Cryptograph

y and
Network
Security
Seventh Edition, Global Edition
by William Stallings

© 2017 Pearson Education, Ltd., All rights reserved.

 Chapter 10
Other Public-Key Cryptosystems

© 2017 Pearson Education, Ltd., All rights reserved.

 Diffie-Hellman Key
Exchange
• First published public-key algorithm

• A number of commercial products employ this

key exchange technique

• Purpose is to enable two users to securely

exchange a key that can then be used for
subsequent symmetric encryption of messages

• The algorithm itself is limited to the exchange

of secret values

• Its effectiveness depends on the difficulty of

computing discrete logarithms
© 2017 Pearson Education, Ltd., All rights reserved.
More formally, let (p) be a prime number, and
(g) be an integer between 1 and (p-1). The
integer (g) is a primitive root modulo (p) if, for
every positive integer (k) from 1 to (p-1), there
exists a positive integer (m) such that:
(g^m) ≡the
Let's take k (mod p)
prime number (p) as 11. We want to find a
primitive root modulo 11, which is an integer (g) between 1
and 10 that satisfies the property:
(g^m) ≡ k (mod 11) for all k from 1 to 10.
We can try different values of (g) to see if they work:
For g = 2: (2^1) ≡ 2 (mod 11)
(2^2) ≡ 4 (mod 11)
(2^3) ≡ 8 (mod 11)
(2^4) ≡ 5 (mod 11)
(2^5) ≡ 10 (mod 11)
(2^6) ≡ 9 (mod 11)
(2^7) ≡ 7 (mod 11)
(2^8) ≡ 3 (mod 11)
(2^9) ≡ 6 (mod 11)
(2^10) ≡ 1 (mod 11)
© 2017 Pearson Education, Ltd., All
rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 Setup:
1. Alice and Bob agree on a public prime number (p) and a
primitive root modulo (g). These values are known to
both parties and are public.
2. Let's assume p = 23 and g = 5.
1.Private Keys:
1. Alice chooses a secret private key (a). Let's say Alice
chooses a = 6.
2. Bob chooses a secret private key (b). Let's say Bob
chooses b = 15.
2.Public Keys:
1. Alice calculates her public key (A) and shares it with
Bob. A = (g^a) mod p A = (5^6) mod 23 A = 8
2. Bob calculates his public key (B) and shares it with
Alice. B = (g^b) mod p B = (5^15) mod 23 B = 19
3.Shared Secret Key:
1. Alice and Bob exchange their public keys.
2. Alice calculates the shared secret key using Bob's public
key. Secret Key = (B^a) mod p Secret Key = (19^6) mod
23 Secret Key = 2
3. Bob
© 2017 Pearson calculates
Education, Ltd., All the shared secret key using Alice's public
key. Secret Key = (A^b) mod p Secret Key = (8^15) mod
rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 ElGamal
Cryptography
Public-key scheme
Used in the digital
based on discrete
signature standard
Announced in logarithms closely
(DSS) and the
1984 by T. Elgamal related to the
S/MIME e-mail
Diffie-Hellman
standard
technique

Global elements Security is based

are a prime on the difficulty of
number q and a computing
which is a discrete
primitive root of q logarithms

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
1.Setup:
•Choose a large prime number (p) and a primitive root modulo (g). These values
are known to everyone and are public.
•Let's assume p = 23 and g = 5.
2.Key Generation:
•Choose a secret private key (a). Let's say Alice chooses a = 6.
•Calculate the corresponding public key (A). A = (g^a) mod p A = (5^6) mod 23 A
=8
3.Encryption:
•Assume Bob wants to send a message to Alice.
•Convert the message to a numerical value. Let's say the message is "10", so m =
10.
•Choose a random secret key (k). Let's say k = 3.
•Calculate the first part of the ciphertext (c1). c1 = (g^k) mod p c1 = (5^3) mod
23 c1 = 10
•Calculate the second part of the ciphertext (c2). c2 = (m * (A^k)) mod p c2 = (10
* (8^3)) mod 23 c2 = 10 * 512 mod 23 c2 = 14
The ciphertext (c) sent by Bob to Alice is (c1, c2) = (10, 14).
4.Decryption:
•Alice receives the ciphertext (c1, c2) = (10, 15).
•She uses her private key (a) to decrypt the message. s = (c1^a) mod p s =
(10^6) mod 23 s = 19
•Calculate the inverse of s modulo p. s_inverse = 19^(-1) mod 23 s_inverse = 4
•Finally, Alice computes the original message (m) using the second part of the
ciphertext (c2) and the inverse of s. m = (c2 * s_inverse) mod p m = (14 * 4) mod
23 m = 60 mod 23 m = 10
© 2017 Pearson Education, Ltd., All
rights reserved.
 Elliptic Curve Arithmetic
• Most of the products and standards that use
public-key cryptography for encryption and
digital signatures use RSA
• The key length for secure RSA use has increased
over recent years and this has put a heavier
processing load on applications using RSA

• Elliptic curve cryptography (ECC) is showing up in

standardization efforts including the IEEE P1363
Standard for Public-Key Cryptography
• Principal attraction of ECC is that it appears to
offer equal security for a far smaller key size

© 2017 Pearson Education, Ltd., All rights reserved.

