Sie sind auf Seite 1von 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Asymmetric Cryptography

Probably most significant advance in the 3000 year history of cryptography.

Also known as public-key cryptography
Complements rather than replaces private key crypto.
To solve the problem of key distribution for symmetric key
o How to have secure communications in general without having to trust a Key
Distribution Center (KDC) with your key?
Computationally infeasible to determine the decryption key even though the algorithm and
key used for encryption are known.
Uses two keys a public & a private key.

2 main characteristics:
o One key is used for encryption and a different key but related key is used for
o Public key, KPu, a key that is known to everybody
o Private key, KPr, a key that is only known by the owner.

Page 1 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

General Idea of Asymmetric-Key Cryptosystem

Unlike in symmetric-key cryptography, plaintext and ciphertext are treated as integers in

asymmetric-key cryptography.
C = f (Kpublic , P)
P = g(Kprivate , C)
There is a very important fact that is sometimes misunderstood: The advent of asymmetrickey cryptography does not eliminate the need for symmetric-key cryptography.
How can there be two different keys?
Say key1 = 3, key2 = 1/3, message M = 4
Encryption: Ciphertext C = M * key1 = 4 * 3 = 12
Decryption: Plaintext M = C * key2 = 12 * 1/3 = 4
Multiplicative inverse

Basis of Public-Key Cryptography

Public key cryptography is based on the idea of a trapdoor function f: X Y, that is
f is one-to-one
f is public
One-Way Function (OWF)

f is easy to compute
f -1 is difficult to compute
f -1 becomes easy to compute if a trap door is known

Page 2 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

If n is large, n = p q is a one-way function.
Given p and q , it is always easy to calculate n; given n, it is very difficult to compute p and
q. This is the factorization problem.
If n is large, the function y = xk mod n is a trapdoor one-way function.
Given x, k, and n, it is easy to calculate y. Given y, k, and n, it is very difficult to calculate x.
This is the discrete logarithm problem. However, if we know the trapdoor, k such that k
k = 1 mod f(n), we can use x = yk mod n to find x.
Example of One Way Function
Given x and y, computing n = x y is EASY.
However, given n, computing the factors x and y is HARD.
Discrete Logarithm
Given x, a, and p, computing y x a mod p is EASY.
However, given y, x, and p, computing a is HARD.
Discrete Square-root
Given x and n, computing a x2 mod n is EASY
However, given a and n, computing x is HARD
For x = 6, a = 9, p = 11, we compute
y xa x((x 2 ) 2 ) 2 mod p
with 4 multiplications:
y = 6((62 )2 )2 = 6((36)2)2
= 6((3)2 )2 = 6(9)2
= 6(81) = 6(4)
= 24 = 2
However, finding an a such that
6a 2 mod 11 is hard
We need to try all possibilities (from 1 to p-1) to obtain such a.
Security of Public-Key Cryptography
Similar to symmetric key schemes brute force exhaustive search attack is always theoretically
possible but keys used are too large ( > 512 bits)
Keys used must be large enough to make brute force attack impractical, but small enough for
practical encryption/decryption.
o requires the use of very large numbers
But encryption process is slow compared to symmetric key schemes.

Page 3 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Requirements of Public-Key Cryptography

Computationally easy to generate the key pairs.

Computationally easy for the sender to encrypt.
Computationally easy for the receiver to decrypt.
Computationally infeasible for an opponent, knowing the public key to determine the private
Computationally infeasible for an opponent, knowing the public key and a cipher text, to
recover the original message.(Note: infeasible means if the effort to solve it grows faster than
polynomial time as a function of input size)
Services Provided by Public Key Cryptography Algorithm
o Sender encrypts message with receivers public key.
o Encrypt with KPu (E (KPu, m)) and decrypt with KPr (D(KPr, c))
Authentication (Digital signature)
o Sender creates signature by encrypting the message with his/her private key.
o Encrypt with KPr (EPr(KPr, m)) and decrypt with KPu (D(KPu, c))
o How to verify a message comes intact from the claimed sender.
Key Exchange
o To exchange a session key between two entities.

