NETWORK SECURITY - 2

Block Ciphers

In this scheme, the plain binary text is processed in blocks (groups) of bits
at a time; i.e. a block of plaintext bits is selected, a series of operations is
performed on this block to generate a block of ciphertext bits. The number
of bits in a block is fixed. For example, the schemes DES and AES have
block sizes of 64 and 128, respectively.
 Stream Ciphers
In this scheme, the plaintext is processed one bit at a time i.e. one bit of plaintext is taken, and a
series of operations is performed on it to generate one bit of ciphertext. Technically, stream ciphers
are block ciphers with a block size of one bit.
 Modern Symmetric Key Encryption

Digital data is represented in strings of binary digits (bits)

unlike alphabets. Modern cryptosystems need to process
this binary strings to convert in to another binary string.
Based on how these binary strings are processed, a
symmetric encryption schemes can be classified in to −
 Block Cipher

..
 Block Size

Though any size of block is acceptable, following aspects are borne in mind while selecting
a size of a block.
● Avoid very small block size − Say a block size is m bits. Then the possible plaintext bits
combinations are then 2m. If the attacker discovers the plain text blocks corresponding
to some previously sent ciphertext blocks, then the attacker can launch a type of
‘dictionary attack’ by building up a dictionary of plaintext/ciphertext pairs sent using that
encryption key. A larger block size makes attack harder as the dictionary needs to be
larger.
● Do not have very large block size − With very large block size, the cipher becomes
inefficient to operate. Such plaintexts will need to be padded before being encrypted.
● Multiples of 8 bit − A preferred block size is a multiple of 8 as it is easy for
implementation as most computer processor handle data in multiple of 8 bits.
Padding in Block Cipher

Block ciphers process blocks of fixed sizes (say 64 bits). The length of plaintexts
is mostly not a multiple of the block size. For example, a 150-bit plaintext provides
two blocks of 64 bits each with third block of balance 22 bits. The last block of bits
needs to be padded up with redundant information so that the length of the final
block equal to block size of the scheme. In our example, the remaining 22 bits
need to have additional 42 redundant bits added to provide a complete block. The
process of adding bits to the last block is referred to as padding.
Too much padding makes the system inefficient. Also, padding may render the
system insecure at times, if the padding is done with same bits always.
Block Cipher Schemes

There is a vast number of block ciphers schemes that are in use. Many of them are publically known. Most popular
and prominent block ciphers are listed below.
● Digital Encryption Standard (DES) − The popular block cipher of the 1990s. It is now considered as a ‘broken’
block cipher, due primarily to its small key size.
● Triple DES − It is a variant scheme based on repeated DES applications. It is still a respected block ciphers
but inefficient compared to the new faster block ciphers available.
● Advanced Encryption Standard (AES) − It is a relatively new block cipher based on the encryption algorithm
Rijndael that won the AES design competition.
● IDEA − It is a sufficiently strong block cipher with a block size of 64 and a key size of 128 bits. A number of
applications use IDEA encryption, including early versions of Pretty Good Privacy (PGP) protocol. The use of
IDEA scheme has a restricted adoption due to patent issues.
● Twofish − This scheme of block cipher uses block size of 128 bits and a key of variable length. It was one of
the AES finalists. It is based on the earlier block cipher Blowfish with a block size of 64 bits.
● Serpent − A block cipher with a block size of 128 bits and key lengths of 128, 192, or 256 bits, which was also
an AES competition finalist. It is a slower but has more secure design than other block cipher.
 Block Cipher modes of Operation

Encryption algorithms are divided into two categories based on input type, as block cipher and stream cipher. Block

cipher is an encryption algorithm which takes fixed size of input say b bits and produces a ciphertext of b bits again. If

input is larger than b bits it can be divided further. For different applications and uses, there are several modes of

operations for a block cipher.

Electronic Code Book (ECB) –

Electronic code book is the easiest block cipher mode of functioning. It is easier because of direct encryption of each

block of input plaintext and output is in form of blocks of encrypted ciphertext. Generally, if a message is larger than b

bits in size, it can be broken down into bunch of blocks and the procedure is repeated.

Procedure of ECB is illustrated below:

….
Advantages of using ECB –

● Parallel encryption of blocks of bits is possible, thus it is a faster way of encryption.

● Simple way of block cipher.

