Public Key

Encryption and RSA

Dr Savitha G
Dr Girisha S
Dr Ashutosh H B
Principles of public-key
Cryptosystems
• The concept of public-key cryptography evolved from an attempt to
attack two of the most difficult problems associated with symmetric
encryption

• Key distribution under symmetric encryption requires either

 That two communicants already share a key, which somehow has been distributed
to them
 The use of a key distribution center

• Could a method be devised that would stipulate, to the satisfaction of all

parties, that a digital message had been sent by a particular person?
Principles of public-key
Cryptosystems
• Asymmetric algorithms rely on one key for encryption
and a different but related key for decryption
• These algorithms have the following important
characteristic
 It is computationally infeasible to determine the decryption key
given only knowledge of the cryptographic algorithm and the
encryption key.
 In addition, some algorithms, such as RSA, also exhibit the
following characteristic.
 Either of the two related keys can be used for encryption, with the other
used for decryption.
 Principles of public-key
Cryptosystems
➢A public-key encryption scheme has six ingredients

➢ Plaintext: This is the readable message or data that is fed into the algorithm as input.

➢ Encryption algorithm: The encryption algorithm performs various transformations on

the plaintext.

➢ Public and private keys: This is a pair of keys that have been selected so that if one is
used for encryption, the other is used for decryption. The exact transformations performed
by the algorithm depend on the public or private key that is provided as input.

➢ Ciphertext: This is the encrypted message produced as output. It depends on the

plaintext and the key. For a given message, two different keys will produce two different
ciphertexts.

➢ Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.
Principles of public-key
Cryptosystems
Principles of public-key
Cryptosystems
Principles of public-key
Cryptosystems
• The essential steps are the following:

1. Each user generates a pair of keys to be used for the encryption and
decryption of messages.

2. Each user places one of the two keys in a public register or other accessible
file. This is the public key. The companion key is kept private. Each user
maintains a collection of public keys obtained from others.

3. If Bob wishes to send a confidential message to Alice, Bob encrypts the

message using Alice’s public key.

4. When Alice receives the message, she decrypts it using her private key. No
other recipient can decrypt the message because only Alice knows Alice’s
private key.
 Principles of public-key
Cryptosystems
• There is some source A that produces a message in plaintext, X = [𝑿𝟏 , 𝑿𝟐 , 𝑿𝟑 … 𝑿𝒎 ].

• The M elements of X are letters in some finite alphabet.

• The message is intended for destination B.

• B generates a related pair of keys: a public key, 𝑷𝑼𝒃 , and a private key, 𝑷𝑹𝒃 .

• 𝑃𝑅𝑏 is known only to B, whereas 𝑃𝑈𝑏 is publicly available and therefore accessible by A.

• With the message X and the encryption key 𝑃𝑈𝑏 as input, A forms the ciphertext Y =
[𝒀𝟏 , 𝒀𝟐 , 𝒀𝟑 … 𝒀𝒎 ] Y = E(𝑷𝑼𝒃 , X)

• The intended receiver, in possession of the matching private key, is able to invert the
transformation: X = D(𝑷𝑹𝒃 ,Y)
Principles of public-key
Cryptosystems
• An adversary, observing Y and having access to 𝑷𝑼𝒃 , but not having access
to 𝑷𝑹𝒃 or X, must attempt to recover X and/or 𝑷𝑹𝒃 . It is assumed that the
adversary does have knowledge of the encryption (E) and decryption (D)
algorithms. If the adversary is interested only in this particular message,
then the focus of effort is to recover X by generating a plaintext estimate Xn
Principles of public-key
Cryptosystems
Principles of public-key
Cryptosystems
• In this case, A prepares a message to B and encrypts it using A’s private key
before transmitting it.

• B can decrypt the message using A’s public key.

• Because the message was encrypted using A’s private key, only A could have
prepared the message.

• Therefore, the entire encrypted message serves as a digital signature.

