SCHOOL OF COMPUTING

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING

Academic Year 2023-24 : Summer Semester

10212CS119– Cryptography and Network Security

Pre-requisites

Sl. No Course Code Course Name

1 10211CS105 Computer Networks

Dr.T.Venket Babu,
Assistant Professor, Slot : S10 & S2
Department of CSE.
 Course Outcomes
Level of learning
CO
Course Outcomes domain (Based on
Nos.
revised Bloom’s)
Understand the encryption and decryption techniques using
CO1 K2
block ciphers.

Apply key exchange and management schemes using public

CO2 K3
key cryptography.

Demonstrate techniques to sign and verify messages using

CO3 K3
signature generation and verification algorithms.
Implement cryptographic algorithm for various network
CO4 K3
security applications.

Illustrate the technologies to protect cyberspace against

CO5 K3
security threats.

Knowledge Level (Based on Revised Bloom’s Taxonomy)

K1-Remember K2-Understand K3-Apply K4-Analyze K5-Evaluate K6-Create
10/4/2024 Dr.T.VenketBabu, AP(SG)/CSE, Vel Tech 2
 Correlation of COs with POs and PSOs

PO PO PO PO PO PO PO PO
COs PO9 PO10 PO11 PO12 PSO 1 PSO 2 PSO 3
1 2 3 4 5 6 7 8

CO1 3 3 2

CO2 3 2 3 2 3

CO3 3 2 3 2 2

CO4 2 1 2 3

CO5 2 3 2 2

High-3; Medium-2; Low-1

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 3

 Syllabus Contents
Unit – I Introduction to Cryptography 9L+3T Hours
OSI Security Architecture - Classical Encryption techniques – Cipher
Principles – Data Encryption Standard – Block Cipher Design Principles and
Modes of Operation - Evaluation criteria for AES –AES Cipher – Triple DES –
Placement of Encryption Function – Traffic Confidentiality-Case study on
Barclays Bank
Unit – II Public Key Cryptography 9L+3T Hours
Number Theory concepts: Primes and Prime Factorization – Congruent
modulo n, equivalent class modulo n, Integer modulo n, Multiplicative inverse,
Relatively prime, Euler's theorem, Fermat's little theorem, Extended Euclidean
Algorithm, Chinese Remainder Theorem. Confidentiality using Asymmetric
Encryption – Public Key Cryptography and RSA- Key Management - Diffie-
Hellman key Exchange – Elliptic Curve Architecture and Cryptography – Case
study on Elan Financial Services

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 4

 Syllabus Contents
Unit – III Authentication and Hash Function 9L+3T Hours
Authentication requirements – Authentication functions – Message
Authentication Codes – Hash Functions – Security of Hash Functions and
MACs – MD5 message Digest algorithm – Secure Hash Algorithm – RIPEMD
– HMAC Digital Signatures – Authentication Protocols – Digital Signature
Standard- Case study on Swedbank
Unit – IV Network Security Applications 9L+3T Hours
Authentication Applications: Kerberos – X.509 Authentication Service –
Electronic Mail Security –PGP – S/MIME - IP Security- Policy, Encapsulating
Security Payload, Combining Security Associations, Internet Key Exchange,
Authentication Header.
Unit – V Security Management 9L+3T Hours
Intrusion Detection - Password Management - Viruses and related Threats -
Virus Countermeasures- Worms Security Risks – Firewall Design Principles -
Trusted Systems -Systems- Log Management. Case study on Biometric
deployment for secure password management.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 5
 Learning Resources
i) Text Books
1. William Stallings, ― Cryptography And Network Security – Principles and
Practices, Prentice Hall of India, Eighth Edition, 2020 [Unit 1-5].
2. David Kim and Michael G.Solomon, “Fundamentals of Information
Systems Security”, Jones and Bartlett Publishers, Third Edition, 2018 [Unit
1-5].
ii) References Books:
1. Atul Kahate, ―Cryptography and Network Security, Tata McGraw-Hill,
2011.
2. Bruce Schneier, ―Applied Cryptography, John Wiley & Sons Inc, 2011.
3. Charles B. Pfleeger, Shari Lawrence Pfleeger, ―Security in Computing,
Third Edition, Pearson Education, 2010.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 6

