Upcoming SlideShare
×

The Mathematical Perspective of Cryptological Functions

2,371 views

Published on

1 Like
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
• Be the first to comment

Views
Total views
2,371
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
99
0
Likes
1
Embeds 0
No embeds

No notes for slide

The Mathematical Perspective of Cryptological Functions

2. 2. gcd(a, 0)=a</li></ul>Proof: (Lemma 1)<br />Since we are trying to prove that the gcds are equal to each other, it will be straightforward if the proof is presented in two steps. Step 1 is gcd(a,b)≤ gcd(b,r). Step 2 is gcd(b,r)≥ gcd(a,b). Since we are proving that each gcd is less than or equal to and greater than or equal to the other, then the two greatest common divisors have to be equal.<br /><ul><li>Prove gcd(a,b)≤ gcd(b,r).
3. 3. In order to show that the gcd of a and b is less than the gcd of b and r, we need to first show that any common divisor of a and b is also a common divisor of b and r.
4. 4. Let c be a common divisor of a and b. Then c|a and c|b, and so, by definition of divisibility, a=nc, and b=mc, for some integers n and m. Now substitute into the equation
5. 5. a=bq+r
6. 6. to obtain
7. 7. nc=(mc)q+r
8. 8. Then solve for r:
9. 9. r=nc-(mc)q
10. 10. r=(n-mq)c.
11. 11. But n-mq is an integer, and so, by definition of divisibility, c|r. Because we already know that c|b, we can conclude that c is a common divisor of b and r. Which is what was to be shown.
12. 12. Prove that gcd(a,b)≤ gcd(b,r).
13. 13. Since we already proved that a is a common divisor of a, b, and r, now we need to prove that gcd(a,b)≤ gcd(b,r).
14. 14. From part a, every common divisor of a and b is a common divisor of b and r. It follows that the greatest common divisor of a and b is a common divisor of b and r. But then gcd(a,b) (being one of the common divisors of b and r) is less than or equal to the greatest common divisor of b and r:
15. 15. gcd(a,b)≤gcd(b,r).
16. 16. Prove gcd(b,r)≤ gcd(a,b).
17. 17. First we need to show that there is a common divisor p of b and r.
18. 18. Let p be a common divisor of b and r. Then p|b and p|r. By definition of divisibility b=np and r=mp for some integers m and n.
19. 19. Now we want to show that p is a common divisor of a and b.
20. 20. a=bq+r
21. 21. a= (np)q+mp substituting b=np and r=mp
22. 22. a= pnq+mpby distributive property
23. 23. a= p(nq+m)by distributive property
24. 24. But nq+m is an integer because adding integers still produces an integer. Now we can see that p|a by definition of divisibly. Since we know that p is a divisor of b and r, and p is a divisor of a, then we know that p is a common divisor of a and b.
25. 25. Now we need to show that gcd(b,r)≤ gcd(a,b).
26. 26. From above in part a we showed that every common divisor of b and r is a common divisor of a and b. However, gcd(b,r)≤ gcd(a,b) because gcd(b.r) is one of the common divisors of a and b; the gcd(b,r), being one of the common divisors of a and b, is less than or equal to the greatest common divisor of a and b:
27. 27. gcd(b,r)≤gcd(a,b).</li></ul>Proof: (Lemma 2) <br />We want to show that a common divisor of a and 0 is a.<br />Suppose a is a positive integer. We know that a divides 0 because every positive integer divides 0. We also know that a divides a because everything divides itself. Therefore, we can conclude that a is a common divisor of a and 0. <br />Now we want to show that a is the greatest common divisor of a and 0.<br />We know that a must be the largest common divisor of a because no integer larger than a can divide a. This means that no integer larger than a can be a common divisor of a and 0. Threfore, this means that a is the greatest common divisor of a and 0, which is what we wanted to prove.<br />Now that we have shown the proof of the Euclidean algorithm, it is useful to understand how to use it. In order to find the greatest common divisor of two integers a and b, there are three steps that need to be completed:<br /><ul><li> Check to see if a>b≥0.
28. 28. If this is satisfied, then check to see if b=0.
