Cryptography and Network Security NGIT

Introduction to Asymmetric Key Encryption

• Symmetric key encryption limitations

• Introduction to Asymmetric key encryption

• Asymmetric key Weakness & Solution

• Asymmetric key agreement

Symmetric Encryption Limitations

• Any exposure to the secret key compromises secrecy of cipher text

• A key needs to be delivered to the recipient of the coded message for it to be deciphered

– Potential for eavesdropping attack during transmission of key

The concept of public key cryptography is invented for two most difficult problems of Symmetric key
encryption.

• The Key Exchange Problem - Secrecy

• The Trust Problem - Authentication

Asymmetric Encryption

• Uses a pair of keys for encryption

– Public key for encryption

– Private key for decryption

• Messages encoded using public key can only be decoded by the private key

– Secret transmission of key for decryption is not required

– Every entity can generate a key pair and release its public key

Public key cryptography for proving Secrecy

Use public key for encryption and private key for decryption.

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Public key cryptography for proving Authentication

Use private key for encryption and public key for decryption. But anyone can decrypt it using public
key.

Public key cryptography for proving both Secrecy and Authentication

First encrypt with private key of A then again encrypt using public key of B at sender side.

Then decrypt with private key of B then again decrypt using public key of A at Receiver side. .

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Asymmetric Encryption weakness

• Efficiency is lower than Symmetric Algorithms

– A 1024-bit asymmetric key is equivalent to 128-bit symmetric key

• Potential for man-in-the middle attack

• It is problematic to get the key pair generated for the encryption

Man-in-the-middle attack

Hacker could generate a key pair, give the public key away and tell everybody, that it belongs
to somebody else. Now, everyone believing it will use this key for encryption, resulting in the
hacker being able to read the messages. If he encrypts the messages again with the public key of
the real recipient, he will not be recognized easily.

Asymmetric Encryption Solution

SUTHOJU GIRIJA RANI, Assistant Professor, CSE
Cryptography and Network Security NGIT
Used to improve efficiency

– Symmetric key is used for encrypting data

– Asymmetric key is used for encrypting the symmetric key

Asymmetric Key Agreement

• Key agreement is a method to create secret key by exchanging only public keys.

• Example

– Bob sends Alice his public key

– Alice sends Bob her public key

– Bob uses Alice’s public key and his private key to generate a session key

– Alice uses Bob’s public key and her private key to generate a session key

– Using a key agreement algorithm both will generate same key

– Bob and Alice do not need to transfer any key

Mathematics of Asymmetric Cryptography

• Basics of Number theory with applications

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT
• Theorem in Asymmetric Cryptography

– Fermat’s

– Euler’s

– Miller Rabin

– Fast exponentiation

• Prime factorization

• Primality test

• Chinese remainder Theorem

• Discrete Logarithms

Introduction

Modulo arithmetic

– Addition and additive inverse are easy

– Multiplicative inverse doesn’t always exist

Properties of primes

– A prime is divisible only by itself and one

– Determining primality is not all that easy

Multiword arithmetic

– Additional method – Chinese remainder theorem

Finding inverses in finite fields

– Modified Euclid’s algorithm applies here also

Applications of number theory

• Private key crypto

– RSA algorithm

– Elliptic curve cryptography

• Diffie-Hellman algorithm

– Generates a shared secret key

• Chinese remainder theorem

– Sometimes results in easier multiword arithmetic algorithms

• Generation and testing of large primes

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT
– Useful in all the above

The Primes & prime factorization theorem

• A prime is a number divisible only by itself and one

• Any number can be factored uniquely into a product of primes to some power

– Example 1100 = 2252111

• Relatively prime means (a,b)=1

– (a,b) means gcd(a,b)

– (a,b) is found using Euclid’s algorithm

– they cannot be written as a product of other numbers

– note: 1 is prime, but is generally not of interest

• eg. 2,3,5,7 are prime, 4,6,8,9,10 are not

• prime numbers are central to number theory

• list of prime number less than 200 is:

2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113

127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

• to factor a number n is to write it as a product of other numbers: n=a x b x c

• note that factoring a number is relatively hard compared to multiplying the factors together to
generate the number

• the prime factorisation of a number n is when its written as a product of primes

– eg. 91=7x13 ; 3600=24x32x52

Theorems in Asymmetric Cryptography

• Fermat’s

– ap-1 = 1 mod p, p doesn’t divide a

• Euler’s phi function

– (n) = number of numbers <n and relatively prime to n

– Easily found if factorization is known

• Euler’s theorem

– a (n) = 1 mod n – reduces to Fermat’s for n prime

• Miller-Rabin test

– Based on inverse of Fermat’s theorem

n is not prime if an-1 K1 mod n

• Fast exponentiation
SUTHOJU GIRIJA RANI, Assistant Professor, CSE
Cryptography and Network Security NGIT
– Convert x to binary – for example x8 is x squared three times

Fermat’s Theorem

• ap-1 = 1 (mod p)

– where p is prime and gcd(a,p)=1

• also known as Fermat’s Little Theorem

• also ap = p (mod p)

• useful in public key and primality testing

• Also, it is an affirmative, but not negative, test for primality

Euler’s Theorem

• a generalisation of Fermat's Theorem

• aø(n) = 1 (mod n)

– for any a,n where gcd(a,n)=1

• eg. a=3;n=10; ø(10)=4;

hence 34 = 81 = 1 mod 10

a=2;n=11; ø(11)=10;

hence 210 = 1024 = 1 mod 11

Euler Totient Function ø(n)

Now introduce the Euler’s totient function ø(n), defined as the number of positive integers less
than n & relatively prime to n. Note the term “residue” refers to numbers less than some
modulus, and the “reduced set of residues” to those numbers (residues) which are relatively
prime to the modulus (n). Note by convention that ø(1) = 1.

• when doing arithmetic modulo n

• complete set of residues is: 0..n-1

• reduced set of residues is those numbers (residues) which are relatively prime to n

– eg for n=10,

– complete set of residues is {0,1,2,3,4,5,6,7,8,9}

– reduced set of residues is {1,3,7,9}

• number of elements in reduced set of residues is called the Euler Totient Function ø(n)

• to compute ø(n) need to count number of residues to be excluded

• in general need prime factorization, but

– for p (p prime) ø(p) = p-1

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT
– for p.q (p,q prime) ø(pq) =(p-1)x(q-1)

• eg. ø(37) = 36

– ø(21) = (3–1)x(7–1) = 2x6 = 12

Primality Testing

• often need to find large prime numbers

• traditionally sieve using trial division

– ie. divide by all numbers (primes) in turn less than the square root of the number

– only works for small numbers

• alternatively can use statistical primality tests based on properties of primes

– for which all primes numbers satisfy property

– but some composite numbers, called pseudo-primes, also satisfy the property

• can use a slower deterministic primality test

Miller Rabin Algorithm

It is a test based on Fermat’s Theorem

algorithm is as follows:

TEST (n) is:

1. Find integers k, q, k > 0, q odd, so that (n–1)=2kq

2. Select a random integer a, 1<a<n–1

3. if aq mod n = 1 then return (“maybe prime");

4. for j = 0 to k – 1 do

5. if (a2jq mod n = n-1)

then return(" maybe prime ")

6. return ("composite")

• if Miller-Rabin returns “composite” the number is definitely not prime

• otherwise is a prime or a pseudo-prime

• chance it detects a pseudo-prime is < 1/4

• hence if repeat test with different random a then chance n is prime after t tests is:

– Pr(n prime after t tests) = 1-4-t

– eg. for t=10 this probability is > 0.99999

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Chinese Remainder Theorem

One of the most useful results of number theory is the Chinese remainder theorem (CRT), so
called because it is believed to have been discovered by the Chinese mathematician Sun-Tse in
around 100 AD. It is very useful in speeding up some operations in the RSA public-key
scheme, since it allows you to do perform calculations modulo factors of your modulus, and
then combine the answers to get the actual result. Since the computational cost is proportional
to size, this is faster than working in the full modulus sized modulus.