 Learning Resources
iii) Online Resources
1. “Cryptography techniques”, Accessed on: July 2022, [online]. Available:
http://Cryptographywilliamstallings.com/Extras/Security-Notes/
2. “Authentication algorithms”, Accessed on: July 2022 [online]. Available:
http://www.cs.bilk.ent.edu.tr/~selcuk/teaching/cs519/
3. “Network security concepts”, Accessed on: July 2022[online]. Available:
http://freevideolectures.com/Course/3027/Cryptography–andNetwork-Security

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 7

 Unit – II
Public Key Cryptography

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 8

 1.Introduction to Number Theory
Prime Numbers
 Prime numbers only have divisors of 1 and self they cannot be
written as a product of other numbers.
 An integer p > 1 is a prime number if and only if its only divisors
are ± 1 and ±p.
 Note: 1 is prime, but is generally not of interest.
 eg. 2,3,5,7 are prime, 4,6,8,9,10 are not.
 Prime numbers are central to number theory.
 List of prime number less than 200 is:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89
97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173
179 181 191 193 197 199
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 9
 Prime Numbers
 Any integer a > 1 can be factored in a unique way as
 where p1 < p2 < ... < pt are prime numbers and where each is a
positive integer.
 This is known as the fundamental theorem of arithmetic; a proof can
be found in any text on number theory..

 If P is the set of all prime numbers, then any positive integer a can
be written uniquely in the following form.

 The right-hand side is the product over all possible prime numbers
p; for any particular value of a, most of the exponents ap will be 0.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 10
 Prime Factors
 Multiplication of two numbers is equivalent to adding the
corresponding exponents.

 Define k = ab. Integer k can be expressed as the product of powers

of primes.
 It follows that kp = ap + bp for all

 The prime factors of a and b, to say that a divides b? Any integer of

the form can be divided only by an integer that is of a lesser or equal
power of the same prime number, pj with j<= n.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 11

 Prime Factors

 It is easy to determine the greatest common divisor of two positive

integers if we express each integer as the product of primes.
 If k = gcd(a,b) then kp = min(ap, bp) for all p.

 Two numbers are said to be relatively prime, if their GCD is 1.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 12
 Congruent Modulo n
 Notation: a | b is read "a divides b". By definition, a | b if there is
some c such that ca = b.
 Definition: given an integer m, two integers a and b are congruent
modulo m if m | (a − b). We write a ≡ b (mod m). Also sometimes
said as equivalent modulo m.
 a mod b denotes the remainder when we divide a by b. The "mod m"
in a ≡ b (mod m) is a note on the side of the equation indicating
what we mean when we say "≡"
 Fact: These two uses of "mod" are quite related: a ≡ b (mod m) if
and only if a mod m = b mod m.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 13

 Equivalence Class Modulo n
 Definition: if a, m ∈ Z then [a]m (called the equivalence class
of a mod m) is the set of all integers that are congruent to a, mod m.
Example: If we are working mod 5, then [2]=[7]=[12]. All of these
have a remainder of 2 when divided by 5.
 Note: a ≡ b (mod m) if and only if [a]=[b]
 Zm is the set of all equivalence classes of integers mod m.
Example: Z5 = {[0],[1],[2],[3],[4]}. [5] is in Z5 but I didn't list it
because [5] is the same as [0].
 an equivalence relationship needs to be
- reflexive (everything should be equivalent to itself)
- symmetric (if A is equivalent to B, B is equivalent to A)
- transitive (if A is equivalent to B, and B is equivalent to C, then
A is equivalent to C).

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 14

 Modular Arithmetic
 When we divide two integers we will have an equation that looks
like the following:
 A/B = Q remainder R
A is the dividend
B is the divisor
Q is the quotient
R is the remainder
 Sometimes, we are only interested in what the remainder is when we
divide A by B. For these cases there is an operator called the modulo
operator.
 Using the same A, B, Q and R as above, we would have: A mod B =
R.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 15

 Modular Arithmetic
 Observe what happens when we increment numbers by one and then
divide them by 3.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 16

 Multiplicative Inverse by Extended Euclidean
Algorithm
 Multiplicative Inverse of 3 mod 5.
 Start with T1=0; T2=1 and T=T1-(T2*Q)
 Proceed until division cannot be done.
 Final T1is the Multiplicative Inverse value

