Blowfish was designed in 1993 by Bruce Schneier as

a fast, free alternative to existing encryption

algorithms.
Characteristics
Fast: Implementation on 32-bit CPUs, 18 clock
cycles per byte.
Compact: can run in less than 5KB
Simple: simple structure easy to implement
Variable security: The key length is variable and
can be as long as 448-bits. This allows tradeoff
between higher speed and higher security.
It encrypts 64-bit blocks of plaintext into 64-bit
blocks of ciphertext.
So far, the security of Blowfish is unchanllenged.
Blowfish algorithm
Blowfish algorithm
Blowfish is a variable-length key that ranges from 32 bits to
448 bits. i.e one to fourteen 32-bit word
64-bit block cipher.
The algorithm consists of two parts:
a key-expansion part and
a data- encryption part.
Key expansion converts a key of at most 448 bits into several
subkey arrays totaling 4168 bytes. i.e eighteen 32-bit subkeys
+ four 8x32-bit s boxes = 4168.
Data encryption occurs via a 16-round Feistel network.
Each round consists of a key dependent permutation, and
a key- and data-dependent substitution.
All operations are XORs and additions on 32-bit words.
The only additional operations are four indexed array data
lookups per round.
Blowfish algorithm
Blowfish algorithm
Subkeys and S-box generation
Blowfish uses a large number of subkeys.
These keys must be precomputed before any data
encryption or decryption.
The keys are stored in an K-array

1
,
2
, , , , , , ,

1 14
The P-array consists of eighteen 32-bit subkeys:

1
,
2
, , , , , , ,
18
There are four 32-bit S-boxes with 256 entries each:
S
1,0
, S
1,1
,..., S
1,255
S
2,0
, S
2,1
,..,, S
2,255
S
3,0
, S
3,1
,..., S
3,255
S
4,0
, S
4,1
,..,, S
4,255
Blowfish algorithm
Generating the Subkeys and S-box
The subkeys are calculated using the Blowfish algorithm:
1. Initialize first the P-array and then the four S-boxes, in
order, with a fixed string. This string consists of the
hexadecimal digits of pi (less the initial 3):
P
1
= 0x243f6a88,
P
2
= 0x85a308d3,
P
3
= 0x13198a2e,
P
4
= 0x03707344, etc.
2. XOR P
1
with the key K
1
, XOR P
2
with K
2
, and so on for all
bits of the key (possibly up to P
14
). Repeatedly cycle
through the key bits until the entire P-array has been
XORed with key bits.
Blowfish algorithm
3. Encrypt all-zero string with the Blowfish algorithm,
using the subkeys described in steps (1) and (2).
4. Replace P
1
and P
2
with the output of step (3).
5. Encrypt the output of step (3) using the Blowfish
algorithm with the modified subkeys.
6. Replace P
3
and P
4
with the output of step (5).
7. Continue the process, replacing all entries of the P
array, and then all four S-boxes in order, with the
output of the continuously changing Blowfish
algorithm.
In total, 521 iterations are required to generate all
required subkeys(i.e. 9 rounds for P
1
-P
18
and 512 rounds
for S
1
-S
4
).
Blowfish algorithm
Blowfish Encryption and Decryption
Uses two primitives: Addition & XOR
Data is divided into two 32-bit halves LE
0
& RE
0
for i = 1 to 16 do
RE
i
= LE
i-1
XOR P
i
;
LE
i
= F[RE
i
] XOR RE
i-1
;
LE
17
= RE
16
XOR P
18
;
RE
17
= LE
16
XOR i
17
;
where
Break 32-bit RE
i
into (a,b,c,d)
Then F[RE
i
]=F[a,b,c,d]
F[a,b,c,d] = ((S
1,a
+ S
2,b
) XOR S
3,c
) + S
4,d
Blowfish algorithm
Highlights of Blowfish algorithm:
Provided key is large enough, brute-force key search
is not practical, especially given the high key
schedule cost
Key dependent S-boxes and subkeys make analysis
very difficult
Changing both halves in each round increases
security
Some study shows improved avalanche effects
Blowfish algorithm
RC5 algorithm
Suitable for hardware or software
Uses only primitive computational operations commonly
found on micriprocessors
Fast: the basic operations work on full words of data at a time.
Adaptable to processors of different word-lengths
Variable number of rounds:
Allows tradeoff between speed and security
Variable key length:
Again allows tradeoff between speed and security
Simple:
simple structure is easy to implement
Low memory requirements
High security
Data dependent rotations
RC5 algorithm
RC5 Parameters
RC5 is a family of ciphers RC5-w/r/b
Nominal/Standard version is RC5-32/12/16
i.e 32-bit words, so encrypts 64-bit data blocks
using 12 rounds
with 16 bytes (128-bit) secret key
Parameter Definition
Allowable
Values
w Word size in bits RC-5 encrypts 2-word blocks 16, 32, 64
r Number of rounds 0, 1, 2,,,,,,, 255
b Number of 8-bit bytes in the secret key K 0, 1, 2,,,,,, 255
RC5 algorithm
RC5 Key Expansion:
RC5 performs a complex set of operations on the
secrte key to produce a total of t subkeys.
Two subkeys for each round and two subkeys are
used on an additional operations that is not part of
any round, so
t = 2r+2
Each subkey is one word in length(w-bits)
RC5 algorithm
Subkeys are stored in a t word array S[0], S[1],.. S[t-1]
Using parameters r, w this array is initialized to a fixed
pseudorandom bit pattern.
Then b-byte key K[0], K[1], ,,,,,, K[b-1] is converted into a c-word
array L[0], L[1],. L[c-1]
RC5 algorithm
W 16 32 64
P
w
B7E1 B7E15162 B7E151628AED2A6B
Q
w
9E37 9E3779B9 9E3779B97F4A7C15
The initialize operations makes use of magic constants
defined as follows:

= [ 2 2

= [ 1 2

]
Where:
e= 2.718281828459 (base of natural logarithms)
=1.618033988749 . Golden ratio =
(1+ 5)
2
Table gives the constants in hexadecimal for the allowable w
S array initialization:
S[0] = P
w
for i = 1 to t-1 do
S[i] = S[i-1] + Q
w
Copy key bits directly to the memory positions
represented by L.
t = 2 r + 2
c =
b
w/8
RC5 algorithm
RC5 algorithm
Mixing:
Initialized array S is then mixed with the key array L to
produce a final array S of subkeys.
= = = = 0
3 max , :
= + + <<<3; = ; = +1 ;
L = + + <<<( + ); = ; = +1 ;
Where
<<< is a left cyclic rotation of word
RC5 Encryption and Decryption algorithm
RC5 uses three primitive operations:
Addition: Addition of words, denoted by +, is
performed modulo 2
w
. The inverse operation,
denoted by -, is substraction modulo 2
w
Bitwise XOR
Left circular rotation:
cyclic rotation of word x left by y bits
i.e x <<< y
cyclic rotation of word x right by y bits
i.e x >>> y
RC5 Encryption and Decryption algorithm
RC5 Encryption and Decryption algorithm
Encryption:
Plaintext is in two w-bits registers A and B
Variable LE
i
and RE
i
refer to the left and right half of
the data after i round is completed.
The following pseudocode define the algorithm:
LE
0
= A + S[0];
RE
0
= B + S[1];
for i = 1 to r do
LE
i
= ( (LE
i-1
RE
i-1
) <<< RE
i-1
) + S[2xi];
RE
i
= ( (RE
i-1
LE
i
) <<< LE
i
) + S[2xi+1];
Encryption:
Note that figure is not a classic Feistel structure.
Each round consists of
a substitution using both word of data,
a permutation using both word of data,
a substitution depends on the key.
Note the exceptional simplicity of the operation,
which can be defined in five lines of code.
Also note that both halves of the data are updated in
each round.
Thus, one round of RC5 is somewhat equivalent to
two rounds of DES.
RC5 Encryption and Decryption algorithm
RC5 Encryption and Decryption algorithm
Decryption:
2W bits of ciphertexts are assigned to the variables
LD
r
and RD
r
Variable LD
i
and RD
i
refer to the left and right half of
the data before round i has begun, where the
rounds are numbered from r down to 1.
The following pseudocode define the algorithm:
for i = 1 to r do
RD
i-1
= ( (RD
i
- S[2xi+1] >>> LD
i
) LD
i
);
LD
i-1
= ( (LD
i
- S[2xi] >>>RD
i-1
) RD
i-1
) ;
B= RD
0
- S[1];
A = LD
0
- S[0];
RC5 Modes
To enhance the effectiveness of RC5 in interoperable
implementations, RFC 2040 [BALD96] defines four different
modes of operation:
1. RC5 block cipher
2. RC5-CBC
3. RC5-CBC-Pad
4. RC5-CTS
CBC-Pad: This is a CBC style of algorithm that handles
plaintext of any length. The ciphertext will be longer than the
plaintext by at most the size of a single RC5 block.
CTS (CipherText Stealing Mode): This mode handles plaintext
of any length and produces ciphertext of equal length.
RC5-CBC-Pad
Message are not a multiple of the block length.
The simplest approach is to use padding.
In RC5, it is assumed that the message is an integer
number of bytes.
At the end of the message, from 1 to bb bytes of
padding are added,
where bb equals the block size for RC5 measured in
bytes.( bb = 2w / 8 )
The pad bytes are all the same and are set to a byte
that represents the number of bytes of padding.
RC5 Modes
RC5-CTS (Ciphertext Stealing Mode)
The ciphertext must be the same length as the original plaintext.
Assume that the last block of plaintext is only L bytes long,
where L < 2w / 8.
The encryption sequence is as follows:
1. Encrypt the first (N-2) blocks using the traditional CBC
technique.
2. Exclusive-OR P
N-1
with the previous ciphertext block C
N-2
to create Y
N-1
.
3. Encrypt Y
N-1
to create E
N-1
.
4. Select the first L bytes of E
N-1
to create C
N
.
5. Pad P
N
with zeros at the end and exclusive-OR with E
N-1
to
create Y
N
.
6. Encrypt Y
N
to create C
N-1
.
Block Cipher Characteristics
RC5 Modes
Block Cipher Characteristics
Features seen in modern block ciphers are:
variable key length / block size / number of
rounds
mixed operators, data/key dependent rotation
key dependent S-boxes
more complex key scheduling
