SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

CRYPTOGRAPHY AND NETWORK SECURITY

UNIT- 2&3
Syllabus: Number Theory & Asymmetric Key Cryptography (2 Unit)

Number Theory: Prime and Relatively Prime Numbers, Modular Arithmetic, Fermat’s and Euler’s
Theorems, The Chinese Remainder theorem, Discrete logarithms.
Public Key Cryptography(Unit-3): Principles, public key cryptography algorithms, RSA Algorithms,
Diffie Hellman Key Exchange, Elgamal encryption & decryption, Elliptic Curve Cryptography.

PRIME NUMBER:
Prime numbers only have divisors of 1 and self they cannot be written as a product of other numbers.
eg. 2,3,5,7 are prime, 4, 6, 8,9,10 are not
prime numbers are central to number theory
List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113
127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199

An integer p > 1 is a prime number if and only if its only divisors are ± 1 and ±p.
Any integer a> 1 can be factored in a unique way as
where p1 < p2 < ... < pt are prime numbers and where each is a positive integer. This is known as the
fundamental theorem of arithmetic
91 = 7 x 13

3600 = 24 x 32 x 52

11011 = 7 x 112 x 13

If P is the set of all prime numbers, then any positive integer acan be written uniquelyin the following
form:

The right-hand side is the product over all possible prime numbers p; for any particular value of a,
most of the exponents ap will be 0.

RELATIVELY PRIME NUMBERS:

Two numbers a,b are relatively prime (coprime) if they have no common divisors apart from 1.
– eg. 8 and 15 are relatively prime since factors of 8 are 1,2,4,8 and of 15 are 1,3,5,15 and 1 is the only
common factor.
MODULAR ARITHMETIC:
Given two positive integer n and a, if we divide aby n, we get an integer quotient q and an integer
remainderrthat obey the following relationship:
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

THE EUCLIDEAN ALGORITHM

One of the basic techniques of number theory is the Euclidean algorithm, which is a simple procedure
for determining the greatest common divisor of two positive integers.
Greatest Common Divisor:
 The greatest common divisor of a and b is the largest integer that divides both a and b .
We also define gcd(0, 0) = 0.
 The positive integer c is said to be the greatest common divisor of a and b if
1. c is a divisor of a and of b;
2. any divisor of a and b is a divisor of c.
 An equivalent definition is the following:
gcd(a, b) = max[k, such that k|a and k|b]
gcd(60, 24) = gcd(60,-24) = 12
In general, gcd(a, b) = gcd(|a|, |b|).

Finding the Greatest Common Divisor:

The Euclidean algorithm is based on the following theorem:
For any nonnegative integer aand any positive integer b, gcd(a,b)=gcd(b,a mod b)
gcd(55, 22) = gcd(22, 55 mod 22) = gcd(22, 11) = 11

Example GCD(1970,1066)

1970 = 1 x 1066 + 904 gcd(1066, 904)

1066 = 1 x 904 + 162 gcd(904, 162)
904 = 5 x 162 + 94 gcd(162, 94)
162 = 1 x 94 + 68 gcd(94, 68)
94 = 1 x 68 + 26 gcd(68, 26)
68 = 2 x 26 + 16 gcd(26, 16)
26 = 1 x 16 + 10 gcd(16, 10)
16 = 1 x 10 + 6 gcd(10, 6)
10 = 1 x 6 + 4 gcd(6, 4)
6 =1 x4 +2 gcd(4, 2)
4=2x2+0 gcd(2, 0)
GCD(1970,1066)=2

CONGRUENT MODULO:
Two integers a and b are said to be congruent modulo of n if
a mod n= b mod n.
then this is written as a ≡ b mod n.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Ex: a=73 b=4 and n=23

73 mod 23 =4
4 mod 23 =4
So 73 ≡ 4 mod 23
Properties of Congruences:

Modular Arithmetic Operations:

Many complex cryptographic algorithms are actually based on simple arithmetic. In modular
arithmetic the numbers which going to deal are just integers and operations are addition, subtraction,
multiplication and division.

