Network Security

Lecture 5
Public Key cryptography

V.E.S.I.T_M.C.A Nishi Tiku 1

Introduction
 All hash algorithms take a message and perform an
irreversible transformation on it.
 All the secrete key algorithm take a block and
encrypt it in a reversible way
 There are chaining methods to convert the block
ciphers into message ciphers.
 But public key algorithms look very different from
each other, not only in how they perform their
functions, but in what functions they perform.
 Most of the public key algorithms are based on
modular arithmetic.

V.E.S.I.T_M.C.A Nishi Tiku 2

Secret Key Methods
 DES (56 bit key)
 IDEA (128 bit key)
 Triple DES (three 56 bit keys)
 AES [latest from NIST] (choice of key
sizes up to 256 bits)

V.E.S.I.T_M.C.A Nishi Tiku 3

Modular Arithmetic

 Modulo arithmetic divides integers into equivalence classes.

If
 a = b mod m
 it means that
 b = km + a
properties of modulo m
 (a mod m) + (b mod m) = (a + b) mod m
 (a mod m) * (b mod m) = a*b mod m
 (a – km).(b – k’ m) = a.b – k.k’’
 (a mod m)n = an mod m

V.E.S.I.T_M.C.A Nishi Tiku 4

 Modular Arithmetic

 division and multiplication are the same thing,

•,while the inverse a-1 of a number a, in normal arithmetic is always 1/a, it is
not the case in modulo arithmetic (which always deals with integers).
•If the number m is a prime number p, then there are theorems which
reveal special properties.
• for any integer which is not a multiple of p, it is always possible to find a-
1
such that
a.a-1 = 1 mod p
•Fermat's little theorem states for any prime number p,
ap-1 = 1 mod p
provided a is not a multiple of p.
• generalizing this by taking powers of both sides,
(ap-1)k = ak(p-1) = 1k mod p = 1 mod p
V.E.S.I.T_M.C.A Nishi Tiku 5
Modular Arithmetic
 Modular Addition
 Example using mod 10 addition.
 3+5=8
 5+5=0
 3+9=2
additive inverse of x is the number you add to x to get
0
 additive inverse of 2 is 8 since in mod 10
arithmetic, 2+8 = 0
 If the secret key were 2, then to encrypt, we add
2 (mod 10) and to decrypt we’d add 8 (mod 10)

V.E.S.I.T_M.C.A Nishi Tiku 6

Modular Arithmetic

0 1 2 3 4 5 6 7 8 9
0 0 1 2 3 4 5 6 7 8 9
1 1 2 3 4 5 6 7 8 9 0
2 2 3 4 5 6 7 8 9 0 1
3 3 4 5 6 7 8 9 0 1 2
4 4 5 6 7 8 9 0 1 2 3
5 6 7 8 9 0 1 2 3 4
5
6 6 7 8 9 0 1 2 3 4 5
7 7 8 9 0 1 2 3 4 5 6
8 8 9 0 1 2 3 4 5 6 7
9 9 0 1 2 3 4 5 6 7 8
V.E.S.I.T_M.C.A Nishi Tiku 7
Modular Arithmetic
 Modular Multiplication
 Example using mod 10 multiplication
 1,3,7,9 considered good ciphers
 perform 1-to-1 substitution of digits
5 is not e.g. 5*2 = 5*4 = 0 mod 10
 In mod math, multiplicative inverse of x is the number by
which you would multiply x to get 1
 1,3,7,9 have multiplicative inverses mod 10
(3-7, 1-1, 9-9)
 Can be used as a cipher
 1,3,7,9 are considered to be good ciphers because
 relatively prime to n (10)
 no common factors with n other than 1 e.g. 1,3,7,9 (mod
10)
 relatively prime => multiplicative inverse

