To construct a cipher that can be used in real

world, we need to employ more abstract

mathematical ideas. The crucial mathematics
concept required is modulus arithmetics.
Modulus Arithmetic in the set Zm

Definition 18 Let
Zm = {0, 1, . . . , m − 1}.
For any a, b ∈ Zm , we define
a + b = ia,b and a × b = ja,b
such that 0 ≤ ia,b ≤ m − 1, 0 ≤ ja,b ≤ m − 1 and
a + b ≡ ia,b mod m and a × b ≡ ja,b mod m.
The main idea to define + and × is to identify
numbers larger than m by a number in the range
from 0, . . . , m − 1. In fact, we are simply doing
modulus arithmetic.
Note that + and × defined on Zm satisfy the usual
rules such as associate law, commutative law,
distributive law etc.
Commutative law: For any a, b in Zm ,
a + b ≡ b + a mod m, a × b = b × a mod m.
Associative law: For any a, b, c in Zm ,
a + (b + c) ≡ (a + b) + c mod m,
a × (b × c) = (a × b) × c mod m.
Distributive law: For any a, b, c in Zm ,
a × (b + c) ≡ (a × b) + (a × c) mod m.
These laws help simplifying calculations.
However, the arithmetic in Zm is quite different from
that in Z. For example, it is possible that there exist
a, b ∈ Zm such that a 6= 0 and b 6= 0 but a × b = 0.
To see that, just check that 2 × 2 = 0 in Z4 .
Example. In Z71 , find 31 × 24, 2130 and the inverse
of 20.
31 × 24 ≡ 744 ≡ 34 mod 71. Therefore,
31 × 24 = 34 in Z71 .
Now, 212 = 441 = 15, 214 = 152 = 225 = 12,
218 = 122 = 144 = 2, 2116 = 22 = 4. Therefore,
2130 = 2116+8+4+2 = 4 × 2 × 12 × 15 = 20.
Observe that 71 = 20 × 3 + 11,
20 = 11 + 9, 11 = 9 + 2 and 9 = 2 × 4 + 1.
Therefore,
1 = 9 − 2 × 4 = 9 − (11 − 9) × 4 = 5 × 9 − 11 × 4
= 5 × (20 − 11) − 11 × 4 = 5 × 20 − 11 × 9 =
5 × 20 − (71 − 3 × 20) × 9 = 32 × 20 − 71 × 9.
Therefore, 32 × 20 = 1 in Z71 .
Theorem 19 Let p be a prime number. Then for
any integer a with p - a, ap−1 ≡ 1 mod p. In other
words, for any a ∈ Zp , if a 6= 0, then ap−1 = 1.
The above result is no longer true if p is not a
prime. That is, if p is not a prime, ap−1 needs not
be 1 in Zp . This property of prime number can be
used as a test if p is a prime number.
Example. In Z14 , show that 313 6= 1.
To prove Theorem 19, we need to use the fact that
when p is prime and if a, b, c in Zp , a 6= 0 and
ab = ac, then b = c.
It follows that if a 6= 0, then
a × 1, a × 2, . . . , a × (p − 1) are distinct nonzero
elements in Zp . Therefore,

ap−1 1 · 2 · · · (p − 1) = (a × 1)(a × 2) · · · (a × (p − 1))

= 1 · 2 · · · (p − 1).
Hence, ap−1 = 1.
Example. Prove that Z7 = {0, 1, 3, 32 , 33 , 34 , 35 }
but Z7 6= {0, 1, 2, 22 , 23 , 24 , 25 }.
Definition 20 We define

Z∗m = {1 ≤ i ≤ (m − 1) : gcd(i, m) = 1}

and φ(m) = |Z∗m |. φ is called the Euler function.

Example: Z∗3 = {1, 2}, Z∗9 = {1, 2, 4, 5, 7, 8}, and
Z∗10 = {1, 3, 7, 9}.
φ(3) = 2, φ(9) = 6, φ(10) = 4.
Observe that if p is a prime number, Z∗p = Zp \{0}.
As subsets of Zm , we can add and multiply elements
in Z∗m . However, if a, b ∈ Z∗m , it is not necessary
true that a + b ∈ Z∗m . For example, 1 ∈ Z∗4 but
2=1+1∈ / Z∗4 . Nevertheless, we can prove the
following:
Theorem 21 Z∗m is closed under multiplication, i.e.
if a, b ∈ Z∗m , then a × b ∈ Z∗m .
The number of elements in Z∗m is denoted by φ(m).
φ is called the Euler function.

