PUBLIC KEY

CRYPTOSYSTEM
DR. NOR FADZILAH ABDULLAH
JKEES, FKAB

Contents adopted from William Stallings “Cryptography & Network Security” 6th
Edition (Chapter 9 & 10) & other online sources
 COURSE STRUCTURE

No. Topic
1 Security principles and practices
2 Classic Ciphers
3 Symmetric Ciphers
4 Asymmetric Ciphers / Public key crytosystems
5 Authentication / Integrity
6 Security across different communication layers
7 Exam

2
 CRYPTOGRAPHIC SYSTEMS
• Characterized along 3 independent dimensions:

Type of operations used for The way in which the

transforming plaintext to Number of keys used plaintext is processed
ciphertext

Substitution Symmetric Block cipher

(replace) (single-key/ secret-key/ (split into blocks &
conventional encryption) processed separately)

Transposition Asymmetric Stream cipher

(rearrange) (2 keys/ public-key (processed continuously)
encryption)
 PUBLIC-KEY CRYPTOSYSTEMS

• A public-key encryption scheme has 6 ingredients:

Plaintext Encryption Public key Private key Ciphertext Decryption

algorithm algorithm

The Accepts the

readable Performs The ciphertext
message or various Used for Used for scrambled and the
encryption encryption matching
data that is transformati or or message key and
fed into the ons on the decryption decryption produced produces the
algorithm as plaintext as output original
input plaintext
5
6
 MISCONCEPTIONS CONCERNING
PUBLIC-KEY ENCRYPTION
• Public-key encryption is more secure from cryptanalysis than symmetric encryption
• Correction: security of any encryption scheme depends on the length of the key and
the computational work involved in breaking a cipher

• Public-key encryption is a general-purpose technique that has made symmetric

encryption obsolete
• Correction: due to the computational overhead of current public-key encryption
schemes, there seems no foreseeable likelihood that symmetric encryption will be
abandoned

• Key distribution is trivial when using public-key encryption, compared to the

cumbersome handshaking involved with key distribution centers for symmetric
encryption
• Correction: some form of protocol is needed, generally involving a central agent, and
the procedures involved are not simpler nor any more efficient than those required for
symmetric encryption
 TERMINOLOGY RELATED TO ASYMMETRIC
ENCRYPTION

Source: Glossary of Key Information Security Terms, NIST IR 7298 [KISS06]

 APPLICATIONS FOR
PUBLIC-KEY CRYPTOSYSTEMS
• public-key systems are characterized by the use of a cryptographic
type of algorithm with two keys, one held private and one available
publicly
• depending on the application, the sender uses either the sender’s
private key, the receiver’s public key, or both to perform some type of
cryptographic function
The sender encrypts a
Encryption/decryption message with the
recipient’s public key

The use of public-key The sender “signs” a

cryptosystems can be Digital signature message with its
classified into three private key
categories:

Key exchange Two sides cooperate to

exchange a session key
APPLICATIONS FOR PUBLIC-KEY
CRYPTOSYSTEMS
 PUBLIC-KEY
CRYPTOGRAPHY
a) Bob encrypts the message using
Alice’s public key (PU). When Alice
receives the message, she decrypts
it using her private key (PR), known
only to Alice.

b) Bob encrypts the message using his

private key (PR). When Alice
receives the message, she decrypts
it using Bob’s public key (PU).

At any time, a system can change its

private key and publish the companion
public key to replace its old public key.

