Module 2

Mathematical Concepts and Key Distribution

Content
• Algebraic structures, GF(28) fields (Module2)
• Number theory and Modular arithmetic:
• Primality testing Fermat's and Euler's theorems,
• Order of a number,
• Primitive roots,
• Euclidean and Extended Euclidean Algorithm
Algebraic Structures
• Algebraic structures are mathematical entities composed of a set
equipped with one or more operations that follow specific axioms or
rules.
• These structures form the foundation of various fields of
mathematics, including algebra, number theory, and cryptography.
• Key types of algebraic structures include
• groups,
• rings,
• fields, and
• vector spaces.
Groups
• Definition: A group is a set GGG with an operation ∗*∗ (often called
multiplication or addition) that combines any two elements a,b ∈ G
to form another element in G. The group must satisfy four axioms:
Example for Group
• Integers under Addition: The set of integers Z with addition as the
operation forms a group. The identity element is 0, and each integer
has an inverse (its negative).
Ring
• Definition: A ring is a set R equipped with two binary operations:
addition + and multiplication ×. The set R must satisfy the following
axioms:

Examples:
•Integers with Addition and Multiplication: The set Z with standard addition and multiplication is a
ring.
•Polynomial Rings: The set of all polynomials with coefficients from a ring R forms a ring.
Field
• Definition: A field is a set F equipped with two operations (addition
and multiplication) that satisfy the following conditions:

Examples:
•Real Numbers (R): The set of real numbers with usual addition and multiplication forms a field.
•Rational Numbers (Q): The set of rational numbers is also a field.
Galois Field (GF)
• Definition: A Galois Field (GF) or finite field is a field that contains a
finite number of elements. The most common notation for a Galois
Field with p^n elements is GF(p^n), where p is a prime number and n
is a positive integer.
• Examples:
• GF(2): The simplest Galois Field, also known as the binary field,
contains only two elements, 0 and 1. It is widely used in digital
electronics and error-correcting codes.
• GF(2^8): This field has 256 elements and is commonly used in
cryptography, particularly in the AES (Advanced Encryption Standard)
algorithm.
GF ( 2^8)
• Structure of GF(2^8)
• Elements:
• GF(2^8) consists of 256 elements, which can be represented as 8-bit binary numbers (from 00000000 2 to 111111112), or
equivalently, as integers from 0 to 255.
• These elements can also be represented as polynomials over GF(2) (binary field) of degree less than 8. For example, the element
110010102​can be represented as the polynomial
• Addition:
• Addition in GF(2^8) is performed by bitwise XOR (exclusive OR) of the corresponding binary representations. This operation is
equivalent to polynomial addition modulo 2.
• Example: 110010102​+ 101110002​= 011100102
• Multiplication:
• Multiplication in GF(2^8) is more complex and is done using polynomial multiplication modulo an irreducible polynomial of degree
8.
• Example: If a(x)=x^7+x^6+x^3+x and b(x)=x^7+x^6+x^5+x^4, their product is calculated modulo an irreducible polynomial (such as
x^8+x^4+x^3+x+1) to keep the result within the field.
• Irreducible Polynomial:
• An irreducible polynomial in GF(2) is a polynomial that cannot be factored into the product of lower-degree polynomials over GF(2).
• The AES algorithm uses the irreducible polynomial m(x)= x^8 + x^4 + x^3 + x + 1 for constructing the field GF(2^8).
GF(2^8)
To reduce modulo m(x), we repeatedly divide the terms in c(x) by m(x) for each term where the degree of x^n≥8.
Key Distribution
Need
• If Alice needs to exchange confidential messages with N people, she
needs N different keys. What if N people need to communicate with
each other? A total of N(N − 1) keys is needed if we require that Alice
and Bob use two keys for bidirectional communication; only N(N − 1)/2
keys are needed if we allow a key to be used for both directions. This
means that if one million people need to communicate with each other,
each person has almost one million different keys; in total, almost one
trillion keys are needed.
• The number of keys is not the only problem; the distribution of keys is
another
 KDC
• A practical solution is the use of a trusted third party, referred to as a key-distribution center (KDC). To
reduce the number of keys, each person establishes a shared secret key with the KDC

