Keamanan Informasi2 Pertemuan

4
Mohammad Hafiz Hersyah, M.T
Rifki Suwandi, M.T
“Mathematics has long been known in the printing
trade as difficult, or penalty, copy because it is
slower, more difficult, and more expensive to
set in type than any other kind of copy.”

—Chicago Manual of Style,

14th Edition
Divisibility

• We say that a nonzero b divides a if a = mb for some m, where a,

b, and m are integers
• b divides a if there is no remainder on division
• The notation b | a is commonly used to mean b divides a
• If b | a we say that b is a divisor of a

The positive divisors of 24 are 1, 2, 3, 4, 6, 8, 12, and 24

13 | 182; - 5 | 30; 17 | 289; - 3 | 33; 17 | 0
Properties of Divisibility

• If a | 1, then a = ±1
• If a | b and b | a, then a = ±b
• Any b ≠ 0 divides 0
• If a | b and b | c, then a | c

• If b | g and b | h, then b | (mg + nh) for

arbitrary integers m and n

11 | 66 and 66 | 198 = 11 | 198

Properties of Divisibility

• To see this last point, note that:

– If b | g , then g is of the form g = b * g1 for some integer g1
– If b | h , then h is of the form h = b * h1 for some integer h1
• So:
– mg + nh = mbg1 + nbh1 = b * (mg1 + nh1 )
and therefore b divides mg + nh

b = 7; g = 14; h = 63; m = 3; n = 2
7 | 14 and 7 | 63.

To show 7 (3 * 14 + 2 * 63),
we have (3 * 14 + 2 * 63) = 7(3 * 2 + 2 * 9),
and it is obvious that 7 | (7(3 * 2 + 2 * 9)).
Division Algorithm

• Given any positive integer n and any nonnegative integer a, if we

divide a by n we get an integer quotient q and an integer
remainder r that obey the following relationship:

a = qn + r 0 ≤ r < n; q = [a/n]
Euclidean Algorithm
• One of the basic techniques
of number theory
• Procedure for determining
the greatest common divisor
of two positive integers
• Two integers are relatively
prime if their only common
positive integer factor is 1
Greatest Common Divisor (GCD)
• The greatest common divisor of a and b is the
largest integer that divides both a and b
• We can use the notation gcd(a,b) to mean the
greatest common divisor of a and b
• We also define gcd(0,0) = 0
• Positive integer c is said to be the gcd of a and b if:
• c is a divisor of a and b
• Any divisor of a and b is a divisor of c

• An equivalent definition is:

gcd(a,b) = max[k, such that k | a and k | b]

 GCD
• Because we require that the greatest common divisor be
positive, gcd(a,b) = gcd(a,-b) = gcd(-a,b) = gcd(-a,-b)
• In general, gcd(a,b) = gcd(| a |, | b |)
gcd(60, 24) = gcd(60, - 24) = 12
• Also, because all nonzero integers divide 0, we have gcd(a,0)
=|a|
• We stated that two integers a and b are relatively prime if
their only common positive integer factor is 1; this is
equivalent to saying that a and b are relatively prime if
gcd(a,b) = 1
8 and 15 are relatively prime because the positive divisors of 8 are 1, 2, 4, and 8, and the
positive divisors of 15 are 1, 3, 5, and 15. So 1 is the only integer on both lists.
 Table 4.1
Euclidean Algorithm Example

(This table can be found on page 91 in the textbook)

Modular Arithmetic
• The modulus
– If a is an integer and n is a positive integer, we define
a mod n to be the remainder when a is divided by n;
the integer n is called the modulus
– thus, for any integer a:
a = qn + r 0 ≤ r < n; q = [a/ n]
a = [a/ n] * n + ( a mod n)

11 mod 7 = 4; - 11 mod 7 = 3
Modular Arithmetic
• Congruent modulo n
– Two integers a and b are said to be congruent
modulo n if (a mod n) = (b mod n)
– This is written as a = b(mod n)2
– Note that if a = 0(mod n), then n | a

