• UNIT-III

• Asymmetric key Ciphers: Principles of public key cryp

to systems, Algorithms (RSA, Diffie-Hellman, ECC), Key
Distribution.
[1] Introduction to
Public Key
Cryptography
In cryptography, a trapdoor one-way function (TOWF) is a function that is easy to compute in
one direction, but difficult to compute in the opposite direction without special information, called the
"trapdoor
Introduction to Public Key
Cryptography
• Definition: A cryptography method involving two keys for secure communication

• Key Pair: Consists of a public key for encryption and a private key for decryption

• Secure Communication: Enables confidential exchange over insecure channels

• Digital Signatures: Allows for verification of message origin and integrity

• Widespread Use: Essential for secure internet transactions, email encryption, and
digital signatures
 Key Pair Generation
• Unique Pairs: Generated using complex mathematical algorithms

• Public Key Distribution: Can be shared openly without compromising security

• Private Key Secrecy: Must be kept confidential to ensure system integrity

• Mathematical Foundation: Based on problems considered infeasible to solve

without the key, such as prime factorization

• Security and Size: Larger key sizes offer higher security levels
 Encryption and Decryption
• Encrypt with Public Key: Ensures that only the intended recipient can
decrypt
• Decrypt with Private Key: The corresponding private key decrypts the
message
• Confidentiality: No one except the holder of the private key can read the
message
• Process Efficiency: Though computationally intensive, modern algorithms
optimize these processes
• Secure Channels: Enables the creation of secure channels over public
networks
 Digital Signatures
• Signing with Private Key: The sender signs the message/document,
verifying authenticity
• Verification with Public Key: Anyone can verify the signature with the
sender’s public key
• Integrity: Ensures the message has not been altered
• Non-repudiation: The sender cannot deny the authenticity of the signed
message
• Legal and Financial Documents: Widely used for contracts, transactions,
and document verification
 Key Management
• Public Key Accessibility: Should be easily accessible to anyone who might need it
• Private Key Security: Requires strong security measures, often involving hardware tokens
or encrypted storage
• Revocation and Expiry: Mechanisms must be in place to revoke or expire keys if
compromised or no longer used
• Key Recovery: In some systems, key recovery mechanisms are necessary to access data if
a private key is lost
• Policy and Regulation: Compliance with standards and regulations ensures
trustworthiness of the public key infrastructure
[2]RSA Algorithm
Introduction to RSA Algorithm
• Title: RSA Encryption Algorithm
• Developed By: Ron Rivest, Adi Shamir, Leonard Adleman, 1977
• Purpose: Secure data transmission through public-key cryptography
• Achievements: Widely adopted, Turing Award 2002
• Key Principle: Based on the mathematical difficulty of factoring large
primes
How RSA Works - Overview
• Two Key Pairs: Public key (e,n) and Private key (d,n)
• Key Generation: Use of large, random prime numbers p and q
• Modulus n: Calculated as n=p×q
• Public Exponent e: Small prime, coprime to
e= (p−1)×(q−1)
• Private Exponent d: Modular inverse of e modulo (p−1)×(q−1)

de mod {(p - 1) x (q - 1)} = 1

Encryption Process
• Input Preparation: Break plaintext into blocks smaller than n
• Encryption Formula:
c =pe mod n

Public Key Usage: Encrypt using recipient's public key

• Security: Encryption process ensures confidentiality
• Output: Encrypted blocks form the ciphertext C
Decryption Process
• Receive Ciphertext: Encrypted data C is input for decryption
• Decryption Formula:

p = cd mod n

• Private Key Usage: Decrypt using own private key

• Reconstruction: Assemble plaintext blocks to original message
• Security: Only the private key holder can decrypt the message
RSA encryption algorithm:
Let's take some example of Example 1:
This example shows how we can encrypt plaintext 9 using the RSA public-key
encryption algorithm. This example uses prime numbers 7 and 11 to generate
the public and private keys.
Explanation:
Step 1: Select two large prime numbers, p, and q.
p = 7, q = 11
Step 2: Multiply these numbers to find n = p x q, where n is called the
modulus for encryption and decryption.
First, we calculate
n=pxq
n = 7 x 11
n = 77
RSA encryption algorithm:
Step 3: Choose a number e less that n, such that n is relatively prime to (p - 1) x (q -1). It means that e and (p - 1) x (q - 1) have no
common factor except 1.
Choose "e" such that 1<e < φ (n), e is prime to φ (n), gcd (e, d (n)) =1.
Second, we calculate
AD
φ (n) = (p - 1) x (q-1)
φ (n) = (7 - 1) x (11 - 1)
φ (n) = 6 x 10
φ (n) = 60
Let us now choose relative prime e of 60 as 7.

