Lecture 3: General Mathematical Ciphers

In this lecture, we are going to use the number theory terminology we learned in Lecture 2 to help improve the Shift Cipher we discussed in Lecture 1.

Lecture 1 in Lecture 2's Language

Recall our chart associating numbers to symbols from Lecture 1:

Using this, we can take a message and associate to it a string of numbers. Then we decided that the shift cipher corresponded to adding a predetermined number to each element of the string. Of course, this wasn't exact addition. We had to `wrap around' so that every number would make sense. Then, in Lecture 2, we learned how to describe `wrapping around' mathematically through modular arithmetic. That is, we were working modulo 41. Thus, if we use a shift cipher with a shift of 14, this corresponds to finding

where denotes the plaintext we wish to encrypt. Suppose then that this yields the ciphertext . To decrypt, we simply compute

that is the shift cipher.

Generalized Shift Ciphers

Since modular arithmetic gave a two line explanation of the shift cipher, let's see if we can use it to improve our cipher. In particular, there is no reason to work modulo 41 every time. In fact, we can choose any modulus we want. Also, there is no reason to encrypt each character of our plaintext. Instead, we can divide our message into blocks of uniform size (as we did at the end of Lecture 1) and then use the shift cipher on those numbers. We do. however, need to make sure that our modulus is large enough so that none of our words are congruent. Let's look at and example. Suppose Alice wants to send Bob the message:
This message has 42 characters, so let's group it in blocks of size 3:
Now, when we convert to numbers, we will have blocks of size 6:
030114 251521 161205 012005 160903 112116 191513 050308 091619
011404 190112 190139 011209 030537
Now, the largest of these 6-digit numbers is 251521. So any modulus larger than that will work. For ease, let's choose 300000. Now, we also need to pick a shift. Say 200000. Now, to get our cipher text, we take

where is any of the six digit blocks we have above. This yields

230114 151521 061205 212005 060903 312116 091513 250308 291619
211404 090112 090139 211209 230537
for our ciphertext. Also, we can now drop any leading zero's that we have since Bob will know to add them back in. This is not that big a deal, but it might trick an attacker into thinking that we haven't used a uniform block size! Thus, the final ciphertext is
230114 151521 61205 212005 60903 312116 91513 250308 291619
211404 90112 90139 211209 230537
and Bob can easily recover it, so long has he knows that we shifted by 200000 and that we were working modulo 300000.

Then Multiplication Cipher

In the last section, we saw how a shift cipher was really just modular addition. In this section, we are going to investigate multiplication ciphers; that is, ciphers that come from modular multiplication.

Suppose we have some plaintext , a modulus , and an integer . Then, by computing

we could generate ciphertext . This is essentially the multiplication cipher. However, there is one issue which we have yet to discuss: how do we decrypt the cipher text? In other words, how do we undo modular multiplication? The answer, of course, is modular division. Before we start on the theory, let's look at an example.

Suppose Carol wants to use the multiplication cipher with and to send Dave the following message:

As usual, she breaks this up into blocks,
and then converts to numbers:
1908 1521 1204 2305 0418 0519 1921 1639 0301 1815 1237
Now, she multiplies each block by ,
5724 4563 3612 6915 1254 1557 5763 4917 0903 5445 3711
and then reduces modulo :
724 2063 1112 1915 1254 1557 763 2417 903 445 1211
Now, Dave must decrypt this message. Of course, he knows that and , but how does he `undo' the multiplication? Notice that

so that if


Thus, to 'undo' multiplication by modulo , we multiply by . The notation '' is to denote that 3 and 1667 are inverses modulo 2500. Much like in the usual case where the inverse of 7 is . Returning to our example. Having received the encrypted message, Dave finds and computes ,

1206908 3439021 1853704 3192305 2090418 2595519 1271921
4029139 1505301 741815 2018737
and then reduces modulo :
1908 1521 1204 2305 418 519 1921 1639 301 1815 1237
This is exactly the message which Carol sent!

