# Cryptology's note
## Book 
- Introduction to Crpytology and Coding Theory, 2nd Edition
- Elementary Number Theory Cryptology Codes
- Cryptography: Theory and Practice, 3rd Edition
- Handbook of Cryptography, 1990's
- Codes: The Guide to Secrecy From Ancient to Modern Times

## Principle of the Communication
### Elements:
- $\mathscr{P}$: set of plain text
- $\mathscr{C}$: Ciper text
- $\mathscr{K}$: Key
- $\mathscr{E}$: Set of encryption mapping
- $\mathscr{D}$: Set of decryption mapping

### Operation
- $E = \{E_k| k \in K\}$, $E_k(p) = c, c \in C, k \in K$
- $D = \{D_k| k \in K\}$, $D_k(c) = p, k \in K, p \in P$

## Symbols
- $\mathbb{P}$: all positive numbers
- $\mathbb{N}$: Natural
- $\mathbb{Z}$: Positive numbers $\cup$ 0 $\cup$ Nagative numbers
- $\mathbb{Q}$: Rational numbers $\{\frac{m}{n}| m,n \in \mathbb{Z}, n \ne 0\}$
- $\mathbb{C}$: Complex numbers $\{a+bi| a, b \in R, i = \sqrt{-1}\}$
- $\mathbb{Z}_m: \{0,1,2...m-1\}, m \in \mathbb{P}$
- ODD/ EVEN numbers \in \mathbb{P}
- Divisibility: "m|n" means that n is divisible by m, $m \in \mathbb{P}, n \in \mathbb{Z}$ 

## Euclidean and Extended Euclidean Alogrithm
### Euclidean Algorithm
- This algorithm can be used tofind gcd of two positive integers

### Extended Euclidean Algorithm
- This algorithm is an extension of euclidean algorithm.
- It can be used to solve certain congruences 
    - It computes gcd(a,r) = d
    - Finds m and n such taht d = ma + nr
- Example:

``` java
Eucliean algorithm                
    28)160(5                       160 = 28 * 5 + 20
       140
        20)28(1                     28 = 20 * 1 + 8
           20
            8)20(2                  20 =  8 * 2 + 4
              16
               4)8(2                 8 =  4 * 2 + 0
                 8
                 0
gcd(28, 160) = 4

Extended Eucliean Algorithm
from bottom to up
4 = 20 - 8 * 2
  = 20 - (28 - 20 * 1) * 2
  = -28 * 2 + (160 - 28 * 5) * 3
  = 28 * -17 + 160 * 3
     b    n      a   m
m = 3, n = -17
```
### Bezout Theorem
- Let $a,r \in \mathbb{P}$ and gcd(a,r) = d, There exist integers m,n $\in \mathbb{Z}$ such that ma+nr = d
- gcd(a,b) = d, a, b$\in \mathbb{P}$, finds m,n $\in \mathbb{Z}$, where ma+nb = d

### Compute $a^{-1} \pmod{n}$, if gcd(a, n) =1
- Let a, b$\in \mathbb{P}$, gcd(a,b) = d, and ma +nb =d, m, n$\in \mathbb{Z}$. If d = 1, then

$$am + bn = 1$$ 
$$am\equiv 1\pmod{n}$$ 
$$a^{-1}\equiv m\pmod{n}$$

## Greatest Common Divisor (gcd, 最大公约数)
- gcd(8, 36) = 4, gcd (30,45) = 15
- Example for computing gcd(28,160)

## Modulo Arithmetic (Clock Arithmetic)
### Operations
1. Addition
    - $(3 + 7) \pmod{5} \equiv 3 \pmod{5}$ 
2. Substraction
    - $(3 - 9) \pmod{5} \equiv -1 \pmod{5}$
    
      $\qquad \qquad \qquad \ \equiv  4 \pmod{5}$
3. Multiplication
    - $(3 \times 2)\pmod{4} \equiv 2 \pmod{4}$
4. Division 
    - Using Inversion replace division
    - $(6 \div 7) \pmod{8} \equiv 6 \times 7^{-1} \pmod{8}$
    - Using Extended Euclidean Algorithm

## Classic Cryptography
### Alphabet

|a|b|c|d|e|f|g|h|i|j|k|l|m|n|o|p|q|r|s|t|u|v|w|x|y|z|
|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|
|0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|