Q A B R T1 T2 T

1 5 3 2 0 1 -1

1 3 2 1 1 -1 2

2 2 1 0 -1 2 -5

X 1 0 X 2 -5 X

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 17

 Multiplicative Inverse by Extended Euclidean
Algorithm
 Multiplicative Inverse of 11 mod 13.
 Start with T1=0; T2=1 and T=T1-(T2*Q)
 Proceed until division cannot be done.
 Final T1is the Multiplicative Inverse value

Q A B R T1 T2 T

1 13 11 2 0 1 -1

5 11 2 1 1 -1 6

2 2 1 0 -1 6 -13

X 1 0 X 6 -13 X

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 18

 Multiplicative Inverse by Extended Euclidean
Algorithm
 Multiplicative Inverse of 11 mod 26.
 Start with T1=0; T2=1 and T=T1-(T2*Q)
 Proceed until division cannot be done.
 If Final T1is negative, then add respective mod value to get +ve
value. In this case we get 19.
Q A B R T1 T2 T

2 26 11 4 0 1 -2

2 11 4 3 1 -2 5

1 4 3 1 -2 5 -7

3 3 1 0 5 -7 26

X 1 0 X -7 -26 X
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 19
 2.Fermat’s Theorem
 If p is a prime and a is a positive integer with p ∤ a , then
ap−1≡1(mod p).
 if a = 2 and p = 7, then 27 = 128, and 128 − 2 = 126 = 7 × 18 is
an integer multiple of 7.
 Consider the set of positive integers less than p:{1,2,..., p-1} and
multiply each element by a modulo p, to get the set X = {a mod p,
2a mod p, . . . (p-1)a mod p}.
 None of the elements of X is equal to zero because p does not divide
a.
 No two of the integers in X are equal.
 Assume that ja ≡ ka(mod p) where 1 <= j < k <= p-1. Because a is
relatively prime to p, we can eliminate a from both sides of the
equation resulting in: j ≡ k(mod p).
 This last equality is impossible because j and k are both positive
integers less than p.
 We know that the (p-1) elements of X are all positive integers, with
no two elements equal.Dr.T.Venket Babu, AP/CSE, Vel Tech
10/4/2024 20
 Example for Fermat’s Theorem

 if a = 2 and p = 7, then 27 = 128, and 128 − 2 = 126 = 7 × 18 is

an integer multiple of 7.
Multiplying the numbers in both sets and taking the result mod p yields
a x 2a x ... x (p-1) ≡ [(1 x 2 x ... x (p-1)](mod p)
ap-1(p-1)! ≡ (p-1)!(mod p)
ap-1 ≡ 1 (mod p)

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 21

 Fermat’s Little Theorem
 An alternative form of Fermat's theorem is also useful: If p is prime
and a is a positive integer, then ap ≡ a(mod p).
 Note: that the first form of the theorem requires that a be relatively
prime to p, but this form does not.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 22

 3.Euler’s Theorem & Euler’s Totient Function
 Euler's totient function written (n), defined as the number of
positive integers less than n and relatively prime to n. By
convention, (1) = 1.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 23

 Euler’s Totient Function
 It should be clear that for a prime number p, f(p) = p-1
 Now suppose that we have two prime numbers p and q, with p not
equal to q. Then we can show that for n = pq,

 Consider that the set of positive integers less that n is the set {1,...,
(pq-1)}.
 The integers in this set that are not relatively prime to n are the set
{p,2 p,..., (q-1)p} and the set {q,2q,..., (p-1)q}
(n) = (pq-1)[(q-1)+(p-1)]
= pq(p+q)+1
= (p-1)(q-1)

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 24

 Euler’s Theorem
 Euler's theorem states that for every a and n that are relatively prime

 Consider the set of such integers, labeled as follows:

 Each element xi of R is a unique positive integer less than n with
gcd(xi, n) = 1.
 Multiply each element by a, modulo n.
 The set S is a permutation of R, by the following line of reasoning
 Since ‘a’ is relatively prime to n and xi is relatively prime to ‘n’, axi
must also be relatively prime to n.
 Thus, all the members of S are integers that are less than n and that
are relatively prime to n. There are no duplicates in S.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 25

 Euler’s Theorem
 If axi mod n = axj mod n then xi = xj.

 This is the same line of reasoning applied to the proof of Fermat's

theorem.
 As is the case for Fermat's theorem, an alternative form of the
theorem is also useful.

