Introduction To Cryptography With Coding Theory

3rd Edition Lawrence C Washington Wade Trappe

download

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-3rd-edition-lawrence-c-washington-wade-
trappe-55637320

Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.

Introduction To Cryptography With Coding Theory Rental Edition 3rd

Edition Wade Trappe

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-rental-edition-3rd-edition-wade-trappe-48308832

Introduction To Cryptography With Coding Theory 2nd Edition Wade

Trappe

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-2nd-edition-wade-trappe-2545582

Introduction To Cryptography With Coding Theory Wade Trappe Lawrence C

Washington

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-wade-trappe-lawrence-c-washington-11065626

Introduction To Cryptography With Coding Theory 1st Wade Trappe

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-1st-wade-trappe-1006008
Introduction To Cryptography With Coding Theory 3rd Edition Lawrence C
Washington Wade Trappe

https://ebookbell.com/product/introduction-to-cryptography-with-
coding-theory-3rd-edition-lawrence-c-washington-wade-trappe-50445680

Introduction To Cryptography With Maple 2013th Edition Gmez Pardo

https://ebookbell.com/product/introduction-to-cryptography-with-
maple-2013th-edition-gmez-pardo-55199794

Introduction To Cryptography With Opensource Software Mcandrew

https://ebookbell.com/product/introduction-to-cryptography-with-
opensource-software-mcandrew-5085890

Introduction To Cryptography With Java Applets 1st Edition David

Bishop

https://ebookbell.com/product/introduction-to-cryptography-with-java-
applets-1st-edition-david-bishop-986596

An Introduction To Number Theory With Cryptography Kraft James S

Washington

https://ebookbell.com/product/an-introduction-to-number-theory-with-
cryptography-kraft-james-s-washington-5143778
Introduction to
Cryptography
with Coding Theory

3rd edition

Wade Trappe

Wireless Information Network Laboratory and

the Electrical and Computer Engineering
Department Rutgers University

Lawrence C. Washington

Department of Mathematics University of

Maryland
Portfolio Manager: Chelsea Kharakozoua

Content Manager: Jeff Weidenaar

Content Associate: Jonathan Krebs

Content Producer: Tara Corpuz

Managing Producer: Scott Disanno

Producer: Jean Choe

Manager, Courseware QA: Mary Durnwald

Product Marketing Manager: Stacey Sveum

Product and Solution Specialist: Rosemary

Morten

Senior Author Support/Technology

Specialist: Joe Vetere

Manager, Rights and Permissions: Gina

Cheselka

Text and Cover Design, Production

Coordination, Composition, and
Illustrations: Integra Software Services Pvt. Ltd

Manufacturing Buyer: Carol Melville, LSC

Communications

Cover Image: Photographer is my life/Getty

Images

Copyright © 2020, 2006, 2002 by Pearson

Education, Inc. 221 River Street, Hoboken,
NJ 07030. All Rights Reserved. Printed in the
United States of America. This publication is
protected by copyright, and permission should be
obtained from the publisher prior to any
prohibited reproduction, storage in a retrieval
system, or transmission in any form or by any
means, electronic, mechanical, photocopying,
recording, or otherwise. For information
regarding permissions, request forms and the
appropriate contacts within the Pearson
Education Global Rights & Permissions
department, please visit www.pearsoned.com/
permissions/.

Text Credit: Page 23 Declaration of

Independence: A Transcription, The U.S.
National Archives and Records Administration.

PEARSON, ALWAYS LEARNING, and MYLAB are

exclusive trademarks owned by Pearson
Education, Inc. or its affiliates in the U.S. and/or
other countries.

Unless otherwise indicated herein, any third-

party trademarks that may appear in this work
are the property of their respective owners and
any references to third-party trademarks, logos
or other trade dress are for demonstrative or
descriptive purposes only. Such references are
not intended to imply any sponsorship,
endorsement, authorization, or promotion of
Pearson’s products by the owners of such marks,
or any relationship between the owner and
Pearson Education, Inc. or its affiliates, authors,
licensees or distributors.

Library of Congress Cataloging-in-

Publication Data
Names: Trappe, Wade, author. | Washington,
Lawrence C., author.

Title: Introduction to cryptography : with coding

theory / Wade Trappe, Lawrence Washington.

Description: 3rd edition. | [Hoboken, New Jersey]

: [Pearson Education], [2020] | Includes
bibliographical references and index. | Summary:
“This book is based on a course in cryptography
at the upper-level undergraduate and beginning
graduate level that has been given at the
University of Maryland since 1997, and a course
that has been taught at Rutgers University since
2003"— Provided by publisher.

Identifiers: LCCN 2019029691 | ISBN

9780134860992 (paperback)

Subjects: LCSH: Coding theory. | Cryptography.

