UNIT–III: PUBLIC KEY CRYPTOGRAPHY

Public key cryptography, also known as asymmetric cryptography, is a cryptographic system that
uses pairs of keys: a public key, which can be freely distributed, and a private key, which is kept
secret. Public key cryptography enables secure communication and digital signatures without
the need for a shared secret key between the communicating parties. One of the most widely
used public key cryptographic algorithms is RSA (Rivest-Shamir-Adleman).

Here are the key principles of RSA:

1. Key Generation:

• RSA involves generating a pair of cryptographic keys: a public key and a private
key.
• The keys are generated using mathematical algorithms that involve selecting
large prime numbers and performing various mathematical operations.

2. Public Key:

• The public key is used for encryption and verification. It can be freely distributed
to anyone who wishes to communicate securely with the owner of the key.
• The public key consists of two components: the modulus (N) and the public
exponent (e). The modulus is the product of two large prime numbers, and the
public exponent is typically a small prime number, such as 65537 (2^16 + 1).

3. Private Key:

• The private key is kept secret and is used for decryption and signing. Only the
owner of the private key should have access to it.
• The private key consists of two components: the modulus (N) and the private
exponent (d). The private exponent is calculated using modular arithmetic and is
related to the public exponent and other parameters.

4. Encryption:

• To encrypt a message using RSA, the plaintext message is converted into a

numerical value (typically using a padding scheme), and then raised to the power
of the public exponent modulo the modulus.
 • The ciphertext, which is the result of this operation, can only be decrypted using
the corresponding private key.

5. Decryption:

• To decrypt a ciphertext encrypted with RSA, the ciphertext is raised to the power
of the private exponent modulo the modulus.
• The result of this operation is the original plaintext message.

6. Digital Signatures:

• RSA can also be used for digital signatures, where the private key is used to sign
a message, and the public key is used to verify the signature.
• To sign a message, the message is hashed, and then the hash value is encrypted
with the private key. The resulting ciphertext is the digital signature.
• To verify the signature, the recipient decrypts the signature using the public key,
hashes the original message, and compares the resulting hash value with the
decrypted signature.

RSA is widely used in various cryptographic applications, including secure communication,

digital signatures, and key exchange protocols. It provides strong security guarantees when
implemented correctly and used with appropriate key lengths and cryptographic parameters.

RSA Algorithm, Key Management and other Public Key Cryptosystems Key Management

The RSA algorithm, a cornerstone of public-key cryptography, relies on the use of asymmetric
key pairs: a public key and a private key. Here's an overview of RSA, key management, and other
public-key cryptosystems' key management:

1. RSA Algorithm:

• RSA is based on the mathematical difficulty of factoring large composite numbers

into their prime factors.
• Key Generation:

• Two large prime numbers, p and q, are selected randomly.

• The modulus, N, is computed as the product of p and q.
 • Euler's totient function, φ(N), is calculated as (p-1)(q-1).
• The public key exponent, e, is chosen such that it is relatively prime to
φ(N) and within a certain range, commonly 65537 (2^16 + 1).
• The private key exponent, d, is calculated such that (e * d) % φ(N) = 1.

• Encryption:

• The sender encrypts the plaintext message M using the recipient's public
key (N, e) to obtain the ciphertext C = M^e mod N.

• Decryption:

• The recipient decrypts the ciphertext C using their private key (N, d) to
obtain the original plaintext message M = C^d mod N.

2. Key Management:

• Key Generation:

• The generation of RSA key pairs involves generating strong random

primes, which form the basis of the public and private keys.
• Key generation must be performed securely to ensure the secrecy of the
private key.

• Key Distribution:

• Public keys can be freely distributed to anyone who wishes to

communicate securely with the owner of the key. They can be shared via
secure channels or through public key infrastructure (PKI) systems.
• Private keys should be kept confidential and securely stored by their
owners.

• Key Storage:

• Private keys should be stored securely using appropriate key

management practices, such as encryption, access controls, and hardware
security modules (HSMs).
• Public keys can be stored in public directories, certificates, or other
trusted repositories.

• Key Revocation:
 • If a private key is compromised or lost, it should be revoked and replaced
with a new key pair.
• Key revocation mechanisms, such as certificate revocation lists (CRLs) or
online certificate status protocol (OCSP), can be used to inform users
about revoked keys.