Disadvantages of using ECB –

● Prone to cryptanalysis since there is a direct relationship between plaintext and

ciphertext.
Cipher Block Chaining –

Cipher block chaining or CBC is an advancement made on ECB since ECB compromises some security requirements. In

CBC, previous cipher block is given as input to next encryption algorithm after XOR with original plaintext block. In a

nutshell here, a cipher block is produced by encrypting a XOR output of previous cipher block and present plaintext block.

The process is illustrated here:

Advantages of CBC –

● CBC works well for input greater than b bits.

● CBC is a good authentication mechanism.
● Better resistive nature towards cryptanalsis than ECB.

Disadvantages of CBC –

● Parallel encryption is not possible since every encryption requires previous cipher.
Cipher Feedback Mode (CFB) –

In this mode the cipher is given as feedback to the next block of encryption with some new

specifications: first an initial vector IV is used for first encryption and output bits are divided

as set of sandb-s bits the left hand side sbits are selected and are applied an XOR operation

with plaintext bits. The result given as input to a shift register and the process continues. The

encryption and decryption process for the same is shown below, both of them use encryption

algorithm.
...
Advantages of CFB –

● Since, there is some data loss due to use of shift register,

thus it is difficult for applying cryptanalysis
Output Feedback Mode –

The output feedback mode follows nearly same process as the Cipher Feedback mode except

that it sends the encrypted output as feedback instead of the actual cipher which is XOR output. In

this output feedback mode, all bits of the block are send instead of sending selected s bits. The

Output Feedback mode of block cipher holds great resistance towards bit transmission errors. It

also decreases dependency or relationship of cipher on plaintext.

….
…...
 Feistel Block Cipher

Feistel Cipher is not a specific scheme of block cipher. It is a

design model from which many different block ciphers are
derived. DES is just one example of a Feistel Cipher. A
cryptographic system based on Feistel cipher structure uses the
same algorithm for both encryption and decryption.
Encryption Process
..
 ● The input block to each round is divided into two halves that can be denoted as L and R for the left half
and the right half.
● In each round, the right half of the block, R, goes through unchanged. But the left half, L, goes through an
operation that depends on R and the encryption key. First, we apply an encrypting function ‘f’ that takes
two input − the key K and R. The function produces the output f(R,K). Then, we XOR the output of the
mathematical function with L.
● In real implementation of the Feistel Cipher, such as DES, instead of using the whole encryption key
during each round, a round-dependent key (a subkey) is derived from the encryption key. This means that
each round uses a different key, although all these subkeys are related to the original key.
● The permutation step at the end of each round swaps the modified L and unmodified R. Therefore, the L
for the next round would be R of the current round. And R for the next round be the output L of the current
round.
● Above substitution and permutation steps form a ‘round’. The number of rounds are specified by the
algorithm design.
● Once the last round is completed then the two sub blocks, ‘R’ and ‘L’ are concatenated in this order to form
the ciphertext block.
The difficult part of designing a Feistel Cipher is selection of round function ‘f’. In order to be unbreakable
scheme, this function needs to have several important properties that are beyond the scope of our discussion.
Decryption Process

The process of decryption in Feistel cipher is almost similar. Instead of starting

with a block of plaintext, the ciphertext block is fed into the start of the Feistel
structure and then the process thereafter is exactly the same as described in the
given illustration.
The process is said to be almost similar and not exactly same. In the case of
decryption, the only difference is that the subkeys used in encryption are used in
the reverse order.
The final swapping of ‘L’ and ‘R’ in last step of the Feistel Cipher is essential. If
these are not swapped then the resulting ciphertext could not be decrypted using
the same algorithm.
Number of Rounds

The number of rounds used in a Feistel Cipher depends on

desired security from the system. More number of rounds
provide more secure system. But at the same time, more
rounds mean the inefficient slow encryption and decryption
processes. Number of rounds in the systems thus depend
upon efficiency–security tradeoff.
What is RC4 Encryption?
RC4 means Rivest Cipher 4 invented by Ron Rivest in 1987 for RSA Security. It is

a Stream Ciphers. Stream Ciphers operate on a stream of data byte by byte. RC4

stream cipher is one of the most widely used stream ciphers because of its

simplicity and speed of operation. It is a variable key-size stream cipher with

byte-oriented operations. It uses either 64 bit or 128-bit key sizes. It is generally

used in applications such as Secure Socket Layer (SSL), Transport Layer Security

(TSL), and also used in IEEE 802.11 wireless LAN std.

