Cryptographic Systems Involving Modular Exponentiation

Question

I am going through an "Introduction to Cryptography" chapter in my Elementary Number Theory course, wherein I'm studying cryptographic systems involving modular exponentiation.

The textbook (By David M. Burton) says that:

A user who wishes to conceal information might begin by selecting a (large) prime p to serve as the enciphering modulus, and a positive integer 2 < k < p - 2, the enciphering exponent. Modulus and exponent, both kept secret, must satisfy gcd(k, p - 1) = 1. The encryption process begins with the conversion of the message to numerical form M by means of a "digital alphabet" in which each letter of the plaintext is replaced by a two-digit integer. It is assumed that the plaintext number M is less than the enciphering modulus p; otherwise, it would be impossible to distinguish M from a larger integer congruent to it modulo p.

Can someone please clarify the last line for me (in italics)? Possibly, by giving an example as to why will it be impossible to distinguish M from a larger integer congruent to it modulo p. What exactly happens when M is greater than p?

what would be $(k.p + a)^s$ $mod$ $p$ for the key $s$ and message $k.p+a$ where $k$ is an integer? — Manish Adhikari, Apr 28 '21 at 11:50

score 3 · Accepted Answer · answered Apr 28 '21 at 12:11

Can someone please clarify the last line for me (in italics)?

Ok, here is a very simple example of what can go wrong.

For a very simple example, let us consider $p=11$ (smaller than what they specify, however it'll act the same, and it'll keep the computations simpler), and $k=3$.

Suppose we want to encrypt the message $m=2$; what we'll do to encrypt is compute $m^k \bmod p$, in this case, $2^3 \bmod 11 = 8 \bmod 11 = 8$. And, later on in the text, they'll explain how to decrypt.

However, to answer your question, suppose we were to try to encrypt the message $m=13$. In this case, we'd compute $13^3 \bmod 11 = 2197 \bmod 11 = 8$. That is, we got the exact same ciphertext that we did for $m=2$; that means that if we get the ciphertext $8$, we wouldn't be able to tell whether the original $m$ was $2$ or $13$ (and by default, we assume that it is less than $p$, namely, $m=2$).

It turns out that this encryption method always handles any $m$ the exact same way as $m+p$; hence if we get a message larger than $p$, there will always be a smaller message that encrypts the same way.

As a side note, when I computed $m^k \bmod p$, I wrote it out as $m^k$ and then applied the $\bmod p$ operation. This works on these small toy examples, but on realistic cases, we convert the $m^k$ into a series of modular multiplications and squarings, and apply the modulo operation after each multiplication/squaring. This is not related to your question - I'm just trying to anticipate a possible future source of confusion.

Cryptographic Systems Involving Modular Exponentiation

1 Answers1