 The first form of Euler's theorem requires that a be relatively prime

to n, but this form does not.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 26
 4.Testing for Primality

 Fermat primality test (actually a compositeness test). It works as

follows: Given an integer n, choose some integer a coprime to n and
calculate an − 1 modulo n. If the result is different from 1, then n is
composite.
 Used to test a large number for primality.
 any positive odd integer n >=3 can be expressed as follows: n-
1=2kq with k > 0, q odd.
 n-1 is an even integer. Divide (n-1) by 2 until the result is an odd
number q, for a total of k divisions.
Two Properties of Prime Numbers
- If p is prime and a is a positive integer less than p, then a2 mod p
=1. If and only if either a mod p = 1 or a mod p= 1 mode p = p-1.
- Let p be a prime number greater than 2. We can then write p-1 =2kq,
with k > 0 q odd. Let a be any integer in the range 1 < a < p-1.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 27
 Miller Rabin
 if n is prime. We have p-1 =2kq. Thus, we know that ap-1 mod p =
a2kq mod p = 1.

Simple algorithm based on Miller Rabin to check for prime

number
 Step:1 Perform n-1 computation. n-1=m*2k
 Step:2a if k<=1, Compute T= am mod n & check value for T.
- if T ==+-1, then n is prime, else composite/Non-prime.
 Step:2b if k >1, Compute T=T2 mod n and check T value.
if (T==1), then n is composite/Non-prime.
if (T==-1), then u is prime.
else, n is composite/Non-prime.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 28

 Miller Rabin Example:

Check if 7 is a prime number ?

n=7
n-1 =2pows x d d is odd
7-1 = 2pow1 x 3 s=1 ;
6 = 2 pow 1 x 3 d =3
X = a pow d mod n 2≤ a ≤ n-2
X= 3 pow 3 mod 7 2≤ a ≤ 5
= 27 mod 7=6 a=3

X ≡ ±1 mod n
6 ≡ ±1 mod 7

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 29

 Miller Rabin - Example
 Apply Miller rabin test to check whether the given number
n=27, a=2, such that n is prime.
Step:1 n-1 = 27-1 = m * 2k
26 = 13 * 21
Step:2a k<=1, must be done.
Compute T = am mod n
= 213 mod 27
= 25 * 25 * 23 mod 27
= 5*5*8 mod 27
= 200 mod 27
T = 11
 Since our T not equal to +-1, then we can say that n is
composite / non-prime.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 30
 4.The Chinese Remainder Theorem
 It is possible to reconstruct integers in a certain range from their
residues modulo a set of pairwise relatively prime moduli.
Example
 Lets consider 10 integers in Z10, that is the integers 0 through 9, can
be reconstructed from their two residues modulo 3 and 5 (the
relatively prime factors of 10). Two numbers are said to be relatively
prime if the common factor between the numbers is one. For
example, 34 and 35 are relatively prime. Factors of 34 are 1, 2, 17,
34, and factors of 35 are 1, 5, 7, 35.
x ≡ 2 mod 3
x ≡ 3 mod 5
 The known residues of a decimal digit x are r3 = 2 and r5 = 3; that
is, x mod 3 = 2 and x mod 5 = 3.
 x is an even integer in Z10 whose remainder, on division by 5, is 3.
 The unique solution is xDr.T.Venket
10/4/2024
= 8. Babu, AP/CSE, Vel Tech 31
 The CRT - Example-1
 For a given sequence of different linear equations.
x ≡ a1 mod m1
x ≡ a2 mod m2
x ≡ a3 mod m3
.
.
.
x ≡ an mod mn

 Solution can be obtained by applying this equation:

x = (a1M1 M1-1 + a2M2 M2-1 .........+ anMnMn-1) mod M

 With the condition that m1,m2,m3 ….mn should be relatively prime.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 32

 The CRT - Example-1
1. Solve for the following congruency using the Chinese Remainder
Theorem:
x ≡ 2 mod 3
x ≡ 3 mod 5
x ≡ 2 mod 7
Step:1 Check whether m1,m2,m3 are relatively prime. If so, proceed.
Else stop.
Step:2 Construct the below table from the given data and find missing
values.
a1 2 M1
a2 3 M2
a3 2 M3
m1 3 M1-1
m2 5 M2-1
m3 7 M3-1