Why Encryption Is Important?

Unauthorized data access can be prevented by encryption. If we perform

encryption then third parties can not have access to data which we share

or receive. The encryption is done by using a secret key, or we can say

that by using a public key and private key. Both sender and receiver are

having their public key and private key through which encryption of plain

text and decryption of ciphertext is performed.

History of RC4 Encryption
RC4 was designed by Ron Rivest in 1987. He was
working under RSA Security. Rivest Cipher 4 is an official
name while it is also known as Ron’s Code. Initially, RC4
was trade secret but once it’s code spread in the public
domain it was no more a trade secret. While Ron did not
reveal the RC4 algorithm until 2014 when he described
the history of RC4 in English Wikipedia.
Algorithm
The algorithm operates on a user-selected variable-length key(K) of 1 to 256 bytes (8

to 2048 bits), typically between 5 and 16 bytes. To generate a 256-byte state vector S,

the master key is used.

The first step is the array initialization. It is a character array of size 256 i.e. S[256].

After that, for every element of the array, we initialize S[i] to i.

After this, we will run the KSA algorithm- KSA is going to use the secret key to scramble this array.

KSA has been scrambled, S[256] array is used to generate the PRGA(Pseudo Random Generation
Algorithm). This is the actual Keystream.
RC4 Block Diagram

..
Working of RC4

Encryption Procedure

1. The user inputs a plain text file and a secret key.

2. The encryption engine then generates the keystream by using KSA and PRGA Algorithm.
3. This keystream is now XOR with the plain text, this XORing is done byte by byte to
produce the encrypted text.
4. The encrypted text is then sent to the intended receiver, the intended receiver will then
decrypted the text and after decryption, the receiver will get the original plain text.
Decryption Procedure

Decryption is achieved by doing the same byte-wise X-OR operation on the

Ciphertext.

Example: Let A be the plain text and B be the keystream (A xor B) xor B = A
….
A5/1
A5/1 is a stream cipher used to provide over-the-air
communication privacy in the GSM cellular telephone
standard. It is one of seven algorithms which were specified for
GSM use. It was initially kept secret, but became public
knowledge through leaks and reverse engineering. A number
of serious weaknesses in the cipher have been identified.
 MATHEMATICS OF ASYMMETRIC-KEY CRYPTOGRAPHY
● Prime Numbers : A prime number is a whole number greater than 1, which is only divisible by 1 and itself.
First few prime numbers are : 2 3 5 7 11 13 17 19 23 ….
.

● Co-prime Numbers : In number theory, two integers a and b are coprime, relatively prime or mutually
prime if the only positive integer that evenly divides (is a divisor of) both of them is 1. One says also a is prime
to b or a is coprime with b. Consequently, any prime number that divides one of a or b does not divide the
other. This is equivalent to their greatest common divisor (gcd) being 1.

Example : 6 and 35 are coprime, because the factors of 6, 2 and 3, do not divide 35 evenly. On the other
hand, 6 and 27 are not coprime, because 3 divides both 6 and 27. Another example is 4 and 5: 4 = 2*2*1; 5 =
5*1 (Prime). The only common factor is 1, so they are coprime.

● Composite Numbers : A composite number is a positive integer that can be formed by multiplying two
smaller positive integers. Equivalently, it is a positive integer that has at least one divisor other than 1 and
itself.

Example, the integer 14 is a composite number because it is the product of the two smaller integers 2 × 7.
Likewise, the integers 2 and 3 are not composite numbers because each of them can only be divided by one
and itself.
Importance of Prime Numbers in Cryptography

Primes are important because the security of many encryption

algorithms are based on the fact that it is very fast to multiply two
large prime numbers and get the result, while it is extremely
computer-intensive to do the reverse. When you have a number
which you know is the product of two primes, finding these two prime
numbers is very hard. This problem is called prime factorization and
finding an algorithm which does it fast is one of the unsolved
problems of computer science.
Modulo Operator

The modulo operation returns the remainder or signed remainder of a division, after
one number is divided by another (called the modulus of the operation).
Given two positive numbers a and n, a modulo n (abbreviated as a mod n) is the
remainder of the Euclidean division of a by n, where a is the dividend and n is the
divisor.
Congruence Modulo N

For Example :

26 and 11 yield a remainder of 1 when divided by 5.

