1. Public key cryptography
RSA Algorithm
Diffie-Hellman key exchange

2. Public-Key Cryptography
traditional private/secret/single key cryptography uses one key
Key is shared by both sender and receiver
if the key is disclosed communications are compromised
also known as symmetric, both parties are equal
hence does not protect sender from receiver forging a message & claiming is sent by sender

3. Disadvantages of Classical Cryptography
Requires secure transmission of key value
Requires a separate key for each group of people that wishes to exchange encrypted messages (readable by any group member)
For example, to have a separate key for each pair of people, 100 people would need 4950 different keys.
Cumbersome Handshaking involved in KDC

4. Public-Key Cryptography
probably most significant advance in the 3000 year history of cryptography
uses two keys – a public key and a private key
asymmetric since parties are not equal
uses clever application of number theory concepts to function

5. Why Public-Key Cryptography?
developed to address two key issues:
key distribution – how to have secure communications in general without having to trust a KDC with your key
digital signatures – how to verify a message comes intact from the claimed sender
public invention due to Whitfield Diffie & Martin Hellman at Stanford U. in 1976

6. Key Distribution requires that
Two communicants already share a key,which somehow has been distributed to them
Use of a key distribution center
Electronic messages and documents would need the equivalent of signatures used in paper documents.

7. Public-Key Cryptography
public-key/two-key/asymmetric cryptography involves the use of two keys:
a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures
a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures
is asymmetric because
those who encrypt messages or verify signatures cannot decrypt messages or create signatures

8. Public-Key Cryptography Encryption

9. Alice generates a key value (usually a number or pair of related numbers) which she makes public.
Alice uses her public key (and some additional information) to determine a second key (her private key).
Alice keeps her private key (and the additional information she used to construct it) secret.

10. Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
Alice can use her private key to decrypt this message.
No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the message

11. An Example: Internet Commerce
Bob wants to use his credit card to buy some books from Alice over the Internet.
Alice sends her public key to Bob.
Bob uses this key to encrypt his credit-card number and sends the encrypted number to Alice.
Alice uses her private key to decrypt this message (and get Bob’s credit-card number).

12. Authentication

13. Public-Key Cryptosystems

14. Public-Key Applications
can classify uses into 3 categories:
encryption/decryption (provide secrecy)
digital signatures (provide authentication)
key exchange (of session keys)
some algorithms are suitable for all uses, others are specific to one

15. RSA Y Elliptic curve Diffie-Hellman N DSS Algorithm
Encryption / Decryption
Digital Signature
Key Exchange
RSA Y
Elliptic curve
Diffie-Hellman N
DSS

16. THE RSA ALGORITHM
Public key algorithm invented in 1977 by Ron Rivest, Adi Shamir & Leonard Adleman of MIT
Best known & widely used public-key scheme
Supports Encryption & Digital signatures
Gets its security from integer factorization problem

17. Key Generation
Generate two large random primes, p and q, of approximately equal size such that their product n = pq is of the required bit length, e.g bits.
Compute n = pq and phi φ(n) = (p-1)(q-1).
Choose an integer e, 1 < e < φ(n), such that gcd(e, φ) = 1.
Compute the secret exponent d, 1 < d < φ(n), such that ed ≡ 1 mod φ(n).
The public key is (n, e) and the private key is (n, d). Keep all the values d, p, q and φ(n) secret.
n is known as the modulus.
e is known as the public exponent or encryption exponent or just the exponent.
d is known as the secret exponent or decryption exponent.

18. Key Generation -detail
Use a random process to select two large prime numbers p and q. Compute the product n = p*q. This number is called the modulus, and is made publicly available.
RSA currently recommends a modulus that’s at least 768 bits long.
Also compute the Euler totient φ(n) = φ(pq)= (p-1)*(q-1). Keep this number (as well as p and q) secret.

