如何计算仿射密码的模乘逆

Question

I am trying to create a small software that does the Affine Cipher, which means that K1 and the amount of letters in the alphabet (using m for this number) must be coprime, that is gcd(k1, m) == 1 .

Basically it's like this:

I have a plaintext: hey

I have K1: 7

I have K2: 5

Plaintext in numerical format is: 8 5 25

8 - from h (the position in the alphabet) and ** 5 25** goes the same for e and y

Encrypted: 7 13 18

Which is the formula:

k1 * 8 + k2 mod 27 = 7

k1 * 5 + k2 mod 27 = 13

k1 * 25 + k2 mod 27 = 18

I have a function that crypts this but I don't know how to decrypt.

For example I have 7 for h. I want to get the number 8 back again, knowing 7, k1 and k2.

Do you guys have any ideas ?

Some function where you input k1, k2, result (7 for example, for h), and it gives me back 8, but I really don't know how to reverse this.

The function for encryption is this:

public List<int> get_crypted_char(string[] strr)
        {
            List<int> l = new List<int>();
            int i;
            for (i = 0; i < strr.Length; i++)
            {
                int ch = int.Parse(strr[i]);
                int numberback = k1 * ch + 5;
                numberback = (numberback % 27);
                l.Add(numberback);
            }
            return l;
        }

Where: string[] strr is a string that contains the plaintext. Function example: get_crypted_char({"e","c","b"})

The result would be a list like this {"5","3","2"}

UPDATE: Here is a link from wikipedia about this encryption, and also decryption, but ... I don't really understand "how to" http://en.wikipedia.org/wiki/Affine_cipher

Answer 1

It is not possible (in general case, for affine cipher, see update below). That's why module operation is so frequently used in security algorithms - it is not reversible. But, why don't we try?

result = (k1 * input + k2) % 27 (*1)

Let's take the first letter:

result = (7 * 8 + 5) % 27 = 7

That's cool. Now, because we said, that:

result = (k1 * input + k2) % 27

the following is also true:

k1 * input + k2 = 27 * div + result (*2)

where

div = (k1 * input + k2) / 27 (integral division)

It is quite obvious (if a % b = c, then a = b*n + c, where n is the result of integer division a/b).

You know the values of k1 (which is 7), k2 (5) and result (7). So, when we put these values to (*2), we get the following:

7 * input + 5 = 27 * div + 7 //You need to solve this

As you can see, it is impossible to solve this, because you would need to know also the result of the integral division - translating this to your function's language, you would need the value of

numberback / 27

which is unknown. So answer is: you cannot reverse your function's results, using only output it returns .

---

** UPDATE **

---

I focused too much on the question's title, so the answer above is not fully correct. I decided not to remove it, however, but write an update.

So, the answer for your particular case (affine cipher) is: YES, you can reverse it.

As you can see on the wiki, decryption function for affine cipher for the following encrytption function:

E(input) = a*input + b mod m

is defined as:

D(enc) = a^-1 * (enc - b) mod m

The only possible problem here can be computation of a^-1, which is modular multiplicative inverse.

Read about it on wiki , I will provide only example.

In your case a = k1 = 7 and m = 27. So:

7^-1 = p mod 27
7p = 1 mod 27

In other words, you need to find p, which satisfies the following: 7p % 27 = 1. p can be computed using extended euclidean algorithm and I computed it to be 4 (4 * 7 = 28, 28 % 27 = 1).

Check, if can decipher your output now:

E(8) = 7*8 + 5 mod 27 = 7

D(7) = 4 * (7 - 5) mod 27 = 8

Hope that helps :)

Answer 2

Please note that the other answers do not take into account the the algorithm at hand is the Affine Cipher, ie there are some conditions at hand, the most important one the coprime status of k1 and m .

In your case it would be:

m = 27; // letters in your alphabet
k1 = 7; // coprime with m
k2 = 5; // no reqs here, just that a value above 27 is the same as mod 27 of that value

int Encrypt(int letter) {
  return ((letter * k1) + k2) % m;
}

int Decrypt(int letter) {
  return ((letter - k2) * modInverse(k1, m)) % m;
}

Tuple<int, Tuple<int, int>> extendedEuclid(int a, int b)
{
  int x = 1, y = 0;
  int xLast = 0, yLast = 1;
  int q, r, m, n;
  while (a != 0)
  {
    q = b / a;
    r = b % a;
    m = xLast - q * x;
    n = yLast - q * y;
    xLast = x; yLast = y;
    x = m; y = n;
    b = a; a = r;
  }
  return new Tuple<int, Tuple<int, int>>(b, new Tuple<int, int>(xLast, yLast));
}

int modInverse(int a, int m)
{
  return (extendedEuclid(a, m).Item2.Item1 + m) % m;
}

ModInverse implementation taken from http://comeoncodeon.wordpress.com/2011/10/09/modular-multiplicative-inverse/ .

Answer 3

I have created a program that will tell the modular inverse of something. I will let you use it. It is posted below.

# Cryptomath Module


def gcf(a, b):
    # Return the GCD of a & b using Euclid's Algorithm
    while a != 0:
        a, b = b % a, a
    return b


def findModInverse(a, m):
    # Return the modular inverse of a % m, which is
    # the number x such that a*x % m = 1

    if gcf(a, m) != 1:
        return None # No mode inverese if a & m aren't relatively prime

    # Calculate using the Extended Euclidean Algorithm:
    u1, u2, u3 = 1, 0, a
    v1, v2, v3 = 0, 1, m
    while v3 != 0:
        q = u3 // v3 # // is the integer division operator
        v1, v2, v3, u1, u2, u3 = (u1 - q * v1), (u2 - q * v2), (u3 - q *
v3), v1, v2, v3
    return u1 % m

Note: The modular inverse is found using the extended euclidean algorithm. Here is the Wikipedia entry for it: http://en.wikipedia.org/wiki/Extended_Euclidean_algorithm .

Note: This needs to be imported as a module to be used. Hope it helps.