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 33

 The CRT - Example-1
Step:3 Compute M using the formula M=m1*m2*m3
M = 3*5*7 = 105
Step:4 Compute M1, M2, M3 using obtained M value and the formula
Mn=M/mn.
M1: M1 = M / m1 = 105 / 3 = 35
M2: M2 = M / m2 = 105 / 5 = 21
M3: M3 = M / m3 = 105 / 7 = 15
a1 2 M1 35
Update these values in the table we get. a2 3 M2 21
a3 2 M3 15
m1 3 M1-1
m2 5 M2-1
m3 7 M3-1
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 34
 The CRT - Example-1
Step:5 Find respective multiplicative inverse for the values M1,M2,M3.
We know that Mn* Mn-1 ≡ 1 mod m1
By applying this we compute:
M1-1 : M1* M1-1 ≡ 1 mod m1
M2-1 : M2* M2-1 ≡ 1 mod m2
M3-1 : M3* M3-1 ≡ 1 mod m3
a1 2 M1 35
M1 : 35 * 2 ≡ 1 mod 3 => 2
-1
a2 3 M2 21
M2-1 : 21 * 1 ≡ 1 mod 5 => 1 a3 2 M3 15
M3-1 : 15 * 1 ≡ 1 mod 7 => 1 m1 3 M1-1 2
m2 5 M2-1 1
Final updated table is: m3 7 M3-1 1
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 35
 The CRT - Example-1
x = (a1M1 M1-1 + a2M2 M2-1 + a3M3M3-1) mod M
Substitute appropriate values in equation x we get:
x = (2*35*2 + 3*21*1 + 2*15*1) mod 105
= (140 + 63 + 30) mod 105
= 233 mod 105
x = 23

Now, check for the obtained result, the given congruence equations:
23 ≡ 2 mod 3
23 ≡ 3 mod 5
23 ≡ 2 mod 7

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 36

 The CRT - Example-2
2. Find the smallest number which when divided by 2,3 and 5
produces 1,2,3 as remainders. Compute that 2,3 and 5 are
(pairwise) relatively co-primes.

2 3 5
1 2 3 (When differences are unique)
x = 15x1 + 10 x2 + 6 x3
1 / 2 2 / 3 3 / 5 must get these remainders
= 15 + 20 + 18
= 53 – 30 (Since LCM of prime modulli is 30)
x = 23.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 37

 The CRT - Example-3
3. Find the smallest number which when divided by 7,9 and 11
produces 1,2,3 as remainders. Compute that 7,9 and 11 are
(pairwise) relatively co-primes.

7 9 11 99 = 7*14 + 1
1 2 3 (When differences are unique)
77 = 9*8 + 5
x = 99x1 + 77x2 + 63x3 5 = 5*4 = 20
1 / 7 2 / 9 3 / 11 must get these remainders
63 = 11*5 + 8
= 99 + 308 + 630
8 = 8*10 = 80
= 1037 – 693 (Since LCM of prime modulli is 693)
x = 344.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 38

 5.Public Key Cryptography
 Most significant advance in the 3000 year history of cryptography.
 Uses two keys – a public & a private key.
 Asymmetric since parties are not equal.
 Uses clever application of number theoretic concepts to function.
 Complements rather than replaces private key cryptography.
Developed to address two key issues:
 Key Distribution – how to have secure communications in general
without having to trust a KDC with your key.
 Digital Signatures – how to verify a message comes intact from the
claimed sender.
 Public invention due to Whitfield Diffie & Martin Hellman at
Stanford University in 1976.
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 39
 Public Key Cryptography
 Public-key / two-key / asymmetric cryptography involves the use of
two keys:
- A public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures.
- A private-key, known only to the recipient, used to decrypt
messages, and sign (create) signatures.
 Asymmetric - those who encrypt messages or verify signatures
cannot decrypt messages or create signatures.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 40

 Characteristics of Public Key Cryptography
 Computationally infeasible to find decryption key knowing only
algorithm & encryption key.
 Computationally easy to en/decrypt messages when the relevant
(en/decrypt) key is known.
 Either of the two related keys can be used for encryption, with the
other used for decryption (for some algorithms).