### Shift Cipher (Caesar Cipher)
- Elements: $\mathscr{P} = \mathscr{C} = \mathscr{K} = \mathbb{Z}_{26}$ 
- Operations:
    - $\mathscr{E}_k(p) = (p + k)\pmod{26}$
    - $\mathscr{D}_k(c) = (c - k)\pmod{26}$
- Drawback:
    - Small key size $|\mathscr{K}|$ is small
    - Amenable to frequency analysis
- Example:

|P |E|A|C|E|x|O |N |x|E|A|R |T |H|
|--|-|-|-|-|-|--|--|-|-|-|--|--|--|
|15|4|0|2|4|x|11|13|x|4|0|17|19|7 |
|18|7|3|5|7|x|14|16|x|7|3|20|22|10|
|S |H|D|F|H|x|R |Q |x|H|D|U |W |K |

### Affine Cryptosystem
#### Elements
- $\mathscr{P}=\mathscr{C} = \mathbb{Z}_{26}$
- $\mathscr{K} = \{(a,b)| a, b \in \mathbb{Z}_{26}, gcd(a, 26) =1\}$
#### Operations
- $\mathscr{E}_k(p)\equiv(ap+b)\pmod{26}$
- $\mathscr{D}_k(c)\equiv a^{-1}(c-b)\pmod{26}$
- Possible value of a (gcd(a, 26)=1): 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25
- $|\mathscr{K}| = 12 \times 26 = 312$

#### Proof
  $\quad\qquad c \equiv ap + b \pmod{26}$

  $\quad(c-b)\equiv ap \pmod{26}$
  
  $a^{-1}(c-b)\equiv p \pmod{26}$

### Poly - Algorithm Cipher
- This is cipher to a generalization of shift cipher
- $\mathbb{Z}^m_{26} = \{(n_1,n_2,n_3...n_m)| n_i \in \mathbb{Z}_26\}$

#### Elements
- $\mathscr{P} = \mathscr{C} = \mathscr{K}= \mathbb{Z}_{26}^{m},m \ge 2$

#### Operations
- $\mathscr{E}_k(p) \equiv (p_1+k_1, p_2+k_2, p_3+k_3,... p_m+k_m) \pmod{26}$
- $\mathscr{D}_k{c} \equiv (c_1 -k_1, c_2 -k_2,c_3 -k_3,...c_m -k_m)\pmod{26}$

### Hill Cipher(Poly alphbetic cipher)
- Invented in 1929, by Lester S. Hill. uses arithmetic in $\mathbb{Z}_{26}^{m}; m \ge 2$, keys are $m \times m $ invertible matrix

#### Elements
- $\mathscr{P} = \mathscr{C} = \mathbb{Z}_{26}^{m}$
- $\mathscr{K} = \{k, k is m \times m$ MATRIX over $\mathbb{Z}_{26}\}$

#### Operations
- $\mathscr{E}_k{p} = pk$
- $\mathscr{D}_k{c} = ck^{-1}$

#### Side tour
- $a, b, c ,d \in \mathbb{R}$,$A = \begin{bmatrix} a & b \\c & d\end{bmatrix},A^{-1} = \frac{1}{(ad-bc)}\begin{bmatrix} d & -b \\ -c & a\end{bmatrix}$
- det$\begin{bmatrix} a & b \\ c & d \end{bmatrix} = ad - bc$

## Fermat's Little(not last) theorem
- p is a prime number, a $a \in \mathbb{P}$ and p $\nmid$ a. Then $a^{p-1} \equiv 1 \pmod{p}$, $\nmid \Leftrightarrow $gcd(p,a) = 1
- **p is a prime number, a $a \in \mathbb{N}$ Then $a^p \equiv a \pmod{p}$**

### Euler's Totient Function $\varphi()$
- Euler's number: $e = 1 + \frac{1}{1!} + \frac{1}{2!} + \frac{1}{3!} +... \approx 2.7$
- Let $m \in \mathbb{P}, \varphi (m)$= # of positive integers ($1 \le a \le m$), not exceeding m, that are relatively prime to m(gcd(a, m) = 1).
- $\varphi(1) = 1$

#### Facts
1. If p is prime, then $\varphi(p) = (p - 1)$
2. p is prime, n = 1, 2, 3,..., then $\varphi(p^n) = (p^n - p^{n-1})$
3. If $n \in \mathbb{P} {1}$, then $n = p_1^{\alpha_1}p_2^{\alpha_2}...p_m^{\alpha_m}, p_i^{\alpha}$ are prime numbers,$\alpha_i \in \mathbb{P}; 1 \le i \le m$.Then  $\varphi(n) = n(1-\frac{1}{p_1})(1-\frac{1}{p_2})...(1-\frac{1}{p_m}))$
4. $m,n \in \mathbb{P}$, gcd(m, n) = 1, Then $\varphi(mn) = \varphi(m)\varphi(n)$
5. $n \in \mathbb{P}$, then $\sum_{d\mid n} \varphi(d) = n$

