Network Security

(Lec 10)
(Public key Cryptography & RSA)

Dr. Khurram Gulzar Rana

 Asymmetric Encryption
Asymmetric encryption is the form of
cryptosystem in which encryption and decryption
are performed using the different keys- one a
public key and other a private key, known as
public key encryption.
Public key algorithms are based on
mathematical function rather than on substitution
and permutation.
 Common Misconceptions
Public key encryption is more secure from
cryptanalysis than is symmetric encryption.
 A second misconception is that public key
encryption has made symmetric encryption
obsolete.
There is a feeling that key distribution is trivial
when using public key encryption.
 Principles of public key cryptosystems
Evolved from two problems associated with
symmetric encryption.
First is that of key distribution.
Second problem was use of digital signatures.
 Public key Cryptosystem
Asymmetric algorithms rely on one key for
encryption and the different but related key for
decryption. These algorithms have following
important characteristics:
It is computationally infeasible to determine
the decryption key given only the knowledge of
the cryptographic algorithm and encryption key.
Secondly , like in RSA , either of the two
related keys can be used for encryption , with
other use for decryption.
Public key Cryptosystem
(Encryption)
Public Key Cryptosystem
(Authentication)
 Essential steps
Each user generate a pair of keys to be used for
encryption and decryption.
Each user places one of the two keys in a public
register or other accessible file, public key. The
companion key is kept private.
If bob wishes to send a confidential message to Alice,
bob encrypts the message using Alice public key.
When Alice receives the message , she decrypts it
using her private key. No other recipient can decrypt the
message because only Alice knows Alice private key.
Public key Cryptosystem: (Secrecy)
Public key Cryptosystem: (Authentication)
 Public Key Cryptosystem
(Authentication & Secrecy)
 Applications for Public key
Cryptosystems
Encryption/decryption: the sender encrypts a
message with the recipient's public key.
Digital Signature: the sender “signs” a message with
its private key. Signing is achieved by a cryptographic
algorithm applied to the message or to a small block
of data that is the function of the message.
Key exchange: two sides cooperate to exchange a
session key. Several different approaches are possible.
 Requirements for Public-key
Cryptography
It is computationally easy for a party B to generate a pair(Public key PUb ,
private key PRb )
It is computationally easy for a sender A, knowing the public key and the
message to be encrypted, M, to generate the corresponding ciphertext.
C = E(PUb , M)
It is computationally easy for the receiver B to decrypt the resulting
cipherext using the private key to recover the original message.
M = D(PR b , C) = D[PR b, E(PU b , M)]
It is computationally infeasible for an adversary , knowing the public key,
PUb , to determine the private key , PRb.
It is computationally infeasible for an adversary, knowing the public key ,
PUb, and the ciphertext , C , to recover the original message M.
 Rivest-Shamir-Adleman (RSA)
• Each person that wants to be able to receive encrypted messages must
generate a RSA key pair
• The RSA key pair is comprised of a public key (that is shared with the
sender and anyone else that may want to send encrypted messages to
the receiver) and a private key (that is kept secret by the receiver)
• The public key is used by the sender to encrypt messages to the
receiver
• The private key is used by the receiver to decrypt messages
• The RSA key generation algorithm generates a public key and a secret
key (RSA key pair)
 RSA Key Generation
• Bob wants to generate an RSA key pair so that his friends can send him
encrypted messages over an insecure channel
• He chooses two large prime numbers p and q and calculates their
product n = pq
• He chooses a number e that has no common factors with (p-1)(q-1)
• The public key is the pair of numbers (e, n)
• Bob calculates:
d = e-1 (mod (p-1)(q-1))
d is called the multiplicative inverse of e mod (p-1)(q-1) and is
calculated using Euclid’s extended gcd algorithm
• Bob’s private key is the pair of numbers (d, n)
 RSA Encryption
• Alice wants to securely send a message to Bob over an insecure channel
• Bob gives his public key (e, n) to Alice
• Alice splits the plaintext message into blocks so that each block can be
represented as a number that is less than the number n
• Suppose that one such block is m
• Alice calculates the ciphertext:
c = me (mod n)
and sends c to Bob
• Bob decrypts the ciphertext block c using his private key (d, n) by
calculating:
m = cd (mod n)
Thus he receives the original message block m
 Mathematical algorithms

• The following algorithms are needed to implement RSA:

– Primality test (to verify that the integers p and q that are chosen
in key generation are prime)
– Euclid’s extended algorithm for computing modular inverses (to
efficiently find the exponent d from the exponent e)
– Modular multiplication and exponentiation (for encryption or
decryption)
 Fermat primality test
• This algorithm uses a well-known theorem in mathematics (called
Fermat’s little theorem) to check whether a number is probably prime
• Fermat’s little theorem: If p is prime, then ap–1 = 1 (mod p)
• Fermat primality test algorithm:
– Input: integer N that we want to test for primality
– Choose a random number A in the range 1 to N-1
– If AN–1  1 (mod N) then N is definitely not prime
– Repeat this test for different values of A
• To perform the Fermat primality test on large integers, you
should use a fast modular exponentiation algorithm (such as the
square-and-multiply algorithm)
 Euclid’s extended algorithm
• To find the private key exponent d we need to calculate d = e–1 (mod (p–1)(q–1))
• A quick way to do this is by using Euclid’s extended algorithm for modular
inverses:
– Label five columns: a, n, q, u, v
• Let a = the number whose multiplicative inverse we wish to find
• Let n = the modulus
• Let u = 1 and v = 0
• Let q = a/n (zero in first step, if a < n)
– The next step:
• Let a = n and n = a – nq
• Let u = v and v = u – vq
• Let q = a/n
– If n  1 then repeat above step
– The result (multiplicative inverse of a mod n) is v
• If v < 0 then we can make v a positive integer in the range 0 to (n–1) by adding n
• For this algorithm to work, gcd(a,n) = 1 (i.e., a and n must have no common
factors)
 Example:
Euclid’s extended algorithm
• Suppose we want to find the multiplicative inverse of 17 mod 616

• Euclid’s extended algorithm:

a n q u v
17 616 0 1 0
616 17 36 0 1
17 4 4 1 -36
4 1 4 -36 145

• Result: 145
• Verify: 17 x 145 = 1 (mod 616)
 Square-and-multiply algorithm
• The square-and-multiply algorithm gives an efficient way to perform
exponentiation

• The square-and-multiply algorithm (to calculate ab mod n):

– Let r = 1
– The next step:
• If the least significant bit of b is equal to 1 (i.e., b is odd) then let r = ra
(mod n)
• Shift b to the right by one bit (losing the least significant bit)
• If b  0 then let a = a2 (mod n)
– If b  0 then repeat the last step
– The variable r contains the value of ab mod n
 Example:
Square-and-multiply algorithm
• Suppose we want to find the value of (123)17 mod 667
• The square-and-multiply algorithm:
r a b
1 123 17 (10001)
123 455 8 (1000)
123 255 4 (100)
123 326 2 (10)
123 223 1 (1)
82 - 0
• Result: (123)17 mod 667 = 82
 Example:
Square-and-multiply algorithm
• Suppose we want to find the value of (82)145 mod 667
• The square-and-multiply algorithm:
r a b
1 82 145 (10010001)
82 54 72 (1001000)
82 248 36 (100100)
82 140 18 (10010)
82 257 9 (1001)
397 16 4 (100)
397 256 2 (10)
397 170 1 (1)
123 - 0
• Result: (82)145 mod 667 = 123
 Digital Signatures
• Digital signatures provide a way for a sender to securely
‘sign’ a message so that the recipients of the message
can verify that the message originated from the sender
(i.e., it is not a forged message)
• The RSA scheme can also be used for digital signatures by
exploiting the fact that only the sender knows the private
key (used for signing) but that everyone knows the
sender’s public key (used for verification)
 RSA Digital Signatures
• Eve has been sending fake emails to Bob pretending to be
Alice (impersonation); Bob has no way of telling which emails
he has received from Alice are actually from Alice and which
ones are from Eve
• Alice wants to sign an email message m to Bob so that Bob
knows that the email is actually from her
• Alice signs the message using her private key (d, n) by
calculating:
s = md (mod n)
and sends the signed message s to Bob
• Bob obtains Alice’s public key (e, n) from her website or some
other source that he can trust
• Bob verifies the signature and obtains the original message m
using Alice’s public key (e, n):
m = se (mod n)
• Because Alice is the only person that knows d, he can be
assured that the message originated from Alice
 Security of RSA
• Eve knows the public key (e, n) of Bob and wants to know his
private key (d, n) so she can decrypt messages sent to Bob
• To calculate d, she has to solve the equation:
d = e-1 (mod (p-1)(q-1))
• However, this means that she needs to know the prime
numbers p and q
• She knows that n is the product of p and q, so she can recover
p and q if she can factor n into its component prime numbers
• Factoring large integers (over 250 digits) is known to be a
difficult problem in mathematics and computer science and
provided that the prime factors of n are sufficiently large, it
would be computationally infeasible for Eve to calculate p and
q (and hence d) from Bob’s public key
 RSA implementation issues

• The RSA algorithm requires working with very large integers (e.g., over
500 bits)

• However, most computers have a much smaller word size, which

represents the largest integer that can be stored in a CPU register (e.g.,
32 bits)

• The mathematical operations supported by most compilers and high-

level languages is usually restricted to the word size of the CPU, so to
implement RSA we need to know how to efficiently perform modular
multiplication and exponentiation