DEBRE MARKOS UNIVERSITY

BURIE CAMPUS
DEPARTMENT OF COMPUTER SCIENCE
Computer Security
By:
Amare W.

1
 2

Chapter 3: PUBLIC KEY CRYPTOSYSTEM continued

♥ In symmetric-key cryptography, the sender and receiver of a

message know and use the same secret key.
♥ The main challenge is getting the sender and receiver to agree on
the secret key without anyone else finding out.
♥ If they are in separate physical locations, they must trust a carrier,
a phone system, or some other transmission medium to prevent
the disclosure of the secret key.
♥ Anyone who overhears or intercepts the key in transit can later
read, modify, and forge all messages encrypted or authenticated
using that key.
 3 01/27/2025

♥ Because all keys in a secret-key (symmetric-key) cryptosystem

must remain secret, secret-key cryptography often has difficulty
providing secure key management.
♥ Key distribution under symmetric encryption requires either (1)
that two communicants already share a key, which somehow has
been distributed to them; or (2) the use of a key distribution
center.
♥ To solve the key management problem, Whitfield Diffie and
Martin Hellman introduced the concept of public-key
3/2/2018

cryptography in 1976.
 4 01/27/2025

♥ Public-key cryptography refers to a cryptographic system requiring

two separate keys, one of which is secret and one of which is public.
♥ Although different, the two parts of the key pair are related and
mathematically linked.
♥ One key locks or encrypts the plaintext, and the other unlocks or
decrypts the ciphertext. Neither key can perform both functions by
itself.
♥ The public key may be published without compromising security,
while the private key must not be revealed to anyone not authorized
3/2/2018

to read the messages.

 5 01/27/2025

♥ Public-key cryptography uses asymmetric key algorithms, and can

also be referred to as asymmetric key cryptography.
♥ The algorithms used for public key cryptography are based on
mathematical relationships (the ones being the integer factorization
and discrete logarithm problems).
♥ Although it is easy for the recipient to generate the public and
private keys, to decrypt the message using the private key, and
easy for the sender to encrypt the message using the public key, it
is extremely difficult for anyone to derive the private key, based
3/2/2018

only on their knowledge of the public key.

 6 01/27/2025

♥ A public-key encryption scheme has six ingredients

Figure: Public-key cryptography

♥ Plaintext: This is the readable message or data that is fed into the
algorithm as input.
3/2/2018
♥ Encryption algorithm: The encryption algorithm performs various
 7 01/27/2025

♥ Public and private keys: This is a pair of keys that have been selected so that if one is
used for encryption, the other is used for decryption. The exact transformations
performed by the algorithm depend on the public or private key that is provided as
input.
♥ Ciphertext: This is the scrambled message produced as output. It depends on the
plaintext and the key. For a given message, two different keys will produce two
different ciphertexts.
♥ Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.
♥ As the names suggest, the public key of the pair is made public for others to use, while
the private key is known only to its owner. A general-purpose public-key cryptographic
3/2/2018
algorithm relies on one key for encryption and a different but related key for
decryption.
 8 01/27/2025

♥ The essential steps are the following.

1. Each user generates a pair of keys to be used for the encryption and decryption of
messages.

2. Each user places one of the two keys in a public register or other accessible file.
This is the public key. The companion key is kept private. As the previous figure
suggests, each user maintains a collection of public keys obtained from others.

3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message
using Alice’s public key.

4. When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice knows Alice’s private key.
3/2/2018
 9 01/27/2025

♥ The following table summarizes some of the important aspects

of symmetric and public key encryption.
♥ To discriminate between the two, we refer to the key used in
symmetric encryption as a secret key.
♥ The two keys used for asymmetric encryption are referred to
as the public key and the private key.
♥ Invariably, the private key is kept secret, but it is referred to as
a private key rather than a secret key to avoid confusion with
3/2/2018

symmetric encryption.
 10 01/27/2025

Table: Symmetric and public-key encryption

♥ Public-key cryptography used two different keys—one public and the
other private. It is computationally hard to deduce the private key
from the public key. Anyone with the public key can encrypt a
3/2/2018
message but not decrypt it. Only the person with the private key can
decrypt the message.
 11 01/27/2025

♥ Another difference between symmetric and asymmetric cryptography is

 Symmetric-key cryptography is based on sharing secrecy; asymmetric-
key cryptography is based on personal secrecy.
 In symmetric-key cryptography, symbols are permuted or substituted;
in asymmetric-key cryptography, numbers are manipulated.