One of the useful features of the Chinese remainder theorem is that it provides a way to
manipulate (potentially very large) numbers mod M, in terms of tuples of smaller numbers.This
can be useful when M is 150 digits or more. However note that it is necessary to know
beforehand the factorization of M.

• used to speed up modulo computations

• if working modulo a product of numbers

– eg. mod M = m1m2..mk

• Chinese Remainder theorem lets us work in each moduli mi separately

• since computational cost is proportional to size, this is faster than working in the full modulus
M

• can implement CRT in several ways

• to compute A(mod M)

– first compute all ai = A mod mi separately

– determine constants ci below, where Mi = M/mi

– then combine results to get answer using:

Primitive Roots
• from Euler’s theorem have aø(n)mod n=1

• consider am=1 (mod n), GCD(a,n)=1

– must exist for m = ø(n) but may be smaller

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT
– once powers reach m, cycle will repeat

• if smallest is m = ø(n) then a is called a primitive root

• if p is prime, then successive powers of a "generate" the group mod p

• these are useful but relatively hard to find

Discrete Logarithms
Discrete logarithms are fundamental to a number of public-key algorithms, including Diffie-Hellman
key exchange and the digital signature algorithm (DSA).

Discrete logs (or indices) share the properties of normal logarithms, and are quite useful. The logarithm
of a number is defined to be the power to which some positive base (except 1) must be raised in order to
equal that number. If working with modulo arithmetic, and the base is a primitive root, then an integral
discrete logarithm exists for any residue.

However whilst exponentiation is relatively easy, finding discrete logs is not, in fact is as hard as
factoring a number. This is an example of a problem that is "easy" one way (raising a number to a
power), but "hard" the other (finding what power a number is raised to giving the desired answer).
Problems with this type of asymmetry are very rare, but are of critical usefulness in modern
cryptography.

• the inverse problem to exponentiation is to find the discrete logarithm of a number modulo p

• that is to find x such that y = gx (mod p)

• this is written as x = logg y (mod p)

• if g is a primitive root then it always exists, otherwise it may not, eg.

x = log3 4 mod 13 has no answer

x = log2 3 mod 13 = 4 by trying successive powers

• whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard problem

Diffie Hellman Key Exchange

• Diffie-Hellman is the first key agreement algorithm

– Invented by Whitfield Diffie & Martin Hellman

– Provided ability for messages to be exchanged securely without having to have shared
some secret information previously

– Inception of public key cryptography which allowed keys to be exchanged in the open

• No exchange of secret keys

Man-in-the middle attack avoided

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Procedure of Diffie Hellman Key exchange:

BOB

Generate Secret Random Number x

Compute Public Key ax mod p

Compute Session Key (a y)x mod p

ALICE

Generate Secret Random Number y

Compute Public Key a y mod p

Compute Session Key (ax)y mod p

Both Bob and Alice generates an identical secret key – Same key

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT
Diffie Hellman Key exchange algorithm example

RSA Cryptosystem
• Developed by Ron Rivest, Adi Shamir, Len Adelman

• Both public and private key are interchangeable

• Variable Key Size (512, 1024, or 2048 buts)

• Most popular public key algorithm.

Encryption and Decryption is also possible by RSA algorithm along with key generation.

