Mixing
Hill cipher: why can the cipher key matrix’s determinant not share common factors with the modulus?
Background
The Hill cipher works by:
- defining a letter-to-number substitution table/list/pattern/etc.;
- encoding a cypher-word into a column vector $u$ whose components are determined by the said list;
- multiplying $u$ with a random “key” matrix $K$ of corresponding dimension, rendering another column vector $z$;
- converting $z$ into a cypher-word.
Decryption works by:
- considering the number of characters in the list to be $m$;
- multiplying $z$ by $K^{-1}$ to give another column vector $w$;
- attaining $u$ via the relationship $uequiv wpmod m$ where all components of $u$ are in the list; and
- obtaining the original word using the list.
There is a caveat: In addition to $K$ needing to be invertible, the determinant of the key $det K$ must share no common factors with the modulus $m$.
Personal investigation
In order to understand why this condition is required, I created my own example in which I use the pattern
$$begin{array}{ccccccccc} text{a} & text b & text c & text d & text e & text f & text g & cdots & text z \ 0 & 1 & 2 & 3 & 4 & 5 & 6 & cdots & 25 end{array}$$
and the key $$K = pmatrix{2&1\2&2}$$ to encrypt the word $$text{ab}mapsto pmatrix{0\1}=u$$ (like the muscle), in which I know $det K=2$ shares a factor with the modulus $26$.
The cipher-word is attained by
$$z=Ku=pmatrix{2&1\2&2}pmatrix{0\1}=pmatrix{1\2}mapstotext{bc}$$
The original word is obtained by
$$K^{-1}z=pmatrix{1&-1/2\-1&1}pmatrix{1\2}=pmatrix{0\1}mapstotext{ab}$$
as originally planned. . . .
Question
At first I thought there was a possibility that my cipher working was due to the matrix components being small numbers, but after working out several additional examples, it seems that no matter what key I choose, it works flawlessly if the key matrix is invertible.
Is it even necessary that the key matrix not share factors with the modulus? If so, why?
linear-algebra matrices cryptography
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
add a comment |
Background
The Hill cipher works by:
- defining a letter-to-number substitution table/list/pattern/etc.;
- encoding a cypher-word into a column vector $u$ whose components are determined by the said list;
- multiplying $u$ with a random “key” matrix $K$ of corresponding dimension, rendering another column vector $z$;
- converting $z$ into a cypher-word.
Decryption works by:
- considering the number of characters in the list to be $m$;
- multiplying $z$ by $K^{-1}$ to give another column vector $w$;
- attaining $u$ via the relationship $uequiv wpmod m$ where all components of $u$ are in the list; and
- obtaining the original word using the list.
There is a caveat: In addition to $K$ needing to be invertible, the determinant of the key $det K$ must share no common factors with the modulus $m$.
Personal investigation
In order to understand why this condition is required, I created my own example in which I use the pattern
$$begin{array}{ccccccccc} text{a} & text b & text c & text d & text e & text f & text g & cdots & text z \ 0 & 1 & 2 & 3 & 4 & 5 & 6 & cdots & 25 end{array}$$
and the key $$K = pmatrix{2&1\2&2}$$ to encrypt the word $$text{ab}mapsto pmatrix{0\1}=u$$ (like the muscle), in which I know $det K=2$ shares a factor with the modulus $26$.
The cipher-word is attained by
$$z=Ku=pmatrix{2&1\2&2}pmatrix{0\1}=pmatrix{1\2}mapstotext{bc}$$
The original word is obtained by
$$K^{-1}z=pmatrix{1&-1/2\-1&1}pmatrix{1\2}=pmatrix{0\1}mapstotext{ab}$$
as originally planned. . . .
Question
At first I thought there was a possibility that my cipher working was due to the matrix components being small numbers, but after working out several additional examples, it seems that no matter what key I choose, it works flawlessly if the key matrix is invertible.
Is it even necessary that the key matrix not share factors with the modulus? If so, why?
linear-algebra matrices cryptography
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
1
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45
add a comment |
Background
The Hill cipher works by:
- defining a letter-to-number substitution table/list/pattern/etc.;
- encoding a cypher-word into a column vector $u$ whose components are determined by the said list;
- multiplying $u$ with a random “key” matrix $K$ of corresponding dimension, rendering another column vector $z$;
- converting $z$ into a cypher-word.
Decryption works by:
- considering the number of characters in the list to be $m$;
- multiplying $z$ by $K^{-1}$ to give another column vector $w$;
- attaining $u$ via the relationship $uequiv wpmod m$ where all components of $u$ are in the list; and
- obtaining the original word using the list.
There is a caveat: In addition to $K$ needing to be invertible, the determinant of the key $det K$ must share no common factors with the modulus $m$.
