Unit 2_Public Key Cryptograohy_RSA_Example.pdf

Cryptography and Cyber Security
[IT311]
Sanjivani Rural Education Society’s
Sanjivani College of Engineering, Kopargaon-423603
(An Autonomous Institute Affiliated to Savitribai Phule Pune University, Pune)
NAAC ‘A’ Grade Accredited, ISO 9001:2015 Certified
Department of Information Technology
(NBAAccredited)
Mrs. Kanchan D. Patil
Assistant Professor

Unit 2: Cryptography
• Symmetric Key Algorithms: Data Encryption standards, Advanced
Encryption Standard, Linear Cryptanalysis and Differential Cryptanalysis,
Public Key Algorithms: RSA, Key Generation and Usage, Diffie-Hellman
Key Exchange Algorithm.
Cryptography & Cyber Security Mrs. Kanchan Patil Department of Information Technology

Private Key Cryptography
• So far all the cryptosystems discussed, from earliest history to modern
times, have been private/secret/single key (symmetric) systems.
• All classical, and modern block and stream ciphers are of this form, and
still rely on the fundamental building blocks of substitution and
permutation (transposition).
• Traditional private/secret/single key cryptography uses one key
• It is shared by both sender and receiver
• If this key is disclosed communications are compromised
• Also is symmetric, parties are equal
• Hence does not protect sender from receiver forging a message &
claiming is sent by sender

Public Key Cryptography
• Two keys are used.
• The development of public-key cryptography is the greatest and perhaps the
only true revolution in the entire history of cryptography.
• It is asymmetric, involving the use of two separate keys
• Anyone knowing the public key can encrypt messages or verify signatures,
but cannot decrypt messages or create signatures, counter-intuitive though
this may seem.
• It works by the clever use of number theory problems that are easy one way
but hard the other.
• Public key schemes are neither more nor less secure than private key
(security depends on the key size for both), nor do they replace private key
schemes (they are too slow to do so), rather they complement them.

Why Public Key Cryptography?
• The concept of public-key cryptography evolved from an attempt to
attack two of the most difficult problems associated with symmetric
encryption:
• Key distribution: how to have secure communications in general
without having to trust a KDC with your key
• Digital signatures: how to verify a message comes intact from the
claimed sender

• Public-Key Cryptography uses two related keys but with very different
roles and abilities.
• A public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
• A private-key, known only to the recipient, used to decrypt messages,
and sign (create) signatures
• It is asymmetric because those who encrypt messages or verify
signatures cannot decrypt messages or create signatures

• “Public-Key Cryptography”,
shows that a public-key
encryption scheme has six
ingredients:
• Plaintext
• encryption algorithm
• public keys
• private keys
• Ciphertext
• decryption algorithm.

• Plaintext: This is the readable message or data that is fed into the
algorithm as input.
• Encryption algorithm: The encryption algorithm performs various
transformations on the plaintext.
• Public & Private keys: This is a pair of keys that have been selected so
that if one is used for encryption, the other is used for decryption.The
exact transformations performed by the algorithm depend on the public
or private key that is provided as input.

• Ciphertext: This is the scrambled message produced as output. It
depends on the plaintext and the key.
• For a given message, two different keys will produce two different
ciphertexts.
• Decryption algorithm: This algorithm accepts the ciphertext and the
matching key and produces the original plaintext

Public Key Cryptography: Essential Steps
• Each user generates a pair of keys to be used for the encryption and
decryption of messages.
• Each user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept private.
Each user maintains a collection of public keys obtained from others.
• If Bob wishes to send a confidential message to Alice, Bob encrypts the
message using Alice’s public key.
• When Alice receives the message, she decrypts it using her private key.
No other recipient can decrypt the message because only Alice knows
Alice’s private key.

Public Key Characteristics
• Asymmetric algorithms rely on one key for encryption and a different
but related key for decryption.
• These algorithms have the following important characteristic:
• It is computationally infeasible to determine the decryption key
given only knowledge of the cryptographic algorithm and the
encryption key.
• That is public key schemes utilise problems that are easy (P type) one
way but hard (NP type) the other way.
• Eg. exponentiation vs logs, multiplication vs factoring.
• In addition, some algorithms, such as RSA, are also able to use
either key as public & other private.

