PUBLIC KEY CRYPTOGRAPHY

The development of public-key cryptography is the greatest and perhaps the

only true revolution in the entire history of cryptography. It is asymmetric,
involving the use of two separate keys, in contrast to symmetric encryption,
which uses only one key. Public key schemes are neither more nor less
secure than private key (security depends on the key size for both). Public-
key cryptography complements rather than replaces symmetric
cryptography. Both also have issues with key distribution, requiring the use
of some suitable protocol. The concept of public-key cryptography evolved
from an attempt to attack two of the most difficult problems associated with
symmetric encryption:
1.) key distribution – how to have secure communications in general
without having to trust a KDC with your key
2.) digital signatures – how to verify a message comes intact from the
claimed sender Public-key/two-key/asymmetric cryptography involves the
use of two keys:
-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures.

signatures cannot decrypt messages or create signatures

Public-Key algorithms rely on one key for encryption and a different but
related key for decryption. These algorithms have the following important
characteristics:
ecryption key knowing only
algorithm & encryption key

used for encryption, with the other used for decryption (for some algorithms
like RSA) The following figure illustrates public-key encryption process and
shows that a public- key encryption scheme has six ingredients: plaintext,
encryption algorithm, public & private keys, ciphertext & decryption
algorithm.

1
 The essential steps involved in a public-key encryption scheme are given
below:
1.) Each user generates a pair of keys to be used for encryption and
decryption.
2.) Each user places one of the two keys in a public register and the
other key is kept private.
3.) If B wants to send a confidential message to A, B encrypts the
message using A’s public key.
4.) When A receives the message, she decrypts it using her private
key. Nobody else can decrypt the message because that can only be
done using A’s private key (Deducing a private key should be
infeasible).
5.) If a user wishes to change his keys –generate another pair of keys
and publish the public one: no interaction with other users is needed.
Notations used in Public-key cryptography:
key of user A will be denoted P
key of user A will be denoted PRA.
cryption method will be a function E.

cryptotext
Y=E(KUA,X)
A will decrypt the message:
D(PRA,Y)=X

The first attack on Public-key Cryptography is the attack on Authenticity. An

attacker may impersonate user B: he sends a message E(PUA,X) and claims
in the message to be B –A has no guarantee this is so. To overcome this, B
will encrypt the message using his private key: Y=E(PRB,X). Receiver
decrypts using B’s public key PRB. This shows the authenticity of the sender
because (supposedly) he is the only one who knows the private key. The
entire encrypted message serves as a digital signature. This scheme is
depicted in the following figure:

2
 But, a drawback still exists. Anybody can decrypt the message using B’s
public key. So, secrecy or confidentiality is being compromised. One can
provide both authentication and confidentiality using the public-key scheme
twice:

B encrypts X with his private key: Y=E(KRB,X) B encrypts Y with A’s public
key: Z=E(KUA,Y) A will decrypt Z (and she is the only one capable of doing
it): Y=D(KRA,Z) A can now get the plaintext and ensure that it comes from B
(he is the only one who knows his private key): decrypt Y using B’s public
key: X=E(KUB,Y).
Applications for public-key cryptosystems:
1.) Encryption/decryption: sender encrypts the message with the
receiver’s public key.
2.) Digital signature: sender “signs” the message (or a representative part
of the message) using his private key
3.) Key exchange: two sides cooperate to exchange a secret key for later use
in a secret- key cryptosystem.
The main requirements of Public-key cryptography are:
1. Computationally easy for a party B to generate a pair (public key
PUb, private key PRb).
2. Easy for sender A to generate ciphertext:
3. Easy for the receiver B to decrypt ciphertect using private key:

3
 4. Computationally infeasible to determine private key (PRb) knowing
public key (PUb)
5. Computationally infeasible to recover message M, knowing PUb and
ciphertext C
6. Either of the two keys can be used for encryption, with the other used
for decryption: M= DPRb[EPUb(M)]=DPUb[EPRb(M)]
Easy is defined to mean a problem that can be solved in polynomial time as
a function of input length. A problem is infeasible if the effort to solve it
grows faster than polynomial time as a function of input size. Public-key
cryptosystems usually rely on difficult math functions rather than S-P
networks as classical cryptosystems. One-way function is one, easy to
calculate in one direction, infeasible to calculate in the other direction (i.e.,
the inverse is infeasible to compute). Trap-door function is a difficult
function that becomes easy if some extra information is known. Our aim to
find a trap-door one-way function, which is easy to calculate in one direction
and infeasible to calculate in the other direction unless certain additional
information is known.
KEY MANAGEMENT
One of the major roles of public-key encryption has been to address the
problem of key distribution. Two distinct aspects to use of public key
encryption are present.
The distribution of public keys.
Use of public-key encryption to distribute secret keys.

Distribution of Public Key

The public key can be distributed in four ways:
1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates.

1.2 Public Announcement of Public Keys

On the face of it, the point of public-key encryption is that the public key is public. Thus,
if there is some broadly accepted public-key algorithm, such as RSA, any participant can
send his or her public key to any other participant or broadcast the key to the community
at large

4
 Although this approach is convenient, it has a major weakness. Anyone can
forge such a public announcement. That is, some user could pretend to be
user A and send a public key to another participant or broadcast such a
public key.

1.3 Publicly Available Directory

A greater degree of security can be achieved by maintaining a publicly available dynamic

directory of public keys. Maintenance and distribution of the public directory would have
to be the responsibility of some trusted entity or organization (Fig.2). Such a scheme
would include the elements such as the authority maintains a directory with a {name,
public key} entry for each participant. Each participant registers a public key with the
directory authority. Registration would have to be in person or by some form of secure
authenticated communication. A participant may replace the existing key with a new one
at any time, either because of the desire to replace a public key that has already been used
for a large amount of data, or because the corresponding private key has been
compromised in some way. Participants could also access the directory electronically. For
this purpose, secure, authenticated communication from the authority to the participant
is mandatory.

1.4 Public-Key Authority

Stronger security for public-key distribution can be achieved by providing tighter control
over the distribution of public keys from the directory. A typical scenario is illustrated in
Fig. 3, which is based on a figure in [POPE79]. As before, the scenario assumes that a
central authority maintains a dynamic directory of public keys of all participants. In
addition, each participant reliably knows a public key for the authority, with only the
authority knowing the corresponding private key. The following steps

A sends a timestamped message to the public-key authority containing a request for the
current public key of B.
The authority responds with a message that is encrypted using the authority’s private
key, PRauth Thus, A is able to decrypt the message using the authority’s public key.

5
 Therefore, A is assured that the message originated with the authority. The message
includes the following:

B’s public key, PUb which A can use to encrypt messages destined for B.

The original request, to enable A to match this response with the corresponding
earlier request and to verify that the original request was not altered before reception by
the authority

The original timestamp, so A can determine that this is not an old message from the
authority containing a key other than B’s current public key

A stores B’s public key and also uses it to encrypt a message to B containing an identifier
of A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.

B retrieves A’s public key from the authority in the same manner as A retrieved B’s public
key.

At this point, public keys have been securely delivered to A and B, and they may begin
their protected exchange. However, two additional steps are desirable:
B sends a message to A encrypted with PUa and containing A’s nonce (N1) as well as a
new nonce generated by B (N2), Because only B could have decrypted

Message (3), the presence of N1 in message (6) assures A that the correspondent is B.

A returns N2, encrypted using B’s public key, to assure B that its correspondent is A.

1.5 Public-Key Certificates

key authority could be somewhat of a bottleneck in the system, for a user
must appeal to the authority for a public key for every other user that it
wishes to contact. As before, the directory of names and public keys
maintained by the authority is vulnerable to tampering.

