Beruflich Dokumente
Kultur Dokumente
Public-key Encryption
David Burianek
Saint Leo University
Network Theory & Design
COM-309
Dr. Eduardo Bautista
August 01, 2014
Public-key Encryption
Intent
The intent of this paper is to present the reader with an explanation of Public-key
encryption without delving too deeply into the math behind encryption schemes to better
facilitate understanding for the layperson.
Introduction
Cryptography is a fascinating world that predates computers. Beginning in ancient times
through the revolutionary period and into modern times, there have been many schemes to
protect sensitive data. Notable technics are George Washington's book-key ciphers, Thomas
Jeffersons cylinder, (Menezes, Van Oorschot, & Vanstone, 1997, p. 243) and the Nazi Enigma
Machine of World War II. (Piper & Murphy, 2002) There has always been a need to have secure
communications and the ability to safeguard data that has been intercepted.
Modern Cryptology is an art form that uses the science of mathematics in order to
provide secrecy, authenticity, and security in the transport of data. Cryptology also enables us
to create trust relationships over open networks; more in general, cryptographic protocols allow
mutually distrusting parties to achieving a common goal while protecting their own interests.
(Furnell, Katsikas, Lopez, & Patel, 2008, p. 105) The methods by which these transactions can
occur are many; however, they can be broken down into two categories; symmetric key
encryption and asymmetric key encryption. Public key encryption uses the asymmetric key
approach. We will discuss both methods later.
The advent of e-commerce has created a greater need for public-key encryption schemes
to provide security and privacy during online ordering, banking, bill payment, and other sensitive
transactions. We hear it in the news all the time about hackers breaking into supposedly secure
e-commerce websites. Most of these websites use some form of public-key encryption (PKE)
and public-key infrastructure (PKI) to encrypt sales transactions. The reality is that most hacks
involve breaking into the servers the data is stored on rather than the breaking of the encrypted
data transfer.
A Brief History of Cryptography
Cryptography is the science of designing of cipher systems, whereas cryptanalysis is the
name given to the process of deducing information about plaintext from the ciphertext without
being given the appropriate key. Cryptology is the collective term for both cryptography and
cryptanalysis. (Piper & Murphy, 2002, Kindle Location 277-279)
PUBLIC-KEY ENCRYPTION
The information to be concealed is often called the plaintext and the operation of
disguising it is known as encryption. The encrypted plaintext is called the ciphertext or
cryptogram and the set of rules used to encrypt information plaintext is the encryption algorithm.
Normally the operation of this algorithm depends on an encryption key, which is input to the
algorithm together with the message. In order that the recipient can obtain the message from the
cryptogram there has to be a decryption algorithm which, when used with the appropriate
decryption key, reproduces the plaintext from the ciphertext. (Piper & Murphy, 2002, Kindle
Location 267-268)
A Brief Explanation of Symmetric Key Encryption
There have been numerous encryption schemes throughout history. The one common
element shared by most of these older ciphers was their use of symmetric key encryption. With
symmetric key encryption, both parties have an encryption and decryption key. When a new
party needs to send encrypted data, a set of keys must be delivered by a trusted courier to the
new party. Symmetric key encryption relies on an established level of trust between the sender
and receiver. Take the example of the briefcase protocol. In this example, we use a physical
analogy to describe the desire of Alice (sender) to send a secure message (or package) to Bob
(receiver) by locking it in a briefcase.
1. Alice begins by obtaining a padlock. Only Alice has the key to this padlock.
2. Alice places the message into the briefcase, locks the briefcase using her padlock, and
hands the locked briefcase to a courier, who transports it to Bob.
3. Bob obtains a padlock of his own. Once Bob receives the briefcase, he adds his lock
to the briefcase and returns the briefcase, now with two padlocks installed, to the
courier, who takes it back to Alice.
PUBLIC-KEY ENCRYPTION
4. Alice removes her padlock and hands the briefcase to the courier, who once again
transports it to Bob.
5. Bob removes his padlock and opens the briefcase to obtain the message. (Martin,
2012, p. 153)
Figure 1. Example of the Briefcase Protocol (Piper & Murphy, 2002, Kindle
Location 388)
The major issue with symmetric-key encryption lies in the efficient means of both
parties to agree upon and exchange keys securely. Authorization confirmation is a vital factor in
the issuing of secure keys and is referred to as the key distribution problem, which we will
discuss later in the key management section.
PUBLIC-KEY ENCRYPTION
PUBLIC-KEY ENCRYPTION
There are a finite set of modular numbers, and Modular arithmetic provides rules for
conducting familiar operations such as addition, subtraction, and multiplication on these modular
numbers. (Martin, 2012, p. 156)
A Simplified Explanation of Modulus
Let us use the days of the week in this example of determining the modulus of a number,
modulus uses positive integers and creates a finite set of numbers in lieu of an infinite set.
