Chapter 3

Asymmetric
Encryption
DR. NILESH PATIL

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 1

Principles of Public key
Cryptography
Asymmetric encryption is a form of cryptosystem in which encryption
and decryption are performed using the different keys- one public key
and one private key
Also known as public-key encryption
It uses mathematical functions rather than substitution and
permutation
More secure from cryptanalysis than the symmetric encryption

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 2

Cont…
Asymmetric keys
Two related keys, a public key and a private key, that are used to
perform complementary operations, such as encryption and decryption
or signature generation and signature verification
Public key certificate
A digital document issued and digitally signed by the private key of a
Certification authority that fixes the name of a subscriber to a public
key. The certificate indicates that the subscriber identified in the
certificate has sole control and access to the corresponding private key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 3

Cont…
Public key cryptographic algorithm
A cryptographic algorithm that uses two related keys, a public key and
a private key
Public key infrastructure
A set of policies, processes, server platform, software and workstations
used for the purpose of controlling certificates and public-private key
pairs, including the ability to issue, maintain, and cancel public
certificate

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 4

Public-key cryptosystem
Asymmetric algorithms rely on one key for encryption and a different
but related key for decryption
These algorithms have the following important characteristics
It is computationally infeasible to determine the decryption key given
only knowledge of the cryptographic algorithm and the encryption key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 5

Cont…
Six ingredients:
Plaintext - This is a readable message or data that is fed(served) into
the algorithm as the input
Encryption algorithm - The encryption algorithm performs various
transformations on the plaintext
Public and private keys - this is a pair of keys that have been selected so
that if one is used for encryption, the other is used for decryption. The
exact transformations performed by the algorithm depend on the public
key and the private key that is provided as input

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 6

Cout..
Cipher text - this is the scrambled message produced as output
Decryption algorithm - The algorithm that accepts the cipher text and
matching key and produces the original plain text

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 7

 Encryption with Public Key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 8

 Encryption with Private Key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 9

The essential steps are
1. Each user generates a pair of keys to be used for the encryption
and decryption of messages
2. Each user places one of the two keys in public register or other
accessible file. This is public key. The other key is kept private. Each
user maintains a collection of public keys obtained from others
3. If Bob wishes to send a confidential message to Alice, Bob encrypts
the message using Alice’s public key
4. When Alice receives the message, she decrypts it using her private
key
5. No other recipient can decrypt the message because only Alice
knows her private key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 10

Here, all participants have access to public keys, and private keys are
generated locally by each participant and therefore need never be
distributed
As long as a user’s private key remains protected and secret, incoming
communication is secure
At any time, a system can change its private key and publish the related
public key to replace its old public key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 11

Difference between conventional
encryption and Public-key
encryption

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 12

Applications of Public-key
Cryptosystem
A applications are divided in two broad categories:

Encryption/decryption – The sender encrypts the message with the

receiver’s public key
Digital Signature – The sender “signs” a message with its private key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 13

RSA Algorithm use in Public
key principle
Asymmetric key cryptographic algorithm
Rivest-Shamir-Adleman (RSA) name is given by taking the firstname of its
inventors
It uses prime numbers
This algorithm is based on the fact that it is easy to find and multiply large
prime numbers together, but it is extremely difficult to factor their product
The private and public keys in RSA are based on very large prime numbers
The real challenge in RSA is the selection and generation of the public key
and private key
Lets know how private key and public key are generated and, using them,
how can we perform encryption and decryption

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 14

 RSA Algorithm use in Public
key principle
1. Choose two prime numbers P and Q
2. Calculate N = P * Q
3. Select the public key E (i.e. Encryption key) such that it is not a factor of (P–1)
and (Q–1)
4. Select the private key D (i.e. Decryption key) such that the following equation is
true
(D * E) mod (P–1) * (Q–1) = 1

5. For encryption, calculate the cipher text CT from the plain text PT as follows
CT = PTE mod N

6. Send CT as the cipher text to the receiver

7. For decryption, calculate the plain text PT from the cipher text CT as follows
PT = CTD mod N

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 15

Example of RSA
1. Choose two large prime numbers P and Q
◦ Let P= 7, Q=17

2. Calculate N = P * Q
◦ N= 7 * 17= 119

3. Select the public key E such that it is not a factor of (P-1) * (Q-1)
◦ Lets find (7-1) * (17-1)= 6*16= 96
◦ The factors of 96 are 2,2,2,2,2 and 3 ( because 96 = 2*2*2*2*2*3)
◦ Thus we have to choose E such that none of the factors of E is 2 and 3
◦ Lets choose E as 5