(PU,PR) pair of keys that have been

selected so that if one is used for
encryption, the other is used for
decryption. The exact transformations
depends on algorithm.
PUBLIC-KEY CRYPTOSYSTEM: SECRECY
 PUBLIC-KEY CRYPTOSYSTEM:
AUTHENTICATION

• message encrypted using A’s private key, only A could prepare message i.e. the entire
encrypted message serves as a digital signature
• safe from alteration but not from eavesdropping (does not provide confidentiality
because any observer can decrypt the message by using the sender’s public key)
 PUBLIC-KEY CRYPTOSYSTEM:
AUTHENTICATION AND SECRECY

authentication confidentiality
 PUBLIC-KEY CRYPTANALYSIS
• Vulnerable to a brute-force attack
• Countermeasure: use large keys
• But, key size must be practical for encryption/decryption, else too slow for
general-purpose use
• Limited to: Public key management and signature applications
• Another form of attack is to find some way to compute the private key
given the public key
• not yet mathematically proven that this attack is infeasible for a particular
public-key algorithm
• Vulnerable to a probable-message attack
• adversary could encrypt all possible keys (e.g. 56-bit DES) using the public
key and discover the encrypted key by matching the transmitted ciphertext
• Countermeasure: append random bits to simple messages
 RIVEST-SHAMIR-ADLEMAN (RSA)
SCHEME
• Developed in 1977 at MIT by Ron Rivest, Adi Shamir & Len Adleman
• Most widely used general-purpose approach to public-key encryption
• plaintext and ciphertext are integers between 0 and n – 1 for some n
• A typical size for n is 1024 bits, or 309 decimal digits
• RSA is similar to using a symmetric algorithm in ECB mode
• Problem: the same input block gives the same output block
• Solution: some form of chaining is needed for data encryption.
• However, RSA is too slow for encrypting large volumes of data, thus is
widely used for key distribution
• In practice, most RSA-based systems use public-key cryptography for
distributing one-time session keys for use with some symmetric-key algorithm
such as AES or triple DES
 RSA ALGORITHM

• Plaintext block M of i-bits:

• Known to both sender & receiver: n
• 2 keys: PU={e,n} & PR={d,n}
• e (public) and d (private): multiplicative inverses
modulo φ(n), where φ(n) is the Euler totient function
related to prime numbers p & q
 RSA
ALGORITHM
 EXAMPLE 1: RSA ALGORITHM

1. Select two prime numbers, p = 17 and q = 11.

2. Calculate n = pq = 17 * 11 = 187.
3. Calculate φ (n) = (p - 1)(q - 1) = 16 * 10 = 160.
4. Select e such that e is relatively prime to φ(n) = 160 and less than φ(n); we
choose e = 7.
5. Determine d such that de ≡ 1 (mod φ (n)) ≡ 1 (mod 160) and d < 160. Thus, d = 23,
because 23 * 7 = 161 = (1 * 160) + 1;
 EXAMPLE 1: RSA ALGORITHM (CONT’D)
• Plaintext with 2 decimal digits
• Encryption:

• Decryption:

20
 RSA: EXAMPLE 2

p = 3 and q = 11  n=33, φ(n)=20

Public key (e,n)=(3,33)
Private key (d,n)=(7,33)  de ≡ 1 (mod φ (n)) ≡ 3x7=21 mod 20=1
RSA: MULTIPLE BLOCKS PROCESSING
 THE SECURITY OF RSA
Brute force
• Involves
Chosen ciphertext trying all Mathematical attacks
attacks possible • There are several
• This type of attack private keys approaches, all
exploits properties equivalent in effort to
of the RSA factoring the product of
algorithm two primes

Five
possible
approaches
to attacking
Hardware fault-based RSA are:
attack
Timing attacks
• This involves inducing
hardware faults in the • These depend on the
processor that is running time of the
generating digital decryption algorithm
signatures
 ASSIGNMENT: RSA
(10 MARKS)

• Individually, perform the RSA

encryption and decryption of
your name as the plaintext (M)
when:
• p=3, q=11, e=7
• p = 5, q = 11, e = 3
• p = 7, q = 11, e = 17
• p = 11, q = 13, e = 11

25
 OTHER PUBLIC KEY ALGORITHMS
• Knapsack (Merkle and Hellman, 1978)
• El Gamal (1985)
• Schnorr (1991)
• Elliptic curves (Menezes and Vanstone, 1993)
 KEY EXCHANGE PROTOCOLS