29. 29. If b=0, use lemma 2 of the Euclidean algorithm to produce gcd(a,b)=b.If b>0 then the division algorithm states that a=bq+r and when a is divided by b a quotient q and a remainder r is left such that 0 ≤ r < b. Now we can use lemma 1 to find the gcd(b,r) instead of finding the gcd(a,b). This may seem like more work finding more greatest common divisors, but the pair of integers b and r are smaller than the pair of integers a and b because we know that 0 ≤ b < a, since our integers are greater than or equal to 0. We also know that 0 ≤ r < b because of the division algorithm and now we can say that 0 ≤ r < b < a. Therefore, we can see that (b,r)<(a,b).
30. 30. Since r≠0 yet, we need to keep repeating step 2 until r=0. This means that until the remainder is equal to 0, then the greatest common divisor of (a,b) has not been determined. Eventually the gcd(a,b) will be produced because through iterations of step 2, there will ultimately be two numbers that cannot be divided into each other any farther. This is because throughout the iterations, the previous integer b becomes the new integer a, and previous integer r becomes the new integer b. Hence r decreases each time and will eventually reach 0. When this happens, the last iteration of gcd(b,r) will be gcd(b,0) and the integer a, or the previous b, will be the gcd(a,b).</li></ul>Step 3 can also be rewritten as:Let a=A, b=B and r=B.while (b QUOTE 0) r = a mod b, then a=b and b=r.end whilegcd=a. (Epp 196)<br />Here is an example of the Euclidean algorithm where a=112, and b=34:Find the gcd (112, 34): *Remember that while (b QUOTE 0) r = a mod b, then a=b and b=r.Divide 112 by 34: a=112, b=34. So r=112 mod 34. q=3 and r =10. Previous b=34, now a=34. Previous r=10, now b=10:Divide 34 by 10: a=34, b=10. So r=34 mod 10. q=3 and r =4. Previous b=10, now a=10. Previous r=4, now b=4:Divide 10 by 4: a=10, b=4. So r=10 mod 4. q=2 and r =2. Previous b=4, now a=4. Previous r=2, now b=2:Divide 4 by 2: a=4, b=2. So r=4 mod 2. q=2 and r =0. Previous b=2, now a=2. Previous r=0, now b=0:Divide 2 by 0: b=0 so therefore the gcd is a. Therefore, the gcd (112,34)= 2. <br />The Euclidean algorithm is very useful when trying to find the gcd of two integers, especially large integers. This algorithm along with the division algorithm makes computing with large much easier because it allows us to find the factors of large numbers. As you can imagine, performing operations upon factors of large numbers is much easier than trying to compute straight from the large numbers themselves. <br />2.5.3 Modular Arithmetic <br />Definition: For any positive integer, the group of integers modulo n is the set {0,1,2,…n-1} together with the operation +n.<br />The application of modular arithmetic can be explained by envisioning a clock. What happens if it is 10 o’clock and someone tells you to meet him or her in 4 hours? You know your meeting is at 2 o’clock but, how did you figure that out? We know that 10 + 4 is 14 and there is no time 14 o’clock. This is where modular arithmetic is established. Since there are 24 hours in a day and the clock is based on a 12 hour clock system, then we can determine the real time by dividing by 12; the remainder distinguishes what time it really is. In this case the remainder when 14 is divided by 12 is 2, hence 2 o’clock, the remainder, is the meeting time. The numbers in this algorithm keep wrapping around the value of 12; this proves that the modulus is 12. This theorem can also be computed by using a table of modulus 12 (Lewand 19).<br />+120123456789101100123456789101111234567891011022345678910110133456789101101244567891011012355678910110123466789101101234577891011012345688910110123456799101101234567810101101234567891111012345678910<br />By using this table, we first find 10 o’clock in the top row; we will call the numbers in the top row known. Then we find 4 in the first column; we will call the numbers in the first column shift, because they are what we are ‘shifting’ the time by. We know that our modulus is n=12. The place at which these two numbers meet tells us what time it really is. The table shows the number 2 where these numbers meet. Hence, we can write the time using the modulus 12 by using time = known+shift (mod n). This means our equation is time=10 + 4 (mod 12) or time=14(mod 12). In this case, our equation proves that 4 hours from 10 o’clock is 2 o’clock. <br />Definition: Let n be some fixed positive integer. Then two integers x and y are said to be congruent modulo n if (x-y) is divisible by n. This is also denoted as x QUOTE y (mod n) (Lewand). <br /> This means that if the difference between x and y is divisible by n, then it is evident that x and y are congruent modulo n and we can say that x QUOTE y (mod n).