3/2/2018
 12 01/27/2025

Applications for Public-Key Cryptosystems

♥ Before proceeding, we need to clarify one aspect of public-key

cryptosystems that is otherwise likely to lead to confusion.
♥ Public-key systems are characterized by the use of a cryptographic
algorithm with two keys, one held private and one available publicly.
♥ Depending on the application, the sender uses either the sender’s
private key or the receiver’s public key, or both, to perform some type
of cryptographic function.
♥ In broad terms, we can classify the use of public-key cryptosystems
into three categories:
3/2/2018

i. encryption/decryption ii. digital signatures & iii. Key distribution

 13 01/27/2025

♥ Encryption/decryption: The sender encrypts a message with the recipient’s

public key. This is a technique to encrypt a message with a recipient's public
key that cannot be decrypted by anyone except a possessor of the matching
private key.
♥ Digital signature: The sender “signs” a message with its private key. Signing
is achieved by a cryptographic algorithm applied to the message or to a small
block of data that is a function of the message.
♥ Digital signature is a technique for signing a message using a sender's private
key that can be verified by anyone who has access to the sender's public key,
thereby proving that the sender had access to the private key and, therefore, is
3/2/2018
likely to be the person associated with the public key used.
 14 01/27/2025

♥ Key exchange: Two sides cooperate to exchange a session key. Several

different approaches are possible, involving the private key(s) of one or both
parties.
Requirements for Public-Key Cryptography
♥ The cryptosystem illustrated in previous figure depends on a cryptographic
algorithm based on two related keys.
♥ Diffie and Hellman postulated this system without demonstrating that such
algorithms exist.
♥ However, they did lay out the conditions that such algorithms must fulfill the
following requirements. 3/2/2018
 15 01/27/2025

1. It is computationally easy for a party B to generate a pair

of key (public key PUb, private key PRb).

2. It is computationally easy for a sender A, knowing the

public key and the message to be encrypted, M, to generate
the corresponding ciphertext: C = E(PUb, M)

3. It is computationally easy for the receiver B to decrypt

the resulting ciphertext using the private key to recover the
3/2/2018
original message: M = D(PRb, C) = D[PRb, E(PUb, M)]
 16 01/27/2025

4. It is computationally infeasible for an adversary, knowing the

public key, PUb, to determine the private key, PR b.

5. It is computationally infeasible for an adversary, knowing the

public key, PUb, and a ciphertext, C, to recover the original
message, M.

We can add a sixth requirement that, although useful, is not

necessary for all public-key applications:

6. The two keys can be applied in either order: 3/2/2018

M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]

 17 01/27/2025

Public-Key Cryptography Algorithms

♥ The two most widely used public-key algorithms are Diffie-
Hellman and RSA. We look at both of these in this section.
1) Diffie-Hellman key exchange
♥ It is the first published public-key algorithm appeared by Diffie
and Hellman that defined public-key cryptography and is
generally referred to as Diffie-Hellman key exchange.
♥ The purpose of the algorithm is to enable two users to securely
exchange a key that can then be used for subsequent encryption of
messages. The algorithm itself is limited to the exchange of secret
3/2/2018

values.
 18 01/27/2025

….cont’d
♥ The Diffie–Hellman key exchange method allows two parties that have
no prior knowledge of each other to jointly establish a shared secret key
over an insecure communications channel. This key can then be used to
encrypt subsequent communications using a symmetric key.
♥ The method was followed shortly afterwards by RSA, an
implementation of public key cryptography using asymmetric
algorithms.
♥ The first important contribution of Diffie and Hellman was the definition
of a Public Key Cryptosystem (PKC) and its associated components—
one-way functions and trapdoor information. 3/2/2018
 19 01/27/2025

♥ A one-way function is an invertible function that is easy to

compute, but whose inverse is difficult to compute.
♥ Secure PKCs are built using one-way functions that have a
trapdoor. The trapdoor is a piece of auxiliary information that
allows the inverse to be easily computed.
♥ Diffie and Hellman made several suggestions for one-way
functions, including knapsack problems and exponentiation
mod q, but they did not produce an example of a PKC, mainly
for lack of finding the right trapdoor information. 3/2/2018
 20 01/27/2025

♥ The Diffie–Hellman key exchange algorithm solves the following

dilemma:
 Alice and Bob want to share a secret key for use in a symmetric
cipher, but their only means of communication is insecure. Every
piece of information that they exchange is observed by their
adversary Eve.
 How is it possible for Alice and Bob to share a key without making
it available to Eve?
 At first glance it appears that Alice and Bob face an impossible task.
3/2/2018
♥ It was a brilliant insight of Diffie and Hellman that the difficulty of
the discrete logarithm problem for F∗p provides a possible solution.
 21 01/27/2025