6
 An alternative approach, use certificates that can be used by participants to exchange
keys without contacting a public-key authority, in a way that is as reliable as if the keys
were obtained directly from a public-key authority. In essence, a certificate consists of a
public key plus an identifier of the key owner, with the whole block signed by a trusted
third party.

Typically, the third party is a certificate authority, such as a government agency or a

financial institution that is trusted by the user community. A user can present his or her
public key to the authority in a secure manner, and obtain a certificate. The user can then
publish the certificate. Anyone needed this user’s public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature. A participant can also
convey its key information to another by transmitting its certificate. Other participants
can verify that the certificate was created by the authority. We can place the following
requirements on this scheme:

Any participant can read a certificate to determine the name and public key of the
certificate’s owner.

Any participant can verify that the certificate originated from the
certificate authority and is not counterfeit.

Only the certificate authority can create and update certificates.

Any participant can verify the currency of the certificate.

Application must be in person or by some form of secure authenticated communication.

For participant A, the authority provides a certificate of the form

CA = E(PRauth, [T||IDA||PUa])

Where PRauth is the private key used by the authority and T is a timestamp. A may
then pass this certificate on to any other participant, who reads and verifies the certificate
as follows:

D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa)

7
 Key Management Lifecycle
The key management lifecycle outlines the stages through which cryptographic keys
are generated, used, and eventually retired or destroyed. Proper management of these
keys is critical to ensuring the security of cryptographic systems. Here’s an overview of
each stage:
1. Key Generation:
 Creation: Keys are created using secure algorithms to ensure randomness and
strength.
 Initialization: Keys are initialized with specific parameters required for their
intended use (e.g., length, algorithm).
2. Key Distribution:
 Sharing: For symmetric keys, secure methods must be used to share the key
between parties.
 Publication: For asymmetric keys, the public key is shared openly, while the private
key remains confidential.
3. Key Storage:
 Protection: Keys must be stored securely, typically in hardware security modules
(HSMs) or encrypted key stores, to prevent unauthorized access.
 Access Control: Only authorized users or systems should be able to access keys.
4. Key Usage:
 Application: Keys are used for their intended cryptographic functions, such
as encrypting/decrypting data or signing/verifying messages.
 Monitoring: Usage is monitored to detect any unusual or unauthorized activities.
5. Key Rotation:
 Updating: Keys are periodically updated to reduce the risk of exposure or
compromise.
 Re-Keying: New keys are generated and distributed, replacing old ones while
ensuring continuity of service.
6. Key Revocation:
 Invalidation: Keys that are no longer secure or needed are invalidated.
 Revocation Notices: For public key, revocation certificates or notices are
distributed to inform others that the key should no longer be trusted.
7. Key Archival:
 Storage: Old keys are securely archived for future reference or compliance
purposes.
 Access Restrictions: Archived keys are kept in a secure location with restricted
access.
8. Key Destruction:
 Erasure: When keys are no longer needed, they are securely destroyed to prevent
any possibility of recovery.
 Verification: The destruction process is verified to ensure that no copies remain.

MESSAGE AUTHENTICATION
Message authentication is a procedure to verify that received messages
come from the alleged source and have not been altered. Message
authentication may also verify sequencing and timeliness. It is intended
against the attacks like content modification, sequence modification, timing
modification and repudiation. For repudiation, concept of digital signatures

8
 is used to counter it. There are three classes by which different types of
functions that may be used to produce an authenticator. They are:
Message encryption–the ciphertext serves as authenticator
Message authentication code (MAC)–a public function of the
message and a secret key producing a fixed-length value to serve as
authenticator. This does not provide a digital signature because A
and B share the same key.

MAC stands for Message Authentication Code. Here in MAC, sender and receiver share
same key where sender generates a fixed size output called Cryptographic checksum or
Message Authentication code and appends it to the original message. On receiver’s side,
receiver also generates the code and compares it with what he/she received thus
ensuring the originality of the message. These are components:
 Message
 Key
 MAC algorithm
 MAC value
There are different types of models Of Message Authentication Code (MAC) as following
below:

1. MAC without encryption –

This model can provide authentication but not confidentiality as anyone can see
the message.