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 41

 Public Key Applications & Security
 Encryption / Decryption (provide secrecy)
 Digital Signatures (provide authentication)
 Key Exchange (of session keys)
 Some algorithms are suitable for all uses, others are specific to one.
Security
 Brute force exhaustive search attack is always theoretically possible.
 If keys used are too large then it is difficult(>512bits).
 Security relies on a large enough difference in difficulty between
easy (en/decrypt) and hard(cryptanalyse) problems.
 The hard problem is known, but is made hard enough to be
impractical to break.
 Requires the use of very large numbers, hence is slow compared to
10/4/2024
private key schemes Dr.T.Venket Babu, AP/CSE, Vel Tech 42
 RSA Introduction
 Rivest, Shamir & Adleman of MIT in 1977
 Best known & widely used public-key scheme
 Based on exponentiation in a finite (Galois) field over integers
modulo a prime
- nb. exponentiation takes O((log n)3) operations (easy)
 uses large integers (eg. 1024 bits)
 security due to cost of factoring large numbers
- nb. factorization takes O(e log n log log n) operations (hard)

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 43

 The RSA Public Key Cryptosystem

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 44

 RSA Key Setup & Working

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 45

 RSA Example
1. Select primes: p=17 & q=11
2. Compute n = pq =17 x 11=187
3. Compute ø(n)=(p–1)(q-1)=16 x 10=160
4. Select e: gcd(e,160)=1; choose e=7
5. Determine d: de =1 mod 160 and d < 160
Value is d=23 since 23x7=161= 10x160+1
6. Publish public key PU={7,187}
7. Keep secret private key PR={23,187}

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 46

 RSA Example
Encryption:
C = Me mod n
= 887 mod 187
= 884 882 881 mod 187
= 132 * 77 * 88 mod 187
= (894432) mod 187
C = 11
Decryption:
M = Cd mod n
= 1123 mod 187
= (1116 114 112 111 )mod 187
= (154 * 55 * 121 * 11) mod 187
= (11273570) mod 187
M = 88

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 47

 RSA Examples
2.Perform encryption and decryption using the RSA algorithm
a. p = 3; q = 11, e = 7; M = 5
b. p = 5; q = 11, e = 3; M = 9
c. p = 7; q = 11, e = 17; M = 8
d. p = 11; q = 13, e = 11; M = 7
e. p = 17; q = 31, e = 7; M = 2

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 48

 RSA Security
Possible approaches to attacking RSA are:
 Brute force key search (infeasible given size of numbers)
 Mathematical attacks (based on difficulty of computing ø(n), by
factoring modulus n)
 Timing attacks (on running of decryption)
 Chosen ciphertext attacks (given properties of RSA)

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 49

 Factoring Problem
Mathematical approach takes 3 forms:
 Factor n=p.q, hence compute ø(n) and then d.
 Determine ø(n) directly and compute d.
 Find d directly.
Currently believe all equivalent to factoring.
 Have seen slow improvements over the years
- as of May-05 best is 200 decimal digits (663) bit with LS
 Biggest improvement comes from improved algorithm.
 Currently assume 1024-2048 bit RSA is secure.
- ensure p, q of similar size and matching other constraints

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 50

 Timing Attacks
Developed by Paul Kocher in mid-1990’s
 Exploit timing variations in operations
- eg. multiplying by small vs large number
- IF's varying which instructions executed
 Infer operand size based on time taken
RSA exploits time taken in exponentiation , countermeasures includes:
 Use constant exponentiation time.
 Add random delays.
 Blind values used in calculations.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 51

 Chosen Ciphertext Attacks
 RSA is vulnerable to a Chosen Ciphertext Attack (CCA)
 Attackers chooses ciphertexts & gets decrypted plaintext back.
 Choose ciphertext to exploit properties of RSA to provide info to
help cryptanalysis.
 Can counter with random pad of plaintext or use Optimal
Asymmetric Encryption Padding (OASP).

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 52

 6.Key Management & Distribution
Key Management
 Public-key encryption helps address key distribution problems.
Have two aspects of this:
I. Distribution of public keys.
II. Use of public-key encryption to distribute secret keys.
I. Distribution of public keys
Can be considered as using one of the following approaches:
 Public announcement
 Publicly available directory
 Public-key authority
 Public-key certificates
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 53
 6.a.Public Announcement
 Users distribute public keys to recipients or broadcast to community
at large.
- eg. append PGP keys to email messages or post to news groups or
email list.
 Major weakness is forgery.
 Anyone can create a key claiming to be someone else and broadcast
it.
 Until forgery is discovered anyone with forged key can masquerade
as claimed user.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 54