Public Key Cryptosystems (Confedentiality)

Public Key Cryptosystems

Public Key Cryptosystems
• There is some source A that produces a message in plaintext,
X = [X1, X2, ...,XM]
• The M elements of X are letters in some finite alphabet.
• The message is intended for destination B.
• B generates a related pair of keys: a public key, PUb, and a private key, PRb.
• PRb is known only to B, whereas PUb is publicly available and therefore
accessible by A.
• With the message X and the encryption key PUb as input, A forms the
ciphertext, Y = [Y1, Y2, ..., YN]
• So, Y = E(PUb, X)
• The intended receiver, in possession of the matching private key, is able to
invert the transformation: X = D(PRb, Y)

Public Key Applications
• we can classify the use of public-key cryptosystems into the three
categories:
• Encryption/decryption (provide secrecy): The sender encrypts a message
with the recipient’s public key.
• Digital signature (provide authentication): The sender “signs” a message
with its private key, either to the whole message or to a small block of data
that is a function of the message.
• Key exchange (of session keys): Two sides cooperate to exchange a session
key. Several different approaches are possible, involving the private key(s)
of one or both parties.

RSA
• It was first published by Rivest, Shamir & Adleman of MIT in 1978.
• The Rivest-Shamir-Adleman (RSA) has reigned supreme as the most widely
accepted and implemented general-purpose approach to public-key
encryption.
• It is based on exponentiation in a finite (Galois) field over integers modulo a
prime, using large integers (eg. 1024 bits).
• Its security is due to the cost of factoring large numbers.
• The RSA scheme is a block cipher in which the plaintext and ciphertext are
integers between 0 and n - 1 for some n.
• A typical size for n is 1024 bits, or 309 decimal digits.
• That is, n is less than 2^1024.

RSA
• RSA makes use of an expression with exponentials.
• Plaintext is encrypted in blocks, with each block having a binary value less
than some number n.
• That is, the block size must be less than or equal to log2(n) + 1
• Usually, the block size is i bits, where
• Encryption and decryption are of the following form, for some plaintext
block M and ciphertext block C.

RSA
• Both sender and receiver must know the value of n.
• The sender knows the value of e, and only the receiver knows the value of
d.
• It is a public-key encryption algorithm with a public key of PU = {e, n} and a
private key of PR = {d, n}.
• For this algorithm to be satisfactory for public-key encryption, the
following requirements must be met.
• It is possible to find values of e, d, n such that M^ed mod n = M,
for all M < n.
• It is relatively easy to calculate M^e mod n and C^d mod n for all values
of M < n.
• It is infeasible to determine d given e and n.

RSA
• Let us focus on first equation, for all M < n.
• The preceding relationship holds if e and d are multiplicative inverses
modulo φ(n), where φ(n) is the Euler Totient function.
• That is, for p, q prime, φ (pq) = (p - 1)(q - 1).
• The relationship between e and d can be expressed as
• Above statements are true considering, gcd(Ø(n), d) = 1.

RSA
• Finally, we get RSA Schema
• The private key consists of {d, n} and the public key consists of {e, n}.
• Suppose that user A has published its public key and that user B wishes to
send the message M to A.
• Then B calculates C = M^e mod n and transmits C.
• On receipt of this ciphertext, user A decrypts by calculating M = C^d mod n.

RSA Summary

RSA Example 1
• Select two prime numbers where p is not equal to q: p = 13 & q = 11
• Compute n = p * q = 13 * 11 = 143
• Compute ø(n) = (13–1)(11-1) = 12 x 10 = 120
• Select e such that e is relatively prime to ø(n) and less than ø(n), That is,
gcd(e, ø(n) )=1 and 1< e < ø(n)
So, select e = 13 , gcd(13,120) = 1 and 1< 13 < 120
• Calculate d = e^-1 mod ø(n) or ed = 1 mod ø(n) or ed mod ø(n) = 1
• Method 1: ed mod ø(n) = 1
13 * d mod 120 = 1…………13*d = 121…….1 (121/13=d) = 9.30
13*d = 241…….1 (241/13=d) = 18.53
13*d = 361…….1 (361/13=d) = 27.76
13*d = 481…….1 (481/13=d) = 37 ….stop

RSA Example 1
• Calculate d = e^-1 mod ø(n) or ed = 1 mod ø(n)
the above equation can be represented as d = ((ø(n) * i) +1) / e
where, i= 1,2,3… ø(n)
For i = 1, d = (120*1+1)/13 = 122/13 = 9.30
For i = 2, d = (120*2+1)/13 = 241/13 = 18.53
For i = 3, d = (120*3+1)/13 = 361/13 = 27.76
For i = 4, d = (120*4+1)/13 = 481/13 = 37 ………….complete integer value, stop
• Public key = (e, n) = (13,143)
• Private key = (d, n) = (37, 143)
• Calculate, C = M^e mod n where, M<n
Where, C – Ciphertext, M-plaintext, e-encrytion key, n-block size

