Classical Two-Way Cryptography

AFFINE CRYPTOSYSTEM

E a ,b ( x) = ax + b , 0 ≤ a, b ≤ 25 and gcd(a,26) =1.

Da ,b ( y ) = a −1 y − a −1b .

KEYWORD CAESAR. The key consists of a number k, 0 ≤ k ≤ 25 , and a word or a short

sentence, referred to as the keyword. It is not necessary to require that the letters of the keyword are
distinct. We only write the keyword without repetitions.

VIGENÉRE is like the CAESAR system, only the key varies from step to step. The encryption and
decryption is done using the VIGENÈRE square:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y

A modification of VIGENÈRE is the AUTOKEY system. In AUTOKEY, the plaintext serves also
as the encryption key, with a certain shift.

1
HILL’S METHOD

We choose an integer d ≥ 2 and a d-dimensional square matrix M such that M-1 exists (i.e. det(M)
has an inverse mod 26).

MP = C

where P is a d-dimensional column vector whose components are plaintext letter encodings. C is d-
dimensional column vector where the components are encodings of the cryptotext letters.

P = M −1 C .

AFFINE-HILL CRYPTOSYSTEM

MP + B = C

P = M −1 (C − B )

2
Public Key Cryptography

RSA

Key generation

Let’s imagine that Alice wants to receive a private message from Bob through an insecure
transmission channel using RSA. She takes the following steps to generate a public key and a
private key:

1) Choose two large random primes p and q such that p ≠ q , independently of each other.
Typically the primes p and q have about 100 digits in their decimal representation.
2) Compute the product n = p ⋅ q .
3) Compute the value of Euler’s function ϕ (n ) = ( p − 1)(q − 1) .
4) Choose a large integer e such that 1 < e < ϕ (n ) and gcd(e, ϕ (n )) = 1 .
5) Compute an integer d such that d ⋅ e ≡ 1 mod(ϕ (n )) .

The public key consists of

1) the modulus n and

2) the public exponent e (called also the encryption exponent).

The private key consists of

1) the modulus n (which is also public and appears in the public key) and
2) the private exponent d (called also the decryption exponent), which must be kept secret.

Alice transmits the public key to Bob, and keeps the private key secret.

Encrypting messages

When Bob wishes to send a message M to Alice he turns M into a number m < n, using some
previously agreed-upon reversible protocol known as a padding scheme.

Bob now has m, and knows n and e, which Alice has announced. He then computes the cryptotext c
corresponding to m:

c ≡ m e (mod n )

Bob then transmits c to Alice.

Decrypting messages

Alice receives c from Bob, and knows her private key d. She can recover m from c by calculating:

c d (mod n ) ≡ m

Given m, she can recover the original message M.

3
DIGITAL SIGNATURE

The signature is generally formed by applying a so called hash function to the message, creating a
shortening of the message. It is called the message digest. The message digest is of a fixed length.
The message digest is used as the digital signature sA .

This means now that Alice sends to Bob the pair

(D(s A ), m )
where sA is obtained from m.

If both signature and secure transmission are required then Alice calculates the message digest sA
and sends the message to Bob in the form

(( E B ( D A ( s A )), E B (m))

where (
E B (D A (s A )) = s A
dA
(mod n A )) (mod n B )
eB

and E B (m ) = m eB (mod n B ) .

Bob receives the message and decrypts it using his own private key:

(E B (D A (s A )))d (mod n B ) =
B
(s A
dA eB
)
(mod n A )) (mod n B ) (mod n B ) ≡ s A d (mod n A )
dB
A

(E B (m ))d (mod n B ) = (m e
B B
) (mod n ) = m .
dB
B

How to handle the situation where n A > n B ? There are two ways to overcome this difficulty.

1) The signature is sent in the form

(
E B (D A (s A )) = s A
dA
(mod n A )) (mod n B ) if n A
eB
< nB

and in the form (

D A (E B (s A )) = s A
eB
(mod n B )) (mod n A ) if
dA
n A > nB .