Classification: LCC QA268.T73 2020 | DDC

005.8/24—dc23

LC record available at https://lccn.loc.gov/

2019029691

ScoutAutomatedPrintCode

ISBN-13: 978-0-13-485906-4

ISBN-10: 0-13-485906-5
Contents
1. Preface ix

1. 1 Overview of Cryptography and Its Applications 1

1. 1.1 Secure Communications 2

2. 1.2 Cryptographic Applications 8

2. 2 Classical Cryptosystems 10

1. 2.1 Shift Ciphers 11

2. 2.2 Affine Ciphers 12

3. 2.3 The Vigenère Cipher 14

4. 2.4 Substitution Ciphers 20

5. 2.5 Sherlock Holmes 23

6. 2.6 The Playfair and ADFGX Ciphers 26

7. 2.7 Enigma 29

8. 2.8 Exercises 33

9. 2.9 Computer Problems 37

3. 3 Basic Number Theory 40

1. 3.1 Basic Notions 40

2. 3.2 The Extended Euclidean Algorithm 44

3. 3.3 Congruences 47

4. 3.4 The Chinese Remainder Theorem 52

5. 3.5 Modular Exponentiation 54

6. 3.6 Fermat’s Theorem and Euler’s Theorem 55

7. 3.7 Primitive Roots 59

8. 3.8 Inverting Matrices Mod n 61

 9. 3.9 Square Roots Mod n 62

10. 3.10 Legendre and Jacobi Symbols 64

11. 3.11 Finite Fields 69

12. 3.12 Continued Fractions 76

13. 3.13 Exercises 78

14. 3.14 Computer Problems 86

4. 4 The One-Time Pad 88

1. 4.1 Binary Numbers and ASCII 88

2. 4.2 One-Time Pads 89

3. 4.3 Multiple Use of a One-Time Pad 91

4. 4.4 Perfect Secrecy of the One-Time Pad 94

5. 4.5 Indistinguishability and Security 97

6. 4.6 Exercises 100

5. 5 Stream Ciphers 104

1. 5.1 Pseudorandom Bit Generation 105

2. 5.2 LFSR Sequences 107

3. 5.3 RC4 113

4. 5.4 Exercises 114

5. 5.5 Computer Problems 117

6. 6 Block Ciphers 118

1. 6.1 Block Ciphers 118

2. 6.2 Hill Ciphers 119

3. 6.3 Modes of Operation 122

4. 6.4 Multiple Encryption 129

5. 6.5 Meet-in-the-Middle Attacks 130

6. 6.6 Exercises 131

7. 6.7 Computer Problems 135

 7. 7 The Data Encryption Standard 136

1. 7.1 Introduction 136

2. 7.2 A Simplified DES-Type Algorithm 137

3. 7.3 Differential Cryptanalysis 140

4. 7.4 DES 145

5. 7.5 Breaking DES 152

6. 7.6 Password Security 155

7. 7.7 Exercises 157

8. 7.8 Computer Problems 159

8. 8 The Advanced Encryption Standard: Rijndael 160

1. 8.1 The Basic Algorithm 160

2. 8.2 The Layers 161

3. 8.3 Decryption 166

4. 8.4 Design Considerations 168

5. 8.5 Exercises 169

9. 9 The RSA Algorithm 171

1. 9.1 The RSA Algorithm 171

2. 9.2 Attacks on RSA 177

3. 9.3 Primality Testing 183

4. 9.4 Factoring 188

5. 9.5 The RSA Challenge 192

6. 9.6 An Application to Treaty Verification 194

7. 9.7 The Public Key Concept 195

8. 9.8 Exercises 197

9. 9.9 Computer Problems 207

10. 10 Discrete Logarithms 211

1. 10.1 Discrete Logarithms 211

 2. 10.2 Computing Discrete Logs 212

3. 10.3 Bit Commitment 218

4. 10.4 Diffie-Hellman Key Exchange 219

5. 10.5 The ElGamal Public Key Cryptosystem 221

6. 10.6 Exercises 223

7. 10.7 Computer Problems 225

11. 11 Hash Functions 226

1. 11.1 Hash Functions 226

2. 11.2 Simple Hash Examples 230

3. 11.3 The Merkle-Damgård Construction 231

4. 11.4 SHA-2 233

5. 11.5 SHA-3/Keccak 237

6. 11.6 Exercises 242

12. 12 Hash Functions: Attacks and Applications 246

1. 12.1 Birthday Attacks 246

2. 12.2 Multicollisions 249

3. 12.3 The Random Oracle Model 251

4. 12.4 Using Hash Functions to Encrypt 253

5. 12.5 Message Authentication Codes 255

6. 12.6 Password Protocols 256

7. 12.7 Blockchains 262

8. 12.8 Exercises 264

9. 12.9 Computer Problems 268

13. 13 Digital Signatures 269

1. 13.1 RSA Signatures 270

2. 13.2 The ElGamal Signature Scheme 271

3. 13.3 Hashing and Signing 273

 4. 13.4 Birthday Attacks on Signatures 274

5. 13.5 The Digital Signature Algorithm 275

6. 13.6 Exercises 276

7. 13.7 Computer Problems 281

14. 14 What Can Go Wrong 282

1. 14.1 An Enigma “Feature” 282

2. 14.2 Choosing Primes for RSA 283

3. 14.3 WEP 284

4. 14.4 Exercises 288

15. 15 Security Protocols 290

1. 15.1 Intruders-in-the-Middle and Impostors 290

2. 15.2 Key Distribution 293

3. 15.3 Kerberos 299

4. 15.4 Public Key Infrastructures (PKI) 303

5. 15.5 X.509 Certificates 304

6. 15.6 Pretty Good Privacy 309

7. 15.7 SSL and TLS 312

8. 15.8 Secure Electronic Transaction 314

9. 15.9 Exercises 316

16. 16 Digital Cash 318

1. 16.1 Setting the Stage for Digital Economies 319

2. 16.2 A Digital Cash System 320

3. 16.3 Bitcoin Overview 326

4. 16.4 Cryptocurrencies 329

5. 16.5 Exercises 338

17. 17 Secret Sharing Schemes 340

 1. 17.1 Secret Splitting 340

2. 17.2 Threshold Schemes 341

3. 17.3 Exercises 346

4. 17.4 Computer Problems 348

18. 18 Games 349

1. 18.1 Flipping Coins over the Telephone 349

2. 18.2 Poker over the Telephone 351

3. 18.3 Exercises 355

19. 19 Zero-Knowledge Techniques 357

1. 19.1 The Basic Setup 357

2. 19.2 The Feige-Fiat-Shamir Identification

Scheme 359

3. 19.3 Exercises 361

20. 20 Information Theory 365

1. 20.1 Probability Review 365

2. 20.2 Entropy 367

3. 20.3 Huffman Codes 371

4. 20.4 Perfect Secrecy 373

5. 20.5 The Entropy of English 376

6. 20.6 Exercises 380

21. 21 Elliptic Curves 384

1. 21.1 The Addition Law 384

2. 21.2 Elliptic Curves Mod p 389

3. 21.3 Factoring with Elliptic Curves 393

4. 21.4 Elliptic Curves in Characteristic 2 396

5. 21.5 Elliptic Curve Cryptosystems 399

6. 21.6 Exercises 402

 7. 21.7 Computer Problems 407

22. 22 Pairing-Based Cryptography 409

1. 22.1 Bilinear Pairings 409

2. 22.2 The MOV Attack 410

3. 22.3 Tripartite Diffie-Hellman 411

4. 22.4 Identity-Based Encryption 412

5. 22.5 Signatures 414

6. 22.6 Keyword Search 417

7. 22.7 Exercises 419

23. 23 Lattice Methods 421

1. 23.1 Lattices 421

2. 23.2 Lattice Reduction 422

3. 23.3 An Attack on RSA 426

4. 23.4 NTRU 429

5. 23.5 Another Lattice-Based Cryptosystem 433

6. 23.6 Post-Quantum Cryptography? 435

7. 23.7 Exercises 435

24. 24 Error Correcting Codes 437

1. 24.1 Introduction 437

2. 24.2 Error Correcting Codes 442

3. 24.3 Bounds on General Codes 446

4. 24.4 Linear Codes 451

5. 24.5 Hamming Codes 457

6. 24.6 Golay Codes 459

7. 24.7 Cyclic Codes 466

8. 24.8 BCH Codes 472

9. 24.9 Reed-Solomon Codes 479

 10. 24.10 The McEliece Cryptosystem 480

11. 24.11 Other Topics 483

12. 24.12 Exercises 483

13. 24.13 Computer Problems 487

25. 25 Quantum Techniques in Cryptography 488

1. 25.1 A Quantum Experiment 488

2. 25.2 Quantum Key Distribution 491

3. 25.3 Shor’s Algorithm 493

4. 25.4 Exercises 502

®
1. A Mathematica Examples 503

1. A.1 Getting Started with Mathematica 503

2. A.2 Some Commands 504

3. A.3 Examples for Chapter 2 505

4. A.4 Examples for Chapter 3 508

5. A.5 Examples for Chapter 5 511

6. A.6 Examples for Chapter 6 513

7. A.7 Examples for Chapter 9 514

8. A.8 Examples for Chapter 10 520

9. A.9 Examples for Chapter 12 521

10. A.10 Examples for Chapter 17 521

11. A.11 Examples for Chapter 18 522

12. A.12 Examples for Chapter 21 523

®
2. B Maple Examples 527

1. B.1 Getting Started with Maple 527

2. B.2 Some Commands 528

3. B.3 Examples for Chapter 2 529

4. B.4 Examples for Chapter 3 533

 5. B.5 Examples for Chapter 5 536

6. B.6 Examples for Chapter 6 538

7. B.7 Examples for Chapter 9 539

8. B.8 Examples for Chapter 10 546

9. B.9 Examples for Chapter 12 547

10. B.10 Examples for Chapter 17 548

11. B.11 Examples for Chapter 18 549

12. B.12 Examples for Chapter 21 551

®
3. C MATLAB Examples 555

1. C.1 Getting Started with MATLAB 556

2. C.2 Examples for Chapter 2 560

3. C.3 Examples for Chapter 3 566

4. C.4 Examples for Chapter 5 569

5. C.5 Examples for Chapter 6 571

6. C.6 Examples for Chapter 9 573

7. C.7 Examples for Chapter 10 581

8. C.8 Examples for Chapter 12 581

9. C.9 Examples for Chapter 17 582

10. C.10 Examples for Chapter 18 582

11. C.11 Examples for Chapter 21 585

4. D Sage Examples 591

1. D.1 Computations for Chapter 2 591

2. D.2 Computations for Chapter 3 594

3. D.3 Computations for Chapter 5 595

4. D.4 Computations for Chapter 6 596

5. D.5 Computations for Chapter 9 596

6. D.6 Computations for Chapter 10 597

 7. D.7 Computations for Chapter 12 598

8. D.8 Computations for Chapter 17 598

9. D.9 Computations for Chapter 18 598

10. D.10 Computations for Chapter 21 599

5. E Answers and Hints for Selected Odd-Numbered

Exercises 601

6. F Suggestions for Further Reading 607

7. Bibliography 608

8. Index 615
Preface
This book is based on a course in cryptography at
the upper-level undergraduate and beginning
graduate level that has been given at the
University of Maryland since 1997, and a course
that has been taught at Rutgers University since
2003. When designing the courses, we decided
on the following requirements:

The courses should be up-to-date and cover a broad

selection of topics from a mathematical point of view.

The material should be accessible to mathematically

mature students having little background in number
theory and computer programming.

There should be examples involving numbers large

enough to demonstrate how the algorithms really work.

We wanted to avoid concentrating solely on RSA

and discrete logarithms, which would have made
the courses mostly about number theory. We also
did not want to focus on protocols and how to
hack into friends’ computers. That would have
made the courses less mathematical than
desired.

There are numerous topics in cryptology that can

be discussed in an introductory course. We have
tried to include many of them. The chapters
represent, for the most part, topics that were
covered during the different semesters we taught
the course. There is certainly more material here
than could be treated in most one-semester
courses. The first thirteen chapters represent the
core of the material. The choice of which of the
remaining chapters are used depends on the
level of the students and the objectives of the
lecturer.

The chapters are numbered, thus giving them an

ordering. However, except for Chapter 3 on
number theory, which pervades the subject, the
chapters are fairly independent of each other and
can be covered in almost any reasonable order.
Since students have varied backgrounds in
number theory, we have collected the basic
number theory facts together in Chapter 3 for
ease of reference; however, we recommend
introducing these concepts gradually throughout
the course as they are needed.

The chapters on information theory, elliptic

curves, quantum cryptography, lattice methods,
and error correcting codes are somewhat more
mathematical than the others. The chapter on
error correcting codes was included, at the
suggestion of several reviewers, because courses
that include introductions to both cryptology and
coding theory are fairly common.

Computer Examples
Suppose you want to give an example for RSA.
You could choose two one-digit primes and
pretend to be working with fifty-digit primes, or
you could use your favorite software package to
do an actual example with large primes. Or
perhaps you are working with shift ciphers and
are trying to decrypt a message by trying all 26
shifts of the ciphertext. This should also be done
on a computer.
Additionally, at the end of the book are
appendices containing computer examples
® ®
written in each of Mathematica , Maple ,
®
MATLAB , and Sage that show how to do such
calculations. These languages were chosen
because they are user friendly and do not require
prior programming experience. Although the
course has been taught successfully without
computers, these examples are an integral part
of the book and should be studied, if at all
possible. Not only do they contain numerical
examples of how to do certain computations but
also they demonstrate important ideas and issues
that arise. They were placed at the end of the
book because of the logistic and aesthetic
problems of including extensive computer
examples in these languages at the ends of
chapters.

Additionally, programs available in Mathematica,

Maple, and MATLAB can be downloaded from
the Web site (bit.ly/2JbcS6p). Homework
problems (the computer problems in various
chapters) based on the software allow students
to play with examples individually. Of course,
students having more programming background
could write their own programs instead. In a
classroom, all that is needed is a computer (with
one of the languages installed) and a projector in
order to produce meaningful examples as the
lecture is being given.

New to the Third Edition

Two major changes have informed this edition:
Changes to the field of cryptography and a
change in the format of the text. We address
these issues separately, although there is an
interplay between the two:

Content Changes
Cryptography is a quickly changing field. We
have made many changes to the text since the
last edition:

Reorganized content previously in two chapters to four

separate chapters on Stream Ciphers (including RC4),
Block Ciphers, DES and AES (Chapters 5–8,
respectively). The RC4 material, in particular, is new.

Heavily revised the chapters on hash functions. Chapter

11 (Hash functions) now includes sections on SHA-2 and
SHA-3. Chapter 12 (Hash functions: Attacks and
Applications) now includes material on message
authentication codes, password protocols, and
blockchains.

The short section on the one-time pad has been expanded

to become Chapter 4, which includes sections on multiple
use of the one-time pad, perfect secrecy, and ciphertext
indistinguishability.

Added Chapter 14, “What Can Go Wrong,” which shows

what can happen when cryptographic algorithms are
used or designed incorrectly.

Expanded Chapter 16 on digital cash to include Bitcoin

and cryptocurrencies.

Added Chapter 22, which gives an introduction to

Pairing-Based Cryptography.

Updated the exposition throughout the book to reflect

recent developments.

Added references to the Maple, Mathematica, MATLAB,

and Sage appendices in relevant locations in the text.

Added many new exercises.

Added a section at the back of the book that contains

answers or hints to a majority of the odd-numbered
problems.
Format Changes
A focus of this revision was transforming the text
from a print-based learning tool to a digital
learning tool. The eText is therefore filled with
content and tools that will help bring the content
of the course to life for students in new ways and
help improve instruction. Specifically, the
following are features that are available only in
the eText:

Interactive Examples. We have added a number of

opportunities for students to interact with content in a
dynamic manner in order to build or enhance
understanding. Interactive examples allow students to
explore concepts in ways that are not possible without
technology.

Quick Questions. These questions, built into the

narrative, provide opportunities for students to check
and clarify understanding. Some help address potential
misconceptions.

Notes, Labels, and Highlights. Notes can be added to the

eText by instructors. These notes are visible to all
students in the course, allowing instructors to add their
personal observations or directions to important topics,
call out need-to-know information, or clarify difficult
concepts. Students can add their own notes, labels, and
highlights to the eText, helping them focus on what they
need to study. The customizable Notebook allows
students to filter, arrange, and group their notes in a way
that makes sense to them.

Dashboard. Instructors can create reading assignments

and see the time spent in the eText so that they can plan
more effective instruction.

Portability. Portable access lets students read their eText

whenever they have a moment in their day, on Android
and iOS mobile phones and tablets. Even without an
Internet connection, offline reading ensures students
never miss a chance to learn.

Ease-of-Use. Straightforward setup makes it easy for

instructors to get their class up and reading quickly on
the first day of class. In addition, Learning Management
System (LMS) integration provides institutions,
 instructors, and students with single sign-on access to
the eText via many popular LMSs.

Supplements. An Instructors’ Solutions Manual can be

downloaded by qualified instructors from the textbook’s
webpage at www.pearson.com.

Acknowledgments
Many people helped and provided
encouragement during the preparation of this
book. First, we would like to thank our students,
whose enthusiasm, insights, and suggestions
contributed greatly. We are especially grateful to
many people who have provided corrections and
other input, especially Bill Gasarch, Jeff Adams,
Jonathan Rosenberg, and Tim Strobell. We would
like to thank Wenyuan Xu, Qing Li, and
Pandurang Kamat, who drew several of the
diagrams and provided feedback on the new
material for the second edition. We have enjoyed
working with the staff at Pearson, especially Jeff
Weidenaar and Tara Corpuz.

The reviewers deserve special thanks: their

suggestions on the exposition and the
organization of the topics greatly enhanced the
final result. The reviewers marked with an
asterisk (*) provided input for this edition.

* Anurag Agarwal, Rochester Institute of Technology

* Pradeep Atrey, University at Albany

Eric Bach, University of Wisconsin

James W. Brewer, Florida Atlantic University

Thomas P. Cahill, NYU

Agnes Chan, Northeastern University

* Nathan Chenette, Rose-Hulman Institute of Technology

* Claude Crépeau, McGill University

* Reza Curtmola, New Jersey Institute of Technology

* Ahmed Desoky, University of Louisville

Anthony Ephremides, University of Maryland, College

Park

* David J. Fawcett, Lawrence Tech University

* Jason Gibson, Eastern Kentucky University

* K. Gopalakrishnan, East Carolina University

David Grant, University of Colorado, Boulder

Jugal K. Kalita, University of Colorado, Colorado Springs

* Saroja Kanchi, Kettering University

* Andrew Klapper, University of Kentucky

* Amanda Knecht, Villanova University

Edmund Lamagna, University of Rhode Island

* Aihua Li, Montclair State University

* Spyros S. Magliveras, Florida Atlantic University

* Nathan McNew, Towson University

* Nick Novotny, IUPUI

David M. Pozar, University of Massachusetts, Amherst

* Emma Previato, Boston University

* Hamzeh Roumani, York University

* Bonnie Saunders, University of Illinois, Chicago

* Ravi Shankar, University of Oklahoma

* Ernie Stitzinger, North Carolina State

* Armin Straub, University of South Alabama

J. Felipe Voloch, University of Texas, Austin

Daniel F. Warren, Naval Postgraduate School

* Simon Whitehouse, Alfred State College

 Siman Wong, University of Massachusetts, Amherst

* Huapeng Wu, University of Windsor

Wade thanks Nisha Gilra, who provided

encouragement and advice; Sheilagh O’Hare for
introducing him to the field of cryptography; and
K. J. Ray Liu for his support. Larry thanks Susan
Zengerle and Patrick Washington for their
patience, help, and encouragement during the
writing of this book.

