Chapter 4

Public key
Cryptography
Review of Symmetric Cryptography

• Limitation:
▪ Key distribution
▪sender and receiver must share the same key
▪Needs secure channel for key distribution
▪Impossible for two parties having no prior
relationship
▪Needs many keys for n parties to communicate
▪ Digital signatures: equivalent of signature used in paper documents.

2
 Asymmetric encryption

• Asymmetric encryption is a form of

cryptosystem in which encryption and
decryption are performed using different
keys.
• Transforms plaintext into ciphertext using
one of the two keys and an encryption
algorithm.
• Using the paired key and a decryption
algorithm, the plaintext is recovered from
the ciphertext.

3
Cont..

4
 Cont..
• Algorithms are based on mathematical functions
rather than on substitution and permutation.
• It is asymmetric(two key): a public & a private key.
▪ A public key, which may be known by anybody, and can be used to encrypt
messages, and verify signatures
▪ A private key, known only to the recipient, used to decrypt messages, and sign
(create) signatures
 Common misconception

▪Public key encryption is more secure from

cryptanalysis than is conventional encryption.
• The security of any encryption scheme depends on the length of the key
and the computational work involved in breaking a cipher.
• There is nothing in principle about either conventional or public-key
encryption that makes one superior to another from the point of view of
resisting cryptanalysis.
▪Public key encryption is a general purpose
technique that has made conventional
encryption obsolete.
 Important characteristics of algorithms

• Computationally infeasible to determine the

decryption key given only knowledge of the
cryptographic algorithm and the encryption
key.
• Either of the two related keys can be used for
encryption, with the other used for decryption .
• Computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known
 Essential steps
1. Each end system in a network generates a
pair of keys to be used for encryption and
decryption of messages that it will receive.
2. Each system publishes its encryption key by
placing it in a public register or a file. This is
the public key. The companion key is kept
private.
3. If A wishes to send a message to B, it
encrypts the message using B’s public key.
4. When B receives the message, B decrypts it
using B’s private key.
Cont..

9
 Cont…
• All participants have access to public keys.
• Private keys are generated locally by each participant and need
never be distributed.
• As long as a system controls its private key, communication is
secure.
• At any time, a system can change its private key and publish the
companion public key to replace its old public key.

• Conventional encryption
▪ The same algorithm with the
same key is used for
encryption and decryption.
▪ The sender and receiver
must share the algorithm
and the key.
▪ The key must be kept secret.
▪ It must be impossible to
decipher a message if no
information is available.
▪ Knowledge of the algorithm
and samples of ciphertext
must be insufficient to
determine the key.
Cont…
• Public-key encryption
▪ One algorithm is used for
encryption and decryption
with a pair of keys, one for
encryption and one for
decryption.
▪ The sender and receiver must
each have one of the
matched pair of keys.
▪ One of the two keys must be
kept secret.
▪ It must be impossible to
decipher a message if no
other information is available
▪ Knowledge of the algorithm
and samples of ciphertext
and one of the keys must be
insufficient to determine the
other key.
Cont…
Public-Key Cryptosystem: Secrecy
• Message source A
• plaintext: X = [X1,X2,…,XM]
• M elements of X are letters in some finite alphabet.
• Message destination B.
• B generates a related pair of keys: a public key, KUb, and
private key, KRb.
• Whereas KRb is only known to B.
 Cont…
• KUb is publicly available.
• Ciphertext: Y = [Y1,Y2,…,YN]
Y = EKUb(X)
X = DKRb(Y)
• An opponent observing Y and having access to
KUb but not having access to KRb or X, attempts
to recover X and/or KRb.
• It is assumed that the opponent does have
knowledge of encryption (E) and decryption (D)
algorithms.
 Cont…

• If the opponent is interested only in this particular message, then

the focus of effort is to recover X, by generating a plaintext
estimate Xˆ.
• If the opponent is interested in being able to read future messages
as well, attempt is to recover KRb by generating an estimate KRbˆ.
Public-Key Cryptosystem: Authentication

