CRYPTOGRAPHY AND

NETWORK SECURITY
UNIT-III PART-01
(Public key cryptography
and
Authentication requirements)
M. Muni Babu
M.Tech, (Ph.D)
Assistant Professor
Dept. of CSE
IIIT R K Valley, RGUKT - AP
 CONTENT
• Principles of public key crypto systems
• RSA algorithm - security of RSA
• Key management
• Diffle- Hellman key exchange algorithm
• Introductory idea of Elliptic curve cryptography
• Elgamel encryption
• Message Authentication and Hash Function:
• Authentication requirements and Authentication functions
• Message authentication code
• Hash functions
• Birthday attacks
• Security of hash functions and MACS.
Principles of Public-Key Cryptosystems
• Public-Key Cryptosystems
• Applications for Public-Key Cryptosystems
• Requirements for Public-Key Cryptography
• Public-Key Cryptanalysis
 Public-Key Cryptosystems
• Asymmetric algorithms rely on one key for encryption and a different but related key for
decryption.
These algorithms have the following important characteristic.
• It is computationally infeasible to determine the decryption key given only knowledge of the
cryptographic algorithm and the encryption key.
• In addition, some algorithms, such as RSA, also exhibit the following characteristic.
• Either of the two related keys can be used for encryption, with the other used for decryption.
• Public key – Ingredients:
• Plaintext
• Encryption algorithm
• Public and private keys
• Ciphertext
• Decryption algorithm
 Public-Key Cryptosystems – Essential Steps
• Essential steps:
1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.

2. Each user places one of the two keys in a public register or other accessible file. This is
the public key. The companion key is kept private. As Figure 9.1a suggests, each user
maintains a collection of public keys obtained from others.

3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice’s public key.

4. When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice’s private key
Public-Key Cryptosystems
Public-Key Cryptosystems
Public-Key Cryptosystems – Conventional and Public-Key Encryption
 Public-Key Cryptosystems
• There is some source A that produces a message in plaintext, X = [X1, X2, ...,XM]. The
M elements of X are letters in some finite alphabet.
• The message is intended for destination B. B generates a related pair of keys:
• a public key, PUb, and a private key, PRb. PRb is known only to B, whereas PUb is publicly available
and therefore accessible by A.
• With the message X and the encryption key PUb as input, A forms the ciphertext Y =
[Y1, Y2, ..., YN]:
Y = E(PUb, X)
• The intended receiver, in possession of the matching private key, is able to invert the
transformation:
X = D(PRb, Y)
• Figures 9.1b and 9.3 show the use of public-key encryption to provide authentication:
• Y = E(PRa, X)
• X = D(PUa, Y)
Public-Key Cryptosystems – Conventional and Public-Key Encryption
Public-Key Cryptosystems
Public-Key Cryptosystems
 Public-Key Cryptosystems - Applications
• Public-key systems are characterized by the use of a cryptographic algorithm with two
keys, one held private and one available publicly.
• Depending on the application, the sender uses either the sender’s private key or the
receiver’s public key, or both, to perform some type of cryptographic function.
• In broad terms, we can classify the use of public-key cryptosystems into three categories

• Encryption /decryption: The sender encrypts a message with the recipient’s public key.

• Digital signature: The sender “signs” a message with its private key. Signing is achieved
by a cryptographic algorithm applied to the message or to a small block of data that is a
function of the message.

• Key exchange: Two sides cooperate to exchange a session key. Several different
approaches are possible, involving the private key(s) of one or both parties.
Public-Key Cryptosystems – Requirements
 RSA
ALGORITHM
 RSA - Introduction
• The RSA – derived from the last names (Ron Rivest, Adi Shamir, and Leonard
Adleman)of the three mathematicians in 1977.
• Terms:
• Prime: A number is said to be Prime if it is only divisible by 1 and itself. Such as
2,3,5,7,11, 13, 17 and etc.
• Factor: A factor is a number you can multiple to get another number.
• For example, The factors of 12 are – 1, 2, 3, 4, 6, and 12.
• Semi-Factor: A number is Semi-Prime if its only factors are prime (excluding 1 and
itself) for example,
• 12 is not semi-prime – one of its factors is 6, which is not prime.
• 21 is semi-prime – the factors of 21 are 1, 3, 7, 21. If exclude 1 and 21, we are left with 3
and 7, both of which are prime.
• Modulos: 12 MOD 5 – dividing 12 by 5, which results in 2.
 RSA - Introduction
• RSA makes use of an expression with exponentials.
• Plaintext is encrypted in blocks, with each block having a binary value less than some
number n. That is, the block size must be less than or equal to log2(n) + 1; in practice, the
block size is i bits, where 2i 6 n ≤ 2i+1.
• Encryption and decryption are of the following form, for some plaintext block M and
cipher text block C.