Example.
∗
1 Z6 = {1, 5} and φ(6) = 2.
∗
2 Z8 = {1, 3, 5, 7} and φ(8) = 4.
∗
3 Z9 = {1, 2, 4, 5, 7, 8} and φ(9) = 6.

4 φ(pq) = (p − 1)(q − 1) if p, q are distinct

primes.
Theorem 22 Let m be an integer. For any a ∈ Z∗m ,

aφ(m) = 1.

Theorem 23 Let p be a prime number. There

exists element g ∈ Z∗p such that

Z∗p = {1, g , g 2 , . . . , g p−2 }.

g is called a generator of Z∗p .

Asymmetric Cipher and Public Key System

We have seen several examples of ciphers which

have a common feature.
Bob wants to send a secret message to Alice. He
uses a secret key k to scramble his plaintext
message m and turn it into a ciphertext c.
Alice, upon receiving c, uses the secret key k to
unscramble c and reconstitute m.
In other words, both of them know the same
information about the cipher. We call this type of
cipher symmetric cipher.
One problem for using a symmetric cipher is that,
Alice and Bob must first mutually agree on a secret
key k.
How is it possible if they don’t have the opportunity
to meet or communicate before sending out their
messages? If every communication between them is
monitored by their adversary Eve, is it possible for
Alice and Bob to exchange a secret key under these
conditions?
Furthermore, it is possible that Alice needs to
communicate with several friends. Alice may then
need to keep track of key used for each friend.
To summarize, we note the following:
Symmetric cipher:
Use the same key in encryption and decryption.
The encryption/decryption key needs to be kept
secret.
It is based on simple logical operations, hence
more efficient.
Asymmetric cipher, Public Key Cryptosystem
(PKC):
Use different keys in encryption and decryption.
Neet to keep the decryption key secret but the
encryption can be made public.
It is based on hard mathematical problems,
hence more complex and inefficient
computations.
It simplifies key management as it is easier to
distribute public keys which can be published.
Public-Key Cryptography and RSA Cryptosystem

Diffie and Hellman proposed a cryposystem that

enciphering key could be made public while it is still
computationally infeasible to obtain the deciphering
key. That is the central idea of public key (or
asymmetric) cryptography.
In a Public-key cryptography system, each user has
a public key and a private key.
Public key is used to encipher a message and a
private key is used to decipher a message.
The public keys of all users are known to all. If A
wants to send a message to B, A looks up for B’s
public key, using it to encipher the message and
sends it to B. Then B uses his private key to
decipher the message.
RSA Cryptosystem

RSA cryptosystem was invented by Rivest, Shamir,

and Adleman in 1978.
m: message (encoded as a number); c: cipher
Encryption
1 Fix integers n and e; (Normally, n = p × q

where p, q are large prime numbers.

e
2 Compute c = m mod n;
Decryption
1 Compute d, the inverse of e mod φ(n), i.e.
d · e ≡ 1 mod φ(n).
2 Compute m = c d mod n
The main idea of RSA Cryptosystem bases on the
fact that if gcd(a, n) = 1, then aφ(n) ≡ 1 mod n.
Note that d · e ≡ 1 mod φ(n) means that d · e − 1
is a multiple of φ(n), say de − 1 = kφ(n) for an
integer k.
Therefore, if gcd(m, n) = 1, then

c d ≡ (me )d ≡ med ≡ mkφ(n)+1 ≡ m mod n.

gcd(m, n) 6= 1, i.e. m = 0, or a multiplie of p or q

If m = 0, then c d ≡ 0ed ≡ 0 ≡ m mod n.