Step 4: A plaintext message m is encrypted using public key <e, n>. To find ciphertext from the plain text following formula is used to get ciphertext C.
To find ciphertext from the plain text following formula is used to get ciphertext C.
C = me mod n
C = 97 mod 77
C = 37

Step 5: The private key is <d, n>. To determine the private key, we use the following formula d such that:
De mod {(p - 1) x (q - 1)} = 1
7d mod 60 = 1, which gives d = 43
The private key is <d, n> = (43, 77)

Step 6: A ciphertext message c is decrypted using private key <d, n>. To calculate plain text m from the ciphertext c following formula is used to get plain text m.
m = cd mod n
m = 3743 mod 77
m=9
In this example, Plain text = 9 and the ciphertext = 37
Advantages and Challenges
• Strong Security: Based on the challenge of prime factorization

• Digital Signatures: Used for verifying identities and documents

• Wide Adoption: Foundations for secure communications in HTTPS,

email

• Performance Issues: Slower than symmetric methods due to

complex calculations

• Future Proofing: Vulnerable to quantum computing advancements

Conclusion and Future Outlook

• Recap: RSA is a foundational crypto system with widespread

application.

• Importance: Continues to play a critical role in digital security.

• Innovation: Ongoing research into quantum-resistant algorithms.

• Adaptation: Updates in key sizes and algorithms to maintain security.

• Engagement: Encourage audience to explore more about

cryptographic systems.
[3]Diffie-Hellman Key Exchange Algorithm

-Establishing Secure Communication Over Insecure Channels

The Need for Key Exchange
• Public-Key Cryptography: A breakthrough in enabling secure, private
communication.
• Key Exchange Problem: The challenge of sharing cryptographic keys
over an unsecured medium.
• Importance of Secrecy: Ensuring that only intended parties can access
the communication.
• The Role of Trust: Establishing a method for exchanging keys without
revealing them to outsiders.
• Consequences of Exposure: The risks of key interception and the need
for robust exchange protocols.
Principles of Diffie-Hellman
• The Concept: Secure method for two parties to exchange
cryptographic keys.
• Key Agreement vs. Key Exchange: Distinction and
relevance.
• The Inventors: Whitfield Diffie and Martin Hellman's
contribution to cryptography.
• Public Parameters: Selection of a prime number and a
base (generator).
• The "Magic" of Diffie-Hellman: Exchanging keys publicly
without revealing private keys.
The Diffie-Hellman Process
• Private Key Selection: Each party chooses a secret private
key.
• Public Key Generation: Parties compute public keys using
their private keys and agreed-upon base.
• Public Key Exchange: Parties share their public keys over
the insecure channel.
• Shared Secret Computation: Both parties compute the
shared secret using the received public key and their private
key.
• Result Verification: Ensuring both parties have obtained the
same shared secret.
Mathematics of the Exchange
• Modular Arithmetic: The process of exponentiation and
modulus operations.
• Discrete Logarithm Problem: The security assumption
that makes reversing the process difficult.
• Exponential Key Growth: How large prime numbers make
the computation secure.
• Symmetry of the Exchange: Regardless of the order, the
shared secret remains the same.
• Ensuring Security: Importance of choosing a large prime
and proper generator.
Security and Limitations
• Strength of Diffie-Hellman: Relies on the hardness of the discrete
logarithm problem.
• Man-in-the-Middle Attacks: Potential vulnerabilities without
authentication mechanisms.
• Forward Secrecy: The feature of not compromising past sessions if a
private key is compromised.
• Limitations: Known vulnerabilities like small subgroup attacks and the
need for secure parameter selection.
• Best Practices: Using Diffie-Hellman with other cryptographic
protocols for enhanced security.
RSA (Rivest-Shamir-Adleman)
• Type: Public Key Cryptography (Asymmetric Encryption)
• Key Length: Typically 2048 bits or more
• Security Basis: Relies on the computational difficulty of factoring large
integers, specifically the product of two large prime numbers.
• Operations:
• Key Generation: Involves selecting two large prime numbers and
computing their product to form the modulus. The public and private keys
are derived from these primes.
• Encryption: A message is encrypted using the recipient's public key.
• Decryption: The message is decrypted using the recipient's private key.
• Applications: Used in secure data transmission, digital signatures, and
SSL/TLS for securing internet communications.
Diffie-Hellman Key Exchange
• Type: Key Exchange Protocol (Asymmetric)
• Security Basis: Relies on the difficulty of computing discrete
logarithms in a finite field.
• Operations:
• Key Exchange: Two parties agree on a large prime number and a
base. Each party selects a private key and computes a public key.
The shared secret key is derived from the other party's public key
and their own private key.
• Shared Secret: The shared secret can then be used to encrypt
communications using symmetric encryption algorithms.
• Applications: Securely exchanging cryptographic keys over a public
channel, often used in protocols like SSL/TLS.
Elliptic Curve Cryptography
(ECC)
• Type: Public Key Cryptography (Asymmetric Encryption)
• Key Length: Typically 256 bits or more for comparable security to RSA's 2048-bit
key.
• Security Basis: Based on the algebraic structure of elliptic curves over finite fields.
The difficulty lies in solving the Elliptic Curve Discrete Logarithm Problem (ECDLP).
• Operations:
• Key Generation: Involves selecting a random private key and computing the
corresponding public key as a point on the elliptic curve.
• Encryption/Decryption: Similar to RSA, but operations are performed on
points of the elliptic curve.
• Advantages: Provides higher security with shorter key lengths, which results in
faster computations and reduced storage requirements.
• Applications: Used in various security protocols, including SSL/TLS, cryptocurrency
systems, and secure messaging apps.
Comparison
• Security: ECC offers comparable security to RSA and Diffie-Hellman
but with shorter key lengths.
• Performance: ECC generally has better performance in terms of speed
and resource usage due to shorter key lengths.
• Adoption: RSA is widely adopted and understood, while ECC is
increasingly preferred for modern applications due to its efficiency.
[5]Key distribution
Key distribution