19. GCD & Relatively prime
Two numbers a and b which have no common factors other than one are said to be coprime or relatively prime. For example, 4 and 9 are coprime but 15 and 25 are not.
The greatest common divisor of two integers a and b is the largest integer that divides both numbers and is denoted by ‘gcd(a, b)’. For example, gcd(25, 15) = 5 and gcd(4, 9) = 1.
a and b are coprime if and only if
gcd(a, b) = 1.

20. Euler Totient i.e. for any prime p, φ(p) = p-1
φ(n) is the no. of positive integers less than n and relatively prime to n.
e.g. φ(12)=4 as the four integers {1,5,7,11} are coprime to 12.
φ(7)=6 as the 6 integers {1,2,3,4,5,6} are coprime to 7.
i.e. for any prime p, φ(p) = p-1

21. Key Generation -detail
Randomly choose a public key e that has no factors in common with φ(n)= (p-1)*(q-1). so that gcd(e, φ(n)) = 1, 1 < e < φ(n);[Euclid’s algorithm: gcd(a,b)=gcd(b,r) where r=a mod b e.g. gcd(18,12)=gcd(12,6)=gcd(6,0)=6 i.e. a = qb + r]
Solve following equation to find decryption key d ,e.d ≡ 1 mod φ(n) and d < n; where d is the multiplicative inverse of e in mod φ(n);d ≡ e-1mod φ(n)

22. ‘mod’ as a congruence relation: The notation ‘a ≡ b (mod n)’ means a and b have the same remainder when divided by n, or, equivalently,
(a) n|a − b, or
(b) a − b = nk for some integer k .
We say that a is congruent to b modulo n, where n is the modulus of the congruence. The two ways of using ‘mod’ are related:
a ≡ b (mod n) <==> a mod n = b mod n.

23. Compute a private key d so that e
Compute a private key d so that e*d leaves a remainder of 1 when divided by φ(n) . Find a value for d such that φ(n) divides (ed-1). Note that d is easy to compute only if one knows the value of φ(n). This is essentially the same as knowing the values of p and q.

24. Using RSA publish their public encryption key: KU={e,n}
keep secret private decryption key: KR={d,p,q}
to encrypt a message M the sender:
obtains public key of recipient KU={e,n}
computes: C=Me mod n, where 0≤M<n
to decrypt the ciphertext C the owner:
uses their private key KR={d,p,q}
computes: M=Cd mod n

25. RSA Example Select primes: p =17 & q =11 Compute n = pq =17×11=187
Select e : gcd(e,160)=1; choose e =7
Determine d: de=1 mod 160 and d < 160 Value is d=23 since 23×7=161= 1×160+1
Publish public key KU={7,187}
Keep secret private key KR={23,17,11}
Here walk through example using “trivial” sized numbers.
Selecting primes requires the use of primality tests.
Finding d as inverse of e mod ø(n) requires use of Inverse algorithm (see Ch4)

26. Use a property of modular arithmetic:
(a x b) mod n = [ (a mod n) x (b mod n) ] mod n
modulo of a product = modulo of the product of its multipliers’ modulos
Strategy - reduce xy into xaxbxc where y=a+b+c using powers of 2 for a, b, c . Then apply above property

27. given message M = 88 (nb. 88<187) Encryption:
C = 887 mod 187 = [(884 mod 187)( 882 mod 187)( 881 mod 187)] mod 187
881 mod 187 =88
882 mod 187 = 7744 mod 187 = 77
884 mod 187 = 59,969,536 mod 187=132
= (88 x 77 x 132) mod 187 =
894,432 mod 187 = 11

28. Decryption:
M = 1123 mod(187) =
[(111 mod 187)( 112 mod 187)( 114 mod 187)( 118 mod 187)( 118 mod 187)] mod (187)
= (11 x 121 x 55 x 33 x 33) mod(187) = 88

29. Q. p=11,q=3
M=7

30. Comparison DES RSA Symmetric Key Encryption algorithm
Block size – 64 bits
Contains complex operations(S-boxes)
Bit wise operations used (Shift and XOR)
There are some operations on key
16 rounds of same operations
Calculations are based on permutation
Public Key Encryption algorithm
Block size – 1024 bits
Only mathematical calculations used
No bit wise operations
No operations on key.
Consists a single round operation
Calculations are based on ‘primitive logarithm’.

