1
00:00:17,180 --> 00:00:23,620
So, welcome to this lecture on classical cryptosystems.
Today, we shall be essentially talking about
2
00:00:23,620 --> 00:00:30,360
some important definitions, which exist in
very old literature of ciphers, and we will
3
00:00:30,360 --> 00:00:36,320
be seeing that many of the concepts essentially
as we proceed in a course are also applicable
4
00:00:36,320 --> 00:00:39,559
to the modern ciphers that we have in the
present day.
5
00:00:39,559 --> 00:00:43,400
So, today's objectives will be essentially
to talk about some of the important definitions
6
00:00:43,400 --> 00:00:47,940
behind cipher designs; and then, we will be
talking about very important principle which
7
00:00:47,940 --> 00:00:53,270
is known as Kerckhoffs principle; and then,
discuss about some important class of old
8
00:00:53,270 --> 00:00:58,390
ciphers, which are called as monoalphabetic
ciphers and an example of that is the shift
9
00:00:58,390 --> 00:01:03,570
ciphers; and then, polyalphabetic ciphers,
which are called Vigenere cipher; and then,
10
00:01:03,570 --> 00:01:08,970
we discussed about affine ciphers and used
our previous days concepts of Euler totient
11
00:01:08,970 --> 00:01:14,810
function to find out the size of the key in
a fine ciphers; and then, conclude our discussion
12
00:01:14,810 --> 00:01:16,759
with a note on permutation cipher.
13
00:01:16,759 --> 00:01:23,170
So, to start with essentially, today, we will
be discussing about cryptosystems. So, as
14
00:01:23,170 --> 00:01:29,549
we have, I mean, made amount of idea that
when we are discussing about cryptosystems,
15
00:01:29,549 --> 00:01:34,340
the cryptosystems are essentially used to
encrypt the given plaintext. So, we have been
16
00:01:34,340 --> 00:01:41,340
provided by the plaintext and we are supposed
to kind of transform these texts and modify
17
00:01:41,740 --> 00:01:46,580
them and produce a text which is known as
which is different from the plaintext.
18
00:01:46,580 --> 00:01:51,869
And this modified plaintext is something which
is known as ciphertext. Now, the objective
19
00:01:51,869 --> 00:01:57,220
is that the ciphertext should not the leak
any information about the original content
20
00:01:57,220 --> 00:02:01,840
of the plaintext to the person or a third
person who does not have a possession of a
21
00:02:01,840 --> 00:02:07,869
secret material which is known as the key.
So, the key is essentially is used to configure
22
00:02:07,869 --> 00:02:12,980
a cryptosystem, that means, that it essentially
defines the mapping of a plaintext to the
23
00:02:12,980 --> 00:02:18,370
given to a particular ciphertext.
So, there are essentially two very broad categories
24
00:02:18,370 --> 00:02:23,700
of ciphers, one of them is called symmetric
key cryptosystems, where essentially the encrypted
25
00:02:23,700 --> 00:02:29,220
and the decrypted that is, the sender and
the receiver use the same piece of key; the
26
00:02:29,220 --> 00:02:32,769
key is the same.
That means, if you need to kind of communicate
27
00:02:32,769 --> 00:02:39,709
using symmetric key cryptosystem, then it
is if that both the sender and the receiver
28
00:02:39,709 --> 00:02:46,709
essentially shares the keying material beforehand.
So, basically there should be some other secured
29
00:02:47,019 --> 00:02:53,230
channel through which the sender and the receiver
have shared this piece of information. So,
30
00:02:53,230 --> 00:02:58,549
an opposed so that so that adds the cost of
the symmetric key cryptosystem, that is, it
31
00:02:58,549 --> 00:03:03,940
had there is an inherent assumption that initially
there is a secure that is a secure channel
32
00:03:03,940 --> 00:03:08,989
through which the encrypter and the decrypter
have shared these piece of information.
33
00:03:08,989 --> 00:03:15,989
Now, a very, I mean, a very innovative second,
I mean, the other type of ciphers which essentially
34
00:03:18,109 --> 00:03:23,730
relies upon mathematical assumption is something
which is called a public key cryptosystem.
35
00:03:23,730 --> 00:03:28,959
In a public key cryptosystem, there are two
concepts of keys. So, as you saw that in a
36
00:03:28,959 --> 00:03:34,010
symmetric key cryptosystem in the sender and
the receiver has got the same piece of key
37
00:03:34,010 --> 00:03:40,570
and the need to kind of exchange the key beforehand,
this problem is some sort of aggravated in
38
00:03:40,570 --> 00:03:45,340
context of public key cryptosystem, because
there are two concept of keys, one of them
39
00:03:45,340 --> 00:03:48,280
is called a public key and the other one is
the private key.
40
00:03:48,280 --> 00:03:52,549
Now, when we are using for encryption, then
the public key is used for encrypting, that
41
00:03:52,549 --> 00:03:57,680
means, this piece of key, which is known to
everybody can be used for the encryption.
42
00:03:57,680 --> 00:04:03,010
So, ideally anybody can encrypt, but when
you are decrypting, then you need some need
43
00:04:03,010 --> 00:04:07,859
some key, which is known as the private key
and essentially which is not known to everybody
44
00:04:07,859 --> 00:04:11,590
apart from the only person which is who is
supposed to decrypt the information.
45
00:04:11,590 --> 00:04:17,209
So, that means, that your public key cryptosystem
anybody can encrypt, but only a particular
46
00:04:17,209 --> 00:04:22,139
intended person can decrypt the information.
So, that means, that if Alice would like to
47
00:04:22,139 --> 00:04:27,960
communicate with Bob, then what Alice does
is that, Alice uses a piece of key which is
48
00:04:27,960 --> 00:04:33,729
known as... So, if Alice wants to send a piece
of information to Bob, then Alice uses the
49
00:04:33,729 --> 00:04:40,729
public key of Bob, because Alice use the public
key of Bob and when Bob receives this information,
50
00:04:42,400 --> 00:04:47,610
then Bob decrypts it using its own secret
key or private key.
51
00:04:47,610 --> 00:04:53,199
So, that means, that, it is some sort like
this, that is cryptographically if Alice and
52
00:04:53,199 --> 00:05:00,199
Bob are two persons who are communicating
between each other, and Alice send Alice sends
53
00:05:00,289 --> 00:05:05,259
the public key say call it.. I will define
this, as we precede more in the class, but
54
00:05:05,259 --> 00:05:09,289
this is just to have a flavor of the topics
that we will be discussing. So, there is a
55
00:05:09,289 --> 00:05:16,020
public key called Pk and Bob also has a secret
key called Sk. So, when Alice wants to send
56
00:05:16,020 --> 00:05:22,979
a piece of message to Bob, then what Alice
does is that, Alice encrypts this m using
57
00:05:22,979 --> 00:05:29,979
the public key of Bob. So, P Pk is Bob's public
key so Pk is Bob's public key and Sk is Bob's
58
00:05:36,840 --> 00:05:42,020
secret key.
So, what Alice does is that, Alice encrypts
59
00:05:42,020 --> 00:05:49,020
m using Pk and sends it to Bob; now when Bob
needs to decrypt this, then Bob decrypt this
60
00:05:49,909 --> 00:05:56,909
using the decryption function called d, but
the internal key is essentially Sk. So, that
61
00:05:58,289 --> 00:06:04,310
means, Bob uses its own secret key to decrypt
this information and this should be back to
62
00:06:04,310 --> 00:06:06,860
M; so, that means, that completes the decryption
procedure.
63
00:06:06,860 --> 00:06:12,620
Now, there are some interesting points here,
like about the key. So, it should be that
64
00:06:12,620 --> 00:06:17,710
Pk is known to everybody and Pk also should,
I mean, doing the encryption also should be
65
00:06:17,710 --> 00:06:24,099
easy, but when you are kind of decrypting,
I mean, then you need this piece of information
66
00:06:24,099 --> 00:06:30,110
called Sk which is the secret key.
And another important, I mean, been mathematical,
67
00:06:30,110 --> 00:06:37,110
I mean, the base on which the public key cryptosystems
rely upon is that, from Pk which is the public
68
00:06:37,120 --> 00:06:43,210
key information extracting the Sk that is
the secret information should be a computationally
69
00:06:43,210 --> 00:06:50,210
difficult task; so this should not be easy.
And this gives us kind of, I mean, we do not
70
00:06:52,120 --> 00:06:57,569
really have exact definitions in computer
science which actually proves that, there
71
00:06:57,569 --> 00:07:03,069
are some problems which are actually hard;
but we also but on the other hand, we have
72
00:07:03,069 --> 00:07:09,569
got some common number theoretic problems,
which have actually for times for many times
73
00:07:09,569 --> 00:07:14,009
actually, I mean, it has they have been evaluated
and they have been found to be difficult,
74
00:07:14,009 --> 00:07:18,879
so they are kind of assumed to be difficult.
But we really do not have any rigorous mathematical
75
00:07:18,879 --> 00:07:22,800
proof to justify that they are indeed difficult
problems.
76
00:07:22,800 --> 00:07:27,509
So, there are essentially some grey areas
some place, where we kind of need to assume
77
00:07:27,509 --> 00:07:32,550
and based upon this assumptions, which are
actually which took for lot of analysis, lot
78
00:07:32,550 --> 00:07:39,550
of attack methods, we actually develop this
science of public key cryptosystems. We will
79
00:07:39,680 --> 00:07:42,270
see more concrete examples as we proceed in
the class.
80
00:07:42,270 --> 00:07:48,830
So, let me come to the definitions. So, again
back to the definitions that is, so we have
81
00:07:48,830 --> 00:07:53,120
symmetric key cryptosystems and public key
cryptosystems, which are essentially two broad
82
00:07:53,120 --> 00:08:00,120
categories of ciphers. Then I would like to
kind of comment upon a very important principle
83
00:08:00,810 --> 00:08:06,059
which is there, is that, they are the basic
assumption is that the entire system is completely
84
00:08:06,059 --> 00:08:10,009
known to the attacker. So, if we build a cipher,
then you have to publish the cipher so that
85
00:08:10,009 --> 00:08:17,009
everybody knows that cipher but, what is not
known to the attacker is only the secret piece
86
00:08:17,159 --> 00:08:21,879
of information which is called the key. So,
this principle is known as Kerckhoffs principle,
87
00:08:21,879 --> 00:08:25,059
which says that the crypto algorithms are
never secret.
