Public key cryptography

• Asymmetric key vs symmetric key

• Asymmetric key: Public key (key pair) and private key (key pair) are
different; encryption key and decryption key are different; the number
of key can be a integer or several integer to make a key pair

• DES is a symmetric key system, even though there are many subkeys
and many steps

• Major disadvantage(problem) of a symmetric key: key management

(how to distribute the key to receiver, )
Public key cryptography
• Major disadvantage(problem) of a symmetric key: key management
(how to distribute the key to receiver, )

• Key management of public key system

• Public key: all people can know the public key of all other people. (the
place to put public key: public key directory (database))
• Private key: only private key owner know private key
Page 10 scenario
• Bob send M to Alice
• Which key bob used to encrypt M?
• How many keys we have in this scenario?
• Alice’s private key, Alice’s public key; Bob’s private key, Bob’s public
key;
• Bob(sender) use Alice(receiver)’s public key to encrypt M
• Alice(receiver) use Alice(receiver)’s private key To decrypt C
Trapdoor one-way
• One-way: easy to calculate y=f(x);and difficult to find x
from y
• Trapdoor: a secret (secret key) to make it easy to solve
the x from y
Knapsack (~bag, ~container)
• If a knapsack(bag) can contain 100 kg.
• Now I have several packages: 1kg, 10kg,
20kg,30kg,40kg,55kg,56kg,57kg;

• Question: which packages you should put in this knapsack(bag) to

fully use this knapsack?(10kg, 20kg,30kg,40kg)
• This packages are the messages sent to receiver. If the receiver knows
the total weight(100kg) and trapdoor(secret key), the receiver can
calculate packages easily.
Page 16 example
• What’s the meaning of solution (1,0,1,0), (0,0,0,1)
• (1,0,1,0): first package 2 exists, second package 3 doesn’t exist, third
package 5 exists, fourth package 7 doesn’t exist.
• (0,0,0,1): only fourth package 7 exist

• 1: represent package exit; 0: represent package doesn’t exit

• Fit binary system transmission
super-increasing knapsacks
• Knapsack -> super-increasing knapsack
• Knapsack: the order(position) of elements(packages) can be random.
• Total weight is 100kg,
• (10kg,40kg,50kg) or (40kg,50kg,10kg)
• super-increasing knapsack
• Each element(package) is greater than the sum of the previous
elements(packages)
• Q: which one(s) is super-increasing
• A. (1,2,3,4)no B.(2,4,7,14) yes C. (10,20,31) yes D.(1,2) yes
Page 19
• Because it is a super-increasing;
• How to find X(x1,x2,x3,x4)?
• Start from the largest element(last element)
• Last a4=8, if x4 = 1, a4*x4=8 (smaller than T,T=14),
• Then x4=1
• (why? Because if x4=0, then even the result of elements are
all 1, the product of the result elements and a will be smaller than T)
 super-increasing knapsack
• Can be used in symmetric key and asymmetric key system.

• asymmetric key system page 22

• Private key and public key
• Private key a(a1,a2,….)
• Public key?b=w*a mod m
• w is random integer? Or can I use any w value. NO!
• W has some conditions
• W must be co-prime to m and m must be greater than sum of all
elements of a
Page 10 and page 23
• Bob send M(X, (x1,x2,x3,….)) to Alice
• Which key bob used to encrypt M?
• How many keys we have in this scenario?
• Alice’s private key, Alice’s public key; Bob’s private key, Bob’s public
key;
• Bob(sender) use Alice(receiver)’s public key to encrypt M
• Alice(receiver) use Alice(receiver)’s private key To decrypt C
Page 23
• Bob use alice’s public key b to encrypt X
• B(b1,b2,..bn)
• T=x1*b1+x2*b2+…xn*bn
• When alice receives T (cipher text, encrypted message), use own
private key(secret key)to decrypt
 fyp
• Prototype demo (week 7 Thursday night)
• 8 minutes per group
• Focus on demo (workflow, features, create testing account before demo,
• What’s your next development)
• No need to prepare ppt

• A0 size poster, submit in week 8, general office will print them outside
• Less wordings, more graph/photo
• If you don’t submit on time, you have to print it by yourself without any re-fund
• Used in your final presentation on 19 july

• Submit all documents on 17 july

• 19 july, please reserve whole day for video taking(schedule will be released around week 7).
(each group need to prepare 20 minutes presentation, only one attempt (one-take video)
Page 28
• How to get final answer X=(0,1,1,0) from 15?

• Method on page 19
• A=(2,5,10,21)
• Try the largest element first, a4=21, try x4=1,
• A4*x4=21>15, so x4 is 0
• a3=10, try x3=1, a3*x3=10<21, so x3 is 1
RSA
• Most popular, typical public key system
• Euler Phi function is used in RSA
• If p and q are two primes, n=p*q and phi(n)=(p-1)(q-1)
• For example, p=7, q=11, then n=7*11=77 and phi(n)=(7-1)*(11-1)=60
Page 37
• Example of RSA
• e value is not random and not unique
• e meets conditions: 1<=e<=m-1, AND gcd(e,m)=1
Page 38
• Why E*D=kphi(N)+1
• Because E*D=1 mod phi(N)
• So E*D=1+kphi(N)
• For example, E=3, D=5, phi(N)= 16
• 3*5=1 mod 16
• Also 3*5=1+k*16 mod 16
Public key (pair)
• Page 39, public key is not one integer
• The pair (n,e) is the public key in RSA
Page 41
• Confidentiality: decrypt plaintext X
• Authentication: because only one person knows
• and can use private key. (it is like authenticate the usage of a system)
Page 42
• How to choose p and q?
• Previously in the rsa algorithm, no special requirement for p and q,
only require p and q are prime numbers.
• In the practical usage, we have some requirement for p and q
• At least 100 decimal digits long
• Why small numbers are NOT selected? (small numbers are easy to be
broken, attacker can use brute force…)
• For large number, attacker still can break, but it may take longer time,
• If it takes one month to break, the system is still relative secure
Page 42
• What is a probabilistic primality testing algorithm
• - it can NOT make sure the testing result is correct
• - with a high probability, the result is correct
• - it is quick to have a result

• Here, to test b is a prime or not

• It can not make sure b is a prime or not
• But with a high probability, b is a prime
Page 44 and 45
• n=15, G={1,14}
• a=1,2,…14
• a^[(n-1)/2] must be inside G
• 2^7=8 is not inside G
Page 49
• Y=2^64*2^8*2^1

• Then we can calculate 2^64 mod 179, 2^8 mod 179, 2^1 mod 179
• 2^64 = 2^32*2^32
• 2^32= 2^16*2^16
Page 50
• 5^375 mod 1823
• Step 1: divide 375 into the sum of 2^x
• 375=256 + 64 +32 +16 +4 +2 +1
• =2^8 + 2^6+2^5+2^4+2^2+2^1+2^0
• Step 2: compute the table [precomputation table]
• X^1 mod 1823, X^2 mod 1823, X^4 mod 1823, X^8 mod 1823
• So X^375=x^256 * x^64 * x^32 * x^16 * x^4 * x^2 * x^1
• = 1658 * 42 * 1058 * 1435 * 625 *25 *5= 591 mod 1823