AN INTRODUCTION TO

CRYPTOGRAPHY

Allison Mackay

Advisor Dr. Mihai Caragiu

CONTENTS
1. Rudiments of number theory
2. Euler’s Phi function
3. Classical cryptosystems and one time pad
4. Modular exponentiation
5. The RSA cryptosystem

2000 MATHEMATICS SUBJECT CLASSIFICATION: 11T71, 11A07

 1. Rudiments of Number Theory

1.1. Residue class rings – abstract definitions

Let n ≥ 2 . Define n to be the set of all possible remainders

when dividing by n , that is,
= {0,1,..., n − 1}
n
On n we have an addition modulo n
( i, j ) i + j ( mod n ) ,
a multiplication modulo n
( i, j ) i ⋅ j ( mod n ) ,
two distinguished constants:
0,1∈ n,
and an “opposite” function
x − x ( mod n ) .
Together with these operations,
( +, ⋅, −,0,1)
n is a commutative ring with identity, that is, the
following axioms are satisfied:

x+ y = y+x x⋅ y = y⋅x
x + ( y + z) = ( x + y) + z x ⋅( y ⋅ z) = ( x ⋅ y)⋅ z
x + (−x) = 0 x ⋅1 = x
x+0= x x ⋅( y + z) = x ⋅ y + x ⋅ z
Examples
In 2 = {0,1} we have 1 + 1 = 0 and ( x + y ) = x 2 + y 2
2

In 7 = {0,1, 2,3, 4,5,6} we have 3 + 4 = 0 and 3 ⋅ 4 = 5

In 6 = {0,1, 2,3, 4,5} we have 3 + 4 = 1and 3 ⋅ 4 = 0
In 80 = {0,1,...,79} we have 34 = 1

1.2. Invertible elements in n

An element x ∈ is called “invertible” if there exists

n
an element y ∈ n such that
x⋅ y =1
Note that in the case that such an element y exists, it
is necessarily unique, and is denoted by x −1 .

Examples
−1
3∈ 14 is invertible and 3 =5
−1
7∈ 19 is invertible and 7 = 11
2∈ 4 is not invertible.
Finding inverses in n
d = gcd ( a, b ) ⇒ ∃x∃y ( d = ax + by )
Example:
a = 37, b = 29 ⇒ d = gcd ( a, b ) = 1,
x = 11, y = −14
1 = 37 ⋅11 + 29 ⋅ ( −14 )

EXTENDED EUCLIDEAN ALGORITHM

q r x y
– 37 1 0
– 29 0 1
1 8 1 –1
3 5 –3 4
1 3 4 –5
1 2 –7 9
2 1 11 –14

To find the inverse of a ∈ n , run the Extended

Euclidean Algorithm to find d , x, y such
that d = gcd ( a, n ) andd = ax + ny . If d > 1then a has
no inverse. If d = 1, then a −1 = x mod n .
For example the inverse of 29 in 37 is −14 mod 37 ,
that is 23:
29−1 = 23 in 37
 2. The Euler’s Phi Function.
Definition

φ ( n ) = number of invertible elements in n

Example
φ (10 ) = 4 , because the invertible elements in 10 are
precisely 1, 3,7,9 .

Equivalently

φ ( n ) = #{ x = 0,..., n − 1| gcd ( x, n ) = 1}

⎛ 1 ⎞⎛ 1 ⎞ ⎛ 1 ⎞
THEOREM φ ( n ) = n ⎜ 1 − ⎟⎜ 1 − ⎟ ...⎜1 − ⎟
⎝ p1 ⎠⎝ p2 ⎠ ⎝ pk ⎠
where p1 , p2 ,..., pk are all prime factors of n .

⎛ 1 ⎞⎛ 1⎞
Example: φ (10) = 10 ⎜1 − 2 ⎟⎜1 − 5 ⎟ = 4
⎝ ⎠⎝ ⎠
PROOF. We want to count the number of elements
x ∈ {0,1,..., n − 1} satisfying the gcd ( x, n ) = 1.
Note that the condition gcd ( k , n ) = 1is equivalent to
p1 | x,..., pk | x
Let Ai be the set of elements x ∈ {0,1,..., n − 1} with pi | x .
Then the union A1 ∪ A2 ∪ ... ∪ Ak represents the set of all
elements x ∈ {0,1,..., n − 1} which are divisible by at least
one of the primes p1 ,..., pk , that is, which are NOT
relatively prime to n . By the inclusion-exclusion principle