88
00:08:25,059 --> 00:08:30,699
So, the idea is that, our experience shows
that secret algorithms are weak when exposed,
89
00:08:30,699 --> 00:08:34,590
that is, if you kind of have an indoor algorithm
and relies upon indoor algorithm, which has
90
00:08:34,590 --> 00:08:39,479
not been scrutinized properly, then experience
shows the secret algorithms are indeed weak
91
00:08:39,479 --> 00:08:46,230
and there are saved examples of such type.
I mean, if you do not properly i mean criticize
92
00:08:46,230 --> 00:08:51,440
your algorithms properly, analyze your algorithms,
then there are lot of possibilities that they
93
00:08:51,440 --> 00:08:56,670
may be weak inherently. Therefore, the idea
is that, make a new cipher and publish it
94
00:08:56,670 --> 00:09:01,550
and so that people analyses them and then
only you will be kind of sure that your algorithm
95
00:09:01,550 --> 00:09:06,320
is or rather you can me more confident that
your algorithm is secure.
96
00:09:06,320 --> 00:09:11,680
And secret algorithm and it has been found
the secret algorithms are never actually never
97
00:09:11,680 --> 00:09:16,220
remains secret that finally, somehow they
are weak; so it is better to find weaknesses
98
00:09:16,220 --> 00:09:20,630
beforehand. Therefore, the idea is that, whenever
you make a cipher, assume that the ciphering
99
00:09:20,630 --> 00:09:25,160
algorithms is known to the attacker, but the
attacker does not know the piece of information
100
00:09:25,160 --> 00:09:29,550
which is secret which is called the key.
Even then it should be difficult for him or
101
00:09:29,550 --> 00:09:35,949
her to obtain the plaintext from the ciphertext
and also it should be difficult, I mean, from
102
00:09:35,949 --> 00:09:40,589
the attackers point of view to obtain the
piece of information, which is known as the
103
00:09:40,589 --> 00:09:45,389
key from the ciphertext. And there are some
more evolved models of attacks which says,
104
00:09:45,389 --> 00:09:50,899
it should be also difficult to obtain the
key even if you know the ciphertext and the
105
00:09:50,899 --> 00:09:51,560
plaintext.
106
00:09:51,560 --> 00:09:57,110
So, the idea is that, we have to do more and
more kind of scripted analysis of your cryptoalgorithms
107
00:09:57,110 --> 00:10:04,110
to gain more confidence that your algorithm
is indeed secure. So, this is the broad picture
108
00:10:04,160 --> 00:10:07,670
of how you are communicating a plaintext;
there is a encryption algorithms; there is
109
00:10:07,670 --> 00:10:13,139
a key; you generate the ciphertext, then you
receive have been this piece of information;
110
00:10:13,139 --> 00:10:16,110
you decrypt that using the key and you obtain
back the plaintext.
111
00:10:16,110 --> 00:10:20,579
So, these algorithms, that is, encryption
algorithms and decryption algorithms and by
112
00:10:20,579 --> 00:10:24,110
the symmetric key, if they are symmetric key,
then this key and this key are the same, that
113
00:10:24,110 --> 00:10:28,660
is, the encryption key and decryption key
are the same; but if there is a public key
114
00:10:28,660 --> 00:10:33,040
cryptosystems, then this is essentially the
public key, but this piece of information
115
00:10:33,040 --> 00:10:36,829
is the private key.
So, there can be other uses of this public
116
00:10:36,829 --> 00:10:42,490
key, private key which in context to signatures,
where essentially we use the private key to
117
00:10:42,490 --> 00:10:46,990
do the encryption operation, because we are
signing using the private key, but you verify
118
00:10:46,990 --> 00:10:52,370
using the public key. So, anybody can verify,
but only the person who is supposed to sign
119
00:10:52,370 --> 00:10:58,060
can sign. So, that is another application
of very important application of public key
120
00:10:58,060 --> 00:10:59,040
cryptosystems.
121
00:10:59,040 --> 00:11:06,040
So, little bit more formally, your cryptosystem
is essentially a five-tuple, where there are
122
00:11:06,540 --> 00:11:11,940
five tuple members are there in the plaintext;
we denoted by P which is finite set of possible
123
00:11:11,940 --> 00:11:16,320
plaintexts, then embed the C which is a finite
set of possible ciphertexts. So, this could
124
00:11:16,320 --> 00:11:21,050
be alphabet, this could be number, this could
be bit streams, but they are essentially drived
125
00:11:21,050 --> 00:11:25,839
from a finite set of possible values, then
K is the keyspace, which is a finite set of
126
00:11:25,839 --> 00:11:31,589
possible keys, then idea is that for all k,
which belong to these for all key which belong
127
00:11:31,589 --> 00:11:35,720
to these key set, there should exist the encryption
algorithms. I mean, there should be exist
128
00:11:35,720 --> 00:11:41,449
a encryption rule and there should exist a
decryption rule such that for each, if you
129
00:11:41,449 --> 00:11:45,949
have got P and C, that is, P to C mapping,
there should be a corresponding C to P mapping.
130
00:11:45,949 --> 00:11:51,519
So, that means, what I want to say is that,
if you take x which belongs to P and encrypt
131
00:11:51,519 --> 00:11:56,250
it using this piece of information which is
called k, and then, decrypt it back using
132
00:11:56,250 --> 00:12:00,779
the decryption algorithm and decrypt it using
the decryption key, then you should actually
133
00:12:00,779 --> 00:12:04,959
get back the original plain-text, that is,
you should recover the original message.
134
00:12:04,959 --> 00:12:05,209
.
135
00:12:04,959 --> 00:12:10,699
So, that means, the essentially encryption
function should be injective, that means,
136
00:12:10,699 --> 00:12:16,790
it denotes, I mean, suppose y is equal to
e k x is the encryption transformation and
137
00:12:16,790 --> 00:12:21,769
imagine that, if there are two different x
1 and x 2, which are kind of distinct, they
138
00:12:21,769 --> 00:12:27,630
are not equal; and if you encrypt it encrypt
them using the k the key k and you obtain
139
00:12:27,630 --> 00:12:32,509
y in both the cases; so this is a example
of function which is not injective.
140
00:12:32,509 --> 00:12:37,399
Then Bob will be confused; when Bob receives
y and he knows that he has to decrypt it using
141
00:12:37,399 --> 00:12:42,819
the corresponding key, then Bob will not be
able to kind of get, I mean, be convinced
142
00:12:42,819 --> 00:12:47,790
whether the plaintext is x1 or x2. So, that
should not happen; Bob should kind of uniquely
143
00:12:47,790 --> 00:12:52,639
identify that, whether x1 is the plaintext
or x2 is the plaintext. Therefore, these kinds
144
00:12:52,639 --> 00:12:58,920
of functions are not and not used; therefore,
we need functions which are kind of which
145
00:12:58,920 --> 00:13:02,959
are injective.
So, therefore, if the plaintext set and ciphertext
146
00:13:02,959 --> 00:13:07,089
set are same, then essentially, I mean, for
example, if you take alphabets in a plaintext
147
00:13:07,089 --> 00:13:11,209
set and also ciphertext set is alphabets,
then the encryption function is just a permutation.
148
00:13:11,209 --> 00:13:15,769
So, if a for example, the plaintext set could
be a 0 one string and the ciphertext set is
149
00:13:15,769 --> 00:13:20,470
also a 0 one string, then the ciphertext set
is nothing but rearrangement of the 0 one
150
00:13:20,470 --> 00:13:24,980
string.
So, therefore, this a example, where, I mean,
151
00:13:24,980 --> 00:13:29,009
i mean you need kind of i mean if you are
plaintext set and the ciphertext set are the
152
00:13:29,009 --> 00:13:34,339
same, then essentially there is a permutation
and the permutation is defined by the key,
153
00:13:34,339 --> 00:13:37,730
because the encryption function and the decryption
function are known to everybody, but what
154
00:13:37,730 --> 00:13:43,170
is not known is the key. So, the key is the
kind of material, which the cipher designer
155
00:13:43,170 --> 00:13:48,029
has to protect and which the crypt analyst
who is trying to attack will try to recover
156
00:13:48,029 --> 00:13:53,470
using some way, I mean, using algebraic techniques,
using statistical techniques and various other
157
00:13:53,470 --> 00:13:54,610
methods.
158
00:13:54,610 --> 00:14:01,079
So, in classical cryptography, we will essentially
see two important classes of ciphers, one
159
00:14:01,079 --> 00:14:04,569
of them is called the monoalphabetic ciphers
and these are actually some of the primitive
160
00:14:04,569 --> 00:14:09,480
ciphers that we will be that we have come
across, which means that once the key is chosen,
161
00:14:09,480 --> 00:14:14,160
the each alphabetic character of a plaintext...
So, in this case, let us consider the plaintext
162
00:14:14,160 --> 00:14:18,560
to be made of an alphabetic characters, so
I will be considering English alphabet, which
163
00:14:18,560 --> 00:14:23,329
is essentially as 26 letters. So, there are
alphabetic character of a plaintext is mapped
164
00:14:23,329 --> 00:14:28,690
onto a unique alphabetic character of a ciphertext.
So, therefore, if I take a and if it maps
165
00:14:28,690 --> 00:14:33,259
to c, then it will map to c, that means, that
it will always map to c; so it is a kind of
166
00:14:33,259 --> 00:14:37,009
unique and unique and fixed transformation.
167
00:14:37,009 --> 00:14:42,170
Some other example of classic, I mean, ciphers
are the caesar cipher or something which is
168
00:14:42,170 --> 00:14:46,670
more generalized as shift cipher, then we
have the substitution cipher and the affine
169
00:14:46,670 --> 00:14:52,769
cipher. So, let us see, I mean, some of them
like and the other types of them polyalphabetic
170
00:14:52,769 --> 00:14:58,459
ciphers, where each alphabetic character of
a plaintext can be mapped onto m alphabetic
171
00:14:58,459 --> 00:15:02,790
characters of a ciphertext. So, therefore,
each alphabetic character of a plaintext can
172
00:15:02,790 --> 00:15:06,500
be mapped onto m alphabetic character of a
ciphertext.