<br />Example: 17 QUOTE 5 (mod 3) is true because 17-5=12, which is divisible by 3. Also, 7 QUOTE 3 (mod 2) is true because 7-3=4 which is divisible by 2.<br />When two integers, x and y, are congruent to a modulo n, there are specific properties that hold which define the modular arithmetic theorem. <br />Modular Arithmetic Theorem:Let n be a fixed positive integer >1 and let w, x, y, and z be any integers. Then:<br />(Properties)<br /><ul><li>x QUOTE x (mod n)
31. 31. x = y + kn for some integer k
32. 32. if x QUOTE y (mod n) then, y QUOTE x (mod n)
33. 33. if x QUOTE y (mod n) and y QUOTE z (mod n), then x QUOTE z (mod n)
34. 34. if x QUOTE y (mod n), then xz QUOTE yz (mod n)
35. 35. if x QUOTE y (mod n), then xk QUOTE yk (mod n)
36. 36. if x QUOTE y (mod n) and w QUOTE z (mod n), then x + w QUOTE y + z (mod n) </li></ul>Since we know that y, w, and z are any integers, and that n > 1, then by the associative and commutative properties and the subtraction rule, where associative means that the order the operations are performed does not affect the answer and commutative means the order the terms are carried out does not affect the end result, we can also deduce other properties of modular arithmetic:<br /><ul><li>(x+w) QUOTE (y+z) (mod n)
37. 37. (x-w) QUOTE (y-z) (mod n)
38. 38. xw QUOTE yz (mod n)
39. 39. xm QUOTE ym (mod n) for all integers m
40. 40. gcd(x,n)=w and gcd(y,n)=z
41. 41. Now that we can see the properties of modular arithmetic state that it is commutative and associative for addition and multiplication and that it also works for subtraction, let’s take a look at some examples to better understand how it is performed under such operations.
42. 42. Addition: 8(mod 3)+4(mod 3) = 12(mod 3)=0(mod 3)
43. 43. because 12 is divisible by 3 with a remainder of 0
44. 44. Subtraction: 8(mod 3)- 4(mod 3) = 4(mod 3)=1(mod 3)
45. 45. because 4 is divisible by 3 with a remainder of 1.
46. 46. Multiplication: 12(mod 3)*4(mod 3) = 48(mod 3)=0(mod 3)
48. 48. If p | b then QUOTE = 0. If p does not | b then QUOTE = QUOTE .
49. 49. If b1=b2 (mod p) then QUOTE = QUOTE .
51. 51. Now Sue chooses the shift that she wants to use on her message. This shift is the key to her message, known to her and the receiver of the message.
52. 52. Sue adds the shift to each term of her encrypted message to obtain her plaintext. If any numbers in the plaintext are 26 or greater, she performs mod 26.
53. 53. Sue needs to encipher the ciphertext back to letters so that she can send it over an insecure channel to Rob, the receiver of the message.
54. 54. When Rob receives the message, he converts the ciphertext back to numbers and then subtracts the key from each element of the ciphertext to obtain the original message. If any letters are < 0, he adds 26 to get back within the alphabet. Rob can also determine the original message by performing the additive inverse (mod 26) on each term of the ciphertext message. He can perform this by using the equation Message=(Ciphertext+(26-shift)) (mod26).
55. 55. Once he converts these back to letters, he will have his original message.
56. 56. Example of Shift Cipher:
57. 57. Sue chooses her message and encrypts it:
58. 58. Plaintext: WELLS. Enciphered: 22 4 11 11 18
59. 59. She chooses shift to be n=11. In order to shift her message she adds the shift to her message to get: 33 15 22 22 29
60. 60. Sine 33 and 29 are greater than 26, then 33 mod 26 = 7 and 29 mod 26 = 3. Now the ciphertext is: 7 15 22 22 3 which Sue enciphers back to letters to get HPWWD. This is what she sends to Rob over an insecure channel.
