Cryptography

Sixth Edition
by William Stallings

Vietnam – Korea University

of Information and Communication Technology
 Chapter 10

Other Public-Key Cryptosystems

Vietnam – Korea University

of Information and Communication Technology
 Diffie-Hellman Key Exchange

• First published public-key algorithm

• A number of commercial products employ this key exchange
technique
• Purpose is to enable two users to securely exchange a key
that can then be used for subsequent symmetric encryption
of messages
• The algorithm itself is limited to the exchange of secret values
• Its effectiveness depends on the difficulty of computing
discrete logarithms

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 Primitive root example

Vietnam – Korea University

of Information and Communication Technology
 Key Exchange Protocols

• Users could create random private/public Diffie-

Hellman keys each time they communicate
• Users could create a known private/public Diffie-
Hellman key and publish in a directory, then
consulted and used to securely communicate
with them
• Vulnerable to Man-in-the-Middle-Attack
• Authentication of the keys is needed

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 ElGamal Cryptography

Public-key scheme Used in the digital

Announced in 1984 based on discrete signature standard
by T. Elgamal logarithms closely (DSS) and the
(closely related to the related to the Diffie- S/MIME e-mail
Diffie-Hellman technique)
Hellman technique standard

Global elements are Security is based on

a prime number q the difficulty of
and a which is a computing discrete
primitive root of q logarithms

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 Elliptic Curve Arithmetic

• Most of the products and standards that use public-key

cryptography for encryption and digital signatures use RSA
– The key length for secure RSA use has increased over recent
years and this has put a heavier processing load on applications
using RSA
• Elliptic curve cryptography (ECC) is showing up in
standardization efforts including the IEEE P1363 Standard
for Public-Key Cryptography
• Principal attraction of ECC is that it appears to offer equal
security for a far smaller key size
• Confidence level in ECC is not yet as high as that in RSA

Vietnam – Korea University

of Information and Communication Technology
 Abelian Group

• A set of elements with a binary operation, denoted

by , that associates to each ordered pair (a, b) of
elements in G an element (a  b) in G, such that
the following axioms are obeyed:
(A1) Closure: If a and b belong to G, then a  b
is also in G
(A2) Associative: a  (b  c) = (a  b)  c for all a, b, c in G
(A3) Identity element: There is an element e in G such that a 
e=ea=a for all a in G
(A4) Inverse element: For each a in G there is an element a′ in
G such that a  a′ = a′  a = e
(A5) Commutative:
Vietnam – Korea University a  b = b  a for all a, b in G
of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 Elliptic Curves Over Zp
• Elliptic curve cryptography uses curves whose variables and
coefficients are finite
• Two families of elliptic curves are used in cryptographic applications:

Binary
curves Prime
over curves
GF(2m) over Zp

• Variables and coefficients • Use a cubic equation in which

all take on values in GF(2m) the variables and coefficients all
and in calculations are take on values in the set of
performed over GF(2m) integers from 0 through p-1 and
• Best for hardware in which calculations are
applications performed modulo p
• Best for software applications

Vietnam – Korea University

of Information and Communication Technology
 Table 10.1
Points (other than O) on the Elliptic Curve E23(1, 1)

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 Elliptic Curves Over GF(2m)
• Use a cubic equation in which the variables and
coefficients all take on values in GF(2 m) for some
number m
• Calculations are performed using the rules of
arithmetic in GF(2m)
• The form of cubic equation appropriate for
cryptographic applications for elliptic curves is
somewhat different for GF(2m) than for Zp
– It is understood that the variables x and y and the
coefficients a and b are elements of GF(2m) and that
calculations are performed in GF(2m)

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 Elliptic Curve Cryptography (ECC)

• Addition operation in ECC is the counterpart

of modular multiplication in RSA
• Multiple addition is the counterpart of
modular exponentiation
To form a cryptographic • Q=kP, where Q, P belong to a prime
system using elliptic curves, curve
we need to find a “hard • Is “easy” to compute Q given k and P
problem” corresponding to • But “hard” to find k given Q, and P
factoring the product of two
• Known as the elliptic curve logarithm
primes or taking the
problem
discrete logarithm

• Certicom example: E23(9,17)

Vietnam – Korea University
of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 ECC Encryption/Decryption

• Several approaches using elliptic curves have been analyzed

• Must first encode any message m as a point on the elliptic curve
Pm
• Select suitable curve and point G as in Diffie-Hellman
• Each user chooses a private key nA and generates a public key
PA=nA * G
• To encrypt and send message Pm to B, A chooses a random
positive integer k and produces the ciphertext Cm consisting of the
pair of points:

Cm = {kG, Pm+kPB}
• To decrypt the ciphertext, B multiplies the first point in the pair by
B’s secret key and subtracts the result from the second point:
Pm+kPB–nB(kG) = Pm+k(nBG)–nB(kG) = Pm
Vietnam – Korea University
of Information and Communication Technology
 Security of Elliptic Curve Cryptography

• Depends on the difficulty of the elliptic curve

logarithm problem
• Fastest known technique is “Pollard rho
method”
• Compared to factoring, can use much
smaller key sizes than with RSA
• For equivalent key lengths computations are
roughly equivalent
• Hence, for similar security ECC offers
significant computational advantages
Vietnam – Korea University
of Information and Communication Technology
 Table 10.3
Comparable Key Sizes in Terms of
Computational Effort for Cryptanalysis
(NIST SP-800-57)

Note:Vietnam
L =– Korea
size of public key, N = size of private key
University
of Information and Communication Technology
 Pseudorandom Number Generation
(PRNG) Based on Asymmetric Cipher

• An asymmetric encryption algorithm

produces apparently ransom output and can
be used to build a PRNG
• Much slower than symmetric algorithms so
they’re not used to generate open-ended
PRNG bit streams
• Useful for creating a pseudorandom function
(PRF) for generating a short pseudorandom
bit sequence

Vietnam – Korea University

of Information and Communication Technology
 Vietnam – Korea University
of Information and Communication Technology
 PRNG Based on Elliptic
Curve Cryptography
• Developed by the U.S. National Security Agency
(NSA)
• Known as dual elliptic curve PRNG (DEC PRNG)
• Recommended in NIST SP 800-90, the ANSI
standard X9.82, and the ISO standard 18031
• Has been some controversy regarding both the
security and efficiency of this algorithm compared to
other alternatives
– The only motivation for its use would be that it is used in a
system that already implements ECC but does not
implement any other symmetric, asymmetric, or hash
cryptographic algorithm that could be used to build a
PRNG
Vietnam – Korea University
of Information and Communication Technology
 Summary

• Diffie-Hellman Key
Exchange • Elliptic curve arithmetic
– The algorithm • Abelian groups
– Key exchange protocols • Elliptic curves over real
– Man-in-the-middle attack numbers
• Elgamal cryptographic • Elliptic curves over Zp
system • Elliptic curves over
• Elliptic curve GF(2m)
cryptography • Pseudorandom number
– Analog of Diffie-Hellman generation based on
key exchange
– Elliptic curve
an asymmetric cipher
encryption/decryption • PRNG based on RSA
– Security of elliptic curve • PRNG based on elliptic
cryptography curve cryptography
Vietnam – Korea University
of Information and Communication Technology