Public-Key Cryptosystem: Privacy/Confidentiality

Page 4 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Public-Key Cryptosystem: Authentication

Alice: chooses a random number, r
Alice B: E(KPuB, r) Bobs public key
Bob: r = D(KPrB, E(KPuB, r)) , his private key
Bob Alice: r
o Thus identify that the receiver is Bob.
Digital signature
How do Alice & Bob communicate in such a way that Alice can verify that Bob sent the
message Bob cannot deny that he sent the message?
Alice and Bob pick KPuA, KPrA, KPuB and KPrB
Publicize KPuA and KPuB
Bob Alice: E(KPuA, E(KPrB, P))
Alice: D(KPRA, E(KPuA, E(KPrB, P)) = E(KPrB, P)
Alice: D(KPuB, E(KPrB, P)) = P
Public-Key Cryptosystem: Secrecy and Authentication

Concerns about Asymmetric Algorithms

Page 5 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Concerns are in 3 categories

o fortitude in providing unbreakable security
o practicality
o applicability
Many algorithms are insecure
Among secure algorithms, many are impractical
o key size too large
o ciphertext is much larger than plaintext
Only a few algorithms are both secure and practical
some are only suitable for key distribution
some are only suitable for encryption
some are only useful for digital signatures
Example of Public Key Cryptography Algorithm



Digital Signature

Key Exchange

RSA Public Key Cryptosystem

Ron Rivest, Adi Shamir, and Leonard Adleman developed RSA in 1977; RSA stands for the first
letter in each of its inventors' last names. (RSA - acronym for Rivest-Shamir-Adleman)
Based on number theory operations and the difficulty to find prime factors for a large number
(n = pq, where p and q are primes).
Based on exponentiation in a finite (Galois) field over integers modulo a prime.
Security is due to cost of factoring large numbers, uses large integers (eg. 1024 bits).
However, the key length is flexible but usually used 512 bits.
Block cipher with block size <= log2n.
Generally the block size is k bits where 2k bit where 2k < n <= 2k+1.
Each plaintext block has a value from 0 (n-1).
Block size for encryption is also variable but must be smaller than the key length.
2 numbers that is e (chosen) and d (compute) operate as follows:
c = pe mod n encryption/public key
p = cd mod n decryption/private key
RSA encryption
Suppose Alice wants to send a message m to Bob.
Alice creates the ciphertext c by exponentiate: c = me mod n, where e and n is Bob's public
Page 6 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Alice sends c to Bob.

To decrypt, Bob also exponentiates: m = cd mod n;
o The relationship between e and d ensures that Bob correctly recovers m.
o Since only Bob knows d, only Bob can decrypt this message.

Working of RSA
One Way Function (OWF): multiplying two primes
If they are fairly small we can do this in our heads, on a piece of paper, or on a calculator.
As they get bigger and bigger it is fairly easy to write a computer program to compute the
Multiplication runs in polynomial time.
Multiplication of two primes is easy.
However it is difficult to determine the prime factors of n if the n is large.

To factor: Com
To factor

What are the prime numbers?

600 digit number
600 digit even number
Take two large primes, p and q (about 100 digits), and compute their product n = p q; n is
called the modulus.
note (n)=(p-1)(q-1) totient Euler function
Choose a number, e, less than n and relatively prime to (p-1) (q-1). (e, n) is the
encryption/public key
where 1 < e < (n), gcd (e, (n)) = 1
Find d, the multiplicative inverse of e such that d = e-1 mod [(p-1)(q-1)]. So (d, n) is the
decryption/private key
e. d 1 mod (n) and 0 d n
d e-1 mod (n)
Publish their public encryption key: KPU={e, n}
Keep private decryption key: KPR {d, n}
The factors p and q may be kept with the private key, or destroyed.
Page 7 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

However if one could factor n into p and q, then one could obtain the private key d. Thus the
security of RSA is based on the assumption that factoring is difficult.
The discovery of an easy method of factoring would "break" RSA

Mathematic Functions for RSA

A prime is divisible only by itself and 1.
o List the primes smaller than 10.
There are four primes less than 10: 2, 3, 5, and 7. It is interesting to note that the
percentage of primes in the range 1 to 10 is 40%. The percentage decreases as the
range increases.
Checking for Primeness
o Given a number n, how can we determine if n is a prime?
o The answer is that we need to see if the number is divisible by all primes less than

o This method is inefficient, but it is a good start.

o Is 97 a prime?
The floor of
= 9. The primes less than 9 are 2, 3, 5, and 7.
Check if 97 is divisible by any of these numbers.
It is not, so 97 is a prime.
Is 301 a prime?

The floor of
= 17.
Check 2, 3, 5, 7, 11, 13, and 17.
The numbers 2, 3, and 5 do not divide 301, but 7 does.
Therefore 301 is not a prime.

Page 8 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Eulers Phi-Function
Eulers phi-function, (n), sometimes referred as Eulers totient function, plays a very
important role in cryptography.