Personal investigation
In order to understand why this condition is required, I created my own example in which I use the pattern
$$begin{array}{ccccccccc} text{a} & text b & text c & text d & text e & text f & text g & cdots & text z \ 0 & 1 & 2 & 3 & 4 & 5 & 6 & cdots & 25 end{array}$$
and the key $$K = pmatrix{2&1\2&2}$$ to encrypt the word $$text{ab}mapsto pmatrix{0\1}=u$$ (like the muscle), in which I know $det K=2$ shares a factor with the modulus $26$.
The cipher-word is attained by
$$z=Ku=pmatrix{2&1\2&2}pmatrix{0\1}=pmatrix{1\2}mapstotext{bc}$$
The original word is obtained by
$$K^{-1}z=pmatrix{1&-1/2\-1&1}pmatrix{1\2}=pmatrix{0\1}mapstotext{ab}$$
as originally planned. . . .
Question
At first I thought there was a possibility that my cipher working was due to the matrix components being small numbers, but after working out several additional examples, it seems that no matter what key I choose, it works flawlessly if the key matrix is invertible.
Is it even necessary that the key matrix not share factors with the modulus? If so, why?
linear-algebra matrices cryptography
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
Background
The Hill cipher works by:
- defining a letter-to-number substitution table/list/pattern/etc.;
- encoding a cypher-word into a column vector $u$ whose components are determined by the said list;
- multiplying $u$ with a random “key” matrix $K$ of corresponding dimension, rendering another column vector $z$;
- converting $z$ into a cypher-word.
Decryption works by:
- considering the number of characters in the list to be $m$;
- multiplying $z$ by $K^{-1}$ to give another column vector $w$;
- attaining $u$ via the relationship $uequiv wpmod m$ where all components of $u$ are in the list; and
- obtaining the original word using the list.
There is a caveat: In addition to $K$ needing to be invertible, the determinant of the key $det K$ must share no common factors with the modulus $m$.
Personal investigation
In order to understand why this condition is required, I created my own example in which I use the pattern
$$begin{array}{ccccccccc} text{a} & text b & text c & text d & text e & text f & text g & cdots & text z \ 0 & 1 & 2 & 3 & 4 & 5 & 6 & cdots & 25 end{array}$$
and the key $$K = pmatrix{2&1\2&2}$$ to encrypt the word $$text{ab}mapsto pmatrix{0\1}=u$$ (like the muscle), in which I know $det K=2$ shares a factor with the modulus $26$.
The cipher-word is attained by
$$z=Ku=pmatrix{2&1\2&2}pmatrix{0\1}=pmatrix{1\2}mapstotext{bc}$$
The original word is obtained by
$$K^{-1}z=pmatrix{1&-1/2\-1&1}pmatrix{1\2}=pmatrix{0\1}mapstotext{ab}$$
as originally planned. . . .
Question
At first I thought there was a possibility that my cipher working was due to the matrix components being small numbers, but after working out several additional examples, it seems that no matter what key I choose, it works flawlessly if the key matrix is invertible.
Is it even necessary that the key matrix not share factors with the modulus? If so, why?
linear-algebra matrices cryptography
linear-algebra matrices cryptography
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
asked Nov 21 '18 at 21:44
Chase Ryan TaylorChase Ryan Taylor
4,38021530
4,38021530
1
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45
add a comment |
1
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45
1
1
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45
add a comment |
1 Answer
1
active
oldest
votes
The matrix $K^{-1}$ that you propose is only the inverse over the rational numbers, not in the ring $mathbb{Z}_{26}$ that you are working over (the characters are $0$ to $25$). The determinant is not coprime with $n$ so has no inverse in the ring. This means that you don't always get the right result with your "pseudoinverse"
To see where things go wrong concretely in your example:
$an$ is encrypted to $na$ but applying your inverse you'd get $nn$ as the decrypt.
In fact anyone receiving $na$ as a ciphertext cannot tell whether to decrypt it to $an$ or $nn$. Both plaintexts give that same ciphertext. Encryption is thus not 1-1 and hence cannot be invertible.
Other such cases (it goes wrong in half of the $26^2$ pairs):
$ao rightarrow oc rightarrow no$ (Last step is your pseudo inverse)
$es rightarrow as rightarrow rs$
$do rightarrow ui rightarrow qo$ etc. Write a program to generate all such pairs (I did).
You can see that the requirement is truly essential.
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
return StackExchange.using("mathjaxEditing", function () {
StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
});
});
}, "mathjax-editing");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "69"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f3008415%2fhill-cipher-why-can-the-cipher-key-matrix-s-determinant-not-share-common-factor%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
The matrix $K^{-1}$ that you propose is only the inverse over the rational numbers, not in the ring $mathbb{Z}_{26}$ that you are working over (the characters are $0$ to $25$). The determinant is not coprime with $n$ so has no inverse in the ring. This means that you don't always get the right result with your "pseudoinverse"
To see where things go wrong concretely in your example:
$an$ is encrypted to $na$ but applying your inverse you'd get $nn$ as the decrypt.