Procedure of RSA Cryptosystem

• Choose two large prime numbers p & q

• Compute n=pq and z=(p-1)(q-1)

• Choose number e, less than n, which has no common factor (other than 1) with z

• Find number d, such that ed – 1 is exactly divisible by z

• Keys are generated using n, d, e

– Public key is (n,e)

– Private key is (n, d)

SUTHOJU GIRIJA RANI, Assistant Professor, CSE
Cryptography and Network Security NGIT
• E
Plain Text Numeric me Cipher Text (c = me mod
ncryptio
Representation n)
n: c =
me mod
l 12 248832 17 - Q n

o 15 759375 15 - O – m
is plain
text
v 22 5153632 22 - V
– c
e 5 3125 10 - J is
cipher
text

• Decryption: m = cd mod n

• Public key is shared and the private key is hidden

Example of RSA cryptosystem

• P=5 & q=7

• n=5*7=35 and z=(4)*(6) = 24

• e=5

• d = 29 , (29x5 –1) is exactly divisible by 24

• Keys generated are

– Public key: (35,5)

– Private key is (35, 29)

• Encrypt the word love using (c = me mod n)

– Assume that the alphabets are between 1 & 26

Generated Cipher text using RSA Cryptosystem in the above table

• Decrypt the word love using (m = cd mod n)

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

 Cryptography and Network Security NGIT
– n = 35, c=29

Cipher Text cd (m = cd mod n) Plain Text

17 481968572106750915091411825223072000 12 l

15 12783403948858939111232757568359400 15 o

22 852643319086537701956194499721110000000 22 v

10 100000000000000000000000000000 5 e

Generated back the Plain text successfully using RSA Cryptosystem in the above table

RABIN CRYPTO SYSTEM

Rabin Crypto system is a public-key crypto system invented by Michael Rabin, is a variation of
the RSA. RSA is based on the exponentiation congruence; Robin is based on quadratic
congruence.

The public key in the Rabin is n, private key is the tuple (p,q). Everyone can encrypt a message
using n, only Bob can decrypt the message using p and q.
Decryption of the message is in feasible It uses asymmetric key encryption for communicating
between two parties and encrypting the message.
The security of Rabin crypto system is related to the difficulty of factorization. It has the advantage
over the others that the problem on which it banks has proved to be hard as integer factorization.
It has the disadvantage also, that each output of the Rabin function can be generated by any of four
possible inputs. If each output is a cipher text, extra complexity is required on decryption to
identify which of the four possible inputs was the true plaintext.
Steps in Rabin cryptosystem Key generation
1. Generate two very large prime numbers, p and q, which satisfies the condition
p≠q→p≡q≡3(mod4)
For example:
p=139 and q=191
2. Calculate n=p.q
3. Public_key=n
4. Private_key=(p,q)
5. Return public_key,Private_keys
Encryption
1. Get the public key n.
2. Convert the message to ASCII value. Then convert it to binary and extend the binary
value with itself, and change the binary value back to decimal M.
3. Encrypt with the formula: C = M2 mod n
4. Send C to recipient.

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Decryption
1. Accept C from sender.
2. Compute:
(p+1)/4
a1 = C mod p a2= - C(p+1)/4 mod p b1= C(q+1)/4 mod q b2= - C(q+1)/4 mod q
3. Calculate four Plain text by using Chinese Remainder Algorithm:
M1=Chainese_Remainder(a1,b1,p,q)
M2=Chainese_Remainder(a1,b2,p,q)
M3=Chainese_Remainder(a2,b1,p,q)
M4=Chainese_Remainder(a2,b2,p,q)
4. Choose one of the above (M1, M2, M3 and M4) is the appropriate plaintext.

The Rabin crypto system is not deterministic: Decryption creates four equally probable
plaintexts
Example:
1. Bob selects p=23 and q=7, note both are congruent to 3mod4
2. Bob calculates n=pxq=161
3. Bob announces n publicly; he keeps p and q private
4. Alice want to send plaintext P=24. Note that 161and 24are relatively prime; 24 is in Z 161*
She calculates C=242 mod161 =93mod161, and sends the cipher text 93toBob
5. Bob receives 93 and calculates four values:
a. a1=+(93(23+1)/4mod23=1mod23
b. a2=-(93(23+1)/4mod23=22mod23
c. b1=+(93(7+1)/4mod7=4mod7
d. b2=-(93(7+1)/4mod7=3mod7
6. Bob takes four possible answers, (a1,b1), (a1,b2), (a2,b1), (a2,b2) and uses Chinese
Remainder Theorem to find 4 possible plain texts: 116,24,137 and 45.

