Download Section2.2notes

Section 2.2: Affine Ciphers; More Modular Arithmetic
In shift ciphers, messages are encrypted by using an additive key. To increase security,
we can, in addition to an additive parameter, encipher messages using a multiplicative
parameter. In affine ciphers, the key used for encipherment involves using both a
multiplicative and additive parameter. Before describing affine ciphers, we give some
necessary mathematics background.
Mathematics Background for Affine Ciphers
All natural numbers (numbers in the set {1, 2, 3, 4, 5, } can be expressed as the
product of two or more numbers. For example,
6  2  3 , 20  4  5  2  2  5 , and 7  1 7 .
Two numbers that can be multiplied together to get another number are called the factors
or divisors of that number. For example,
6  2  3 (2 and 3 are the divisors or factors of 6)
20  4  5  2  2  5 (2 and 5 are factors or divisors of 20).
7  1 7 (1 and 7 are the divisors or factors of 7).
Note that the only factors of 7 are 1 and itself. A number with this special type of
property is said to be prime, which we formally define next.
Definition: A natural number p is said to be prime if p  1 and its only divisors are 1
and p . A natural number that is not prime is said to be composite.
It can be shown that there are an infinite number of primes. The following set lists the
first ten primes:
{2, 3, 5, 7, 11, 13, 17, 19, 23, 29, }
The prime numbers provide the building blocks of all numbers. The next theorem
illustrates this fundamental fact.
Theorem: The Fundamental Theorem of Arithmetic. Every natural number larger than 1
is a product of primes. This factorization can be done in only one way if is disregarded.
For example, to factor 30, we can compute
30  6  5 
2 
3 
5 
3 
2 
5
 5
 2
3 .

same prime factorizatin disregarding order
An elementary way to obtain prime factorizations with small prime factors involves the
use of a calculator and a factor tree. The next two examples illustrate this technique.
Example 1: Factor 90
Solution: Using a calculator and the factor tree (the prime factors are the outer leaves),
we see that 90  2  3  3  5
█
Example 2: Factor 935
Solution: Using a calculator and the factor tree (the prime factors are the outer leaves),
we see that 935  5 1117 .
█
Greatest Common Divisor
The common prime factors of two numbers can be used to find the greatest common
divisor of two numbers, which we define next.
Definition: The greatest common divisor of two natural numbers a and b , denoted as
gcd( a, b) , is the largest natural number that divides a and b with no remainder.
Elementary Method for Computing the gcd of Two Numbers
Decompose each number into its prime factors. The gcd is obtained by multiplying the
prime factors the two numbers have in common. If the two numbers have no common
prime factors, then the gcd = 1.
Example 3: Find the gcd(20, 30).
Solution: We first obtain the prime factorizations of 20 and 30 and circle the factors in
common.
20  2  2  5
30  2  3  5
The gcd is the product of the common prime factors. Hence, gcd( 20,30)  2  5  10 .
█
Example 4: Find the gcd(1190, 935).
Solution: We again look for the common prime factors.
1190  2  5  7  17
935 
5  11  17
Hence, gcd(1190, 935)  5  17  85 .
█
Example 5: Find the gcd(15, 26).
Solution: The prime factorizations of 15 and 26 are
15  3  5
26  2 13
15 and 26 have no common prime factors. Thus, gcd(15, 26)  1 . 15 and 26 are said to
be relatively prime.
█
Note: Two numbers a and b where the gcd( a, b)  1 are said to be relatively prime.
Multiplicative Inverses
In the real number system, every non-zero number has a multiplicative inverse – the
number you must multiply to a given number to get 1.
Example 6: Fill in the ( ) for (2)   1 , (10)   1 , and (a)   1 if we are working in
the real number system.
Solution: In each case, we are looking for a multiplicative inverse. Hence,
1
(2)   1
2
(We say
1
 2 1 is the multiplicative inverse of 2)
2
1
(10)   1
 10 
(We say
1
 10 1 is the multiplicative inverse of 10)
10
1
(a)   1
a
(We say
1
1
 a 1 , where a  0 , is the multiplicative inverse of a )
a
█
Note: In some number systems, multiplicative inverses in most cases do not exist.