 6.b.Publicly Available Directory
 Can obtain greater security by registering public keys with a
publicly available dynamic directory.
Directory must be trusted with properties:
 Contains {name, public-key} entries.
 Participants register securely with directory authority.
 Participants can replace key at any time.
 Directory is periodically published.
 Directory can be accessed electronically.
 Still vulnerable to tampering or forgery.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 55

 6.c.Public Key Authority
 Improves security by tightening control over distribution of keys
from directory.
 Has properties of directory.
 Requires users to know public key for the directory.
 Users interact with directory to obtain any desired public key
securely.
 Require real-time access to directory when keys are needed.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 56

 6.c.Public Key Authority

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 57

 6.d.Public Key Certificates
 Certificates allow key exchange without real-time access to public-
key authority.
 A certificate binds identity to public key.
 With information such as period of validity, rights of use etc.
 With all contents signed by a trusted Public-Key or Certificate
Authority (CA).
 Can be verified by anyone who knows the public-key authorities
public-key.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 58

 6.d.Public Key Certificates

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 59

 II.Public-Key Distribution of Secret Keys
 Use previous methods to obtain public-key.
 Can use for secrecy or authentication.
 Public-key algorithms are slow.
 So usually want to use private-key encryption to protect message
contents.
 Need a session key.
 Have several alternatives for negotiating a suitable session.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 60

 Simple Secret Key Distribution
 Proposed by Merkle in 1979.
 A generates a new temporary public key pair.
 A sends B the public key and their identity.
 B generates a session key K sends it to A encrypted using the
supplied public key.
 A decrypts the session key and both use.
 Problem is that an opponent can intercept and impersonate both
halves of protocol.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 61

 Public-Key Distribution of Secret Keys

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 62

 Hybrid Key Distribution
 Retain use of private-key KDC
 Shares secret master key with each user
 Distributes session key using master key
 Public-key used to distribute master keys especially useful with
widely distributed users
 Rationale - performance, backward compatibility

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 63

 6.e.Primitive Root of a Number
 ‘α’ is said to be a primitive root of prime number ‘p’, if α1 mod p, α2
mod p, ….. αp-1 mod p are distinct.
Example
 Is 2 a primitive root of prime number 5?

21 mod 5 2 mod 5 2

22 mod 5 4 mod 5 4

23 mod 5 8 mod 5 3

24 mod 5 16 mod 5 1

 Since all residues are unique, we can say 2 is a primitive root of

prime number 5.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 64

 6.e.Diffie-Hellman Key Exchange
 First public-key type scheme proposed by Diffie & Hellman in 1976
along with the exposition of public key concepts.
 Now know that Williamson (UK CESG)
 Secretly proposed the concept in 1970, is a practical method for
public exchange of a secret key.
 Used in a number of commercial products.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 65

 Diffie-Hellman Key Exchange
 A public-key distribution scheme.
 Cannot be used to exchange an arbitrary message.
 Rather it can establish a common key known only to the two
participants.
 Value of key depends on the participants (and their private and
public key information)
 Based on exponentiation in a finite (Galois) field (modulo a prime
or a polynomial) – easy.
 Security relies on the difficulty of computing discrete logarithms
(similar to factoring) – hard.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 66

 Diffie-Hellman Setup

 All users agree on global parameters:

 Large prime integer or polynomial q.
 α being a primitive root of q.
 Each user (eg. A) generates their keys (private & public).
 Chooses a secret key (number): xA < q
 Compute their public key: yA = αxA mod q
 Each user makes public that key yA

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 67

 Diffie-Hellman Key Exchange

 Shared session key for users A & B is KAB :

 KAB = axA. xB mod q
 = yAxB mod q (which B can compute)
 = yB xA mod q (which A can compute)
 KAB is used as session key in private-key encryption scheme
between Alice and Bob.
 If Alice and Bob subsequently communicate, they will have the
same key as before, unless they choose new public-keys.
 Attacker needs an x, must solve discrete log.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 68