Case1:
By using (a1=1, b1=4) combinations with modulo (p=23, q=7),
Let X is plaintext: X = 1 mod 23
X = 4 mod 7
By using Chinese Remainder Theorem:
M=23x7=161,
M1=M/23=161/23=7,
M2=M/7=161/7=23 M1-1=7-1 mod 23 = 723-2 mod 23 = 721 mod23=10
M2-1=23-1mod7=237-2mod7=235mod 7=4
X=(a1xM1xM1 -1+a2xM2xM-12 ) mod M = (1x7x10+4x23x4) mod 161=438 mod 161=116

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

Case2:
By using (a1=1,b2=3)combinations with modulo(p=23,q=7),Let X is plaintext: X = 1 mod 23
X=3mod7
By using Chinese Remainder Theorem:
M=23x7=161,
M1=M/23=161/23=7,
M2=M/7=161/7=23 M1-1=7-1 mod 23 = 723-2 mod 23 = 721 mod23=10
M2-1=23-1mod7=237-2mod7=235mod 7=4
X=(a1xM1xM1 -1+a2xM2xM-12 )modM =(1x7x10+3x23x4)mod161=346mod161=24
Similarly case3 & case 4 to be calculated.
So, Finally from four cases: we got four plaintext messages
Case1:116
Case2:24
Case3:137
Case4:45.
Only second answer(24) is Alice plaintext, Bob needs to make a decision based on the situation

Secure of the Rabin System:

The Rabin System is secure as long as p and q are large numbers

Elliptic Curve Cryptography

 Elliptical curve cryptography (ECC) is a public key encryption technique based on
elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic
keys. ECC generates keys through the properties of the elliptic curve equation instead of the
traditional method of generation as the product of very large prime numbers
 An elliptic curve is defined by an equation in two variables with coefficients. For
cryptography, the variables and coefficients are restricted to elements in a finite field, which
results in the definition of a finite abelian group.

Elliptic Curves over Real Numbers

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography and Network Security NGIT

ECC-Key Exchange:

Take two Global public Elements

Eq(a,b): Elliptic curve with parameters a, b, & q
G: Point on elliptic curve whose order is large value n
Alice Key Generation: Select private key nA: nA< n Calculate public key PA:PA=nAxG

Bob Key Generation: Select private key nB: nB< n Calculate public key PB:PB=nBxG

Secrete Key calculation by Alice: K=nAxPB

Secrete Key calculation by Bob: K=nBxPA

ECC-Encryption

 Let the message be M

 First encode the message M into a point on the elliptic curve
 Let this point be Pm
 Now this point is encrypted
 For encryption choose a random positive integer k
 ThenCm={kG,Pm+kPB}whereGisthebasepoint
ECC-Decryption

 Multiply first point in the pair with receivers secrete key i.e, kG x nB
 Then subtract it from second point in the pair i.e, Pm+ kPB- (kGx nB)

SUTHOJU GIRIJA RANI, Assistant Professor, CSE

Cryptography & Network Security CSE

ELGAMAL CRYPTOGRAPHIC SYSTEM

 In 1984, T. ElGamal announced a public-key scheme based on discrete
logarithms, closely related to the Diffie-Hellman technique.
 EIGamal Algorithms are used for both digital signatures as well as
encryption.

EIGamal Algorithm:-

Thus, functions as a one-time key, used to encrypt and decrypt the message. For
example, let us start with the prime field GF(19); that is, q = 19.It has primitive roots
{2, 3, 10, 13, 14, 15 }. We choose α = 10.
Alice generates a key pair as follows:

Suthoju Girija Rani, Assistant Professor, CSE.

Cryptography & Network Security CSE

Suthoju Girija Rani, Assistant Professor, CSE.