Debremarkos Univesity

Department of Computer Science

Computer Security
Chapter 3
PUBLIC KEY CRYPTOSYSTEM
Continued…
• In symmetric-key cryptography, the sender and receiver of a message secured by using the
same secret key.
• The main challenge is getting the sender and receiver to agree on the secret key without anyone
else finding out.
• If they are in separate physical locations, they must trust a carrier, a phone system, or some
other transmission medium to prevent the disclosure of the secret key.
• Anyone who overhears or intercepts the key in transit can later read, modify, and forge all
messages encrypted or authenticated using that key.
• Because all keys in a secret-key (symmetric-key) cryptosystem must remain secret, secret-key
cryptography often has difficulty providing secure key management.
• Key distribution under symmetric encryption requires either (1) that two communicants
already share a key, which somehow has been distributed to them; or (2) the use of a key
distribution center.
• To solve the key management problem, Whitfield Diffie and Martin Hellman introduced the
concept of public-key cryptography in 1976.
• Public-key cryptography refers to a cryptographic system requiring two separate keys, one of
which is secret and one of which is public.
• Although different, the two parts of the key pair are related and mathematically linked.
• One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext.
Neither key can perform both functions by itself.
• The public key may be published without compromising security, while the private key must
not be revealed to anyone not authorized to read the messages.
• Public-key cryptography uses asymmetric key algorithms, and can also be referred to as
asymmetric key cryptography.
• The algorithms used for public key cryptography are based on mathematical relationships (the
ones being the integer factorization and discrete logarithm problems).
• Although it is easy for the recipient to generate the public and private keys, to decrypt the
message using the private key, and easy for the sender to encrypt the message using the public
key, it is extremely difficult for anyone to derive the private key, based only on their knowledge
of the public key.
• A public-key encryption scheme has six ingredients

Figure: Public-key cryptography

• Plaintext: This is the readable message or data that is fed into the algorithm as input.
• Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
• Public and private keys: This is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and
the key. For a given message, two different keys will produce two different ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.
• As the names suggest, the public key of the pair is made public for others to use, while the
private key is known only to its owner. A general-purpose public-key cryptographic algorithm
relies on one key for encryption and a different but related key for decryption.
♥ The essential steps are the following.
1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the
public key. The companion key is kept private. As the previous figure suggests, each user
maintains a collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using
Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient
can decrypt the message because only Alice knows Alice’s private key.
• The following table summarizes some of the important aspects of symmetric and public key
encryption.
• To discriminate between the two, we refer to the key used in symmetric encryption as a secret
key.
• The two keys used for asymmetric encryption are referred to as the public key and the private
key.
• Invariably, the private key is kept secret, but it is referred to as a private key rather than a
secret key to avoid confusion with symmetric encryption.
 Table: Symmetric and public-key encryption

• Public-key cryptography used two different keys—one public and the other private. It is
computationally hard to deduce the private key from the public key. Anyone with the public
key can encrypt a message but not decrypt it. Only the person with the private key can decrypt
the message.
♥ Another difference between symmetric and asymmetric cryptography is
 Symmetric-key cryptography is based on sharing secrecy; asymmetric-key cryptography is
based on personal secrecy.
 In symmetric-key cryptography, symbols are permuted or substituted; in asymmetric-key
cryptography, numbers are manipulated.
 Applications for Public-Key Cryptosystems
• Before proceeding, we need to clarify one aspect of public-key cryptosystems that
is otherwise likely to lead to confusion.
• Public-key systems are characterized by the use of a cryptographic algorithm with
two keys, one held private and one available publicly.
• Depending on the application, the sender uses either the sender’s private key or the
receiver’s public key, or both, to perform some type of cryptographic function.
• In broad terms, we can classify the use of public-key cryptosystems into three
categories:
i. encryption/decryption ii. digital signatures & iii. Key
distribution
• Encryption/decryption: The sender encrypts a message with the recipient’s public key. This is a
technique to encrypt a message with a recipient's public key that cannot be decrypted by
anyone except a possessor of the matching private key.
• Digital signature: The sender “signs” a message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message or to a small block of data that is a function of
the message.
• Digital signature is a technique for signing a message using a sender's private key that can be
verified by anyone who has access to the sender's public key, thereby proving that the sender
had access to the private key and, therefore, is likely to be the person associated with the public
key used.
• Key exchange: Two sides cooperate to exchange a session key. Several different approaches
are possible, involving the private key(s) of one or both parties.
Requirements for Public-Key Cryptography
• The cryptosystem illustrated in previous figure depends on a cryptographic algorithm based on
two related keys.
• Diffie and Hellman postulated this system without demonstrating that such algorithms exist.
• However, they did lay out the conditions that such algorithms must fulfill the following
requirements.
1. It is computationally easy for a party B to generate a pair of key (public key PU b, private

