Module 3

Asymmetric Cryptosystem

Dr. Anver. S. R
 Chapter 9 – Public Key
Cryptography and RSA

Every Egyptian received two names, which were

known respectively as the true name and the
good name, or the great name and the little
name; and while the good or little name was
made public, the true or great name appears to
have been carefully concealed.
—The Golden Bough, Sir James George Frazer
 Private-Key Cryptography
• traditional private/secret/single key
cryptography uses one key
• shared by both sender and receiver
• if this key is disclosed communications are
compromised
• also is symmetric, parties are equal
• hence does not protect sender from
receiver forging a message & claiming is
sent by sender
 Public-Key Cryptography
• probably most significant advance in the
3000 year history of cryptography
• uses two keys – a public & a private key
• asymmetric since parties are not equal
• uses clever application of number
theoretic concepts to function
• complements rather than replaces private
key crypto
 Public-Key Cryptography
• public-key/two-key/asymmetric cryptography
involves the use of two keys:
– a public-key, which may be known by anybody, and
can be used to encrypt messages, and verify
signatures
– a private-key, known only to the recipient, used to
decrypt messages, and sign (create) signatures
• is asymmetric because
– those who encrypt messages or verify signatures
cannot decrypt messages or create signatures
Public-Key Cryptography
Why Public-Key Cryptography?
• developed to address two key issues:
– key distribution – how to have secure
communications in general without having to
trust a KDC with your key
– digital signatures – how to verify a message
comes intact from the claimed sender
• public invention due to Whitfield Diffie &
Martin Hellman at Stanford Uni in 1976
– known earlier in classified community
 Public-Key Characteristics
• Public-Key algorithms rely on two keys
with the characteristics that it is:
– computationally infeasible to find decryption
key knowing only algorithm & encryption key
– computationally easy to en/decrypt messages
when the relevant (en/decrypt) key is known
– either of the two related keys can be used for
encryption, with the other used for decryption
(in some schemes)
Public-Key Cryptosystems
 Public-Key Applications
• can classify uses into 3 categories:
– encryption/decryption (provide secrecy)
– digital signatures (provide authentication)
– key exchange (of session keys)
• some algorithms are suitable for all uses,
others are specific to one
Security of Public Key Schemes
• like private key schemes brute force exhaustive
search attack is always theoretically possible
• but keys used are too large (>512bits)
• security relies on a large enough difference in
difficulty between easy (en/decrypt) and hard
(cryptanalyse) problems
• more generally the hard problem is known, its
just made too hard to do in practise
• requires the use of very large numbers
• hence is slow compared to private key schemes
 RSA
• by Rivest, Shamir & Adleman of MIT in 1977
• best known & widely used public-key scheme
• based on exponentiation in a finite (Galois) field
over integers modulo a prime
– nb. exponentiation takes O((log n)3) operations (easy)
• uses large integers (eg. 1024 bits)
• security due to cost of factoring large numbers
– nb. factorization takes O(e log n log log n) operations
(hard)
 RSA Key Setup
• each user generates a public/private key pair by:
• selecting two large primes at random - p, q
• computing their system modulus N=p.q
– note ø(N)=(p-1)(q-1)
• selecting at random the encryption key e
• where 1<e<ø(N), gcd(e,ø(N))=1
• solve following equation to find decryption key d
– e.d=1 mod ø(N) and 0≤d≤N
• publish their public encryption key: KU={e,N}
• keep secret private decryption key: KR={d,p,q}
 RSA

Select two prime no's. Suppose P = 53 and Q = 59.

Now First part of the Public key : n = P*Q = 3127.
We also need a small exponent say e :
But e Must be
An integer.
Not be a factor of Φ(n).
1 < e < Φ(n)
Let us now consider it to be equal to 3.
Our Public Key is made of n and e
 RSA

We need to calculate Φ(n) :

Such that Φ(n) = (P-1)(Q-1)
so, Φ(n) = 3016
Now calculate Private Key, d :
d = (k*Φ(n) + 1) / e for some integer k
For k = 2, value of d is 2011.
 RSA

Convert letters to numbers : H = 8 and I = 9

Thus Encrypted Data c = (89e)mod n
Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