V.E.S.I.T_M.C.A Nishi Tiku 8

 Modular Arithmetic
..Modular Multiplication

0 1 2 3 4 5 6 7 8 9
0 0 0 0 0 0 0 0 0 0 0
1 0 1 2 3 4 5 6 7 8 9
2
0 2 4 6 8 0 2 4 6 8
3 0 3 6 9 2 5 8 1 4 7
4 0 4 8 2 6 0 4 8 2 6
5 0 5 0 5 0 5 0 5 0 5
6 0 6 2 8 4 0 6 2 8 4
7 0 7 4 1 8 5 2 9 6 3
8 0 8 6 4 2 0 8 6 4 2
9 0 9 8 7 6 5 4 3 2 1
V.E.S.I.T_M.C.A Nishi Tiku 9
Modular Arithmetic
 Modular Multiplication
 Euclid’s Algorithm

 can be used to efficiently find inverses

mod n
 given x & n, finds no. y such that x * y

mod n = 1 (if such a y exists)

 Totient function (how many nos. < n are
relatively prime to n)
Φ(n) = n-1, if n is prime
Φ(n) = (p-1)(q-1) if n = p*q (p,q
primes)

V.E.S.I.T_M.C.A Nishi Tiku 10

Modular Arithmetic
 Modular Exponentiation
 Using mod 10
 56 mod 10 = 5 (56 = 15625)
 from the table xy mod n is equal to x(y mod Φ(n)) mod
n
 If y = 1 mod Φ(n), then xy = x mod n
 Note that expo. by 3 would act as an encrypt. of
digits where as by 2 it would not as 22 and 82 are
4mod 10

V.E.S.I.T_M.C.A Nishi Tiku 11

Modular Arithmetic (Modular
Exponentiation)

0 1 2 3 4 5 6 7 8 9 10 11 12
0
0 0 0 0 0 0 0 0 0 0 0 0
1
2 1 1 1 1 1 1 1 1 1
1 2 4 8 6 2 4 6 6
3
1 3 9 7 1 3 9 1 1
4
1 4 6 4 6 4 6 6 6
5 1 5 5 5 5 5 5 5 5
6 1 6 6 6 6 6 6 6 6
7 1 7 9 3 1 7 9 1 1
8
1 8 4 2 6 8 4 6 6
9 1 9 1 9 1 9 1
V.E.S.I.T_M.C.A Nishi Tiku 1 1 12
 Public Key Cryptography
 RSA & ECC (encrypt.and DS)
 Elgamal (DS)
 Zero knowledge sys.(authentication)
 Diffie Hellman (shared secret +secret key scheme)

V.E.S.I.T_M.C.A Nishi Tiku 13

RSA Public Key Cryptography
 Rivest, Shamir and Adelman (1978)
 Most popular and proven asymmetric key crypto.
 I can send messages that only you can read
 I can verify that you and only you could have sent a
message
 I can use a trusted authority to distribute my public
key (The trusted authority is for your benefit!)

V.E.S.I.T_M.C.A Nishi Tiku 14

RSA Public Key Cryptography

 RSA
 Key length usually 512 bits
 Plaintext size < key length
 Cipher text size = key length
 Usually used to encrypt a secret key which is then
used to encrypt message
 Based on Modular Arithmetic

V.E.S.I.T_M.C.A Nishi Tiku 15

Cryptographic Algorithms ..RSA
Algorithm
 the same operation to encrypt and decrypt will be used
 To encrypt, we will use “e” as a key, to decrypt we will
use “d” as a key
 e and d are inverses with respect to the chosen
algorithm
 Pvt. And public keys are based on v. large nos. ( 100 or
more digits)
 Challenge is to select the two keys

V.E.S.I.T_M.C.A Nishi Tiku 16

RSA Details
 Encryption: Cypher text = (Clear text)e mod n
 Decryption: Clear text = (Cypher text)d mod n
 Typical d will be on the order of 500 to 700 bits
 The cost of the algorithm is between 1X and 2X the size
of n, and each operation is a giant shift (multiply by a
power of 2) and add

V.E.S.I.T_M.C.A Nishi Tiku 17

RSA Details
•Publish two numbers, e (the public key) and n
•Choose n as the product of two large primes (finding the factors of
a large number is hard…finding primes is also hard)
Example……….
•Choose e to be a (fairly small) prime and compute d from e and the
factors of n
•THROW AWAY THE FACTORS OF n!