• Users could create random private/public Diffie-Hellman keys each time

they communicate
• Users could create a known private/public Diffie-Hellman key and
publish in a directory, then consulted and used to securely communicate
with them
• Vulnerable to Man-in-the-Middle-Attack
• Authentication of the keys is needed

27
 DIFFIE-HELLMAN KEY EXCHANGE

• First published public-key algorithm (1976)

• A number of commercial products employ this key exchange technique
• Purpose of the algorithm is to enable two users to exchange a secret
key securely that then can be used for subsequent encryption of
messages
 Not an encryption scheme

• Depends for its effectiveness on the difficulty of computing discrete

logarithms
 DIFFIE-HELLMAN: KEY CONCEPTS
1. Assume prime number, q
2. Select α such that α is a primitive root of q

3. Assume User A private key, XA < q

4. Calculate public key, 𝑌𝑌𝐴𝐴 = α𝑋𝑋𝐴𝐴 mod q
5. Assume User B private key, XB < q

6. Calculate public key, 𝑌𝑌𝐵𝐵 = α𝑋𝑋𝐵𝐵 mod q

What is primitive root?

• If {α mod q, α2 mod q, α3 mod q, …, αq-1 mod q} = {1,2,3, …, q-1} 29
 EXAMPLE: DIFFIE-HELLMAN
Primitive root: If {α mod q, α2 mod q, α3 mod q, …, αq-1 mod q} = {1,2,3, …, q-1}

• q=11  q-1=10
α𝒊𝒊 1 2 3 4 5 6 7 8 9 10
1 1 1 1 1 1 1 1 1 1 1
2 2 4 8 5 10 9 7 3 6 1
3 3 9 5 4 … … … … … …
• α=2 because 2i ={1,2,3,…,10}
• User A: Select XA=8 (PR)  𝑌𝑌𝐴𝐴 = 28 mod 11 = 3 (PU)
• User B: Select XB=4 (PR)  𝑌𝑌𝐵𝐵 = 24 mod 11 =5 (PU)
• 𝐾𝐾 = 𝑌𝑌𝐵𝐵 𝑋𝑋𝐴𝐴 mod q = 58 mod 11 = 390625 mod 11 = 4

• 𝐾𝐾 = 𝑌𝑌𝐴𝐴 𝑋𝑋𝐵𝐵 mod q = 34 mod 11 = 81 mod 11 = 4

DIFFIE-HELLMAN KEY EXCHANGE
MAN-IN-THE-MIDDLE ATTACK
Attack:
1. Darth prepares for the attack by generating
2 random private keys XD1 & XD2, then
computing the corresponding public keys YD1
and YD2.
2. Alice transmits YA to Bob.
3. Darth intercepts YA and transmits YD1 to
Bob. Darth also calculates K2 = (YA)^XD2 mod q.
4. Bob receives YD1 and calculates K1 = (YD1)^XB
mod q.
5. Bob transmits YB to Alice.
6. Darth intercepts YB and transmits YD2 to
Alice. Darth calculates K1 = (YB)^XD1 mod q.
7. Alice receives YD2 and calculates K2 =
(YD2)^XA mod q.
Future messages compromised:
1. Alice sends an encrypted message M: E(K2,
M).
2. Darth intercepts the encrypted message
and decrypts it to recover M.
3. Darth sends Bob E(K1, M) or E(K1, M′),
where M (eavesdrop) or M′ (modified
message).
 EL-GAMAL PUBLIC KEY SCHEME

Public-key scheme Used in the digital

Announced in 1984 based on discrete signature standard
by T. Elgamal logarithms closely (DSS) and the S/MIME
related to the Diffie- e-mail standard
Hellman technique

Global elements are Security is based on

a prime number q and the difficulty of
a which is a primitive computing discrete
root of q logarithms

33
 EL-GAMAL PUBLIC
KEY SCHEME

• Public key has 3 parameters.

