Introduction to cryptography

The material for this lecture can be found in the following sources. Unless otherwise noted, you are responsible for all material covered in these sections.
  1. Terminology.
  2. Public key cryptography.
  3. RSA
  4. Details of some encryption techniques. You need to know an algorithm for encrypting and decrypting messages using a sequence of pseudo-random numbers generated using p and q. You also need to know the section on Public Key Cryptography and RSA encryption.
  5. NEW! A proof of RSA (in the end of the handout). You need to know the formulation, but not the proof, of Fermat's Little Theorem (without the extension) and of the Chinese Remainder Theorem. You also need to know the proof of RSA based on these two theorems.
  6. Diffie-Hellman protocol.

Definitions

A number is prime if it is divisible only by 1 and itself.

Example: 7 is prime; 9 is not prime, since it is divisible by 3.

Two numbers p and q are called relatively prime (to each other) if they don't have any common divisors except for 1. This is sometimes denoted as (p, q) = 1.

Examples:
4 and 9 are relatively prime.
6 and 9 are not relatively prime, since they both are divisible by 3.
7 and 21 are not relatively prime, since they both are divisible by 7.

A couple of facts about remainders that you might find useful

Notations: Fact 1. (n * m) % p = ((n % p) * (m % p)) % p.

Example:
(20 * 33) % 7 = 660 % 7 = 2 (difficult to compute)
((20 % 7) * (33 % 7)) % 7 = (6 * 5) % 7 = 30 % 7 = 2 (easy to compute).

Proof:
Let r = n % p, q = m % p. Then n = r + k * p, m = q + l * p for some numbers k, l.
Then n * m = (r + k * p) * (q + l * p) = r * q + p * (k * q + l * r + p * k * l).
Since the second component of the sum is divisible by p, we have (n * m) % p = (r * q) % p.
Done!

Fact 2. (n^m) % p = ((n % p)^m) % p

Example:
(33 ^ 3) % 5 = 35937 % 5 = 2 (difficult to compute)
((33 % 5)^3) % 5 = (3 ^ 3) % 5 = 27 % 5 = 2 (easy to compute).

Fact 2 easily follows from Fact 1.

Somewhat clarified proof of RSA

We are using notations from the handout and the two theorems given there. I use % to denote the operation of taking a remainder.

Given C = M^d % n, we want to prove that M = C^e % n.

Since M^d = C + n * k1 for some number k1, C = M^d - n * k1.
C^e = (M^d - n * k1)^e = M^(d * e) + n * (...) (the value in parentheses is an integer number, so the second component of the sum is divisible by n.
Therefore C^e = M^(d * e) (mod n).

Since d * e = 1 (mod (p - 1) * (q - 1)), we have d * e = 1 + k * (p - 1) * (q - 1) for some k.
Then M^(d * e) = M ^(1 + k * (p - 1) * (q - 1)) = M * M ^ ( k * (p - 1) * (q - 1)) = M * (M^(p - 1))^(k * (q-1)).

By the Fermat's Little Theorem M^(p-1) % p = 1.
By Fact 2 M^(p - 1))^(k * (q-1) % p = 1^(k * (q-1)) % p = 1 % p = 1,
and by Fact 1 M * (M^(p - 1))^(k * (q-1)) % p = M % p, so M^(d * e) % p = M % p.

Similarly M^(d * e) % p = M % p.

Then by the Chinese Remainder Theorem M^(d * e) = M (mod p * q), but p * q = n.

So C^e = M (mod n). DONE!


This page has been created and is maintained by Elena Machkasova
Comments and suggestions are welcome at emachkas@wellesley.edu

Spring Semester 2002