V.E.S.I.T_M.C.A Nishi Tiku 18

Setting up RSA
 Let n be the product of two large primes p and
q
 By “large” we typically mean at least 512
bits.
 Select a special number e
 greater than 1 and less than (p-1)(q-1). The
precise mathematical property that e must
have is that there must be no numbers that
divide neatly into e and into (p-1)(q-1),
except for 1.
 Publish the pair of numbers (n,e)
 Compute the private key d from p, q and e
V.E.S.I.T_M.C.A Nishi Tiku 19
Computing the private key
The private key d is computed to be the unique inverse of
e modulo (p-1)(q-1).
In other words, d is the unique number less than (p-1)(q-
1) that when multiplied by e gives you 1 modulo (p-
1)(q-1).
Written mathematically:
ed = 1 mod (p-1)(q-1)

The Euclidean Algorithm is the process that you need to

follow in order to compute d.
V.E.S.I.T_M.C.A Nishi Tiku 20
Choosing e
Let’s consider p=3 and q=7. What choices of e are acceptable?
In this case (p-1)(q-1) = 2 x 6 = 12. Any suitable choice of e must
have the property that there are no numbers that neatly divide
into e and 12 except for 1. Let’s just try them all out:
e=2: this is no good, since 2 divides both e and 12. In fact this will be
true for all multiples of 2 as well, so e=4, e=6, e=8 and e=10 are
also not possible.
e=3: this is no good, since 3 divides both e and 12. In fact this will be
true for all multiples of 3 as well, so e=6 and e=9 are also not
possible.
The remaining choices are e=5, e=7 and e=11. Since in each case
there is no number that divides into them and 12 other than 1, all
these choices of e are possible.
V.E.S.I.T_M.C.A Nishi Tiku 21
Setting up RSA: example
Step 1: Let p = 47 and q = 59. Thus n = 47 x 59 = 2773

Step 2: Select e = 17

Step 3: Publish (n,e) = (2773, 17)

Step 4: (p-1) x (q-1) = 46 x 58 = 2668

Use the Euclidean Algorithm to compute the modular
inverse of 17 modulo 2668. The result is d = 157

<< Check: 17 x 157 = 2669 = 1(mod 2668) >>

Public key is (2773,17)

Private key is 157

V.E.S.I.T_M.C.A Nishi Tiku 22

Encryption and decryption
The first job is to represent the plaintext as a series of
numbers modulo n.
The encryption process to obtain the cipher text C from
plaintext M is very simple:
C = Me mod n

The decryption process is also simple:

M = Cd mod n

V.E.S.I.T_M.C.A Nishi Tiku 23

Encryption and decryption: example

Public key is (2773,17)

Private key is 157

Plaintext block represented as a number: M = 31

Encryption using Public Key: C = 3117 (mod 2773)

= 587

Decryption using Private Key: M = 587157 (mod 2773)

= 31
V.E.S.I.T_M.C.A Nishi Tiku 24
RSA security summary
There are two one-way functions involved in the security of RSA.
One-way function Description

The encryption function is a trapdoor one-way

Encryption function, whose trapdoor is the private key.
function The difficulty of reversing this function without
the trapdoor knowledge is believed (but not
known) to be as difficult as factoring.

The difficulty of determining an RSA private

key from an RSA public key is known to be
Multiplication of equivalent to factoring n. An attacker thus
cannot use knowledge of an RSA public key to
two primes determine an RSA private key unless they can
factor n. Because multiplication of two primes
is believed to be a one-way function,
determining an RSA private key from an RSA
public key is believed to be very difficult.
V.E.S.I.T_M.C.A Nishi Tiku 25
RSA Problems
 It is more costly than a typical secret-key
method => leads to use of RSA to hide a
secret key, then encrypt the message with the
secret key and append/prepend the encrypted
key
 Requires a “Public Key Infrastructure” for
effective key generation and distribution -- that
“chain of trust” thing again!