Of course, we welcome suggestions and

corrections. An errata page can be found at
(bit.ly/2J8nN0w) or at the link on the book’s
general Web site (bit.ly/2T544yu).

Wade Trappe

[email protected]

Lawrence C. Washington

[email protected]
Chapter 1 Overview of
Cryptography and Its
Applications
People have always had a fascination with
keeping information away from others. As
children, many of us had magic decoder rings for
exchanging coded messages with our friends and
possibly keeping secrets from parents, siblings,
or teachers. History is filled with examples where
people tried to keep information secret from
adversaries. Kings and generals communicated
with their troops using basic cryptographic
methods to prevent the enemy from learning
sensitive military information. In fact, Julius
Caesar reportedly used a simple cipher, which
has been named after him.

As society has evolved, the need for more

sophisticated methods of protecting data has
increased. Now, with the information era at
hand, the need is more pronounced than ever. As
the world becomes more connected, the demand
for information and electronic services is
growing, and with the increased demand comes
increased dependency on electronic systems.
Already the exchange of sensitive information,
such as credit card numbers, over the Internet is
common practice. Protecting data and electronic
systems is crucial to our way of living.

The techniques needed to protect data belong to

the field of cryptography. Actually, the subject
has three names, cryptography, cryptology,
and cryptanalysis, which are often used
interchangeably. Technically, however,
cryptology is the all-inclusive term for the study
of communication over nonsecure channels, and
related problems. The process of designing
systems to do this is called cryptography.
Cryptanalysis deals with breaking such systems.
Of course, it is essentially impossible to do either
cryptography or cryptanalysis without having a
good understanding of the methods of both
areas.

Often the term coding theory is used to

describe cryptography; however, this can lead to
confusion. Coding theory deals with representing
input information symbols by output symbols
called code symbols. There are three basic
applications that coding theory covers:
compression, secrecy, and error correction. Over
the past few decades, the term coding theory has
become associated predominantly with error
correcting codes. Coding theory thus studies
communication over noisy channels and how to
ensure that the message received is the correct
message, as opposed to cryptography, which
protects communication over nonsecure
channels.

Although error correcting codes are only a

secondary focus of this book, we should
emphasize that, in any real-world system, error
correcting codes are used in conjunction with
encryption, since the change of a single bit is
enough to destroy the message completely in a
well-designed cryptosystem.

Modern cryptography is a field that draws

heavily upon mathematics, computer science,
and cleverness. This book provides an
introduction to the mathematics and protocols
needed to make data transmission and electronic
systems secure, along with techniques such as
electronic signatures and secret sharing.
1.1 Secure
Communications
In the basic communication scenario, depicted in
Figure 1.1, there are two parties, we’ll call them
Alice and Bob, who want to communicate with
each other. A third party, Eve, is a potential
eavesdropper.

Figure 1.1 The Basic

Communication Scenario
for Cryptography.

Figure 1.1 Full Alternative Text

When Alice wants to send a message, called the

plaintext, to Bob, she encrypts it using a method
prearranged with Bob. Usually, the encryption
method is assumed to be known to Eve; what
keeps the message secret is a key. When Bob
receives the encrypted message, called the
ciphertext, he changes it back to the plaintext
using a decryption key.

Eve could have one of the following goals:

1. Read the message.

2. Find the key and thus read all messages encrypted with
that key.

3. Corrupt Alice’s message into another message in such a

way that Bob will think Alice sent the altered message.

4. Masquerade as Alice, and thus communicate with Bob

even though Bob believes he is communicating with
Alice.

Which case we’re in depends on how evil Eve is.

Cases (3) and (4) relate to issues of integrity and
authentication, respectively. We’ll discuss these
shortly. A more active and malicious adversary,
corresponding to cases (3) and (4), is sometimes
called Mallory in the literature. More passive
observers (as in cases (1) and (2)) are sometimes
named Oscar. We’ll generally use only Eve, and
assume she is as bad as the situation allows.

1.1.1 Possible Attacks

There are four main types of attack that Eve
might be able to use. The differences among
these types of attacks are the amounts of
information Eve has available to her when trying
to determine the key. The four attacks are as
follows:

1. Ciphertext only: Eve has only a copy of the ciphertext.

 2. Known plaintext: Eve has a copy of a ciphertext and the
corresponding plaintext. For example, suppose Eve
intercepts an encrypted press release, then sees the
decrypted release the next day. If she can deduce the
decryption key, and if Alice doesn’t change the key, Eve
can read all future messages. Or, if Alice always starts
her messages with “Dear Bob,” then Eve has a small
piece of ciphertext and corresponding plaintext. For
many weak cryptosystems, this suffices to find the key.
Even for stronger systems such as the German Enigma
machine used in World War II, this amount of information
has been useful.

3. Chosen plaintext: Eve gains temporary access to the

encryption machine. She cannot open it to find the key;
however, she can encrypt a large number of suitably
chosen plaintexts and try to use the resulting ciphertexts
to deduce the key.

4. Chosen ciphertext: Eve obtains temporary access to the

decryption machine, uses it to “decrypt” several strings
of symbols, and tries to use the results to deduce the key.

A chosen plaintext attack could happen as

follows. You want to identify an airplane as friend
or foe. Send a random message to the plane,
which encrypts the message automatically and
sends it back. Only a friendly airplane is assumed
to have the correct key. Compare the message
from the plane with the correctly encrypted
message. If they match, the plane is friendly. If
not, it’s the enemy. However, the enemy can
send a large number of chosen messages to one
of your planes and look at the resulting
ciphertexts. If this allows them to deduce the
key, the enemy can equip their planes so they
can masquerade as friendly.

An example of a known plaintext attack

reportedly happened in World War II in the
Sahara Desert. An isolated German outpost every
day sent an identical message saying that there
was nothing new to report, but of course it was
encrypted with the key being used that day. So
each day the Allies had a plaintext-ciphertext
pair that was extremely useful in determining the
key. In fact, during the Sahara campaign,
General Montgomery was carefully directed
around the outpost so that the transmissions
would not be stopped.

One of the most important assumptions in

modern cryptography is Kerckhoffs’s principle:
In assessing the security of a cryptosystem, one
should always assume the enemy knows the
method being used. This principle was
enunciated by Auguste Kerckhoffs in 1883 in his
classic treatise La Cryptographie Militaire. The
enemy can obtain this information in many ways.
For example, encryption/decryption machines
can be captured and analyzed. Or people can
defect or be captured. The security of the system
should therefore be based on the key and not on
the obscurity of the algorithm used.
Consequently, we always assume that Eve has
knowledge of the algorithm that is used to
perform encryption.

1.1.2 Symmetric and

Public Key Algorithms
Encryption/decryption methods fall into two
categories: symmetric key and public key. In
symmetric key algorithms, the encryption and
decryption keys are known to both Alice and Bob.
For example, the encryption key is shared and
the decryption key is easily calculated from it. In
many cases, the encryption key and the
decryption key are the same. All of the classical
(pre-1970) cryptosystems are symmetric, as are
the more recent Data Encryption Standard (DES)
and Advanced Encryption Standard (AES).

Public key algorithms were introduced in the

1970s and revolutionized cryptography. Suppose
Alice wants to communicate securely with Bob,
but they are hundreds of kilometers apart and
have not agreed on a key to use. It seems almost
impossible for them to do this without first
getting together to agree on a key, or using a
trusted courier to carry the key from one to the
other. Certainly Alice cannot send a message
over open channels to tell Bob the key, and then
send the ciphertext encrypted with this key. The
amazing fact is that this problem has a solution,
called public key cryptography. The encryption
key is made public, but it is computationally
infeasible to find the decryption key without
information known only to Bob. The most popular
implementation is RSA (see Chapter 9), which is
based on the difficulty of factoring large
integers. Other versions (see Chapters 10, 23,
and 24) are the ElGamal system (based on the
discrete log problem), NTRU (lattice based) and
the McEliece system (based on error correcting
codes).

Here is a nonmathematical way to do public key

communication. Bob sends Alice a box and an
unlocked padlock. Alice puts her message in the
box, locks Bob’s lock on it, and sends the box
back to Bob. Of course, only Bob can open the
box and read the message. The public key
methods mentioned previously are mathematical
realizations of this idea. Clearly there are
questions of authentication that must be dealt
with. For example, Eve could intercept the first
transmission and substitute her own lock. If she
then intercepts the locked box when Alice sends
it back to Bob, Eve can unlock her lock and read
Alice’s message. This is a general problem that
must be addressed with any such system.

Public key cryptography represents what is

possibly the final step in an interesting historical
progression. In the earliest years of
cryptography, security depended on keeping the
encryption method secret. Later, the method was
assumed known, and the security depended on
keeping the (symmetric) key private or unknown
to adversaries. In public key cryptography, the
method and the encryption key are made public,
and everyone knows what must be done to find
the decryption key. The security rests on the fact
(or hope) that this is computationally infeasible.
It’s rather paradoxical that an increase in the
power of cryptographic algorithms over the years
has corresponded to an increase in the amount of
information given to an adversary about such
algorithms.

Public key methods are very powerful, and it

might seem that they make the use of symmetric
key cryptography obsolete. However, this added
flexibility is not free and comes at a
computational cost. The amount of computation
needed in public key algorithms is typically
several orders of magnitude more than the
amount of computation needed in algorithms
such as DES or AES/Rijndael. The rule of thumb
is that public key methods should not be used for
encrypting large quantities of data. For this
reason, public key methods are used in
applications where only small amounts of data
must be processed (for example, digital
signatures and sending keys to be used in
symmetric key algorithms).

Within symmetric key cryptography, there are

two types of ciphers: stream ciphers and block
ciphers. In stream ciphers, the data are fed into
the algorithm in small pieces (bits or characters),
and the output is produced in corresponding
small pieces. We discuss stream ciphers in
Chapter 5. In block ciphers, however, a block of
input bits is collected and fed into the algorithm
all at once, and the output is a block of bits.
Mostly we shall be concerned with block ciphers.
In particular, we cover two very significant
examples. The first is DES, and the second is
AES, which was selected in the year 2000 by the
National Institute for Standards and Technology
as the replacement for DES. Public key methods
such as RSA can also be regarded as block
ciphers.

Finally, we mention a historical distinction

between different types of encryption, namely
codes and ciphers. In a code, words or certain
letter combinations are replaced by codewords
(which may be strings of symbols). For example,
the British navy in World War I used 03680C,
36276C, and 50302C to represent shipped at,
shipped by, and shipped from, respectively.
Codes have the disadvantage that unanticipated
words cannot be used. A cipher, on the other
hand, does not use the linguistic structure of the
message but rather encrypts every string of
characters, meaningful or not, by some
algorithm. A cipher is therefore more versatile
than a code. In the early days of cryptography,
codes were commonly used, sometimes in
conjunction with ciphers. They are still used
today; covert operations are often given code
names. However, any secret that is to remain
secure needs to be encrypted with a cipher. In
this book, we’ll deal exclusively with ciphers.

1.1.3 Key Length

The security of cryptographic algorithms is a
difficult property to measure. Most algorithms
employ keys, and the security of the algorithm is
related to how difficult it is for an adversary to
determine the key. The most obvious approach is
to try every possible key and see which ones
yield meaningful decryptions. Such an attack is
called a brute force attack. In a brute force
attack, the length of the key is directly related to
how long it will take to search the entire
keyspace. For example, if a key is 16 bits long,
16
then there are 2 = 65536 possible keys. The
DES algorithm has a 56-bit key and thus has
56 16
2 ≈ 7.2 × 10 possible keys.

In many situations we’ll encounter in this book, it

will seem that a system can be broken by simply
trying all possible keys. However, this is often
easier said than done. Suppose you need to try
30
10 possibilities and you have a computer that
9
can do 10 such calculations each second. There
7
are around 3 × 10 seconds in a year, so it would
take a little more than 3 × 1013 years to complete
the task, longer than the predicted life of the
universe.