## Euler-Fermat Theorem (EFT)
- EFT is a generalization of Fermat's little theorem
- Theorem: If gcd(a,n) = 1, then $a^{\varphi(n)} \equiv 1 \pmod{n}$
- Corolcary: Fermat's Little Theorem

## Chinese Remainder Theorem
- Invented by Sun-Tsu, 2nd centrury ad.
- Let $m_1, m_2...m_n \in \mathbb{P}$ be n positive integers, which are coprime in pairs. That is $gcd(m_i, m_j)=1; i \ne j; 1 \le i,j \le n. 
    - M = m_1m_2...m_n = \prod_{k=1}^n m_k$
- We are given $x\equiv a_k \pmod{m_k}, 1 \le k \le n$ Then $x\pmod{m}$ is obtained as: Let 

$$M_k = \frac{m}{m_k}; 1 \le k \le n$$ $$M_kN_k\equiv 1\pmod{M_k}; 1 \le k \le n$$ $$x \equiv \sum_{k=1}^n a_kM_kN_k\pmod{m}$$ 

## Asymmetric Key cryptography
- Classic cryptography schemes is before 1976, which is also called private key.
- In 1976, Martin Hellman & Whitefield Diffle inventeed the public key cryptography.
- Cryptology = cryptograhy + cryptanalysis
- Type of cryptographic schemas
    1. Symmetric key cryptography $\Leftrightarrow$ private key cryptography
    2. Asymmetric key cryptography $\Leftrightarrow$ public key cryptography

### Why public key cryptography?
- Example: Consider symmetric key cryptographic schema in which 5 person have to communicate with each other. How many keys should they have?

|x    |$P_1$|$P_2$|$P_3$|$P_4$|$P_5$|
|-----|-----|-----|-----|-----|-----|
|$P_1$|x|$\surd$|$\surd$|$\surd$|$\surd$|
|$P_2$|x|x|$\surd$|$\surd$|$\surd$|
|$P_3$|x|x|x|$\surd$|$\surd$|
|$P_4$|x|x|x|x|$\surd$|
|$P_1$|x|x|x|x|x|

|Keys| = 4 + 3 + 2 + 1 = 10

- If there are 100 person, we should have 1 + 2+ 3+...+99 = 4950 keys
- If there are n person, we should have $1+2+3...+(n-1) = \frac{n(n-1)}{2} = \dbinom{n}{2}$, Every one should manage (n-1) keys

### Definition of Symmetric Key Cryptography(SKC)
- The keys on transmitter and receiver sides are same or almost same. Therefore it is called symmetric key cryptography, or easily derivable from each other.
- It is also called private key, cryptography.Because both encrypting and decrypting keys are private.

### Definition of asymmetric key cryptography(AKC)
- The keys on transmitter and receiver sides are related as in SKC.However:
    1. Encrypting key is public knowledge.
    2. Decrypting key is private
- Therefore, name is asymmetric key cryptography or public key cryptography.

### Public key Cryptography
- In this schema each person has two keys. They are 1) private key 2) public key. These keys are related.

- Communication betwwen two persons. Alice wants to send a message to Bob. Bob's public key is $K_{Bob\_pub}$. Bob's private key is $K_{Bob\_pvt}$
// todo: need an image

- Example (Commercial) of symmetric key cryptography
    1. DES (Data Encryption Standarad) -> old one
    2. AES (Advanced Encryption Standard)

- Example (Commercial) of asymmetric key cryptography
    1. RSA(Rivest, Shamir, Adleman) cryptographic techique
    2. ELGAMAL cryptosystem
    3. Elliptic curve based cryptography (used in cell phone)

### Strength of a cryptographic scheme
- Key size C = # of bits in a key. If C = n, there are $2^n$ possible keys.
- Encrytion algorithm