3. Other Public Key Cryptosystems:

• Other public key cryptosystems, such as ElGamal, DSA (Digital Signature

Algorithm), and ECC (Elliptic Curve Cryptography), also rely on key management
principles similar to RSA.
• They involve key generation, distribution, storage, and revocation processes
similar to those described for RSA.
• However, the specific algorithms and parameters used may vary, depending on
the cryptosystem and its security requirements.

In summary, key management is a critical aspect of public key cryptography, ensuring the secure
generation, distribution, storage, and revocation of cryptographic keys to maintain the
confidentiality, integrity, and authenticity of digital communications and transactions

Diffie–Hellman Key Exchange, Elliptic Curve Arithmetic

The Diffie-Hellman key exchange (DH) and elliptic curve arithmetic are two important concepts in
modern cryptography, particularly in the field of public-key cryptography.

1. Diffie-Hellman Key Exchange (DH):

• The Diffie-Hellman key exchange is a method for two parties to establish a shared secret
key over an insecure channel.
• It allows two parties to agree upon a shared secret key without having to exchange the
key directly.
• The security of the Diffie-Hellman key exchange relies on the computational difficulty of
the discrete logarithm problem.
• The key steps of the Diffie-Hellman key exchange are as follows:
 1. Both parties agree on a common public parameters: a prime number p and a
base g (primitive root modulo p).
2. Each party generates their own private key: a for party A and b for party B,
where 1<,<−11<a,b<p−1.
3. Party A computes =mod A=gamodp and sends A to party B.
4. Party B computes =mod B=gbmodp and sends B to party A.
5. Both parties can then compute the shared secret key:
=mod =mod K=Bamodp=Abmodp.
• The Diffie-Hellman key exchange provides perfect forward secrecy, meaning that if one
session's key is compromised, past and future session keys remain secure.
2. Elliptic Curve Arithmetic:
• Elliptic curve cryptography (ECC) is a type of public-key cryptography that uses the
algebraic structure of elliptic curves over finite fields for encryption and digital
signatures.
• ECC offers equivalent security to RSA and other public-key systems with smaller key
sizes, making it more efficient in terms of computational resources and bandwidth.
• The arithmetic operations in elliptic curve cryptography are performed on points on an
elliptic curve.
• The key steps in elliptic curve arithmetic are:
1. Point Addition: Given two points P and Q on the elliptic curve, the sum +P+Q is
computed using geometric rules for adding points on the curve.
2. Point Doubling: Given a point P on the elliptic curve, the point 22P is computed
using geometric rules for doubling points on the curve.
3. Scalar Multiplication: Given a point P on the elliptic curve and an integer k, the
point kP is computed by iteratively adding or doubling points based on the
binary representation of k.
• The security of ECC is based on the difficulty of the elliptic curve discrete logarithm
problem.

In summary, Diffie-Hellman key exchange and elliptic curve arithmetic are two important concepts in
modern cryptography, providing secure key exchange and efficient public-key encryption and digital
signatures, respectively. They are widely used in various cryptographic protocols and systems to ensure
the confidentiality, integrity, and authenticity of digital communications

Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is a type of public-key cryptography that relies on the
algebraic structure of elliptic curves over finite fields to provide security for various
cryptographic applications, including encryption, digital signatures, and key exchange protocols.
ECC offers several advantages over other public-key cryptosystems, such as RSA, including
smaller key sizes, faster computation, and strong security guarantees.

Here are the key components and principles of elliptic curve cryptography:

1. Elliptic Curves:

• An elliptic curve is a mathematical curve defined by an equation of the form

2=3++y2=x3+ax+b, where a and b are parameters that determine the shape of the
curve.
• Elliptic curves have a group structure, which means that points on the curve can
be added together and multiplied by a scalar.
• The group operation for adding points on an elliptic curve is defined
geometrically and satisfies certain properties, such as associativity and the
existence of an identity element.

2. Points on the Curve:

• Points on an elliptic curve are pairs of coordinates (,)(x,y) that satisfy the curve
equation.
• The set of points on an elliptic curve, including a special point at infinity, forms an
abelian group under the group operation defined on the curve.