Longer keys are advantageous but are not

guaranteed to make an adversary’s task difficult.
The algorithm itself also plays a critical role.
Some algorithms might be able to be attacked by
means other than brute force, and some
algorithms just don’t make very efficient use of
their keys’ bits. This is a very important point to
keep in mind. Not all 128-bit algorithms are
created equal!

For example, one of the easiest cryptosystems to

break is the substitution cipher, which we
discuss in Section 2.4. The number of possible
26
keys is 26! ≈ 4 × 10 . In contrast, DES (see
56 16
Chapter 7) has only 2 ≈ 7.2 × 10 keys. But it
typically takes over a day on a specially designed
computer to find a DES key. The difference is
that an attack on a substitution cipher uses the
underlying structure of the language, while the
attack on DES is by brute force, trying all
possible keys.

A brute force attack should be the last resort. A

cryptanalyst always hopes to find an attack that
is faster. Examples we’ll meet are frequency
analysis (for the substitution and Vigenère
ciphers) and birthday attacks (for discrete logs).

We also warn the reader that just because an

algorithm seems secure now, we can’t assume
that it will remain so. Human ingenuity has led to
creative attacks on cryptographic protocols.
There are many examples in modern
cryptography where an algorithm or protocol
was successfully attacked because of a loophole
presented by poor implementation, or just
because of advances in technology. The DES
algorithm, which withstood 20 years of
cryptographic scrutiny, ultimately succumbed to
attacks by a well-designed parallel computer.
Even as you read this book, research in quantum
computing is underway, which could dramatically
alter the terrain of future cryptographic
algorithms.

For example, the security of several systems

we’ll study depends on the difficulty of factoring
large integers, say of around 600 digits. Suppose
you want to factor a number n of this size. The
method used in elementary school is to divide n
by all of the primes up to the square root of n.
297
There are approximately 1.4 × 10 primes less
300
than 10 . Trying each one is impossible. The
number of electrons in the universe is estimated
to be less than 1090. Long before you finish your
calculation, you’ll get a call from the electric
company asking you to stop. Clearly, more
sophisticated factoring algorithms must be used,
rather than this brute force type of attack. When
RSA was invented, there were some good
factoring algorithms available, but it was
predicted that a 129-digit number such as the
RSA challenge number (see Chapter 9) would not
be factored within the foreseeable future.
However, advances in algorithms and computer
architecture have made such factorizations fairly
routine (although they still require substantial
computing resources), so now numbers of
several hundred digits are recommended for
security. But if a full-scale quantum computer is
ever built, factorizations of even these numbers
will be easy, and the whole RSA scheme (along
with many other methods) will need to be
reconsidered.

A natural question, therefore, is whether there

are any unbreakable cryptosystems, and, if so,
why aren’t they used all the time?
The answer is yes; there is a system, known as
the one-time pad, that is unbreakable. Even a
brute force attack will not yield the key. But the
unfortunate truth is that the expense of using a
one-time pad is enormous. It requires exchanging
a key that is as long as the plaintext, and even
then the key can only be used once. Therefore,
one opts for algorithms that, when implemented
correctly with the appropriate key size, are
unbreakable in any reasonable amount of time.

An important point when considering key size is

that, in many cases, one can mathematically
increase security by a slight increase in key size,
but this is not always practical. If you are
working with chips that can handle words of 64
bits, then an increase in the key size from 64 to
65 bits could mean redesigning your hardware,
which could be expensive. Therefore, designing
good cryptosystems involves both mathematical
and engineering considerations.

Finally, we need a few words about the size of

numbers. Your intuition might say that working
with a 20-digit number takes twice as long as
working with a 10-digit number. That is true in
some algorithms. However, if you count up to
10
10 , you are not even close to 1020; you are only
one 10 billionth of the way there. Similarly, a
brute force attack against a 60-bit key takes a
billion times longer than one against a 30-bit key.

There are two ways to measure the size of

numbers: the actual magnitude of the number n ,
and the number of digits in its decimal
representation (we could also use its binary
representation), which is approximately log10(n).
The number of single-digit multiplications
needed to square a k-digit number n , using the
2
standard algorithm from elementary school, is k ,
2
or approximately (log
10
n) . The number of
divisions needed to factor a number n by dividing
by all primes up to the square root of n is around
1/2
n . An algorithm that runs in time a power of
log n is much more desirable than one that runs
in time a power of n. In the present example, if
we double the number of digits in n, the time it
takes to square n increases by a factor of 4,
while the time it takes to factor n increases
enormously. Of course, there are better
algorithms available for both of these operations,
but, at present, factorization takes significantly
longer than multiplication.

We’ll meet algorithms that take time a power of

to perform certain calculations (for
log n

example, finding greatest common divisors and

doing modular exponentiation). There are other
computations for which the best known
algorithms run only slightly better than a power
of n (for example, factoring and finding discrete
logarithms). The interplay between the fast
algorithms and the slower ones is the basis of
several cryptographic algorithms that we’ll
encounter in this book.
1.2 Cryptographic
Applications
Cryptography is not only about encrypting and
decrypting messages, it is also about solving
real-world problems that require information
security. There are four main objectives that
arise:

1. Confidentiality: Eve should not be able to read Alice’s

message to Bob. The main tools are encryption and
decryption algorithms.

2. Data integrity: Bob wants to be sure that Alice’s message

has not been altered. For example, transmission errors
might occur. Also, an adversary might intercept the
transmission and alter it before it reaches the intended
recipient. Many cryptographic primitives, such as hash
functions, provide methods to detect data manipulation
by malicious or accidental adversaries.

3. Authentication: Bob wants to be sure that only Alice

could have sent the message he received. Under this
heading, we also include identification schemes and
password protocols (in which case, Bob is the computer).
There are actually two types of authentication that arise
in cryptography: entity authentication and data-origin
authentication. Often the term identification is used to
specify entity authentication, which is concerned with
proving the identity of the parties involved in a
communication. Data-origin authentication focuses on
tying the information about the origin of the data, such as
the creator and time of creation, with the data.

4. Non-repudiation: Alice cannot claim she did not send the

message. Non-repudiation is particularly important in
electronic commerce applications, where it is important
that a consumer cannot deny the authorization of a
purchase.

Authentication and non-repudiation are closely

related concepts, but there is a difference. In a
symmetric key cryptosystem, Bob can be sure
that a message comes from Alice (or someone
who knows Alice’s key) since no one else could
have encrypted the message that Bob decrypts
successfully. Therefore, authentication is
automatic. However, he cannot prove to anyone
else that Alice sent the message, since he could
have sent the message himself. Therefore, non-
repudiation is essentially impossible. In a public
key cryptosystem, both authentication and non-
repudiation can be achieved (see Chapters 9, 13,
and 15).

Much of this book will present specific

cryptographic applications, both in the text and
as exercises. Here is an overview.

Digital signatures: One of the most important

features of a paper and ink letter is the
signature. When a document is signed, an
individual’s identity is tied to the message. The
assumption is that it is difficult for another
person to forge the signature onto another
document. Electronic messages, however, are
very easy to copy exactly. How do we prevent an
adversary from cutting the signature off one
document and attaching it to another electronic
document? We shall study cryptographic
protocols that allow for electronic messages to
be signed in such a way that everyone believes
that the signer was the person who signed the
document, and such that the signer cannot deny
signing the document.

Identification: When logging into a machine or

initiating a communication link, a user needs to
identify herself or himself. But simply typing in a
user name is not sufficient as it does not prove
that the user is really who he or she claims to be.
Typically a password is used. We shall touch
upon various methods for identifying oneself. In
the chapter on DES we discuss password files.
Later, we present the Feige-Fiat-Shamir
identification scheme, which is a zero-knowledge
method for proving identity without revealing a
password.

Key establishment: When large quantities of data

need to be encrypted, it is best to use symmetric
key encryption algorithms. But how does Alice
give the secret key to Bob when she doesn’t have
the opportunity to meet him personally? There
are various ways to do this. One way uses public
key cryptography. Another method is the Diffie-
Hellman key exchange algorithm. A different
approach to this problem is to have a trusted
third party give keys to Alice and Bob. Two
examples are Blom’s key generation scheme and
Kerberos, which is a very popular symmetric
cryptographic protocol that provides
authentication and security in key exchange
between users on a network.

Secret sharing: In Chapter 17, we introduce

secret sharing schemes. Suppose that you have a
combination to a bank safe, but you don’t want to
trust any single person with the combination to
the safe. Rather, you would like to divide the
combination among a group of people, so that at
least two of these people must be present in
order to open the safe. Secret sharing solves this
problem.

Security protocols: How can we carry out secure

transactions over open channels such as the
Internet, and how can we protect credit card
information from fraudulent merchants? We
discuss various protocols, such as SSL and SET.

Electronic cash: Credit cards and similar devices

are convenient but do not provide anonymity.
Clearly a form of electronic cash could be useful,
at least to some people. However, electronic
entities can be copied. We give an example of an
electronic cash system that provides anonymity
but catches counterfeiters, and we discuss
cryptocurrencies, especially Bitcoin.

Games: How can you flip coins or play poker with

people who are not in the same room as you?
Dealing the cards, for example, presents a
problem. We show how cryptographic ideas can
solve these problems.
Chapter 2 Classical
Cryptosystems
Methods of making messages unintelligible to
adversaries have been important throughout
history. In this chapter we shall cover some of
the older cryptosystems that were primarily used
before the advent of the computer. These
cryptosystems are too weak to be of much use
today, especially with computers at our disposal,
but they give good illustrations of several of the
important ideas of cryptology.

First, for these simple cryptosystems, we make

some conventions.

plaintext will be written in lowercase letters and

CIPHERTEXT will be written in capital letters (except in
the computer problems).

The letters of the alphabet are assigned numbers as

follows:

a b c d e f g h i j k l m n o p

0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

q r s t u v w x y z

16 17 18 19 20 21 22 23 24 25

Note that we start with a = 0 , so z is letter number 25.

Because many people are accustomed to a being 1 and z

being 26, the present convention can be annoying, but it

is standard for the elementary cryptosystems that we’ll
consider.

Spaces and punctuation are omitted. This is even more

annoying, but it is almost always possible to replace the
spaces in the plaintext after decrypting. If spaces were
left in, there would be two choices. They could be left as
spaces; but this yields so much information on the
structure of the message that decryption becomes easier.
Or they could be encrypted; but then they would
dominate frequency counts (unless the message averages
 at least eight letters per word), again simplifying
decryption.

Note: In this chapter, we’ll be using some

concepts from number theory, especially modular
arithmetic. If you are not familiar with
congruences, you should read the first three
sections of Chapter 3 before proceeding.
2.1 Shift Ciphers
One of the earliest cryptosystems is often
attributed to Julius Caesar. Suppose he wanted
to send a plaintext such as

gaul is divided into three parts

but he didn’t want Brutus to read it. He shifted

each letter backwards by three places, so d
became A, e became B, f became C, etc. The
beginning of the alphabet wrapped around to the
end, so a became X, b became Y , and c became
Z. The ciphertext was then

DXRI F P AF SF ABAF KQLQEOBBM XOQP .

Decryption was accomplished by shifting

FORWARD by three spaces (and trying to figure
out how to put the spaces back in).

We now give the general situation. If you are not

familiar with modular arithmetic, read the first
few pages of Chapter 3 before continuing.

Label the letters as integers from 0 to 25. The

key is an integer κ with 0 ≤ κ ≤ 25 . The
encryption process is

x ↦ x + κ (mod 26).

Decryption is x ↦ x − κ (mod 26). For

example, Caesar used κ = 23 ≡ −3.

Let’s see how the four types of attack work.

1. Ciphertext only: Eve has only the ciphertext. Her best

strategy is an exhaustive search, since there are only 26
possible keys. See Example 1 in the Computer
Appendices. If the message is longer than a few letters
 (we will make this more precise later when we discuss
entropy), it is unlikely that there is more than one
meaningful message that could be the plaintext. If you
don’t believe this, try to find some words of four or more
letters that are shifts of each other. Three such words are
given in Exercises 1 and 2. Another possible attack, if the
message is sufficiently long, is to do a frequency count
for the various letters. The letter e occurs most
frequently in most English texts. Suppose the letter L

appears most frequently in the ciphertext. Since e = 4

and L = 11 , a reasonable guess is that κ = 11 − 4 = 7 .