61. 61. Rob first converts his message back into numeric form to get 7 15 22 22 3. Since Rob already knows the shift then he subtracts 11 from each number of the ciphertext to get -4 4 11 11 -8. Now he adds 26 to the negative numbers to get back within the alphabet. The new ciphertext is 22 4 11 11 18. Once he converts the ciphertext back to letters he gets WELLS. This is the original message from Sue! (Stinson 5)
62. 62. What if Rob tries to decipher the message using the additive inverse method? Then for each term of the ciphertext message he would use Message=(Ciphertext+(26-shift)) (mod26) and plug in his values for his ciphertext and his shift. So he would get:
63. 63. message=(7+(26-11)) (mod26)=22 (mod 26)=22message=(15+(26-11)) (mod26)=30 (mod 26)=4message=(22+(26-11)) (mod26)=37 (mod 26)=11message=(22+(26-11)) (mod26)=37 (mod 26)=11message=(3+(26-11)) (mod26)=18 (mod 26)=18
64. 64. The new ciphertext is 22 4 11 11 18 which converts to WELLS. As it should, this method provides Rob the same ciphertext and thus same original message.</li></ul>We can also find the ciphertext of a Shift Cipher using Table 1 in the Appendix. This is done by finding where the term of the top row and the side row of the table meet. Each number of each term of the message is on the top row while the shift of the message is the first column of the table. Where these two numbers meet show the letter of the ciphertext. For example if a letter in our message is G, this means its number is 6. Let’s say our shift is 4. If we go to Table 1, column 6 and row 4 produces the ciphertext number 10. This would be letter K. We can confirm that this is true by using the equation ciphertext=(message+shift)(mod26). We get ciphertext = (6+4)(mod 26) = 10 (mod 26)= 10. This proves that the table produces the right output for the ciphertext. <br />To decipher, use the row of the specific shift and find the desired number of the ciphertext message in that row. The column that this number is in is the message number. Since we know what the ciphertext is and the shift is we can find the row 4 in the table and find ciphertext 20 in that row. The column this is in is the message. This shows that column 6 is then equal to the message, so message=G, which is correct. This is a straightforward example of how modular arithmetic is employed into a simple cipher.<br />As we can see this cipher is not secure because there are only 0 to 25 possible keys (shifts) and with little mathematical computation this cipher is easily enciphered and deciphered.<br />3.1.2 Hill Cipher<br />A more interesting Private Key Cipher is the Hill Cipher. This cipher, which was first invented by Lester S. Hill in 1929, is a type of Substitution Cipher that uses matrices and linear transformations to perform the encryption and decryption of messages. There are (26n)2 possible different keys for this cipher where n is the size of an nxn matrix. <br />“The idea [of this cipher] is to take m linear combinations of the m alphabetic characters in one plaintext element, and produce m alphabetic characters in one ciphertext element” (Stinson 14). Let m=2, then the message is M=(m1,m2), and the ciphertext is C=(c1,c2) (Denning 88). The key in this matrix is a randomly chosen nxn matrix, which is invertible, and whose determinant (mod 26) is equal to 1. Written in a vector form of n dimensions, the message is n letters long. <br />3.1.2.1 Hill Cipher Encryption and Decryption Process<br /><ul><li>The sender of the message chooses random numbers for the key matrix in the form of a nxn matrix. Usually this cipher is performed using a 2x2 matrix like: QUOTE . The only catch is that the sender needs to choose the matrix such that it is invertible. This means that the matrix can be multiplied by another matrix to produce the identity matrix QUOTE . The sender also needs to make sure that the determinant of the matrix (ad-bc) has to produce a remainder of 1 after being divided by 26. This key matrix is shared between both sender and receiver of the message.
65. 65. The next step that the sender of the message has to complete is to covert their message into numeric form by A=0 to Z=25.
66. 66. The terms of the message are then split into linear combinations of QUOTE where it is then separated into vectors QUOTE If the message has an odd number of terms, then the last term QUOTE is substituted as a dummy variable. The ( ) brackets represent the message form.
67. 67. Now that we know how the message is represented in vector form, we need to find the actual encryption of the message so it can be sent over an insecure channel. We will let QUOTE signify each term of the encrypted message where, just like the message, it is then separated into vectors QUOTE . The [ ] brackets represent the ciphertext form.
68. 68. In order to encrypt the message, each message vector needs to be multiplied by the key matrix and then multiplied by modulo 25. This looks like:
69. 69. QUOTE to QUOTE .
70. 70. Since QUOTE , then QUOTE is the encrypted message that, when converted back to letters, can be sent to the receiver of the message over an insecure channel.