V.E.S.I.T_M.C.A Nishi Tiku 26

Symmetric and asymmetric
cryptography together
see table page 120 Kahate
 Best of both the worlds
 completely secure
 not too much time consuming
 cipher text should be compact
 scalability
 key distribution
 Key wrapping
 encrypt the plain text with a symmetric key algo ( DES
etc) (k1)
 symmetric key wrapping using the receivers public key
(k1+k2)
 digital envelope (CT+ encrypted symmetric key ),
parameters
 receiver opens the envelope using his private
key(confidentiality)
V.E.S.I.T_M.C.A Nishi Tiku 27
Digital signatures
 Used for authentication
 Non repudiation
 B decrypts a message with A’s public key that was
actually encrypted by A using his private key
Informally, a digital signature is a technique for establishing the origin of a particular
message in order to settle later disputes about what message (if any) was sent.
The purpose of a digital signature is thus for an entity to bind its identity to a message.
We use the term signer for an entity who creates a digital signature, and the term
verifier for an entity who receives a signed message and attempts to check whether the
digital signature is “correct” or not.
Digital signatures have many attractive properties and it is very important to understand
exactly what assurances they provide and what their limitations are.

While data confidentiality has been the driver behind historical cryptography, digital
signatures could be the major application of cryptography in the years to come.
V.E.S.I.T_M.C.A Nishi Tiku 28
Digital signatures
an electronic signature that is:
2. uniquely linked to the signatory
3. capable of identifying the signatory
4. created using means under the sole control of the
signatory
5. linked to data to which it relates in such a way that
subsequent changes in the data is detectable

V.E.S.I.T_M.C.A Nishi Tiku 29

Security requirements
We will define a digital signature on a message to be
some data that provides:
 Data origin authentication of the signer
 A digital signature validates the message in the sense
that assurance is provided about the integrity of the
message and of the identity of the entity that signed
the message.
 Non-repudiation
 A digital signature can be stored by anyone who
receives the signed message as evidence that the
message was sent and of who sent it. This evidence
could later be presented to a third party who could use
the evidence to resolve any dispute that relates to the
contents and/orV.E.S.I.T_M.C.A
origin of the message.(e;g bank
Nishi Tiku 30
transation)
Input to a digital signature
 The message
 Since a digital signature needs to offer data origin
authentication (and non-repudiation) it is clear that the
digital signature itself must be a piece of data that depends
on the message, and cannot be a completely separate
identifier.
 It may be sent as a separate piece of data to the message,
but its computation must involve the message.
 A secret parameter known only by the signer
 Since a digital signature needs to offer non-repudiation, its
calculation must involve a secret parameter that is known
only by the signer.
 The only possible exception to this rule is if the other entity
is totally trusted by all parties involved in the signing and
verifying of digital signatures.

V.E.S.I.T_M.C.A Nishi Tiku 31

Properties of a digital signature
 Easy for the signer to sign a message
 There is no point in having a digital signature scheme that
involves the signer needing to use slow and complex
operations to compute a digital signature.
 Easy for anyone to verify a message
 Similarly we would like the verification of a digital signature
to be as efficient as possible.
 Hard for anyone to forge a digital signature
 It should be practically impossible for anyone who is not the
legitimate signer to compute a digital signature on a
message that appears to be valid. By “appears to be valid”
we mean that anyone who attempts to verify the digital
signature is led to believe that they have just successfully
verified a valid digital signature on a message.

V.E.S.I.T_M.C.A Nishi Tiku 32

Arbitrated digital signatures
2 3

KS KV
Arbitrator

m
es
sa
S

ge
K
C
A

M
M

AC
eg

KS
sa
es

M
m

AC
KV
1
4

Signer KS KV
Verifier
V.E.S.I.T_M.C.A Nishi Tiku 33
True digital signatures

The vast majority of digital signature techniques do not involve

having to communicate through a trusted arbitrator.
A true digital signature is one that can be sent directly from the
signer to the verifier. For the rest of this unit when we say “digital
signature” we mean “true digital signature”.