key PRb).
2. It is computationally easy for a sender A, knowing the public key and the message to be
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the
private key to recover the original message: M = D(PRb, C) = D[PRb, E(PUb, M)]

4. It is computationally infeasible for an adversary, knowing the public key, PU b, to determine the

private key, PRb.

5. It is computationally infeasible for an adversary, knowing the public key, PU b, and a

ciphertext,
C, to
We recover
can the original
add a sixth message,
requirement that,M.
although useful, is not necessary for all public-key
applications:
6. The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
 Public-Key Cryptography Algorithms
• The two most widely used public-key algorithms are Diffie-Hellman and RSA. We look at
both of these in this section.
1) Diffie-Hellman key exchange
• It is the first published public-key algorithm appeared by Diffie and Hellman that defined
public-key cryptography and is generally referred to as Diffie-Hellman key exchange.
• The purpose of the algorithm is to enable two users to securely exchange a key that can then be
used for subsequent encryption of messages. The algorithm itself is limited to the exchange of
secret values.
• The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of
each other to jointly establish a shared secret key over an insecure communications channel.
This key can then be used to encrypt subsequent communications using a symmetric key.
• The method was followed shortly afterwards by RSA, an implementation of public key
cryptography using asymmetric algorithms.
• The first important contribution of Diffie and Hellman was the definition of a Public Key
Cryptosystem (PKC) and its associated components—one-way functions and trapdoor
information.
• A one-way function is an invertible function that is easy to compute, but whose inverse is
difficult to compute.
• Secure PKCs are built using one-way functions that have a trapdoor. The trapdoor is a piece of
auxiliary information that allows the inverse to be easily computed.
• Diffie and Hellman made several suggestions for one-way functions, including knapsack
problems and exponentiation mod q, but they did not produce an example of a PKC, mainly for
lack of finding the right trapdoor information.
• The Diffie–Hellman key exchange algorithm solves the following dilemma:
 Alice and Bob want to share a secret key for use in a symmetric cipher, but their only
means of communication is insecure. Every piece of information that they exchange is
observed by their adversary Eve.
 How is it possible for Alice and Bob to share a key without making it available to Eve?
 At first glance it appears that Alice and Bob face an impossible task.
• It was a brilliant insight of Diffie and Hellman that the difficulty of the discrete logarithm
problem for F∗p provides a possible solution.
 The first step is for Alice and Bob to agree on a large prime p and a nonzero integer g modulo
p.
 Alice and Bob make the values of p and g public knowledge; for example, they might post the
values on their web sites, so Eve knows them, too.
 For various reasons, it is best if they choose g such that its order in F∗p is a large prime.
 The next step is for Alice to pick a secret integer a that she does not reveal to anyone, while at
the same time Bob picks an integer b that he keeps secret.
 Bob and Alice use their secret integers to compute
A ≡ ga (mod p) and B ≡ gb (mod p)
Alice computes this Bob computes this
♥ They next exchange these computed values
Alice sends A to Bob and Bob sends B to Alice.
Note that Eve gets to see the values of A and B, since they are sent over the insecure
communication channel.
♥ Finally, Bob and Alice again use their secret integers to compute
A’ ≡ Ba (mod p) and B’ ≡ Ab (mod p)
Alice computes this Bob computes this

 The values that they compute, A’ and B’ respectively, are actually the same, since
A’ ≡ Ba ≡ (gb)a ≡ gab ≡ (ga)b ≡ Ab ≡ B’ (mod p).
 This common value is their exchanged key.