We can combine the above four rules to find the value of f(n).
For example, if n can be factored as n = p1e1 p2e2 pkek
then we combine the third and the fourth rule to find

o What is the value of (13)?
Because 13 is a prime, (13) = (13 1) = 12.

What is the value of (10)?

Use the third rule: (10) = (2) (5) = 1 4 = 4, because 2 and 5 are primes.

What is the value of (240)?

Write 240 = 24 31 51.
Then (240) = (24 23) (31 30) (51 50) = 64

Can we say that v(49) = (7) (7) = 6 6 = 36?

No. The third rule applies when m and n are relatively prime. Here 49 = 72. We need
to use the fourth rule: (49) = 72 71 = 42.

What is the number of elements in Z14*?

The answer is (14) = (7) (2) = 6 1 = 6. The members are 1, 3, 5, 9, 11, and 13.

Fermats Little Theorem

First Version:
ap 1 1 mod p
Second Version:
ap a mod p
o Find the result of 610 mod 11.
We have 610 mod 11 = 1.
This is the first version of Fermats little theorem where p = 11.

Page 9 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Find the result of 312 mod 11.

Here the exponent (12) and the modulus (11) are not the same.
With substitution this can be solved using Fermats little theorem.

Eulers Theorem
First Version:
af(n) 1 (mod n)
Second Version: a k f(n) + 1 a (mod n)
o Find the result of 624 mod 35
We have 624 mod 35 = 6(35) mod 35 = 1.
Find the result of 2062 mod 77.
If we let k = 1 on the second version, we have
2062 mod 77 = (20 mod 77) (2077) + 1 mod 77) mod 77
= (20)(20) mod 77 = 15.
Multiplicative Inverses

a1 mod p = a p 2 mod p
The answers to multiplicative inverses modulo a prime can be found without using the
extended Euclidean algorithm:

Eulers theorem can be used to find multiplicative inverses modulo a composite.

a1 mod n = a(n)1 mod n
The answers to multiplicative inverses modulo a composite can be found without using
the extended Euclidean algorithm if we know the factorization of the composite:

Examples of RSA Key Generation

Page 10 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Example 1
Key generation:
Given p = 5 and q = 3
Find n

n = p q = 5 3 = 15

Find (n)

(n) = (p-1)(q-1) = 4 2 = 8

Choose integer e,

gcd ((n), e) = 1 and 1 < e < (n)

Say e = 5
Find d

d = e-1 mod (n) = 5-1 mod 8

Use Eulers theorem to find the inverse: a -1 = a (n) -1 mod n

(8) = (23) = (2 1) 23-1 = 4
53 mod 8 = 5, d = 5 {52 mod 8 = 1, 53 mod 8 = (52 5) mod 8}
Public Key - KPU = {e, n} = {5, 15}
Private Key - KPR = {d, n } = {5, 15}
Message encryption / decryption:
Given message M = 4
To encrypt:
C = 45 mod 15
42 = 16 mod 15 = 1, 45 mod 15 = 4
To decrypt:
M = 45 mod 15 = 4

Example 2
Let p = 11, q = 13, so n = p * q = 143
(n) = (p-1)(q-1) = 10 * 12 = 120
Choose e relatively prime to (n), say e = 11
Now d = 11-1 mod 120 = 11

Page 11 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

If plaintext m = 7,
c = me mod n = 711 mod 143 = 106
To decrypt, since c = 106
m = cd mod n = 10611 mod 143 = 7
What is kept secret: p, q and d
What are revealed: e, and n

Example 3
Encrypt RENAISSANCE using p = 53 and q = 61.
n = p * q = 3233
Say e = 71, then d = 791
(check the validity of e and d)
Break the message into blocks of 4 digits where A = 00, B = 01, , Z = 25 (in practice,
characters would be represented by their 8 bit ASCII codes)
Thus RE NA IS SA NC E = 1704 1300 0818 1800 1302 0426
The 1st block is encrypted as 170471 mod 3233 = 3106

c = 3106 0100 0931 2691 1984 2927

Example 4
p = 61, q = 53, pq = 3233,
e = 17 (public exponent),

d = 2753 (private exponent)

Public key is (pq, e).