However, for shift ciphers this method takes much longer
than an exhaustive search, plus it requires many more
letters in the message in order for it to work (anything
short, such as this, might not contain a common symbol,
thus changing statistical counts).

2. Known plaintext: If you know just one letter of the

plaintext along with the corresponding letter of
ciphertext, you can deduce the key. For example, if you
know t(= 19) encrypts to D(= 3) , then the key is
κ ≡ 3 − 19 ≡ −16 ≡ 10 (mod 26) .

3. Chosen plaintext: Choose the letter a as the plaintext.

The ciphertext gives the key. For example, if the
ciphertext is H , then the key is 7.

4. Chosen ciphertext: Choose the letter A as ciphertext. The

plaintext is the negative of the key. For example, if the
plaintext is h, the key is −7 ≡ 19 (mod 26) .
2.2 Affine Ciphers
The shift ciphers may be generalized and slightly
strengthened as follows. Choose two integers α
and β, with gcd(α, 26) = 1 , and consider the
function (called an affine function)

x ↦ αx + β (mod 26).

For example, let α = 9 and β = 2 , so we are

working with 9x + 2. Take a plaintext letter such
as h(= 7). It is encrypted to
9 ⋅ 7 + 2 ≡ 65 ≡ 13 (mod 26), which is the letter

N . Using the same function, we obtain

af f ine ↦ CV V W P M .

How do we decrypt? If we were working with

rational numbers rather than mod 26, we would
1
start with y = 9x + 2 and solve: x = (y − 2) .
9
1
But needs to be reinterpreted when we work
9
mod 26. Since gcd(9, 26) = 1 , there is a
multiplicative inverse for 9 (mod 26) (if this last
sentence doesn’t make sense to you, read
Section 3.3 now). In fact, 9 ⋅ 3 ≡ 1 (mod 26), so 3
is the desired inverse and can be used in place of
1
. We therefore have
9

x ≡ 3(y − 2) ≡ 3y − 6 ≡ 3y + 20 (mod 26).

Let’s try this. The letter V (= 21) is mapped to

3 ⋅ 21 + 20 ≡ 83 ≡ 5 (mod 26) , which is the letter
f . Similarly, we see that the ciphertext

CV V W P M is decrypted back to affine. For more

examples, see Examples 2 and 3 in the Computer
Appendices.
Suppose we try to use the function 13x + 4 as
our encryption function. We obtain

input ↦ ERRER.

If we alter the input, we obtain

alter ↦ ERRER.

Clearly this function leads to errors. It is

impossible to decrypt, since several plaintexts
yield the same ciphertext. In particular, we note
that encryption must be one-to-one, and this fails
in the present case.

What goes wrong in this example? If we solve

1 1
y = 13x + 4 , we obtain x = (y − 4) . But
13 13
does not exist mod 26 since gcd(13, 26) = 13 ≠ 1 .
More generally, it can be shown that αx + β is a
one-to-one function mod 26 if and only if
gcd(α, 26) = 1 . In this case, decryption uses
∗ ∗
x ≡ α y − α β (mod 26), where
∗
αα . So decryption is also
≡ 1 (mod 26)

accomplished by an affine function.

The key for this encryption method is the pair

(α, β). There are 12 possible choices for α with

gcd(α, 26) = 1 and there are 26 choices for β

(since we are working mod 26, we only need to
consider α and β between 0 and 25). Therefore,
there are 12 ⋅ 26 = 312 choices for the key.

Let’s look at the possible attacks.

1. Ciphertext only: An exhaustive search through all 312

keys would take longer than the corresponding search in
the case of the shift cipher; however, it would be very
easy to do on a computer. When all possibilities for the
key are tried, a fairly short ciphertext, say around 20
characters, will probably correspond to only one
meaningful plaintext, thus allowing the determination of
 the key. It would also be possible to use frequency
counts, though this would require much longer texts.

2. Known plaintext: With a little luck, knowing two letters of

the plaintext and the corresponding letters of the
ciphertext suffices to find the key. In any case, the
number of possibilities for the key is greatly reduced and
a few more letters should yield the key.

For example, suppose the plaintext starts with if and the

corresponding ciphertext is PQ . In numbers, this means
that 8 (= i) maps to 15 (= P ) and 5 maps to 16.
Therefore, we have the equations

8α + β ≡ 15 and 5α + β ≡ 16 (mod 26).

Subtracting yields 3α ≡ −1 ≡ 25 (mod 26) , which has the

unique solution α = 17 . Using the first equation, we find
8 ⋅ 17 + β ≡ 15 (mod 26) , which yields β = 9 .

Suppose instead that the plaintext go corresponds to the

ciphertext TH . We obtain the equations

6α + β ≡ 19 and 14α + β ≡ 7 (mod 26).

Subtracting yields −8α ≡ 12 (mod 26) . Since

gcd(−8, 26) = 2 , this has two solutions: α = 5, 18 . The
corresponding values of β are both 15 (this is not a
coincidence; it will always happen this way when the
coefficients of α in the equations are even). So we have
two candidates for the key: (5, 15) and (18, 15). However,
gcd(18, 26) ≠ 1 so the second is ruled out. Therefore, the
key is (5, 15) .

The preceding procedure works unless the gcd we get is

13 (or 26). In this case, use another letter of the
message, if available.

If we know only one letter of plaintext, we still get a

relation between α and β. For example, if we only know
that g in plaintext corresponds to T in ciphertext, then
we have 6α + β ≡ 19 (mod 26). There are 12 possibilities
for α and each gives one corresponding β. Therefore, an
exhaustive search through the 12 keys should yield the
correct key.

3. Chosen plaintext: Choose ab as the plaintext. The first

character of the ciphertext will be α ⋅ 0 + β = β , and the
second will be α + β . Therefore, we can find the key.

4. Chosen ciphertext: Choose AB as the ciphertext. This

yields the decryption function of the form x = α 1 y + β 1 .
We could solve for y and obtain the encryption key. But
why bother? We have the decryption function, which is
what we want.
Random documents with unrelated
content Scribd suggests to you:
It is still better if the letters are represented by numbers which are
in inverse proportion to the frequency of their occurrence.
Phil. Reis,
Teacher at L. F. Garnier’s Institute for boys.
Friedrichsdorf, near Homburg-by-the-Height,

August 1863.
[The foregoing “Prospectus” was accompanied by a further
document printed as a postscript by Reis, at the top of which the
figure of the instrument was repeated, and which ran as follows:—]

“P. P.,
“Since two years ago I succeeded in effecting the possibility of
the reproduction of tones by the galvanic current, and in setting
up a convenient apparatus therefor, the circumstance has found
such a recognition from the most celebrated men of science,
and so many calls to action have come to me, that I have since
striven to improve my originally very incomplete apparatus, so
that the experiments might thereby become accessible to
others.
“I am now in the position to offer an apparatus which fulfils my
expectations, and with which each physicist may succeed in
repeating the interesting experiments concerning reproduction
of tones at distant stations.
“I believe I shall fulfil the wish of many if I undertake to bring
these improved instruments into the possession of the [physical]
cabinets. Since the preparation of the same requires a complete
acquaintance with the leading principles and a tolerable
experience in this matter, I have decided myself to prepare the
most important parts of the same, and to leave the fashioning
of the accessory parts, as also of the external adornments, to
the mechanician.
“The distribution of the same I have made over to Herr J. Wilh.
Albert, mechanician, in Frankfort-on-the-Main, and have placed
 him in the position to deliver these instruments in two qualities,
differing only in external adornment, at the prices of 21 florins
and 14 florins (12 thalers and 8 thalers current), inclusive of
packing. Moreover, the instruments can also be obtained direct
from me at the same prices, upon a cash remittance of the
amount.
“Each apparatus will be tested by me before sending off, and
will then be furnished with my name, an order-number, and with
the year of manufacture.
“Friedrichsdorf, near Homburg-by-the-Height,
“in August 1863.
“Phil. Reis,
“Teacher at L. F. Garnier’s Institute for Boys.”

[In September of the same year the telephone was shown by Prof. R
Böttger at the meeting of the German Naturalists’ Association
(Naturforscher), which met on that occasion at Stettin. Little or
nothing is known of what took place at this exhibition, but Professor
von Feilitzsch, of the neighbouring University of Greifswald, has
informed the author of this work that the Telephone there shown
was of the form figured in Reis’s Prospectus (p. 86), and that Reis
claimed at that time to be able to transmit words by his instruments.
In the same autumn the following notice appeared in Böttger’s
‘Notizblatt,’ and was copied thence into Dingler’s ‘Journal,’ and other
scientific papers.]

[10.] On the Improved Telephone.

[Translated from the original notice which appeared in Böttger’s
‘Polytechnisches Notizblatt,’ 1863, No. 15, p. 225, and in Dingler’s
‘Polytechnisches Journal,’ 1863, vol. clxix. p. 399.]

At the meeting of the Physical Society of Frankfort-on-the-Main, on

the 4th of July, a member of this Society, Herr Ph. Reis, of
Friedrichsdorf, near Homburg-vor-der-Höhe, exhibited some of his
improved Telephones (means for the reproduction of tones at any
desired distance by the galvanic current). It is now two years since
Herr Reis first gave publicity to his apparatus,[31] and though even
already at that time the performances of the same in their simple
artless form were capable of exciting astonishment, yet they had
then the great defect that experimenting with them was only
possible to the inventor himself. The instruments exhibited in the
above-named meeting scarcely reminded one of the earlier ones.
Herr Reis has also striven to give them a form pleasing to the eye,
so that they may now occupy a worthy place in every Physical
Cabinet. These new apparatus may now also be handled by every
one with facility, and work with great certainty. Melodies gently sung
at a distance of about 300 feet were repeated by the instrument
which was set up, much more distinctly than previously. The scale
was reproduced especially sharply. The experimenters could even
communicate words to one another, though certainly indeed only
such as had often been heard by them. In order moreover that
others who are less accustomed [to experimenting] may be able to
understand one another through the apparatus, the inventor has
placed on the side of the same a little arrangement,[32] which
according to his explanation is completely sufficient, the speed of
communication of which is indeed not so great as that of modern
Telegraphs, but which works quite certainly, and requires no special
skill on the part of the one experimenting with it.
We would bring to the notice of gentlemen who are professional
physicists that the inventor of these interesting pieces of apparatus
now has them prepared for sale under his oversight (the important
parts he makes himself), and the same can be procured from him
direct, or through the mechanician, Mr. Wilhelm Albert, of Frankfort-
on-the-Main, at 14 and at 21 florins, in two qualities, differing only in
external adornment.
[A review, written by Dr. Röber of Berlin, of this and other articles
relating to the Telephone appeared subsequently in the ‘Fortschritte
der Physik,’ 1863, p. 96.]
[Another consequence of the publicity thus given to the Telephone
was the appearance of an article on that instrument, under the title
of “Der Musiktelegraph,” in a popular illustrated weekly family paper,
‘Die Gartenlaube,’ published at Leipzig. This article, from the pen, it
is believed, of Dr. Oppel of Frankfort, is made up chiefly of slightly
altered extracts from the previously quoted documents. The form of
the instrument described is identical with that described in Reis’s
‘Prospectus,’ and the figure given in the ‘Gartenlaube,’ No. 51, p.
809, is a reprint, apparently from the same wood-block of the figure
which heads Reis’s Prospectus, and which is reproduced on p. 86 of
this work. The only passage of further interest is a brief sentence
relating to the exhibition of the Telephone at the German Naturalists’
Assembly at Stettin in 1863, and is as follows:—]

[11.]
“Now in order also to give to a still wider circle, especially to
technologists (Fachmännern), the opportunity of witnessing with
their own eyesight the efficiency of this apparatus,—lately, in fact
essentially improved,—Professor Böttger of Frankfort-on-the-Main
exhibited several experiments therewith at the meeting of the
German Naturalists (Naturforscher) and Physicians recently held at
Stettin, in the Section for Physics; which [experiments] would
certainly have been crowned with still greater success if the place of
meeting had been in a less noisy neighbourhood, and had been filled
with a somewhat less numerous audience.”
[The next extract is a brief record from the Report of a scientific
society meeting in Giessen, which during the Austro-Prussian war of
1866 had become disorganised, and which in 1867 published a
condensed account of its proceedings for the preceding years.
Amongst those proceedings was a lecture by the late Professor Buff,
at which Reis’s Telephone was shown, and at which Reis himself is
believed to have been present.]
 [12.] [Extract from the ‘Twelfth Report of the Upper-
Hessian Association for Natural and Medical Science,’
(‘Oberhessische Gesellschaft für Natur und
Heilkunde,’) Giessen, February 1867.]
P. 155. Report on the doings and condition of the Association from
the 1st of July, 1863, to the 1st of July, 1865, by Herr
Gymnasiallehrer Dr. W. Diehl.
... On the 13th of February [1864], ‘On the Tones of the Magnet,
with Application to the Telephone, with experiments,’ by Professor
Buff.