Therefore, 26 ≡ 11 ( mod 5 )
Some more definitions

Modular Additive Inverse :

In modular arithmetic, the modular additive inverse of x is also defined: it is the number a such that a + x ≡ 0
(mod n). This additive inverse always exists. For example, the inverse of 3 modulo 11 is 8 because it is the
solution to 3 + x ≡ 0 (mod 11).

Modular Multiplicative Inverse

A modular multiplicative inverse of an integer a is an integer x such that the product ax is congruent to 1 with
respect to the modulus m. In the standard notation of modular arithmetic this congruence is written as

For example, the multiplicative inverse of 3 modulo 10 is 7 because it is the solution to 3 + x ≡ 0 (mod 10).
Primality Testing

A primality test is an algorithm for determining whether an input number is prime.

Divisibility Method
A simple solution is to iterate through all numbers from 2 to n-1 and for every number check if it
divides n. If we find any number that divides, we conclude that the number is not prime.

A slightly more efficient method :

Iterate through all numbers from 2 to √n and for every number check if it divides n. If we find
any number that divides, we conclude that the number is not prime.
Factorization Method : to divides a number n into two positive
integers a & b (not necessarily a prime) so that n=a x b.

Note : There are several methods, but this discussion is restricted to just one method.

Fermat’s Factorization method :

Chinese Remainder Theorem
Example
Find all integers x which leave a remainder of 1, 2, 3, and 4 when divided by 5, 7, 9, and 11 respectively.

We are asked to solve the system of congruences:

x ≡ 1 (mod 5)
x ≡ 2 (mod 7)
x ≡ 3 (mod 9)
x ≡ 4 (mod 11)

a1=1, a2=2, a3=3, a4=4 and m1=5, m2=7, m3=9, m4=11

Notice that the moduli (5,7,9 & 11) are pairwise relatively prime, as required by the theorem.
We have M = 5 x 7 x 9 x 11 = 3465 and
M1 = M/5 = 693 M2 = M/7 = 495
M3 = M/9 = 385, and M4 = M/11 = 315.

A small calculation gives y1 = 2, y2 = 3, y3 = 4, and y4 = 8. Hence x = (1 x 693 x 2) + ( 2 x 495 x 3) + ( 3 x

385 x 4 ) + ( 4 x 315 x 8 ) = 19056. So x = 19056 (mod M) = 1731(mod M). In fact, 1731 is the smallest
positive integer solution. The full solution is x ≡ 1731 (mod M).
Quadratic Congruence

While b ≡ a ( mod n ) refers to linear congruence, quadratic congruence is equation of form

a2x2 + a1x + a0 ≡ 0 ( mod n ). We limit the discussion in which a2 = 1 and a1 = 0. Therefore, we have :

x2 ≡ a ( mod n )

Quadratic Congruence Modulo a Prime

x2 ≡ a ( mod p ) where p is a prime

Solution for x has two cases : No solution or two incongruent solutions

1. Quadratic Residues : In equation, x2 ≡ a ( mod p ), ‘a’ is quadratic residue if the equation has
two solutions

2. Quadratic Non-Residues :In equation, x2 ≡ a ( mod p ), ‘a’ is quadratic residue if the equation
has no solution
Example :

→ 1,3,4,5,9 are the quadratic residues of (mod 11)

Solution of x2 ≡ 3 ( mod 11 ) is 5,6

→ 2,6,7,8,10 are the quadratic non-residues of (mod 11)

x2 ≡ 2 ( mod 11 ) has no solution

How to know if an integer ‘n’ is quadratic residue (mod p)?

→ If n(p-1)/2 ≡ 1 (mod p) , ‘n’ is quadratic residue mod p

→ If n(p-1)/2 ≡ -1 (mod p), ‘n’ is non-quadratic residue mod p

Example :

14(23-1)/2 ≡ 1 (mod 23), therefore 14 is a QR mod 23

16(23-1)/2 ≡ -1 (mod 23), therefore 14 is a non-QR mod 23

Solving quadratic equation modulo a prime

Every prime number can either be expressed as 4k+1 or 4k+3 for some integer k.