73 = 4 (mod 23); 21 = - 9 (mod 10)

Properties of Congruences
• Congruences have the following properties:
1. a = b (mod n) if n (a – b)
2. a = b (mod n) implies b = a (mod n)
3. a = b (mod n) and b = c (mod n) imply a = c
(mod n)
• To demonstrate the first point, if n (a - b), then (a - b)
= kn for some k
• So we can write a = b + kn
• Therefore, (a mod n) = (remainder when b + kn is divided by
n) = (remainder when b is divided by n) = (b mod n)

23 = 8 (mod 5) because 23 - 8 = 15 = 5 * 3
- 11 = 5 (mod 8) because - 11 - 5 = - 16 = 8 * (- 2)
81 = 0 (mod 27) because 81 - 0 = 81 = 27 * 3
 Modular Arithmetic
• Modular arithmetic exhibits the following properties:

1. [(a mod n) + (b mod n)] mod n = (a + b) mod n

2. [(a mod n) - (b mod n)] mod n = (a - b) mod n

3. [(a mod n) * (b mod n)] mod n = (a * b) mod n

• We demonstrate the first property:
• Define (a mod n) = ra and (b mod n) = rb. Then we can write a = ra + jn for
some integer j and b = rb + kn for some integer k
• Then:

(a + b) mod n = (ra + jn + rb + kn) mod n

= (ra + rb + (k + j)n) mod n

= (ra + rb) mod n

= [(a mod n) + (b mod n)] mod n

Remaining Properties:
• Examples of the three remaining properties:

11 mod 8 = 3; 15 mod 8 = 7
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2
(11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) - (15 mod 8)] mod 8 = - 4 mod 8 = 4
(11 - 15) mod 8 = - 4 mod 8 = 4
[(11 mod 8) * (15 mod 8)] mod 8 = 21 mod 8 = 5
(11 * 15) mod 8 = 165 mod 8 = 5
Table 4.2(a) Arithmetic Modulo 8
Table 4.2(b) Multiplication Modulo 8
Table 4.2(c)

Additive
and
Multiplicative Inverses
Modulo 8
Table 4.3
Properties of Modular Arithmetic for Integers in Z n
Table 4.4
Extended Euclidean Algorithm Example
For given integers a and b, find <d,x,y> satisfying: ax + by = d = gcd(a,b)

a
b

Result: d = 1; x = –111; y = 355

Groups
• A set of elements with a binary operation denoted by  that
associates to each ordered pair (a,b) of elements in G an element
(a  b ) in G , such that the following axioms are obeyed:
• (A1) Closure:
• If a and b belong to G, then a  b is also in G

• (A2) Associative:
• a  (b  c) = (a  b)  c for all a, b, c in G

• (A3) Identity element:

• There is an element e in G such that a  e = e  a = a for all a in G

• (A4) Inverse element:

• For each a in G, there is an element a in G such that aa = a  a = e

• (A5) Commutative:
• a  b = b  a for all a, b in G
Cyclic Group
• Exponentiation is defined within a group as a
repeated application of the group operator, so that
a3 = a  a  a
• We define a0 = e as the identity element, and a-n =
(a’)n , where a’ is the inverse element of a within the
group

• A group G is cyclic if every element of G is a power

ak (k is an integer) of a fixed element
• The element a is said to generate the group G or to be a
generator of G
• A cyclic group is always abelian and may be finite or infinite
 Rings
• A ring R , sometimes denoted by {R , + , * }, is a set of elements with two binary
operations, called addition and multiplication, such that for all a , b , c in R the following
axioms are obeyed:
(A1–A5)
R is an abelian group with respect to addition; that is, R satisfies axioms A1 through A5. For the case
of an additive group, we denote the identity element as 0 and the inverse of a as –a
(M1) Closure under multiplication:
If a and b belong to R , then ab is also in R
(M2) Associativity of multiplication:
a (bc ) = (ab)c for all a , b , c in R
(M3) Distributive laws:
a (b + c ) = ab + ac for all a , b , c in R
(a + b )c = ac + bc for all a , b , c in R