A1 ∪ ... ∪ Ak = ∑ Ai − ∑ Ai ∩ Aj +
i i< j

+ ∑ Ai ∩ Aj ∩ Al + .... + ( −1)
k −1
A1 ∩ A2 ∩ ... ∩ Ak =
i < j <l

n n n n
=∑ −∑ +∑ + ... + ( −1)
n −1
=
i pi i< j pi p j i < j <l pi p j pl p1 p2 ... pk
⎡ ⎛ 1 ⎞⎛ 1 ⎞ ⎛ 1 ⎞⎤
= n ⎢1 − ⎜ 1 − ⎟⎜ 1 − ⎟ ...⎜ 1 − ⎟ ⎥
⎣ ⎝ p1 ⎠⎝ p2 ⎠ ⎝ pk ⎠ ⎦

Therefore
⎛ 1 ⎞⎛ 1 ⎞ ⎛ 1 ⎞
φ ( n ) = n − A1 ∪ ... ∪ Ak = n ⎜1 − ⎟⎜1 − ⎟ ...⎜1 − ⎟
⎝ p1 ⎠⎝ p2 ⎠ ⎝ pk ⎠
SPECIAL CASE

n = pq, with p, q distinct primes

Then

⎛ 1 ⎞⎛ 1 ⎞ p −1 q −1
φ ( n ) = n ⎜1 − ⎟⎜ 1 − ⎟ = pq ( )( ) = ( p − 1)( q − 1)
⎝ p ⎠⎝ q ⎠ p q

If n = pq, with p, q distinct primes and if we know n

and φ ( n ) then we can factor n .

Indeed, since
φ ( n ) = ( p − 1)( q − 1) = pq + 1 − ( p + q ) = n + 1 − ( p + q ) ,
it follows that p + q = n + 1 − φ ( n ) . Once we know the
product pq = n and the sum p + q = n + 1 − φ ( n ) , the
primes p, q can be determined by solving a quadratic
equation, x 2 − ( n + 1 − φ ( n ) ) x + n = 0 .
 EULER’S THEOREM

Let n ≥ 2 be an integer and let a ∈ n be an invertible

element. Then

φ(n)
a = 1 in n

Example: Let n=10 and let a=3 (an invertible element

in 10 ). Then φ (10) =4 (see previous example) and
34 = 81 = 1 in 10 .
PROOF: The set consisting of the invertible elements of n form a
group under multiplication – the group U ( n ) of units of the
ring n. ( n ) = U ( n ) and since any element x of a
Sinceφ

finite group ( G , ⋅) satisfies x = 1, the result follows.

G

SPECIAL CASE – FERMAT’S THEOREM

Let p be a prime number, and let a ∈ p , a ≠ 0 . Then

a p −1 = 1 in p
 3. Classical cryptosystems

Letter – by letter encryption by using an affine

cryptosystem: the encryption formula is given by a
function of the form f : 26 → 26 x ax + b ,
where 26 is the (numerical representation of) the
alphabet, while a ∈ 26 is an invertible element in the
ring 26 (that is, a ∈ {1,3,5,7,9,11,15,17,19, 21, 23, 25} ).

THE ALPHABET

A B C D E F G H I J K L M N O
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14

P Q R S T U V W X Y Z
15 16 17 18 19 20 21 22 23 24 25

Example: the affine encryption x 9 x + 20 mod 26

transforms the plaintext “FRIDAY” into the
cyphertext “NROVUC”.
Decryption: inverting a linear function
f : n → n , f ( x ) = ax + b
a, b ∈ n , a invertible

ax + b = y ⇒ ax = y − b ⇒ a −1 ( ax ) = a −1 ( y − b ) ⇒ x = a −1 y − a −1b

Thus the inverse of f is given by

f −1 : n → n , f −1 ( x ) = a −1 x − a −1b

Example: For the affine encryption

x 9 x + 20 mod 26
the decryption formula will be given by
x 9−1 x − 9−1 ⋅ 20
that is,
x 3x + 18 mod 26

Double Letter Encryption uses a similar process, but

it is more difficult to perform a frequency analysis on
blocks of two letters especially on short messages,
and is therefore more secure. Blocks of two letters
( qx ) or digraphs from AA to ZZ can be changed to
numerical code using the form:
( qx ) → q(26) + x ∈ 262
= 676
For example, the message “MEET ME AT FOUR”
would be broken up into digraphs as ME ET ME AT
FO UR, and disregarding spaces would become:

316 123 316 19 144 537

This numerical code would then be encrypted using a

formula such as:
x 103x − 5mod676

The encrypted numerical code would be:

95 496 95 600 631 550

Finally, this numerical code is translated into the

scrambled plaintext:

“DR TC DR XC YH VE”

To decode this message the receiver would use the

decryption formula:
x 103−1 x + 103−1(5)mod676
or
x 571x + 151mod 676 ,
and then divide that numerical code by 26 to get the
decrypted digraph ( qx ) ( q being the quotient and
x the remainder).
Double letter encryption follows this pattern:
Digraph ( qx )
↓
Numerical Code

↓
Encryption with Key
↓
Numerical Code
↓
Encrypted Message

Multiple letter encryption also follows this pattern for

triples of letters using Z26 , quadruples using Z 26 ,etc.
3 4

( letterk −1 )( letterk − 2 ) ... ( letter1 ) ( letter0 )

↓
↓
k −1

∑ ( letter ) ⋅ 26 ∈ {0,1,..., 26
i =0
i
i k
− 1}
For example: The quadruple “four” would be
encrypted by:
r (260 ) + u (261 ) + o(262 ) + f (263 ) =
17(1) + 20(26) + 14(676) + 5(17576) = 97871∈ 264

The One-Time Pad

The One-Time Pad, which is also known as the Vernan

cipher was created by Gilbert Vernan (AT&T) in 1917
(U.S. Patent 01310719). It is the only currently known
unconditionally secure cryptosystem. The inconvenience
lies in the fact that the persons communicating secretly
have to trade pads, and also in the fact that the length of the
key must be at least equal to the length of the message to be
encrypted.

Using MATLAB to generate a (quasi)random sequence of

elements of 26 :
 function otp = otp(n)
n=input('enter n: ');
x=rand(1,n);
for I=1:n;
y(I)=floor(26*x(I));
end
otp=y;

The one-time pad would basically add, term-by-term,

the terms of the random sequence to the terms of the
sequence representing the numerical values of the letters in
the plaintext. The unconditional security of the one-time-
pad is contingent on the good randomness properties of the
key.
 The advantages of the one time pad compared with
other classical systems are evident especially in short
messages. Consider a battle in which a general wished to
send a message of either “ADVANCE” or “RETREAT”.
Using the affine cryptosystem, the two A’s in advance or
the two E’s in retreat would be encrypted to the same letter
and simply by looking at their placement, one could easily
break the code. However, with the one time pad, the
encryption is completely random and without the key, it
would be impossible to decipher which seven letter
message the general had sent.
A RANDOM SEQUENCE OF ONE THOUSAND LETTERS

First we used the "otp" program to generate a random sequence of 1000

elements of 26 . A second program translates each element of the random
string generated previously into a letter (viewed as a string of length one).
Finally a third program is used to concatenate the one thousand strings of
length one into a single character string of length 1000.

iybvexpdtqqusyjiibejzrcdpunmukmawzfanqrxgdzvelqsyazk
unwkqkxzwsnyiijgqwxocygtnnusmzasncbmhvpcgkkutiamf
tyyoegnvlrjkzarkxtuwufuszsebmthhgwfoduobtiuvdvzmkmo
eznrlhljqglumzpfnfivkvukwadbekfktyirkeqkdgyhfrnmirfog
ghvonfgzfvbyrhbimgzwyaukvmkeychvidvkfnycbjuzxxvpfl
skeqqbdloiralavaicjawqsyzmylyzjiadnpgwofhakhibgiyoyxz
bzvhcxhonqfsasbbdscbvamyxjkrafyeotephcovvlrqzjcaxvas
olyoejvcswfdxfcqauvktnceddibzkexilmcwrvhbkfvnjmnnfyk
uzmjssvgadhemycqdduiujueqjxnkvhhfocqlmovutqbqyawdk
kksgrfnqpldtcwchsgvtbbzrvayqhkfpdvlmzqrycmkxurwaupi
vujnqelysqxyoazblxnoetvrlaidhkbqwkehtjaiqveailyzzglmiw
doibgvdvkzrhckcazxqicpltiuxnrquigmuqszjfiypgviaevcbtqo
irvxypzllyvphnrhjzqqnmkgfuebtbmmgqlgjpzwedpxgvwwjc
teoixgchjxzgiaimitdezrtxmwbprhbyqaxmwztwsnfkotkaggo
pbmdrmcqcwpveybqwnchpeobvfdzqtssgshulbmrxfzbzpuoz
rptxcatqadjzfcmrhalzhzvhswylkwsgsmmirgxmqhrdyvgrzoz
yibbekpbofnequaupyrarqtjzsmvesjhjvrtsbcthhkmbnlyqcmb
exsdkztswvlgrehuijymdmysjbdtmkqngypfzrtkypatcnxjexjtj
mzigjuujobljtezrxjkkkjbdznxdvbedvobjhonczluqwqygjblqc
opbfgycfopakugokecpoo
 4. MODULAR EXPONENTIATION

Assume we are given an element a∈ n and we want to calculate

the power aK ∈ n for some very large K .