2. Internal Error Code –

In this model of MAC, sender encrypts the content before sending it through
network for confidentiality. Thus this model provides confidentiality as well as
authentication.
M' = MAC(M, k)

9
 3. External Error Code –
For cases when there is an alteration in message, we decrypt it for waste, to
overcome that problem, we opt for external error code. Here we first apply MAC on
the encrypted message ‘c’ and compare it with received MAC value on the
receiver’s side and then decrypt ‘c’ if they both are same, else we simply discard
the content received. Thus it saves time.
c = E(M, k')
M' = MAC(c, k)

Problems in MAC –
If we do reverse engineering we can reach plain text or even the key. Here we have
mapped input to output, to overcome this we move on to hash functions which are “One
way”.

Hash function–a public function mapping an arbitrary length message into

a fixed- length hash value to serve as authenticator. This does not provide a
digital signature because there is no key. When we put data into this
function it outputs an irregular value. The Irregular value it outputs is
known as “Hash Value”. Hash Values are simply numbers but are often
written in Hexadecimal. Computers manage values as Binary. The hash
value is also data and is often managed in Binary.

10
 A hash function is basically performing some calculations in the computer. Data values
that are its output are of fixed length. Length always varies according to the hash
function. Value doesn’t vary even if there is a large or small value.

If given the same input, two hash functions will invariably produce the same output.
Even if input data entered differs by a single bit, huge change in their output values.
Even if input data entered differs huge, there is a very minimal chance that the hash
values produced will be identical. If they are equal it is known as “Hash Collision”.

11
 Converting Hash Codes to their original value is an impossible task to perform. This is
the main difference between Encryption as Hash Function.

Features of hash functions in system security:

One-way function: Hash functions are designed to be one-way functions, meaning that
it is easy to compute the hash value for a given input, but difficult to compute the input
for a given hash value. This property makes hash functions useful for verifying the
integrity of data, as any changes to the data will result in a different hash value.
Deterministic: Hash functions are deterministic, meaning that given the same input,
the output will always be the same. This makes hash functions useful for verifying the
authenticity of data, as any changes to the data will result in a different hash value.
Fixed-size output: Hash functions produce a fixed-size output, regardless of the size of
the input. This property makes hash functions useful for storing and transmitting data,
as the hash value can be stored or transmitted more efficiently than the original data.
Collision resistance: Hash functions should be designed to be collision resistant,
meaning that it is difficult to find two different inputs that produce the same hash value.
This property ensures that attackers cannot create a false message that has the same
hash value as a legitimate message.
Non-reversible: Hash functions are non-reversible, meaning that it is difficult or
impossible to reverse the process of generating a hash value to recover the original
input. This property makes hash functions useful for storing passwords or other
sensitive information, as the original input cannot be recovered from the hash value.

12
 Advantages:

Data integrity: Hash functions are useful for ensuring the integrity of data, as any
changes to the data will result in a different hash value. This property makes hash
functions a valuable tool for detecting data tampering or corruption.
Message authentication: Hash functions are useful for verifying the authenticity of
messages, as any changes to the message will result in a different hash value. This
property makes hash functions a valuable tool for verifying the source of a message and
detecting message tampering.
Password storage: Hash functions are useful for storing passwords in a secure manner.
Hashing the password ensures that the original password cannot be recovered from the
hash value, making it more difficult for attackers to access user accounts.
Fast computation: Hash functions are designed to be fast to compute, making them
useful for a variety of applications where efficiency is important.