• In essence, a ring is a set in which we can do addition, subtraction [a - b = a + (-b )], and
multiplication without leaving the set
Rings (cont.)
• A ring is said to be commutative if it satisfies
the following additional condition:
(M4) Commutativity of multiplication:
ab = ba for all a, b in R
• An integral domain is a commutative ring that
obeys the following axioms.
(M5) Multiplicative identity:
There is an element 1 in R such that a 1 = 1a = a
for all a in R
(M6) No zero divisors:
If a , b in R and ab = 0, then either a = 0 or b = 0
Fields
• A field F , sometimes denoted by {F, +,* }, is a set of elements with
two binary operations, called addition and multiplication, such that for
all a, b, c in F the following axioms are obeyed:
(A1–M6)
F is an integral domain; that is, F satisfies axioms A1 through A5 and M1

through M6
(M7) Multiplicative inverse:
For each a in F, except 0, there is an element a-1 in F such that aa-1 = (a-1 )a = 1
• In essence, a field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set. Division is defined
with the following rule: a /b = a (b-1 )
Familiar examples of fields are the rational numbers, the real numbers, and the
complex numbers. Note that the set of all integers is not a field, because not
every element of the set has a multiplicative inverse.
Group,
Ring,
and
Field
Finite Fields of the Form GF(p)
• Finite fields play a crucial role in many
cryptographic algorithms
• It can be shown that the order of a finite field
must be a power of a prime pn, where n is a
positive integer
• The only positive integers that are divisors of p are
p and 1
• The finite field of order pn is generally written
GF(pn )
• GF stands for Galois field, in honor of the
mathematician who first studied finite fields
Table 4.5(a) Arithmetic in GF(7)

(a) Addition modulo 7

Table 4.5(b) Arithmetic in GF(7)

(b) Multiplication modulo 7

Table 4.5(c)
Arithmetic
in GF(7)

(c) Additive and multiplicative

inverses modulo 7
In this section, we have
shown how to construct a
finite field of order p, where
p is prime.
GF(p) is defined with the
following properties:
• 1. GF(p) consists of p elements
• 2. The binary operations + and *
are defined over the set. The
operations of addition,
subtraction, multiplication, and
division can be performed without
leaving the set. Each element of
the set other than 0 has a
multiplicative inverse
• We have shown that the elements
of GF(p) are the integers {0, 1, . . . ,
p – 1} and that the arithmetic
operations are addition and
multiplication mod p
Polynomial Arithmetic
• We can distinguish three classes of polynomial
arithmetic:

• Ordinary polynomial arithmetic, using the basic

rules of algebra

• Polynomial arithmetic in which the arithmetic on the

coefficients is performed modulo p; that is, the
coefficients are in GF(p )

• Polynomial arithmetic in which the coefficients are in

GF(p ), and the polynomials are defined modulo a
polynomial m (x ) whose highest power is some integer n
Ordinary Polynomial Arithmetic Example
As an example:
let f(x) = x3 + x2 + 2 and g(x) = x2 - x + 1, where S is the set of
integers

Then:
f(x) + g(x) = x3 + 2x2 - x + 3
f(x) - g(x) = x3 + x + 1
f(x) * g(x) = x5 + 3x2 - 2x + 2

Figures 4.3a through 4.3c show the manual calculations

Polynomial Arithmetic With Coefficients in Zp

• If each distinct polynomial is considered to be an

element of the set, then that set is a ring
• When polynomial arithmetic is performed on
polynomials over a field, then division is possible
• Note: this does not mean that exact division is possible

• If we attempt to perform polynomial division over a coefficient set

that is not a field, we find that division is not always defined
• Even if the coefficient set is a field, polynomial division is not
necessarily exact
• With the understanding that remainders are allowed, we can say
that polynomial division is possible if the coefficient set is a field
Polynomial Division
• We can write any polynomial in the form:
f(x) = q(x) g(x) + r(x)
• r(x) can be interpreted as being a remainder
• So r(x) = f(x) mod g(x)

