CENG413

Information Security
Izmir Katip Celebi University
Fall 2024-2025

Lecture 05
H. Burak Akyol, Ph.D.

These slides are adapted from the lecture notes of D. Soper and the lecture notes of A. D. Brucker.
Asymmetric Encryption (Public-Key Encryption)
Background: One-way Functions
• A function f : X → Y is a one-way function, if f is “easy” to compute for all x ∈ X, but f -1
is “hard” to compute.
• Example: problem of modular cube roots
• Select primes p = 48611 and q = 53993
• Let n = pq = 2624653723 and X = {1,2,…,n-1}
• Define f: X → N by f(x) = x3modn
• Example: f(2489991) = 1981394214. Computing f is easy.
• Inverting f is hard: find x which is cubed and yields remainder!
• A trapdoor one-way function is a one-way function f: X → Y where given extra
information (the trapdoor information) it is feasible to find, for y ∈ Im(f), an x ∈ X
where f(x) = y
• Example: Computing modular cube roots (above) is easy when p and q are known
(basic number theory)

2
Asymmetric Encryption (Public-Key Cryptography)

• Public-key cryptography is based on two keys: e and d

• Schema designed so that given a pair (Ee,Dd),
• knowing Ee it is infeasible
• given c ∈ C to find an m ∈ M where Ee(m) = c
This implies it is infeasible to determine d from e
• Ee constitutes a trapdoor one-way function with trapdoor d
• Public key e can be public information

3
 Encryption Using Asymmetric Encryption

• When Alice can determine

the message authenticity of
e, asymmetric encryption
provides her a confidential
channel to Bob

4
Example: RSA
• Named after inventors: Rivest, Shamir, Adleman
• Security comes from difficulty of factoring large numbers
• Keys are functions of a pair of large, ≥ 100 digits, prime numbers
• Most popular public-key algorithm
• Used in many applications
• Requires some basic number theory to appreciate

5
Mathematical Terms

6
Number Theory
Prime Numbers
• Numbers
N = {0,1,2,. . .}
Z = {. . .,-2,-1,0,1,2,. . .}
Primes = {2,3,5,7,. . .}
• Every n ∈ N has a unique set of prime factors
• Example: 60 = 22 x 3 x 5
• Multiplying numbers is easy, factoring numbers appears hard
• We cannot factor most numbers with more than 1024 bits.

7
Number Theory
Division/Remainder/Modulo
• Divisors: a ≠ 0 divides b (written a/b) if ∃m.ma = b
• Examples: 3/6, 3/7, 3/10
• ∀a, n. ∃q, r. a = q x n + r where 0 ≤ r < n
• Here r is the remainder, and we write → a mod n = r
• Examples:
6=2x3+0 6 mod 3 = 0
7=2x3+1 7 mod 3 = 1
10 = 3 x 3 + 1 10 mod 3 = 1
• a, b ∈ Z are congruent modulo n, if a mod n = b mod n
• We write this as a ≡ b (mod n)
• Example: 7 ≡ 10 (mod 3)

8
Number Theory
Greatest Common Divisor (GCD)
• For a, b ∈ N, gcd(a, b) denotes greatest common divisor
• Example: 60 = 22 x 3 x 5,
14 = 2 x 7,
gcd(60,14) = 2
• a, b ∈ N are relatively prime if gcd(a,b) = 1
• gcd can be computed quickly using Euclid’s algorithm
gcd(60,14) : 60 = 4 x 14 + 4
gcd(14,4) : 14 = 3 x 4 + 2
gcd(4,2) : 4 = 2x2
• With extended version can compute x,y ∈ Z where
gcd(a,b) = xa + yb
Here 2 = 14 - 3 x 4 = 14 - 3 (60 - 4 x 14) = - 3 x 60 + 13 x 14
9
Number Theory
Inverse
• Suppose that a, b ∈ Z are relatively prime. There is a c ∈ Z satisfying
bc mod a = 1, i.e., we can compute b-1 mod a
Proof: From extended Euclidean Algorithm, exists x,y ∈ Z where
1 = ax + by
Now consider the two sides modulo a. Since a|ax, we have by mod a = 1
Assertion follows with c := y
• Example: 4-1 mod 7
• From Euclidean Algorithm: 1 = 7 x (-1) + 4 x 2
• Hence solution c is 2
• Check: 4 x 2 mod 7 = 1

