Créer une présentation
Télécharger la présentation

Télécharger la présentation
## Modern Algebra and Cryptology

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Modern Algebra and Cryptology**In this course we will study cryptology and coding theory as an application of two areas of discrete mathematics: number theory and modern algebra. Cryptology is the study of communication over insecure channels There are two facets of cryptology: cryptographythe design of systems for secure transmission of data over insecure lines cryptanalysis the design of methods for breaking cryptographical systems Coding Theory deals with representing input information symbols with output symbols called code symbols. Over time, coding theory has become associated with error-correcting codes. It studies methods of ensuring that a message sent over a “noisy” channel will be correctly recovered.**Modern Algebra and Cryptology**The mathematical areas used in cryptology are number theory, probability theory, and the theory of groups, rings and fields. Number theory is by and large concerned with the divisibility properties of integers. A group is a set with a single binary operation on its elements satisfying certain properties: associativity, existence of an identity element and the existence ofinverses. Rings and fields have two operations, an “addition-like” operation and a “multiplication-like” operation satisfying certain defining properties. A field is a ring with additional properties. By way of examples, the set of integers with addition and multiplication form a ring but not a field. The set of real numbers with addition and multiplication form a field.**Cryptography**• Here is the situation when using cryptographical methods to send a message. • Let us say that Alice is to send a message to Bob and that Eve is a third party interested in intercepting the message. • The un-encrypted message is generally called plaintext and the encrypted message is called ciphertext. • Alice uses an encryption method that depends on an encryption key to encrypt her plaintext message. • This produces the ciphertext version of her message, which is sent to Bob. • Bob uses a corresponding decryption method using a decryption key that is either the same as the encryption key or is computable from the key. • If the encryption and decryption keys are the same, then that key must be private, i.e., known only to Bob and Alice. • Otherwise the information needed for computing the decryption key must be a secret known only to Bob.**Cryptanalysis**• The possible goals of Eve are • recover the plaintext sent by Alice (interception) • find the key to be able to break all future transmissions (general break) • corrupt Alice’s message to change its meaning (deception) • masquerade as Alice • The third goal, if achieved, violates the integrity of the message. • The fourth goal would violate the authenticity of the message. • Thus among the goals of cryptography is to ensure integrity and to be able to provide authentication.**Cryptanalysis**• Possible attack situations: • Ciphertext only: Eve only has the ciphertext and the knowledge of the method • Known plaintext: Eve has an example of a plaintext/ciphertext pair • This is enough to find the key in weak systems • Was an essential element in breaking the Enigma code in WW II • Chosen plaintext: Eve has temporary access to the encryption machine but not to the key; she can “experiment” • Chosen ciphertext: Eve has temporary access to the decryption machine and can “experiment” • Example (known plaintext): In the Sahara during WW II, an isolated German outpost each day sent the same message: “nothing new to report” Useful in finding the key Field Marshall Montgomery was ordered to avoid the post!**Kerchkoff’s Principle**• Always assume the enemy knows the method being used.**Symmetric Key and Public Key Systems**• All the classical cryptosystems ( before 1970 ) were symmetric key systems • This means that both the sender and receiver know the encryption key • The decryption key is either the same as the encryption key or easily calculated (by anybody) from that key • Modern examples: Digital Encryption Standard (DES) and the Advanced Encryption Standard (AES) • The revolutionary idea of public key systems was introduced in 1970. • The encryption key to be used in sending messages to Bob is public but it is computationally infeasible to find the decryption key without information known only to Bob. • Examples: • RSA Based on factoring large integers • El Gamal Based on computing integer logarithms (Discrete Logarithm Problem) • McElice Based on error-correcting codes**Public Key Example**• Non-mathematical example of the public key idea: • Bob sends Alice a box and an unlocked padlock to which he has the key • Alice places her message in the box, locks it and sends it to Bob • Bob uses the key to unlock the box and retrieve Alice’s message • Authentication problem: Bob cannot be sure the message came from Alice • History • Amount of computation in public key systems much higher than symmetric key systems • Used only for small data packages • Examples: key exchange for symmetric systems, digital signatures Secretkey, known method Method, encryption key, what to do to compute decryption key all public Secretencryption method**Symmetric Key Systems**• Symmetric key systems fall into two categories: stream ciphers and block ciphers • Stream Ciphersindividual plaintext elements (bits or characters) are replaced by individual ciphertext elements (bits or characters) • Linear feedback shift register methods are examples of stream ciphers • Block Ciphersthe plaintext message is broken up into chunks (blocks) of elements and the encryption method converts each plaintext block into a ciphertext block • DES and AES are examples of block ciphers.