operation of full data in each round
varying non-linear functions
Stream Cipher
Process the message bit by bit (as a stream)
Typically have a (pseudo) randomstreamkey
Combined (XOR) with plaintext bit by bit
Randomness of stream key completely destroys any
statistically properties in the message.
C
i
= M
i
XOR StreamKey
i
What could be simpler!!!!
But must never reuse stream key
Stream Cipher
For example,
next key stream byte: 01101100
next plaintext byte : 11001100
ciphertext byte = 10100000
Decryption requires the use of the
same pseudorandom sequence:
Ciphertext : 10100000
key stream : 01101100
plaintext : 11001100
Stream Cipher
some design considerations are:
long period with no repetitions
statistically random
depends on large enough key
large linear complexity
correlation immunity
confusion
diffusion
use of highly non-linear boolean functions
RC4 Algorithm
RC4 was designed by Ron Rivest in 1987 for RSA
Security.
It is based on the use of a random permutation.
It is used in SSL/TLS ( Secure sockets Layer/ Transport
Layer Security) i.e communications between Web
browsers and servers.
It is also used in WEP (Wired Equivalent Privacy)
protocol that is part of the IEEE 802.11 wireless LAN
standard.
RC4 was kept as a trade secret by RSA Security.
In September 1994, the RC4 algorithm was
anonymously posted on the Internet on the
Cypherpunks anonymous remailers list.
RC4 Algorithm
Initialization of S:
First, the elements of S are set equal to the
numbers: 0..255
S[0]=0, S[1]=1, . S[255]=255;
Create a temporary vector T and if the key K is 256
bytes, then copy the K to T
If the key length (keylen) is less than 256 bytes, first
copy the keylen bytes to T from K and then K is
repeated as many times as necessary to fill out T.
/* Initialization */
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];
RC4 Algorithm
Next, use T to produce the initial permutation of S.
This involves starting with S[0] and going through to
S[255]
For each S[i], swapping S[i] with another byte in S
according to scheme dictated by T:
/*Initial permutation of S*/
j=0;
for i=0 to 255 do
j = ( j + S[i] + T[i] ) mod 256;
swap( S[i], S[j] );
Only operation on S is a swap, the only effect is a
permutation. S still contains all the numbers from 0
to 255.
RC4 Algorithm
StreamGeneration
Encryption continues shuffling array values
Sum of shuffled pair selects "stream key" value
XOR with next byte of message to encrypt/decrypt
i = j = 0;
while (i< msglen)
i = ( i + 1 ) ( mod 256 );
j = ( j + S[i] ) ( mod 256 );
swap( S[i], S[j] );
t = ( S[i] + S[j] ) ( mod 256 );
K = S[t];
C
i
= M
i
XOR K;
To decrypt, XOR the value of k with the next byte of
ciphertext.
Public-Key cryptography
Public-Key cryptography was invented in the 1970s by Whitfield Diffie, Martin
Hellman and Ralph Merkle.
Asymmetric encryption is a form of cryptosystem in which encryption and
decryption are performed using the different keysone a public key and one a
private key
Public-key cryptography needs two keys.
One key tells you how to encrypt (or code) a message and this is
"public" so anyone can use it.
The other key allows you to decode (or decrypt) the message. This
decryption code is kept secret (or private) so only the person who
knows the key can decrypt the message.
Asymmetric encryption can be used for confidentiality, authentication, or both.
The most widely used public-key cryptosystem are:
Merkle-Hellman knapsack
Diffie-Hellman key exchange
Arithmetica key exchange
RSA
Rabin cipher
NTRU cipher
ElGamal signature scheme
Knapsack problem
The knapsack problem is an example of a packing problem.
We are given a knapsack with a volume of V units and items
of volume {v
0
, v
2
..v
k-1
} i.e k units.
Is it possible to exactly fill the knapsack using some subset of
the items?
An experienced knapsack packer can fit items in with no
wasted space.
You want to take the biggest load possible, so you want to find
some subset of the k items that exactly fills the knapsack.
In other words, you want to find some subset { 1, 2,
. } such that