• In addition, it is impossible to alter the message without access to A’s

private key, so the message is authenticated both in terms of source and in
terms of data integrity.
Principles of public-key
Cryptosystems
• Public-Key Cryptosystem: Authentication
Principles of public-key
Cryptosystems
• Public-Key Cryptosystem: Confidentiality
Principles of public-key
Cryptosystems
• It is, however, possible to provide both the authentication function and
confidentiality by a double use of the public-key scheme:

• Z = E(PUb, E(PRa,X))

• X = D(PUa, D(PRb,Z))
 Applications for Public-Key
cryptosystem
• We can classify the use of public-key cryptosystems into three
categories
 Encryption/decryption: The sender encrypts a message with the recipient’s
public key, and the recipient decrypts the message with the recipient’s private
key.
 Digital signature: The sender “signs” a message with its private key. Signing
is achieved by a cryptographic algorithm applied to the message or to a small
block of data that is a function of the message.
 Key exchange: Two sides cooperate to exchange a session key, which is a
secret key for symmetric encryption generated for use for a particular
transaction (or session) and valid for a short period of time. Several different
approaches are possible, involving the private key(s) of one or both parties;
Applications for Public-Key
cryptosystem
 Requirements for Public-Key
cryptosystem
The conditions that such algorithms must fulfill:

• It is computationally easy for a party B to generate a key pair (public key PUb, private key
PRb).

• It is computationally easy for a sender A, knowing the public key and the message to be
encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M)

• It is computationally easy for the receiver B to decrypt the resulting ciphertext using the
private key to recover the original message: M = D(PRb, C) = D[PRb, E(PUb, M)]

• It is computationally infeasible for an adversary, knowing the public key, PUb, to determine
the private key, PRb.

• It is computationally infeasible for an adversary, knowing the public key, PUb, and a
ciphertext, C, to recover the original message, M. We can add a sixth requirement that,
although useful, is not necessary for all public-key applications:
 The two keys can be applied in either order: M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
 RSA Algorithm
• Developed in 1977 by Ron Rivest, Adi Shamir, and Len Adleman at MIT and first
published in 1978

➢ The Rivest-Shamir-Adleman (RSA)

➢ The RSA scheme is a cipher in which the plaintext and ciphertext are integers between
0 and n - 1 for some n.

➢A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than 2(1024).

➢ RSA makes use of an expression with exponentials. Plaintext is encrypted in blocks,

with each block having a binary value less than some number n.
 RSA Algorithm
• Both sender and receiver must know the value of n.
• The sender knows the value of e, and only the receiver knows the value of d.
• Thus, this is a public-key encryption algorithm with a public key of
PU = {e, n} and a private key of PR = {d, n}.

• For this algorithm to be satisfactory for public-key encryption, the following

requirements must be met.
 It is possible to find values of e, d, and n such that M(ed) mod n = M for all M < n.
 It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n.
 It is infeasible to determine d given e and n.
RSA Algorithm
• e and d are multiplicative inverses modulo Ф(n), where Ф(n) is the Euler
totient function

• The relationship between e and d can be expressed as

• This is equivalent to saying

RSA Algorithm
• That is, e and d are multiplicative inverses mod Ф(n)

• The private key consists of {d, n} and the public key consists of {e, n}.
• Suppose that user A has published its public key and that user B wishes to
send the message M to A.
• Then B calculates C = Me mod n and transmits C. On receipt of this
ciphertext, user A decrypts by calculating M = Cd mod n.
RSA Algorithm
RSA Example:
• Select two prime numbers, p = 17 and q = 11

• Calculate n = pq = 17 * 11 = 187.

• Calculate Ф(n) = (p - 1)(q - 1) = 16 * 10 = 160

• Select e such that e is relatively prime to Ф(n) = 160 and less than Ф(n); we
choose e = 7.

• Determine d such that de = 1 (mod 160) and d < 160. The correct value is d =
23, because 23 * 7 = 161 = (1 * 160) + 1; d can be calculated using the
extended Euclid’s algorithm

• The resulting keys are public key PU = {7, 187} and private key PR = {23,
187}
RSA Example:
• The example shows the use of these keys for a plaintext input of M = 88. For
encryption, we need to calculate C = 88 7 mod 187. Exploiting the properties
of modular arithmetic, we can do this as follows.
RSA Example:
RSA Example:
Diffie-Hellman Key Exchange
• The purpose of the algorithm is to enable two users to securely exchange a
key that can then be used for subsequent symmetric encryption of messages.
The algorithm itself is limited to the exchange of secret values.

• The Diffie–Hellman algorithm depends for its effectiveness on the difficulty

of computing discrete logarithms.

• Primitive Root of a Prime number:

 A primitive root of a prime number p is one whose powers modulo p generate all
the integers from 1 to p - 1.