Example 7: Consider the integers {, 4, 3, 2, 1, 0, 1, 2, 3, 4, } . If we
attempt to solve (2)   1 and (10)   1 , no solution exists in either case since
1
and
2
1
are not integers. In factor, 1 is the only integer that has a multiplicative inverse.
10
█
Note: In the modular arithmetic system, a multiplicative inverse may or may not exist,
depending on the following fact involving the gcd:
*Fact: If the gcd( b, m)  1 , then b has an inverse with respect to the modulus m , that
is, b 1 exists.
Example 8: Does 8 have an inverse with respect to the modulus 26?
Solution: No, 8 1 MOD 26 does not exist since gcd( 8,26)  2  1 .
█
Example 9: Does 9 have and inverse with respect to the modulus 26?
Solution: Yes, 9 does have an inverse MOD 26 since gcd( 9,26)  1 . What is
9 1 MOD 26? To answer this question, we must fill in the blank to solve the problem
(9)(?) MOD 26 = 1.
We claim that 9 1  3 since (9)(3) MOD 26 = 27 MOD 26 = 1. That is,
9 1 MOD 26 = 3.
█
Later in the course, we will see a general mathematical method for computing
multiplicative inverses. For now, since we will work with a MOD 26 system, we will
display a table showing the numbers in a MOD 26 with their multiplicative inverses:
a
a 1MOD 26
1
1
3
9
5
21
7
15
9
3
11
19
15
7
17
23
19
11
21
5
23
17
25
25
Table 1: Multiplicative Inverses MOD 26
Example 10: Use Table 1 to find 7 1 MOD 26.
Solution: Table 1 shows that 7 1 MOD 26 = 15. Note that we can prove this by
calculating (7)(15) MOD 26 = 105 MOD 26 = 1.
█
Multiplicative inverses expand our ability to solve equations and congruences in modular
arithmetic. This is made possible using the multiplicative property of modular arithmetic,
which we state next.
Multiplicative Property for Modular Arithmetic
If a  b mod m ,
then for any number k ,
ka  kb mod m
We illustrate how this property can be used in the following example.
Example 11: Solve 11x  1  5 mod 26 for x .
Solution: Just like in your regular algebra class, the goal is to isolate x on
the equation.
one side of
11x  1  5 mod 26
11x  1  1  5  1 mod 26
(Add 1 to both sides)
11x  6 mod 26
(Simplify)
111  11x  111  6 mod 26
(Multiply both sides by 111 )
NOTE!!
11x 6

mod 26 is NOT correct in Modular
11 11
arithmetic
x  19  6 mod 26
(From the inverse table we see that 111 MOD 26 = 19.
x  114 mod 26
(Simplify))
x  10
(Compute the integer remainder)
█
Multiplicative inverses in modular arithmetic can be useful in solving systems of linear
equations, which are useful for cryptanalysis. This next example illustrates this fact.
Example 12: Suppose we want to solve the system of equations (congruences)
8a  b
 18 mod 26
17a  b  11 mod 26
Our goal is to find the values of a and b that simultaneously solve this system of
equations. The process is similar to how systems of equations are solved in ordinary
algebra. To keep track of our steps, we first number the equations
8a  b  18 mod 26
(1)
17a  b  11 mod 26
(2)
To eliminate the parameter b, we subtract equation (2) from equation (1):

8a  b
 18 mod 26
17 a  b  11 mod 26
 9a  7 mod 26
Since  9 mod 26  17 , we can write the resulting equation from the subtraction as:
17 a  7 mod 26 .
We next solve this result by multiplying both sides by 17 1 :
17 1  17 a  17 1  7 mod 26 .
Noting from the MOD 26 multiplicative inverse table that 17 1 mod 26  23 , we obtain
a  23  7 mod 26  161 mod 26  5
Hence a  5 . We can substitute a  5 into either equation (1) or (2) to find b. Choosing
equation (1) 8a  b  18 mod 26 , we obtain:
8(5)  b  18 mod 26
or
40  b  18 mod 26 .