In fact anyone receiving $na$ as a ciphertext cannot tell whether to decrypt it to $an$ or $nn$. Both plaintexts give that same ciphertext. Encryption is thus not 1-1 and hence cannot be invertible.
Other such cases (it goes wrong in half of the $26^2$ pairs):
$ao rightarrow oc rightarrow no$ (Last step is your pseudo inverse)
$es rightarrow as rightarrow rs$
$do rightarrow ui rightarrow qo$ etc. Write a program to generate all such pairs (I did).
You can see that the requirement is truly essential.
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
add a comment |
The matrix $K^{-1}$ that you propose is only the inverse over the rational numbers, not in the ring $mathbb{Z}_{26}$ that you are working over (the characters are $0$ to $25$). The determinant is not coprime with $n$ so has no inverse in the ring. This means that you don't always get the right result with your "pseudoinverse"
To see where things go wrong concretely in your example:
$an$ is encrypted to $na$ but applying your inverse you'd get $nn$ as the decrypt.
In fact anyone receiving $na$ as a ciphertext cannot tell whether to decrypt it to $an$ or $nn$. Both plaintexts give that same ciphertext. Encryption is thus not 1-1 and hence cannot be invertible.
Other such cases (it goes wrong in half of the $26^2$ pairs):
$ao rightarrow oc rightarrow no$ (Last step is your pseudo inverse)
$es rightarrow as rightarrow rs$
$do rightarrow ui rightarrow qo$ etc. Write a program to generate all such pairs (I did).
You can see that the requirement is truly essential.
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
add a comment |
The matrix $K^{-1}$ that you propose is only the inverse over the rational numbers, not in the ring $mathbb{Z}_{26}$ that you are working over (the characters are $0$ to $25$). The determinant is not coprime with $n$ so has no inverse in the ring. This means that you don't always get the right result with your "pseudoinverse"
To see where things go wrong concretely in your example:
$an$ is encrypted to $na$ but applying your inverse you'd get $nn$ as the decrypt.
In fact anyone receiving $na$ as a ciphertext cannot tell whether to decrypt it to $an$ or $nn$. Both plaintexts give that same ciphertext. Encryption is thus not 1-1 and hence cannot be invertible.
Other such cases (it goes wrong in half of the $26^2$ pairs):
$ao rightarrow oc rightarrow no$ (Last step is your pseudo inverse)
$es rightarrow as rightarrow rs$
$do rightarrow ui rightarrow qo$ etc. Write a program to generate all such pairs (I did).
You can see that the requirement is truly essential.
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
The matrix $K^{-1}$ that you propose is only the inverse over the rational numbers, not in the ring $mathbb{Z}_{26}$ that you are working over (the characters are $0$ to $25$). The determinant is not coprime with $n$ so has no inverse in the ring. This means that you don't always get the right result with your "pseudoinverse"
To see where things go wrong concretely in your example:
$an$ is encrypted to $na$ but applying your inverse you'd get $nn$ as the decrypt.
In fact anyone receiving $na$ as a ciphertext cannot tell whether to decrypt it to $an$ or $nn$. Both plaintexts give that same ciphertext. Encryption is thus not 1-1 and hence cannot be invertible.
Other such cases (it goes wrong in half of the $26^2$ pairs):
$ao rightarrow oc rightarrow no$ (Last step is your pseudo inverse)
$es rightarrow as rightarrow rs$
$do rightarrow ui rightarrow qo$ etc. Write a program to generate all such pairs (I did).
You can see that the requirement is truly essential.
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
edited Nov 23 '18 at 5:13
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
answered Nov 22 '18 at 22:32
Henno BrandsmaHenno Brandsma
105k347114
105k347114
add a comment |
add a comment |
Thanks for contributing an answer to Mathematics Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
Use MathJax to format equations. MathJax reference.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fmath.stackexchange.com%2fquestions%2f3008415%2fhill-cipher-why-can-the-cipher-key-matrix-s-determinant-not-share-common-factor%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
In your example, what is $-frac 12cdot ybmod{26}$ when $y$ is odd? Upon closer look, whatever you encode by multiplying with $K$, will have even second letter! This means that you reach only $26cdot 13$ code words instead of $26cdot 26$. Thus you cannot regain your originally possible $26cdot 26$ clear texts
– Hagen von Eitzen
Nov 21 '18 at 21:48
The key matrix is not invertible in the ring $mathbb{Z}_{26}$ that you choose to work in.
– Henno Brandsma
Nov 22 '18 at 4:45