 The first step is for Alice and Bob to agree on a large prime p and a
nonzero integer g modulo p.
 Alice and Bob make the values of p and g public knowledge; for example,
they might post the values on their web sites, so Eve knows them, too.
 For various reasons, it is best if they choose g such that its order in F∗p is a
large prime.
♥ The next step is for Alice to pick a secret integer a that she does not reveal
to anyone, while at the same time Bob picks an integer b that he keeps
secret.
 Bob and Alice use their secret integers to compute

A ≡ ga (mod p) and B ≡ gb (mod p) 3/2/2018

Alice computes this Bob computes this

 22 01/27/2025

♥ They next exchange these computed values

 Alice sends A to Bob and Bob sends B to Alice.
 Note that Eve gets to see the values of A and B, since they are
sent over the insecure communication channel.
♥ Finally, Bob and Alice again use their secret integers to compute
A’ ≡ Ba (mod p) and B’ ≡ Ab (mod p)
Alice computes this Bob computes this
 The values that they compute, A’ and B’ respectively, are actually
the same, since
A’ ≡ Ba ≡ (gb)a ≡ gab ≡ (ga)b ≡ Ab ≡ B’ (mod p).
 This common value is their exchanged key.

3/2/2018
 23 01/27/2025

♥ The Diffie–Hellman key exchange algorithm is summarized in the

following table

3/2/2018
 24 01/27/2025

♥ Example: Alice and Bob agree to use the prime p = 941 and the
primitive root g = 627.
 Alice chooses the secret key a = 347 and computes

A = 390 ≡ 627347 (mod 941).

 Similarly, Bob chooses the secret key b = 781 and computes

B = 691 ≡ 627781 (mod 941).

 Alice sends to Bob the number 390 and Bob sends to Alice the
number 691.
 Both of these transmissions are done over an insecure channel, so both

A = 390 and B= 691 should be considered public knowledge.

 The numbers a = 347 and b= 781 are not transmitted and remain
secret.
 Then Alice and Bob are both able to compute the number
3/2/2018
470 ≡ 627347 x 781 ≡ Ab ≡ Ba (mod 941),
 so 470 is their shared secret.
 25 01/27/2025

♥ Suppose that Eve sees this entire exchange. She can reconstitute Alice’s
and Bob’s shared secret if she can solve either of the congruencies
627a ≡ 390 (mod 941) or 627b ≡ 691 (mod 941),
since then she will know one of their secret exponents.

♥ As far as is known, this is the only way for Eve to find the secret shared
value without Alice’s or Bob’s assistance.
♥ Of course, our example uses numbers that are much too small to afford
Alice and Bob any real security, since it takes very little time for Eve’s
computer to check all possible powers of 627 modulo 941. Current
guidelines suggest that Alice and Bob choose a prime p having
3/2/2018
approximately 1000 bits (i.e., p≈21000) and an element g whose order is
prime and approximately p/2. Then Eve will face a truly difficult task.
 26 01/27/2025

In general, Eve’s dilemma is this.

♥ She knows the values of A and B, so she knows the values of ga and gb. She
also knows the values of g and p, so if she can solve the DLP, then she can
find a and b, after which it is easy for her to compute Alice and Bob’s shared
secret value gab.
♥ It appears that Alice and Bob are safe provided that Eve is unable to solve
the DLP, but this is not quite correct.
♥ It is true that one method of finding Alice and Bob’s shared value is to solve
the DLP, but that is not the precise problem that Eve needs to solve.
 The security of Alice’s and Bob’s shared key rests on the difficulty of the
3/2/2018

following, potentially easier, problem.

 27 01/27/2025

♥ Definition. Let p be a prime number and g an integer. The Diffie–Hellman

Problem (DHP) is the problem of computing the value of gab (mod p) from
the known values of ga (mod p) and gb (mod p).
♥ It is clear that the DHP is no harder than the DLP.
 If Eve can solve the DLP, then she can compute Alice and Bob’s secret
exponents a and b from the intercepted values A = ga and B = gb, and
then it is easy for her to compute their shared key gab. (In fact, Eve needs to
compute only one of a and b.)
 But the converse is less clear:
Suppose that Eve has an algorithm that efficiently solves the DHP. Can
3/2/2018
she use it to also efficiently solve the DLP?
The answer is not known.
 28 01/27/2025

2) The RSA Public-Key Encryption Algorithm

♥ A number of algorithms have been proposed for public-key

cryptography. One of the first successful responses to the
challenge was developed in 1977 by Ron Rivest, Adi Shamir, and
Len Adleman at MIT and first published in 1978.
♥ The Rivest-Shamir-Adleman (RSA) scheme has since that time
reigned supreme as the most widely accepted and implemented
general-purpose approach to public-key encryption.
♥ RSA is named after its inventors Rivest, Shamir, and Adleman.
♥ The RSA scheme is a block cipher in which the plaintext
3/2/2018
and
ciphertext are integers between 0 and n-1 for some n.
 29 01/27/2025