173
00:15:06,500 --> 00:15:12,319
Usually m is related to the encryption key,
so which mean that, if a in case of monoalphabetic
174
00:15:12,319 --> 00:15:16,779
ciphers, a will suppose to get mapped to c,
so that is fixed. But in case of polyalphabetic
175
00:15:16,779 --> 00:15:21,259
ciphers, a can be mapped to, say m possibilities,
it could be map to c; it could be map to e;
176
00:15:21,259 --> 00:15:28,029
it could be map to f and so there can be m
possibilities. And usually this m is related
177
00:15:28,029 --> 00:15:33,279
to a size of the encryption key, an example
of such kind of ciphers are the Vigenere cipher,
178
00:15:33,279 --> 00:15:38,980
the hill cipher and the permutation cipher.
So, we will also see some of them.
179
00:15:38,980 --> 00:15:43,300
Like So, let us start with the most kind of
one of the most primitive ciphers which is
180
00:15:43,300 --> 00:15:48,529
known as the shift ciphers. In case of a shift
ciphers, let us consider Z26; so you know
181
00:15:48,529 --> 00:15:55,529
what is it 26 phi now? Z26 means a set, Z26
is essentially the set 0, 1 to 25; these numbers,
182
00:16:07,170 --> 00:16:12,860
that is, these 26 numbers can be used to encode
the letters from A to Z. So, I am considering
183
00:16:12,860 --> 00:16:16,550
that the plaintext is made of the letters
from A to Z.
184
00:16:16,550 --> 00:16:23,550
So, now, if you take, I mean, a key also belongs
to this set, that is, from 0 to 25 some of
185
00:16:24,360 --> 00:16:28,129
the these values, then you can define the
encryption function like this, that is, you
186
00:16:28,129 --> 00:16:33,519
can take x and when we apply this encryption
function, then you simply add x with K and
187
00:16:33,519 --> 00:16:36,750
then you take a module operation with 26.
So, we have seen what is a module operation
188
00:16:36,750 --> 00:16:41,160
in the last day class. So, suppose in that
case, the letter x assume that the letter
189
00:16:41,160 --> 00:16:48,160
x is A, and suppose the letter K is B therefore,
a will essentially be denoted by 0, and K
190
00:16:51,350 --> 00:16:58,350
which is B, will be k is b so B will be denoted
by 1; c will be denoted by 2 and so on. right
191
00:16:59,199 --> 00:17:04,980
So, therefore what we do is, suppose A, I
mean, you take if you take for example, that
192
00:17:04,980 --> 00:17:11,980
A is denoted by 0 and suppose the key is 2,
then what you do is, simply you add 0 with
193
00:17:12,089 --> 00:17:16,470
2, and then, you take a mod 26, there is no
problem. So, therefore, since this number
194
00:17:16,470 --> 00:17:21,890
is lesser than 26, so the result is 2.
So, therefore, that means, that A will get
195
00:17:21,890 --> 00:17:28,400
mapped to C. So, similarly, if you want to
kind of recover A from C, then you just need
196
00:17:28,400 --> 00:17:32,720
to subtract this piece of information, and
this piece of information is nothing but the
197
00:17:32,720 --> 00:17:36,700
key and which is known to the kind of the
sender, it is known to the receiver as well.
198
00:17:36,700 --> 00:17:42,190
So, there is simple kind of function, so it
says that e k x equal to x plus k mod 26 and
199
00:17:42,190 --> 00:17:49,190
d k x which is that, actually it should be
d k y is equal to y minus k mod 26. So that
200
00:17:49,250 --> 00:17:54,580
it is very easy to see that, if you kind of
apply d k over e k, that is, if you apply
201
00:17:54,580 --> 00:18:00,950
d k over e k x, then you get back x; therefore,
this function is indeed an injective function.
202
00:18:00,950 --> 00:18:05,190
So, a simple example could be like this; so
suppose the plaintext is this, that is, four
203
00:18:05,190 --> 00:18:11,080
score and seven years ago, so this is some
kind of alphabetic characters. You take that
204
00:18:11,080 --> 00:18:14,890
this could be anything this; does not matter
this is just an example; you just have got
205
00:18:14,890 --> 00:18:19,460
this encoding, you take this plaintext and
a very simple substitution could be like,
206
00:18:19,460 --> 00:18:24,960
instead of having A getting mapping to A what
you do is, shift this by three steps; therefore,
207
00:18:24,960 --> 00:18:30,810
A will get mapped to B, C and D; so, I mean,
a will get mapped to D.
208
00:18:30,810 --> 00:18:37,510
So, that means, that what I am saying is this,
that is, if you take the characters like this
209
00:18:37,510 --> 00:18:44,510
A, B, C, D, E F and so on. So, if you just
add A, I mean, whether shifted by three steps
210
00:18:46,560 --> 00:18:52,190
that actually you come to hit this place.
So, therefore, A will get mapped to D; B will
211
00:18:52,190 --> 00:18:57,870
get mapped to E and so on; so you can actually
form a table this way; so these are all three
212
00:18:57,870 --> 00:19:04,870
steps. you these are three steps So, therefore,
in this cipher, if you have got X and there
213
00:19:06,310 --> 00:19:13,310
is fixed shift of this X; you just add with
3 and take a module of 26 and that is your
214
00:19:13,510 --> 00:19:16,870
y. So, therefore, in this case, this key is
fixed.
215
00:19:16,870 --> 00:19:22,450
And this cipher essentially was used by Julia
Caesar therefore, commonly referred as Caesar
216
00:19:22,450 --> 00:19:28,110
cipher. So, therefore, the corresponding ciphertext
for this particular plaintext will be this.
217
00:19:28,110 --> 00:19:33,680
So, you can see that F will be get getting
mapped into I, that is, g h arise that is
218
00:19:33,680 --> 00:19:38,420
three steps, and similarly, you can actually
obtain the corresponding mapping of each of
219
00:19:38,420 --> 00:19:43,190
these letters and this particular cipher was
known as the Caesar cipher and note that the
220
00:19:43,190 --> 00:19:46,780
use of the small letter... So, we are actually
what we have done is that, we have for the
221
00:19:46,780 --> 00:19:51,700
plaintext, we have used the small letter and
for the capital letters, we have use ciphertext;
222
00:19:51,700 --> 00:19:57,020
there is nothing to do with the ascii value,
but just to improve rigidity of the corresponding
223
00:19:57,020 --> 00:19:57,850
mappings.
224
00:19:57,850 --> 00:20:03,430
So, obviously understand this is not a very
kind of secure cipher, but just a kind of
225
00:20:03,430 --> 00:20:06,890
for the other completeness set. So, if you
are got the ciphertext, then you can also
226
00:20:06,890 --> 00:20:10,020
easily decrypt it, because what you just need
to doing is that, you just need to go back
227
00:20:10,020 --> 00:20:14,810
by three steps. So, you know, if the corresponding
cipher text is D, you need to go back three
228
00:20:14,810 --> 00:20:18,460
steps and obtain back a.
So similarly, you can actually decrypt this
229
00:20:18,460 --> 00:20:24,150
information and you know that the plain for
this particular ciphertext is easy to obtain
230
00:20:24,150 --> 00:20:31,090
the corresponding plaintext; so it is quite
easy. Now, we will just discuss about something
231
00:20:31,090 --> 00:20:35,050
which is a little bit more complicated. So,
what we do here is that, instead of shifting
232
00:20:35,050 --> 00:20:40,180
by three steps, we shift by some value which
lies between 0 to 25.
233
00:20:40,180 --> 00:20:45,000
So, the key could be in that case, for example,
the key could be 7 what we do is, we take
234
00:20:45,000 --> 00:20:49,940
the corresponding in the mapping; the corresponding
mapping is denoted here, where a is mapped
235
00:20:49,940 --> 00:20:55,600
to 7 that is down the line, but this key actually
we can would like to change; you will not
236
00:20:55,600 --> 00:21:01,220
like to keep this as fixed. So, therefore,
that is the objective.
237
00:21:01,220 --> 00:21:05,870
So, some of the properties that, we will see
that for... So, we can actually make changes
238
00:21:05,870 --> 00:21:10,320
this for each of encryption function, but
actually it should kind of satisfy some important
239
00:21:10,320 --> 00:21:14,860
property, that is, in each of the encryption
and decryption function should be easily computable.
240
00:21:14,860 --> 00:21:19,630
We have seen that in case of Caesar cipher,
it is called easily computable, both the encryption
241
00:21:19,630 --> 00:21:23,980
and decryption are easy to compute.
And the other thing is that, an opponent,
242
00:21:23,980 --> 00:21:28,850
on seeing a ciphertext y, should be unable
to determine the key K, that was used or the
243
00:21:28,850 --> 00:21:34,540
plaintext string x. That is for an attacker,
which absorbs the ciphertext string y, it
244
00:21:34,540 --> 00:21:38,070
should not be able to find out what is the
value of the key, because if he gets the key,
245
00:21:38,070 --> 00:21:42,790
then he can easily understand what is the
plaintext or he should not also get back plaintext
246
00:21:42,790 --> 00:21:48,290
string some other way also. So, therefore,
it should kind of leak no information about
247
00:21:48,290 --> 00:21:52,910
the corresponding plaintext of the key.
So, cryptanalysis as we have already defined
248
00:21:52,910 --> 00:21:58,450
previously is the process of attempting to
know the key from given information; so we
249
00:21:58,450 --> 00:22:02,390
will see that. We will see some more concrete
examples of cryptanalysis in our next class
250
00:22:02,390 --> 00:22:08,560
on in context to classical cipher and also
more techniques as we proceed in the class,
251
00:22:08,560 --> 00:22:10,150
but this is the main definition.
252
00:22:10,150 --> 00:22:17,150
So, for a Caesar cipher one way of crypt analysis
will be like, if i mean let us talk one about
253
00:22:18,470 --> 00:22:22,340
the Caesar cipher, because there is no key
in the Caesar cipher. Let us talk about the
254
00:22:22,340 --> 00:22:27,590
case of the not so simple substitution, where
essentially the key can take all 26 possible
255
00:22:27,590 --> 00:22:30,580
values essential values.