= , if such a subset exists.

This is the general knapsack problem.
Knapsack problem
Given a set {

} of k positive integers and an integer V, find a k-bit integer =

(
1

3
. .
0
)
2
(where the

0,1 are the binary digits of n)

such that
=0
1

= , if such an n exists.
Example:
Imagine you had a set of weights {62, 93, 26, 52, 166, 48, 91, 141}
Problem: Find subset that sums to V = 302,
you could use weights {62, 26, 166, 48 = 302}.
represent the weight 302 by the binary code: n = 10101100
Examples:
So, if someone sends you the code 38 this can only have come from the plain
text 01101.
Note that there may be no solution n or many solutions, or there might be a
unique solution, depending on the k-tuple {v
i
} and the integer V.
The General knapsack is NP-complete and is hard to solve
Plain text 10011 11010 01011 00000
Knapsack 1 6 8 15 24 1 6 8 15 24 1 6 8 15 24 1 6 8 15 24
Cipher text 1 + 15 + 24 = 40 1 + 6 + 15 = 22 6 + 15 + 24 = 45 0 = 0
Superincreasing Knapsack problem
An easy knapsack problem is one in which the weights
are in a superincreasing sequence.
A superincreasing sequence is one in which the next
term of the sequence is greater than the sum of all
preceding terms.
For example,
set {1, 2, 4, 9, 20, 38} is superincreasing,
set {1, 2, 3, 9, 10, 24} is not because 10 < 1+2+3+9.
The superincreasing knapsack problem is much, much
easier to solve.
Superincreasing Knapsack problem
Let k-tuple superincreasing sequence be:
{
0
,
1
, . . ,
1
}
Let V be the total weight
K-bit integer = (
1