When we work out what day of the week something will happen on, we often
(unconsciously) make mental calculations such as two days after Tuesday is Thursday.
We could write this in a pseudo-mathematical way as follows:
Tuesday + 2 = Thursday.
When such a calculation takes us beyond the end of a particular week then we will make
statements such as three days after Friday is Monday. Although this is actually Monday
of the following week, this does not cause us any problem since we are treating all
Mondays as the same for this purpose. So:
Friday + 3 = Monday.
Similarly we can make statements such as:
Thursday 2 = Tuesday, and Friday + 7 = Friday.
We can restate this simple idea by now replacing the days of the week, starting with
Monday, by the numbers 0 to 6 (so Monday is 0, Tuesday is 1, and Sunday is 6). It is
now possible to write all our previous pseudo-mathematical equations as mathematical
equations. In other words:
1+2=3
4+3=0
PUBLIC-KEY ENCRYPTION
32=1
4 + 7 = 4.
Computing the days of the week in this manner is an example of modulo 7 (often
abbreviated to mod 7) arithmetic. It is just like normal arithmetic except that we wrap
back around when we reach the number 7 by treating 7 as beginning again at 0. (Martin,
2012, p. 498-499)
Modulo numbers can be manipulated using addition, subtraction, and
multiplication as you would with any normal integer.
For anyone wishing to delve deeper into Modular mathematics; see the mathematical
appendix in Keith M. Martins book Everyday Cryptography: Fundamental Principles and
Applications. (pg. 498)
As you can see by using Modular arithmetic to generate the integers needed to encrypt
plaintext, making deducting the decryption key pattern from plaintext in the Public-key difficult,
breaking a Public-key encryption takes a lot of effort. A nefarious adversary would be surely
dissatisfied to spend a large amount of computer power cracking the cypher only to find a credit
card is maxed out. It is far easier to break into the storage servers.
PUBLIC-KEY ENCRYPTION
Figure 3. A block cipher in ECB mode (Piper & Murphy, 2002, Kindle
Location 1063)
PUBLIC-KEY ENCRYPTION
The most-popular mode of operation for a block cipher is the cipher block chaining
(CBC) mode. CBC mode is used to prevent block manipulation that would change the message.
For example; if a plaintext message contained the phrase; the prices is four thousand dollars
without cipher block chaining an adversary knowing the message could manipulate the
cryptogram so that only certain blocks are received thus changing the message to read; the price
is four dollars. In this case, the decryption works and the messages do make sense, so the
recipient does not suspect tampering; the only clue would be if the recipient suspected the price
was too low. (Piper & Murphy, 2002) In this mode the different blocks are coupled together by
adding modulo 2 to a plaintext block. Using the previous ciphertext block we can make the
following additions:
Ci = EK(Pi (Ci1) and Pi = DK(C)i Ci1). (Furnell et al., 2008, p. 111-112)
Achieving a balance in block size and efficiency is important, if a cipher block is too
small, there will exist a smaller set of different plaintext blocks created. An adversary could
launch a dictionary attack by building up a dictionary of plaintext/ciphertext pairs sent using
that encryption key. A larger block size makes this attack harder because the dictionary needs to
be larger. (Martin, 2012, p. 114) Conversely, if the block size is too large, efficiency degrades
as shorter plaintext blocks will need to have padding applied.
What Is Public-Key Encryption?
Public-key encryption uses asymmetric keys. With the asymmetric key method, the
receiver has both the encryption and decryption keys. The receiver sends out the encryption key,
known as a public key to several interested parties who then use the public-key to encrypt their
data for transmission back to the receiver who then uses their private key, known only to them, to
PUBLIC-KEY ENCRYPTION
decode the transmitted data. (Tyson, 2001) Most public-key schemes use some form of the
Diffie-Hellman key agreement protocol to exchange encryption keys between users.
10
PUBLIC-KEY ENCRYPTION
11
PUBLIC-KEY ENCRYPTION
12
Still, there is the question of whether the public-key is actually that of the intended receiver. It
is also worth observing that when a public key system is used to provide confidentiality then,
since the public encryption key is widely known and can be used by everyone, the ciphertext
does not provide any authentication of the sender. (Piper & Murphy, 2002, Kindle Location
1120) Again, authorization of keys plays a large part in the distribution of keys. Public-key
encryption is noticeably slower to encrypt/decrypt than symmetric keys. Ironically, public-key
ciphers are often used to transport symmetric keys to the communicating parties. (Martin, 2012)
(Menezes et al., 1997)
Public-key algorithm systems
There are several styles of public-key encryption algorithms in use today. Each of these
public-key schemes uses a number-theoretic computational problem to provide security.