So, suppose they have been provided in a ciphertext
256
00:22:30,580 --> 00:22:35,300
like this, then what you do is that, if you
know that this particular cipher essentially
257
00:22:35,300 --> 00:22:39,930
is nothing but, I mean, in each of the letter
has been shifted by K steps, where K can vary
258
00:22:39,930 --> 00:22:45,500
from 0 to 26. So, what we will do as an attacker?
If you are interested in obtaining the plaintext,
259
00:22:45,500 --> 00:22:50,360
what you will do is that, you will try for
all the possible 26 keys and then kind of
260
00:22:50,360 --> 00:22:55,110
start decrypting this information until and
unless you get something which is a meaningful
261
00:22:55,110 --> 00:22:58,110
piece of information.
So, if you get a meaning meaningful piece
262
00:22:58,110 --> 00:23:03,080
of information, then you can be more or less
convinced that since it occurs for all Bob's
263
00:23:03,080 --> 00:23:09,320
letters and this fairly, I mean, modern style
stream, then you can be convinced that the
264
00:23:09,320 --> 00:23:15,140
key is indeed corrected retrieved. That is
the key in this case is 9, it says that, this
265
00:23:15,140 --> 00:23:19,860
particularly tells from the fact that, you
are actually trying all possible key search
266
00:23:19,860 --> 00:23:23,780
here, that is, which is called exhaustive
or the brute force search and we actually
267
00:23:23,780 --> 00:23:28,180
get back the key for which you have for which
the corresponding plaintext make sense.
268
00:23:28,180 --> 00:23:34,270
This is the way common way of doing i would
doing crypt analysis. In this case what we
269
00:23:34,270 --> 00:23:38,600
see is that, main pitfall is that the key
size are the total number of possible search
270
00:23:38,600 --> 00:23:43,620
that an attacker needs to make is very small,
it is only 26. So, we would first of all like
271
00:23:43,620 --> 00:23:48,170
to improve this particular fact, that is,
we would like to make it a little difficult
272
00:23:48,170 --> 00:23:49,900
for the attacker.
273
00:23:49,900 --> 00:23:54,300
So, in this case, one example which is tried
here is that, the key is some permutation
274
00:23:54,300 --> 00:23:58,530
of letters therefore, it need not be a shift,
but instead of the shift let us consider which
275
00:23:58,530 --> 00:24:03,410
is something which is called as substitution
cipher. So, this concept of substitution cipher
276
00:24:03,410 --> 00:24:10,410
says like this, that is, if you take a and
if you map to J, I mean, map say a to J, then
277
00:24:10,820 --> 00:24:16,070
b you will not map to J. Because if you map
a to J, and b also to J, then immediately
278
00:24:16,070 --> 00:24:20,630
the probability of injectiveness is lost.
So, that means, if you take J, then you see
279
00:24:20,630 --> 00:24:26,480
that J can actually come from a both a and
b, that is not kind of allowable.
280
00:24:26,480 --> 00:24:33,290
So, therefore, that will lead to kind of in
ambiguity in the decryption process; so it
281
00:24:33,290 --> 00:24:38,220
is not an injective function. So, therefore,
what essentially b will get mapped into is,
282
00:24:38,220 --> 00:24:43,860
b will get mapped into something else other
than a, than what a has got mapped into; so
283
00:24:43,860 --> 00:24:47,740
it could be I; similarly, c could get mapped
into something which is not J or I.
284
00:24:47,740 --> 00:24:53,850
So, this particular mapping or this particular
table can define a particular key; so this
285
00:24:53,850 --> 00:24:59,340
table is essentially supposed to kept secret.
So, this means, that the number of such possible
286
00:24:59,340 --> 00:25:04,700
mappings that can actually arise is the first
letter can be mapped into 26 letters; the
287
00:25:04,700 --> 00:25:08,530
second one can be mapped into 25; the third
letter can be mapped into 24; similarly, to
288
00:25:08,530 --> 00:25:14,160
this one. So, that means, that there are 26
factorial possible mappings and this number
289
00:25:14,160 --> 00:25:17,280
is quite huge, it is more than the 2 power
88 possible keys.
290
00:25:17,280 --> 00:25:21,770
That means, that the total key size there
are is quite large. So, which means that,
291
00:25:21,770 --> 00:25:28,620
if an attacker could try to kind of try all
possible try all possible tech all possible
292
00:25:28,620 --> 00:25:32,660
keys to actually obtain back the plaintext
from the ciphertext, then it needs to do a
293
00:25:32,660 --> 00:25:38,150
lot of search, which means, that particular
attack method is not possible, but still this
294
00:25:38,150 --> 00:25:42,750
cipher is weak, and we will see in our next
day's class why it is weak on or other how
295
00:25:42,750 --> 00:25:48,040
to extract the information of the plaintext.
So, therefore, in this case, this is an example
296
00:25:48,040 --> 00:25:52,260
of something which is called as substitution
cipher and what we will see is the concept
297
00:25:52,260 --> 00:25:57,210
of substitution cipher still prevails in the
modern day cipher. I mean, there are lot of
298
00:25:57,210 --> 00:26:01,500
examples of modern day ciphers, where still
these kind of concepts are used again and
299
00:26:01,500 --> 00:26:07,010
again. So, therefore, although we know that
this cipher, I mean, as independently if I
300
00:26:07,010 --> 00:26:13,100
call this is as a cipher, this is weak, but
these component actually can be used in today's
301
00:26:13,100 --> 00:26:18,340
ciphers to make a ciphers which is more strong,
which is much more strong actually. So, they
302
00:26:18,340 --> 00:26:24,340
are very important concepts that we need to
pick up, but we are never say that the substitution
303
00:26:24,340 --> 00:26:29,550
ciphers is secure and this is still can be
attacked and we will see how it can be attacked.
304
00:26:29,550 --> 00:26:33,070
So, then you have something which is called
affine cipher. So, what the affine cipher
305
00:26:33,070 --> 00:26:37,290
does is that, again your plaintext and the
ciphertext have both from this 0 to 25, that
306
00:26:37,290 --> 00:26:44,290
is, it belongs to the 26. i was in 26 And
assume that your key is instead of one particular
307
00:26:44,760 --> 00:26:48,450
is Z 26 element, it could be a tuple like,
it could be an ordered pair of (a, b), where
308
00:26:48,450 --> 00:26:55,450
a is also chosen from the Z 26 and b is also
chosen from Z 26 such that a satisfy the particular
309
00:26:55,590 --> 00:27:01,260
property, which means that a is co-prime to
26, that means, gcd are the greatest common
310
00:27:01,260 --> 00:27:07,160
divisor of a, and 26 is actually 1 y, because
it comes from the definition.
311
00:27:07,160 --> 00:27:12,160
So, what we take as the plaintext like x,
which is chosen from P the way, I mean, we
312
00:27:12,160 --> 00:27:17,400
choose the K, and then, encryption operation
is defined as follows: what we do is that,
313
00:27:17,400 --> 00:27:23,500
we multiply x with a and then add with b,
take a modular 26.
314
00:27:23,500 --> 00:27:27,540
So, from our previous days discussion, we
know that, what we can also do is that, we
315
00:27:27,540 --> 00:27:33,190
can take a and multiply with x, and then,
if this number is bigger than 26, then we
316
00:27:33,190 --> 00:27:38,740
can take a modular of 26, reduce it to less
than 26, and then, add b; again if there is
317
00:27:38,740 --> 00:27:43,900
an overflow, I mean, we will get the result
is more than 26, then we again take a modular
318
00:27:43,900 --> 00:27:50,020
26; if it is equal to more than 26, then we
again take a modular 26. The decryption operation
319
00:27:50,020 --> 00:27:54,610
is defined as like this.
So, you see that for this decryption operation
320
00:27:54,610 --> 00:28:00,100
to exist rather this function to be injective,
you need a particular fact that is, you knew
321
00:28:00,100 --> 00:28:07,100
that a has to be has to have a multiplicative
inverse in this modular 26. So, therefore,
322
00:28:07,750 --> 00:28:13,230
that means, that if you need a kind of, I
mean, in the last days class, we saw that
323
00:28:13,230 --> 00:28:19,800
if the multiplicative inverse of a the modular
26 has to exist, that need to satisfy the
324
00:28:19,800 --> 00:28:24,840
particular property which is that, a should
be co-prime to 26. That means, that the gcd
325
00:28:24,840 --> 00:28:30,830
of a and 26 should be equal to 1, only then
the multiplicative inverse of a exists. So,
326
00:28:30,830 --> 00:28:34,620
that we have seen in the last days class on
number theory.
327
00:28:34,620 --> 00:28:41,340
So, that means, that all a is not reliable,
only those a's are possible or rather are
328
00:28:41,340 --> 00:28:46,210
allowed which essentially have co-prime to
26. So, how many numbers are there in the
329
00:28:46,210 --> 00:28:51,530
0 to 25, which are actually co-primed to 26?
So that we need to find out in order to find
330
00:28:51,530 --> 00:28:52,860
out the number of keys.
331
00:28:52,860 --> 00:28:58,300
Therefore, I mean, it is a kind of recapitulation
of what we have seen in the last days class,
332
00:28:58,300 --> 00:29:04,080
that suppose a is an element from Zm, then
the multiplicative inverse of an element is
333
00:29:04,080 --> 00:29:09,230
an element b also in Zm, such that a b is
equal to 1. So, therefore, a b is equal to
334
00:29:09,230 --> 00:29:14,080
1 module m of course. So, then it needs to
satisfy a property, which is the gcd of (a,
335
00:29:14,080 --> 00:29:18,340
m) is equal to 1.
So, note that, if m is prime number, then
336
00:29:18,340 --> 00:29:22,790
p as a then every element has an inverse because
Z p of the number and p will of course be
337
00:29:22,790 --> 00:29:27,940
equal to 1. So, therefore, Z p in that case
is called a field; it is called a field, because
338
00:29:27,940 --> 00:29:33,010
every number is a multiplicative inverse,
but in this case m is say 26, then every number
339
00:29:33,010 --> 00:29:38,860
does not have a multiplicative inverse which
belongs to 0 to 25 set and not a co-prime
340
00:29:38,860 --> 00:29:39,890
to 26.