2) All users agree upon a common threshold t. Each user chooses two RSA keys, one for signatures
(denoted by subscript s) and the other for encryption (denoted by subscript e). Each user takes care
that n s < t < ne . Alice’s keys for signature are denoted by (nAs , eAs ) and (nAs , dAs ) and her keys for
encryption are denoted by (nAe , eAe ) and (nAe , dAe ). Bob’s keys are (nBs , eBs ), (nBs , dBs ), (nBe , eBe )
and (nBe , dBe ). Now n As and n Bs are less than t and t is less than n Ae and less than n Be . Now Alice
sends her encrypted signature in the form:

(
E B (D A (s A )) = (s A )
d As
(mod n As )) (mod n Be ) .
eBe

Because n As < n Be we don’t face the difficulty of example 4.2.4.6.

4
DIFFIE-HELLMAN KEY EXCHANGE PROTOCOL

1) The users choose a large prime p and a primitive element a of Z *p = {1, 2,..., p − 1}. (This is
usually done long before the rest of the protocol.)

2) Each user chooses a number e, 2 ≤ e ≤ p − 1 , and keeps it secret. We denote the number of Alice
by e A and the number Bob by e B .

3) Alice computes the number a e A (mod p ) and sends it to B. Bob computes the number
a eB (mod p ) and sends it to Alice.

( ) (mod p ) = a (mod p ) . Bob computes (a ) (mod p ) = a (mod p ) .

4) Alice computes a eB
eA ea e B e A eB ea e B

Both Alice and Bob are now in possession of the group element a ea eB (mod p ) which can serve as
the shared secret key.

ELGAMAL

For the ElGamal algorithm, a large prime p and a primitive element a of Z *p are chosen. Both p and
a are published.

The key generator works as follows:

1) Alice chooses a random integer x A , 1 < x A < p - 1.

2) Alice computes her public key y A = a x A (mod p ) .
3) Alice publishes y A but retains x A as her secret key.

The encryption algorithm works as follows: (Now Bob wants to encrypt a message m to Alice.)

1) Bob converts m into a number of Z *p . (The same ideas as with RSA can be used.)
2) Bob chooses a random number k, 1 < k < p -1 and computes the key K = ( y A ) (mod p ) .
k

3) Bob computes c1 = a k (mod p ) and c 2 = m ⋅ K (mod p )

Bob sends the cryptotext (c1,c2) to Alice.

The decryption algorithm works as follows:

x x x A
( )
1) Alice computes K = (c1 ) A (mod p ) . [Note: (c1 ) A = (a k ) = a x A = ( y A ) = K (mod p ) ]
k k

2) Alice computes m = c 2 ⋅ K −1 (mod p ) . [Note: c 2 ⋅ K −1 = m ⋅ K ⋅ K −1 = m (mod p ) ]

5
MERKLE-HELLMAN CRYPTOSYSTEM

1. Key creation

a) A parameter n is fixed specifying the number of components in a and b respectively.

Also n determines the size of the message to be encrypted.
b) Choose a superincreasing vector a = (a1 , a 2 ,..., a n ) .
n
c) Choose an integer m with the property m > ∑ ai . m is called the modulus.
i =1
d) Choose a multiplier k such that gcd(k,m) = 1 and 1 ≤ k ≤ m.
e) Compute the vector b = k a (mod m ) . The superincreasing property of a is concealed
by modular multiplication.
f) The vector b is published as public key and ( a , m, k) is kept secret as the private key.

2. Encryption

a) The message is encoded into bits and the sequence of bits is divided into blocks of
length n. Every block is a vector x = ( x1 , x 2 ,..., x n ) where each xi is either 1 or 0.
b) The message block x is encrypted by calculating c = x ⋅ b = x1b1 + x 2 b2 + ... + x n bn

3. Decryption

a) Compute the inverse of k (mod m) and then calculate t = c k −1 (mod m ) .

b) Solve the knapsack problem (a , t ) . The solution is x = ( x1 , x 2 ,..., x n ) .