Private key is d.
C = encrypt (T) = (T17) mod 3233
T = decrypt(C) = (C2753) mod 3233
Encrypt (123) = (12317) mod 3233 = 337587917446653715596592958817679803 mod 3233 =

Page 12 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Decrypt (855) = (855^2753) mod 3233 =


mod 3233 = 123

Example 5
Select primes p=11, q=3.
n = p q = 11 3 = 33
= (p-1)(q-1) = 10 2 = 20
Choose e = 3
Check gcd (e, p-1) = gcd (3, 10) = 1

Page 13 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

and check gcd (e, q-1) = gcd (3, 2) = 1

therefore gcd (e, ) = gcd (e, (p-1)(q-1)) = gcd (3, 20) = 1
Compute d such that e d 1 (mod )
compute d = e-1 mod = 3-1 mod 20
find a value for d such that divides (e d -1)
Find d such that 20 divides 3d-1.
Simple testing (d = 1, 2, ...) gives d = 7
Check: e d -1 = 3 7 - 1 = 20, which is divisible by .
Public key = (n, e) = (33, 3)
Private key = (n, d) = (33, 7).
Now say we want to encrypt the message m = 7,
c = me mod n = 73 mod 33 = 343 mod 33 = 13.
Hence the ciphertext c = 13.
To check decryption we compute m' = cd mod n = 137 mod 33 = 7.
Note that we don't have to calculate the full value of 13 to the power 7 here. We can make
use of the fact that a = b c mod n = (b mod n) (c mod n) mod n
So we can break down a potentially large number into its components and combine the results
of easier, smaller calculations to calculate the final value.
One way of calculating m' is as follows:m' = 137 mod 33 = 13(3+3+1) mod 33 = 133 133 13 mod 33
= (133 mod 33) (133 mod 33) (13 mod 33) mod 33
= (2197 mod 33) (2197 mod 33) (13 mod 33) mod 33
= 19 19 13 mod 33 = 4693 mod 33 = 7.
Now if we calculate the ciphertext c for all the possible values of m (0 to 32), we get



































Example 5
Suppose Ted wants to send the message NO to Jennifer.
Ted changes each character to a number (from 00 to 25), with each character coded as
two digits.
He then concatenates the two coded characters and gets a four-digit number. The
plaintext is 1314.

Page 14 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Real Use of RSA

In general RSA is not used to encrypt long messages. Instead it is used for:

transmitting short secret key/value eg. credit card, key for use in symmetric E/D system
digital signature
authentication i.e. identifying an entity

Practical Usage of RSA: Digital Envelope

Suppose Alice wishes to send an encrypted message to Bob.
Alice encrypts the message with DES, using a randomly chosen DES key.
Then she looks up Bob's public key and uses it to encrypt the DES key. The DES-encrypted
message and the RSA-encrypted DES key together form the RSA digital envelope and are
sent to Bob.
Upon receiving the digital envelope, Bob decrypts the DES key with his private key, then
uses the DES key to decrypt the message itself.
This combines the high speed of DES with the key-management convenience of RSA.

Page 15 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Breaking RSA

The obvious way to do this attack is to factor the public modulus, n, into its two prime factors,
p and q. From p, q, and e, the attacker can easily get d.
The hard part is factoring n;
Security of RSA depends on factoring being difficult. In fact, the task of recovering the
private key is equivalent to the task of factoring the modulus.
It should be noted that hardware improvements alone will not weaken RSA, as long as
appropriate key lengths are used. In fact, hardware improvements should increase the
security of RSA.
Another way to break RSA is to find a technique to compute eth roots mod n.
Since c = me mod n , the eth root of c mod n is the message m.
This would allow someone to recover encrypted messages and forge signatures even
without knowing the private key.
No general methods are currently known that attempt to break RSA in this way. However,
in special cases where multiple related messages are encrypted with the same small
exponent, it may be possible to recover the messages.
These are no attack against the algorithm but instead the protocol.
Attacker sees a ciphertext and guesses that the message might be, for example, "Attack at
dawn," and encrypts this guess with the public key of the recipient and by comparison
with the actual ciphertext, the attacker knows whether or not the guess was correct.
Appending some random bits to the message can thwart this attack.

Page 16 of 17

Faculty of Computing, UTM Johor Bahru

Introduction to Cryptography

Semester 2, 13/14

Eve listen to Alices communication and manage to collect a ciphertext message, c,
encrypted with Alice public key. Eve wants to read the message i.e. m = cd.
To recover m, Eve choose a random #, r, such that r is less than n.
Then she get Alices public key, e and start computing
x = re mod n, y = xc mod n,
t = r-1 mod n
If x = re mod n, then r = xd mod n
Eve gets Alice to sign y with her private key, thereby decrypting y.
Alice send Eve u = yd mod n
Eve computes tu mod n = r-1 yd mod n = r-1 xd cd mod n = cd mod n = m

Page 17 of 17

Das könnte Ihnen auch gefallen