341
00:29:39,890 --> 00:29:43,790
So, we can actually enumerate this and we
will find that these are the numbers which
342
00:29:43,790 --> 00:29:48,950
are co-prime to 26 like, we can see that 1
is co-prime; 3 is co-prime; 5 is co-prime;
343
00:29:48,950 --> 00:29:55,740
7 is co-prime; 9 is co-prime, so 11, 15, 17,
19, 21, 23 and 25, so how many numbers are
344
00:29:55,740 --> 00:30:02,740
there? So, there is 1, 2, 3, 4, 5, 6, 7, 8,
9, 10, 11 and 12; so there are 12 numbers
345
00:30:07,320 --> 00:30:11,750
in this particular set. So, that means, that
all these numbers are actually co-prime to
346
00:30:11,750 --> 00:30:13,770
m.
So, you can actually verify that, they had
347
00:30:13,770 --> 00:30:18,610
they have multiplicative inverse, because
1 inverse is equal to 1; 3 inverse is equal
348
00:30:18,610 --> 00:30:25,380
to 9. So, if you see that, multiply 3 into
9, you get 27; if you take modular 26, that
349
00:30:25,380 --> 00:30:31,880
is, 1; 5 inverse is 21 you can verify this;
7 inverse 15; 11 inverse is 19; 15 inverse
350
00:30:31,880 --> 00:30:38,880
is 7; 17 inverse is 23; 25 inverse is 25,
that means, that all these number essentially
351
00:30:39,390 --> 00:30:44,380
have multiplicative inverse. Thus the inverse
of an element belongs to the above set. So,
352
00:30:44,380 --> 00:30:48,720
therefore, in it belongs to the above set
and if you can reflect why.
353
00:30:48,720 --> 00:30:55,180
So, therefore, the question is that, is the
how many possible keys are allowed in this
354
00:30:55,180 --> 00:30:59,610
affine ciphers. So, therefore, these the a
can essentially a the value of a can essentially
355
00:30:59,610 --> 00:31:06,160
take any of these 12 values and b can take
any of the 26 values; so the total key size
356
00:31:06,160 --> 00:31:10,620
is essentially 12 into 26, which is equal
to 312.
357
00:31:10,620 --> 00:31:15,670
And the key size of course small, I mean,
we can verifying 312 for possible keys is
358
00:31:15,670 --> 00:31:20,200
not a very big matter. So, that means, that
the question is that, can we generalize this
359
00:31:20,200 --> 00:31:26,720
affine cipher? I would like to kind of increase
the 26 values so that this size is essentially
360
00:31:26,720 --> 00:31:31,180
increased. So, therefore, I would like to
do a kind of generalized analysis, if this
361
00:31:31,180 --> 00:31:33,010
26 is replaced by some value say m.
362
00:31:33,010 --> 00:31:38,590
So, in this case, I mean, I will use the previous
days concepts of Euler's Totient function
363
00:31:38,590 --> 00:31:43,280
and it is a kind of recapitulation, which
says suppose a is greater than 1, and m is
364
00:31:43,280 --> 00:31:48,970
greater than equal to 2 are integers and if
gcd of (a, m) is equal to 1, then we see say
365
00:31:48,970 --> 00:31:53,980
that a and m are relatively prime. This is
the definition of Euler's Totient function
366
00:31:53,980 --> 00:31:58,500
which says that, if a is greater than or equal
to 1 and m is greater than or equal to 2 are
367
00:31:58,500 --> 00:32:04,010
integers, then this is a definition a and
m are co-prime, then gcd of (a, m) equal to
368
00:32:04,010 --> 00:32:09,920
1, then we say that a and m are relatively
prime.
369
00:32:09,920 --> 00:32:16,740
So, that means, if a is equal to 1, this is
the kind of case if I just kind of I would
370
00:32:16,740 --> 00:32:22,250
like to make a note that, if a is equal to
1, then gcd of (a, m) is also equal to 1 and
371
00:32:22,250 --> 00:32:27,150
say that 1 is also co-prime to m. So, therefore,
this there may be a kind of ambiguity about
372
00:32:27,150 --> 00:32:32,220
this, let us make it clear, so a is greater
than equal to 1.
373
00:32:32,220 --> 00:32:36,780
So, the definition of Euler's Totient function
is as follows: that if the number of integer
374
00:32:36,780 --> 00:32:41,780
in Zm, where m is greater than 1 that are
relatively prime to m and does not exceed
375
00:32:41,780 --> 00:32:46,130
m; therefore, these numbers are essentially
lesser than m. So, it will be kind of lesser
376
00:32:46,130 --> 00:32:52,520
than m means, it will be kind of from 0 to
m minus 1. Because they belong in Zm, and
377
00:32:52,520 --> 00:32:59,520
Zm actually has 0; also the numbers will vary
from 0 to m minus 1 and those numbers of values
378
00:33:00,030 --> 00:33:05,290
which are co-prime to m, we need to find them
and they are kind of denoted by some letter,
379
00:33:05,290 --> 00:33:09,950
which is called as phi m that is the symbol
of the Euler's Totient function and this is
380
00:33:09,950 --> 00:33:12,100
also sometimes referred to as a phi function.
381
00:33:12,100 --> 00:33:18,970
So, as you as you will remember that, if m
is equal to 26, we have seen that, phi of
382
00:33:18,970 --> 00:33:25,310
26 is 12. If p is a prime number, then phi
of p is p minus 1, and if you vary like m
383
00:33:25,310 --> 00:33:29,850
from 1 to 24 these are some of the value of
phi n and we can actually see that phi n does
384
00:33:29,850 --> 00:33:36,320
not have a nice nature; it is not a monotonically
increasing value, even a monotonically non-decreasing
385
00:33:36,320 --> 00:33:41,510
value. You see that, if you start increasing
n, there example there are cases, where actually
386
00:33:41,510 --> 00:33:45,710
the values of phi n dimensions like from 12
to 6, there is a reduction.
387
00:33:45,710 --> 00:33:49,810
So, we see that the function is very irregular
and therefore, we kind of would like to have
388
00:33:49,810 --> 00:33:54,920
a way of calculating the phi m. So, there
is a result which says m and n are relatively
389
00:33:54,920 --> 00:34:01,650
prime numbers, then phi of m n is equal to
phi of m multiplied by phi. So phi of 77 will
390
00:34:01,650 --> 00:34:07,750
be in this result; if i factorize this 7 into
11 will be equal to phi of 6 multiplied by
391
00:34:07,750 --> 00:34:14,599
phi of 7 using this result, and phi of 6 is
essentially is equal to, I mean, phi of 7
392
00:34:14,599 --> 00:34:20,429
multiplied by phi of 11, and phi of 7 is 6
why because since 7 is a prime number, then
393
00:34:20,429 --> 00:34:27,429
of course from 0 to p minus 1, there are six
numbers which are actually co-prime to 7,
394
00:34:28,970 --> 00:34:32,970
because all the numbers are co-prime except
0; 0 is not a co-prime by our definition.
395
00:34:32,970 --> 00:34:39,970
So, if you take a... and the phi of 11 will
be essentially equal to 10, that is, minus
396
00:34:41,450 --> 00:34:45,889
1; so 11 minus 1, again 0 is not there.
So, that means, that this is equal to 10 therefore,
397
00:34:45,889 --> 00:34:51,500
that is 6 to 10 is 60, but what about phi
of 1896? So, you can again factorize, it will
398
00:34:51,500 --> 00:34:55,419
be phi that is equal to 3 into 8 into 79 and
all of them are prime numbers, so this into
399
00:34:55,419 --> 00:35:01,769
prime factorization and therefore, 5 of 3
will be equal to 2 phi of 8; phi of 8 is phi
400
00:35:01,769 --> 00:35:08,650
of 2 q and this is not a prime number actually,
but if you if you kind of like that in that
401
00:35:08,650 --> 00:35:13,039
in terms of its prime factors, then this will
be this is equal to 2 q and we can say that,
402
00:35:13,039 --> 00:35:18,440
this is equal to 5 of 8 will be actually equal
to 4, and we can actually see this, that phi
403
00:35:18,440 --> 00:35:22,880
of 8 is 4 and then you have got phi of 79
which is 78.
404
00:35:22,880 --> 00:35:28,950
So, why is phi of 8 equal to 4? You can easily
verify this, because if the numbers if you
405
00:35:28,950 --> 00:35:35,950
take the numbers from 0, 1, 2, 3, 4, 5, 6
and 7, then these are the number which are
406
00:35:39,630 --> 00:35:46,630
belonging to Z 8, you immediately cancel out
1; this is co-prime; this is not co-prime;
407
00:35:47,430 --> 00:35:52,500
this is co-prime; this is not a co-prime;
this is co-prime and this is co-prime. So,
408
00:35:52,500 --> 00:35:57,250
there are 4 such values therefore, phi of
8 is equal to 4.
409
00:35:57,250 --> 00:36:04,250
So, therefore, if I use this fact here, then
phi of 3 into 8 into 79 will be equal to 2
410
00:36:04,490 --> 00:36:09,990
into 4 into 7 8 that is equal to 624. So,
this result can be extended to more than two
411
00:36:09,990 --> 00:36:13,119
arguments comprising of pair-wise co-prime
integers.
412
00:36:13,119 --> 00:36:17,619
So, we will try to kind of again reflect upon
the proof, which we kind of hurried up in
413
00:36:17,619 --> 00:36:21,730
the last class. So, phi of m n is equal to
phi of m multiplied by phi of n.
414
00:36:21,730 --> 00:36:28,730
So, what we have done here is that, we are
kind of laid down the numbers from 1 to m
415
00:36:29,269 --> 00:36:35,859
n. So, actually we should have done from 0
to m minus 1, but if you see, I mean, with
416
00:36:35,859 --> 00:36:40,380
the background of the number theory discussion
which we have done, you know that is same
417
00:36:40,380 --> 00:36:45,849
as the enumerating from 1 to m n. Because
m n if you take mod m n is nothing but 0 therefore,
418
00:36:45,849 --> 00:36:50,059
you can actually numerate the number from
1 to m n; so this is nothing but m n; you
419
00:36:50,059 --> 00:36:52,750
see that the m minus 1 n plus n, so that is
m n.