V.E.S.I.T_M.C.A Nishi Tiku 34

 Creating an RSA signature with appendix

message

1
hash
function message
3

signature

hash
signature
2

Signature
signature key
algorithm

V.E.S.I.T_M.C.A Nishi Tiku 35

 Verifying an RSA signature with appendix

message

signature

1
2

hash
Verification
verification key function
algorithm

=?
3
Decision
V.E.S.I.T_M.C.A Nishi Tiku 36
 RSA signatures with message recovery

RSA signaturesSigner
with message recovery
Verifier

message message

add remove
padding / 1 4 padding /
redundancy redundancy

signature Signature Verification verification

2 3
key algorithm algorithm key

signature
V.E.S.I.T_M.C.A Nishi Tiku 37
Digital Signature Algorithm
Although there have been many different proposals for digital
signature schemes, only two systems have thus far proved to be
fairly popular.
RSA digital signatures are one, and the other is a digital signature
scheme based on ElGamal that was proposed as the Digital
Signature Algorithm (DSA) and standardised by the U.S.
Government as the Digital Signature Standard.
The DSA is a digital signature with appendix, but it cannot be used as
a public key encryption system in the same way that RSA can be
– it is a dedicated digital signature scheme.

V.E.S.I.T_M.C.A Nishi Tiku 38

 ElGamal
• Is a public key algorithm technique
• Used for DS and encryption
• Security is based on the difficulty of computing
discrete log in a finite field

V.E.S.I.T_M.C.A Nishi Tiku 39

Setting up ElGamal
 Let p be a large prime
 By “large” we mean here a prime rather typical in
length to that of an RSA modulus
 Select a special number g
 The number g must be a primitive element modulo
p.
 Choose a private key x
 This can be any number bigger than 1 and smaller
than p-1
 Compute public key y from x, p and g
 The public key y is g raised to the power of the private
key x modulo p. In other words:
y = gx mod p
V.E.S.I.T_M.C.A Nishi Tiku 40
Setting up ElGamal: example

Step 1: Let p = 23

Step 2: Select a primitive element g = 11

Step 3: Choose a private key x = 6

Step 4: Compute y = 116 (mod 23)

=9

Public key is 9
Private key is 6

V.E.S.I.T_M.C.A Nishi Tiku 41

ElGamal encryption
The first job is to represent the plaintext as a series of
numbers modulo p. Then:
• Generate a random number k
• Compute two values C1 and C2, where

C1 = gk mod p and C2 = Myk mod p

• Send the ciphertext C, which consists of the two
separate values C1 and C2.

V.E.S.I.T_M.C.A Nishi Tiku 42

ElGamal encryption: example

To encrypt M = 10 using Public key 9

1 - Generate a random number k = 3

2 - Compute C1= 113 mod 23 = 20

C2= 10 x 93 mod 23
= 10 x 16 = 160 mod 23 = 22

3 - Ciphertext C = (20 , 22 )

V.E.S.I.T_M.C.A Nishi Tiku 43

ElGamal decryption
C1 = gk mod p C2 = Myk mod p
1 - The receiver begins by using their private key x to
transform C1 into something more useful:

C1x = (gk)x mod p

NOTE: C1x = (gk)x = (gx)k = (y)k = yk mod p

2 - This is a very useful quantity because if you divide

C2 by it you get M. In other words:

C2 / yk = (Myk) / yk = M mod p
V.E.S.I.T_M.C.A Nishi Tiku 44
ElGamal decryption: example

To decrypt C = (20 , 22 )

1 - Compute 206 = 16 mod 23

2 - Compute 22 / 16 = 10 mod 23

3 - Plaintext = 10

V.E.S.I.T_M.C.A Nishi Tiku 45

ElGamal v RSA

PROS of CONS of ElGamal

ElGamal
 Requires a random
 Does not rely on number generator
factorisation being  Message expansion
hard

While regarded as similar from a security

perspective, are there any differences
between ElGamal and RSA from an efficiency
perspective?
V.E.S.I.T_M.C.A Nishi Tiku 46
Diffie-Hellman
The Diffie–Hellman (DH) key exchange technique was first defined
in their seminal paper in 1976.
DH key exchange is a method of exchanging public (i.e. non-secret)
information to obtain a shared secret.
DH is not an encryption algorithm.
DH key exchange has the following important properties:
5. The resulting shared secret cannot be computed by either of the
parties without the cooperation of the other.
6. A third party observing all the messages transmitted during DH
key exchange cannot deduce the resulting shared secret at the
end of the protocol.