 Diffie-Hellman Key Exchange

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 69

 Diffie-Hellman Example
 Given, q=7, Choose such that it is a primitive root of q and α<q,
Therefore α=3.
User A Key Generation User B Key Generation
i) XA = 3, XA<7 i) XB = 4, XB<7
ii) YA = αXA mod q ii) YB = αXB mod q
= 33 mod 7 = 34 mod 7
= 27 mod 7 = 81 mod 7
YA = 6 YB= 4
Secret Key Generation by A Secret Key Generation by B
KA = (YB)XA mod q KB = (YA)XB mod q
= 43 mod 7 = 64 mod 7
= 64 mod 7 = 1296 mod 7
KA = 1 KB = 1
Both Values K & K are Equal
A B
10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 70
 Key Exchange Protocol
 Users could create random private/public D-H keys each time they
communicate
 Users could create a known private/public D-H key and publish in a
directory, then
 Consulted and used to securely communicate with them
 Both of these are vulnerable to a meet in the Middle Attack.
 Authentication of the keys are needed.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 71

 7.Elliptic Curve Cryptography
 Majority of public-key crypto (RSA, D-H) use either integer or
polynomial arithmetic with very large numbers / polynomials.
 Imposes a significant load in storing and processing keys and
messages.
 An alternative is to use elliptic curves.
 Offers same security with smaller bit sizes.
 Newer, but not as well analysed.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 72

 Real Elliptic Curves
 An elliptic curve is defined by an equation in two variables x & y,
with coefficients.
 Consider a cubic elliptic curve of form y2 = x3 + ax + b, where x, y,
a, b are all real numbers, also define zero point O.
 Have addition operation for elliptic curve.
 Geometrically sum of P+Q is reflection of intersection –(P+Q).

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 73

 Finite Elliptic Curves
 Elliptic curve cryptography uses curves whose variables &
coefficients are finite.
 Have two families commonly used:
 Prime curves Ep(a,b) defined over Zp
- use integers modulo a prime.
- best in software.
 Binary curves E2m(a,b) defined over GF(2n)
- use polynomials with binary coefficients.
- best in hardware.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 74

 Elliptic Curve Cryptography
 ECC addition is analog of modulo multiply
 ECC repeated addition is analog of modulo exponentiation
 Need “hard” problem equiv to discrete log(Trapdoor Function)
- Q=kP, where Q,P belong to a prime curve
- Is “easy” to compute Q given k,P.
- But “hard” to find k given Q,P.
- Known as the elliptic curve logarithm problem.
 Certicom example: E23(9,17)

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 75

 ECC Diffie-Hellman
 Can do key exchange analogous to D-H.
 Users select a suitable curve Ep(a,b).
 Select base point G=(x1,y1).
- with large order n such that nG=O.
 A & B select private keys nA<n, nB<n.
 Compute public keys: PA=nAG, PB=nBG.
 Compute shared key: KA=nAPB, KB=nBPA.
 Same since, K=nAnBG.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 76

 ECC Diffie-Hellman Key Exchange

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 77

 ECC Encryption & Decryption
 Several alternatives, will consider simplest
 Must first encode any message M as a point on the elliptic curve Pm.
 Select suitable curve & point G as in D-H
 Each user chooses private key nA<n.
 Computes public key PA=nAG
 To encrypt Pm Compute: Cm={kG, Pm+kPb}, k random number.
 To decrypt Cm compute:
Pm+kPb–nB(kG) = Pm+k(nBG)–nB(kG) = Pm.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 78

 ECC Security
 Relies on elliptic curve logarithm problem.
 Fastest method is “Pollard rho method”.
 Compared to factoring, can use much smaller key sizes than with
RSA etc.
 For equivalent key lengths computations are roughly equivalent.
 Similar security ECC offers significant computational advantages.

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 79

 8.Case Study
EMV (Europay, MasterCard, and Visa) Migration
 ELAN Financial Services
- a leading service provider for Visa® and Mastercard® debit and
credit card issuing and acquiring in the US.
- upgrading its systems to deliver faster and more versatile contact
and contactless payment card services for its customers.
- The solution automates EMV contact and contactless data
preparation, crypto key management and transaction authorization
for improved efficiency and end-customer flexibility.
Services:
 Electronic Fund Transfer (EFT)
 ATM processing,
 Bank and debit card POS processing,
 ATM Network membership,
 ATM and POS gateway services, and turnkey
 ATM managed services.Dr.T.Venket Babu, AP/CSE, Vel Tech
10/4/2024 80
 8.Case Study
EMV (Europay, MasterCard, and Visa) Migration
 ELAN Financial Services

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 81

 Any Queries???

10/4/2024 Dr.T.Venket Babu, AP/CSE, Vel Tech 82