420
00:36:52,750 --> 00:36:57,140
So, these numbers are actually written in
a array kind of function; so 1, 2 and so on
421
00:36:57,140 --> 00:37:02,950
to n and again the next row is n plus 1, n
plus 2 so on to n plus k to n plus n and similarly,
422
00:37:02,950 --> 00:37:08,720
there are m rows and n columns. So, we need
to find out 5 m n, which means that, we need
423
00:37:08,720 --> 00:37:13,319
to find out those numbers which are co-prime
to m n and you note that m and n are relatively
424
00:37:13,319 --> 00:37:18,680
prime. So, that means, that these numbers
have to be co-prime to both m and both n;
425
00:37:18,680 --> 00:37:23,980
so it has to be co-prime to both m and n.
So, first of all let us see the columns. So,
426
00:37:23,980 --> 00:37:27,700
you see, let us try to find out there are
columns or rather the numbers which are co-prime
427
00:37:27,700 --> 00:37:33,049
to n. So, you see how the numbers are noted
down; so these numbers are, I mean, if you
428
00:37:33,049 --> 00:37:37,549
just observe say a particular column, then
we will see that the numbers are like k, n
429
00:37:37,549 --> 00:37:44,549
plus k and m minus 1 till so on like this
to m minus 1 into n plus k. If this numbers
430
00:37:44,660 --> 00:37:50,220
have to be co-prime to n, then by our previous
days discussion we know that, the remainder
431
00:37:50,220 --> 00:37:54,980
if i just for example, if you take n and if
you divide it by n, so this number is n plus
432
00:37:54,980 --> 00:37:59,579
k; if you divide it by n, then the remainder
is k and if this number has to be co-prime
433
00:37:59,579 --> 00:38:03,730
to n, then it means that, key has to be, remainder
has to be co-prime to n.
434
00:38:03,730 --> 00:38:08,549
So, that means, that the same holds for all
of them. You see that this is m minus 1 into
435
00:38:08,549 --> 00:38:12,950
n plus k, again the remainder is k and if
this number has to be co-prime with n, then
436
00:38:12,950 --> 00:38:17,809
k has to be co-prime with n; the same holds
for this one also. That means, that if this
437
00:38:17,809 --> 00:38:22,680
number, if this entire column, I mean, if
k is co-prime to n, then all these numbers
438
00:38:22,680 --> 00:38:29,339
are co-prime to n therefore, if k is I repeat,
if k is co-prime to n, then all these numbers
439
00:38:29,339 --> 00:38:36,299
are co-prime to n. So, that means, how many
if i need kind from these number if I am interested
440
00:38:36,299 --> 00:38:41,380
in finding out how many numbers are co-prime
to n, then obviously I need to find out those
441
00:38:41,380 --> 00:38:47,660
numbers which I mean from 1 to n, which are
all the possible values of k and which are
442
00:38:47,660 --> 00:38:52,930
co-prime to n. And we know by the previous
definition that, there are phi n such values
443
00:38:52,930 --> 00:38:58,089
which are co-prime to n; from 1 to n, there
are phi n such values which are co-prime to
444
00:38:58,089 --> 00:39:00,940
n.
So, that means, that there are phi n columns
445
00:39:00,940 --> 00:39:07,549
in which all the elements are co-prime to
n. Now, let us consider assume that k is co-prime
446
00:39:07,549 --> 00:39:13,519
to n and we let us find out how many numbers
among these n numbers the n numbers are here
447
00:39:13,519 --> 00:39:18,809
which are actually co-prime to n.
We know that, in this again, these are number
448
00:39:18,809 --> 00:39:23,750
like from k, n plus k and so on to m minus
to 1 into n plus k. We know that there are
449
00:39:23,750 --> 00:39:28,640
phi n elements which are actually co-prime
to n; we know that there are phi n values
450
00:39:28,640 --> 00:39:34,740
which are co-prime to n.
So, therefore, we if therefore, if I can kind
451
00:39:34,740 --> 00:39:40,230
of apply both of them, so there are again
so I repeat, there are phi n columns which
452
00:39:40,230 --> 00:39:46,829
are actually there are phi n columns in which
all the elements in the columns, all the numbers
453
00:39:46,829 --> 00:39:53,500
are co-prime to n and if you just take one
of those column, where this particular k is
454
00:39:53,500 --> 00:39:58,630
actually co-prime to n, then in this column,
there are phi n elements which are co-prime
455
00:39:58,630 --> 00:40:03,049
to n.
So, therefore, if I need to find out the number
456
00:40:03,049 --> 00:40:09,039
of elements which are co-prime to both m and
both n, then we just need to find out, we
457
00:40:09,039 --> 00:40:15,569
just need to multiply phi n with phi m, that
is, phi n will give us the number of columns,
458
00:40:15,569 --> 00:40:21,589
where which are co-prime to n, and if I multiply
with phi n, I get exactly those numbers which
459
00:40:21,589 --> 00:40:26,329
are co-prime to both m and n. It is the kind
of very interesting proof and very interesting
460
00:40:26,329 --> 00:40:30,420
regard very useful regard.
So, therefore, phi of m n, where m and n are
461
00:40:30,420 --> 00:40:36,960
relatively prime is nothing but the product
of phi m and phi n.
462
00:40:36,960 --> 00:40:43,630
So, now, what we do is that, I mean, this
is a kind of conclusion of the previous days
463
00:40:43,630 --> 00:40:49,460
proof and so, we can actually apply this to
find out phi of phi p to the power of a; phi
464
00:40:49,460 --> 00:40:54,160
of p to the power of a is nothing but p to
the power of a minus p to the power of a minus
465
00:40:54,160 --> 00:40:58,279
1 why? Because this evident for a equal to
1, we have seen this already that, phi of
466
00:40:58,279 --> 00:41:03,079
p is p minus 1; so that is the evident. For
a greater than 1, let us try to find out what
467
00:41:03,079 --> 00:41:05,990
is phi of p to the power of a, for a greater
than 1.
468
00:41:05,990 --> 00:41:11,200
So, the numbers could be like 1, 2 and so
on till the p to the power of a; so, there
469
00:41:11,200 --> 00:41:15,740
how many numbers are there from 1, 2, to p
the power of a? There are p to the power of
470
00:41:15,740 --> 00:41:19,230
a numbers in total; from there let us subtract
those numbers which are not co-prime to p
471
00:41:19,230 --> 00:41:23,579
to the power of a and just a little bit of
observation. You can actually understand,
472
00:41:23,579 --> 00:41:28,529
whether numbers which are not co-prime to
p to the power of a or rather which are not
473
00:41:28,529 --> 00:41:34,079
co-prime to p to the power of a are actually
p, p square, p to the power of a minus 1.
474
00:41:34,079 --> 00:41:37,769
So, it is just steering like that, it is like
this till p to the power of a; actually they
475
00:41:37,769 --> 00:41:41,660
should be some dots here.
P, p square and so on and till p to the power
476
00:41:41,660 --> 00:41:46,640
of a, so p, p square and you just keep on
kind of adding on to the power. So, therefore,
477
00:41:46,640 --> 00:41:52,150
p multiplied with the next power and so on.
So, how many such powers are how many elements
478
00:41:52,150 --> 00:41:57,059
are there? If you just observe this various
p to the power of a has been written, it is
479
00:41:57,059 --> 00:42:02,799
p to the power of a minus 1 into p therefore,
the power here has actually varied from...
480
00:42:02,799 --> 00:42:07,980
So, there are actually how many possible values?
there Actually you will find that, if you
481
00:42:07,980 --> 00:42:12,609
just find out the numbers of such terms which
are there , is nothing but p to the power
482
00:42:12,609 --> 00:42:18,930
of a minus 1. So, therefore, there are p to
the power of a minus 1 values or one elements
483
00:42:18,930 --> 00:42:21,829
which are actually not co-prime to p to the
power of a.
484
00:42:21,829 --> 00:42:26,309
So, therefore, you need to subtract from p
to the power of a, p to the power of a minus
485
00:42:26,309 --> 00:42:30,390
1 those numbers which are no co-prime to p
to the power of a and therefore, you can actually
486
00:42:30,390 --> 00:42:36,910
represent these are p to the power of a multiplied
by 1 minus 1 by p, this is same way of writing
487
00:42:36,910 --> 00:42:37,380
this.
488
00:42:37,380 --> 00:42:43,369
So, therefore, the in then if you need to
kind of find out the phi of n, then you know
489
00:42:43,369 --> 00:42:47,309
that from the fundamental theory of arithmetic,
you can actually factorize any n of like this,
490
00:42:47,309 --> 00:42:52,480
like p 1 to the power a 1 p 2 to the power
of a 2 and so on Pk to the power of ak. And
491
00:42:52,480 --> 00:42:56,460
therefore, phi is nothing but phi of p 1 to
the power of a 1 multiplied by phi of p 2
492
00:42:56,460 --> 00:43:00,180
to the power of a 2 and so on.
Because of the simple fact that, p to the
493
00:43:00,180 --> 00:43:04,999
power of a 1 and p 2 to the power of a 2 are
co-prime to each other, you can actually write
494
00:43:04,999 --> 00:43:10,059
them like this, and then, you can actually
apply the theorem of, I mean, the formula
495
00:43:10,059 --> 00:43:15,079
of phi of m n is equal to phi of m into phi
of n. When m and n are co-prime successively,
496
00:43:15,079 --> 00:43:20,650
you can apply them tentatively over more than
two values like m and n and therefore, you
497
00:43:20,650 --> 00:43:24,609
can actually get this particular equation
and therefore, by the previous thing that
498
00:43:24,609 --> 00:43:29,059
you can remember phi of p 1 to the power of
a 1 is nothing but p 1 to the power of a 1
499
00:43:29,059 --> 00:43:31,349
into 1 minus 1 by p 1.