3
. .
0
)
2
is
found as follows:
for j = k-1 downto 0 do
if V >= v
i
then

= 1 and V = V v
i
else

= 0
If V -

=0
1

0, in which case there is no

solution.
Superincreasing Knapsack problem
Consider knapsack that weighs 23 that has been made
from the weights of the superincreasing series {1, 2, 4,
9, 20, 38}. Find the n.
v
0
=1, v
1
=2, v
2
=4, v
3
=9, v
4
=20, v
5
=38
K=6, V=23
Starting from largest number:
1. v
5
> V then
5
= 0
2. v
4
< V then V = V v
4
= 23 20 = 3
4
= 1
3. v
3
> V then
3
= 0
4. v
2
> V then
2
= 0
5. v
1
< V then V = V v
1
= 3 2 = 1
1
= 1
6. v
0
=1 then V = V v
0
= 1 1 = 0
0
= 1
n=
5

0
= 010011
Knapsack Cryptosystem
Also called the Merkle-Hellman Cryptosystem
When the Knapsack Algorithm is used in public key
cryptography, the idea is to create two different
knapsack problems.
One is easy to solve, the other not.
Using the easy knapsack, the hard knapsack is
derived from it.
The hard knapsack becomes the public key.
The easy knapsack is the private key.
The public key can be used to encrypt messages,
but cannot be used to decrypt messages.
The private key decrypts the messages.
Merkle-Hellman Cryptosystem
Key Genaration
Choose
a superincreasing k-tuple {
0
,
1
, . . ,
1
}
an integer m which is greater than

=0
1

and
an integer a prime to m, such that 0 < a < m.
Compute b
b=a
-1
mod m such that ab 1 mod m
Compute the k-tuple {w
i
} defined by:

Private keys:

, m, a, b
Public key : {w
i
}
Enciphering key = K
E
= { w
0
, w
1
, .., w
k-1
}
Deciphering key = K
D
=(b, m) (along with the
enciphering key, enables one to determine {v
i
}
Merkle-Hellman Encryption/Decryption
Enciphering
Enciphering a k=bit plaintext message P
i.e P = (
1

3
. .
0
)
2
The enciphering key { w
0
, w
1
, .., w
k-1
}
The ciphertext C =

=0
1

and transmit that

character
Deciphering
First find the least positive residue V
i.e V = bC mod m
where b = a
-1
mod m
From the {v
i
}, find the unique solution
P = (
1

3
. .
0
)
2
Merkle-Hellman Cryptosystem
The plaintext message consist of single letters with 5-bit numerical
equivalents from (00000)
2
to (11001)
2
. The secret deciphering key is
the superincreasing 5-tuple (2, 3, 7, 15, 31), m = 61 and a = 17. Find
the ciphertext for the message WHY
Find {w
i
}
{w
i
}= {a v
i
mod m}
{w
i
} = { 17x2 mod 61, 17x3 mod 61, 17x7 mod 61, 17x15 mod 61, 17x31 mod 61}
{w
i
} = { 34, 51, 58, 11, 39}
so that the ciphertext sent will be C=( 148, 143, 50)
Plaintext In Binary(
1

3
. .
0
)
2
C
i
=
=0
1

W (22) 10110 0+51+58+0+39= 148

H (7) 00111 34+51+58+0+0 = 143
Y (24) 11000 0+0+0+11+39 = 50
Merkle-Hellman Cryptosystem
Find the ciphertext for the message {100110101011011} using
superincreasing sequence { 1, 3, 5, 11, 35 } and private keys a = 5
and m=37.
{v
i
} = { 1, 3, 5, 11, 35 }
a = 5 and m = 37
Public key generation:
{w
i
} = av
i
mod m
w
i
= { 5, 15, 25, 18, 27 }
Break the message into k-bit tuple i.e 5-bit tuple
10011 01010 11011
Encoding of M as follows:
M
Ciphertext C
i
=
=0
1