Subtracting 8 from both sides gives
b  (18  40) mod 26
or
b  22 mod 26  4 .
Hence a  5 and b  4
solves the above system of equations.
█
Mathematical Description of Affine Ciphers
Given a and b in Z 26  {0, 1, 2, , 24, 25} where gcd( a, 26)  1 . We encipher a
plaintext letter x to obtain a ciphertext letter y by computing
y  (ax  b) MOD 26.
Here, the key is made up of a multiplicative parameter a and an additive parameter b .
The next example illustrates how a message is enciphered.
Example 13: Encipher “RADFORD” using the affine cipher y  (5 x  4) MOD 26.
)
Solution: Using the MOD 26 alphabet assignment table, we encipher the message by
computing
R  x  17  y  (5(17)  4) MOD 26  (85  4) MOD 26  89 MOD 26  11  L
A  x  0  y  (5(0)  4) MOD 26  (0  4) MOD 26  4 MOD 26  4  E
D  x  3  y  (5(3)  4) MOD 26  (15  4) MOD 26  19 MOD 26  19  T
F  x  5  y  (5(5)  4) MOD 26  (25  4) MOD 26  29 MOD 26  3  D
O  x  14  y  (5(14)  4) MOD 26  (70  4) MOD 26  74 MOD 26  22  W
R  x  17  y  (5(17)  4) MOD 26  (85  4) MOD 26  89 MOD 26  11  L
D  x  3  y  (5(3)  4) MOD 26  (15  4) MOD 26  19 MOD 26  19  T
Hence, the ciphertext is “LETDWLT”
█
Note: Recall that for an affine cipher y  (ax  b) MOD 26 to be legitimate,
gcd( a, 26)  1 . Besides allowing a recipient to decipher a message, the next example
illustrates another reason why this requirement is essential.
Example 14: Suppose we consider the affine cipher y  (2 x  1) MOD 26. Note that
a  2 and gcd( 2, 26)  2  1 . Suppose we want to encipher the message “AN”.
Enciphering gives
A  x  0  y  (2(0)  1) MOD 26  (0  1) MOD 26  1 MOD 26  1  B
N  x  13  y  (2(13)  1) MOD 26  (26  1) MOD 26  27 MOD 26  1  B
The two letters A and N both encipher to the same letter B. If a sender was to transmit
this message to a recipient, the recipient will not be able to decipher the message
uniquely, which is not desirable.
█
Deciphering an Affine Cipher
For an affine cipher y  (ax  b) mod 26 where gcd( a, 26)  1 , decipherment can be
done uniquely. Given the numerical representation of the plaintext message x and
ciphertext message y , we take
y  (ax  b) mod 26
ax  b  y mod 26
(Rearrange both sides)
ax  ( y  b) mod 26
(Subtract b from both sides)
a 1a x  a 1 ( y  b) mod 26 (Multiply both sides by a 1 )
x  a 1 ( y  b) mod 26
(Cancel and simplify)
Hence, x  a 1 ( y  b) MOD 26 is the decipherment formula for affine ciphers. We
illustrate this formula with an example.
Example 15: Decipher the message “ARMMVKARER” that was encrypted using the
affine cipiher
y  (3x  5) MOD 26
(*)
Solution: Recall here that x is the numerical representation of the plaintext letter and y is
the numerical representation of ciphertext letter. To decipher, we must solve equation (*)
for x. We do this using the following steps:
3x  5  y MOD 26
(switch both sides of the equation across the “=” mark)
3x  ( y  5) MOD 26
(subtract 5 from both sides of the equation)
3x  ( y  21) MOD 26
(use the fact that 5 MOD 26  21)
313x  31( y  21) MOD 26 (multiply both sides by the multiplicative inverse of 3.
NOTE: In MOD arithmetic the division operation
3x y  21

MOD 26
3
3
x  9( y  21) MOD 26
is NOT CORRECT!!)