500
00:43:31,349 --> 00:43:38,349
You know that, phi of p 1 to the power of
a 1 is nothing but p 1 to the power of a 1
501
00:43:40,490 --> 00:43:47,249
into 1 minus 1 by p 1. So, similarly, phi
of p 2 to the power of a 2 is nothing but
502
00:43:47,249 --> 00:43:54,049
p to the power of a 2 into 1 minus 1 by p
2; so similarly, till phi of Pk to the power
503
00:43:54,049 --> 00:43:59,369
of ak is equal to Pk to the power of ak into
1 minus 1 by p k.
504
00:43:59,369 --> 00:44:05,680
So, now, if you kind of find out phi of p
1, multiply all these things till phi of Pk
505
00:44:05,680 --> 00:44:10,499
to the power of ak, then what you get is,
p 1 to the power of a 1 multiplied by p 2
506
00:44:10,499 --> 00:44:16,910
to the power of a 2 and so on till Pk to the
power of ak into, so this will be multiplied
507
00:44:16,910 --> 00:44:23,910
by 1 minus 1 by p 1 1 minus 1 by p 2 and so
on till 1 minus 1 by Pk.
508
00:44:25,930 --> 00:44:31,190
This essentially can be actually substituted
by n itself; so you get n into 1 minus 1 by
509
00:44:31,190 --> 00:44:38,190
p 1 into 1 minus 1 by p 2 and so on till 1
minus 1 by Pk. So, this is the formula to
510
00:44:38,480 --> 00:44:45,480
compute the value of phi n; phi n is nothing
but this. So, phi n is n multiplied by 1 minus
511
00:44:45,869 --> 00:44:51,690
1 by p 1 1 minus 1 by p 2 and so on till 1
minus 1 by Pk. So, phi of 60, you can verify
512
00:44:51,690 --> 00:44:57,440
phi of 60 like them as 4 into three into 5,
then you know that this is equal to 60 into
513
00:44:57,440 --> 00:45:03,119
1 minus 1 by 2, because 2 is the prime factor,
and then, 1 minus 1 by 3 and 1 minus 1 by
514
00:45:03,119 --> 00:45:08,390
5, this actually works out to 16. So, therefore,
if instead of 26, if you use 60, then the
515
00:45:08,390 --> 00:45:14,990
number of affine keys actually increases to
16 multiplied by 60 that is 960, so that is
516
00:45:14,990 --> 00:45:15,499
increased.
517
00:45:15,499 --> 00:45:19,759
So, similarly, you can actually calculate
the number of affine keys for larger values
518
00:45:19,759 --> 00:45:25,499
of m also, but you need the but you need to
keep one thing in mind, that is, you need
519
00:45:25,499 --> 00:45:30,329
the prime factors. And factorization, actually
this problem becomes more and more complex
520
00:45:30,329 --> 00:45:36,140
as you start dealing with larger numbers.
So, then we will discuss... so we have actually
521
00:45:36,140 --> 00:45:40,740
talked about something which is called a monoalphabetic
character, that is, once a cipher once key
522
00:45:40,740 --> 00:45:45,740
is chosen, each alphabetic character is mapped
into unique alphabetic character in the ciphertext;
523
00:45:45,740 --> 00:45:48,589
examples of them are shift ciphers substitution
ciphers.
524
00:45:48,589 --> 00:45:53,480
Now, we will discuss about something which
is called poly alphabetic cipher. So, in this
525
00:45:53,480 --> 00:45:57,480
cipher, a plaintext can be mapped into more
than one possible characters in ciphertext.
526
00:45:57,480 --> 00:46:02,769
So, they are harder to cryptanalyse, examples
of them are Vigenere cipher and the Hill cipher.
527
00:46:02,769 --> 00:46:08,309
So, Vigenere cipher is a kind of polyalphabetic
cipher and each key essentially consist of
528
00:46:08,309 --> 00:46:13,559
m characters, which are called as keywords
and encrypts. So, the idea is that, you encrypt
529
00:46:13,559 --> 00:46:17,359
m characters at a time and this was defined
designed by Vigenere in the 16th centuries.
530
00:46:17,359 --> 00:46:21,710
So, it is we can see that, it is very old
cipher also.
531
00:46:21,710 --> 00:46:26,039
So, the idea is like this, that is suppose
your example is this cryptosystem is not secure
532
00:46:26,039 --> 00:46:30,140
this is the plaintext and if you take m is
equal to 6, which is the size of the key,
533
00:46:30,140 --> 00:46:35,400
let the key will be instead of one number,
be a pair like, I mean, we have tuple be a
534
00:46:35,400 --> 00:46:42,400
kind of set of numbers like 2, 8, 15, 7, 4
and till 17. So, what you do is that, you
535
00:46:42,529 --> 00:46:46,710
convert the plaintext into residues module
26 and write them in groups of 6, and then,
536
00:46:46,710 --> 00:46:48,900
add the keyword; so that is the idea.
537
00:46:48,900 --> 00:46:54,089
So, just see that, if you see that the numbers
are... if you take these numbers like this,
538
00:46:54,089 --> 00:46:59,220
cryptosystem is not secure; convert the plaintext
into the set of numbers, and then, you start
539
00:46:59,220 --> 00:47:06,140
writing this key as like this 2, 8, 15, 7,
4, 17; again repeat 2, 8, 15, 7, 4, 17 again
540
00:47:06,140 --> 00:47:11,160
keep on repeating as the plaintext goes on.
Now, you start adding the modular 26 therefore,
541
00:47:11,160 --> 00:47:17,630
you take 19, you add 2, 21 modular 26, it
is 26; so you can get 7, you add 8, you get
542
00:47:17,630 --> 00:47:23,319
15, I mean, it is modular 26, it is 15. So,
similarly, you start doing this transformation,
543
00:47:23,319 --> 00:47:28,099
you see that there are two occurrences of
19 here in the plaintext, but because of this
544
00:47:28,099 --> 00:47:32,819
arrangement of the key in this case, 19 is
getting modified by the key material 2, but
545
00:47:32,819 --> 00:47:37,559
here it is getting modified by the keying
material 15; and as a natural consequences
546
00:47:37,559 --> 00:47:43,069
here you get 21, whereas here you get 8.
So, which means that, the same plaintext as
547
00:47:43,069 --> 00:47:48,059
we saw in the monoalphabetic ciphers, this
would always have got mapped into a unique
548
00:47:48,059 --> 00:47:52,920
later. But, in case of a polyalphabetic ciphers,
this letter is getting sometime mapped into
549
00:47:52,920 --> 00:47:57,380
a one number, but sometime getting mapped
into a different number. And as you can see
550
00:47:57,380 --> 00:48:02,049
that, there are six possible values in this
particular key; this number 19 can get mapped
551
00:48:02,049 --> 00:48:08,470
into six possible ciphertext values. So, that
is the basic concepts of a polyalphabetic
552
00:48:08,470 --> 00:48:12,819
cipher, that is, the mapping is not unique,
but it can vary depending upon the size of
553
00:48:12,819 --> 00:48:16,369
the key.
So, this part of the ciphertext here is this
554
00:48:16,369 --> 00:48:20,470
and you can note that, the character t is
mapped to v and i therefore, it is called
555
00:48:20,470 --> 00:48:25,390
polyalphabetic; there are two possible in
this shown here, actually there are six possible
556
00:48:25,390 --> 00:48:29,430
values, because that depends upon the size
of the key.
557
00:48:29,430 --> 00:48:33,900
So, we would be interested in finding out
what is the key space. Suppose the key word
558
00:48:33,900 --> 00:48:38,859
length is m and therefore, there are 26 to
the power of m possible keys, each of them
559
00:48:38,859 --> 00:48:44,109
can be 26 values. So, there are 26 to the
power of m possible key values. Suppose m
560
00:48:44,109 --> 00:48:48,849
equal to 5, then 26 to the power of 5 is this,
which is actually large enough to preclude
561
00:48:48,849 --> 00:48:53,759
any exhaustive key search. Exhaustive key
search is not possible however, we will see
562
00:48:53,759 --> 00:48:59,039
that there is there can be a systemic method
to break Vigenere cipher and that we will
563
00:48:59,039 --> 00:49:02,869
be discussing in the next day's class.
But we see that, one character could be mapped
564
00:49:02,869 --> 00:49:07,630
into m different characters when the character
is in m different positions. So, there are
565
00:49:07,630 --> 00:49:14,630
m possible mappings for a particular character,
where m is the length of the key size of the
566
00:49:14,739 --> 00:49:14,989
key.
567
00:49:14,839 --> 00:49:18,499
So, we will discuss about the cipher, which
is called Hill cipher, which is another polyalphabetic
568
00:49:18,499 --> 00:49:20,819
cipher and it was defined designed around
1929.
569
00:49:20,819 --> 00:49:26,160
So, you see that, here, I mean, we are going
more into the modern day cipher slowly that,
570
00:49:26,160 --> 00:49:32,890
is if you see that m be a positive integer,
and let p and c both are kind of Z 26 to the
571
00:49:32,890 --> 00:49:37,309
power of m, so that is kind of the m possible
values. First divide the characters, that
572
00:49:37,309 --> 00:49:43,559
is, which are in the plaintext into blocks
of m characters, then you take m linear combinations
573
00:49:43,559 --> 00:49:47,450
of m characters, thus producing the m characters
in ciphertext.
574
00:49:47,450 --> 00:49:51,670
So, mathematically it means like this. So,
let us take a small example, where m is equal
575
00:49:51,670 --> 00:49:58,670
to 2, so you're plain your you can here do
like this that is. So, I am considering the
576
00:49:59,299 --> 00:50:00,849
m is equal to 2 case.
577
00:50:00,849 --> 00:50:07,849
So, let us consider a plaintext say x1 and
x2; so you see that x1 belongs to z 26 and
578
00:50:09,079 --> 00:50:15,499
x2 also belongs to z 26. So, there are both
of them are z 26 elements and you take x1
579
00:50:15,499 --> 00:50:21,119
and you take x2, assume that you have got
a keying material, which for example, write
580
00:50:21,119 --> 00:50:28,119
as, so the key here could be like k1 k2, k3
and k4 you arrange them in a matrix format,
581
00:50:30,160 --> 00:50:37,160
where k1 k2 k3 and k4 all of them are z at
present from z 26.