### Trapdoor one-way function
- The concept of public-key cryptosystem is based upon trapdoor one-way function.
- Definition of Function: A function f is a mapping of points in the set A to points in set B. It's written as f:A->B
    - A = Domain of function f
    - B = Range of function f
- Trapdoor one-way function 
    - Domain --easy to compute $f()$-->Range
    - Domain <- hard to compute from $f^{-1}()$--Range
    - Domain <- easy to compute from $f^{-1}()$ with trapdoor information --Range 
    - For the cryptography, $k_{pvt}$ = PRIVATE KEY, $k_{pub}$ = PUBLIC KEY
    - For each ($k_{pvt}, k_{pub}$), there is an encryption algorithm $E_{k_{pub}}$, and Decryption algorithm $D_{k_{pvt}}$.
        - $E_{k_{pub}}$ is easy to compute
        - $D_{k_{pvt}}$ is easy for those who know $k_{pvt}$
        - $D_{k_{pvt}}$ is hard for those who know only $k_{pub}$
        - $k_{pvt}$ is trapdoor information for the function $E_{k_{pub}}$

### One- way functions
- p, q are prime numbers; $f(p,q) = pq = n$, factorization problem
- p is prime; $a \in \mathbb{Z}_p^n, n \in \mathbb{P}, f(p, a, n) = a^n \pmod{p} \triangleq b$, given a,b,p find n this is a DLP problem.
- $x^2 \equiv y \pmod{n}$ this is  quadatic residue problem
- Cryptograhic hash functions
- Universal-one-way functions
    - random linear code
    - subset sum problme
    - traveling salesman problem (TSP)
    - other NP- complete problems (Nondeterministic polynomial time)

## RSA Cryptosystem
- RSA is a public key cryptosystem
- R = Rivest, S = Shamir, A = adelman
- Security of RSA Depends upon hardness of factoring large integers.
- for this work RSA receue 2002 AM turing award

### Key generation
- Each member of the group generates a key (public & private key)
1. p and q are two large random prime numbers
2. compute : n= pq ,$\varphi(n) = (p-1)(q-1)$
3. generate b randomly such that $1< b < \varphi(n)$ and $gcd(b, \varphi(n)) = 1$
4. Compute a such that $ab \equiv 1 \pmod{\varphi(n)}$
5. A's public key is (n, b), private key is (p, q, a)

### Encryption and Decryption
#### Elements
- $\mathscr{P} = \mathscr{C} = \mathbb{Z}_n$
- $\mathscr{K} = \{(n,p,q,a,b)| n = pq; 1 < b < \varphi(n); gcd(b, \varphi(n)) = 1, ab\equiv 1 \pmod{\varphi(n)}\}$
- B sends message to A ($x \in \mathbb{Z}_n$)

#### Operations
- Encryption $y \equiv x^b \pmod{n}$
- Decryption $y^a \equiv x \pmod{n}$

#### Proof of the correctness 
1. $y^a \equiv {x^b}^a \equiv x^{ab} \equiv x ^{k\varphi(n) + 1} \equiv x \cdot x^{(p-1)(q-1)} \pmod{n}$
2. Consider: 
    - Case 1: if gcd(x, p) = 1. then $x^{p-1} \equiv 1 \pmod{p}$, then $x \cdot x^{(p-1)(q-1)} \equiv x \cdot ({x ^{p-1}})^{q-1} \equiv x \pmod{p}$
    - Case 2: if gcd(x, p) = p. then $x \equiv 0 \pmod{p}, x^{ab} \equiv 0 \pmod{p}, x \cdot x ^{ab} \equiv x \pmod{p}$
    - In summary, $x^{ab} \equiv x \pmod{p}$
3. Similarly, we can get that $x^{ab} \equiv x \pmod{q}$
4. $x^{ab} - x \equiv 0 \pmod{p}, x^{ab} - x \equiv 0 \pmod{q}$, then $x^{ab}-x\equiv 0 \pmod{pq}$

### Exponentiation, Method of repeated squaring
- $x^{93} = \begin{matrix} \underbrace{x \cdot x ...  x} \\ 92 \end{matrix}$
- $x^2 = x \cdot x$
- $x ^4 = x^2 \cdot x^2$
- $x^8 = x^4 \cdot x^4$
- $x^{16} = x^8 \cdot x^8$
- $x ^ {32} = x^{16} \cdot x^{16}$
- $x ^{64} = x^{32} \cdot x^{32} $
- $x ^{93} = x^{64} \cdot x^{16} \cdot x^8 \cdot x^4 \cdot x$, this will have (6 + 4) times of multiply

