EE 418 : Handout # 2

This lecture presents Euclidean algorithm, and then introduces Vigenère, Hill, permutation and stream ciphers. We define attack models for performing cryptanalysis on different ciphers, and show how statistical analysis of the English language can be used to cryptanalyze cryptosystems with large key spaces. Readings from Chapter 1 of D. Stinson. 1 The Euclidean Algorithm(s) Many of the crypto systems presented during the course requires finding the multiplicative inverse of an integer a, denoted as a−1 under modulo arithmetic with base integer b. The Euclid’s algorithm and the extended version become handy in solving them. We will first review the basic Euclid’s algorithm for finding the greatest common divisor between two integers a, b, with the assumption a > b. We then state the condition for the equation ax ≡ 1 modulo b to have a solution. We present the extended Euclidean algorithm that helps to find the a−1 under modulo arithmetic with base b. Lemma 1. Let a and b be integers. Then there exists a unique integer d satisfying the following properties: 1. d|a and d|b 2. If c is another integer such that c|a and c|b, then c|d. d is defined to be the greatest common divisor (gcd) of a and b. The Euclidean algorithm can be used to find the gcd of two integers. It is given by Algorithm 5.1 of Stinson (pg. 164), reproduced in Figure 1 for your convenience. The Euclidean algorithm finds the gcd through repeated integer division. First, r0 = a is divided by r1 = b and the remainder r2 is found. In the next step, r1 = b is divided by r2 and the remainder r3 is found. The process continues until the remainder of rm−1 divided by rm is zero. The gcd(a,b) = gcd(r0, r1) is the last non-zero divisor, namely rm. The steps of the division algorithm are shown below r0 = q1r1 + r2 (1) r1 = q2r2 + r3 (2) r2 = q3r3 + r4 (3) · · · · · · (4) rm−2 = qm−1rm−1 + rm (5) rm−1 = qmrm (6) (7) 2 EE 418: Cryptography and Network Security EUCLIDEAN ALGORITHM Input: Positive integers a and b Output: Greatest common divisor d of a and b r0 ← a r1 ← b m← 1 while rm 6= 0 qm ← b rm−1 rm c rm+1 ← rm−1 − qmrm m← m+ 1 end while d← rm−1 return d Fig. 1. The Euclidean algorithm. Finds the greatest common divisor of a and b. Assume a > b. The terms ri are the remainders at each step of the equations. The terms qi are the quotients. Now consider the equation ri = qi+1ri+1 + ri+2. The relationship between the divisor ri+1 and the remainder ri+2 is given by 0 ≤ ri+2 < ri+1. We also assumed that r0 > r1. Hence, we can write r0 > r1 > r2 > · · · rm. There are several interesting properties that are associated with this division algorithm. – Algorithm terminates in finite steps. – rm is the gcd(a,b) = gcd(r0, r1). The remainder sequence ri is non-negative and monotonically decreasing. The first term r0 is finite. Since each remainder is integer, the difference between any two adjacent remainders is at least one. Hence, the sequence must reach the limit value of 0 in finite steps. In the worst case, it will take r0 steps to terminate. To show that rm is the gcd(a, b). Let d = gcd(a, b). Then d|a, d|a. Hence d|r2. In addition, since d|r1, d|r2, and r1 = q2r2 + r3, we can conclude d|r4. By induction, lets assume that d|ri for all values of i < j. Then rj−2 = qj−1rj−1 + rj implies that d|rj . Hence, by induction, d divides all the remainders. In particular, d|rm, the last non-zero divisor. On the other hand, rm|rm−1 at the last step. Looking up one step above the last step, we have rm−2 = qm−1rm−1 + rm. Since rm divides the right hand side, rm|rm−2. Continuing this way up, by induction, lets assume that rm|rm−l for l < j. Then looking at rm−j = qm−(j−1)rm−(j−1)+rm−(j−2), the right hand side is divisible by rm. Hence, rm|rm−j . Hence, by induction, we have that rm|b and rm|a. Hence, rm is a common divisor of a, b. Since d=gcd(a,b), by definition, rm|d. We now have rm|d and d|rm. Hence, d = rm = gcd(a, b). Example: Let a = 87 and b = 24. Then we have: 87 = 3(24) + 15 (8) 24 = 1(15) + 9 (9) 15 = 1(9) + 6 (10) 9 = 1(6) + 3 (11) 6 = 2(3) (12) Therefore gcd (87, 24) = 3. When the gcd(a, b) =1, then, the Euclidean algorithm also allows one to find the multiplicative inverse of a under modulo b. the following lemma is key to finding the inverses.