Exhibition of the Telephone to the Naturalists’ Association of

Germany. (Deutsche Naturforscher Versammlung.)

[By far the most important of all the public exhibitions given by Reis
of his Telephone, was that which took place on the 21st of
September, 1864, at Giessen, on the occasion of the meeting of the
German Naturalists’ Association (Versammlung Deutsche
Naturforscher). Here were assembled all the leading scientific men
of Germany, including the following distinguished names, many of
whom are still living:—Prof. Buff (Giessen), Prof. Poggendorff
(Berlin), Prof. Bohn (Frankfurt-a.-M., now of Aschaffenburg), Prof.
Jolly (Munich), Dr. Geissler (Bonn), Prof. Weber (Göttingen), Prof.
Plücker (Bonn), Prof. Quincke (Heidelberg), Prof. Dellmann
(Kreutznach), Prof. Böttger (Frankfurt-a.-M. and Mainz), Prof. Kekule
(Bonn), Prof. Gerlach (Erlangen), Dr. J. Frick (Carlsruhe), Dr. F.
Kohlrausch (Würtzburg), Prof. Reusch (Tübingen), Prof. J. Müller
(Freiburg), Prof. Helmholtz (Heidelberg), Prof. Melde (Marburg), Prof.
Kopp (Marburg), Prof. A. W. Hoffmann (London, now of Berlin),
Mons. Hofmann (Paris, optician), Hofrath Dr. Stein (Frankfurt-a.-M.),
Dr. W. Steeg (Homburg), Mons. Hartnack (Paris, and of Pottsdam),
Prof. G. Wiedemann (Basel, now of Leipzig), E. Albert (Frankfurt-a.-
M., mechanician), Dr. Thudichum (London), W. Schultze (York,
apothecary), Dr. J. Barnard Davis (Shelton), E. J. Chapman (London,
chemist), Dr. L. Beck (London, chemist), Prof. Chas. J. Himes (U.S.A.,
chemist), E. W. Blake (New Haven, U.S.A., student), C. G. Wheeler
(United States Consul in Nürnberg), and many others. Dr. C. Bohn
(now of Aschaffenburg) was Secretary of the Association, and also
Secretary of the Section of Physics. The meetings of this Section
were held in the Laboratory of Professor Buff. Reis came over from
Friedrichsdorf accompanied by his young brother-in-law, Philipp
Schmidt. A preliminary trial on the morning of that day was not very
successful, but at the afternoon sitting, when communications were
made to the Section by Prof. Buff, by Reis himself, and by Prof.
Poggendorff, the instrument was shown in action with great success.
Reis expounded the story how he came to think of combining with
the electric current interruptor a tympanum in imitation of that of
the human ear, narrating his researches in an unassuming manner
that won his audience completely to him; and the performance of
the instrument was received with great applause. Various professors
essayed to experiment with the instrument, with varying degrees of
success according to whether their voices suited the instrument or
not. Amongst these were Prof. Böttger and Prof. Quincke of
Heidelberg, whose account of the occasion is to be found on p. 112.
Dr. Bohn, the Secretary of the Section, wrote for the ‘Journal’
(Tagesblatt), issued daily, the following notice.]

[13.] Extract from the Report of the German Naturalists’

Society, held at Giessen (1864).
“Afternoon sitting on 21st September, 1864.
“Prof. Buff speaks about the tones of iron and steel rods when
magnetised, and exhibits the corresponding experiments.
“Dr. Reis demonstrates his Telephone, gives thereupon an
explanation and the history of this instrument.
“Prof. Poggendorff produces tones in a metal cylinder, the slit up
edges of which touch one another firmly, and which is placed loosely
round an induction-bobbin through which there goes an interrupted
current.”
[This occasion was the crowning point of Philipp Reis’s career, and
might have proved of even greater importance but for two causes:
the inventor’s precarious health, and the indifference with which the
commercial world of Germany viewed this great invention. Where
the keen insight of Reis contemplated the vast possibilities opened
out by the invention of a new mode of inter-communication, others
saw only an ingenious philosophical toy, or at best a pleasing
illustration of certain known principles of acoustic and electric
science. And in spite of the momentary enthusiasm which the
exhibition of the Telephone had evoked, the interest in it dwindled
away. A few of the public journals of that date, noticed the invention
in eulogistic terms and spoke of the prospect it afforded of
communication between distant friends and of simultaneous
concerts being given in different towns, all transmitted telephonically
from one orchestra. But the invention came too early. The public
mind was not yet prepared to take it up, and the enthusiasm died
away. Still in a few of the more important books on Physics,
Acoustics, and Electricity, the matter continued to receive attention.
In the well-known Müller-Pouillet’s ‘Textbook of Physics’ (Lehrbuch
der Physik) edited by Professor J. Müller; in the ‘Technical Physics’ of
Hessler, of Vienna, edited by Professor Pisko; in Pisko’s ‘Recent
Apparatus of Acoustics,’ and particularly in Kuhn’s admirable
‘Handbook of Applied Electricity,’ the Telephone was accepted as a
definite conquest of science, and was described and figured. From
the works named we transcribe the extracts which follow, and which
sufficiently explain themselves.]

[14.] Extract from Müller-Pouillet’s ‘Textbook of

Physics and Meteorology’ (Lehrbuch der Physik und
Meteorologie).
[Published at Brunswick, Sixth ed., 1863, vol. ii. page 352, fig. 325;
and Seventh ed., 1868, vol. ii. pages 386-388, figs. 348-350. The
following translation is from the latter edition.]
“This tone ... has Reis used for the construction of his Telephone.
“Figure 348[33] exhibits Reis’s interrupting apparatus. In the lid of a
hollow cube of wood A, a circular opening is made, which is closed
by an elastic membrane (pig’s lesser intestine) strained over it. Upon
the centre of this membrane is glued a little plate of platinum, which
stands in conductive communication with the clamping-screw a by
means of a quite thin little strip of metal f (distinctly visible in Fig.
349) [Fig. 31].
“Upon the middle of the little platinum plate, rests a short little
platinum pencil, which is fastened at g to the under-side of the strip
of tin-plate h g i, one end of which, h, rests upon the little metal
pillar l, while a little platinum spike fastened upon its under-side at i,
dips into the hollow of the little metal pillar k, containing some
quicksilver. The clamping-screw b, is put into conductive
communication with the little metal pillar k.
“From one pole of the battery there goes a conducting-wire to the
clamping-screw a of the interrupting apparatus Fig. 348 [Fig. 30],
from the other pole of the same there goes a wire to the clamping-
screw d of the reproducing apparatus, Fig. 350 [Fig. 32], which is to
be presently described. The clamping-screw c, of this apparatus, is
connected by a wire with b, Fig. 348 [Fig. 30]. The clamping-screws
c and d are connected with the ends of the wire of the small
magnetising spiral M, Fig. 350 [Fig. 32]; with the connexion
described above, the current of the current-generator (battery) goes,
therefore, through the spiral M.
“As soon now as the sound-waves of an adequately powerful tone
enter through the mouth-piece S into the hollow cube A, the elastic
membrane which closes this at the top is set into vibrations. Each
wave of condensation on entering lifts the little platinum plate
together with the little spike which sits upon it; but if the membrane
swings downwards, the tin-piece h g i, with the little spike at i,
cannot follow it quick enough; there therefore occurs here, at each
vibration of the membrane, an interruption of the current which lets
itself be recognised by a little spark appearing at the place of
interruption.

Fig. 30. (top) Fig. 31. (middle) Fig. 32.

(bottom)

“Now in the spiral M is stuck a knitting-needle, which, as the figure

shows, is fastened into a sounding-board. A lid provided with second
sounding-board may be clapped over the spiral, and the tone be
thereby greatly strengthened.
“If now, tones are produced before the mouth-piece S, whilst one
sings into the same or whilst one blows organ-pipes, one at once
hears at the reproducing apparatus a peculiar creaking noise which
is independent of the pitch of the tones produced at the interrupting
apparatus, but, beside this, those tones are themselves reproduced
by the steel wire distinctly perceptibly, and indeed Reis found that
this is the case for all tones between F and f''.
“In Reis’s experiments the interrupting apparatus was 300 feet
distant from the spiral, and was indeed set up in another house with
closed doors. But since the length of the conducting wire can be
extended just as far as in direct telegraphy, Reis gave to his
apparatus the name Telephone (Jahresbericht des physikalischen
Vereins zu Frankfurt-a.-M. für 1860/61).”

[15.] Extract from Pisko’s ‘Die Neueren Apparate der

Akustik.’
[This book, ‘The more recent Apparatus of Acoustics,’ by Dr. Francis
Joseph Pisko, Professor of Physics in the Gewerbeschule in Vienna,
was published at Vienna in 1865. At that time the novelties in
acoustics were König’s apparatus for the graphic study of sounds,
König’s manometric flames, Schaffgotsch’s singing flames,
Helmholtz’s ‘Researches on the Quality of Sounds,’ Duhamel’s
Vibrograph, Scott and König’s Phonautograph, and Reis’s Telephone.
The account given of the latter is more detailed in some respects
than any other published at the time.]
Page 94.—Principle of the “Telephon” of Reis.
51. (a.) Allied to the Membrane Phonautograph is the “Telephon” of
Reis[34] (Fig. 33). Upon the little membrane, m m, in the middle, is
fastened with adhesive wax the round end s of a light strip of
platinum, n s, so that the platinum strip can join in with all the
vibrations of the membrane. Very near to the central end, s, of the
little platinum strip, n s, a platinum spike stands, in such a way that
it is brought into contact, by the vibrations of the membrane, with
the platinum strip that vibrates with the latter. Suppose now that the
outer end, n, of the platinum strip and the platinum spike are
connected with the poles of a galvanic battery, then, by the vibration
of the membrane the galvanic current will, according to the phase of
the vibration, be alternately established and interrupted. Inserted in
this circuit, an electro-magnetic bell, or an electro-magnetic
telegraph, will give signals to great distances that somebody is
speaking;[35] though, obviously, it cannot inform what is being
spoken.

Fig. 33.
(b.) As is known, an iron wire around which flow rapidly-interrupted
powerful galvanic currents, is thereby thrown into tones which,
according to circumstances, may be longitudinal or transverse or
both together. Such an iron wire, lying in a multiplying wire-coil, G,
Reis inserted at the second [receiving] station, C. The wire emitted
sounds when the membrane was set into vibrations by singing or
speaking (at S, Fig. 33) into the hollow cubical piece A. In the
investigations made by me with the telephone, the rod (of iron)
never altered the pitch of its tone with the most different kinds of
tones and clangs, and always gave only the rhythm of the words
sung or spoken into the piece A (the transmitter) at S. Usually the
air of the song that was sung could be recognised by its rhythm.[36]
The special researches on these points follow in paragraph 53.
However, it is so far clear that there is still plenty of time yet before
we have the simultaneous concerts, and the transmission of singing
to different towns, as the daily newspapers have sanguinely
expected. The apparatus of Reis is certainly a “Telephone” but not a
“Phonic Telegraph.” The single means of transmission for song and
speech—and that only for moderate distances—remains the old
familiar speaking-tube. Nevertheless, the experiment of Reis must
ever be reckoned amongst the most beautiful and interesting of
school-experiments. And since the means for this are so simple, the
apparatus of Reis will certainly find a speedy entrance into
educational establishments that are only moderately endowed. It is
easily proved that the tones of the wire in the telephone do not arise
from acoustic conduction, for by cutting out the coil from the circuit
the tones immediately cease.

