Public-Key Cryptography

Data and Network Security 1

 Public-Key Cryptography
Principles
• Based on mathematical functions
• The use of two keys has consequences in: key
distribution, confidentiality and authentication.
• Miscoceptions
• The scheme has six ingredients
– Plaintext
– Encryption algorithm
– Public and private key
– Ciphertext
– Decryption algorithm

Data and Network Security 2

 Public-Key, essntial steps
1. Each user generates a pair of keys to be used for the
encryption and decryption of messages.
2. Each user places one of the two keys in a public
register or other accessible file. This is the public key.
The companion key is kept private. Each user maintains
a collection of public keys obtained from others.
3. If Bob wishes to send a private message to Alice, Bob
encrypts the message using Alice’s public key.
4. When Alice receives the message, she decrypts it using
her private key. No other recipient can decrypt the
message because only Alice knows Alice’s private key.

Data and Network Security 3

 Public-Key
• With this approach, all participants have access to
public keys, and private keys are generated locally by
each participant and therefore need never be
distributed.
• As long as a user protects his or her private key,
incoming communication is secure.
• At any time, a user can change the private key and
publish the companion public key to replace the old
public key.

Data and Network Security 4

Encryption using Public-Key
system

Data and Network Security 5

Authentication using Public-
Key System

Data and Network Security 6

Applications for Public-Key
Cryptosystems
• Three categories:
– Encryption/decryption: The sender
encrypts a message with the recipient’s
public key.
– Digital signature: The sender ”signs” a
message with its private key.
– Key echange: Two sides cooperate two
exhange a session key.

Data and Network Security 7

 Requirements for Public-
Key Cryptography
1. Computationally easy for a party B
to generate a pair (public key KUb,
private key KRb)
2. Easy for sender to generate
ciphertext: C  EKUb (M )
3. Easy for the receiver to decrypt
ciphertect using private key:
M  DKRb (C )  DKRb [ EKUb (M )]
Data and Network Security 8
 Requirements for Public-
Key Cryptography
4. Computationally infeasible to determine
private key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover
message M, knowing KUb and ciphertext C
6. Either of the two keys can be used for
encryption, with the other used for
decryption:
M  DKRb [ EKUb (M )]  DKUb[ EKRb (M )]
Data and Network Security 9
 Public-Key Cryptographic
Algorithms
• RSA and Diffie-Hellman
• RSA - Ron Rives, Adi Shamir and Len
Adleman at MIT, in 1977.
– RSA is a block cipher
– The most widely implemented
• Diffie-Hellman
– Echange a secret key securely
– Compute discrete logarithms

Data and Network Security 10

 The RSA Algorithm –
Key Generation
1. Select p,q p and q both prime
2. Calculate n = p x q
3. Calculate (n)  ( p  1)(q  1)
4. Select integer e gcd( (n), e)  1; 1  e  (n)
5. Calculate d d  de mod (n)
6. Public Key KU = {e,n}
7. Private key KR = {d,n}

Data and Network Security 11

 The RSA Algorithm -
Encryption
• Plaintext: M<n

• Ciphertext: C = Me (mod n)

Data and Network Security 12

 The RSA Algorithm -
Decryption
• Ciphertext: C

• Plaintext: M = Cd (mod n)

Data and Network Security 13

Example of RSA Algorithm

Data and Network Security 14

 Other Public-Key
Cryptographic Algorithms
• Digital Signature Standard (DSS)
– Makes use of the SHA-1
– Not for encryption or key echange
• Elliptic-Curve Cryptography (ECC)
– Good for smaller bit size
– Low confidence level, compared with RSA
– Very complex

Data and Network Security 15