Disadvantages:

Collision attacks: Hash functions are vulnerable to collision attacks, where an attacker
tries to find two different inputs that produce the same hash value. This can
compromise the security of hash-based protocols, such as digital signatures or message
authentication codes.
Rainbow table attacks: Hash functions are vulnerable to rainbow table attacks, where
an attacker precomputes a table of hash values and their corresponding inputs, making
it easier to crack password hashes.
Hash function weaknesses: Some hash functions have known weaknesses, such as the
MD5 hash function, which is vulnerable to collision attacks. It is important to choose a
hash function that is secure for the intended application.
Limited input size: Hash functions produce a fixed-size output, regardless of the size
of the input. This can lead to collisions if the input size is larger than the hash function
output size.

Message Authentication Requirements

Data is prone to various attacks. One of these attacks includes message authentication.
This threat arises when the user does not have any information about the originator of
the message. Message authentication can be achieved using cryptographic methods
which further make use of keys.

Authentication Requirements:

 Revelation: It means releasing the content of the message to someone who does not
have an appropriate cryptographic key.
 Analysis of Traffic: Determination of the pattern of traffic through the duration of
connection and frequency of connections between different parties.
 Deception: Adding out of context messages from a fraudulent source into a
communication network. This will lead to mistrust between the parties
communicating and may also cause loss of critical data.

13
  Modification in the Content: Changing the content of a message. This includes
inserting new information or deleting/changing the existing one.
 Modification in the sequence: Changing the order of messages between parties.
This includes insertion, deletion, and reordering of messages.
 Modification in the Timings: This includes replay and delay of messages sent
between different parties. This way session tracking is also disrupted.
 Source Refusal: When the source denies being the originator of a message.
 Destination refusal: When the receiver of the message denies the reception.

Message Authentication Functions:

All message authentication and digital signature mechanisms are based on two
functionality levels:
 Lower level: At this level, there is a need for a function that produces an
authenticator, which is the value that will further help in the authentication of a
message.
 Higher-level: The lower level function is used here in order to help receivers verify
the authenticity of messages.
These message authentication functions are divided into three classes:
 Message encryption: While sending data over the internet, there is always a risk of
a Man in the middle(MITM) attack. A possible solution for this is to use message
encryption. In message encryption, the data is first converted to a ciphertext and
then sent any further. Message encryption can be done in two ways:
 Symmetric Encryption: Say we have to send the message M from a source P to
destination Q. This message M can be encrypted using a secret key K that both P and
Q share. Without this key K, no other person can get the plain text from the
ciphertext. This maintains confidentiality. Further, Q can be sure that P has sent the
message. This is because other than Q, P is the only party who possesses the key K
and thus the ciphertext can be decrypted only by Q and no one else. This maintains
authenticity. At a very basic level, symmetric encryption looks like this:

14
  Public key Encryption: Public key encryption is not as advanced as symmetric
encryption as it provides confidentiality but not authentication. To provide both
authentication and confidentiality, the private key is used.
 Message authentication code (MAC): A message authentication code is a security
code that the user of a computer has to type in order to access any account or portal.
These codes are recognized by the system so that it can grant access to the right
user. These codes help in maintaining information integrity. It also confirms the
authenticity of the message.
 Hash function: A hash function is nothing but a mathematical function that can
convert a numeric value into another numeric value that is compressed. The input
to this hash function can be of any length but the output is always of fixed length.
The values that a hash function returns are called the message digest or hash values.

Measures to deal with these attacks:

Each of the above attacks has to be dealt with differently.

 Message Confidentiality: To prevent the messages from being revealed, care must
be taken during the transmission of messages. For this, the message should be
encrypted before it is sent over the network.

 Message Authentication: To deal with the analysis of traffic and deception issues,
message authentication is helpful. Here, the receiver can be sure of the real sender
and his identity. To do this, these methods can be incorporated:
o Parties should share secret codes that can be used at the time of identity
authentication.
o Digital signatures are helpful in the authentication.