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 16

4. Select the private key D such that the following equation is true
(D * E) mod (P–1) * (Q–1) = 1
◦ Lets substitute the values of E, P and Q in the equation
◦ We have (D * 5) mod (7-1) * (17-1) = 1
◦ i.e. (D * 5) mod (6) * (16) = 1
◦ i.e. (D * 5) mod (96) = 1
◦ After some calculations, let us take D=77
◦ So that (77 * 5) mod (96) = 385 mod 96 = 1

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 17

5. For encryption, calculate the cipher text CT from the plain text PT
as follows
CT = PTE mod N
◦ Lets assume that plaintext PT = 10
◦ Then, CT = 105 mod 119 = 100000 mod 119 = 40

6. Send CT as the cipher text to the receiver

◦ Send 40 as the cipher text to the receiver

7. For decryption, calculate the plain text PT from the cipher text CT
as follows
PT = CTD mod N
◦ PT = 4077 mod 119 = 10

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 18

In RSA algorithm if p = 7, q = 11 and e = 13 then what will be the
value of d?

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 19

 In a RSA cryptosystem, a participant A uses two prime
numbers p = 13 and q = 17 to generate her public and
private keys. If the public key of A is 35, then the private
key of A is _______.
Calculate ‘n’ and totient function Ø(n).
Value of n, n = p x q
n = 13 x 17
∴ n = 221
Toilent function,
Ø(n) = (p-1) x (q-1)
Ø(n) = (13-1) x (17-1)
∴ Ø(n) = 192
We are already given the value of e = 35.
Thus, public key = (e , n) = (35 , 221)
Determine ‘d’ such that- Here,
• The least value of ‘k’ which gives the
integer value of ‘d’ is k = 2.
• On substituting k = 2, we get d = 11.
• Thus, private key of participant A = (d , n)
= (11, 221).

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 20

 In an RSA cryptosystem, a participant uses two prime numbers p = 3 and q =
11 to generate his public and private keys. If the private key is 7, then how will
the text COMPUTER be encrypted using the public key?

Given prime numbers, p =3, q = 11 Plain text = COMPUTER

n= 3 x 11 =33 Ciphertext = me mod n
Ø(n) = (3-1) × (11-1) = 2 x 10 =20
Ciphertext for C = 33 mod 33 = 27
greatest common divisor (20, d) =1
d = Private Key = 7 Ciphertext for O = 153 mod 33 = 9
As per question d =7. Ciphertext for M = 133 mod 33 = 19
(e × d) mod Ø(n) = 1
(e x 7) mod 20 = 1 Ciphertext for P = 163 mod 33 = 4
So, e x 7= 20 x 1+1 Ciphertext for U = 213 mod 33 = 21
e= 21/7= 3 possible.
Ciphertext for T = 203 mod 33 = 14
e = public Key=3 =encrypt key
So n = 33, e = 3, d = 7, Ø(n) = 20 Ciphertext for E = 53 mod 33 = 26
Ciphertext for R = 183 mod 33 = 24.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 21

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 22
2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 23
2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 24
2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 25
Key management

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 26

Key management
One of the major roles of public-key encryption has been to address the
problem of key distribution
There are actually two distinct aspects to the use of public-key
cryptography in this regard:
◦ The distribution of public keys
◦ The use of public-key encryption to distribute secret keys

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 27

Distribution of Public Keys
Schemes for Key distribution:
Public announcement
Publicly available directory
Public-key authority
Public-key certificates

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 28

Public announcement of
Public Keys
The point of public-key encryption is that the public key is public
Thus, if there is some broadly accepted public-key algorithm, such as
RSA, any participant can send his or her public key to any other
participant or broadcast the key to the community at large
Although this approach is convenient, it has a major weakness
Anyone can forge such a public announcement
That is, some user could pretend to be user A and send a public key to
another participant or broadcast such a public key
Until such time as user A discovers the forgery and alerts other
participants, the forger is able to read all encrypted messages intended
for A and can use the forged keys for authentication

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 29

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 30
Publicly Available Directory
A greater degree of security can be achieved by maintaining a publicly
available dynamic directory of public keys
Maintenance and distribution of the public directory would have to be
the responsibility of some trusted entity or organization
Such a scheme would include the following elements:

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 31

1. The authority maintains a directory with a {name, public key} entry
for each participant.
2. Each participant registers a public key with the directory authority.
Registration would have to be in person or by some form of secure
authenticated communication.
3. A participant may replace the existing key with a new one at any
time, either because of the desire to replace a public key that has
already been used for a large amount of data, or because the
corresponding private key has been compromised in some way.
4. Participants could also access the directory electronically. For this
purpose, secure, authenticated communication from the authority
to the participant is mandatory.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 32