Since 0 < m < n and n = pq, m is a multiple of
p or q but not both.
If m = rp for some integer r , then
gcd(m, q) = 1.
By Theorem 19, mq−1 ≡ 1 mod q. Hence
mkφ(n) ≡ mk(p−1)(q−1) 1 ≡ mod q.
So there exists an integer t such that
mkφ(n) = 1 + tq.
Then c ed = m1+kφ(n) = mkφ(n) m = (1 + tq)m =
m + trpq ≡ m mod n.
RSA Cryposystem

1 For each user B, fix two large primes p and q

and set n = pq.
2 Compute φ(n) = (p − 1)(q − 1).
3 Take a number e such that gcd(e, φ(n)) = 1.
4 B computes d, the inverse of e in Zφ(n) .
5 Suppose A wants to send a message to B,
represented by a number m.
6 A computes c = me mod n, and sends the
number c to B.
7 B decrypts the message m by computing
m = c d mod n.
RSA cryposystem is a public-key crytography
system.
Note that the public key for each user is (n, e).
But n, e are chosen for each user.
Strictly, we should write (n(B), e(B)) for each user
B. In other words, n(B) may be different for each
user.
If a user want to have a secure system, he/she
should not use the same n as other user.
The security of the RSA cryptosystem depends on
the belief that even n(B) and e(B) are knonw, it is
computationally infeasible to compute d(B). That
means, even if n(B) is known, it is not easy to
compute φ(n(B)).
The difficulty of finding φ(n(B)) hinges on the
difficulty of factoring n(B).
Example

Let n = 47 × 71 = 3337. Then choose e (at

random) to be our encryption key.
Note that e, and φ(n) = 46 × 70 = 3220 must be
relatively prime.
Say, if we set e = 79, then find the inverse of
e mod 3220. Using Euclidean algorithm, we can
show that d = 1019.
Let us encrypt the message that is represented by a
number: 6882326879666683.
Instead of sending the whole number, we first break
it into six blocks, 688 232 687 966 668 3.
Let us first encrypt the first block.

68879 ≡ 1570 mod 3337, 23279 ≡ 2756 mod 3337, . . .

Therefore, the encrypted message is the number

1570 2756 2714 2276 2423 .
To decrypted the message, we calculate

15701019 ≡ 688 mod 3337, 27561019 ≡ 232, . . . ,

In using RSA, we need to deal with a large key (i.e.
a lot of information). It will be difficult for users to
manage (remember) the key. Moreover, it is slow to
implement RSA.

Therefore, RSA is rarely used to encipher plaintext.

But it does provide a secure way for short but
important messages such as key exchange and
digital signatures.
The security of RSA depends on the belief that it is
difficult (i.e. takes a long time even computers are
used) to factorize an integer. So, it is important to
find efficient ways to factorize integers.
Digitial Signatures

A conventional ink-on-paper signature is a signature

attached physically to a paper document.
It is used to to prove a certain person responsible
for the document.
How do we verify the authencity of a digital
document?
A digital signature binds an electronic identity to a
digital message using a cryptographic algorithm.
Usually, the signature cannot be simply ”copied” to
another document.
Digital signatures are usually used to address the
following security problems:
Authentication: The receiver of the message needs
to confirm the identity of the sender.
Integrity: The receiver has to be sure that the
message has not been altered during the
transmission.
Non-repudiation: The receiver has to prevent the
sender from denying the message at a later time.
Issues concernig digital signature scheme

The signature must be a function of the entire

document.
PKC are relatively slow in general. It is
undesirable to apply digital signature directly to
a long message.
Cryptographic Hash functions are used.
Example: Digital Signature using RSA

Suppose Alice’s public key is (85, 3). Then it can be

checked that 43 is her private key.
Alice can send a message(her signature) represented
by a number m. She then computes
c = m43 mod 85 and send c to Bob.
Upon receiving c, Bob computes c 3 mod 85 (Alice’s
public key is (85, 3)) to recover the signature.
Hybrid Approach

In practice, symmetric cipher and PKC are usually

used together.
Use PKC for key exchange and digital signature.
Use Symmetric cipher for bulk data encryption.
For example: a sender generates a one-time
symmetric encryption key (usually called session key
KS).
Next, the sender encrypts session key with the
recipients public key.
Then, the sender encrypts the bulk data with the
session key.
Finally, the sender uses its private key to perform
digital signature on the message.
Blockchain

Blockchain can be used to address the problem of

integrity as well.
A blockchain acts as a decentralized digital ledger
that records transactions on thousands of
computers globally in such a way that the registered
transactions cannot be altered retrospectively.
Blockchain uses different types of cryptography
including ECDSA and elliptic curve to authenticate
transactions.