 Abelian Group
• A set of elements with a binary operation, denoted by
, that associates to each ordered pair (a, b) of
elements in G an element (a  b) in G, such that the
following axioms are obeyed:

(A1) Closure: If a and b belong to G, then a  b is also in

G

(A2) Associative: a  (b  c) = (a  b)  c for all a, b, c in G

(A3) Identity element: There is an element e in G such that a  e

=ea=a for all a in G

(A4) Inverse element: For each a in G there is an element a′ in G

such that a  a′ = a′ a = e

(A5) Commutative:
© 2017 Pearson Education, Ltd., All rights reserved. a  b = b  a for all a, b in G
© 2017 Pearson Education, Ltd., All rights reserved.
 Elliptic Curves Over
Zp
• Elliptic curve cryptography uses curves whose variables and
coefficients are finite

• Two families of elliptic curves are used in cryptographic

applications:

Binary
curves Prime
over curves
GF(2m) over Zp

• Variables and coefficients all • Use a cubic equation in which the

take on values in GF(2m) and
in calculations are performed
over GF(2m)
• Best for hardware applications
© 2017 Pearson Education, Ltd., All rights reserved.
variables and coefficients all take
on values in the set of integers
from 0 through p-1 and in which
calculations are performed modulo
p
• Best for software applications
 Table 10.1
Points (other than O) on the Elliptic Curve
E23(1, 1)

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 Elliptic Curves Over
GF(2 )
m

• Use a cubic equation in which the variables

and coefficients all take on values in GF(2m)
for some number m
• Calculations are performed using the rules of
arithmetic in GF(2m)
• The form of cubic equation appropriate for
cryptographic applications for elliptic curves
is somewhat different for GF(2m) than for Zp
• It is understood that the variables x and y and
the coefficients a and b are elements of GF(2m)
and that calculations are performed in GF(2m)
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 10.2
Points (other than O) on the Elliptic Curve
E24(g4, 1)

© 2017 Pearson Education, Ltd., All rights reserved.

© 2017 Pearson Education, Ltd., All rights reserved.
 Elliptic Curve
Cryptography (ECC)
• Addition operation in ECC is the
counterpart of modular multiplication
in RSA
• Multiple addition is the counterpart of
modular exponentiation
To form a
cryptographic system • Q=kP, where Q, P belong to a
using elliptic curves, prime curve
we need to find a • Is “easy” to compute Q given k
“hard problem” and P
corresponding to • But “hard” to find k given Q,
factoring the product and P
of two primes or taking • Known as the elliptic curve
the discrete logarithm logarithm problem
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 ECC
Encryption/Decryption
• Several approaches using elliptic curves have been analyzed

• Must first encode any message m as a point on the elliptic curve Pm

• Select suitable curve and point G as in Diffie-Hellman

• Each user chooses a private key nA and generates a public key PA=nA
*G

• To encrypt and send message Pm to B, A chooses a random positive

integer k and produces the ciphertext Cm consisting of the pair of
points:

Cm = {kG, Pm+kPB}

• To decrypt the ciphertext, B multiplies the first point in the pair by B’s
secret key and subtracts the result from the second point:

Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm

© 2017 Pearson Education, Ltd., All rights reserved.

 Security of Elliptic Curve
Cryptography
• Depends on the difficulty of the elliptic curve
logarithm problem

• Fastest known technique is “Pollard rho

method”

• Compared to factoring, can use much smaller

key sizes than with RSA

• For equivalent key lengths computations are

roughly equivalent

• Hence, for similar security ECC offers

significant computational advantages
© 2017 Pearson Education, Ltd., All rights reserved.
 Table 10.3
Comparable Key Sizes in Terms of Computational
Effort
for Cryptanalysis (NIST SP-800-57)

Note: L = size of public key, N = size of private key

© 2017 Pearson Education, Ltd., All rights reserved.

 Pseudorandom Number
Generation (PRNG) Based on
Asymmetric Cipher
• An asymmetric encryption algorithm
produces apparently ransom output and
can be used to build a PRNG
• Much slower than symmetric algorithms
so they’re not used to generate open-
ended PRNG bit streams
• Useful for creating a pseudorandom
function (PRF) for generating a short
pseudorandom bit sequence
© 2017 Pearson Education, Ltd., All rights reserved.
© 2017 Pearson Education, Ltd., All rights reserved.
 PRNG Based on Elliptic
Curve Cryptography
• Developed by the U.S. National Security Agency (NSA)

• Known as dual elliptic curve PRNG (DEC PRNG)

• Recommended in NIST SP 800-90, the ANSI standard

X9.82, and the ISO standard 18031

• Has been some controversy regarding both the security

and efficiency of this algorithm compared to other
alternatives
• The only motivation for its use would be that it is used in
a system that already implements ECC but does not
implement any other symmetric, asymmetric, or hash
cryptographic algorithm that could be used to build a
PRNG
© 2017 Pearson Education, Ltd., All rights reserved.
 Summary
• Diffie-Hellman Key
Exchange • Elliptic curve
• The algorithm arithmetic
• Key exchange protocols • Abelian groups
• Man-in-the-middle attack • Elliptic curves over
real numbers
• Elgamal cryptographic
system • Elliptic curves over Zp
• Elliptic curves over
• Elliptic curve GF(2m)
cryptography
• Analog of Diffie-Hellman • Pseudorandom number
key exchange
generation based on
• Elliptic curve
an asymmetric cipher
encryption/decryption
• Security of elliptic curve • PRNG based on RSA
cryptography • PRNG based on elliptic
© 2017 Pearson Education, Ltd., All rights reserved.
curve cryptography