Public Key Cryptography

CSC 427
Lecture 2

Instructor: Dr. C.I Eke

 Public Key Cryptography
Basic concepts
Cryptography: The art or science encompassing the principles and methods
of transforming an intelligible message into one that is unintelligible, and
then retransforming that message back to its original form
Plaintext: The original intelligible message
Cipher text: The transformed message
Key: Some critical information used by the cipher, known only to the
sender & receiver
Encipher (encode) :The process of converting plaintext to cipher text using
a cipher and a key
Decipher (decode): The process of converting cipher text back into
plaintext using a cipher and a key
Public Key Cryptography
Cryptanalysis :The study of principles and methods of
transforming an unintelligible message back into an
intelligible message without knowledge of the key.
Also called code breaking
Cryptology: Both cryptography and cryptanalysis
Code: An algorithm for transforming an intelligible
message into an unintelligible one using a code-book
 Public Key Cryptography
Cryptographic systems are generally classified along 3 independent dimensions:
Type of operations used for transforming plain text to cipher text: All the
encryption algorithms are based on two general principles: substitution, in
which each element in the plaintext is mapped into another element, and
transposition, in which elements in the plaintext are rearranged.
The number of keys used: If the sender and receiver uses same key then it is
said to be symmetric key (or) single key (or) conventional encryption. If the
sender and receiver use different keys then it is said to be public key encryption.
 The way in which the plain text is processed: A block cipher processes the
input and block of elements at a time, producing output block for each input
block. A stream cipher processes the input elements continuously, producing
output element one at a time, as it goes along.
 Public Key Cryptography
Cryptanalysis:
The process of attempting to discover X or K or both is
known as cryptanalysis. The strategy used by the
cryptanalysis depends on the nature of the encryption
scheme and the information available to the cryptanalyst.
There are various types of cryptanalytic attacks based on
the amount of information known to the cryptanalyst.
Cipher text only – A copy of cipher text alone is known
to the cryptanalyst.
Known plaintext – The cryptanalyst has a copy of the
cipher text and the corresponding plaintext.
Public Key Cryptography
Chosen plaintext – The cryptanalysts gains
temporary access to the encryption machine. They
cannot open it to find the key, however; they can
encrypt a large number of suitably chosen plaintexts
and try to use the resulting cipher texts to deduce the
key.
Chosen cipher text – The cryptanalyst obtains
temporary access to the decryption machine, uses it
to decrypt several string of symbols, and tries to use
the results to deduce the key.
Public Key Cryptography
PKC stands for Public Key Cryptography. It is also
known as asymmetric cryptography. It is an encryption
technique or a framework that uses a pair of keys (public
and private key) for secure data communication.
These keys are related, but not identical keys. Each key
performs a unique function, i.e., the public key is used to
encrypt, and the private key is used to decrypt. The
sender uses the recipient's public key to encrypt a
message, and the recipient uses the private key to decrypt
this message. The use of two keys enables PKC to solve
challenges faced in other cryptographic techniques.
Public Key Cryptography
PKC is different from the symmetric key algorithm,
which uses only one key to both encrypt and decrypt.
The two types of PKC algorithms are RSA (Rivest,
Shamir, and Adelman) and Digital Signature
Algorithm (DSA). PKC encryption evolved to meet
the growing need for secure communication in
multiple sectors such as the military, government
offices, etc. This type of cryptography has become an
important element of modern computer security and a
critical component of the cryptocurrency system.
Public Key Cryptography
The origin of public key encryption
In 1976, Whitfield Diffie, Martin Hellman and Ralph
Merkle published a paper titled "New Directions in
Cryptography." In this paper, they introduced the idea of
public key cryptography and described the first known
functional distributed cryptographic protocol. Since then,
the public key encryption algorithm has been used in
finance, e-business and e-commerce to keep data secure
by using two mathematically related keys.
Public Key Cryptography
The most important properties of public key encryption
scheme are −
Different keys are used for encryption and decryption.
This is a property which set this scheme different than
symmetric encryption scheme.
Each receiver possesses a unique decryption key,
generally referred to as his private key.
Receiver needs to publish an encryption key, referred
to as his public key.
Public Key Cryptography
Some assurance of the authenticity of a public key is
needed in this scheme to avoid spoofing by adversary as
the receiver. Generally, this type of cryptosystem involves
trusted third party which certifies that a particular public
key belongs to a specific person or entity only.
Encryption algorithm is complex enough to prohibit
attacker from deducing the plaintext from the ciphertext
and the encryption (public) key.
Though private and public keys are related
mathematically, it is not be feasible to calculate the
private key from the public key. In fact, intelligent part of
any public-key cryptosystem is in designing a relationship
between two keys.
 Public Key Cryptography
The process for sending and receiving data via asymmetric
cryptography typically consists of five steps:
Key generation. Each individual generates a public and
private key.
Key exchange. The sender and recipient exchange public
keys.
Encryption. The sender's data is encrypted using the
recipient's public key.
Sending encrypted data. The encrypted data is sent to the
recipient.
Decryption. The recipient decrypts the message using their
own private key.
Public Key Cryptography
New paradigm introduced by Diffie and Hellman
The mailbox analogy:
Bob has a locked mailbox
Alice can insert a letter into the box, but can’t unlock it
to take mail out
Bob has the key and can take mail out