We restrict this discussion to primes that can be expressed at 4k+3

For prime p = 4k+3, x2 ≡ a (mod p) has the solution

x ≡ a(p+1)/4 ( mod p ) and x ≡ - a(p+1)/4 ( mod p )
Quadratic Congruence Modulo a Composite

Since a composite number ‘n’ can be expressed as product of prime numbers p1,p2, p3...pk

So we can solve each decomposed equation (if solvable) and find k pairs of answers.

x2 ≡ a1 ( mod p1 ) x1 ≡ 土b1 ( mod p1 )

x2 ≡ a ( mod n ) x2 ≡ a2 ( mod p2 ) x2 ≡ 土b2 ( mod p2 )
x2 ≡ a3 ( mod p3 ) x3 ≡ 土b3 ( mod p3 )
n = p1 x p2 x p3..pk . .
. .
.x2 ≡ ak ( mod pk ) .xk ≡ 土bk ( mod pk )

For k pairs of answers, we get 2k set of equations that are solved using the Chinese Remainder Theorem.
Example :

Assume that x2 ≡ 36 ( mod 77 ). Since 77 = 7 x 11

Therefore , x2 ≡ 36 ( mod 7) ≡ 1 ( mod 7) ….(1)

and x2 ≡ 36 ( mod 11) ≡ 3 ( mod 11) …(2)

Since 7 & 11 are of the form 4k+3, we can use the method discussed earlier

From eq(1) we get x ≡ 1 ( mod 7) and x ≡ -1 ( mod 7)

From eq(2) we get x ≡ 5 ( mod 11) and x ≡ -5 ( mod 11)

We get 4 set of equations :

Set 1 :- x ≡ 1 ( mod 7) and x ≡ 5 ( mod 11) → solution = -6

Set 2 :- x ≡ 1 ( mod 7) and x ≡ -5 ( mod 11) → solution = -27
Set 3 :- x ≡ -1 ( mod 7) and x ≡ 5 ( mod 11) → solution = 27
Set 4 :- x ≡ -1 ( mod 7) and x ≡ -5 ( mod 11) → solution = 6

Therefore, +6,-6,27,-27 are the solutions for the equation x2 ≡ 36 ( mod 77 )

Modular Exponentiation : (Power in Modular Arithmetic)
To Remember :

Given three numbers x, y and p, compute (xy) % p.

Often we want to calculate xy mod p for large values of y.

Unfortunately, xy becomes very large for even modest sized values for y.

For example:
2^90 = 1237940039285380274899124224

7^256 = 2213595400046048155450188615474945937162517050260073069916366390524704974007989996848003433
83794038078279445526231260759886736342594056001485602786638194645895120583737911647366324673350968
0721264246243189632348313601

These huge values cause our calculators and computers to return overflow errors.

Even if they didn't, it would take a long time to find the mod of these huge numbers directly.
What can we do to reduce the size of terms involved and make
our calculation faster?
Suppose we want to calculate 2^90 mod 13, but we have a calculator that can't hold any numbers
larger than 2^50.

● Here is a simple divide and conquer strategy: ● combine the parts using multiplication property

2^90 = 2^50 * 2^40 2^90 mod 13 = (2^50 * 2^40) mod 13

→ mod C each part 2^90 mod 13 = (2^50 mod 13 * 2^40 mod 13) mod 13

2^50 mod 13 = 1125899906842624 mod 13 = 4 2^90 mod 13 = ( 4 * 3 ) mod 13

2^40 mod 13 = 1099511627776 mod 13 = 3 2^90 mod 13 = 12 mod 13

2^90 mod 13 = 12
Fast modular exponentiation
How can we calculate A^B mod C quickly if B is a power of 2 ?

Using modular multiplication rules:

i.e. A^2 mod C = (A * A) mod C = ((A mod C) * (A mod C)) mod C

We can use this to calculate 7^256 mod 13 quickly

7^1 mod 13 = 7

7^2 mod 13 = (7^1 *7^1) mod 13 = (7^1 mod 13 * 7^1 mod 13) mod 13

We can substitute our previous result for 7^1 mod 13 into this equation.

7^2 mod 13 = (7 *7) mod 13 = 49 mod 13 = 10

7^2 mod 13 = 10

7^4 mod 13 = (7^2 *7^2) mod 13 = (7^2 mod 13 * 7^2 mod 13) mod 13

We can substitute our previous result for 7^2 mod 13 into this equation.

7^4 mod 13 = (10 * 10) mod 13 = 100 mod 13 = 9

7^4 mod 13 = 9

And so on...
How can we calculate A^B mod C quickly for any B ?

