Cryptography Introduction and

Implementation
Understanding and Implmenting Cryptographic functions in Mathematica
and C++

Travis Melka
B.S. Mathematics, Michigan Technological University∗
[email protected]

February 2019

∗
I am no longer affiliated with Michigan Technological University, and this work is neither
authorized nor approved by Michigan Technological University
0.1 Introduction
This document will pertain to the introduction of cryptography, using both Mathematica
and C++ to implement various cryptographic functions, and will explain the prerequisite
mathematics either in the beginning, or before the topic they require. Question or
suggestions should be emailed to the author at ([email protected]).
This document is free and allowed to be used anywhere, by anyone, but the author
wishes to be notified when such a thing occurs. For example, if a teacher wishes to use
this in a class on Cryptography, that is allowed, but the author wishes to be notified. If
you wish to inquire regarding the original LATEX code- for example, for use an ”Intro-
duction to LATEX class” - the same applies, just inquire at the email above if you need
the original LATEX code.

2
1 Basic Mathematics Used in Cryptography

1.1 The Integers, Z

The set of numbers {1, 2, 3, ..} that we learned as young children can actually viewed as a
quite simple and useful mathematical structure, including the operations of addition (+)
and multiplication (·). This structure is commonly known in mathematical literature
as a ring, which we can look at as a group with regards to the addition operator, with
additional properties added on to include the multiplication operator in the structure.
We will define the properties in the following sections.

1.2 Defining Operators on Z

1.2.1 Z and the Addition Operator
Integers, including the operation of addition (+), can be viewed as an Abelian group
under group theory, meaning that the addition operation possesses the following prop-
erties, which are just a formalization of what we learned in grade school. First, we let
{a, b} ∈ Z for the properties below (Note that ”∈” means ”in the set of”, so a ∈ Z means
that a is in the set of Integers):

1. Closure Property: If a ∈ Z, b ∈ Z, then c = a + b ∈ Z.

2. Commutative Property: a + b = b + a.

3. Associative Property: Let d = a + b, and e = b + c. Then, d + c = a + e. This is

sometimes written as (a + b) + c = a + (b + c)

4. Identity Element: There exists (∃) an element ω ∈ Z such that for any a ∈ Z,
a + ω = a. We denote this element as 0.

5. Inversion Property: If a ∈ Z, then ∃ b ∈ Z such that a + b = 0. b is commonly

denoted as −a, and pronounced the ”inverse of a”.

These are all the properties we need to define an Abelian group. If we did not have
property 4, the commutative property, we would just have a regular group, an example
of which are matrices over the real numbers, which will be discussed later.

3
1 Basic Mathematics Used in Cryptography

1.2.2 Z and the Multiplication Operator

The multiplication operator is defined slightly different than the addition operator. This
is because, we cannot cleanly define an inverse for all elements of Z. For example, there is
no element that can be multiplied to solve the equation 3b = 1, which defines the inverse
element in multiplication. This is because 1 is the identity operator for multiplication,
because ∀a ∈ Z, a · 1 = a (∀ is the formal mathematical symbol for ”for all”), which
defines the identity operator, as stated in the properties below. This is what makes the
Integers with regards to the multiplication operator not a group. The properties of this
operator are as follows, again with {a, b} ∈ Z:

1. Closure Property: a · b = c, then c ∈ Z.

2. Commutative Property: a · b = b · a.

3. Associative Property: Let d = a · b, and e = b · c, then a · e = d · c.

4. Identity Element: ∃ ω ∈ Z such that ∀ a ∈ Z, ω · a = a.We denote this element as

1.

5. Zero Divisors: The only element that exhibits the property that α · β = 0 is 0.
This can also be stated that if α · β = 0, then either α or β is 0.

In addition we may mix the addition and multiplication operators, so we need to

establish the following property

1. Distributive Property: a·(b+c) = a·b+a·c. Since both operations are associative,

their combination is also associative, meaning that a·(b+c) = (b+c)·a = a·b+a·c.

Proof of Associativity of the Distributive Property: a · (b + c) can also be

written as a · d, where d = b + c. By the associative property, this is also equivalent
to d · a, which we can expand into (b + c) · a. Therefore, a · (b + c) = (b + c) · a.

2. We can also say that that a · 0 = 0 ∀ a.

Proof : Recall that, in the addition section, we defined 0 as the additive identity.
So, 0+a=a. Multiplying this by b, we get, using the distributive property 0·b+a·b =
a · b. Subtracting (adding the inverse of) a · b, we get:

0·b+a·b−a·b=a·b−a·b

0·b=0
Hence 0 · b = 0 ∀ b.