Encrypt messages to Bob with Bob’s public key

Can freely distribute
Bob decrypts his messages with his private key
Only Bob knows this
Requirements
How should a public key scheme work?
Three main conditions
It must be computationally easy to encrypt or decrypt a
message given the appropriate key
It must be computationally infeasible to derive the
private key from the public key
It must be computationally infeasible to determine the
private key from chosen plaintext attack
 Attacker can pick any message, have it encrypted, and obtain the
ciphertext
How does PKC Work?
The public key is used by the sender to encrypt information,
whereas the private key is used by a recipient to decrypt it.
The public key can be shared without compromising the
security of the private one. All asymmetric key pairs are
unique, so a message encrypted with a public key can only
be read by the person who has the corresponding private key.
The keys of a pair are mathematically related, and their
length is much longer than those used in symmetric
cryptography. So, it is not easy to decipher the private key
from its pubic counterpart. RSA is one of the most common
algorithms for asymmetric encryption in use today.
Exchanging keys
Alice and Bob want to communicate using a block
cipher to encrypt their messages, but don’t have shared
key
How do Alice and Bob get a shared key?
Solution 1
Alice sends the key along with her encrypted message

Eve sees encrypted message and key

Uses key to decrypt message

L!
I
FA
Solution 2
Alice sends the key at some time prior to sending Bob
the encrypted message

Eve has to wait longer

If she saw the key transmission, she has the key
Uses key to decrypt message

L!
I
FA
Solution 3 – Use public key crypto
Diffie Hellman Key Exchange
All users share common modulus, p, and element g
g ≠ 0, g ≠ 1, and g ≠ p-1
Alice chooses her private key, k
A
Computes K = gkA mod p and sends it to Bob in the clear
A
Bob chooses his private key, k
B
Computes K = gkB mod p and sends it to Alice in the clear
B
When Alice and Bob want to agree on a shared key,
they compute a shared secret S
S = KBkA mod p
A,B
S = K kB mod p
B,A A
Diffie Hellman Key Exchange
Diffie-Hellman algorithm is one of the most important
algorithms used for establishing a shared secret. At the
time of exchanging data over a public network, we can use
the shared secret for secret communication. We use an
elliptic curve for generating points and getting a secret key
using the parameters.