This scheme is clearly more secure than individual public
announcements but still has vulnerabilities
If an adversary succeeds in obtaining or computing the private key of
the directory authority, the adversary could authoritatively pass out
counterfeit public keys and subsequently impersonate any participant
and eavesdrop on messages sent to any participant

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 33

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 34
Public-Key Authority
Stronger security for public-key distribution can be achieved by
providing tighter control over the distribution of public keys from the
directory
As before, the scenario assumes that a central authority maintains a
dynamic directory of public keys of all participants
Each participant reliably knows a public key for the authority, with only
the authority knowing the corresponding private key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 35

 The following steps occur:
1. A sends a timestamped message to the public-key authority containing
a request for the current public key of B.
2. The authority responds with a message that is encrypted using the
authority's private key, PRauth Thus, A is able to decrypt the message
using the authority's public key. Therefore, A is assured that the
message originated with the authority. The message includes the
following:
1. B's public key, PUb which A can use to encrypt messages destined for B
2. The original request, to enable A to match this response with the
corresponding earlier request and to verify that the original request was not
altered before reception by the authority
3. The original timestamp, so A can determine that this is not an old message
from the authority containing a key other than B's current public key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 36

3. A stores B's public key and also uses it to encrypt a message to B
containing an identifier of A (IDA) and a nonce (N1), which is used to
identify this transaction uniquely.
4, 5.B retrieves A's public key from the authority in the same manner as A
retrieved B's public key
6. B sends a message to A encrypted with PUa and containing A's nonce
(N1) as well as a new nonce generated by B (N2) because only B could
have decrypted message (3), the presence of N1 in message (6)
assures A that the correspondent is B.
7. A returns N2, encrypted using B's public key, to assure B that its
correspondent is A.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 37

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 38
Public-Key Certificates
The public-key authority could be somewhat of a bottleneck in the
system, for a user must appeal to the authority for a public key for every
other user that it wishes to contact
The directory of names and public keys maintained by the authority is
vulnerable to tampering.
An alternative approach is to use certificates that can be used by
participants to exchange keys without contacting a public-key authority
A certificate consists of a public key plus an identifier of the key owner,
with the whole block signed by a trusted third party
The third party is a certificate authority, such as a government agency
or a financial institution, that is trusted by the user community

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 39

A user can present his or her public key to the authority in a secure
manner, and obtain a certificate And then can publish the certificate
Anyone needed this user's public key can obtain the certificate and
verify that it is valid by way of the attached trusted signature
A participant can also convey its key information to another by
transmitting its certificate. Other participants can verify that the
certificate was created by the authority

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 40

We can place the following requirements on this scheme:
1. Any participant can read a certificate to determine the name and
public key of the certificate's owner.
2. Any participant can verify that the certificate originated from the
certificate authority and is not counterfeit.
3. Only the certificate authority can create and update certificates.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 41

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 42
Distribution of Secret Keys
Using Public-Key Cryptography
Simple Secret Key Distribution
Secret Key Distribution with Confidentiality and Authentication
A Hybrid Scheme

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 43

Simple Secret Key Distribution
If A wishes to communicate with B, the following procedure is
employed:
1. A generates a public/private key pair {PUa, PRa} and transmits a
message to B consisting of PUa and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A, encrypted with
A's public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because
only A can decrypt the message, only A and B will know the identity
of Ks.
4. A discards PUa and PRa and B discards PUa.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 44

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 45
A and B can now securely communicate using conventional encryption
and the session key Ks
At the completion of the exchange, both A and B discard Ks.
Despite its simplicity, this is an attractive protocol. No keys exist before
the start of the communication and none exist after the completion of
communication.
The risk of compromise of the keys is minimal

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 46

The protocol depicted in Figure is insecure against an adversary who can
intercept messages and then either relay the intercepted message or
substitute another message
Such an attack is known as a man-in-the-middle attack
In this case, If an adversary, E, has control of the intervening
communication channel, then E can compromise the communication in
the following fashion without being detected:

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 47

1. A generates a public/private key pair {PUa, PRa} and transmits a
message intended for B consisting ofP Ua and an identifier of A,
IDA.
2. E intercepts the message, creates its own public/private key pair
{PUe, PRe} and transmits PUe||IDA to B.
3. B generates a secret key, Ks, and transmits E(PUe, Ks).
4. E intercepts the message, and learns Ks by computing D(PRe, E(PUe,
Ks)).
5. E transmits E(PUa, Ks) to A.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 48