Both sender and receiver must know the value of n. The sender knows the value of e, and only
the receiver knows the value of d.
Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a private
key of PR = {d, n}.
For this algorithm to be satisfactory for public-key encryption, the following requirements must
be met.
 RSA - Introduction
• For this algorithm to be satisfactory for public-key encryption, the following
requirements must be met.
• 1. It is possible to find values of e, d, n such that Med mod n = M for all M < n.
• 2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n.
• 3. It is infeasible to determine d given e and n.
• For now, we focus on the first requirement and consider the other questions later. We
need to find a relationship of the form
• Med mod n = M
• The preceding relationship holds if e and d are multiplicative inverses modulo
• φ(n), where φ(n) is the Euler totient function. p, q prime, φ (pq) = (p - 1)(q - 1).
• The relationship between e and d can be expressed as ed mod φ(n) = 1
 RSA - Steps
1. Select two prime numbers – P and Q i.e. P=7 and
Q=19
2. Calculate the product – N=P*Q; i.e. N=7*19; N=133
3. Calculate the Totient of N – (P-1) * (Q-1) i.e. (7-
1)*(19-1) = 6*8 = 108
4. Select a Public key
• It must be Prime
• It must be less than the Totient
• It must NOT be a factor of the Totient
5. Select a Private Key
 C = Me mod (n=pq)
Plaintext: M Cd mod n Ciphertext: C

From n, difficult to figure out p,q

From (n,e), difficult to figure d.
From (n,e) and C, difficult to figure out M s.t. C = Me
• p = 11, q = 7, n = 77, (n) = 60
• d = 13, e = 37 (ed = 481; ed mod 60 = 1)
• Let M = 15. Then C  Me mod n
• C  1537 (mod 77) = 71
• M  Cd mod n
• M  7113 (mod 77) = 15
To compute
the value for
d, use the
Extended
Euclidean
Algorithm to
calculate d=e
−1modϕ,
also written
d=(1/e)modϕ
. This is
known as
modular
inversion .
 The Security of RSA
Four possible approaches to attacking the RSA algorithm are

• Brute force: This involves trying all possible private keys.

• Mathematical attacks: There are several approaches, all equivalent in effort to

factoring the product of two primes.

• Timing attacks: These depend on the running time of the decryption algorithm.

• Chosen ciphertext attacks: This type of attack exploits properties of the RSA
algorithm
Diffie-Hellman
Key Exchange
 Diffie-Hellman Key Exchange
• The first published public-key algorithm that defined public-key cryptography was
published by Diffie and Hellman.
• It is generally referred to as the Diffie –Hellman key exchange.
• A number of commercial products employ this key exchange technique.
• Purpose of the algorithm is to enable two users to exchange a secret key securely that then
can be used for subsequent encryption of messages
• The algorithm itself is limited to the exchange of the keys.
• Depends for its effectiveness on the difficulty of computing discrete logarithms.
 Diffie-Hellman Key Exchange - Steps
• Selection of Global Elements

• Key Generation for user A

• Key Generation for user B

• Calculation of Secret Key by User A

• Calculation of Secret Key by user B

Diffie-Hellman Key Exchange - Steps
 Diffie-Hellman Key Exchange - Algorithm
• Lets assume that there are two publicly known numbers: a prime number q and an integer α
that is a primitive root of q.
• For a prime number q, if α is a primitive root of q, then α, α2,…, αp-1 are distinct (mod q).
• E.g. for prime number 19, its primitive roots are 2, 3, 10, 13, 14, and 15.
• Suppose the users A and B wish to create a shared key.
• User A selects a random integer XA < q and computes YA = αXA mod q.
• Similarly, user B independently selects a random integer XB < q and computes YB = αXB mod q.
• Each side keeps the X value private and makes the Y value available publicly to the other
side.
• Thus, XA is A’s private key and YA is A’s corresponding public key,
• The same applies for B.
• User A computes the key as K = (YB)XA mod q and
• User B computes the key as K = (YA)XB mod q.
• The result is that the two sides have exchanged a secret value.
 Diffie-Hellman Key Exchange - Example
• Lets take q = 353 and a primitive root of 353, α= 3.
• A and B select private keys XA = 97 and XB = 233, respectively.
• Each computes its public key:
• A computes YA = 397 mod 353 = 40.
• B computes YB = 3233 mod 353 = 248.
• After they exchange public keys, each can compute the common secret key:
• A computes K = (YB)XA mod 353 = 24897 mod 353 = 160.
• B computes K = (YA)XB mod 353 = 40233 mod 353 = 160.
• an attacker would have available the following information:
• q = 353; α = 3; YA = 40; YB = 248.
• In this simple example, it would be possible by brute force to determine the secret key 160.
Diffie-Hellman Key Exchange - Security
• While it is relatively easy to calculate exponentials modulo a prime, it
is very difficult to calculate discrete logarithms.