31. Security of RSA three approaches to attacking RSA:
brute force key search –trying all possible keys; infeasible given size of numbers)
mathematical attacks -, by factoring modulus N,the product of two primes; based on difficulty of computing ø(N)
timing attacks –depend on running time of decryption algorithm.

32. Factoring problem Mathematical approach takes 3 forms:
factor N = p.q, hence find ø(N) and then d
determine ø(N) directly and find d
find d directly, without first determining ø(N)
Factoring challenge: First challenge which used a public key size (N) of 129 decimal digits (428 bits) was factored in April 1994 after 8 months of work.
RSA Labs factoring challenge
RSA-155 challenge:- 155 decimal/512bits length was factored in seven months during 1999.
A group consisting of, among several others, Arjen K. Lenstra and Herman te Riele performed the necessary computations on 300 workstations and PCs
This means that 512-bit keys no longer provide sufficient security for anything more than very short-term security needs.

33. It is not necessarily true that a large number is more difficult to factor than a smaller number. For example, the number is easy to factor, while the 155-digit number RSA-155 was factored after seven months of extensive computations. What is true in general is that a number with large prime factors is more difficult to factor than a number with small prime factors (still, the running time of some factoring algorithms depends on the size of the number only and not on the size of its prime factors). This is why the size of the modulus in the RSA algorithm determines how secure an actual use of the RSA cryptosystem is.

34. Key Size
The key size should be greater than 1024 bits for a reasonable level of security for corporate use .
Keys of size, say, 2048 bits should allow security for decades for very valuable keys.
Less valuable information may well be encrypted using a 768-bit key

35. the RSA-155 factorization is = *

36. How fast is RSA
An "RSA operation," whether encrypting, decrypting, signing, or verifying is essentially a modular exponentiation. This computation is performed by a series of modular multiplications.
Generally, symmetric encryption algorithms are much faster to execute on a computer than asymmetric ones.
By comparison, DES and other block ciphers are much faster than the RSA algorithm. DES is generally at least 100 times as fast in software and between 1,000 and 10,000 times as fast in hardware, depending on the implementation. Implementations of the RSA algorithm will probably narrow the gap a bit in coming years, due to high demand, but block ciphers will get faster as well.

37. Diffie-Hellman Key Exchange
Whittfield Diffie and Martin Hellman are called the inventors of Public Key Cryptography.
Diffie-Hellman Key Exchange is the first Public Key Algorithm published in 1976.
Depends on its effectiveness on the difficulty of computing discrete logarithms

38. Discrete Logarithms What is a logarithm?
log10100 = 2 because 102 = 100
In general if logmb = a then ma = b
Where m is called the base of the logarithm
A discrete logarithm can be defined for integers only
In fact we can define discrete logarithms mod p also where p is any prime number

39. b = a i mod p where 0<= i <=(p-1)
Primitive Roots
If x n = a then a is called the n-th root of x
For any prime number p, if we have a number a such that powers of a mod p generate all the numbers between 1 to p-1 (in some permutation) then a is called a Primitive Root of p.
Then for any integer b and a primitive root a of prime number p we can find a unique exponent i such that
b = a i mod p where 0<= i <=(p-1)
The exponent i is referred to as the discrete logarithm or index, of b for the base a, mod p. i = inda,p(b)

40. 2 as primitive root 3 as primitive root m 1 2 3 4 5 6 7 8 9 10
2m mod 11 m 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
2m mod 19
3m mod 19

41. Discrete logarithm to base 2,modulo 11
2 as primitive root
Discrete logarithm to base 2,modulo 11 m 1 2 3 4 5 6 7 8 9 10
2m mod 11 b 1 2 3 4 5 6 7 8 9 10
Ind2,11(b)