10011 5+15+0+0+27=47
01010 0+15+0+18+0=33
11011 5+15+0+18+27=65
Ciphertext sent will be:
C = ( 47, 33 , 65 )
Merkle-Hellman Cryptosystem
Suppose that plaintext message units are single letters in the
usual 26-letter alphabet with A-Z corresponding to 0-25. You
receive the sequence of ciphertext message units 14, 25, 89, 3,
65, 24, 3, 49, 89, 24, 41, 25, 68, 41, 71. The public key is the
sequence {57, 14, 3, 24, 8} and the secret key is b = 23, m = 61.
a) Decipher the message
b) Use the above public key to send the message
TENFOUR
Given:
W
i
= {57, 14, 3, 24, 8 }
b = 23 and m = 61
a = b
-1
mod m
61 = 2 x23 + 15
23 = 1x 15 + 8 Therefore 1= 8 x 23 3 x 61
15 = 1x 8 + 7 b
-1
= 23
-1
= 8
8 = 1x 7 + 1 a = 8
Merkle-Hellman Cryptosystem

=
1

= { 30, 17, 8, 3, 1}
Cipher text V = bC mod m Plaintext
14 23 x 14 mod 61 = 17 01000 = 8 = I
25 23 x 25 mod 61 = 26 01101 = 13 = N
89 23 x 89 mod 61 = 34 10011 = 19 = T
3 23 x 3 mod 61 = 8 00100 = 4 = E
65 23 x 65 mod 61 = 31
24 23 x 24 mod 61 =
3 23 x 3 mod 61 =
49 23 x 49 mod 61 =
89 23 x 89 mod 61 =
24 23 x 24 mod 61 =
41 23 x 41 mod 61 =
25 23 x 25 mod 61 =
68 23 x 68 mod 61 =
41 23 x 41 mod 61 =
71 23 x 71 mod 61 =
RSA ALGORITHM
The Rivest-Shamir-Adleman (RSA) scheme was
developed in 1977 by Ron Rivest, Adi Shamir, and
Len Adleman at MIT and first published in 1978.
It is a block cipher
The plaintext and ciphertext are integers between 0
and n - 1 for some n.
A typical size for n is 1024 bits, or 309 decimal digits.
That is, n is less than 2
1024
.
Based on the difficulty of factoring large numbers
Factorization so far is unsolvable in polynomial-time
RSA ALGORITHM
Plaintext is encrypted in blocks, with each block
having a binary value less than some number n.
Encryption and decryption are of the following form,
for some plaintext block M and ciphertext block C
=

Both sender and receiver must know the value of n.
The sender knows the value of e, and only the
receiver knows the value of d.
This is a public-key encryption algorithm:
Public key PU = {e, n}
Private key PR = {d, n}.
RSA ALGORITHM
Key Generation:
The designer of an RSA cryptosystem selects at random two
large (about 100 digits) primes p and q
Calculate n = pq
Calculate (n) = (p-1)(q-1)
Select e such that e is relatively prime to (n)
i.e gcd(e, (n))=1; and 1 < e < (n)
For the private key, calculate integer d
i.e. d = e
-1
mod (n)
p, q and d are kept private, (e, n) are the public key
Message is partitioned into blocks, M, such that M< n
Encrypt using the equation:
=

Decrypt using the equation:
=

RSA ALGORITHM
Example:
Select two prime numbers, p = 11 and q = 19.
Calculate n = pq = 11 19 = 209.
Calculate (n) = (p - 1)(q - 1) = 10 18 = 180.
Select e such that e is relatively prime to (n)) i.e 1 < e < 180
Choose e =1 7.
Determine d = e
-1
mod (n) using the extended Euclids algorithm
i.e d = 17
-1
mod 180
d = 53
If M = 5, then
=