71. 71. Since the equation for the encryption of a message is QUOTE , then we can find the decryption of a message by obtaining the inverse of the encryption. This means that we need to multiply both sides of the equation by the inverse of the key matrix: QUOTE . Now our decryption equation is QUOTE But we know that QUOTE , so we can substitute this into the equation as well and get QUOTE . This is also equivalent to QUOTE .
72. 72. Now we need to find QUOTE (mod 26). In order to do this, we let QUOTE =x-1; now we need to find the inverse of x (mod 26).
73. 73. Now our equation to decrypt the message is QUOTE .
74. 74. This equation is used for each pair of message vectors. Once all of the terms of the message, QUOTE are produced, these can be turned back into letter form and the original message will be produced.
75. 75. Example of Hill Cipher:
76. 76. Key Generation:
77. 77. The sender of the message chooses random numbers to form the 2x2 key matrix. Sue chooses QUOTE to be her key matrix for this cipher. She needs to check that it is invertible, which means she needs to find a matrix such that when it is multiplied by her matrix, it produces the identity matrix.
78. 78. The matrix QUOTE produces this because QUOTE x QUOTE = QUOTE .
79. 79. She also needs the determinant of her matrix to have a remainder of 1, after being divided by 26. The determinant of QUOTE The determinant is -27, but because there are no negative numbers that correspond to the conversion of letters in the alphabet the negative is disregarded. So 27 mod 26 =1. Therefore, this matrix is invertible and has a determinate such that when divided by 26 the remainder is 1. So this matrix can be used as a key matrix for this cipher.
80. 80. Enciphering the Message:
81. 81. Sue chooses the message that she wants to send to Rob and enciphers it into numeric form. If she wants to send the plaintext ‘Dogs’ to Rob, then this message converts to 3 14 6 18 in numeric form. Now she needs to write the message as linear combinations of QUOTE and QUOTE where they can be correspond to vectors QUOTE This message is equivalent to QUOTE QUOTE Since the message has enough terms to split up evenly into two vectors, no space holder variables are needed.
82. 82. Now that we know the message vectors we can find the encryption of these vectors by the encryption equation QUOTE . So, we get:
83. 83. QUOTE = QUOTE and QUOTE = QUOTE .
84. 84. Since QUOTE , then QUOTE =1532222 is changed back to letters to get PDWW and is the encrypted message that Sue sends over an insecure channel.
85. 85. Deciphering the Message:
86. 86. Since the sender and receiver both share the key in Private Key Cipher, then Rob already knows the matrix that Sue has chosen for this message. The first step Rob needs to do is to complete the inverse of the key matrix by performing matrix row operations.
87. 87. Again, we can disregard the negative in the determinant because there are no negatives in the conversion back to the alphabet.</li></ul>The decryption equation is QUOTE , so Rob needs find QUOTE (mod 26)= QUOTE (mod 26)=27-1(mod 26). He needs some number y, such that when multiplied by 27 (mod 26) produces 1. This can also be characterized as 27y (mod 26)=1. We can see that y is obviously 1.<br />Since the decryption equation, after finding QUOTE (mod 26) is QUOTE , then Rob can compute the decryption of the messages.<br />1 QUOTE QUOTE = QUOTE , and QUOTE = QUOTE .<br /> Once again disregarding the negatives, Rob produces:<br /> QUOTE = QUOTE and QUOTE <br />Once all of the terms of the message, QUOTE are produced, these can be turned back in to letter form. So 3 14 6 18 yields DOGS when converted back to letters, which is the original message! <br />Since the Hill Cipher is a linear cipher, if someone were to figure out the key matrix from the invertible matrix then they would be able to decipher the message. Because this cipher is a completely linear computation, this means that it is not that secure. <br />3.1.3 Vigenere Cipher<br />The Vigenere Cipher was invented by Blaise de Vigenere in 1585. This cipher uses both a Shift Cipher and a Substitution Cipher simultaneously. The key for this cipher is some keyword, of length m, that the sender chooses it to be.<br />3.1.3.1 Vigenere Cipher Encryption and Decryption Process<br /><ul><li>The first step in encryption process is to generate the keyword. This is completed when the sender of the message enciphers the keyword into numeric form; when each letter is converted from A=0 to Z=25. This keyword is shared between both sender and receiver of the message
88. 88. The next step of the encryption process is for the sender of the message to covert their message into numeric form by A=0 to Z=25.