Calculating a, a 2 , a 3 = ( a 2 ⋅ a ) , a 4 = ( a 3 ⋅ a ) ,..., a K will take

a substantial amount of time (we will need about K multiplications,
which for an extremely large K (think about 100 digit numbers) is
unfeasible.

THE FAST EXPONENTIATION BY REPEATED SQUARING

⎛
( ) ( ) ⎞⎟⎠ ,
⎞ , a 22 = ⎛ a 21
2 2
a = a, a = ⎜ a
20 21
20
⎟ ⎜
⎝ ⎠ ⎝

( ) = ⎛⎜ ( a ) ⎞⎟
Calculate ,
⎛
a =⎜ a
23 22 ⎞ ,..., a 2t
2
2t −1
2
⎟
⎝ ⎠ ⎝ ⎠
t
where 2 is the largest power of 2 that is less than or equal to K .

By using the base 2 expansion of K , we get

K = 2d1 + ... + 2dr with 0 ≤ d1 < d 2 < ... < d r ≤t.

Then we multiply ( in n ) and we get, by using exponent laws,

dt
a K = a 2 ⋅ a 2 ⋅ ... ⋅ a 2
d1 d2
It turns out that the above exponentiation algorithm is much more
( )
efficient (we need about O log 2 K multiplications!)

EXAMPLE: a = 1217, K = 5613, n = 315703

We need to compute a = 1217 ∈ 315703
5613

Write the exponent K in base 2: 10101111011012

That is,
5613 = 20 + 22 + 23 + 25 + 26 + 27 + 28 + 210 + 212 =
1 + 4 + 8 + 32 + 64 + 128 + 256 + 1024 + 4096
⇒ 12175613 = 1217 2 ⋅1217 2 ⋅ ...
0 2
Then, in 315703 we have:

1217 2 = 1217 P → 1217

0

1217 2 = 1217 2 = 218277

1

1217 2 = 218277 2 = 214781 P → 1217 ⋅ 214781 = 302096

2

1217 2 = 2147812 = 39898 P → 302096 ⋅ 39898 = 117074

3

1217 2 = 398982 = 75878

4

1217 2 = 758782 = 310976 P → 117074 ⋅ 310976 = 18561

5

1217 2 = 310976 2 = 245319 P → 18561 ⋅ 245319 = 297293

6

1217 2 = 2453192 = 211683 P → 297293 ⋅ 211683 = 269505

7

1217 2 = 2116832 = 71481 P → 269505 ⋅ 71481 = 289845

8

1217 2 = 714812 = 196009

9

1217 2 = 1960092 = 51496 P → 289845 ⋅ 51496 = 51686

10

1217 2 = 514962 = 248519

11

1217 2 = 248519 2 = 84065 P → 51686 ⋅ 84065 = 278904

12

THEREFORE a = 12175613 = 278904 ∈ 315703

 5. THE RSA CRYPTOSYSTEM

5.1. THE RSA SETUP: WHAT SHOULD ALICE DO?

To set up an RSA cryptosystem, Alice will have to do the

following:

• First she will pick up two large primes p, q (these will

not be made public) and will calculate the product

N = pq
The large number N will be made public.
• Next she calculatesφ ( N ) = ( p − 1)( q − 1) and keeps
φ ( N ) for herself.
• She then picks up an integer e which is
invertible mod φ ( N ) . The number e will be made
public. This will be Alice’s public encryption key. In a
public directory everybody could see the numbers e
and N .
• Finally she uses the Extended Euclidean Algorithm to
calculate the inverse d = e −1 mod φ ( N ) . This will
be the private decryption key for Alice.
 Now assume that Bob wants to send Alice a message.
We will assume the message is represented by an element
x ∈ N (if the message is large, Bob will break it into
pieces, each piece of the message being represented as an
element of N ).

First Bob looks up in the public directory under the user

“Alice” and finds out the numbers N and e .