10
RSA Algorithms
• Generate a public/private key pair:
1- Generate two large distinct primes p and q
2- Compute n = pq and φ = (p – 1)(q – 1)
3- Select an e, 1 < e < φ, relatively prime to φ (and generally prime)
4- Compute the unique integer d, 1 < d < φ where ed mod φ = 1
5- Return public key (n,e) and private key d
Note: φ → Euclier’s Totient Function
• Encryption with key (n,e)
1- Represent the message as an integer m {0,. . .,n-1}
2- Compute c = memod n
• Decryption with key d: compute m = cd mod n

11
RSA Example
1. Let p = 7, q = 19
2. n = pq = 133, φ = (p-1)(q-1) = 6 x 18 = 108
3. Choose e = 29 (randomly)
• must have no factors in common with φ (relatively prime to φ) (and generally prime)
• 1<e<φ
4. Compute d = 41
• 1 < d < φ where ed mod φ = 1 (d ≡ e-1 mod φ)
• Publish e and n, keep d secret, discard p and q
• Break message m into small blocks, e.g., m = 60 23 68 96 66
• Compute me mod n blockwise. E.g., c1 = 6029 mod 133 = 86
• To decrypt: m1 = 8641mod 133 = 60

12
RSA Security
• Computation of secret key d given (n,e)
• As difficult as factorization. If we can factor n = pq then we can
compute φ = (p – 1)(q – 1) and hence d ≡ e-1mod φ
• No known polynomial-time algorithm
But given progress in factoring, n should have at least 1024 bits
• Computation of m, given c, and (n,e)
• Computation of e-th root
• Unclear (= no proof) whether it is necessary to compute d, i.e., to
factorize n

13
RSA Exercise
• Alice’s public key is (na, ea) = (55, 33), her private key is da = 17
• Bob’s public key is (nb, eb) = (39, 5), his private key is db = 5
Consider the following scenarios:
Q1- Bob wants to send the message “das ist geheim” to Alice. Encode the
letters by their position in the alphabet (e.g., the letter “a” is represented by
the number 1) and compute the cipher text.
Q2- Alice sends the following encrypted message to Bob:
11, 8, 3, 28, 3, 28, 1, 28, 5, 9, 18, 5, 11
Decrypt the message. Again, the number represent the letters by their position
in the alphabet.

14
Cryptographic Hashes: Requirements
• Motivation: create a data “fingerprint”
• A hash function h(x) (in the general sense) has the properties:
1- Compression: h maps an input x of an arbitrary bit length to an output h(x) of
fixed bit length n.
2- Polynomial time computable.
• Example (Longitudinal Redundancy Check - LRC):
Given m blocks of n-bit input b1, ..., bm, form the n-bit checksum c from the
bitwise xor of every block. I.e., (for 1 <= i <= n)
ci = bi1 ⊕ bi2 ⊕. . . ⊕ bim
• Cryptographic techniques can be seen as a refinement of checksum techniques to
handle an active forger.

15
Cryptographic Hashes: Requirements
h(x) is a cryptographic hash function if it is additionally:
• One-way (or pre-image resistance)
Given y, it is hard to compute an x where h(x) = y
• And usually either
• 2nd-preimage resistance
It is computationally infeasible to find a second input that has the same output
as any specified input, i.e., given x to find an x' ≠ x such that
h(x) = h(x')
• Collision resistance (implies 2nd-preimage resistance)
It is difficult to find two distinct inputs x, x' where h(x) = h(x')
• Hash value also called message digest or modification detection code
(abbreviated as MDC).

16
Application
• Message or data integrity is the property that
data has not been altered in an unauthorized
manner since the time it was created,
transmitted, or stored by an authorized source.

• Message integrity: modification detection code

provides checkable fingerprint.

• Requires 2nd-preimage resistance and

authenticated MDC.

17
 Constructing a Cryptographic Hash Function
• Block chaining techniques can be used
• Divide message M into fixed size blocks b1,. . .,bn
• Use a symmetric encryption algorithm, e.g., DES
h0 = IV (initial value)
hi = Ebi(hi-1)
• Similar to Cipher Block Chaining (CBC), but no secret key
• Modern algorithms (e.g., SHA-O, MD4, MD5, …) are much more
complex and use specially designed functions
• Modern applications based on hashes still “appear” safe, e.g., no preimage
attacks yet

18
Note on Cipher Mode

19
Note on Crypto Implementations
• Implementing cryptography algorithms is a complex tasks
• Complex number theory
• Efficient implementation using machine integers (underflows, overflows, etc.)
• Don’t implement your own crypto…
• Using existing crypto libs (e.g., OpenSSL) correctly is already a challenge
• Many algorithms, modes, and configuration options to choose from
• Complex APIs

20