• A prepares a message to B and encrypts it using

A’s private key before transmitting it.
• B can decrypt the message using A’s public key.
• The entire encrypted message serves as a digital
signature because it is impossible to alter the
message without access to A’s private key
• so the message is authenticated both in terms
of source and in terms of data integrity.
Public-Crypto for secrecy(confidentiality)
Public-crypto for authentication
Both Authentication and Confidentiality
Use of public-key cryptosystems
1. Encryption /decryption: the sender encrypts a message with the
recipient’s public key.
2. Digital signature: the sender “signs” a message with its private
key.
3. Key exchange: two sides cooperate to exchange a session key.
 Cont…
• Conditions that public-key cryptography should
fulfill are:
1. It is computationally easy for a party B to
generate a pair (KUb, KRb)
2. It is computationally easy for a sender A,
knowing the public key and the message to be
encrypted, M, to generate the corresponding
ciphertext:
C = EKUb(M)
3. It is computationally easy for the receiver B to
decrypt the resulting ciphertext using the private
key to recover the original message:
M = DKRb(C) = DKRb(EKUb(M))
 Cont…
4. It is computationally infeasible for an opponent,
knowing the public key to determine the private
key.
5. It is computationally infeasible for an opponent,
knowing the public key and a ciphertext, to
recover the original message, M.
• Public-Key cryptanalysis
▪Like conventional vulnerable for brute-force
attack.
▪Solution: Using large keys however there is
trade off (increase in key size causes an increase
in complexity of the function)
 RSA
• Developed by Rivest, Shamir and Adleman.
• Block cipher in which the plaintext and ciphertext
are integers between 0 and n-1 for some n.
• Best known & widely used public-key scheme
• Relies on the fact that prime factorization is
computationally very hard.
• Plaintext is encrypted in blocks, with each block
having a binary value less than some number n.
• A typical size for n is 1024 bits.
• The block size must be less than or equal to log2(n), in
practice the block size is 2k bits, where 2k<n≤2k+1.
 RSA Key Generation
• Each user generates a public/private key pair by:
• Selecting two large primes at random -p, q
• Computing their system modulus n=p*q, note (n)=(p-
1)(q-1) (totient function)
• Selecting at random the encryption key e where 1<e<
(n), gcd(e, (n))=1 (relative prime)
• Solve following equation to find decryption key d
e*d=1 mod (n) and 0≤d≤(n), (extended Euclid‟s
algorithm)
• publish their public encryption key:PU={e,n}
• keep secret private decryption key: PR={d,n}

24
 Encryption and Decryption
• Encryption and decryption are of the following
form.
▪ Message M < n.
▪ Encryption key = (e,n).
▪ Decryption key = (d,n).
▪ Encrypt => C = Me mod n.
▪ Decrypt => M = Cd mod n=(Me)d mod n = Med mod n
• Both sender and receiver must know the value of n.
• The sender knows the value of e, and only the
receiver knows the value of d.
 Cont…
• For RSA to be satisfactory for public key encryption, the
following requirements must be met:
1. It is possible to find values of e, d, n such that Med mod n = M for
all M<n.
2. It is relatively easy to calculate Me mod n and Cd mod n for all values
of M<n.
3. It is infeasible to determine d given e and n.
RSA Example:

• Select two primes at random: p=17 & q=11

▪ Compute n = pq =17×11=187
▪ Compute (n) =(p–1)(q-1)=16×10=160
▪ Select e at random in which: gcd(e,160)=1; choose e=7
▪ Determine d: de=1 mod 160 and d<160 the value of d is 23 (1=de mod
(n) )
▪ Publish public key PU={7,187}
▪ Keep secret private key PR={23,187}
 Cont..
• Sample RSA encryption/decryption is:
▪ encryption:
C = Me mod n = 887 mod 187 = 11
▪ decryption:
M = Cd mod n = 1123 mod 187 = 88

• Example 2:
▪ Lets choose two primes: p=11 and q=13 then n=p×q=143. ant he
totient of n (n)= (p−1)⋅(q−1)=120.
▪ We choose random e=7 and calculated a private d=103
 Cont..
• Lets choose our plaintext message, m to be 9:
• encryption:
▪ Me mod n=97mod143=48=c
• decryption:
▪ Cd mod n=48103mod143=9=m
• How to encrypt a message like "attack at dawn".
• First we need to convert the message into a numeric format.

29
 Cont..
• Example : Each letter is represented by an ascii character or can be
encode with another encoding technique.
• Then we need to group the result number and we need to apply
encryption and decryption for each.
• E.g A=65 and a=97, d=100 e.t.c

30
 RSA Security

• Four possible approaches to attacking the RSA

algorithm are
▪ Brute force: involves trying all possible private
keys.
▪ Mathematical attacks: focuses on factoring the
product of two primes.
▪ Timing attacks: depend on the running time of
the decryption algorithm.
▪ Chosen ciphertext attacks: This type of attack
exploits properties of the RSA algorithm.
Diffie-Hellman Key Exchange