1. The Telephone of Reis originally consisted of a cube of wood

with a conical boring. The smaller opening was strained over
with a membrane. A knitting-needle which served for a
sounding wire projected about 2 inches on each side of the
multiplying coil, and lay upon the two bridges of a sounding-
box. The surrounding helix consisted of six layers of thin wire.
Fig. 33 shows the Telephone as it is constructed at the present
 time by the mechanician, Albert, in Frankfort, and by the
mechanician, Hauck, in Vienna, according to the directions of
the inventor.

[52.] Details about the Telephone.

(a.) The same (Fig. 33) consists in its essentials:

1. Of a transmitter, A;
2. Of a receiver, C;
3. Of a galvanic battery, B, and lastly,
4. Of the conducting wires that connect them.

(b.) The transmitter, A, is essentially a parallelepipedal body of

wood. The upper part, u x, of it is cut out of one piece [of wood]
with square cross-section, the side, x x, of which measures 9
centimetres, and its height, u x, 2·8 centimetres.
This part is moveable upon a hinge on the lower little box, A A. If
the cover, x u, is laid back, one sees that a small circle of 3·9
centimetres diameter has been cut out in the same. Into this hole
passes a brass collar with a flange 8 millimetres broad, which is
furnished at one side with a groove like a pulley. Over the collar
there is stretched the membrane, m m, by means of a silk thread
lying in the shoulder of the same. This circular membrane is
surrounded by a wider circular aperture, b b, = 8·5 centimetres. A
shovel-shaped little strip of platinum, n s, lies (over it) leading to the
brass binding-screw, d, with the circular part, s, falling upon the
centre of the membrane.
By means of some sealing-wax this circular part is fastened to the
membrane, and thereby compelled to take part in the vibrations of
the same. The further transmission of the galvanic current from the
centre takes place by means of a platinum or steel point resting in a
cup of mercury, which is extended in a screw, which transmits the
current farther. The point a serves as a support for the angular hook,
a s b, which in general is supported like a tripod, in order that the
point of contact, s, may remain as constant as possible. The hook, a
s b, is simply struck with a hole at a upon a projecting point, and lies
upon a broader under part. From b the galvanic circuit proceeds by
means of an overspun wire to the brass key e (A, Fig. 33), and from
there farther in the direction represented by the arrow.
The lower part A A of the transmitter is put together of thin wood
and forms a parallelepiped, whose height = 6·8 cm., and whose
width = 7·7 cm. An inclined mouthpiece of tin with funnel-shaped
opening serves to receive the tones. The longer side of this
mouthpiece measures 6·7 cm., the shorter 4·7 cm.; the longer
diameter of the widening measures 7·15 cm., the shorter diameter
7·5 cm., and finally the diameter of the narrow tube 3·9 cm.

It is clear that, if necessary, the platinum strip can be replaced

by a strip of thin sheet-brass, the platinum or steel points by
iron. Only in this case the points of contact must be oftener
cleaned to a metallic polish.

(c.) The receiver (Zeichengeber) C is in general a double resonant

box, whose upper part, “the cover,” is moveable upon two hinges,
and can be laid back. The length of this cover is 16·4 cm., its width
9·5 cm., and its height 3·2 cm. The length of the lower box
measures 22·9 cm., its width 9·6 cm., and its height 2·5 cm. The
under part of the resonant box bears two wooden bridges, which
stand about 7·4 cm. from each other, and which serves as supports
for the 21·5 cm. long, and 0·9 cm. thick iron needle destined for
reproducing the tones. The length of spiral wound over the needle,
and designed for making an electro-magnet of the same, is 15 cm.
The wooden covers of both parts, scraped as thin as possible, and
the greatest breadth of the circular holes shown in the figure,
measures 13 mm.
(d.) For a battery one can successfully use a small Smee’s consisting
of four elements, or two larger Bunsen’s cells.
The conductor must be at least sufficiently long that one cannot
perceive the tones that are produced. For correspondence between
the two stations the inventor has employed the electro-magnetic
telegraph arrangement, e v g h, seen in the mechanism, and easily
understood. An agreement in reference to corresponding signs can
be easily arranged, and the simplest way is to accept the signals
arranged by the inventor. (See ‘Prospectus.’)
The receiver C gives, when the key e is pressed, the corresponding
telegraphic signals by means of tones in the rod E E, while at the
transmitter, A, the electro-magnet v gives the signals by means of
the springy armature z.

[53.] Experiments with the Telephone.

(a.) As soon as one brings the mouth to the funnel S and sings, the
membrane of the transmitter, A, vibrates in a corresponding manner,
and the iron rod, E E, at the second station begins to give forth a
tone. Every time a spark is seen at the first station s, the rod at the
other station certainly gives forth a tone. The same is true when one
hears the peculiarly snarling tone which arises from the stroke of the
vibrating platinum strip against the spike of angular hook resting
upon it.
The appearance of these sparks or of the peculiar snarling at the
transmitter A gives the sign to the observers at the station A that the
rod in C is giving a tone. Tones and melodies which were sung into
the sound aperture, and especially sounds in which the teeth and
bones of the head also vibrated (so-called humming tones), always
evoked a tone in the rod or needle E E, and indeed, as already
mentioned (§ 51), without change in the pitch, but only with the
reproduction of the rhythm of the respective song or words.
The pitch of the tone excited at C in the rod E E was in the
apparatus at my disposal h; its strength not very great and its clang
snarly, similar to that of a lightly sounding reed-whistle, somewhat
like that of a child’s wooden trumpet. The cuticle lying about the
heart of the smaller and even the larger mammals (from calves, &c.)
makes the best membranes. Goldbeater’s-skins reproduce only the
deeper tones. The cover of the sounding-box appeared in my
apparatus superfluous, and indeed the tone was somewhat stronger
without the cover.

1. In experiments with the telephone, one must look closely as

to whether the ends of the platinum strip is still fastened to the
membrane, and one must, if necessary, press upon the
membrane. If the strip will no longer stick, heat a knife-blade,
touch a small piece of sealing wax with it, and carry thus the
melted sealing-wax to the under side of the round end of the
platinum-strip, n s. Then press it immediately on the membrane,
m m.
Ph. Reis showed his apparatus in very primitive form for the first
time in October, 1861, to the Physical Society at Frankfort-on-
the-Main; on July 4th, 1863, before the same society, he
showed the form represented in Fig. 33. This time he
experimented upon a distance of 300 feet. Professor Boettger
brought the apparatus before the Naturforscher-Versammlung at
Stettin (1863) in the section for Physics.

[16.] Hessler’s ‘Text-book of Technical Physics,’ vol. i. p.

648.
[Next in chronological order comes a notice of the Telephone in
Hessler’s ‘Lehrbuch der technischen Physik,’ edited by Prof. Pisko,
and published at Vienna in 1866. The brief account given in this
work adds nothing to the accounts previously given, and is evidently
written by some person ignorant of Reis’s own work, for beside
omitting all mention of the transmission of speech by the instrument,
or of its being constructed upon the model of the human ear, the
writer appears not even to know how to spell Reis’s name,[37] and
speaks of him as “Reuss.”]

[17.] Kuhn’s ‘Handbook of Applied Electricity,’

(‘Handbuch der Angewandten Elektricitätslehre,’ von Carl Kuhn),
being vol. xx. of Karsten’s ‘Universal Encyclopædia of Physics’
(Karsten’s ‘Allgemeine Encyclopädie der Physik’).
[Karsten’s ‘Encyclopædia of Physics,’ which has been for many years
a standard work of reference, both in Germany and in this country,
consists of a number of volumes, each of which is a complete
treatise, written by the very highest authorities in Germany. Thus
Helmholtz contributed the volume on Physiological Optics, Lamont
that on Terrestrial Magnetism, whilst the names of Dr. Brix, Professor
von Feilitzsch, and others, are included amongst the authors. Carl
Kuhn, who wrote vol. xx., was Professor in the Royal Lyceum of
Munich, and member of the Munich Academy. Kuhn’s volume on
‘Applied Electricity,’ published in 1866, is to be found on the shelves
of almost every library of any pretensions in Great Britain. The
account given therein of Reis’s Telephone is interesting, because it
describes two forms, both of transmitter and of receiver. In fact the
descriptions and figures are taken almost directly from von Legat’s
Report (p. 70), and from Reis’s Prospectus (p. 87). The extract
translated below includes all the matter that is of importance.]
P. 1017. The researches established by Reis on the 26th of October,
1861, in Frankfurt[38] have already shown that if the current
interruptions follow one another almost continuously and very
rapidly, in a spiral arranged with a thin iron core, the iron wire can
be set into longitudinal vibrations, whereby therefore the same is
constrained to reproduce tones of different pitch.
 [Here follows a reference to Petrina’s Electric Harmonica.]

From the communications made known by Legat, it follows that “the

ideas concerning the reproduction of tones by means of electro-
galvanism which were put forward some time since by Philipp Reis of
Friedrichsdorf, before the Physical Society, and the meeting of the
Free German Institute in Frankfort-on-the-Main,” relate to similar
arrangements. “What has hitherto been attained in the realisation of
this project,” Legat announces in his report, and we extract
therefrom only that part which gives an explanation of the
disposition of the telegraphic apparatus, with which it is said to be
possible to produce the vibrations and the excitement of tones in
any desired manner, and by which the employment of electro-
galvanism is said to make it possible “to call into life at any given
distance vibrations similar to the vibrations that have been produced,
and in this way to reproduce at any place the tones that have been
originated at another place.”
This apparatus consists of the tone-indicator (transmetteur) and the
tone-receiver (récepteur). The tone-indicator (Fig. 34, p. 109)
consists of a conical tube, a b, having a length of about 15 cm., a
front aperture of about 10 cm., and a back aperture of about 4 cm.,
the choice of the material and the greater length of which is said to
be indifferent, while a greater width is said to be injurious; the
surface of the inner wall should be as smooth as possible. The
narrow back aperture of the tube is closed by a membrane, o, of
collodion, and upon the centre of the circular surface formed by this
membrane rests the one end, c, of the lever, c d, the supporting-
point of which, e, being held by a support, remains in connection
with the metallic circuit. This lever, the arm, c e, of which must be
considerably longer than c d, should be as light as possible, so that it
can easily follow the movements of the membrane, because an
uncertain following of the lever, c d, will produce impure tones at the
receiving station. During the state of rest the contact, d g, is closed,
and a weak spring, n, keeps the lever in this state of rest. Upon the
metallic support, f, which is in connection with one pole of the
battery, there is a spring, g, with a contact corresponding to the
contact of the lever, c d, at d, the position of which is regulated by
means of the screw, h. In order that the effect of the apparatus may
not be weakened by the produced waves of air communicating
themselves towards the back part, a disc “of about 50 (?) cm.
diameter, which rests fixedly upon the exterior wall of the tube,” is to
be placed above the tube, a b, at right angles with its longitudinal
axis.
 Fig. 34.