(Menezes et al., 1997) Currently there are the following public-key schemes:
Table 1
Public-key Encryption Schemes
Public-key encryption scheme
RSA
Rabin
ElGamal
Generalized ElGamal
McEliece
Merkle-Hellman knapsack
Chor-Rivest knapsack
Goldwasser-Micali probabilistic
Blum-Goldwasser probabilistic
Computational Problem
Integer factorization problem
RAS problem
Integer factorization problem
Square roots modulo composition
Discrete logarithm problem
Diffie-Helman problem
Generalized discrete logarithm problem
Generalized Diffie-Helman problem
Linear code decoding problem
Subset sum problem
Subset sum problem
Quadratic residuosity problem
Integer factorization problem
Rabin problem
(Menezes et al., 1997, table 8.1)
PUBLIC-KEY ENCRYPTION
13
All of these current public-key schemes have their own unique set of strengths and
weaknesses. The most popular of these schemes is the RSA and ElGamal, which we will
examine RSA later. Anyone wishing a deeper look at these public-key schemes see Menezes et
al.s excellent book Handbook of Applied Cryptography.
RSA Encryption Algorithm
The RSA encryption algorithm was named after its inventors Rivest, Shamir, and
Adleman. (Chan et al., 2001) (Menezes et al., 1997) (Piper & Murphy, 2002)
The RSA algorithm uses the integer factorization problem which in turn makes use of
modular mathematics. As the reader will recall from our earlier discussion on of modular math,
the mathematical operated modulus (mod) can be simply defined as:
X = Y mod Z
Where X is the remainder of Y divided by Z. For example consider:
1 = 7 mod 3
Expressed in words this means that 7 divided by 3 leaves a remainder of 1. (Chan et al.,
2001)
Generating the modulus
Creating an RSA set of keys involves computing two large random primes p and q. The
public key contains n which is calculated by the product of two large prime numbers thus n= pq.
PUBLIC-KEY ENCRYPTION
14
Generating e
Next we need a unique number e which must be greater than one and less than the
product of the primes pq (1 e w) where w = (p - 1)(q - 1). The property of e must be that no
numbers can divided evenly into e and (p - 1)(q - 1)except 1.(Martin, 2012)(Menezes et al.,
1997) We can compute e such that 1 = (d x e) mod w (i.e., when (d x e)/w, the remainder is 1)
(Chan et al., 2001, p. 211)
Generating d
The private key d is computed from the values for p, q, and e. Since the private key d is
determined by the public key (e, n) there can only be one value for d. (Martin, 2012) Since d is
calculated as the inverse of e mod w we get the formula ed = 1 mod w. Fortunately there is a
convenient algorithm called the Extended Euclidean Algorithm that take the input of p, q, and e
and outputs d. (Martin, 2012, p. 162) (Menezes et al., 1997)
When all the variables are found we have the public key as (e, n) and the private key as
(d, n).(Martin, 2012) (Menezes et al., 1997) (Piper & Murphy, 2002) (Chan et al., 2001)
RSA key generation sample
We will now demonstrate RSA key generation using the following values for the
variables: Let p = 47, q = 59 and e = 17, also that w = (p - 1)(q - 1).
Generating the modulus
Recall n = pq substituting the values we get n = 47 x 59 = 2773.
Generating e
The number 17 is picked because no number divides evenly into it except 1.
Thus 17 and w have no numbers but 1 that will divided into them. We can calculate w as
(47 1)(59 1) = 2668.
PUBLIC-KEY ENCRYPTION
15
PUBLIC-KEY ENCRYPTION
16
References
Chan, H., Lee, R., Dillon, T., & Chang, E. (2001). E-commerce : Fundamentals and
Applications. [Adobe Digital Editions version]. Retrieved from eBook Academic
Collection (EBSCOhost) Accession Number: 78992
Furnell, S., Katsikas, S., Lopez, J., & Patel, A. (2008). Securing Information And
Communications Systems : Principles, Technologies, And Applications. [Adobe Digital
Editions version]. Retrieved from eBook Academic Collection (EBSCOhost) Accession
Number: 284257
Martin, K. M. (2012). Public-Key Encryption. In Everyday Cryptography Fundamental
Principles and Applications (pp. 150-184). [Kindle DX]. Retrieved from Amazon.com
Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). In Handbook of Applied
Cryptography). Boca Raton, Fl: CRC Press LLC.
Piper, F., & Murphy, S. (2002). Uses of Cryptography. In Cryptography A Very Short
Introduction (pp. 1519-1589). [Kindle]. Retrieved from Amazon.com
Tyson, J. (2001). How Encryption Works. Retrieved Aug 02, 2014 , from
http://computer.howstuffworks.com/encryption3.htm