**Objectives of Crytography**• Confidentiality only the sender and receiver should know the message • Data integrity • no alteration of the message • Transmission errors, sabotage • Hash functions used here • Authentication ability to recognize sender • Non-repudiation sender cannot deny he/she sent the message**Applications of Crytography**• Digital Signatures no forgery • Identification login passwords, etc • Key Establishment Key exchange algorithms • Secret Sharing Example: Dividing the combination to a safe among employees so that at least two of them are necessary to unlock the safe. • E-Commerce Secure transactions, dual signatures • Electonic Cash • Games**Number Theory**• Number Theory is one of the oldest areas of mathematics • It is primarily concerned with the divisibility property of the integers • It is important that you pay attention to the precise definitions that will be presented • Definition: Integer n divides integer m if and only if there is an integer k such that m = kn. Notation: n | m • Be careful about the distinction between “n|m” and “n/m” • “n | m” is a statement (k s.t. m = nk). For specific integer values m,n it is either true or false • Thus “3 | 15” is a true statement and “4 | 15” is a false statement • “n/m” is an arithmetic expression. For specific integer values m,n it stands for the value obtained when n is divided by m • “3/15” represents the value 0.2 (or 0 if integer division is meant) • “n | m” = “n divides m (evenly)” • “n/m” = “n divided by m”**The Integer Division Theorem**• An important property of the integers is the following. • Integer Division TheoremLet m, n be integers with n > 0. Then there exists integers q and r such that (i) 0 r < n and (ii) m = qn + r. • The integer q in the Integer Division Theorem is called the quotient of m divided by n and r is called the remainder after division of m by n.**Prime Numbers**• DefinitionA positive integer p is a prime number if p > 1 and the only integers that divide p are p and 1. • If a number is not prime then it is said to be a composite number. • If m, a, b are integers with m = ab, then we say that a and b are factors of m. • Thus a number is prime if and only if it is greater than 1 and its only factors are itself and 1 • Fundamental Theorem of ArithmeticEvery integer m > 1 can be written uniquely as a product of primesp1, …, pk satisfying p1 . . . pk.**Modular Notation**• The remainder after division of m by n > 0 is an important value and has another, shorter name: m mod n. • Recall that 0 (m mod n) < n, and hence the possible values of m mod n are 0, 1, . . . , n-1 • You should remember that the C language provides an operator to compute m mod n: m % n. • Modular notation (and the modulus operator) can be used to implement one of the oldest ciphers known: the shift ciphers • One of the conventions of cryptography texts is to use lower case letters for plaintext and upper case letters for ciphertext.**Shift Ciphers**• The “key” of a shift cipher is an integer (the shift amount) • We will suppose we are using only the letters of the English alphabet • No punctuation or white space (tabs, spaces, newlines, …) are used • We also do not use capitalization • Thus instead of message “Watson, come here!”, we would have “watsoncomehere” • To encode messages using a shift cipher with key k we write the letters of the alphabet on two lines, lower case on the top and upper case on the bottom: • a b c d e f g h i j k l m n o p q r s t u v w x y zA B C D E F G H I J K L M N O P Q R S T U V W X Y Z • Next we shift the top row to the right by the shift amount, wrapping around to the beginning when we shift off the right end. For k = 4, we get • w x y z a b c d e f g h i j k l m n o p q r s t u vA B C D E F G H I J K L M N O P Q R S T U V W X Y Z • “watsoncomehere” then encodes to “AEXWSRGSQILIVI”**Shift Cipher Using Modular Notation**• In order to implement such a code on a computer, we first set up a correspondence between the letters of the alphabet and the integers from 0 to 25: a 0, b 1, . . . , z 25 • Then we express the encoding algorithm as ek(x) = (x + k) mod 26 • So: we convert the string of letters to a string of integers, apply the encryption function to each integer, then convert back to (capital) letters • The decryption function is equally simple: dk(y) = (y-k) mod 26.