 Secret Key Distribution with
Confidentiality and Authentication
It provides protection against both active and passive attacks
It is assumed that A and B have exchanged public keys by one of the schemes
1. A uses B's public key to encrypt a message to B containing an identifier of A
(IDA) and a nonce (N1), which is used to identify this transaction uniquely.
2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as
well as a new nonce generated by B (N2) Because only B could have decrypted
message (1), the presence of N1 in message (2) assures A that the
correspondent is B.
3. A returns N2 encrypted using B's public key, to assure B that its correspondent is
A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of
this message with B's public key ensures that only B can read it; encryption with
A's private key ensures that only A could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 49

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 50
A Hybrid Scheme
This scheme retains the use of a key distribution center (KDC) that
shares a secret master key with each user and distributes secret session
keys encrypted with the master key
A public key scheme is used to distribute the master keys
The following rationale is provided for using this three-level approach:

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 51

Performance:
There are many applications, especially transaction-oriented
applications, in which the session keys change frequently.
Distribution of session keys by public-key encryption could degrade
overall system performance because of the relatively high
computational load of public-key encryption and decryption. With a
three-level hierarchy, public-key encryption is used only occasionally to
update the master key between a user and the KDC.
Backward compatibility:
The hybrid scheme is easily overlaid on an existing KDC scheme, with
minimal disruption or software changes.

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 52

The addition of a public-key layer provides a secure, efficient means of
distributing master keys
This is an advantage in a configuration in which a single KDC serves a
widely distributed set of users

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 53

Diffie-Hellman key exchange
Algorithm
The two parties, who want to communicate securely, can agree on a
symmetric key using this technique
It can then can be used for encryption and decryption
This algorithm can be used only for key agreement, but not for
encryption and decryption
Once both parties agree on the key to be used, they need to use other
symmetric encryption algorithms

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 54

Description of algorithm
Lets assume that Alice and Bob want to agree upon a key to be used for
encrypting/decrypting messages that would be exchanged between
them
Then the Diffie-Hellman algorithm works as follows:
1. Firstly, Alice and Bob agree on two large prime numbers, n and g.
these two integers need not be kept secret. Alice and Bob can use
insecure channel to agree on them
2. Alice chooses another large random number x, and calculates A
such that
A = gx mod n

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 55

3. Alice sends the number A to Bob
4. Bob independently chooses another large random integer y and the
n calculates B such that
B = gy mod n
5. Bob sends the number B to Alice
6. A now computes the secret key K1
K1 = Bx mod n
7. B now computes the secret key K2
K2 = Ay mod n

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 56

 The common secret key is : 3

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 57

Example
1. Let n=11, g=7
2. Let x=3. then, we have A=73 mod 11=343 mod 11 =2
3. Alice sends 2 to Bob
4. Let y=6. then we have, B=76 mod 11=117649 mod 11 =4
5. Bob sends the 4 to Alice
6. We have, K1=43 mod 11= 64 mod 11 = 9
7. We have K2 = 26 mod 11=64 mod 11 = 9

The common secret key is : 9

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 58

 The common secret key is : 1

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 59

 The common secret key is : 160

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 60

 The common secret key is : 2

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 61

 The common secret key is : 5

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 62

Elliptic Curve
Cryptography(ECC)
An elliptic curve (EC) is a smooth, projective algebraic curve on which there
is a specified point O
The main difference between RSA and ECC is that unlike RSA, ECC offers the
same level of security for smaller key sizes
ECC requires much smaller keys than those used in conventional public key
cryptosystem, while maintaining the same level of security
The use of elliptic cures therefore allows faster encryption and decryption
ECC is highly mathematical in nature
An Elliptic Curve is similar to a normal curve draw as a graph on x-axes and
y-axes and has points
Each point can be designated by an (x , y) coordinate

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 63

This is how elliptic curve public key cryptography works
For Alice and Bob to communicate securely over an unsecure network
they can exchange a private key over this network in the following way:
A particular rationale base point P is published in a public domain for
use with a particular elliptic curve E also published in a public domain
Alice and Bob choose random integers Ka and Kb respectively, which
they use as private key

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 64

Alice computes Ka * P, Bob computes Kb * P and they exchange these
values over the network
Using the information they received from each other and their private
keys, both Alice and Bob compute (Ka * Kb)*P = Ka * (Kb * P) =Kb * (Ka *
P)
This value is then the shared secret that only Alice and Bob possess.
The private keys Ka and Kb and the shared secrety (Ka * Kb)*P are
difficult to compute given Ka * P and Kb * P
Thus Alice and Bob do not compromise their private keys or their
shared secret in exchange

2/25/2025 DR. NILESH PATIL, DJSCE, MUMBAI 65