Crypto Module 2
Crypto Module 2
The concept of public key cryptography in invented for two most difficult problems
of Symmetric key encryption.
The Trust Problem: Ensuring the integrity of received data and verifying the
identity of the source of that data can be very important. Means in the symmetric
key cryptography system, receiver doesn’t know whether the message is coming
for particular sender.
This public key cryptosystem uses two keys as pair for encryption of plain text and
Decryption of cipher text.
These two keys are names as “Public key” and “Private key”. The private key is kept
secret where as public key is distributed widely.
A message or text data which is encrypted with the public key can be decrypted only
with the corresponding private-key
This two key system very useful in the areas of confidentiality (secure) and
authentication
There is some source A that produces a message in plaintext X = [X1, X2, . . . ,XM].
The M elements of X are letters in some finite alphabet. The message is intended for
destination B.
B generates a related pair of keys: a public key, PU b, and a private key, PRb.
PRb is known only to B, whereas PUb is publicly available and therefore accessible by A.
With the message X and the encryption key PUb as input, A forms the ciphertext Y = [Y1, Y2,
. . . , YN]:
The intended receiver, in possession of the matching private key, is able to invert the transformation:
The above diagrams show the use of public-key encryption to provide authentication:
In this case,A prepares a message to B and encrypts it using A’s private key before
transmitting it. B can decrypt the message using A’s public key. Because the message
was encrypted using A’s private key, only A could have prepared the message.
Therefore, the entire encrypted message serves as a digital signature.
It is impossible to alter the message without access to A’s private key, so the message
is authenticated both in terms of source and in terms of data integrity.
It is, however, possible to provide both the authentication function and confidentiality by a
double use of the public-key scheme (above figure):
In this case, we begin as before by encrypting a message, using the sender’s private key. This
provides the digital signature. Next, we encrypt again, using the receiver’s public key. The
final ciphertext can be decrypted only by the intended receiver, who alone has the matching
private key. Thus, confidentiality is provided.
Public-Key Cryptanalysis
As with symmetric encryption, a public-key encryption scheme is vulnerable to a brute-force
attack. The countermeasure is the same: Use large keys. However, there is a tradeoff to be
considered. Public-key systems depend on the use of some sort of invertible mathematical
function. The complexity of calculating these functions may not scale linearly with the
number of bits in the key but grow more rapidly than that. Thus, the key size must be large
enough to make brute-force attack impractical but small enough for practical encryption and
decryption. In practice, the key sizes that have been proposed do make brute-force attack
impractical but result in encryption/decryption speeds that are too slow for general-purpose
use. Instead, as was mentioned earlier, public-key encryption is currently confined to key
management and signature applications.
RSA
Requirements:
The RSA algorithm to be satisfactory for public key encryption, the following requirements
must be met:
1. It is possible to find values of e, d n such that “ M ed mod n =M ” for all M<n
2. It is relatively easy to calculate “ M e mod n “ and “ Cd mod n “for M<n
3. It is infeasible to determine “d” given ‘e’ & ‘n’. The “ M ed mod n =M ” relationship
holds if ‘e’ & ‘d’ are multiplicative inverses modulo Ø(n).
Ø(n) Euler Totient function
For p,q primes where p*q and p≠q.
Ø(n)= Ø(pq)=(p-1)(q-1)
Example:
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 × 11 = 187.
3. Calculate Ø(n) = (p - 1)(q - 1) = 16 × 10 = 160.
4. Select e such that e is relatively prime to Ø(n) = 160 and less than Ø (n); we choose e = 7.
5. Determine d such that de ≡1 (mod 160) and d < 160.The correct value is d = 23, because
23 * 7 = 161 = (1 × 160) + 1; d can be calculated using the extended Euclid’s algorithm
The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.
The example shows the use of these keys for a plaintext input of M= 88. For encryption,
we need to calculate C = 887 mod 187. Exploiting the properties of modular arithmetic, we
can do this as follows.
Example:
Generally the attacker actively eavesdrops by intercepting (stoping) a public key message
exchange.
The Diffie- Hellman key exchange is insecure against a “Man in the middle attack”.
Suppose user ‘A’ & ‘B’ wish to exchange keys, and D is the adversary (opponent). The attack
proceeds as follows.
1. ‘D’ prepares for the attack by generating two random private keys X D1 & XD2 and then
computing the corresponding public keys YD1 and YD2.
2. ‘A’ transmits ‘YA’ to ‘B’
3. ‘D’ intercepts YA and transmits YD1 to ‘B’. and D also calculates
At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth
share secret key K1 and Alice and Darth share secret key K2. All future communication
between Bob and Alice is compromised in the following way.
The key exchange protocol is vulnerable to such an attack because it does not authenticate the
participants. This vulnerability can be overcome with the use of digital signatures and public-
key certificates.
EQ1, is sufficient.
Such equations are said to be cubic, or of degree 3, because the highest exponent they contain is a 3. Also
included in the definition of an elliptic curve is a single element denoted O and called the point at infinity or the
zero point. To plot such a curve, we need to compute
For given values of and, the plot consists of positive and negative values of for
each value of . Thus, each curve is symmetric about y = 0.
eq2
Now consider the set Ep(a, b) consisting of all pairs of integers (x, y) that satisfy
Equation eq2 together with a point at infinity .The coefficients a and b and the variables x and
y are all elements of Zp.
For example, let p = 23 and consider the elliptic curve y2 = x3 + x + 1 In this case, a = b = 1
For the set E23(1, 1), we are only interested in the nonnegative integers in the quadrant from
(0, 0) through (p - 1, p - 1) that satisfy the equation mod p.
For elliptic Curves over GF(2m), we use a cubic equation in which the variables and
coefficients all take on values in GF(2 m), for some number m.
By this, the form of cubic equation appropriate for cryptographic application.
To form a cryptographic system using elliptic curves, we need to find a “hard problem”
corresponding to factoring the product of two primes or taking the discrete logarithm.
.
This define elliptic group of point E q(a,b).
Pick a base point G=(x1,y1) in Ep(a,b) whose order is a very large value n.
The order n of a point G on an elliptic curve is the smallest +ve integer n such that
nG=0.Eq(a,b)