4
 1.3 Divisibility

This combination of these two operators in this way is what defines a ring. In fact, it
defines a commutative ring, as both operations possess the commutative property. In
addition, since the multiplication operator possess no zero divisors, we call this special
type of commutative ring an Integral Domain. This is important because we use
integral domains to entertain the concept of divisibility, which will be discussed in the
next section.

1.3 Divisibility
Divisibility will be a very important concept throughout this document, it will be seen in
quite a few cryptographic systems, especially the older ones. Divisibility is quite a simple
concept in and of itself, and can be defined as follows: If {a, b, c} ∈ Z, then a divides b
if we can find an element, c such that a · c = b. Symbolically, we denote this relationship
as a | b. This is obviously true only for some numbers, because some numbers are not
divisible by others. For example, take a = 3 and b = 16. Then @ c ∈ Z such that a·c = b,
so we say that b is not divisible by a, or a does not divide b, symbolically a - b (Note
that @ means ”does not exist”).
Divisibility has several properties we can prove. Here is a list of some of them and
their proofs:
1. All numbers divide both 0 and themselves: ∀a ∈ Z, a | 0 and a | a. In addition,
1 | a ∀a.
Proof : Recall that a · 0 = 0 by the definition in section 1.1.2. We now need to find
a number, η, such that a · η = 0. In fact, as we stated in 1.1.2, we know that η = 0,
so a | 0. For the second part, we need find a number b such that a · b = a. Recall
that in section 1.1.2, we also dealt with this case, and defined b as the identity
element 1, so there exists a number η such that a · η = a, where η = 1. Therefore
a | a, and so does 1.

2. If a | b and b | c, then a | c.
Proof : If a | b, then ∃ α such that a · α = b. Similarly, if b | c, then ∃ β such that
b · β = c. Substituting the expression for a into b, we get:

b·β =c

(a · α)β = c
a·α·β =c
By the properties discussed in 1.1.2, ∃ γ such that γ = α · β, so a · γ = c, meaning
we have shown what we wanted to show, that a | c.

3. If a | b and a | c, then ∀{α, β} ∈ Z, a | (αb + βc).

Proof: If a | b, and a | c, then ∃`1 , `2 such that a · `1 = b and a · `2 = c. Plugging
this into the statement gives the following:

α · b + β · c = α · ·a · `1 + β · a · `2 = a · (α · `1 + β · `2 )

5
1 Basic Mathematics Used in Cryptography

Now, let η = α · `1 + β · `2 . This gives us α · b + β · c = a · η, which is the definition

of divisibility by a, so we are done.

4. If a | c or a | b, then a | b · c.
PROOF: If a | c, then a · j = c. Multiplying both sides by b, we get

a·j·b=c·b

a·ω =c·b
As multiplication is closed.

1.4 Prime Numbers

The majority of integers have at least one integer less than or equal to them that divides
into them. However, some integers, such as 2,3,5,7,11, and 13, have no numbers less
than them that divides them. We call these numbers prime numbers, and they are
a fundamental concept within the integers. 1 is not considered a prime number by
definition.

1.4.1 Primes and the Fundamental Theorem of Arithmetic

All numbers that are not prime, or in other words, that have a divisor besides 1 and
themselves, are called composite numbers. A corollary of this is that any number n that
is composite must be expressible as the product of two or moreQother integers (which will
be inherently < n). Symbolically, this can be written as n = ji=1 aωi i , where j depends
on what number we are finding the factors of. We call this a factorization of n.
We can use prime numbers to construct all the integers,as breaking down the composite
numbers over and over will lead to a factorization containing only primes(for example,
300 = 30 · 10 = 5 · 6 · 10 = 5 · 3 · 2 · 5 · 2 = 22 · 3 · 52 )It can be proven this prime factorization
is unique, up to permutation of the prime factors (30 = 2 · 3 · 5 = 5 · 3 · 2 = 3 · 5 · 2 are
all considered the same factorization, as the only difference is the order of the factors).
This Unique Factorization Theorem is sometimes called the Fundamental Theorem of
Arithmetic.

THEOREM: Every positive integer has a unique factorization into primes, up to

permutations of those factors.

PROOF: Suppose the above theorem is false. This implies ∃ ω ∈ Z such that ω is
not a product of primes, and is > 1. This means ω is not prime (otherwise it would be
a factor of itself), so ω is composite. This means ∃ a, b ∈ Z such that ω = a · b. But
neither a nor b are prime, so have their own factorization into primes. This means that
ω IS a factor of primes, So our assumption that the theorem is false is not correct. So
the theorem must be true.
To prove uniqueness of this factorization, however, we require a lemma which will be
proven in the near future.