(use the multiplicative inverse MOD 26 table to see that
31 MOD 26  9 ).
Using the decipherment formula x  9( y  21) MOD 26 , we can decipher the message using
the following repetitive steps:
A  y  0  x  9(0  21) MOD 26  9(21) MOD 26  189 MOD 26  7  H
R  y  17  x  9(17  21) MOD 26  9(38) MOD 26  342 MOD 26  4  E
M  y  12  x  9(12  21) MOD 26  9(33) MOD 26  297 MOD 26  11  L
M  y  12  x  9(12  21) MOD 26  9(33) MOD 26  297 MOD 26  11  L
V  y  21  x  9(21  21) MOD 26  9(42) MOD 26  378 MOD 26  14  O
K  y  10  x  9(10  21) MOD 26  9(31) MOD 26  279 MOD 26  19  T
A  y  0  x  9(0  21) MOD 26  9(21) MOD 26  189 MOD 26  7  H
R  y  17  x  9(17  21) MOD 26  9(38) MOD 26  342 MOD 26  4  E
E  y  4  x  9(4  21) MOD 26  9(25) MOD 26  225 MOD 26  17  R
R  y  17  x  9(17  21) MOD 26  9(38) MOD 26  342 MOD 26  4  E
Hence, the message is “HELLO THERE”.
█
Cryptanalysis of Affine Ciphers
For an affine cipher y  (ax  b) MOD 26, an enemy must know the multiplicative
parameter a and additive parameter b in order to decipher and break a message. Once a
and b are known, x  a 1 ( y  b) MOD 26 can be computed and the message broken.
Two methods of attack can be used to attempt to break an affine cipher.
Methods for Breaking and Affine Cipher
1. Exhaustion. Note there are 12 possible multiplicative parameters a where
gcd( a, 26)  1 and 26 possible additive parameters b . This gives 12  26  312 total
(a, b) pairs to test.
2. Frequency analysis. Quicker way which involves matching to highly frequently
occurring ciphertext letters with two highly frequently occurring plaintext letters.
Involves solving a system of equations MOD 26.
The next example illustrates method 2.
Example 16: Suppose we receive a ciphertext that was enciphered using an affine cipher.
After running a frequency analysis on the ciphertext, we find out that the most highly
frequently occurring letters in the ciphertext are W and J. Assuming that these letters
correspond to E and T respectively, find the parameters a and b that were used in the
affine cipher.
Solution: Recall that for an affine cipher y  (ax  b) mod 26 , x is the numerical
representation of the plaintext letter and y is the numerical representation of the
ciphertext letter. Hence, using the MOD 26 alphabet assignment and the equation
y  (ax  b) mod 26 , we see that
Plaintext E  x  4 corresponds to the ciphertext W  y  22 which gives the
equation (1) 22  (a  4  b) mod 26
Plaintext T  x  19 corresponds to the ciphertext J  y  9 which gives the equation
(2) 9  (a  19  b) mod 26
Rearranging and putting these equations together gives
4a  b  22 mod 26
(1)
19a  b  9 mod 26
(2)
To find a , we must solve this system of equations.
To eliminate the parameter b, we subtract equation (2) from equation (1):

4a  b
 22 mod 26
19a  b 
9 mod 26
 15a  13 mod 26
Since  15 mod 26  11 , we can write the resulting equation from the subtraction as:
11a  13 mod 26 .
We next solve this result by multiplying both sides by 111 :
111  11 a  111  13 mod 26 .
Noting from the MOD 26 multiplicative inverse table that 111 mod 26  19 , we obtain
a  19 13 mod 26  247 mod 26  13
Hence a  13 . We can substitute a  13 into either equation (1) or (2) to find b.
Choosing equation
(1) 4a  b  22 mod 26 , we obtain:
4(13)  b  22 mod 26
or
52  b  22 mod 26 .
Subtracting 52 from both sides gives
b  (22  52) mod 26
or
b  30 mod 26  22 .
Hence a  13 and b  22 solve the above system of equations.