♥ RSA makes use of an expression with exponentials. Plaintext is encrypted in

blocks, with each block having a binary value less than some number n.
♥ Encryption and decryption are of the following form, for some plaintext block M
and ciphertext block C:
EncryptionC = Me mod n
Decryption M = Cd mod n = (Me)d mod n = Medmod n
♥ Both sender and receiver must know the value of n. The sender knows the value of
e, and only the receiver knows the value of d. Thus, this is a public-key encryption
algorithm with a public key of PU={e, n} and a private key of PR={d, n}. For this
algorithm to be satisfactory for public-key encryption, the following requirements
must be met.
1. It is possible to find values of e, d, n such that Med = M mod n for all M < n.3/2/2018
2. It is relatively easy to calculate Me and Cd for all values of M < n.
3. It is infeasible to determine d given e and n.
 30 01/27/2025

The following figure summarizes RSA algorithm

Private key
3/2/2018
 31 01/27/2025

♥ The RSA algorithm depends upon the computational difficulty inherent in

factoring large prime numbers. Each user of the cryptosystem generates a pair of
public and private keys using the algorithm described in the following steps:
 Begin by selecting two prime numbers, p and q, and calculating their product n,
which is the modulus for encryption and decryption.
 Next, we need the quantity φ(n) referred to as the Euler totient of n, which is the
number of positive integers less than n and relatively prime to n.
 Then select an integer e that is relatively prime to φ(n) (i.e., the greatest common
divisor of e and φ(n) is 1].
 Finally, calculate d as the multiplicative inverse of e, modulo φ(n).
• It can be shown that d and e have the desired properties.
• Suppose that user A has published its public key and that user B wishes to send the
message M to A.
• Then B calculates C = Me (mod n) and transmits C.
• On receipt of this ciphertext, user A decrypts by calculating 3/2/2018
M = Cd
(mod n).
 32 01/27/2025

♥ Alice generates a public/private key pair; Bob encrypts using Alice’s public key; and
Alice decrypts using her private key.
♥ An example is shown in the following Figure. For this example, the keys were generated
as follows.
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq =17×11 = 187.
3. Calculate φ(n)=(p-1)(q-1) = 16×10 = 160.
4. Select e such that e is relatively prime to φ (n) = 160 and less than φ (n);
we choose e = 7.
5. Determine d such that de ≡ 1 (mod 160) and d< [Link] correct value is
d=23, because 23×7 = 161 = (1×160) + 1;
♥ The resulting keys are public key PU={7, 187} and private key PR={23, 187}.

♥ The example shows the use of these keys for a plaintext input of M=88.
♥ For encryption, we need to calculate C=88 7mod 187. Exploiting the 3/2/2018
properties of
modular arithmetic, we can do this as follows.
 33 01/27/2025

887 mod 187 = [(884mod 187) × (882mod 187) × (881mod 187)] mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187= 59,969,536 mod 187 = 132
887 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11
For decryption, we calculate M = 1123 mod 187:
1123 mod 187 = [(111mod 187) × (112mod 187) × (114mod
187) × (118mod 187) × (118mod 187)] mod 187
111 mod 187 = 11
112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 79,720,245 mod
3/2/2018
187
= 88
 34 01/27/2025

♥ The integers e and d in RSA key generation are called the encryption exponent
and the decryption exponent, respectively, while n is called the modulus.
♥ Another example : Alice creates a pair of keys for herself. She chooses p = 397
and q = 401. She calculates n = 397×401 = 159197. She then calculates φ(n) =
396 × 400 = 158400. She then chooses e = 343 and d = 12007. Bob wants to send
the message “NO”. Show how he can send the message if each character is coded
as two digits (from 00 to 25).
♥ Solution: N = 13, O = 14. Bob then concatenates the two coded characters and
gets a four-digit number. The plaintext is, so, 1314. Bob then uses e and n to
encrypt the message. The ciphertext is 1314343mod 159197 = 33677.
♥ Alice receives the message 33677 and uses the decryption key d to decipher
3/2/2018
is as
3367712007 mod 159197 = 1314. Alice then decodes 1314 as the message “NO”.
 35 01/27/2025

 Another example where plain text not recovered

1. Take two prime numbers, p = 17 and q = 11.
2. Then n = 187, e = 7 and d = 23
2. Let M = 189
3. We get C=1897mod 187 = 128 (encryption)
4. M = 12823mod 187 = 2 (decryption)

Note that retrieved M (2) is different from actual M (189).

The problem is because M is not < n.

3/2/2018
 36 01/27/2025

Reading Assignment
Digital Signature
Using Public Key
Using Message Digest
MD4family
SHA family
RIPEMD

3/2/2018
 37

Thank you