### Example
- Let p = 7, q =11, then n = pq = 77, $\varphi(n) = (p-1)(q-1) = 60$. Let b = 37,where 1 < b < $\varphi(n)$ and gcd(b, $\varphi(n)$) = gcd(37, 60) = 1. <br>Then **public key is (n, b) = (77, 37), private key is (p, q, a) = (7, 11, 13)** (because $37 ^{-1} \equiv 13 \pmod{60}$)
- Let the message to be coded be $x \in \mathbb{Z}_{77}$; And x = 18, $$E_k(x) \equiv x^a\pmod{n}$$ $$\quad \qquad \equiv 39 \pmod{77}$$
Therefore ciphered text is $39\pmod{77}$
- The plaintext value can be recovered as $$D_k(y) \equiv y^a \pmod{n}$$ $$\ \quad \qquad \equiv 39^{13}\pmod{77}$$ $$\quad \qquad \equiv 18 \pmod{77}$$

### Oscar's attack
- Suppose Oscar can factorize n as p, q, Then he computes 
    1. $\varphi(n) = (p-1)(q-1)$
    2. $ab \equiv 1 \pmod{\varphi{n}}$, yields $b^{-1} \pmod{\varphi(n)}$, as b is public key, a is indeed the descryption exponent

### RSA cryptosystem in Application
- Alice's key generation:
    1. Alice select two large prime number p and q.
    2. She computes $n = p \cdot q and \varphi(n) = (p-1)(q-1)$ 
    3. She selects d such that $1 < d < \varphi(n)$ and $gcd(d,\varphi(n)) = 1$
    4. Find e such that $ed \equiv 1 \pmod(\varphi(n))$
    5. Alice's public key = (n, e) -> encrypting exponent
    6. Alice's private key = (p, q, d) -> decrypting exponent
- Bob wants to encrypted and send message m to Alice
    1. $m \in \mathbb{Z}_n is the message$
    2. Bob gets Alice's public key(n, e)
    3. Bob encrypts it as $c \equiv m^e \pmod{n}$
    4. Bob send c to Alice
- Decrypted of c by Alice
    1. $c^d \equiv m \pmod(n)$

## Primitive roots
### Notation
- $\mathbb{Z}_n ^*$: Set of non-zero integers in $\mathbb{Z}_n$ which are relatively prime to n;$ n \ge 2$
- $\mathbb{Z}_p ^* = \{1, 2,3,....p-1\}, p is a prime $

### Definition
- Let p be prime element, $g \in \mathbb{Z}_P ^*$ is primitive root, if  $\mathbb{Z}_p ^* = \{g ^j \pmod{p} | 1 \le j \le (p - 1)\}$, <br>which means that **$g^j \pmod{p}, (1 \le j \le (p - 1))$ are all different**

### Facts: Let p be prime, and g be a primitive root of p.
1. number of primitive roots of p is $\varphi(p-1)$
2. Let n  be an integer, then $$g^n \equiv 1 \pmod{p} \Leftrightarrow n \ = \ 0\ or\ (p\ -\ 1)$$  $$\qquad \qquad \qquad \ \quad \Leftrightarrow n \equiv0 \pmod{(p-1)}$$
3. Let g and k be integer, then $$g ^j \equiv g^k \pmod{p} \Leftrightarrow j \equiv k \pmod{(p-1)}$$

### Example 
- $3^j \pmod{7} \equiv ?, j = 1,2,3....6$

$3\  \equiv 3 \pmod{7},\quad 3^2 \equiv 2 \pmod{7},\quad 3^3 \equiv 6 \pmod{7}$

$3^4 \equiv 4\pmod{7},\quad 3^5 \equiv5 \pmod{7} ,\quad 3^6 \equiv 1 \pmod{7}$

- We obtain all non-zero congruence classes modulo 7 => 3 is a primitive root modulo 7.
- 3 is also called Multipliative generator of $\mathbb{Z}_7^*$, where $\mathbb{Z}_7^* =\{1,2,3,4,5,6\}$

|j|1|2|3|4|5|6| primitive root|
|-|-|-|-|-|-|-|---------------|
|$1^j \pmod{7}$|1|1|1|1|1|1|no|
|$2^j \pmod{7}$|2|4|1|2|4|1|no|
|$3^j \pmod{7}$|3|2|6|4|5|1|yes|
|$4^j \pmod{7}$|4|2|1|4|2|1|no|
|$5^j \pmod{7}$|5|4|6|2|3|1|yes|
|$6^j \pmod{7}$|6|1|6|1|6|1|no|