89. 89. Now the sender of the message has to arrange the keyword and the message so that they are lined up with the first letter of the each word together, the second letter of each word together, and so on. If there is not enough letters in the keyword, then the keyword is repeated until the number of letters in both the message and keyword are the same.
90. 90. Since the message and keyword are aligned correctly, with no empty spaces, the sender of the message adds the message and keyword together to get the ciphertext.
91. 91. If any of these numbers in the ciphertext are greater than 25, then in order for these letters to get back within the alphabet of A=0 to Z=25 these numbers are divided by 26 and the remainder becomes the new ciphertext. An equation to perform on each term in the message would be ciphertext=(keyword +message)(mod 26).
92. 92. The sender converts the new ciphertext back to letter form. This is the message that is sent over an insecure channel to the receiver.
93. 93. Now that the receiver of the message has the new ciphertext and the keyword, they can begin to decipher the message. They do this process just opposite of the encryption process.
94. 94. The first step that the receiver of the message has to perform is to decode the message back into numeric form.
95. 95. By taking the ciphertext they received and aligning the keyword directly under it (repeating the keyword to be the same length of the ciphertext), the receiver subtracts the keyword from the ciphertext to produce the original message.
96. 96. If any negative numbers are produced during the subtraction of the keyword from the ciphertext, then these numbers need to be converted so that they correspond to the alphabet. Therefore, we need to acquire numbers between 0 and 25. In order to make the negative numbers positive, we can add another alphabet to the number. This means that the value 26 has to be added to the number to bring it back into the alphabetic range of numbers. For example if a number is -14, then -14+26=12 and 12 is the new number in the message. An equation to use for each term of the ciphertext to get back to the original message would be message = [(ciphertext-keyword) + 26](mod 26).
97. 97. Next, convert each number back to its letter form to obtain the original message. This should match the original message that the sender wanted to send.
98. 98. Example of Vigenere Cipher:
99. 99. Key Generation:
100. 100. Sue, the sender of the message, chooses the keyword and enciphers it:
101. 101. Keyword: CIPHEREnciphered: 2 8 15 7 4 17This shows that the key for this cipher is the keyword of length m, where m is 6.
102. 102. Sue does the same process for the plaintext that she chooses to send to Rob:
103. 103. Plaintext: SCHOOLEnciphered: 18 2 7 14 14 11
104. 104. Now the keyword and the message have to be added together to get the ciphertext. So, Sue arranges the keyword underneath the plaintext numbers and adds them together to get the ciphertext.
105. 105. Keyword: 2 8 15 7 4 17
106. 106. Plaintext:18 2 7 14 14 11
107. 107. Ciphertext: 20 10 22 21 18 28
108. 108. Since the last character in the ciphertext is greater than 25, Sue has to perform modulo 26 upon it to determine its new letter in the ciphertext. So, 28 mod 26 = 2. Now the new ciphertext is: 20 10 22 21 18 2. Sue enciphers this back to letters to get UKWVSC. Since this ciphertext is in encrypted form, no one other than the sender and receiver can read the message. Therefore the ciphertext message UKWVSC is what Sue sends to Rob over an unsafe channel.
109. 109. Now that Rob has received the ciphertext message UKWVSC, he can start decrypting the message by first decoding the message back into numeric form. From this he produces ciphertext is: 20 10 22 21 18 2. Since the keyword is shared between the sender and the receiver of the message, then Rob already knows the keyword to the message; he already knows that the keyword is: 2 8 15 7 4 17.
110. 110. In order for Rob to find the original message, he has to subtract the keyword from the ciphertext numbers. So Rob arranges the keyword underneath the ciphertext number and subtracts they keyword from the ciphertext to get the plaintext.</li></ul>Ciphertext: 20 10 22 21 18 28Keyword: 2 8 15 7 4 17Plaintext: 18 2 7 14 14 -15<br /><ul><li>Since -14 is not in the alphabet (remember A=0…Z=25) then Rob needs to add 26 to make this number convertible to a number in the alphabet. So -15+26=11. Now the new plaintext is: 18 2 7 14 14 11. Once Rob converts these numbers back to letters he gets SCHOOL, which is the original message that the Sue wanted to send to Rob!