• If there is no remainder we can say g(x) divides f(x)

• Written as g(x) | f(x)
• We can say that g(x) is a factor of f(x)
• Or g(x) is a divisor of f(x)

• A polynomial f(x) over a field F is called irreducible if and only if f(x)

cannot be expressed as a product of two polynomials, both over F,
and both of degree lower than that of f(x)
• An irreducible polynomial is also called a prime polynomial
Example of Polynomial
Arithmetic
Over GF(2)

(Figure 4.4 can be found on page 110 in

the textbook)
Polynomial GCD
• The polynomial c(x) is said to be the greatest common
divisor of a(x) and b(x) if the following are true:
• c(x) divides both a(x) and b(x)
• Any divisor of a(x) and b(x) is a divisor of c(x)

• An equivalent definition is:

• gcd[a(x), b(x)] is the polynomial of maximum degree that divides
both a(x) and b(x)

• The Euclidean algorithm can be extended to find the

greatest common divisor of two polynomials whose
coefficients are elements of a field
Table 4.6(a) Arithmetic in GF(23)

(a) Addition
Table 4.6(b) Arithmetic in GF(23)

(b) Multiplication
Table 4.6(c)

Arithmetic
in GF(23)

(c) Additive and multiplicative inverses

Table 4.7 Polynomial Arithmetic Modulo (x3 + x + 1)

(a) Addition

(b) Multiplication

(page 117 in textbook)

 Table 4.8
Extended Euclid [(x8 + x4 + x3 + x + 1), (x7 + x + 1)]

(Table 4.8 can be found on page 118 in textbook)

Computational Considerations
• Since coefficients are 0 or 1, they can
represent any such polynomial as a bit string
• Addition becomes XOR of these bit strings
• Multiplication is shift and XOR
– cf long-hand multiplication
• Modulo reduction is done by repeatedly
substituting highest power with remainder
of irreducible polynomial (also shift and
XOR)
Using a Generator
• A generator g of a finite field F of order q (contains
q elements) is an element whose first q-1 powers
generate all the nonzero elements of F
• The elements of F consist of 0, g0, g1, . . . ., gq-2

• Consider a field F defined by a polynomial f(x)

• An element b contained in F is called a root of the
polynomial if f(b) = 0

• Finally, it can be shown that a root g of an irreducible

polynomial is a generator of the finite field defined on that
polynomial
Table 4.9
Generator for GF(23) using x3 + x + 1
 Table 4.10
GF(23) Arithmetic Using Generator for the Polynomial (x3 + x + 1)

(a) Addition

(b) Multiplication

(page 123 in textbook)

 Summary
• Divisibility and the • Finite fields of
division algorithm the form GF(p)
• The Euclidean • Polynomial
algorithm arithmetic
• Modular arithmetic • Finite fields of
• Groups, rings, and the form GF(2n)
fields
 Chapter 5
Advanced Encryption Standard
“It seems very simple.”
“It is very simple. But if you don’t know
what the key is it’s virtually
indecipherable.”

—Talking to Strange Men,

Ruth Rendell
Finite Field Arithmetic
• In the Advanced Encryption Standard (AES) all operations are
performed on 8-bit bytes
• The arithmetic operations of addition, multiplication, and
division are performed over the finite field GF(28)
• A field is a set in which we can do addition, subtraction,
multiplication, and division without leaving the set
• Division is defined with the following rule:
• a /b = a (b-1 )