• Key distribution is a fundamental aspect of cryptographic systems,

ensuring that cryptographic keys are securely shared between parties
who wish to communicate securely.
Key Distribution Methods
1.Manual Distribution:
• Keys are physically delivered to parties.
• Suitable for small, static networks.
• Not practical for large or dynamic systems due to logistical
challenges and security risks.
2.Automated Key Distribution:
• Keys are distributed using automated protocols over a network.
• More scalable and efficient for large networks.
Key Distribution Techniques
1.Symmetric Key Distribution:
• Pre-shared Keys (PSK): Keys are shared before communication
begins, often manually.
• Key Distribution Centers (KDC): A trusted third party generates
and distributes keys.
• Kerberos: An example of a KDC-based system used in
enterprise environments.
• Session Key Distribution: Keys are generated and distributed for
each session to enhance security.
• Broadcasting: Suitable for scenarios like TV encryption where a
single key is broadcast to many receivers.
Key Distribution Techniques
2 Asymmetric Key Distribution:
• Public Key Infrastructure (PKI): Uses public and private keys to
facilitate secure key exchange.
Certificates: Digital certificates issued by a Certificate Authority
(CA) verify the ownership of public keys.
Certificate Authority (CA): A trusted entity that issues and
manages digital certificates.
Registration Authority (RA): An intermediary entity that
handles requests for digital certificates.
• Web of Trust: Decentralized trust model where individuals sign
each other’s keys.
Often used in PGP (Pretty Good Privacy) for email encryption.
Key Exchange Protocols
1.Symmetric Key Exchange:
• Diffie-Hellman Key Exchange:
• Allows two parties to securely generate a shared secret over an insecure channel.
• Basis for many secure communication protocols like SSL/TLS.
• Station-to-Station Protocol (STS):
• Enhances Diffie-Hellman with authentication to prevent man-in-the-middle attacks.
2.Asymmetric Key Exchange:
• RSA Key Exchange:
• Public key encryption method where one party encrypts a shared key with the
recipient’s public key.
• The recipient decrypts the shared key with their private key.
• Elliptic Curve Diffie-Hellman (ECDH):
• Elliptic curve variant of Diffie-Hellman, offering equivalent security with shorter key
lengths.
• Used in modern protocols like TLS 1.3 and secure messaging apps.
Secure Key Distribution
Practices
1.Authentication:
• Ensures that keys are exchanged between legitimate parties.
• Digital signatures and certificates are commonly used for
authentication.
2.Integrity:
• Ensures that keys have not been tampered with during distribution.
• Hash functions and Message Authentication Codes (MACs) can be
used to verify integrity.
3.Confidentiality:
• Ensures that keys are not exposed to unauthorized parties.
• Encryption can be used to protect keys during transmission.
Real-World Applications
1.SSL/TLS:
1. Uses a combination of asymmetric (RSA or ECDH) and symmetric key exchange
methods.
2. Provides secure communication over the internet.
2.VPNs (Virtual Private Networks):
1. Use asymmetric key exchange to establish secure tunnels between clients and servers.
2. Once a secure tunnel is established, symmetric encryption is used for data
transmission.
3.Email Encryption:
1. Systems like PGP and S/MIME use asymmetric keys for encrypting emails and symmetric
keys for encrypting the email contents.
4.Secure Messaging:
1. Apps like Signal use the Double Ratchet Algorithm, which combines Diffie-Hellman key
exchange and symmetric encryption for forward secrecy and post-compromise security.