Contents

1. Introduction
2. RSA Cryptosystem
3. Principles of Digital Signatures
4. The RSA Signature Scheme

2
1. Introduction
Asymmetric cryptosystems rely on one key for encryption and a different but related key for
decryption.
These systems have the following important characteristic:
It is computationally infeasible to determine the decryption key given only knowledge of
the cryptographic algorithm and the encryption key.
In addition, some algorithms, such as RSA, also exhibit the following characteristic:

Either of the two related keys can be used for encryption, with the other used for
decryption.

A public-key encryption scheme has six components:

Plaintext: This is the readable message or data that is fed into the algorithm as input.
Encryption algorithm: The encryption algorithm performs various transformations on
the plaintext.
Public and private keys: This is a pair of keys that have been selected so that if one is
used for encryption, the other is used for decryption. The exact transformations
performed by the algorithm depend on the public or private key that is provided as input.
Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the key. For a given message, two different keys will produce two different
ciphertexts.
Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

The essential steps are the following.

1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.
2. Each user places one of the two keys in a public register or other accessible file. This is
the public key. The companion key is kept private.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using
Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice’s private key.

Figure-1

3
With this approach, all participants have access to public keys, and private keys are generated
locally by each participant and therefore need never be distributed. As long as a user’s private
key remains protected and secret, incoming communication is secure. At any time, a system can
change its private key and publish the companion public key to replace its old public key.

2. RSA Cryptosystem
The RSA scheme is a block cipher in which the plaintext and ciphertext are integers between 0
and n - 1 for some n. A typical size for n is 1024 bits, or 309 decimal digits. That is, n is less than
21024.
RSA makes use of an expression with exponentials. Plaintext is encrypted in blocks, with each
block having a binary value less than some number n. Encryption and decryption are of the
following form, for some plaintext block M and ciphertext block C.

Encryption: C = Me mod n
Decryption: M = Cd mod n

Both sender and receiver must know the value of n. The sender knows the value of e, and only
the receiver knows the value of d. Thus, this is a public-key encryption algorithm with a public
key of Kpub = {e, n} and a private key of Kpr = {d, n}. The private key consists of {d, n} and
the public key consists of {e, n}. Suppose that user A has published its public key and that user B
wishes to send the message M to A. Then B calculates C = Me mod n and transmits C. On receipt
of this ciphertext, user A decrypts by calculating M = Cd mod n.

The following figure summarizes the RSA algorithm.

4
 Example:

3. Principles of Digital Signatures

In a digital signature, the signer uses her private key, applied to a signing algorithm, to
sign the document. The verifier, on the other hand, uses the public key of the signer,
applied to the verifying algorithm, to verify the document. We should make a distinction
between private and public keys as used in digital signatures and public and private keys
as used in cryptosystem for confidentiality. In the later, the private and public keys of the
receiver are used in the process. The sender uses the public key of the receiver to encrypt;
the receiver uses his own private key to decrypt. In a digital signature, the private and
public keys of the sender are used. The sender uses her private key; the receiver uses the
sender’s public key.

The principle of a digital signature scheme is shown in the following figure:

Figure-2
The process starts with Bob signing the message x. The signature algorithm is a function of
Bob’s private key, kpr. Hence, assuming he in fact keeps his private key private, only Bob can
sign a message x on his behalf. In order to relate a signature to the message, x is also an input to
the signature algorithm. After signing the message, the signature s is appended to the message x

5
and the pair (x, s) is sent to Alice. It is important to note that a digital signature by itself is of no
use unless it is accompanied by the message.

The signature is only useful to Alice if she has means to verify whether the signature is valid or
not. For this, a verification function is needed which takes both x and the signature s as inputs. In
order to link the signature to Bob, the function also requires his public key. Even though the
verification function has long inputs, its only output is the binary statement “true” or “false”. If x
was actually signed with the private key that belongs to the public verification key, the output is
true, otherwise it is false.

From these general observations we can easily develop a generic digital signature protocol:

Figure-3

4. The RSA Signature Scheme

The RSA signature scheme is based on RSA encryption. The RSA idea can also be used for
signing and verifying a message. Suppose Bob wants to send a signed message x to Alice. He
generates the following RSA keys that are used for RSA encryption.

RSA Keys:
Bob’s private key: kpr =(d)
Bob’s public key: kpub=(n,e)

The actual signature protocol is shown in the following:

Figure-4

6
As can be seen from the protocol, Bob computes the signature s for a message x by RSA-
encrypting x with his private key kpr. Bob is the only party who can apply kpr, and hence the
ownership of kpr authenticates him as the author of the signed message. Bob appends the
signature s to the message x and sends both to Alice. Alice receives the signed message and
RSA-decrypts s using Bob’s public key kpub, yielding x’. If x and x’ match, Alice knows two
important things (which are two of the fundamental security services which are often needed in
practice):

a. The author of the message was in possession of Bob’s secret key, and if only Bob has had
access to the key, it was in fact Bob who signed the message. This is called message
authentication.
b. The message has not been changed in transit, so that message integrity is given.

In digital signature the role of the public and the private keys are swapped compared to the RSA
encryption/decryption scheme. RSA encryption applies the public key to the message x, the
signature scheme applies the private key kpr. On the other side of the communication channel,
RSA decryption requires the use of the private key by the receiver, while the digital signature
scheme applies the public key for verification.

Let’s look at an example with small numbers. Suppose Bob wants to send a signed message
(x = 4) to Alice. The first steps are exactly the same as it is done for an RSA encryption: Bob
computes his RSA parameters and sends the public key to Alice. In contrast to the encryption
scheme, now the private key is used for signing while the public key is needed to verify the
signature.

Figure-5