FERMAT’S AND EULER’S THEOREMS

Fermat's Theorem:

Fermat’s theorem states the following: If ‘p’ is prime and ‘a’ is a positive integer not divisible by p,
then

ap-1 ≡ 1 mod p

We can cancel the (p-1)! term because it is relatively prime to p then

ap-1 ≡ 1 mod p
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Euler’s Totient Function:

 It is defined as the number of positive integers less than ‘n’ and relatively prime to ‘n’ and is
written as ø(n). By convention ø(1)=1.
 It should be clear that, for a prime number p,
ø(p) = p – 1
ø(37) = 36
 To determine ø(35), we list all of the positive integers less than 35 that are relatively prime to it:
1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18,19, 22, 23, 24, 26, 27, 29, 31, 32, 33, 34
There are 24 numbers on the list, so . ø(35) = 24

Euler’s Theorem:
Euler’s theorem states that for every a and n that are relatively prime:
aø(n) ≡1(mod n)

SACET
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

3.6. THE CHINESE REMAINDER THEOREM:

Example :

SACET
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

DISCRETE LOGARITHMS:

71 7(mod 19)

72 = 49 = 2 x 19 + 11 11(mod 19)

73 = 343 = 18 x 19 + 1 1(mod 19)

74 = 2401 = 126 x 19 + 7 7(mod 19)

75 = 16807 = 884 x 19 + 11 11(mod 19)

Table. Powers of Integers, Modulo 19

SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

PUBLIC KEY CRYPTOGRAPHY:

Introduction:

 Asymmetric encryption is a form of cryptosystem in which encryption and decryption are

performed using the different keys - one a public key and one a private key. It is also known
as public-key encryption.
 Asymmetric encryption transforms plaintext into ciphertext using a one of two keys and an
encryption algorithm. Using the paired key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
 Asymmetric encryption can be used for confidentiality, authentication, or both.
 The most widely used public-key cryptosystem is RSA.

Principles of Public-Key Cryptosystems:

The concept of public key cryptography in invented for two most difficult problems of Symmetric key
encryption.

 key distribution – how to have secure communications in general without having to

trust a KDC (key distribution center) with your key.

 digital signatures – how to verify a message comes intact from the claimed sender.
Public-Key Cryptosystems:

A public-key encryption scheme has six ingredients

 Plaintext: This is the readable message or data that is fed into the algorithm as input.
 Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
 Public and private keys: This is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

 Ciphertext: This is the scrambled message produced as output. It depends on the plaintext
and the key. For a given message, two different keys will produce two different ciphertexts.
 Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

The essential steps are the following:

1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the
public key. The companion key is kept private. Each user maintains a collection of public keys
obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice's
public key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient can
decrypt the message because only Alice knows Alice's private key.
ENCRYPTION:
The plaintext is encrypted with receiver’s public key and decrypted using receiver private key.

AUTHENTICATION:

 Plaintext is encrypted is sender’s private key and decrypted using sender’s public key.
 The act of messages ciphertext getting decrypted by sender’s public key is the proof that
the message is actually sent by the designated sender.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Difference between symmetric and public key encryption:

 Examples for conventional encryption are DES, AES,IDEA and Blowfish.

 Examples for public key encryption are RSA, Diffie-Hellman, Elliptic Curve
Cryptography.

There is some source A that produces a message in plaintext, X =[X1,X2,..., XM,]. The M elements
of X are letters in some finite alphabet. The message is intended for destination B. B generates a
related pair of keys: a public key, PUb, and a private key, PRb. PRb is known only to B,
whereas PUb is publicly available and therefore accessible by A.
With the message X and the encryption key PUb as input, A forms the ciphertext Y=
[Y1, Y2,..., YN]:
Y = E(PUb, X)
The intended receiver, in possession of the matching private key, is able to invert the
transformation:
X = D(PRb, Y)

Figure: public key cryptosystems: Secrecy (or) confidentiality

SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Figure: Public-Key Cryptosystem: Authentication

CSE
Figure: Public-Key Cryptosystem: Authentication and Secrecy

Applications for Public-Key Cryptosystems:

 Encryption/decryption: The sender encrypts a message with the recipient's public key.
 Digital signature: The sender "signs" a message with its private key. Signing is achieved by
a cryptographic algorithm applied to the message.
 Key exchange: Two sides cooperate to exchange a session key.