• An example of a finite field (one with a finite number of elements) is

the set Zp consisting of all the integers {0, 1, . . . . , p - 1}, where p is a
prime number and in which arithmetic is carried out modulo p
Finite Field Arithmetic
If one of the operations
used in the algorithm is
division, then we need to
work in arithmetic defined
over a field
• Division requires that each
nonzero element have a
multiplicative inverse
The set of such integers,
Z22n, using modular
arithmetic, is not a field
• For example, the integer 2 has no
multiplicative inverse in Z22nn, that is,
there is no integer b, such that 2b
mod 2nn = 1
For convenience and for
implementation efficiency
we would like to work with
integers that fit exactly into
a given number of bits with
no wasted bit patterns
• Integers in the range 0 through
2nn – 1, which fit into an n-bit word
A finite field containing 2n
elements is referred to as
GF(2n)
• Every polynomial in GF(2nn) can be
represented by an n-bit number
AES
Encryption
Process
AES Data Structures
 Table 5.1
AES Parameters
AES
Encryption
and
Decryption
 Detailed Structure
• Processes the entire data block as a single matrix during each round using substitutions and
permutation
• The key that is provided as input is expanded into an array of forty-four 32-bit words, w[i]
Four different stages are used:
• Substitute bytes – uses an S-box to perform a byte-by-byte substitution of the block
• ShiftRows – a simple permutation
• MixColumns – a substitution that makes use of arithmetic over GF(28)
• AddRoundKey – a simple bitwise XOR of the current block with a portion of the expanded key

• The cipher begins and ends with an AddRoundKey stage

• Can view the cipher as alternating operations of XOR encryption (AddRoundKey) of a block,
followed by scrambling of the block (the other three stages), followed by XOR encryption, and so
on
• Each stage is easily reversible
• The decryption algorithm makes use of the expanded key in reverse order, however the
decryption algorithm is not identical to the encryption algorithm
• State is the same for both encryption and decryption
• Final round of both encryption and decryption consists of only three stages
AES
Byte
Level
Operations
Table 5.2
(a) S-box

(Table can be found on page 139 in textbook)

Table 5.2
(b) Inverse S-box

(Table can be found on page 139 in textbook)

S-Box Rationale
• The S-box is designed to be resistant to known
cryptanalytic attacks
• The Rijndael developers sought a design that has a low
correlation between input bits and output bits and the
property that the output is not a linear mathematical
function of the input
• The nonlinearity is due to the use of the multiplicative
inverse
Shift Row Transformation

Figure 5.7 AES Row and Column Operations

(Figure can be found on page 144 in textbook)

Shift Row Rationale
• More substantial than it may first appear
• The State, as well as the cipher input and output, is
treated as an array of four 4-byte columns
• On encryption, the first 4 bytes of the plaintext are
copied to the first column of State, and so on
• The round key is applied to State column by
column
• Thus, a row shift moves an individual byte from one
column to another, which is a linear distance of a
multiple of 4 bytes
• Transformation ensures that the 4 bytes of one
column are spread out to four different columns
MixColumn Transformation

Figure 5.7 AES Row and Column Operations

(Figure can be found on page 144 in textbook)
Mix Columns Rationale
• Coefficients of a matrix based on a linear code
with maximal distance between code words
ensures a good mixing among the bytes of each
column
• The mix column transformation combined with
the shift row transformation ensures that after a
few rounds all output bits depend on all input
bits
 AddRoundKey Transformation
• The 128 bits of State are
bitwise XORed with the 128
bits of the round key
Rationale:
• Operation is viewed as a
columnwise operation Is as simple as possible and
affects every bit of State
between the 4 bytes of a State
column and one word of the
round key The complexity of the round
key expansion plus the
• Can also be viewed as a byte- complexity of the other
stages of AES ensure security
level operation
Inputs
for
Single
AES
Round
AES Key Expansion
• Takes as input a four-word (16 byte) key and produces a
linear array of 44 words (176) bytes
• This is sufficient to provide a four-word round key for the initial
AddRoundKey stage and each of the 10 rounds of the cipher
• Key is copied into the first four words of the expanded key
• The remainder of the expanded key is filled in four words at a time
• Each added word w[i] depends on the immediately
preceding word, w[i – 1], and the word four positions back,
w[i – 4]
• In three out of four cases a simple XOR is used
• For a word whose position in the w array is a multiple of 4, a more
complex function is used
 AES
Key
Expansion