15
 o A third party can be relied upon for verifying the authenticity of parties.
 Digital Signatures: Digital signatures provide help against a majority of these
issues. With the help of digital signatures, content, sequence, and timing of the
messages can be easily monitored. Moreover, it also prevents denial of message
transmission by the source.
 Combination of protocols with Digital Signatures: This is needed to deal with the
denial of messages received. Here, the use of digital signature is not sufficient and it
additionally needs protocols to support its monitoring.

Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and
integrity of a message, software, or digital document.
1. Key Generation Algorithms: Digital signature is electronic signatures, which
assure that the message was sent by a particular sender. While performing digital
transactions authenticity and integrity should be assured, otherwise, the data can
be altered or someone can also act as if he was the sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like email
programs create a one-way hash of the electronic data which is to be signed. The
signing algorithm then encrypts the hash value using the private key (signature
key). This encrypted hash along with other information like the hashing algorithm
is the digital signature. This digital signature is appended with the data and sent to
the verifier. The reason for encrypting the hash instead of the entire message or
document is that a hash function converts any arbitrary input into a much shorter
fixed-length value. This saves time as now instead of signing a long message a
shorter hash value has to be signed and moreover hashing is much faster than
signing.
3. Signature Verification Algorithms : Verifier receives Digital Signature along with
the data. It then uses Verification algorithm to process on the digital signature and
the public key (verification key) and generates some value. It also applies the same
hash function on the received data and generates a hash value. If they both are equal,
then the digital signature is valid else it is invalid.
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the message and then
message digest is encrypted using private key of sender to form the digital signature.
(digital signature = encryption (private key of sender, message digest) and message
digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital signature
is transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This assures
authenticity, as only sender has his private key so only sender can encrypt using his
private key which can thus be decrypted by sender’s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message is
sent with the digital signature).
6. The message digest computed by receiver and the message digest (got by decryption
on digital signature) need to be same for ensuring integrity.

16
 Message digest is computed using one-way hash function, i.e. a hash function in which
computation of hash value of a message is easy but computation of the message from
hash value of the message is very difficult.

Assurances about digital signatures

The definitions and words that follow illustrate the kind of assurances that digital
signatures offer.
1. Authenticity: The identity of the signer is verified.
2. Integration: Since the content was digitally signed, it hasn’t been altered or
interfered with.
3. Non-repudiation: demonstrates the source of the signed content to all parties. The
act of a signer denying any affiliation with the signed material is known as
repudiation.
4. Notarization: Under some conditions, a signature in a Microsoft Word, Microsoft
Excel, or Microsoft PowerPoint document that has been time-stamped by a secure
time-stamp server is equivalent to a notarization.
Benefits of Digital Signatures
 Legal documents and contracts: Digital signatures are legally binding. This makes
them ideal for any legal document that requires a signature authenticated by one or
more parties and guarantees that the record has not been altered.
 Sales contracts: Digital signing of contracts and sales contracts authenticates the
identity of the seller and the buyer, and both parties can be sure that the signatures
are legally binding and that the terms of the agreement have not been changed.
 Financial Documents: Finance departments digitally sign invoices so customers
can trust that the payment request is from the right seller, not from a bad actor
trying to trick the buyer into sending payments to a fraudulent account.
 Health Data: In the healthcare industry, privacy is paramount for both patient
records and research data. Digital signatures ensure that this confidential
information was not modified when it was transmitted between the consenting
parties.
Drawbacks of Digital Signature
 Dependency on technology: Because digital signatures rely on technology, they
are susceptible to crimes, including hacking. As a result, businesses that use digital
signatures must make sure their systems are safe and have the most recent security
patches and upgrades installed.

17
  Complexity: Setting up and using digital signatures can be challenging, especially
for those who are unfamiliar with the technology. This may result in blunders and
errors that reduce the system’s efficacy. The process of issuing digital signatures to
senior citizens can occasionally be challenging.
 Limited acceptance: Digital signatures take time to replace manual ones since
technology is not widely available in India, a developing nation.

18