♥ The Diffie–Hellman key exchange algorithm is summarized in the following table.

♥ Example: Alice and Bob agree to use the prime p = 941 and the primitive root g = 627.
Alice chooses the secret key a = 347 and computes
A = 390 ≡ 627347 (mod 941).
Similarly, Bob chooses the secret key b = 781 and computes
B = 691 ≡ 627781 (mod 941).
 Alice sends to Bob the number 390 and Bob sends to Alice the number 691.
 Both of these transmissions are done over an insecure channel, so both
A = 390 and B= 691 should be considered public knowledge.
 The numbers a = 347 and b= 781 are not transmitted and remain secret.
Then Alice and Bob are both able to compute the number
470 ≡ 627347 x 781 ≡ Ab ≡ Ba (mod 941),
so 470 is their shared secret.
• Suppose that Eve sees this entire exchange. She can reconstitute Alice’s and Bob’s shared
secret if she can solve either of the congruencies
627a ≡ 390 (mod 941) or 627b ≡ 691 (mod 941),
since then she will know one of their secret exponents.

• As far as is known, this is the only way for Eve to find the secret shared value without Alice’s
or Bob’s assistance.
• Of course, our example uses numbers that are much too small to afford Alice and Bob any real
security, since it takes very little time for Eve’s computer to check all possible powers of 627
modulo 941. Current guidelines suggest that Alice and Bob choose a prime p having
approximately 1000 bits (i.e., p≈21000) and an element g whose order is prime and
approximately p/2. Then Eve will face a truly difficult task.
In general, Eve’s dilemma is this.
• She knows the values of A and B, so she knows the values of ga and gb. She also knows the
values of g and p, so if she can solve the DLP, then she can find a and b, after which it is
easy for her to compute Alice and Bob’s shared secret value gab.
• It appears that Alice and Bob are safe provided that Eve is unable to solve the DLP, but this
is not quite correct.
• It is true that one method of finding Alice and Bob’s shared value is to solve the DLP, but
that is not the precise problem that Eve needs to solve.
 The security of Alice’s and Bob’s shared key rests on the difficulty of the following,
potentially easier, problem.
 Definition. Let p be a prime number and g an integer. The Diffie–Hellman Problem (DHP) is
the problem of computing the value of gab (mod p) from the known values of ga (mod p) and gb
(mod p).
• It is clear that the DHP is no harder than the DLP.
 If Eve can solve the DLP, then she can compute Alice and Bob’s secret exponents a and b from
the intercepted values A = ga and B = gb, and then it is easy for her to compute their shared
key gab. (In fact, Eve needs to compute only one of a and b.)
 But the converse is less clear:
Suppose that Eve has an algorithm that efficiently solves the DHP. Can she use it to also
efficiently solve the DLP?
The answer is not known.
 2) The RSA Public-Key Encryption Algorithm
• A number of algorithms have been proposed for public-key cryptography. One of the first
successful responses to the challenge was developed in 1977 by Ron Rivest, Adi Shamir, and
Len Adleman at MIT and first published in 1978.
• The Rivest-Shamir-Adleman (RSA) scheme has since that time reigned supreme as the most
widely accepted and implemented general-purpose approach to public-key encryption.
• RSA is named after its inventors Rivest, Shamir, and Adleman.
• The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0
and n-1 for some n.
• RSA makes use of an expression with exponentials. Plaintext is encrypted in blocks, with each
block having a binary value less than some number n.
• Encryption and decryption are of the following form, for some plaintext block M and
ciphertext block C:
Encryption C = Me mod n
Decryption M = Cd mod n = (Me)d mod n = Medmod n
• Both sender and receiver must know the value of n. The sender knows the value of e, and only
the receiver knows the value of d. Thus, this is a public-key encryption algorithm with a public
key of PU={e, n} and a private key of PR={d, n}. For this algorithm to be satisfactory for
public-key encryption, the following requirements must be met.
1. It is possible to find values of e, d, n such that Med = M mod n for all M < n.
2. It is relatively easy to calculate Me and Cd for all values of M < n.
3. It is infeasible to determine d given e and n.
The following figure summarizes RSA algorithm

