1
2
3
1
() = (1 )
= + 1
() = + 1
+1 1
1
() =
|
= 1 2
1 | 2 |
= 1 2 = ()()
Provided and are coprime.
1 |
2 |
In general:
() = ( + 1)
=1
Provided that = 1 1 2 2 3 3
() =
=1
+1 1
1
Proof: Denote to be the set of such that gcd(, ) = and denote # to be the number of
elements in . It is clear that | # = as every number from 1 to occurs exactly once in .
Now denote to be the set / as each element in is a multiple of . This means that there is no
common divisor left meaning each element in is now coprime to /.
Proof: The case when = 0 holds as both sides equal 0. Let = gcd
(, ), then | and |.
We use the following property:
Proof: Suppose that , + and gcd(, ) = 1. If either or is not square free then either
() = 0 or () = 0, and in either case it follows that () = 0. Since all divisors of contains
the divisors of both and . So if either or contains a square of a prime as a divisor then it follows
that () = 0.
We now determine the case where both and are both square free.
= 1 2
= 1 2
This gives () = (1) and () = (1) . Since all s and all s are distinct, so
= (1 2 )(1 2 )
() = (1)+
Theorem 5: Suppose that is a multiplicative function defined on + , and define another function by
the rule that () = | () for all + . Then is multiplicative.
Proof: We use the rule that if | then | and | if and only if = . We have
() = () = () = () () = ()()
|
| |
as is multiplicative and the fact that gcd(, ) = 1 implies that gcd(, ) = 1 whenever | and |
Corollary 3: For each positive integer define | (). Then
1 if n = 1
() =
0 if n > 1
() = (1) = () = (1) = 1
|1
() = 1 1 2 2 3 3 = 1 1 2 2 ( )
We now only have to prove that if is prime and 1, then = 0. The divisors of are those
s for 1 . So
= () = ( ) = (1) + () + ( ) = 1 + (1) + 0 = 0
|
=0
=2