**Affine Ciphers**• Affine Ciphers are a generalization of Shift Ciphers • The key for an affine cipher is a pair (a,b) of integers • The encryption function is then e(a,b)(x) = ax+b (mod 26) • The encryption function must be one-to-one since we need to be able to decode a message • Thus we need to be able to uniquely solve the equation y = ax+b (mod n) for x in terms of y. • For n = 26, if we choose a = 4, then we have a problem • e(4,1)(1) = (4 1 + 1) mod 26 = 5 mod 26 = 5; and • e(4,1)(14) = (4 14 + 1) mod 26 = 57 mod 26 = 5 • Thus we cannot know whether a 5 in a message came from a 1 or a 14. • After developing a bit more mathematics, we will be able to answer the question of which values of a may be used in an Affine Cipher**Properties of Binary Operators**• Let be a binary operation on a set S, that is a function that associates with each ordered pair a,b of elements another element of S denoted a b • We say that is associative if for all elements a,b,c of S: a (b c) = (a b) c • We say that element e of S is an identity element for the operation if for every a in S, a e = e a = a. • Observation: if e and e are identity elements for , then e = e Proof: Since e is an identity element, e e = e. Since e is an identity element, e e = e. Thus e = e. • If binary operation set S has an identity element e, then say that element b of S is a -inverse of element a of S if a b = b a = e. • On the next slide we show that for associative operations, there can be at most one element that is the inverse of a given element.**Uniqueness of Inverses**• Let be an associative binary operation on a set S such that there is an element e of S that acts like an identity for . • That is, for every s S, s e = e s = s. • We wish to show that if s has an inverse, it is unique • So suppose that x and y are such that s x = x s = e and s y = y s = e • We need to show that x = y. • So: x = x e = x (s y) = (x s) y = e y = y and we are done.**Modular Arithmetic**• We define Zn to be the set of possible remainders arising from division by n • Thus Zn is the set of integers from 0 to n-1 • Examples: Z2 = {0,1}, Z3 = {0,1,2}, Z4 = {0,1,2,3} • If we add two integers from Zn, the result may not be in Zn. • However, if we add and then take the remainder after division by n, the result will be an element of Zn. • Thus we can define a binary operation n on Zn as follows: • Definition: If a,b Zn, then a n b = (a + b) mod n • Example: 5 8 6 = 3 • Why? Because (5+6) mod 8 = 11 mod 8 = 3 • Note that the Shift Cipher encryption rule with key k could be writtenek(x) = x 26 k**Modular Arithmetic**• A binary operation on a finite set can be defined using a Cayley table • This is a 2-dimensional table with the rows and columns labeled by the elements and the entry in the ath row, bth column equal to a b. • The Cayley table for 4 on Z4 would be: • The Cayley table may be used to verify that 0 is an identity element for 4 and that each element has an inverse relative to 4.**Modular Arithmetic**• We can also define a multiplication operator on Zn: • Definition: If a,b Zn, then a n b = (a b) mod n • The Cayley Table for 4 is: • We can see from the table that 1 is an identity element for 4 • Moreover, we can see thatthe 4-inverse of 3 is 3 and of 1 is 1 • However, 2 has no 4-inverse • The system (Zn, n , n ) satisfies a number of important properties**Properties of the System (Zn, n , n )**• For any a,b,c Zn: 1. a n ( b n c ) = (a n b ) n c ( Associativity of n ) • 0 n a = a n 0 = a ( Identity element for n ) • d Zn s. t. d n a = a n d = 0 ( Every element has an n-inverse) • a n b = b n a ( Commutativity of n ) • a n ( b n c ) = (a n b ) n c ( Associativity of n ) • 1 n a = a n 1 = a and 1 0 ( Identity element for n ) • a n b = b n a ( Commutativity of n ) • a n ( b n c) = (a n b) n (a n c) ( n distributes over n ) Any system consisting of a set with two operations satisfying properties 1, 2, 3, 4, 5, and 8 is called a ring If property 6 is satisfied as well as 1-5 and 8, it is a ring with identity If property 7 is satisfiedas well as 1-5 and 8, it is a commutative ring.**Inverse of an Element**• All the properties listed on the previous slide follow easily from the corresponding properties of the integers with the exception of property 3 • Now we know that every integer a has an additive inverse in Z, namely –a • But for a 0, –a is not an element of Zn. • So we are looking for an element d between 1 and n-1 such that a+d mod n is 0. • This means that a+d is a multiple of n. • The choice is obvious: n-a • Since 1 a n-1, we have n-1 n-a 1 and a + (n-a) = n, which is equal to 0 mod n. • Example: what is the additive inverse of 5 in Z9? • According to the above discussion, it is 9-5 = 4 • Verify: 5 94 = (5 + 4) mod 9 = 9 mod 9 = 0**Other Examples of Rings**• You should be able to verify that the set E of even integers under addition and multiplication form a ring. • Note that (E,+,) is a commutative ring that does not contain an identity element for multiplication (1 is not even!) • The set of 2 by 2 matrices over the real numbers is a ring with identity but is not commutative • A field is a commutative ring F with multiplicative identity 1F in which every nonzero element has a multiplicative inverse. • In other words: for every nonzero element a of a field, there is an element d such that ad = da = 1F. • The real number system and the complex number system are examples of fields • We will be particularly interested in finite fields.**When is Zn a Field?**• Now (Zn, n , n ) is a commutative ring with identity element • In order for it to be a field, every nonzero element must have an inverse • We showed earlier that 2 does not have a 4-inverse. • Thus (Z4, 4 , 4 ) is not a field • One might also note that 2 4 2 = 0, which leads to a general fact: • PropositionIf a and b are nonzero elements of Zn with a n b = 0, then a does not have a n–inverse in Zn. • proof. Suppose a has n–inverse d. • 1 = d n a b = (d n a ) n b = d n (a n b ) = d n 0 = 0 • Since 1 mod n is not zero, assuming a has a multiplicative inverse leads to a contradiction. • Thus a cannot have a multiplicative inverse in Zn. • CorollaryIf n > 1 is composite, then (Zn, n , n ) is not a field