Requirements for Public-Key Cryptography:

1. It is computationally easy for a party B to generate a pair (public key PUb, private key PRb).
2. It is computationally easy for a sender A, knowing the public key and the message to be
encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the
private key to recover the original message: M = D(PRb, C) = D[PRb, E(PUb, M)]
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine
the private key, PRb.
5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a
ciphertext, C, to recover the original message, M.
We can add a sixth requirement that, although useful, is not necessary for all public-key applications:
The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
THE RSA ALGORITHM
RSA is a public key encryption algorithm developed by Rivert(R) , Shamir(S) and Adleman (A) in year
1977. The RSA scheme is a block cipher in which the plaintext & ciphertext are integers between 0 and
n-1 for some ‘n’. A typical size for ‘n’ is 1024 bits or 309 decimal digits. RSA algorithm uses an
expression with exponentials.
• In RSA plaintext is encrypted in blocks, with each block having a binary value less than some
number n. that is, the block size must be less than or equal to log2(n)+1
• RSA uses two exponents ‘e’ and ‘d’ where epublic and dprivate.
• Encryption and decryption are of following form, for some PlainText ‘M’ and CipherText block
‘C’

• Both sender and receiver must know the value of n.

• The sender knows the value of ‘e’ & only the reviver knows the value of ‘d’ thus this is a public
key encryption algorithm with a
Public key PU={e, n}
Private key PR={d, n}
Requirements:

The RSA algorithm to be satisfactory for public key encryption, the following requirements must be
met:
o It is possible to find values of e, d and n such that “ Med mod n =M ” for all M<n
o It is relatively easy to calculate “ Me mod n “ and “ Cd mod n “for all values of M<n
o It is infeasible to determine “d” given ‘e’ & ‘n’.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Example

1. Select two prime numbers, p = 17 and q = 11.

2. Calculate n = pq = 17 × 11 = 187.
3. Calculate Ø(n) = (p - 1)(q - 1) = 16 × 10 = 160.
4. Select e such that e is relatively prime to Ø(n) = 160 and less than Ø (n); we choose e = 7.
5. Determine d such that de ≡1 (mod 160) and d < 160.The correct value is d = 23,
because 23 * 7 = 161 = (1 × 160) + 1; d can be calculated using the extended Euclid’s algorithm
The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.
The example shows the use of these keys for a plaintext input of M= 88. For encryption,
we need to calculate C = 887 mod 187.
Exploiting the properties of modular arithmetic, we can do this as follows.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Diffie-Hellman key exchange/Agreement Algorithm:

Whitefield Diffie and Martin Hellman devised an amazing solution to the problem of key
agreement, or key exchange, in 1976. This solution is called the Diffie—Hellman key
exchange/agreement algorithm. The beauty of this scheme is that the two parties, who want to
communicate securely, can agree on a symmetric key using this technique. This key can then be used
for encryption/decryption. However, we must note that the Diffie-HeIIman key exchange algorithm
can be used only for key agreement, but not for encryption or decryption of messages. Once both the
parties agree on the key to be used, they need to use other symmetric key-encryption algorithms for
actual encryption or decryption of messages. Although the Diffie—Hellman key-exchange algorithm is
based on mathematical principles, it is quite simple to understand.