• A secret key is established between the KDC and each

member. Alice has a secret key with the KDC, which we refer
to as KAlice; Bob has a secret key with the KDC, which we
refer to as KBob; and so on.
Now the question is how Alice can send a confidential message
to Bob. The process is as follows:
1. Alice sends a request to the KDC stating that she needs a
• A KDC creates a secret key for each member.
session (temporary) secret key between herself and Bob.
• This secret key can be used only between the
2. The KDC informs Bob about Alice’s request.
member and the KDC, not between two
3. If Bob agrees, a session key is created between the two
members.
• If Alice needs to communicate secretly with
Bob, she needs a secret key between herself
and Bob. A KDC can create a session key
between Alice and Bob, using their keys with
First Approach KDC
Alice sends a plaintext message to the KDC to obtain a
symmetric session key between Bob and herself.
2. The KDC receives the message and creates what is called a
ticket. The ticket is encrypted using Bob’s key (KB). The ticket
contains the identities of Alice and Bob and the session key
(KAB). The ticket with a copy of the session key is sent to
Alice.
3. Alice sends the ticket to Bob. Bob opens the ticket and knows
that Alice needs to send messages to him using KAB as the
session key. Note that in this message, Bob is authenticated to
the KDC because only Bob can open the ticket.
Because Bob is authenticated to the KDC, he is also
authenticated to Alice, who trusts the KDC. In the same way,
Alice is also authenticated to Bob, because Bob trusts the KDC
and the KDC has sent Bob the ticket that includes the identity
of Alice.
Kerberos
• Kerberos is an authentication protocol, and at the same time a KDC, that has
become
• very popular. Several systems, including Windows 2000, use Kerberos. It is
named after the three-headed dog in Greek mythology that guards the gates
of Hades.
• Three servers are involved in the Kerberos protocol:
• an authentication server (AS),
• ticket-granting server (TGS), and a real (data) server that provides services to
others.
• In our examples and figures, Bob is the real server and Alice is the user
requesting service.
 Servers in KerberosAuthentication Server (AS)
• The authentication server (AS) is the KDC in the Kerberos
protocol.
• Each user registers with the AS and is granted a user identity
and a password.
• The AS has a database with these identities and the
corresponding passwords.
• The AS verifies the user, issues a session key to be used
between Alice and the TGS, and sends a ticket for the TGS.

Ticket-Granting Server (TGS)

• issues a ticket for the real server (Bob).
• It also provides the session key (KAB) between Alice and
Bob.
Real Server
• Kerberos has separated user verification from the issuing
• The real server (Bob) provides services for the user (Alice).
of tickets.
Kerberos is designed for a client-server program, such as
• In this way, though Alice verifies her ID just once with the
FTP, in which a user uses the client process to access the
• server process. AS, she can contact the TGS multiple times to obtain
• Kerberos is not used for person-to-person authentication. tickets for different real servers
1. Alice sends her request to the AS in plain text using her
registered identity.
2. The AS sends a message encrypted with Alice’s permanent
symmetric key, KA-AS. The message has : a session key, KA-TGS,
used by Alice to contact the TGS, and a ticket for the TGS that is
encrypted with the TGS symmetric key, KAS-TGS. Alice does not
know KA-AS, but when the message arrives, she types her
symmetric password. The password and the appropriate
algorithm together create KA-AS if the password is correct. The
password is then immediately destroyed; it is not sent to the
network and it does not stay in the terminal. It is used only for
a moment to create KA-AS. The process now uses KA-AS to
decrypt the message sent. KA-TGS and the ticket are extracted.
Kerberos Operation
3. Alice now sends three items to the TGS. The first is the ticket received
from the AS. The second is the name of the real server (Bob), the third is a
timestamp that is encrypted by KA-TGS. The timestamp prevents a replay
by Eve.
4. Now, the TGS sends two tickets, each containing the session key
between Alice and Bob, KA-B. The ticket for Alice is encrypted with KA-
TGS; the ticket for Bob is encrypted with Bob’s key, KTGS-B. Eve cannot
extract KAB because Eve does not know KA-TGS or KTGS-B.
5. Alice sends Bob’s ticket with the timestamp encrypted by KA-B.
6. Bob confirms the receipt by adding 1 to the timestamp. The message is
encrypted with KA-B and sent to Alice.