As the name suggests,

This algorithm is used to exchange the secret key
between the sender and the receiver.
This algorithm facilitates the exchange of secret key
without actually transmitting it.
Diffie Hellman Key Exchange

Diffie Hellman Key Exchange Algorithm-

Let-
Private key of the sender = Xs
Public key of the sender = Ys
Private key of the receiver = Xr
Public key of the receiver = Yr

Using Diffie Hellman Algorithm, the key is exchanged in

the following steps-
Why does DH work?
Step-01:
One of the parties choose two numbers ‘a’ and ‘n’ and
exchange with the other party.
‘a’ is the primitive root of prime number ‘n’.
After this exchange, both the parties know the value of
‘a’ and ‘n’.
tep-02:
Both the parties already know their own private key.
Both the parties calculate the value of their public key
and exchange with each other.
Why does DH work?
Sender calculate its public key as-
Ys = aXs mod n
Receiver calculate its public key as-
Yr = aXr mod n

Step-03:
Both the parties receive public key of each other.
Now, both the parties calculate the value of secret key.
Why does DH work?
Sender calculates secret key as-
Secret key = (Yr)Xs mod n
Receiver calculates secret key as-
Secret key = (Ys)Xr mod n
Problem-01:
Suppose that two parties A and B wish to set up a common
secret key (D-H key) between themselves using the Diffie
Hellman key exchange technique. They agree on 7 as the
modulus and 3 as the primitive root. Party A chooses 2 and
party B chooses 5 as their respective secrets. Their D-H key
is-
How does DH work?
Solution-
Given-
n=7
a=3
Private key of A = 2
Private key of B = 5
Step-01:
Both the parties calculate the value of their public key and
exchange with each other.
Public key of A
= 3private key of A mod 7
= 32 mod 7
=2
How does DH work?
Public key of B
= 3private key of B mod 7
= 35 mod 7
=5
Step-02:
Both the parties calculate the value of secret key at their
respective side.
Secret key obtained by A
= 5private key of A mod 7
= 52 mod 7
=4
How does DH work?
Secret key obtained by B
= 2private key of B mod 7
= 25 mod 7
=4

Finally, both the parties obtain the same value of secret

key.
The value of common secret key = 4.
Public key applications
Some applications of public key technology include the
following.
Encryption
This is the main use of a public key to encrypt messages
prior to sending. With asymmetric encryption, both the
public and private keys are generated randomly. Anyone
can have access to a public key to encrypt data, but only an
individual who has the matching private key can decrypt
the data.
Since the public and private keys are mathematically
connected, they are used together to encrypt and decrypt
information. If anyone other than the owner of the private
key tries to decrypt the information using the public key,
the information will be unreadable.
*On classical computers
 Public key applications
Digital signatures
Public key encryption can also be used to create digital signatures.
The digital signatures are generated via the following steps:
The sender identifies the file to be digitally signed.
The document application on the sender's computer calculates a
unique hash value for the contents of that file.
The sender's private key is used to encrypt the hash value, creating
the digital signature.
The original file and the digital signature are sent together to the
recipient.
The recipient uses the sender's public key to decrypt the digital
signature's hash.
The recipient's computer calculates the hash of the original file and
compares it with the decrypted hash. If the two hashes match, the
signature is verified. If the hashes don't match, that's evidence that
the document has been altered or that the signature isn't valid.
 Public key applications
Secure Socket Layer and Transport Layer Security
connections
SSL/TLS use public key encryption to create a secure
connection between the server and client. This encryption
method enables the use of Hypertext Transfer Protocol
Secure. The communication session is first established using
asymmetric encryption to establish the identities of both
parties and to exchange a shared session key that enables a
symmetric cipher. Symmetric encryption, using a shared key,
is faster and more efficient than asymmetric encryption so it
makes sense to use it for as much of the communication as
possible.
 Public key risks
While public key encryption is more secure than symmetric
encryption, there are a few risks to consider, including the
following:
Low-quality key. A poorly crafted asymmetric key algorithm --
one that's too short in length, for example -- is a security risk.
Lost private key. If the private key is lost or misplaced, access
to the data becomes problematic.
Man-in-the-middle (MitM) attacks. Public key encryption can
be a target for MitM attacks. The two main ways of trusting the
identity of a website are the site's security certificate and its
public key encryption. If either of these is compromised, a
malicious party can insert itself into the connection between a
user and a website and then capture any information sent
between the two.
 Benefits of PKC
One key cannot be derived from another key, and
there is no need to exchange the keys
It allows to establish authentication of the sender by
using PKC (digital signature)
It can be used to create a digital signature in the
Operating System software such as Ubuntu, Red Hat
Linux packages distribution, etc.