Then Bob uses fast exponentiation to compute the power

y = xe ∈ N

This will be the enciphered message (“cipher text”) going

over the wire.

Finally, Alice receives y ∈ N and uses the private

decryption key d to decipher y , by
calculating y d = x ∈ N .
PROOF OF y d = x
Since d = e −1 mod φ ( N ) , we have
de = 1 + kφ ( N ) , for some k ∈
Say x ∈ U ( n ) . Then
y = (x ) 1+ kφ ( N )
= x ⋅ ⎡ x ( ) ⎤ = x ⋅ 1k = x .
k
e d φ N
d
=x de
=x
⎣ ⎦
One can show that y d = x also holds true for all other x ∈ n
.
 APPENDIX 1
MATLAB PROGRAMS WRITTEN IN THE COURSE OF THE PRESENT RESEARCH

function codel = codel(n) function lcode = lcode(letter) function nlet=nlet(x) function

if n ==0; if letter =='a'; aencrypt=aencrypt(x,a,b)
codel='a'; lcode=0
n=size(x,2); y=strcode(x);
elseif n ==1; elseif letter =='b'; nlet=codel(x(1)); n=size(y,2);
codel='b'; lcode=1 for I=1:n; for I=1:n;
elseif n ==2; elseif letter =='c'; z=codel(x(I)); z(I)=mod(a*y(I)+b,26);
codel='c'; lcode=2 end
elseif n ==3; elseif letter =='d';
nlet=strcat(z,nlet); for I=1:n;
codel='d'; lcode=3 end; w(I)=codel(z(I));
elseif n ==4; elseif letter =='e'; end
codel='e'; lcode=4 aencrypt=w
elseif n ==5; elseif letter =='f';
codel='f'; lcode=5 function
elseif n ==6; elseif letter =='g';
function otp = otp(n)
adecrypt=adecrypt(x,a,b)
codel='g'; lcode=6 x=rand(1,n); y=strcode(x);
elseif n ==7; elseif letter =='h'; for I=1:n; n=size(y,2);
codel='h'; lcode=7 y(I)=floor(26*x(I)); c=mod(a^(11),26);
elseif n ==8; elseif letter =='i'; for I=1:n;
codel='i'; lcode=8
end
z(I)=mod(c*(y(I)-b),26);
elseif n ==9; elseif letter =='j'; otp=y; end
codel='j'; lcode=9 for I=1:n;
elseif n ==10; elseif letter =='k'; w(I)=codel(z(I));
codel='k'; lcode=10 end
elseif n ==11; elseif letter =='l'; adecrypt=w
codel='l'; lcode=11
elseif n ==12; elseif letter =='m';
codel='m'; lcode=12
elseif n ==13; elseif letter =='n';
codel='n'; lcode=13
elseif n ==14; elseif letter =='o';
codel='o'; lcode=14
elseif n ==15; elseif letter =='p';
codel='p'; lcode=15
elseif n ==16; elseif letter =='q';
codel='q'; lcode=16
elseif n ==17; elseif letter =='r';
codel='r'; lcode=17
elseif n ==18; elseif letter =='s';
codel='s'; lcode=18
elseif n ==19; elseif letter =='t';
codel='t'; lcode=19
elseif n ==20; elseif letter =='u';
codel='u'; lcode=20
elseif n ==21; elseif letter =='v';
codel='v'; lcode=21
elseif n ==22; elseif letter =='w';
codel='w'; lcode=22
elseif n ==23; elseif letter =='x';
codel='x'; lcode=23
elseif n ==24; elseif letter =='y';
codel='y'; lcode=24
else else
codel='z'; lcode=25
end end
ONE TIME PAD ENCRYPTION/DECRYPTION

function otpencrypt=otpencrypt(x,onetime)
y=strcode(x);
n=size(y,2);
for I=1:n;
z(I)=mod(y(I)+onetime(I),26);
end
for I=1:n;
w(I)=codel(z(I));
end
otpencrypt=w

function otpdecrypt=otpdecrypt(x,onetime)
y=strcode(x);
n=size(y,2);
for I=1:n;
z(I)=mod(y(I)-onetime(I),26);
end
for I=1:n;
w(I)=codel(z(I));
end
otpdecrypt=w
REFERENCES

1. Douglas R. Stinson, Cryptography – Theory and

Practice, Second Edition, Chapman & Hall, 2002
2. Sarah Flannery, In Code – A Mathematical Journey,
Algonquin Books of Chapel Hill, 2002
3. One-time Pad, http://en.wikipedia.org/wiki/One-time_pad