Public Key Cryptography

Symmetric cryptography was well suited for organizations such as governments, military, and
big financial corporations were involved in the classified communication.
With the spread of more unsecure computer networks in last few decades, a genuine need was
felt to use cryptography at larger scale. The symmetric key was found to be non-practical due to
challenges it faced for key management. This gave rise to the public key cryptosystems.
The process of encryption and decryption is depicted in the following illustration −

The most important properties of public key encryption scheme are −

 Different keys are used for encryption and decryption. This is a property which set this
scheme different than symmetric encryption scheme.
 Each receiver possesses a unique decryption key, generally referred to as his private key.
 Receiver needs to publish an encryption key, referred to as his public key.
 Some assurance of the authenticity of a public key is needed in this scheme to avoid
spoofing by adversary as the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public key belongs to a specific
person or entity only.
 Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext
from the ciphertext and the encryption (public) key.
  Though private and public keys are related mathematically, it is not be feasible to
calculate the private key from the public key. In fact, intelligent part of any public-key
cryptosystem is in designing a relationship between two keys.
There are three types of Public Key Encryption schemes. We discuss them in following sections
−

RSA Cryptosystem

This cryptosystem is one the initial system. It remains most employed cryptosystem even today.
The system was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and
hence, it is termed as RSA cryptosystem.
We will see two aspects of the RSA cryptosystem, firstly generation of key pair and secondly
encryption-decryption algorithms.
Generation of RSA Key Pair
Each person or a party who desires to participate in communication using encryption needs to
generate a pair of keys, namely public key and private key. The process followed in the
generation of keys is described below −
 Generate the RSA modulus (n)
o Select two large primes, p and q.
o Calculate n=p*q. For strong unbreakable encryption, let n be a large number,
typically a minimum of 512 bits.
 Find Derived Number (e)
o Number e must be greater than 1 and less than (p − 1)(q − 1).
o There must be no common factor for e and (p − 1)(q − 1) except for 1. In other
words two numbers e and (p – 1)(q – 1) are coprime.
 Form the public key
o The pair of numbers (n, e) form the RSA public key and is made public.
o Interestingly, though n is part of the public key, difficulty in factorizing a large
prime number ensures that attacker cannot find in finite time the two primes (p &
q) used to obtain n. This is strength of RSA.
 Generate the private key
o Private Key d is calculated from p, q, and e. For given n and e, there is unique
number d.
o Number d is the inverse of e modulo (p - 1)(q – 1). This means that d is the
number less than (p - 1)(q - 1) such that when multiplied by e, it is equal to 1
modulo (p - 1)(q - 1).
 o This relationship is written mathematically as follows −
ed = 1 mod (p − 1)(q − 1)
The Extended Euclidean Algorithm takes p, q, and e as input and gives d as output.
Example
An example of generating RSA Key pair is given below. (For ease of understanding, the primes
p & q taken here are small values. Practically, these values are very high).
 Let two primes be p = 7 and q = 13. Thus, modulus n = pq = 7 x 13 = 91.
 Select e = 5, which is a valid choice since there is no number that is common factor of 5
and (p − 1)(q − 1) = 6 × 12 = 72, except for 1.
 The pair of numbers (n, e) = (91, 5) forms the public key and can be made available to
anyone whom we wish to be able to send us encrypted messages.
 Input p = 7, q = 13, and e = 5 to the Extended Euclidean Algorithm. The output will be d
= 29.
 Check that the d calculated is correct by computing −
de = 29 × 5 = 145 = 1 mod 72
Hence, public key is (91, 5) and private keys is (91, 29).

Encryption and Decryption

Once the key pair has been generated, the process of encryption and decryption are relatively
straightforward and computationally easy.
Interestingly, RSA does not directly operate on strings of bits as in case of symmetric key
encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as
a series of numbers less than n.
RSA Encryption
 Suppose the sender wish to send some text message to someone whose public key is (n,
e).
 The sender then represents the plaintext as a series of numbers less than n.
 To encrypt the first plaintext P, which is a number modulo n. The encryption process is
simple mathematical step as −
C = Pe mod n
 In other words, the ciphertext C is equal to the plaintext P multiplied by itself e times and
then reduced modulo n. This means that C is also a number less than n.
 Returning to our Key Generation example with plaintext P = 10, we get ciphertext C −
C = 105 mod 91
RSA Decryption
 The decryption process for RSA is also very straightforward. Suppose that the receiver
of public-key pair (n, e) has received a ciphertext C.
 Receiver raises C to the power of his private key d. The result modulo n will be the
plaintext P.
Plaintext = Cd mod n
 Returning again to our numerical example, the ciphertext C = 82 would get decrypted to
number 10 using private key 29 −
Plaintext = 8229 mod 91 = 10