• public-key encryption helps to address key

distribution problems
• have two aspects of this:
▪ distribution of public keys
▪ use of public-key encryption to distribute secret keys
• First public-key type scheme proposed by Diffie
& Hellman in 1976 along with the exposition of
public key concepts
• Purpose is to enable two users to exchange a
key securely.
 Cont..
• It is a practical method for public exchange of a secret key
• Value of key depends on the participants and their private and
public key information
• Exponential key agreement
• Requires no prior secrets
• Real-time over an untrusted network
• Requires two large numbers, one prime (P), and (G), a primitive root
of P

33
Algorithm
• A prime number P and an integer G which is
primitive root of P.
• Both are publicly available numbers
▪ P is at least 512 bits
• Users pick private values a and b which is less
than P
• Compute public values
▪ x = ga mod p
▪ y = gb mod p
• Public values x and y are exchanged

34
 Cont..
• Compute shared, private key
▪ ka = ya mod p
▪ kb = xb mod p
• Algebraically it can be shown that ka = kb
▪ Users now have a symmetric secret key to encrypt

Example
• Two Internet users, Alice and Bob wish to have a secure
conversation.
▪ They decide to use the Diffie-Hellman protocol

35
Example

• Alice and Bob get public numbers

▪ P = 23, G = 9
• Alice and Bob pick private value a=4 and b=3 and
compute public values
▪ X = 94 mod 23 = 6561 mod 23 = 6
▪ Y = 93 mod 23 = 729 mod 23 = 16
• Alice and Bob exchange public numbers
• Alice and Bob compute symmetric keys
▪ ka = ya mod p = 164 mod 23 = 9
▪ kb = xb mod p = 63 mod 23 = 9
• Alice and Bob now can talk securely!

36
Message Authentication and Hash Function

• Message authentication is concerned with:

▪Protecting the integrity of a message
▪Validating identity of originator
▪Non-repudiation of origin
• Security Requirements
▪disclosure
▪traffic analysis
▪masquerade
▪content modification
▪sequence modification
▪timing modification
▪source repudiation
▪destination repudiation
 Cont….

• Message authentication is a procedure to verify

that received messages come from the alleged
source and have not been altered.
• A digital signature is an authentication
technique that includes repudiation by either
source or destination.
• Authentication Functions:
▪ Message encryption
▪ Message authentication code (MAC)
▪ Hash function
 Message encryption

• Ciphertext of the entire message serves as its

authenticator.
• The analysis differs for conventional and public-key
encryption.
• Conventional encryption provides authentication as
well as confidentiality.
• Public-key encryption provides confidentiality but not
authentication, since everybody accesses the public
key.
• Using private key to encrypt and public-key to decrypt
provides authentication.
• To provide both confidentiality and authentication, A
encrypts message using its private key, which gives
digital signature, and then using B’s public-key. (double
key encryption)
 Message Authentication Code (MAC)

• Generate a small fixed-size block of data.

• Known as cryptographic checksum or MAC, that is
appended to the message.
▪Two communicating parties share a common secret
key K.
▪When A has a message to send to B, it calculates the
MAC as a function of the message and the key.
• MAC = CK(M)
▪The receiver performs the same calculation on the
received message using the same secret key to
generate a new MAC.
▪The received MAC is compared to calculated MAC.
 Cont…

▪If the received MAC matches the calculated MAC

▪The message has not been altered/ Integrity
▪The message is from alleged sender/ Authentication
▪MAC function is similar to encryption, one difference
is that the MAC algorithm need not be reversible as it
must for decryption.
▪It is less vulnerable to being broken than encryption.
▪It provides authentication and integrity but not
confidentiality
▪For confidentiality it should be encrypted again.
 Hash Function
• A variation on the MAC is the one-way hash
function.
• As with the MAC, a hash function accepts a
variable-size message M as input and produces a
fixed size hash code H(M).
▪ map original data of arbitrary size to hash value
of fixed size.
• The hash code is a function of all the bits of the
message and provides an error detection capability.
• A change to any bit or bits in the message results in
a change to the hash code.
▪ Guarantee messages integrity but not authentication
Cont..

43
Hash and MAC Algorithms
▪ MD5
• designed by Ronald Rivest
• latest in a series of MD2, MD4
• the most widely used hash algorithm
▪ Secure Hash Algorithm (SHA-1, SHA-2..)
• SHA was designed by NIST (national institute of standards and technology) in
1993, revised in 1995 as SHA-1
• generally preferred hash algorithm
• not vulnerable to any known attacks
• a little slower than MD5
 Cont…

▪ RIPEMD-160 (RACE Integrity Primitives Evaluation Message

Digest)
• developed in Europe as part of RIPE project in 96
• somewhat similar to MD5/SHA
• slower, but probably more secure, than SHA
▪ HMAC
• uses hash function on the message
• the security of HMAC relates to that of the underlying hash algorithm
• HMAC authentication using hash function