Decrypted Data = (cd)mod n
Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

 RSA Use
• to encrypt a message M the sender:
– obtains public key of recipient KU={e,N}
– computes: C=Me mod N, where 0≤M<N
• to decrypt the ciphertext C the owner:
– uses their private key KR={d,p,q}
– computes: M=Cd mod N
• note that the message M must be smaller
than the modulus N (block if needed)
 Why RSA Works
• because of Euler's Theorem:
• aø(n)mod N = 1
– where gcd(a,N)=1
• in RSA have:
– N=p.q
– ø(N)=(p-1)(q-1)
– carefully chosen e & d to be inverses mod ø(N)
– hence e.d=1+k.ø(N) for some k
• hence :
Cd = (Me)d = M1+k.ø(N) = M1.(Mø(N))q =
M1.(1)q = M1 = M mod N
 RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17×11=187
3. Compute ø(n)=(p–1)(q-1)=16×10=160
4. Select e : gcd(e,160)=1; choose e=7
5. Determine d: de=1 mod 160 and d < 160
Value is d=23 since 23×7=161= 10×160+1
6. Publish public key KU={7,187}
7. Keep secret private key KR={23,17,11}
 RSA Example cont
• sample RSA encryption/decryption is:
• given message M = 88 (nb. 88<187)
• encryption:
C = 887 mod 187 = 11
• decryption:
M = 1123 mod 187 = 88
 Exponentiation
• can use the Square and Multiply Algorithm
• a fast, efficient algorithm for exponentiation
• concept is based on repeatedly squaring base
• and multiplying in the ones that are needed to
compute the result
• look at binary representation of exponent
• only takes O(log2 n) multiples for number n
– eg. 75 = 74.71 = 3.7 = 10 mod 11
– eg. 3129 = 3128.31 = 5.3 = 4 mod 11
Exponentiation
 RSA Key Generation
• users of RSA must:
– determine two primes at random - p, q
– select either e or d and compute the other
• primes p,q must not be easily derived
from modulus N=p.q
– means must be sufficiently large
– typically guess and use probabilistic test
• exponents e, d are inverses, so use
Inverse algorithm to compute the other
 RSA Security
• three approaches to attacking RSA:
– brute force key search (infeasible given size
of numbers)
– mathematical attacks (based on difficulty of
computing ø(N), by factoring modulus N)
– timing attacks (on running of decryption)
 Factoring Problem
• The difficulty of factoring large semiprime numbers (products
of two primes) increases significantly as the size of n
increases.
• For RSA, n is usually hundreds to thousands of bits long (e.g.,
2048 bits).
• There is no known polynomial-time algorithm for factoring
arbitrary large integers, making it computationally infeasible
with current technology for sufficiently large n.
 Factoring Problem
• Factoring is a problem in number theory that has been studied
for centuries.
• Algorithms like the Quadratic Sieve and the General Number
Field Sieve have been developed to factor large integers, but
their effectiveness diminishes as the size of the numbers
increases.
• The General Number Field Sieve (GNFS) is the most efficient
known algorithm for factoring large numbers but still takes
exponential time relative to the number of digits n.
 Factoring Problem
• If an attacker can factor n, they can compute p and q, derive
(p-1)(q-1). and then compute the private key d.
• Thus, the security of RSA fundamentally depends on the
ability to keep n large enough to prevent feasible factoring.
 Timing Attacks
• developed in mid-1990’s
• Timing attacks on RSA are a type of side-channel attack that exploit
variations in the time it takes to perform cryptographic operations,
particularly decryption and signature generation.
• Side-Channel Attacks
• Unlike traditional attacks that target the mathematical structure of
cryptographic algorithms, side-channel attacks exploit information
gained from the physical implementation of the system. Timing
attacks focus on the time taken to execute certain operations.
• How Timing Attacks Work
• In RSA, operations such as modular exponentiation (used in
decryption and signing) can take varying amounts of time depending
on the input values (e.g., the bits of the private key or the message).
• By carefully measuring how long these operations take, an attacker
can infer information about the private key
 Discrete Logs

Given  =  (mod p ) x

Find x
x = L (  )

We denote this as

Why is this hard?

 Diffie-Hellman Key Exchange
• Diffie-Hellman key exchange depends for its effectiveness on
the difficulty of computing discrete logarithms:
– We define a generator or primitive or primitive root of a prime
number p as one whose powers generate all the integers from 1 to p - 1.
So, if a is a primitive root of p, then the numbers:
a mod p, a2 mod p, a3 mod p, ... ap-1 mod p
are distinct and consist of the integers from 1 through p - 1 (in some
permutation)
– For any integer b and a generator a of p, we can find a unique exponent
i such that:
b  a i mod p where 0  i  ( p - 1)
– The exponent i is referred to as the discrete logarithm (or index) of b
for the base a, mod p. It is the inverse of modular exponentiation, and
finding the discrete logarithm i, given b, is known to be a hard problem.