Step 1: Divide B into powers of 2 by writing it in binary

Start at the rightmost digit, let k=0 and for each digit:

● If the digit is 1, we need a part for 2^k, otherwise we do not

● Add 1 to k, and move left to the next digit
Step 2: Calculate mod C of the powers of two ≤ B
5^16 mod 19 = (5^8 * 5^8) mod 19

5^1 mod 19 = 5 = (5^8 mod 19 * 5^8 mod 19) mod 19

5^16 mod 19 = (4 * 4) mod 19 = 16 mod 19

5^2 mod 19 = (5^1 * 5^1) mod 19 = (5^1 mod 19 * 5^1 mod 19) mod 19 5^16 mod 19 = 16

5^2 mod 19 = (5 * 5) mod 19 = 25 mod 19

5^2 mod 19 = 6 5^32 mod 19 = (5^16 * 5^16) mod 19

= (5^16 mod 19 * 5^16 mod 19) mod 19

5^4 mod 19 = (5^2 * 5^2) mod 19 = (5^2 mod 19 * 5^2 mod 19) mod 19 5^32 mod 19 = (16 * 16) mod 19 = 256 mod 19

5^4 mod 19 = (6 * 6) mod 19 = 36 mod 19 5^32 mod 19 = 9

5^4 mod 19 = 17

5^64 mod 19 = (5^32 * 5^32) mod 19

5^8 mod 19 = (5^4 * 5^4) mod 19 = (5^4 mod 19 * 5^4 mod 19) mod 19 = (5^32 mod 19 * 5^32 mod 19) mod 19

5^8 mod 19 = (17 * 17) mod 19 = 289 mod 19 5^64 mod 19 = (9 * 9) mod 19 = 81 mod 19

5^8 mod 19 = 4 5^64 mod 19 = 5

Step 3: Use modular multiplication properties to combine the calculated mod C values

5^117 mod 19 = ( 51 * 54 * 516 * 532 * 564) mod 19

5^117 mod 19 = ( (51 mod 19) x (54 mod 19) x (516 mod 19) x (532 mod 19) x (564 mod 19) ) mod 19

5^117 mod 19 = ( 5 * 17 * 16 * 9 * 5 ) mod 19

5^117 mod 19 = 61200 mod 19 = 1

5^117 mod 19 = 1
Discrete Logarithm

The goal of exponentials is to calculate the product: x = 23

● The goal of logarithms is to calculate the exponent: x = log2 (8) (8 = 2x)

● In discrete logarithm, you need to find an integer k such that
● Example:

○ 2x (mod 7) = 4

○ x = 2 or 5 x = {1,..,6}

○ 4 (mod 7) = 4 and 32 mod 7 = 4

● There are two solutions. In the world of cryptography we are only interested in discrete logarithms where each
exponent has a distinct remainder.
● It seems that if the modulus (m) is a prime number there are certain base values (a) which generate distinct
remainders for different exponents (x = 1,…, m-1). A prime number is a number that is divisible only by itself and 1.
For example: 2, 3, 5, 7, 11,…
Lets calculate bx (mod 7) = remainder x = {1,…,6} modulus p = 7

The discrete logarithm for modulus 7 generates distinct remainders when using base value 3 or 5 and the
remainders are in the range {1,…,6}
● The base values 3 and 5 are called the primitive roots of 7 or generators, often indicated by symbol α. It is
called generator because applying the multiplication operation on one single element (αx), generates all
elements in the discrete group {1, … m -1}

● The word discrete in discrete logarithm refer to the aspect that we are working in a discrete group {1, … m -1}
and not any real numbers (meaning fractions 2.58)

● Calculating 311 mod 17 = x is very easy, but doing the opposite, calculating the discrete logarithm
11 = 3x mod 17 is very difficult. Especially if the modulus is at least 309 digits long.
REMEMBER: CALCULATING A DISCRETE LOGARITHM IS HARD. To solve 11 = 3x mod 17 a computer
needs to try each exponent x = 0, 1, 2, 3 … until the equation matches
● Example: α (generator) = 2 and p (modulus) = 11 discrete group {1, …, p -1}

● This is called a cyclic group of generator α. After a certain number of exponentiations and modulus
operations, we have loop.

● If the remainder has value 1, the cycle starts all over again in the same order