Private key
• The RSA algorithm depends upon the computational difficulty inherent in factoring large
prime numbers. Each user of the cryptosystem generates a pair of public and private keys using
the algorithm described in the following steps:
 Begin by selecting two prime numbers, p and q, and calculating their product n, which is the
modulus for encryption and decryption.
 Next, we need the quantity φ(n) referred to as the Euler totient of n, which is the number of
positive integers less than n and relatively prime to n.
 Then select an integer e that is relatively prime to φ(n) (i.e., the greatest common divisor of e
and φ(n) is 1].
 Finally, calculate d as the multiplicative inverse of e, modulo φ(n).
• It can be shown that d and e have the desired properties.
• Suppose that user A has published its public key and that user B wishes to send the message M
to A.
• Then B calculates C = Me (mod n) and transmits C.
• On receipt of this ciphertext, user A decrypts by calculating
M = Cd (mod n).
• Alice generates a public/private key pair; Bob encrypts using Alice’s public key; and Alice
decrypts using her private key.
• An example is shown in the following Figure. For this example, the keys were generated as
follows.
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq =17×11 = 187.
3. Calculate φ(n)=(p-1)(q-1) = 16×10 = 160.
4. Select e such that e is relatively prime to φ (n) = 160 and less than φ (n);
we choose e = 7.
5. Determine d such that de ≡ 1 (mod 160) and d< 160.The correct value is
d=23, because 23×7 = 161 = (1×160) + 1;
♥ The resulting keys are public key PU={7, 187} and private key PR={23, 187}.
♥ The example shows the use of these keys for a plaintext input of M=88.
♥ For encryption, we need to calculate C=887mod 187. Exploiting the properties of modular
arithmetic, we can do this as follows.
887 mod 187 = [(884mod 187) × (882mod 187) × (881mod 187)] mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187= 59,969,536 mod 187 = 132
887 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11

For decryption, we calculate M = 1123 mod 187:

1123 mod 187 = [(111mod 187) × (112mod 187) × (114mod
187) × (118mod 187) × (118mod 187)] mod 187
111 mod 187 = 11
112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod 187
= 88
• The integers e and d in RSA key generation are called the encryption exponent and the
decryption exponent, respectively, while n is called the modulus.
• Another example : Alice creates a pair of keys for herself. She chooses p = 397 and q = 401.
She calculates n = 397×401 = 159197. She then calculates φ(n) = 396 × 400 = 158400. She
then chooses e = 343 and d = 12007. Bob wants to send the message “NO”. Show how he can
send the message if each character is coded as two digits (from 00 to 25).
• Solution: N = 13, O = 14. Bob then concatenates the two coded characters and gets a four-digit
number. The plaintext is, so, 1314. Bob then uses e and n to encrypt the message. The
ciphertext is 1314343mod 159197 = 33677.
• Alice receives the message 33677 and uses the decryption key d to decipher is as 3367712007
mod 159197 = 1314. Alice then decodes 1314 as the message “NO”.
Another example where plain text not recovered
1. Take two prime numbers, p = 17 and q = 11.
2. Then n = 187, e = 7 and d = 23
2. Let M = 189
3. We get C=1897mod 187 = 128 (encryption)
4. M = 12823mod 187 = 2 (decryption)
Note that retrieved M (2) is different from actual M (189).
The problem is because M is not < n.
Reading Assignment
Digital Signature
Using Public Key
Using Message Digest
MD4family
SHA family
RIPEMD
 k s!
h a n
y T
a n
M