= 5
17
209
C = 80 mod 209
To decrypt C = 80 , we calculate
=

= 80
53
209
C = 5 mod 209
RSA ALGORITHM
In an RSA system, the public key is { 97, 2077 }, in which
alphabets A-Z have numerical equivalents 0 25. Perform the
following :
a) Encrypt the message text NO
b) Decrypt the ciphertext BFTCIW
The plaintext message blocks are diagraph and ciphertext blocks
are trigraph.
KEY DISTRIBUTION
For symmetric encryption to work, the two parties to an exchange must
share the same key, and that key must be protected from access by
others. Furthermore, frequent key changes are usually desirable to limit
the amount of data compromised if an attacker learns the key.
The strength of any cryptographic system rests with the key distribution
technique, a term that refers to the means of delivering a key to two
parties who wish to exchange data without allowing others to see the
key.
For two parties A and B, key distribution can be achieved in a number of
ways, as follows:
1. A can select a key and physically deliver it to B.
2. A third party can select the key and physically deliver it to A and B.
3. If A and B have previously and recently used a key, one party can
transmit the new key to the other, encrypted using the old key.
4. If A and B each has an encrypted connection to a third party C, C
can deliver a key on the encrypted links to A and B.
KEY DISTRIBUTION
Several techniques have been proposed for the distribution of
public keys. Virtually all these proposals can be grouped into the
following general schemes:
Public announcement
Publicly available directory
Public-key authority
Public-key certificates
KEY DISTRIBUTION
Public Announcement of Public Keys:
In public-key algorithm, any participant can send his or her
public key to any other participant or broadcast the key to the
community at large
Many users have adopted the practice of appending their public
key to messages that they send to public forums, such as
USENET newsgroups and Internet mailing lists.
KEY DISTRIBUTION
Publicly Available Directory
1. The authority maintains a directory with a {name, public key} entry for each
participant.
2. Each participant registers a public key with the directory authority.
3. A participant may replace the existing key with a new one at any time, either
because of the desire to replace a public key that has already been used for a
large amount of data, or because the corresponding private key has been
compromised in some way.
4. Periodically the authority publishes the entire directory or updates to the
directory
5. Participants could also access the directory electronically. For this purpose.
KEY DISTRIBUTION
Public-Key Authority
Stronger security for public-key distribution can be achieved by providing
tighter control over the distribution of public keys from the directory.
As before, the scenario assumes that a central authority maintains a dynamic
directory of public keys of all participants.
In addition, each participant reliably knows a public key for the authority,
with only the authority knowing the corresponding private key.
KEY DISTRIBUTION
Public-Key Certificates
Uses certificates that can be used by participants to exchange keys
without contacting a public-key authority, in a way that is as reliable
as if the keys were obtained directly from a public-key authority.
DIFFIE-HELLMAN KEY EXCHANGE
The first published public-key algorithm appeared in the
seminal paper by Diffie and Hellman that defined public-key
cryptography and is generally referred to as Diffie-Hellman key
exchange.
A number of commercial products employ this key exchange
technique.
The purpose of the algorithm is to enable two users to securely
exchange a key that can then be used for subsequent
encryption of messages.
The algorithm itself is limited to the exchange of secret values.
Primitive root of a prime number as one whose powers P
modulo generate all the integers from 1 to p-1.
if a is a primitive root of the prime number , then the numbers
are distinct and consist of the integers from 1 through p-1 in some
permutation.
For any integer b and a primitive root a of prime number p, we
can find a unique exponent such that
The exponent i is referred to as the discrete logarithm of b for
the base a, mod p
DIFFIE-HELLMAN KEY EXCHANGE
DIFFIE-HELLMAN KEY EXCHANGE
Publicly known numbers: a prime number q and an integer
that is a primitive root of q.
Suppose the users A and B wish to exchange a key.
User A selects a random integer X
A
< q and computes

mod q
Similarly,
User B independently selects a random integer X
B
< q and
computes

mod q
Each side keep the X value private and makes the Y value
available publicly to other side.
User A computes the key as:
= (

User B computes the key as:
= (

These two calculations produce identical results
DIFFIE-HELLMAN KEY EXCHANGE
The result is that the two sides have exchanged a secret value.