The tone-receiver consists of an electro-magnet, m m, which rests

upon a resounding-board, u w, and the surrounding coils of which
are connected with the metallic circuit and the earth. Opposite to the
electro-magnet there stands an armature, which is connected with a
lever, i, as long as possible but light and broad, and which lever
together with the armature, is fastened like a pendulum to the
support k; its movements are regulated by the screw l and the
spring q. “In order to increase the effect of the apparatus, this tone-
receiver may be placed in the one focus of an elliptically hollowed
cavity of sufficient size, while the ear of the person who listens to
the reproduced sounds ought to be placed at the second focus of
the cavity.” The action of the two apparatus, the general manner of
connection of which may be seen from the illustrations—at the one
station being the tone-indicator, at the other the tone-receiver—is
the following:—By speaking into, singing, or conducting the tones of
an instrument into the tube, a b, there is produced in the tone-
indicator (Fig. 34) in consequence of the condensation and
rarefaction of the enclosed column of air, a motion of the membrane,
c, corresponding to these changes. The lever, c d, follows the
movements of the membrane, and opens or closes the circuit
according as there occurs a condensation or rarefaction of the
enclosed air. In consequence of these actions, the electro-magnet, m
m (Fig. 13), is correspondingly demagnetised or magnetised, and
the armature (and the armature-lever) belonging to it is set into
vibrations similar to those of the membrane of the transmitting
apparatus. By means of the lever, i, connected with the armature,
the similar vibrations are transmitted to the surrounding air, and
these sounds thus produced finally reach the ear of the listener (the
sounding-board increasing the effect). As regards the effectiveness
of this apparatus, the author remarks that while the similar number
of the produced vibrations is reproduced by the receiver, their
original strength has not yet been obtained by it. For this reason also
small differences of vibration are difficult to hear, and during the
practical experiments hitherto made, chords, melodies, &c., could
be, it is true, transmitted with astonishing (?) fidelity, while single
words in reading, speaking, &c., were less distinctly perceived.

[The rest of the article deals with the “square-box” transmitter

described in Reis’s Prospectus, and adds nothing to the
information already published.]

[This is the last of the contemporary documents bearing upon the

performance of Reis’s instruments. From the prominent notice
obtained at the time by the inventor, it is clear that his invention was
even then accorded an honourable place amongst the acknowledged
conquests of science. A critical examination of this body of evidence
proves not only the substantial nature of Reis’s claim, but that the
claim was openly recognised and allowed by the best authorities of
the time. The thing was not done in a corner.]
 CHAPTER V.
TESTIMONY OF CONTEMPORARY WITNESSES.
1. Professor G. Quincke.
2. Professor C. Bohn.
3. Herr Léon Garnier.
4. Ernest Horkheimer, Esq.
5. Dr. R. Messel, F.C.S.
6. Herr Heinrich Holt.
7. Herr Heinrich F. Peter.
8. Mr. Stephen M. Yeates.
9. Dr. William Frazer.

Professor G. Quincke,
Professor of Physics in the University of Heidelberg.

[Professor Quincke, whose name is so well known in connection

with his researches in molecular physics and in many problems
of the highest interest to those acquainted with electrical
science, was one of those present at the Naturforscher
Versammlung held at Giessen in 1864, where Reis’s Telephone
was publicly exhibited by its inventor, see page 93, ante. His
testimony, coming from so high authority, is therefore of
exceptional value.]

“Dear Sir,
“I was present at the Assembly of the German Naturalists’
Association (Naturforscher Versammlung) held in the year 1864 in
Giessen, when Mr. Philipp Reis, at that time teacher in the Garnier
Institute at Friedrichsdorf, near Frankfort-on-the-Main, showed and
explained to the assembly the Telephone which he had invented.
“I witnessed the performance of the instruments, and, with the
assistance of the late Professor Böttger, heard them for myself.
“The apparatus used consisted of two parts—a transmitter and a
receiver. The transmitter was a box, one side of which was furnished
with a tube into which the speaking was to be done. At the top or
the side of the box there was a circular opening, covered by a
tympanum of membrane, upon which was fastened a piece of
platinum. This piece of platinum was in communication with one
pole of the galvanic battery. Over the membrane, resting upon the
platinum, and in contact with it, was a piece of metal furnished with
a platinum point, also in connection with one pole of the battery.
“The receiver consisted of a common knitting needle of steel,
surrounded by a magnetising coil of insulated wire, which also
formed a part of the circuit, the whole resting on a resonant box.
“I listened at the latter part of the apparatus, and heard distinctly
both singing and talking. I distinctly remember having heard the
words of the German poem, ‘Ach! du lieber Augustin, Alles ist hin!’”
&c.
“The members of the Association were astonished and delighted,
and heartily congratulated Mr. Reis upon the success of his
researches in Telephony.

(Signed) “Dr. G. Quincke, Professor.

“Heidelberg, 10th March, 1883.”

Professor C. Bohn.
[Professor C. Bohn, of Aschaffenburg, was formerly Secretary to
the German “Naturforscher” Association, was also Secretary to
the Physical Section of this Society (vide p. 93). In that capacity
he had every opportunity of knowing what was going on in
 science; hence the following (translated) letter, addressed to the
author of this book, is of peculiar value.]

“Most esteemed Sir,

“I willingly answer, as well as I am able to do so, the questions put
by you. In order to explain that my recollections may not have all
the sharpness that might be wished, I make the following prefatory
statement. I have, about 1863, held numerous conferences with Mr.
Reis and with my deceased colleague, Professor H. Buff, of Giessen,
and on these occasions have argued the question how it is that the
transmission of thoughts to a distance by the sensation of the ear
has a distinctly less value than transmission by that which is
written....
“And now to your questions. I was not at Stettin in 1863. At the
experiments at Giessen in the Naturforscher Assembly on 21st
September, 1864, I was present; the short notice about them in the
journal (‘Tagesblatt’) is from my pen. I was Secretary of the
Assembly and of the Physical Section. I remember, however, almost
absolutely nothing about these experiments. But I remember well
that previously—therefore probably as early as 1863—having jointly
made the experiments with Reis’s telephone in Buff’s house in
Giessen.... I have myself, as speaker and as hearer, at least twice, in
the presence of Reis, made the experiments.
“It was known to me (in 1863-64) that Reis intended to transmit
words, and certainly spoken words as well as those sung. My
interest in the matter was, however, a purely scientific one, not
directed to the application as a means of profit.
“With great attention the sense of the words was understood. I have
understood such myself, without knowing previously what would be
the nature of the communication through the telephone. Words
sung, especially well accentuated and peculiarly intoned, were
somewhat better (or rather less incompletely) understood than those
spoken in the ordinary manner. There was indeed a boy (son of
Privy-Councillor Ihering, now of Göttingen, then of Giessen), who
was known as specially accomplished as a speaker. He had a rather
harsh North-German dialect, and after the first experiments hit on
the right way to speak best, essential for understanding. I myself did
not understand Professor Buff through the telephone. Whether the
speaker could be recognized by his voice I doubt. We knew
beforehand each time who speaks. Yet I remember that a girl could
be distinguished from that boy by the voice.
“The ear was at times laid upon the box of the apparatus, also upon
the table which supported the telephone. Then it was attempted to
hear at a distance, with the ear in the air; in this respect, when
singing, with good result. At times the lid was taken off, or the same
was connected more or less tightly or loosely with the lower part.
The result of these changes I can no longer give with distinctness....
“Should you desire further information, I am ready to give you it
according to my best knowledge.

“Hochachtungsvoll ergebenster,
“Dr. C. Bohn.
“Aschaffenburg,
“10th September, 1882.”

Léon Garnier.
[Herr Léon Garnier, Proprietor and Principal of the Garnier
Institute at Friedrichsdorf, is the son of the late Burgomaster
Garnier, who founded the establishment, and who, as previously
narrated, encouraged Philipp Reis in his work and offered him
the post of teacher of Natural Science. Herr Léon Garnier owns
the small collection of instruments which Reis left behind, and
which are preserved in the Physical Cabinet attached to the
Institute, where also may be seen the gravitation machine—an
ingenious combination of the principles of Atwood’s and Morin’s
 machines—and the automatic weather-recorder invented by
Reis, both, however, very greatly out of repair. Herr Garnier has
furnished to a friend the following particulars about Reis and his
invention.]

“I knew Philipp Reis, now deceased, during his life-time.... About the
year 1859, he was employed by my father, then proprietor and
director of the Friedrichsdorf Garnier Institute, as teacher of
mathematics and natural sciences. He employed his hours of leisure
in experimenting for himself in a house occupied by himself, and in
which he had established a physical laboratory with a view mainly of
realizing an idea which he had conceived sometime before of
transmitting the human voice over divers metallic conductors by
means of a galvanic current.... I remember especially, that, standing
at the end of the wire or conductor, Mr. Reis speaking through his
instrument, I distinctly heard the words: ‘Guten Morgen, Herr
Fischer’ (Good morning, Mr. Fischer); ‘Ich komme gleich’ (I am
coming directly); ‘Passe auf!’ (Pay attention!); ‘Wie viel Uhr ist es?’
(What o’clock is it?); ‘Wie heisst du?’ (What’s your name?) We often
spoke for an hour at a time. The distance was about 150 feet.

“Léon Garnier.”

Ernest Horkheimer, Esq.

“Manchester, Dec. 2, 1882.
“Professor S. P. Thompson,

“Dear Sir,
“In reply to your favour of 31st instant, I shall be very happy to give
you all the information I can with respect to the telephonic
experiments of my late friend and teacher Mr. Philipp Reis. I would
express my gratification at finding that you are trying to put my old
teacher’s claims on their just basis. I have always felt that in this
race for telephonic fame, his claims have been very coolly put aside
or ignored. That he did invent the Telephone there is not the
remotest doubt. I was, I think, a great favourite of his; and at the
time his assumption was that I was destined for a scientific career,
either as a physicist or a chemist; and I believe that he said more to
me about the telephone than to any one; and I assisted him in most
of his experiments prior to the spring of 1862.
“Philipp Reis intended to transmit speech by his telephone—this was
his chief aim; the transmitting of musical tones being only an after-
thought, worked out for the convenience of public exhibition (which
took place at the Physical Society at Frankfort-on-the-Main). I myself
spent considerable time with him in transmitting words through the
instruments. We never (in my time) got the length of transmitting
complete sentences successfully, but certain words, such as ‘Wer
da?’ ‘gewiss,’ ‘warm,’ ‘kalt,’ were undoubtedly transmitted without
previous arrangement. I believe Reis made similar experiments with
his brother-in-law.

Fig. 35. Fig. 36.

“I recollect the instrument in the shape of the human ear very well:
it was Reis’s earliest form of transmitter. The transmitter underwent
a great many changes, even during my time. The form you sketch
(Fig. 9, p. 20) was almost the oldest one, and was soon superseded
by the funnel-shape (Fig. 35). The back was always closed by a
tympanum of bladder, and many a hundred bladders were stretched,
torn, and discarded during his experiments. I recollect him stating to
me that he thought a very thin metal tympanum would eventually
become the proper thing, and one was actually tried, coated over on
one side with shellac, and on the other likewise, except at the point
of contact (Fig. 36). I believe it was made of very thin brass, but at
the time the experiments were not satisfactory. Talc was also tried,
but without success, the platinum contacts being in all cases
preserved.
“I remember very well indeed the receiver with a steel wire,
surrounded by silk-covered copper wire. The first one was placed on
an empty cigar-box, arranged thus:—

Fig. 37.

“The wire was a knitting-needle and the copper wire was spooled on
a paper case.

“The spiral was supported by a little block of wood, so as to allow

the knitting-needle not to touch it anywhere. Later on a smaller
cigar-box was invented as a cover—thus; (Fig. 38)—having two
holes cut into it like the f-holes in a violin.
 Fig. 38.

“The practice was to place the ear close to the receiver, more
particularly so when the transmission of words was attempted.
“The spiral was, during the early experiments, placed on a violin—in
fact, a violin which I now possess was sometimes used, as it was of
a peculiar shape, which Reis thought would help the power of tone.
“I have already enumerated some of the words which were
transmitted, but there were many more; on one occasion a song,
known in this country as ‘The Young Recruit’ (Wer will unter die
Soldaten) was transmitted, the air and many of the words being
clearly intelligible.
“I do not recollect seeing the receiver shewn in the woodcut (Fig.
21), but Reis often said that he would make such a one, although
the sketch he made for me then differed in some details from your
woodcut. Reis intended to keep me fully informed of all he could
achieve, but, immediately after leaving his tuition, I fell ill, and was
laid up for a very long time. Shortly afterwards I left for England,
and then he died, and I never saw him again. The electromagnet
form was certainly strongly in his mind at the time we parted, and
he drew many alternative suggestions on paper, which have
probably been destroyed; but the electromagnets in all of them were
placed upright, sometimes attached to the top of a hollow box, and
sometimes to the bottom of a box arranged thus (Figs. 39, 40); but,
Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookbell.com