3. Scalar Multiplication:

• Scalar multiplication involves multiplying a point on the elliptic curve by an

integer k.
 • Scalar multiplication is computed using repeated point addition and doubling
operations, which are efficient to compute even for large integers.

4. Key Generation:

• In ECC, public and private keys are generated as pairs of points on the elliptic
curve.
• The private key is a randomly chosen integer d (typically within a certain range),
and the corresponding public key is the result of multiplying a fixed base point
on the curve by d.

5. Encryption and Digital Signatures:

• ECC can be used for both encryption and digital signatures.

• In ECC-based encryption schemes, such as Elliptic Curve Integrated Encryption
Scheme (ECIES), the sender encrypts the message using the recipient's public key,
and the recipient decrypts it using their private key.
• In ECC-based digital signature schemes, such as Elliptic Curve Digital Signature
Algorithm (ECDSA), the signer generates a signature by computing a
mathematical function involving their private key, and the verifier verifies the
signature using the signer's public key.

6. Security:

• The security of ECC is based on the difficulty of the elliptic curve discrete
logarithm problem, which involves finding k given kP for a randomly chosen
point P and integer k.
• ECC offers strong security with much smaller key sizes compared to other public-
key cryptosystems, making it particularly suitable for constrained environments
such as mobile devices and embedded systems.

Elliptic curve cryptography has become increasingly popular in recent years due to its efficiency
and strong security properties. It is widely used in various cryptographic protocols and
applications, including SSL/TLS for secure communication over the Internet, digital signatures
for authentication and integrity verification, and secure key exchange for establishing secure
channels between parties.

Pseudorandom Number Generation

Pseudorandom number generation (PRNG) is a fundamental component of many cryptographic

systems. It involves generating sequences of numbers that appear to be random but are actually
generated by a deterministic algorithm. These sequences are used as cryptographic keys,
initialization vectors, nonces, and other parameters in cryptographic algorithms.

Here are some key aspects of pseudorandom number generation in cryptography:

1. Pseudorandomness:

• Pseudorandom number generators produce sequences of numbers that are

indistinguishable from true random numbers for practical purposes.
• While the numbers are deterministic and generated by an algorithm, they exhibit
properties similar to those of random numbers, such as uniform distribution,
unpredictability, and statistical randomness.

2. Seed:

• Pseudorandom number generators require an initial value, called a seed, to start

the sequence generation.
• The seed is typically an arbitrary value chosen by the user or system, such as a
timestamp, system time, or random value obtained from a physical source of
randomness (e.g., hardware random number generator).

3. Deterministic Algorithm:

• PRNGs use a deterministic algorithm to generate pseudorandom numbers based

on the seed.
• The algorithm typically involves mathematical operations such as modular
arithmetic, bitwise operations, and mathematical functions like hashing and
encryption.
4. Periodicity:

• Pseudorandom number generators have a finite period, after which the sequence
of numbers repeats.
• The length of the period depends on the size of the internal state of the PRNG
and the quality of the underlying algorithm.

5. Cryptographically Secure PRNGs:

• Cryptographically secure pseudorandom number generators (CSPRNGs) are

designed to withstand cryptanalytic attacks and produce random-looking output
that is suitable for cryptographic applications.
• CSPRNGs typically use cryptographic primitives and techniques to ensure
randomness, unpredictability, and resistance to statistical and cryptanalytic
attacks.
• Examples of CSPRNGs include Fortuna, Yarrow, and the cryptographic random
number generators provided by cryptographic libraries like OpenSSL and
CryptGenRandom.

6. Entropy Sources:

• Pseudorandom number generators often rely on entropy sources to improve the

randomness of their output.
• Entropy sources may include hardware-based sources such as random noise from
electronic components, timing variations, and user interactions.

7. Initialization and Reseeding:

• PRNGs require proper initialization and periodic reseeding to maintain their

security and unpredictability.
• Initialization typically involves seeding the PRNG with a random value at the
beginning of an application or cryptographic operation.
• Reseeding involves updating the PRNG's internal state with fresh entropy
periodically to prevent predictability and ensure randomness over time.
In summary, pseudorandom number generation plays a crucial role in cryptography by
providing random-looking sequences of numbers for cryptographic operations. By using
deterministic algorithms and proper initialization and reseeding techniques, PRNGs produce
output that is suitable for cryptographic applications while ensuring security and
unpredictability.