Description of the algorithm:

SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

Example of the algorithm:

SACET

PROBLEM WITH THE ALGORITHM (MAN-IN-THE-MIDDLE ATTACK):

Can we now consider that the Diffie—Hellman key-exchange algorithm solves all our problems
associated with key exchange? Unfortunately, not quite! The Diffie-Hellman key exchange algorithm
can fall pray to the man-in-the-middle attack
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

1. Alice wants to communicate with Bob securely, and therefore, she first wants to do a Diffie-
HeIIman key exchange with him. For this purpose, she sends the values of n and g to Bob, as
usual. Let n =11 and g = 7. (As usual, these values Will form the basis of Alice's A and Bob's B,
which will be used to calculate the symmetric key K1 = K2 = K)

2. Alice does not realize that the attacker Tom is listening quietly to the conversation between
her and Bob. Tom simply picks up the valuesof n and g, and also forwards them to Bob as they
originally were (i.e. n = Il and g = 7).

3. Now, let us assume that Alice, Tom and Bob select random numbers x and y as shown in Figure.

4. One question at this Stage could be: Why does Tom select both x and y? We shall answer that
shortly. Now, based on these values, all the three persons calculate the values of A and B as shown in
Figure, note that Alice and Bob calculate only A and B, respectively. However, Tom calculates both A
and B.

SACET
5. Now the real drama begins as shown in figure,
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

As shown in the figure, the following things happen:

a) Alice sends her (i.e. 2) to Bob. Tom intercepts it, and instead, sends his A (i.e. 9) to Bob. Bob
has no idea that Tom had hijacked Alice's A and has instead given his A to Bob.

b) In return, Bob sends his B (i.e. 8) to Alice. As before, Tom intercepts it, and instead, sends his
B (i.e. 4) to Alice. Alice thinks that this B came from Bob. She has no idea that Tom had
intercepted the transmission from Bob, and changed B.

c) Therefore, at this juncture, Alice, Tom and Bob have the values Of A and B as shown in
following Fig.

Based on these values, all The three persons now calculate their keys as shown in following
Figure. We will notice that Alice calculates only K1 , Bob calculates only K2, whereas Tom calculates
both K1 and K2. Why does Tom need to do this?

CSE
SACET
Let us now revisit the question as to why Tom needs two keys. This is because at one side, Tom
wants to communicate with Alice securely using a shared symmetric key (9), and on the other hand,
he wants to communicate with Bob securely using a different shared symmetric key Only then can he
receive messages from Alice, view/manipulate them and forward them to Bob, and Vice versa.
Unfortunately for Alice and Bob, both will (incorrectly) believe that they are directly communicating
with each other. That is, Alice Will feel that the key 9 is shared between her and Bob, whereas Bob
Will feel that the key 5 is shared between him and Alice. Actually, what is happening is, Tom is sharing
the key 5 with Alice and with Bob!

This is also the reason why Tom needed both sets of the secret variables x and y, as well as later
on, the non-secret variables A and B. As we can see, the man-in-middle/attack can work against the
Diffie-Hellman key-exchange algorithm, causing it to fail. Thisis plainly because the man-in-the-middle
makes the actual communicators believe that they are talking to each other, whereas they are actually
talking to the man-in-the-middle, who is talking to each of them! This attack can be preventedif Alice
and Bob authenticate each other before beginning to exchange information. This proves to Alice that
Bob is indeed Bob, and not someone else (e.g. Tom) posing as Bob, Similarly, Bob can also get
convinced that Alice is genuine as well.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE

ELGAMAL CRYPTOGRAPHY:
Taber ElGamal created EIGamal cryptography, more popularly known as EIGamal cryptosystem. There
are three aspects that need to be discussed: EIGamaI key generation, EIGamaI encryption, and
EIGamaI decryption.

Elgamal key generation:

Elgamal key encryption:

CSE
SACET
Elgamal key decryption:

ELLIPTIC CURVE CRYPTOGRAPHY(ECC):

Elliptic Curve Cryptography (ECC) was discovered in 1985 by Victor Miller (IBM) and Neil
Koblitz (University of Washington) as an alternative mechanism for implementing public-key
cryptography. Public-key algorithms create a mechanism for sharing keys among large numbers
of participants or entities in a complex information system. Unlike other popular algorithms such
as RSA, ECC is based on discrete logarithms that is much more difficult to challenge at equivalent
key lengths.
SRI MITTAPALLI COLLEGE OF ENGINEERING,THUMMALAPALEM CSE