8.1: Cryptography
( \newcommand{\kernel}{\mathrm{null}\,}\)
In this section we discuss some elementary aspects of cryptography, which concerns the coding and decoding of messages. In cryptography, a (word) message is transformed into a sequence a of integers, by replacing each letter in the message by a specific and known set of integers that represent this letter, and thus forming a large integer a by concatenation. Then this integer a is transformed (i.e. coded) into another integer b by using a congruence of the form b=ak(mod m) for some chosen k and m, as described below, with k unknown except to the sender and receiver. b is then sent to the receiver who decodes it into a again by using a congruence of the form a=bˉk(mod m), where ˉk is related to k and is itself only known to the sender and receiver, and then simply transforms the integers in a back to letters and reveals the message again. In this procedure, if a third party intercepts the integer b, the chance of transforming this into a, even if m and the integers that represent the letters of the alphabet are exactly known, is almost impossible to do (i.e. has a fantastically small probability of being achieved) if k is not known, that practically the transformed message will not be revealed except to the intended receiver.
The basic results on congruences to allow for the above procedure are in the following two lemmata, where ϕ in the statements is Euler’s ϕ-function.
Let a and m be two integers, with m positive and (a,m)=1. If k and ˉk are positive integers with kˉk=1(mod ϕ(m)), then akˉk=a(mod m).
kˉk=1(mod ϕ(m)) thus kˉk=qϕ(m)+1 (q≥0). Hence akˉk=aqϕ(m)+1=aqϕ(m)a. But by Euler’s Theorem, if (a,m)=1 then aϕ(m)=1(mod m). This gives that (aϕ(m))qa=1(mod m)a=a(mod m), and hence that akˉk=a(mod m), and the result follows.
We also need the following.
Let m be a positive integer, and let r1,r2,⋯,rn be a reduced residue system modulo m (i.e. with n=ϕ(m) and (ri,m)=1 for i=1,⋯,n). If k is an integer such that (k,ϕ(m))=1, then rk1,rk2,⋯,rkn forms a reduced residue system modulo m.
Before giving the proof, one has to note that the above lemma is in fact an if-and-only-if statement, i.e. (k,ϕ(m))=1 if and only if rk1,rk2,⋯,rkn forms a reduced residue system modulo m. However we only need the if part, as in the lemma.
Assume first that (k,ϕ(m))=1. We show that rk1,rk2,⋯,rkn is a reduced residue system modulo m. Assume otherwise, i.e. assume that ∃i,j such that rki=rkj(mod m), in which case rki and rkj would belong to the same class and thus rk1,rk2,⋯,rkn would not form a reduced residue system. Then, since (k,ϕ(m))=1, ∃ˉk with kˉk=1(mod ϕ(m)), and so rkˉki=ri(mod m)andrkˉkj=rj(mod m) by the previous lemma. But if rki=rkj(mod m) then (rki)ˉk=(rkj)ˉk(mod m), and since rkˉki=ri(mod m) and rkˉkj=rj(mod m), then ri=rj(mod m) giving that ri and rj belong to the same class modulo m, contradicting that r1,r2,⋯,rn form a reduced residue system. Thus ri≠rj implies that rki≠rkj if (k,ϕ(m))=1.
Now to do cryptography, one proceeds as follows. Let S be a sentence given in terms of letters and spaces between the words that is intended to be transformed to a destination with the possibility of being intercepted and revealed by a third party.
- Transform S into a (large) integer a by replacing each letter and each space between words by a certain representative integer (e.g. three or four digit integers for each letter). a is formed by concatenating the representative integers that are produced.
- Choose a couple p1 and p2 of very large prime numbers, each (for example) of the order of a hundred digit integer, and these should be strictly kept known only to the sender and receiver. Then form the product m=p1p2, which is itself a very large number to the point that the chances of someone revealing the prime number factorization p1p2 of m is incredibly small, even if they know this integer m. Now one has, by standard results concerning the ϕ-function, that ϕ(p1)=p1−1 and ϕ(p2)=p2−1, and that, since p1 and p2 are relatively prime, ϕ(m)=ϕ(p1)ϕ(p2)=(p1−1)(p2−1). Thus ϕ(m) is a very large number, of the order of m itself, and hence m has a reduced residue system that contains a very large number of integers of the order of m itself. Hence almost every integer smaller than m, with a probability of the order 1−1/10100 (almost 1), is in a reduced residue system r1,r2,⋯,rϕ(m) of m. Thus almost every positive integer smaller than m is relatively prime with m, with probability of the order 1−1/10100.
- Now given that almost every positive integer smaller than m is relatively prime with m, the integer a itself is almost certainly relatively prime with m, and hence is in a reduced residue system for m. Hence, by lemma 17 above, if k is a (large) integer such that (k,ϕ(m))=1, then ak belongs to a reduced residue system for m, and there exists a unique positive b smaller than m with b=ak(mod m).
- Send b to the destination where ϕ(m) and k are known. The destination can determine a ˉk such that kˉk=1(mod ϕ(m)), and then finds the unique c such that c=bˉk(mod m). Now since, almost certainly, (a,m)=1, then almost certainly c=a since c=bˉk(mod m)=(ak)ˉk(mod m)=akˉk(mod m), and which by lemma 16, is given by a(mod m) almost certainly since (a,m)=1 almost certainly. Now the destination translates a back to letters and spaces to reveal the sentence S. Note that if any third party intercepts b, they almost certainly cannot reveal the integer a since the chance of them knowing ϕ(m)=p1p2 is almost zero, even if they know m and k. In this case they practically won’t be able to determine a ˉk with kˉk=1(mod ϕ(m)), to retrieve a and transform it to S.
Contributors and Attributions
Dr. Wissam Raji, Ph.D., of the American University in Beirut. His work was selected by the Saylor Foundation’s Open Textbook Challenge for public release under a Creative Commons Attribution (CC BY) license.