44. Diffie-Hellman Algorithm
Five Parts
Global Public Elements
User A Key Generation
User B Key Generation
Generation of Secret Key by User A
Generation of Secret Key by User B

45. Global Public Elements
p Prime number
g g < p and g is a primitive
root of p
The global public elements are also sometimes called the domain parameters

46. User A Key Generation Select private XA XA < p
Calculate public YA YA = g XA mod p
Keep X value private & make Y value public to other side

47. User B Key Generation Select private XB XB < p
Calculate public YB YB = g XB mod p
Keep X value private & make Y value public to other side

48. Generation of Secret Key by User A
K = (YB)XA mod p

49. Generation of Secret Key by User B
K = (YA)XB mod p

50. Diffie-Hellman Key Exchange
Alice and Bob agree upon and make public two
numbers g and p, where p is a prime and g is a primitive root mod p. Note: Anyone has access to these numbers.
The Exchange:
1. Alice chooses a random number a (secret)and computes u =g a (mod p), and sends u to Bob.
2. Bob chooses a random number b (secret) and computes v= g b (mod p), and sends v to Alice.
3. Bob computes the key kb using secret b= u b mod p
4. Alice computes the key ka using secret a=v a mod p
Now, both Alice and Bob have the same key,
namely ka = kb = gab (mod p).

51. kb = u b mod p
=(g a mod p)b mod p
=(g a)b mod p by modular arithmetic
= g ab mod p
=(g b)a mod p
=(g b mod p)a mod p
= v a mod p
= ka

52. Example Suppose Alice and Bob agree to use p = 47 and g = 5.
Alice chooses a number between 0 and 46,
say a = 18.
Bob chooses a number between 0 and 46,
say b = 22.

53. Example Alice publishes ga (mod p), i.e. u = 518 (mod 47) = 2.
Bob publishes gb (mod p), i.e.
v = 522 (mod 47) = 28.
If Alice wants to know the secret key k, she takes Bob’s public number,v =28 and raises it to her private number, a = 18 (taking the result mod 47).
This gives her: 2818 (mod 47) = 24.

54. Example
If Bob wants to know the secret key, he takes Alice’s public number, u = 2, and raises it to his private number, b = 22 (taking the result mod 47).
This gives him: 222 (mod 47) = 24.
Thus, Alice and Bob have agreed upon a secret key, k = 24.

55. Security of DH exchange
Opponent Eve has the following ingredients p,g,u,v to work with
If Eve wants to compute k, then she would need either a or b.
Otherwise, Eve would need to solve a
Discrete Logarithm Problem.
E.g. for attacking user B’s secret key,the opponent must compute b=indg,p(v)
There is no known algorithm to accomplish this in a reasonable amount of time.With large nos. its impractical.

56. Man in the middle attack
Susceptibility: If Eve can intercept u and v, it is possible for her to substitute her own u’ and v’.
If she can intercept all communication between Alice and Bob, then she can substitute her own messages.
In 1992, the exchange was modified to prevent the man-in-the-middle attack.

57. Example for m-i-t-m-a
Alice wants to talk to Bob, sends her public key to Bob.
But Eve intercepts it, and replaces Alice’s public key with hers. She sends this to Bob.
Bob thinks Alice wants to talk to him. He sends his public key to her.
But Eve intercepts and replaces!
Then Eve sets up shared keys with both!

58. What to do?
If the public keys are certified (e.g., VeriSign) then Alice and Bob verifies that they got the right public keys!

59. User Authentication: Alice encrypts the message, m, with her private key a, call it ma. ma = Ea (m)
Alice encrypts ma with Bob’s public key, v, and sends the message to Bob. ma v = Ev (ma)
Bob recovers ma using his private key b and recovers m by using Alice’s public key u. m = Du(Db(mav))
Thus, Bob is sure that only Alice could have sent the message.