• For large primes, the latter task is considered infeasible.

Figure 10.2 Diffie-Hellman Key Exchange
The protocol depicted in Figure 10.2 is insecure against a man-in-the-middle attack.
Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The
attack proceeds as follows.
At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth
share secret key and Alice and Darth share secret key . All future communication between
Bob and Alice is compromised in the following way.

The key exchange protocol is vulnerable to such an attack because it does not
authenticate the participants. This vulnerability can be overcome with the use of digital
signatures and public-key certificates;
 Elgamal
Encryption
ElGamal Cryptosystem
• In 1984, T. Elgamal announced a public-key scheme based on discrete
logarithms, closely related to the Diffie-Hellman technique [ELGA84,
ELGA85].
• The ElGamal2 cryptosystem is used in some form in a number of standards
including the digital signature standard (DSS), and the S/MIME e-mail
standard.

• Procedure - Steps
• Global Public Elements
• Key Generation by Alice
• Encryption by Bob with Alice’s Public Key
• Decryption by Alice with Alice’s Private Key
ElGamal Cryptosystem
ElGamal Cryptosystem
ElGamal Cryptosystem
ELLIPTIC CURVE
CRYPTOGRAPHY
Elliptic Curve Cryptography - Introduction
• Most of the products and standards that use public-key cryptography for
encryption and digital signatures use RSA.
• As we have seen, the key length for secure RSA use has increased over recent
years, and this has put a heavier processing load on applications using RSA.
• This burden has ramifications, especially for electronic commerce sites that
conduct large numbers of secure transactions.
• A competing system challenges RSA: elliptic curve cryptography (ECC).
• ECC is showing up in standardization efforts, including the IEEE P1363
Standard for Public-Key Cryptography.
• The principal attraction of ECC, compared to RSA, is that it appears to offer
equal security for a far smaller key size, thereby reducing processing overhead.
• ECC is fundamentally more difficult to explain than either RSA or Diffie-
Hellman.
 Elliptic Curve Cryptography - Introduction
• An elliptic curve is defined by an equation in two variables with coefficients.
• ECC offers several benefits compared to RSA:
• It operates on devices with low CPU and memory resources.
• It encrypts and decrypts faster.
• Larger key sizes can be used without significantly increasing the key size or CPU
and memory requirements.
General form of a EC
• An elliptic curve is a plane curve defined by an
equation of the form

y  x  ax  b
2 3

Examples
ECC Diffie-Hellman Key Exchange
ECC Diffie-Hellman Key Exchange
Elliptic Curve Cryptography – Encryption and Decryption
END
MESSAGE AUTHENTICATION

52
 MESSAGE SECURITY REQUIREMENTS

• In communications from a computer to computer, the following attacks could be

identified:

• Disclosure: Release of message contents

• Traffic analysis: Discovery of the pattern of traffic between parties
• Masquerade: Insertion of messages into the network from a fraudulent source
• Content modification: Modification of the contents of a message
• Sequence modification: Modification to a sequence of messages between parties
• Timing modification: Delay or replay of messages
• Source repudiation: Denial of transmission of message by source
• Destination repudiation: Denial of receipt of message by destination

53
MESSAGE AUTHENTICATION

• Message authentication is concerned with:

• Protecting the integrity of a message
• Validating identity of originator
• Non-repudiation of origin (dispute resolution)