From this example, it looks like all we need to do to decrypt the multiplication cipher is determine modulo . However, what if we had chosen instead of in the previous example? In that case, we would have run into some problems. Since , we call 2 a zero divisor modulo 2500. To see why this means that 2 cannot have an inverse, suppose that it did. Then we would be able to find some number such that . Then, combining the last two congruences, we would have

Of course, we know that , so our assumption that 2 was invertible modulo 2500 was false.

Let's consider the general case. Suppose we have a modulus and want to know whether or not a number is invertible modulo . Suppose first that is a multiple of and exists. That is, suppose that there is some such that is a multiple of and there is some such that . Then, just as in the example, we get

Since and , we are left to conclude that and . Thus, the numbers 1 < c \leq n which have a common factor with are not invertible modulo . These are precisely the same which satisfy , or equivalently, those which are not relatively prime to . The following theorem shows that the converse is also true.

Theorem: Let be a positive integer and any integer. Then is invertible modulo if and only if and are relatively prime.

Now suppose that we have chosen and which are relatively prime. How do we go about finding modulo ? This requires the division algorithm discussed in Lecture 2. As usual, we will start with an example. Suppose we want to find the inverse of modulo . We start by doing the Division algorithm to make sure that :

so we do in fact, have . Now, to find , we simply reverse the division algorithm and work from the bottom up:

Since , we see that

That is, . This process works in complete generality. Now that we can compute inverses modulo , we can fully use the multiplication cipher.

Then Exponential Cipher

The last type of mathematical cipher that we are going to discuss is the exponential cipher. As its name suggests, we are going to encrypt our by first exponentiating,, and then reducing by a modulus . We start with an example:

Suppose Alice wants to send the following message to Bob using the exponential cipher with and :

Since exponentiating gets very large, very fast, we are going to group one letter at a time when we convert to numbers:
20 15 13 15 18 18 15 23 09 19 20 08 05 02 09 07 04 01 25 38
01 12 09 03 05 37
Next, we cube each of these numbers,
8000 3375 2197 3375 5832 5832 1728 12167 729 6859 8000 512
125 8 729 343 64 1 15625 54872 1 1728 729 27 125 50653
and reduce modulo :
5 13 25 13 10 10 6 31 32 12 5 20 28 32 15 23 1 4 14 1 6 32
27 2 18
Before we can discuss how to decrypt this message, we need some more terminology. For a given positive integer , we write to denote the number of positive integers less than which are relatively prime to . This is called Euler's phi-function, named after the 18th century Swiss mathematician Leonhard Euler. For example, since are all relatively prime to , and since are all relatively prime to .

Theorem Let and be positive integers which are relatively prime. Then . If is prime and is a positive integer, then . In particular, if , then , and if and are prime, then .

The next theorem relates to exponentials. It is due to 17th century French Mathematician Pierre de Fermat.

Theorem[Fermat's Little Theorem]: Let be a positive integer. Then for any integer relatively prime to ,

Thus, if we want to decrypt a message that has be encrypted using an exponential cipher, all we need to do is find . Indeed, we could then compute

So, to decrypt our example above, Bob would need to compute , that is, . To do this, all he needs to do is the division algorithm in reverse!

Before, we finish, let's think for a minute about how careful we need to be when we are choosing and for an exponential cipher. To start, we are going to insist that is either prime, or the product of two prime numbers. In the latter case, say . Using the theorem about the behavior of , we see that the we choose must be relatively prime to . In particular, it cannot be even (why?). If we follow these two rules, everything will work as planned.


  1. Compute the following:
  2. Compute the following:
  3. Compute the following:
  4. Write a short message and encrypt it using the generalized shift cipher, the multiplication cipher, and the exponential cipher. Find a partner and exchange messages. Do not forget to tell them you modulus and the shift factor, multiplication factor, or exponent that you used. Which of the three ciphers took the longest to deal with?

This work was made possible through a grant from the National Science Foundation.