RSA Example 1
• Calculate, C = M^e mod n where, M<n
Where, C – Ciphertext, M-plaintext, e-encrytion key, n-block size
• Let’s consider, plain text, M= 13
C = 13^13 mod 143 = 52
[13^4 mod 143 * 13^4 mod 143 * 13^4 mod 143 * 13^1 mod 143] mod143
13^4 mod 143 = 28561 mod 143 = 104
13^1 mod 143 = 13
13^13 mod 143 = 104 * 104 * 104 * 13 mod 143 = 14,623,232 mod 143 = 52
• Calculate, M= C^d mod n where, M<n where, d- decryption key
M = 52^37 mod 143 = 13

RSA Example 2
• Select primes: p = 17 & q = 11
• Compute n = pq = 17 x 11 = 187
• Compute ø(n) = (p–1)(q-1) = 16 x 10 = 160
• Select e such that e is relatively prime to ø(n) = 160 and less than ø(n)
• That is, gcd(e,160)=1; so choose e=7
• Determine d such that de = 1 mod 160 and d < 160. The correct value is
d=23 since 23x7=161= 10x160+1
• Publish public key PU={7,187}
• Keep secret private key PR={23,187}

RSA Example 2
• Let us consider M = 88
• So C = 88^7 mod 187
• Exploiting the properties of modular arithmetic, we can do this as follows.

RSA Example 2
• For Decryption, we calculate M = 11^23 mod 187

RSA Example 2

RSA Processing of multiple Blocks

RSA Security
• Possible approaches to attacking RSA are:
• brute force key search (infeasible given size of numbers)
• mathematical attacks (based on difficulty of computing ø(n), by
factoring modulus n)
• timing attacks (on running of decryption)
• chosen ciphertext attacks (given properties of RSA)

RSA Security : brute force key search (infeasible given size of
numbers)
• The defense against the brute-force approach is the same for RSA as for
other cryptosystems, namely, use a large key space.
• Larger the number of bits in d, the better.
• Because the calculations involved both in key generation and in
encryption/decryption are complex, the larger the size of the key, the
slower the system will run.

RSA Security : mathematical attacks (based on difficulty of
computing ø(n), by factoring modulus n)
• mathematical approach takes 3 forms:
• factor n=p.q, hence compute ø(n) and then d
• determine ø(n) directly and compute d
• find d directly
• currently believe all equivalent to factoring
• have seen slow improvements over the years
• as of May-05 best is 200 decimal digits (663) bit with LS (Lattice
Sieve)
• biggest improvement comes from improved algorithm
• QS (Quadratic Sieve) to GHFS (Generalized Number Field Sieve) to LS
(Lattice Sieve)
• currently assume 1024-2048 bit RSA is secure
• ensure p, q of similar size and matching other constraints

RSA Security : timing attacks (on running of decryption)
• Developed by Paul Kocher in mid-1990’s, based on observing how long it
takes to compute the cryptographic operations. T
• This attack is alarming for two reasons:
• It comes from a completely unexpected direction
• It is a ciphertext only attack.
• Although the timing attack is a serious threat, there are simple
countermeasures that can be used
• use constant exponentiation time algorithms
• add random delay
• use blind values in calculations

RSA Security : chosen ciphertext attacks (given properties of
RSA)
• RSA algorithm is vulnerable to a chosen ciphertext attack (CCA)
• CCA is defined as an attack in which adversary chooses a number of
ciphertexts and gets decrypted plaintexts back with the target’s private key
• The adversary exploits properties of RSA and selects blocks of data that,
when processed using the target’s private key, yield information needed for
cryptanalysis.
• Can counter simple attacks with random pad of plaintext.
• More sophisticated variants need to modify the plaintext using a procedure
known as optimal asymmetric encryption padding (OAEP).

References:
• William Stallings, “Cryptography and Network Security-Principles and
practice”

Unit 2_Public Key Cryptograohy_RSA_Example.pdf

More Related Content

What's hot (20)

Similar to Unit 2_Public Key Cryptograohy_RSA_Example.pdf (20)

More from KanchanPatil34 (8)

Recently uploaded (20)

Unit 2_Public Key Cryptograohy_RSA_Example.pdf