• Will consider the security requirements

• Three alternative functions used:
• Message encryption
• Hash functions
• Message Authentication Code (MAC)
54
MESSAGE ENCRYPTION
SYMMETRIC MESSAGE ENCRYPTION
• Encryption can also provides authentication
• If symmetric encryption is used then:
• Receiver know sender must have created it
• Since only sender and receiver now key used
• If message has suitable structure, redundancy or a checksum to
detect any changes

55
PUBLIC-KEY MESSAGE ENCRYPTION
• If public-key encryption is used:
• Anyone potentially knows public-key

However if
• Sender signs message using their private-key
• Then encrypts with recipients public key
• Have both secrecy and authentication
• Again need to recognize corrupted messages
• But at cost of two public-key uses on message

56
 HASH FUNCTIONS

Condenses arbitrary message to fixed size

h = H(M)
Usually assume hash function is public
Hash used to detect changes to message
Want a cryptographic hash function
Computationally infeasible to find data mapping to specific
hash (one-way property)

Computationally infeasible to find two data to same hash

(collision-free property)

57
CRYPTOGRAPHIC HASH FUNCTION

• Figure depicts the general operation of a

cryptographic hash function.

• The input is padded out to an integer multiple of

some fixed length (e.g., 1024 bits) and the
padding includes the value of the length of the
original message in bits.

• The length field is a security measure to increase

the difficulty for an attacker to produce an
alternative message with the same hash value.

58
HASH FUNCTIONS & MESSAGE AUTHENTICATION

• Message authentication is a mechanism or service used to verify

the integrity of a message, by assuring that the data received are
exactly as sent.

• Figure A, B, C and D illustrates a variety of ways in which a hash

code can be used to provide message authentication, as follows:

59
 A

• The message plus concatenated hash code is encrypted using

symmetric encryption. Since only A and B share the secret key,
the message must have come from A and has not been altered.

• The hash code provides the structure or redundancy required to

achieve authentication.
60
 B

• Only the hash code is encrypted, using symmetric

encryption. This reduces the processing burden for those
applications not requiring confidentiality.

61
 C

• Shows the use of a hash function but no encryption for message authentication.

• The technique assumes that the two communicating parties share a common
secret value S.

• A computes the hash value over the concatenation of M and S and appends the
resulting hash value to M.

• Because B possesses S, it can re-compute the hash value to verify.

• Because the secret value itself is not sent, an opponent cannot modify an
intercepted message and cannot generate a false message. 62
 D

• Confidentiality can be added to the approach of (c) by

encrypting the entire message plus the hash code.

63
MESSAGE AUTHENTICATION CODE (MAC)

• Generated by an algorithm that creates a small fixed-sized block

• Depending on both message and some key

• Like encryption though need not be reversible

• Appended to message as a signature

• Receiver performs same computation on message and checks it

matches the MAC

• Provides assurance that message is unaltered and comes from

sender

64
Message Authentication Code…
• A small fixed-sized block of data
• Generated from message + secret key
• MAC = C(K,M)
• Appended to message when sent

65
MESSAGE AUTHENTICATION CODES

• As shown the MAC provides authentication

• Why use a MAC?

• sometimes only authentication is needed
• sometimes need authentication to persist longer than the
encryption (eg. archival use)

• Can also use encryption for secrecy

• generally use separate keys for each
• can compute MAC either before or after encryption
• is generally regarded as better done before
66
MAC PROPERTIES

• A MAC is a cryptographic checksum

MAC = CK(M)
• condenses a variable-length message M
• using a secret key K
• to a fixed-sized authenticator

• Is a many-to-one function
• potentially many messages have same MAC
• but finding these needs to be very difficult

67
3.6 HMAC
3.6.1 HMAC DESIGN OBJECTIVES
Use, without modifications, hash functions

Allow for easy re-placeability of embedded hash function

Preserve original performance of hash function without

significant degradation

Use and handle keys in a simple way.

Have well understood cryptographic analysis of

authentication mechanism strength
68
• HMAC should execute in approximately the same time as the embedded
hash function for long messages.

• HMAC adds three executions of the hash compression function.

• With this implementation, only one additional instance of the compression

function is added to the processing normally produced by the hash
function.

• This is especially worthwhile if most of the messages for which a MAC is

computed are short.

69
3.6.2 HMAC SECURITY
• Proved security of HMAC relates to that of the
underlying hash algorithm

• Attacking HMAC requires either:

• Brute force attack on key used
• Birthday attack (but since keyed would need to observe a
very large number of messages)

• Choose hash function used based on speed verses

security constraints
END