 That is, if a is a primitive root of the prime number p, then the numbers:

a mod p, a2 mod p, …. , a(p-1) mod p

are distinct and consist of the integers from 1 through p - 1 in some permutation.
Diffie-Hellman Key Exchange
Example of primitive root:

• Consider a prime number p=5 and a=2

• Then, 2 mod 5, 22 mod 5, 23 mod 5, 24 mod 5 are distinct numbers from 1 to 5.

• 2 mod 5=2

• 22 mod 5 = 4 mod 5 =4

• 23 mod 5 = 8 mod 5 = 3

• 24 mod 5 = 16 mod 5 = 1
 Diffie-Hellman Key Exchange
• For this scheme, there are two publicly known numbers: a prime number q and an
integer a that is a primitive root of q.

• Suppose the users A and B wish to create a shared key.

• User A selects a random integer 𝑿𝑨 < 𝒒 and computes 𝒀𝑨 = 𝒂𝑿𝑨 𝒎𝒐𝒅 𝒒

• Similarly, user B independently selects a random integer 𝑿𝑩 < 𝒒 and computes

𝒀𝑩 = 𝒂𝑿𝑩 𝒎𝒐𝒅 𝒒

• Each side keeps the X value private and makes the Y value available publicly to
the other side.

• Thus, 𝑿𝑨 is A’s private key and 𝒀𝑨 is A’s corresponding public key, and similarly
for B.
 Diffie-Hellman Key Exchange
• User A computes the key as 𝑲 = 𝒀𝑩 𝑿𝑨 𝒎𝒐𝒅 𝒒 and user B computes the key as 𝑲 = 𝒀𝑨 𝑿𝑩 𝒎𝒐𝒅 𝒒 .

• Example:
 Key exchange is based on the use of the prime number q = 353 and a primitive root of 353, in
this case a = 3.
 A and B select private keys 𝑿𝑨 = 97 and 𝑿𝑩 = 233, respectively. Each computes its public key:

 After they exchange public keys, each can compute the common secret key:
Diffie-Hellman Key Exchange
Diffie-Hellman Key Exchange
Man in the middle attack:

Suppose Alice and Bob wish to exchange keys, and Darth is the adversary.
The attack proceeds as follows:
Diffie-Hellman Key Exchange
ELGAMAL CRYPTOGRAPHIC SYSTEM

• In 1984, T. Elgamal announced a public-key scheme based on discrete

logarithms, closely related to the Diffie–Hellman technique
ELGAMAL CRYPTOGRAPHIC SYSTEM
 ELGAMAL CRYPTOGRAPHIC SYSTEM
• For example, let us start with the prime field GF(19); that is, q = 19. It has primitive roots {2, 3,
10, 13, 14, 15}. We choose a = 10.
Alice generates a key pair as follows:
1. Alice chooses XA = 5.
2. Then YA = 𝑎 𝑋𝐴 mod q = a5 mod 19 = 3
3. Alice’s private key is 5 and Alice’s public key is {q, a, YA} = {19, 10, 3}.
Suppose Bob wants to send the message with the value M = 17. Then:
 Bob chooses k = 6.

 Then K = (YA)k mod q = 36 mod 19 = 729 mod 19 = 7.

 So C1 = ak mod q = a6 mod 19 = 11

 C2 = KM mod q = 7 * 17 mod 19 = 119 mod 19 = 5

 Bob sends the ciphertext (11, 5).

 ELGAMAL CRYPTOGRAPHIC SYSTEM
For decryption:

• Alice calculates K = (𝐶1) 𝑋𝐴 mod q = 115 mod 19 = 161051 mod 19 = 7.

• Then K-1 in GF(19) is 7-1 mod 19 = 11.

• Finally, M = (C2K-1) mod q = 5 * 11 mod 19 = 55 mod 19 = 17.

 ELGAMAL CRYPTOGRAPHIC SYSTEM
If a message must be broken up into blocks and sent as a sequence of encrypted blocks, a
unique value of k should be used for each block. If k is used for more than one block,
knowledge of one block M1 of the message enables the user to compute other blocks as follows.
Let:

Then,

If M1 is known, then M2 is easily computed as

• M2 = (C2,1)-1 C2,2 M1 mod q
 ELGAMAL CRYPTOGRAPHIC SYSTEM
• The security of Elgamal is based on the difficulty of computing discrete logarithms.

• To recover A’s private key, an adversary would have to compute XA = dloga,q(YA).

• Alternatively, to recover the one-time key K, an adversary would have to determine

the random number k, and this would require computing the discrete logarithm k =
dloga,q(C1).
END