30
Diffie-Hellman is an alternative to RSA for key
exchange, but is based on discrete logs

• Publish large prime p, and a primitive root 

• Alice’s secret exponent: x
• Bob’s secret exponent: y
– 0 < x,y < p-1
• Alice sends x (mod p) to Bob
• Bob sends y (mod p) to Alice
• Each know key K=xy
• Eve sees p, x , y …
why can’t she determine xy?
Diffie-Hellman Key Exchange involves three
computational problems
• Publish large prime p, • Discrete logs:
primitive root  “Given x =  (mod p), find x
• Alice’s secret exponent: x
• Bob’s secret exponent: y
– 0 < x,y < p-1 • Computational Diffie-Hellman
• Alice sends x (mod p) to Bob problem:
• Bob sends y (mod p) to Alice “Given , p,  (mod p),  (mod p),
x y
find xy (mod p)”
• Each know key K=xy
• Eve sees , p, x , y ; why
can’t she determine xy? • Decision Diffie-Hellman problem:
“Given , p, x (mod p), y (mod p),
and c ≠ 0 (mod p).
Verify that c=xy (mod p)”
 Man-in-the-Middle Attack
• One problem with Diffie-Hellman is that there is no
authentication, and so the protocol is subject to a man-in-the-
middle attack:
– Alice generates gx and sends it to "Bob"
– Eve intercepts the message:
• Generates gv, and sends it to Bob in place of Alice's
message
– Bob receives gv, generates gy, and sends it to "Alice"
– Eve intercepts the message:
• Generates gw, and sends it to Alice in place of Bob's
message
– Alice computes k = (gw)x
– Bob computes k' = (gv)y
– Eve computes k = (gx)w and k' = (gy)v 33
 1
The ElGamal Cryptosystem is an entire public-key
cryptosystem like RSA, but based on discrete logs
p large so secure and > m = message

Bob chooses prime p, primitive root , integer a

Bob computes  ≡ a (mod p)
Bob publishes (, p, ) and holds a secret

Alice chooses secret k, computes and sends to Bob the pair (r,t) where
◼ r ≡ k (mod p)
◼ t ≡ km (mod p)

Bob calculates: tr-a ≡ m (mod p)

ElGamal Cryptosystem
❑ In 1984 Taher ElGamal presented a cryptosystem which is based on the
Discrete Logarithm.
❑ Thus ElGamal simplified the Die-Hellman key exchange algorithm by
introducing a random exponent k.
❑ The ElGamal cryptosystem is usually used in a hybrid cryptosystem.
❑ It is faster to encrypt the symmetric with Elgamal and the with a symmetric
cipher.
❑ There are THREE aspects in EIGamal Cryptography
➢ EIGamal Key Generation
➢ EIGamal Key Encryption
➢ EIGamal Key Decryption
EIGamal Key Generation

Steps 1:- Select a large prime number P, This is first part of Public Key.
Step 2:- Select a decryption key or private key a.
Steps 3:- Select the Second part of public key as α.
Steps 4:- The Third part of public key as β= α˄a mod P
Step 5:- The Public key will be (α,β,P) and Private key will be a.

Example:-

Consider P=11, α=2 and a=3

Then β= α˄a moa P = 2˄3 moa 11 = 8
Hence public key will be ((2,8,11) ana private key a=3
EIGamal Key Encryption

Steps 1:- Select a random integer k.

Step 2:- Compute the First part of cipher text C1= α˄k moa P .
Steps 3:- Compute the Secona part of cipher text C2=PT. β˄k moa P .
Steps 4:- The Final cipher text is (C1,C2)

Example:-
Let k= 4 ana PT = 7
From Previous P=11, α=2 ana a=3
ana public key will be (2,8,11)
C1 = α˄k moa P = 2˄4 moa11= 5
C2=PT. β˄k moa P = 7. 2˄8 moa 11 = 6
Hence Cipher Text is (5,6)
EIGamal Key aecryption

Steps 1:- Compute the plain text using the following formula
PT = (C2.C1˄a) ˄ -1 moa P
Example:-

PT = (C2.C1˄a) ˄ -1 moa P
PT = (6. 5˄3) ˄-1 moa 11
\ PT = (6.3) moa 11= 7
•