6
 1.4 Prime Numbers

LEMMA: If p is a prime, and divides a product of integers c = ki=1 ai , then p

Q
divides at least one (∃ai such that p | ai ) of these integers.
Let us now continue with our proof. Assume that two different prime factorizations
of a number, β, exist. This means:
k `
aji =
Y Y
β= bzi
i=0 i=0

Where j, z > 0, and ai 6= bj ∀ i, j. But by the lemma, since ai | n, it must divide one
of the bj . This can only occur if ∃ η such thataη = bj . This contradicts the assumption
that ai 6= bj ∀ i, j, hence the two factorizations must be the same. This means that such
a factorization is unique.

1.4.2 The Prime Number Theorem and the Prime Counting Function
It was shown in the time of the Ancient Greeks, said to have been proven by Euclid
(though this isn’t known for certain, he could have gotten his arguments from someone
before him), but how many are there up to a certain number, say x? A theorem proven
in 1896, independently by Hadamard and Poussin, answers that question

Prime Number Theorem: Let π(x) denote the number of primes less than x (The
”prime counting function”). Then, we can prove the following relation:
x
π(x) ∼
ln (x)

Speicifcally, this is proven to be an asymptotic equality ( which is what ∼ means),

meaning that the ratio π(x)x ,→ 1 as x ,→ ∞. Hence the prime number theorem, for all
ln (x)
practical purposes, is an approximation.
So, how can we use this? If we want to know approximately how many prime number
150 150
exist upto, say, 10150 , we calculate π(10150 ) = ln 10 (10150 )
= 15010ln (10) ≈ 2.89 · 10147 prime
numbers, which is alot! How about how many 150 digit primes? We can take the number
we just calculated (π(10150 )), and subtract from that the number that do not have 150
150 149
digits (π(10149 )), so we have 15010ln (10) − 14910ln (10) ≈ 2.60 · 10147 . Then, if we look at
π(10150 )
≈ 0.8997, we can therefore see that ≈ 89.97% of the primes up to 10150
π(10150 )−π(10149 )
are 150 digit primes.
x
We can also get the density of primes around a number by calculating Π(x) = π(x) =
x ln x(x) = ln (x).So for 150 digit numbers, we have, on average, one prime number in
ln (10150 ) = 150 · ln (10) ≈ 345 numbers.
A third way to use this is to find the nth prime number, by doing (the prime you
want)·(average distance between them), so if we want the, say 100, 000th prime, we can
say that it is approximately p100,000 ≈ 100, 000 · ln (100, 000) ≈ 1, 151, 292 (the actual
100, 000th prime is 1,299,709- this approximation gets better the larger n gets). In a
general form, pn ∼ n ln (n).

7
1 Basic Mathematics Used in Cryptography

1.4.3 The GCD function

Say we have two numbers, a = b · c · d · g and e = b · f · g, b > c > d > f > g.
The largest number that divides both numbers is obviously g. We candefine a function,
called the greatest common divisor function, that lets us see what the largest divisor of
two numbers is (This will be our first algorithm in the book!). We define the greatest
common divisor as such (∧ means AND in the statement below).

gcd(a, b) = {k ∈ Z : k | a ∧ k | b ∧ k ≥ j ∀ j | a ∧ j | b}
We call two numbers relatively prime if their gcd is 1. There are several ways to find
the gcd of two numbers, but we will talk about two main ways.

1. Factor the number into it’s prime factorization, Qkandj look for Qkthe highest number
that occurs in both factorizations. So, if β = i=0 ai , ω = i=0 bi , then we look α

for the largest aji ·aks ·... in β that also occurs in ω (afi ·aks ·... = b`i ·bqt ·..., where f, `, t, q
do not necessarily equal ji , αw ). For example, 300 = 22 · 3 · 52 , and 720 = 24 ∗ 32 ∗ 5.
The largest number that divides both of these is 22 ·3·5 = 60, since it contains all of
the prime factors that occur in both numbers. Hence, gcd(300, 720) = 22 · 3 · 5 = 60

2. First, we will need the following Lemma, which is proven in the next section:
∀z ∈ Z, ∃{k, q, r} ∈ Z, with{k, q} ≤ z such that z = k · q + r. Using this, we can
use a process called the The Euclidean Algorithm to factorize the number. This
process is much faster than finding the prime factorizaiton for very large integers.

The Euclidean Algorithm has the following steps

1. If a > b, switch a and b. If not, proceed to step 2.

2. Find the euclidean division of a. That is, fine {qk , rk } such that a = qk · b + rk

3. If rk = 0, then b | a and gcd(a, b) = b. If not, set a = b, and find the euclidean

division of b with respect to rk (Find {qk+1 , rk+1 } such that b = qk+1 · rk + rk+1 .
Go back to step 2.