582
00:50:37,440 --> 00:50:43,380
So, then you define your operation as this,
they which is the ciphertext is y1 y2 is equal
583
00:50:43,380 --> 00:50:50,380
to nothing but the multiplication k1 k2, k3
k4 multiplied with x1 x2. So, if you now if
584
00:50:50,890 --> 00:50:55,700
you need to find out the x1 x2 from this,
then obviously you need the inverse of this
585
00:50:55,700 --> 00:51:00,680
matrix; so therefore the inverse of this matrix
needs to be defined.
586
00:51:00,680 --> 00:51:05,619
So, you can actually see an example here,
that is, it says that (y1, y2) is equal to
587
00:51:05,619 --> 00:51:11,009
(x1, x2) and therefore, you can actually write
the it is written out like this; so it could
588
00:51:11,009 --> 00:51:14,329
be a matrix either pre multiplied or post
multiplied. So, it depends upon the way it
589
00:51:14,329 --> 00:51:20,339
has been arranged like, it is arranged as
a one cross two in this case vector. So, therefore,
590
00:51:20,339 --> 00:51:24,460
the multiplication you have to appropriately
apply, pre-multiply or post multiply depending
591
00:51:24,460 --> 00:51:29,549
upon the way you are writing this (x1, x2)
pair, so this vector.
592
00:51:29,549 --> 00:51:34,940
So, what so what is essentially done is that,
if you see, if you break up, these are nothing
593
00:51:34,940 --> 00:51:40,809
but linear transformation of this order. So,
y1 is instead 11 x1 plus 3 x2 mod 26 and y2
594
00:51:40,809 --> 00:51:47,579
is 8 x1 plus 7 x2 mod 26 which is been written
in this way. So, this 11, 3, 8 and 7 are actually
595
00:51:47,579 --> 00:51:51,200
the piece of information which is the key.
So, you see that, which is like extension
596
00:51:51,200 --> 00:51:56,140
of the affine cipher and it goes closer to
the cipher concept that we have today, which
597
00:51:56,140 --> 00:52:00,200
is called block cipher.
So, it is a kind of kind of a breach from
598
00:52:00,200 --> 00:52:05,960
this classical notation to a modern notation.
So,S you see that, here you can actually write
599
00:52:05,960 --> 00:52:11,369
that as y is equal to k x k and where y is
equal to (y1, y2) and x equal to (x1 , x2).
600
00:52:11,369 --> 00:52:16,670
So, where all these operations are performed
modular k, but the important point is that,
601
00:52:16,670 --> 00:52:21,519
for the injectivity as we have seen in context
of affine cipher, we need the inverse of this
602
00:52:21,519 --> 00:52:22,789
keying material.
603
00:52:22,789 --> 00:52:29,109
So, therefore, you see that, given a plaintext
k x, we get ciphertext y, but in order to
604
00:52:29,109 --> 00:52:35,059
have inverse , we actually need the inverse
of this matrix; and if you know that, if the
605
00:52:35,059 --> 00:52:38,759
inverse of the matrix exist, that is, if you
would take k and there is ak inverse; if you
606
00:52:38,759 --> 00:52:42,759
multiply and you get back the identity cipher,
then immediately you know that, if you take
607
00:52:42,759 --> 00:52:48,249
y and if you multiply with k inverse that
is nothing but y can be written as x k from
608
00:52:48,249 --> 00:52:53,059
the definition, that is, y is equal to x k,
then y is equal to x k; and then multiply
609
00:52:53,059 --> 00:52:57,950
with k inverse. So, you know that k and k
inverse if you multiply, you get I m and therefore,
610
00:52:57,950 --> 00:53:02,079
x of I m is nothing but x; therefore, obtain
back the plaintext x.
611
00:53:02,079 --> 00:53:07,499
Therefore, the important criteria is that,
the inverse of this matrix needs to exist.
612
00:53:07,499 --> 00:53:13,230
So, thus for Hill cipher to work, the matrix
k must be invertible; there should be an inverse
613
00:53:13,230 --> 00:53:18,569
which is called k inverse. Now, we know that,
when, I mean, to give an example, you can
614
00:53:18,569 --> 00:53:23,950
work out. So, refer the important condition
is that k is to have an inverse. So, we say
615
00:53:23,950 --> 00:53:30,630
that k has an inverse if and only if determinant
of k is invertible in z 26. If you know from
616
00:53:30,630 --> 00:53:35,249
our basic course in matrix algebra is that,
k inverse is nothing but 1 by determinant
617
00:53:35,249 --> 00:53:41,880
of k and this is the kind of you know what
this is. So, you can you can write them as
618
00:53:41,880 --> 00:53:45,410
a co-factors therefore, using the co-factors
therefore, the most important thing is that,
619
00:53:45,410 --> 00:53:50,079
you can always multiply, but the thing is
that, this determinant k and inverse of that
620
00:53:50,079 --> 00:53:52,109
needs to exist, which means the determinant
k inverse needs to exist which means that
621
00:53:52,109 --> 00:53:58,190
determinant k is inverse needs to exist and
when will the determinant of k inverse exist
622
00:53:58,190 --> 00:54:03,950
in modular 26? It can exist if and only if
the gcd of the determinant of k and 26 is
623
00:54:03,950 --> 00:54:09,920
equal to 1. This is quite easy to follow from
our previous description that means, that
624
00:54:09,920 --> 00:54:15,249
k is an inverse if and only if determinant
k is invertible in z 26 and that means that
625
00:54:15,249 --> 00:54:19,880
if and only if gcd of determinant of k and
26 is equal to 1.
626
00:54:19,880 --> 00:54:26,650
Therefore, the formal definition is like this;
so you take x, you multiply with x k and decryption
627
00:54:26,650 --> 00:54:31,019
is also defined as this, but only it needs
to be an invertible therefore, you can actually
628
00:54:31,019 --> 00:54:36,369
compute the size of the key using this.
A slight extension of this is called permutation
629
00:54:36,369 --> 00:54:40,329
cipher; all previous cipher include substitutions,
where which are actually taken a plaintext
630
00:54:40,329 --> 00:54:45,499
characters are replaced by the different ciphertext
characters, which also forms a very important
631
00:54:45,499 --> 00:54:50,650
component of modern ciphers substitution ciphers,
and then, the other component is the permutation
632
00:54:50,650 --> 00:54:54,970
ciphers, which will keep the plaintext characters
unchanged, but will alter their position by
633
00:54:54,970 --> 00:54:59,289
rearranging them using a permutation.
Suppose X is a finite set. a permutation over
634
00:54:59,289 --> 00:55:06,289
X is a bijective function, you know that which
is denoted by phi from X to X, this is the
635
00:55:06,799 --> 00:55:11,180
mapping. Thus the inverse permutation is actually
again back from X to X and defined by phi
636
00:55:11,180 --> 00:55:16,660
inverse. It is defined by the rule as follows,
that is, phi of inverse of x is equal to x
637
00:55:16,660 --> 00:55:23,660
dash if and only if phi of x dash is equal
to x therefore, that is the definition of
638
00:55:24,109 --> 00:55:25,779
a permutation cipher.
639
00:55:25,779 --> 00:55:30,809
So, what you can do is that, you can take
from x1 to x m. So, these are suppose the
640
00:55:30,809 --> 00:55:36,130
numbers like, which form the plaintext from
x1 to x m, and then, you start rearranging
641
00:55:36,130 --> 00:55:39,829
them. So, x1 goes to a different location;
x2 goes to a different location and so on,
642
00:55:39,829 --> 00:55:44,390
but the basic character the set of character
remain unaltered. So, therefore, x the index
643
00:55:44,390 --> 00:55:49,049
of this is denoted by phi 1. So, what essentially
get kind of transformed are the index locations
644
00:55:49,049 --> 00:55:53,989
we will take. So, any permutation, you can
actually denote like this; like you take x1,
645
00:55:53,989 --> 00:55:59,229
x2 and so on what you are doing is a rearrangement
in a permutation; you are just doing a rearrangement.
646
00:55:59,229 --> 00:56:03,559
So, this location gets changed to x1; this
essentially becomes x1, which essentially
647
00:56:03,559 --> 00:56:05,339
was x2 in this case.
648
00:56:05,339 --> 00:56:12,339
So, we will actually denote them as x of phi
1, x of phi 2 and so on. So, if there are
649
00:56:13,210 --> 00:56:17,960
n values, then x of phi m, so all of them
are nothing indicating that the characters
650
00:56:17,960 --> 00:56:23,529
index position is changed. So, therefore,
you can actually denote them using this, that
651
00:56:23,529 --> 00:56:27,720
is, this is just a notation of the permutation
and this is an example you have like, you
652
00:56:27,720 --> 00:56:32,380
take 1, 2, 3 and till 6 and therefore, what
you have done here is that, you just kind
653
00:56:32,380 --> 00:56:37,950
of transformed them; from 1 goes really to
3; 2 goes to 5; 3 goes to 1; 4 goes to 6 and
654
00:56:37,950 --> 00:56:40,329
so on and similarly, you can define the inverse
permutation also.
655
00:56:40,329 --> 00:56:46,660
So, this problem therefore, you can actually
there is a small comments made here, the permutation
656
00:56:46,660 --> 00:56:50,460
cipher is a special case of Hill cipher. So,
I leave it to kind of a exercise to reflect
657
00:56:50,460 --> 00:56:56,019
upon this point, that is, y is it y is it
so. And this give you some points to ponder,
658
00:56:56,019 --> 00:56:59,509
that is, one of them is that you have to comment
on whether the Euler Totient function for
659
00:56:59,509 --> 00:57:05,150
n greater than one is even or odd; you need
to kind of give an argument in your favor
660
00:57:05,150 --> 00:57:07,380
and express permutation cipher as a hill cipher.
661
00:57:07,380 --> 00:57:13,489
So, these are some problems given to you.
So, the references that I have used is cyptography
662
00:57:13,489 --> 00:57:17,809
and network security and next day, we will
discuss be discussing about the cryptanalysis
663
00:57:17,809 --> 00:57:19,200
of classical ciphers.