V.E.S.I.T_M.C.A Nishi Tiku 47

 Principle behind DH
DH key exchange was first proposed before there were any known
public key algorithms, but the idea behind it motivated the hunt
for practical public key algorithms.
DH key exchange is not only a useful and practical key establishment
technique, but also a significant milestone in the history of
modern cryptography
DH key exchange assumes first that there exists:
.
2. A public key cipher system that has a special property (we come to
this shortly).
3. A carefully chosen, publicly known function F that takes two
numbers x and y as input, and outputs a third number F(x,y) (for
example, multiplication is such a function).

V.E.S.I.T_M.C.A Nishi Tiku 48

 Principle behind DH
Assume that Alice and Bob are the parties who wish to establish a
shared secret, and let their public and private keys in the public
key cipher system be denoted by (PA , SA) and (PB , SB)
respectively.
The basic principle behind Diffie–Hellman key exchange is as
follows:
1. Alice and Bob exchange their public keys PA and PB.
2. Alice computes F(SA , PB)
3. Bob computes F(SB, PA)
4. The special property of the public key cipher system, and the choice
of the function F, are such that F(SA , PB) = F(SB, PA). If this is the
case then Alice and Bob now share a secret.
5. This shared secret can easily be converted
V.E.S.I.T_M.C.A Nishi Tiku by some public means
49

into a bit string suitable for use as, for example, a DES key.
 Diffie-Hellman key exchange
The most commonly described implementation of DH key exchange uses the
keys of the ElGamal cipher system and a very simple function F.

The system parameters (which are public) are:

• a large prime number p – typically 1024 bits in length
• a primitive element g

• Alice generates a private random value a, calculates ga (mod p)

and sends it to Bob. Meanwhile Bob generates a private random
value b, calculates gb (mod p) and sends it to Alice.
• Alice takes gb and her private random value a to compute
(gb)a = gab (mod p).
• Bob takes ga and his private random value b to compute (ga)b
= gab (mod p). V.E.S.I.T_M.C.A Nishi Tiku 50

• Alice and Bob adopt gab (mod p) as the shared secret.

Man-in-the-middle attack
Alice Fred
ga (mod p) gf (mod p) Bob

gf (mod p) gb (mod p)

1. What will happen when Alice tries to send a message to

Bop, encrypted with a key based on her DH shared
secret?
2. Can Fred obtain the correct DH shared secret that
would have been established had he not interfered?

V.E.S.I.T_M.C.A Nishi Tiku 51

Summary
 Public key systems replace the problem of distributing
symmetric keys with one of authenticating public keys
 Public key encryption algorithms need to be trapdoor one-way
functions
 RSA is a public key encryption algorithm whose security is
believed to be based on the problem of factoring large
numbers
 ElGamal is a public key encryption algorithm whose security is
believed to be based on the discrete logarithm problem
 RSA is generally favoured over ElGamal for practical rather
than security reasons
 RSA and ElGamal are less efficient and fast to operate than
most symmetric encryption algorithms because they involve
modular exponentiation
 DH key exchange is an important protocol on which many real
key exchange protocols are based
V.E.S.I.T_M.C.A Nishi Tiku 52
Defenses against Man-in-the-middle attack

 Published Diffie-Hellman numbers

 Authenticated Diffie-Hellman
 Encryption with Diffie-Hellman
 Elgamal signatures

V.E.S.I.T_M.C.A Nishi Tiku 53

Zero knowledge signatures

V.E.S.I.T_M.C.A Nishi Tiku 54