This process can be looked at the following sequence of steps

a = q1 · b + r1

b = q2 · r1 + r2
r1 = q3 · r2 + r3
...
rk−1 = qk+1 · rk + rk+1
rk = qk+2 · rk+1
This leads us to the conclusion that gcd(a, b) = rk

8
 1.4 Prime Numbers

For a example done by hand, we will use the numbers we used before, 300 and 720.

720 = 2 · 300 + 120

300 = 2 · 120 + 60

120 = 2 · 60
So, as we found before, gcd(300, 720) = 60.
Note that, this works because gcd(a, b) = gcd(a − b, b) = gcd(b, a − b). We can
prove this. Let d = gcd(a, b), So d | a, d | b, so a = α · d, and b = β · d. Hence,
a − b = α · d − β · d = d · (α − β), so d | (a − b). Let e = gcd(b, a − b), then e | b and
e | (a − b). Similarly, b − (a − b) = e(ω − η) = −a. so e | a, and e | b. This implies that
d ≥ e, because both are a common factor, and d = gcd(a, b). Since d | (a − b) and d ≥ e,
then, since e = gcd(b, a − b), if d > e then d would be the gcd(b, a − b) and not e, so d
must equal e.
There is another way to code this with recursion, utlizing modular arithmetic, which
will be introduced in the next section. However, without recursion, we can do this in a
simple loop. For now, just think of a%b as the remainder of ab (It basically is, but we
will dicuss this in detail in the next section).

The actual calculation of the gcd is the final WHILE loop, the rest is just taking care
of the cases that could affect the program- such as a < b and a < 0 || b < 0. This is

9
1 Basic Mathematics Used in Cryptography

an even simpler program to implement in Mathematica, although there is a built in gcd

function, called GCD.

In addition, we could also apply the recusrive function method in Mathematica, and it
would be similar to the C++ code above.

Bezout’s Identity

1.5 Congruence Relations and Modular Arithmetic

We will begin discussing this topic with the proof of the lemma, as promised in the
previous section. Consider {a, b} ∈ Z suc that b - a. As you should recall from
grade school, we end up with a remainder when we try to divide these two numbers,
such as ab = 165 = 3 with a remainder of one. We can write this mathematically as
16 1 1
5 = 3 + 5 → 16 = 5 · (3 + 5 ) = 3 · 5 + 1 = 15 + 1.This implies that we can write, for any
integer A = k · q + r, where q is the quotient (in the above example, the quotient was
5) and r, the remainder, in the above example r = 1. We can actually prove this is the
case, and that it is unique, which will be demonstrated below:
Prove that, for{A, k, q, r, Γ} ∈ Z A = k · q + rfor some 0 < r < A.

PROOF OF EXISTENCE: Let us look at the following set of numbers

S = {A − γq : γ ∈ Z} = {..., A − 2q, A − q, A, A + q, A + 2q, ...}

Now, let r be the smallest non-negative element of S. This means ∃ Γ such that
r = A − Γq, rearranged to A = r + Γq. If r is the smallest non-negative element of the
set S, this means that all other elements of the set are at least q units away from r. This
means that r < q, and since r is non-negative, 0 < r < q. We can do this for any A ∈ Z
we want to, as we didn’t specify what integer A was. Hence we have shown that such
an r exists, independent of A.

PROOF OF UNIQUENESS: Now, all that’s left to show is that this is the only
r that satisfies the above conditions. Suppose another set of {q, r} exists that satisfies
A = k · q + r. Let’s denote these new q and r as Q and R. So we have

A = k · q + r, A = k · Q + R

Equating the two, we get k · q + r = k · Q + R. Rearranging, we get:

r−R=k·Q−k·q

10
 1.5 Congruence Relations and Modular Arithmetic

r − R = k · (Q − q)
Since r and R are both between 0 and k by definition, their difference, r − R, is as well.
This implies the following: k > r − R = k · (Q − q) ≥ k which gives us the absurd
statement, k > k, which is obviously false, except for one case: if r − R = Q − q = 0,
then we have that k > 0 = 0 ≥ k → k ≥ k which is true. r = R and q = Q follows from
this statement. So, we have shown that ∃ ∀ A ∈ Z a pair of integers {q, r} exist such
that A = k · q + r and that these {q, r} are unique when 0 < r < A.

We can view this as the foundation of discussing Congruence relations and modular
arithmetic. If we can write A = k · q + r, r 6= 0, then we can define the congruence
relation between A and q as
A ≡ r mod q
Another way to say this is that we define A ≡ r mod n if n | A − r. These are
equivalent statements,because n | A − r → A − r = k · n for some k. Rearranged,
A = k · n + r, which is the form of breaking down A we just discussed above. Note that
if A ≡ 0 mod n, then n | A − 0 → n | A, meaning A is a multiple of n.

11