• Encryption requires:
• C1 (related to random k)
• C2 (related to message M)
 EXAMPLE: EL-GAMAL PUBLIC KEY SCHEME
• Example: q=19, α=10
α𝒊𝒊 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
2 2 4 8 16 13 7 14 9 18 17 15 11 3 6 12 5 10 1
3 3 9 5 4 … … … … … … … … … … … … … …
… … … … … … … … … … … … … … … … … … …
10 10 5 12 6 3 11 15 17 18 9 14 7 13 16 8 4 2 1
… … … … … … … … … … … … … … … … … … …

35
 ELLIPTIC-CURVE CRYPTOLOGY (ECC)
• technique is based on the use of a mathematical construct
known as the elliptic curve
• principal attraction of ECC compared to RSA is that it
appears to offer equal security for a far smaller bit size,
thereby reducing processing overhead
• Addition operation in ECC is the counterpart of modular
multiplication in RSA

• the confidence level in ECC is not yet as high as RSA

 WHAT ARE ELLIPTIC CURVES?

https://www.youtube.com/watch?v=gAtBM06xwaw : basic ECC

37
https://www.youtube.com/watch?v=F3zzNa42-tQ : ECC + example
 E(-1,0)

E(1,1)

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

 ECC DIFFIE-
HELLMAN KEY
EXCHANGE

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

EXAMPLE: ECC DIFFIE-HELLMAN KEY EXCHANGE

40
EXAMPLE: ECC DIFFIE-HELLMAN KEY EXCHANGE

41
EXAMPLE: ECC DIFFIE-HELLMAN KEY EXCHANGE

42
EXAMPLE: ECC DIFFIE-HELLMAN KEY EXCHANGE

43
44
 COMPARABLE KEY SIZES IN TERMS OF COMPUTATIONAL
EFFORT
FOR CRYPTANALYSIS (NIST SP-800-57)

Note: L = size of public key, N = size of private key

© 2020 Pearson Education, Inc., Hoboken, NJ. All rights reserved.

46
 PROBLEMS WITH PUBLIC-KEY
ENCRYPTION
How do Alice & Bob obtain each other’s public key?
• Problem if key is put on Website: a way for Trudy to subvert public-key
encryption.
• Consequence: not feasible to put one’s Public Key on own Website
 EXAMPLE: ATTACK ON PUBLIC-KEY
ENCRYPTION

If Alice and Bob do not know each other and do not have each other’s public keys to
start the communication process, it is insecure to place the public key on a Web site:
• Alice types in Bob’s URL (her browser then looks up the DNS address of Bob’s
home page and sends it a GET request).
• Unfortunately, a 3rd party (Trudy) intercepts the request and replies with a fake
home page and replacing Bob’s public key with Trudy’s public key.
• When Alice now encrypts her first message with GET, Trudy decrypts it, reads it,
re-encrypts it with Bob’s public key, and sends it to Bob, who is none the wiser that
48
Trudy is reading his incoming messages. Worse yet, Trudy could modify the
messages before re-encrypting them for Bob.
 SOLUTION: USE OF CCM
(COUNTER WITH CBC-MAC)
Public keys can be exchanged securely if Bob and Alice has already share
a secret key, but Alice still needs Bob’s public key using nonce:
• Alice encrypts a nonce with the shared key and sends it to Bob
• Bob sends back a message encrypted with the shared key containing the
nonce, his own nonce, and the public key.
• Trudy cannot forge this message, and if she sends random junk, when
decrypted it will not contain Alice’s nonce.
• To complete the protocol, Alice sends back Bob’s nonce encrypted with
Bob’s public key.
49
 SOLUTION: CERTIFICATE AUTHORITY
(CA)
• Example: certificate and its signed hash  the Certificate can now be
put on one’s website
• Assumption: CA’s public key is well-known
• Advantage: no need for CA to be online!