Indian Institute of Technology Kharagpur

Basic Cryptographic Concepts Lecture 33: Basic cryptographic concepts –

Part II
Prof. Indranil Sen Gupta
Dept. of Computer Science & Engg.
I.I.T. Kharagpur, INDIA
Part II
On completion, the student will be able to:
1. State how public-key cryptography scheme can be
used for encryption/decryption and authentication.
2. Explain a practical public-key cryptography
scheme.
3. Explain a practical message authentication
scheme.
4. Illustrate a scheme for providing secure key
exchange over an insecure channel.

Public Key Cryptography

• Uses two keys for every simplex

logical communication link.
Public Key Cryptography ¾Public key
¾Private key
• The use of two keys has profound
consequences in the areas of
¾Confidentiality
¾Key distribution
¾Authentication

Illustration :: Encryption

B’s public key B’s private key

• Basic ingredients of the scheme: KUB KRB
¾ Plaintext (P)
ƒ Message to be encrypted
¾ Public Key (KU) and Private Key (KR) A B
ƒ One with the sender and the other with the
receiver
¾ Ciphertext (C) EA DA
ƒ Message after encryption Ciphertext
Plaintext
Plaintext
¾ Encryption algorithm C P
P
ƒ Uses P and KU
¾ Decryption algorithm
ƒ Uses C and KR

1
 Key Usage for Encryption Illustration :: Authentication

A’s private key A’s public key

KRA KUA

A B
Public key Private key
of B of B
EA DA
KUB KRB
Ciphertext
Plaintext Plaintext
C
P P

Key Usage for Authentication Applications

• Three categories:
a) Encryption/decryption:
ƒ The sender encrypts a message with the
Private key recipient’s public key.
Public key
of A b) Digital signature / authentication:
KRA of A ƒ The sender signs a message with its
KUA private key.
c) Key exchange:
ƒ Two sides cooperate to exhange a session
key.

Requirements

• Computationally easy for a party B to • Computationally infeasible to determine

generate a key pair KRB knowing KUB.
¾Public key KUB • Computationally infeasible to recover
¾Private key KRB message M, knowing KUB and
• Easy for sender to generate ciphertext C.
ciphertext: • Either of the two keys can be used for
C = E (M, KUB) encryption, with the other used for
• Easy for the receiver to decrypt decryption:
ciphertext using private key: M = D (E (M, KUB), KRB) = D (E (M, KRB), KUB)
M = D (C, KRB) = D (E (M, KUB), KRB)

2
 The RSA Public Key Algorithm RSA : Key Generation

• RSA Algorithm 1. Select p,q p and q both prime

¾Developed by Ron Rivest, Adi Shamir 2. Calculate n = p x q
and Len Adleman at MIT, in 1977.
3. Calculate Φ(n) = (p-1)(q-1)
¾A block cipher.
¾The most widely implemented. 4. Select integer e gcd(Φ(n),e)=1; 1<e< Φ(n)
5. Calculate d d = e-1 mod Φ(n)
6. Public Key KU = {e,n}
7. Private key KR = {d,n}
φ(n) is the number of positive numbers less than n
and relatively prime to n (called Euler totient).

RSA : Encryption RSA : Decryption

• Plaintext: M<n • Ciphertext: C

• Ciphertext: C = Me (mod n) • Plaintext: M = Cd (mod n)

Example

• Select two prime numbers, p=7 and q=17. • Encryption process:

• Calculate n = pq = 7×17 = 119. ¾Say, plaintext M = 19.
• Calculate φ(n) = (p-1)(q-1) = 96.
¾Ciphertext C = 195 (mod 119)
• Select e such that e is relatively prime to
φ(n)=96, and less than φ(n). = 2476099 (mod 119)
¾In this case, e=5. = 66
• Determine d such that de = 1 (mod 96) • Decryption process:
and d<96. ¾M = 6677 (mod 119) = 19.
¾ d=77, because 77×5 = 385 = 4×96+1.

• Public key KU = {5,119}

• Private key KR = {77,119}

3
 The Security of RSA

• RSA is secure since ¾Until recently, this was felt to be infeasible

¾We use large number of bits in e and d.
¾The problem of factoring n into two
prime factors is computationally very
difficult.
ƒ Knowing p and q will allow us to know Φ(n).
ƒ This will help an intruder to know the values
of e and d.
¾Key sizes in the range of 1024 to 2048
bits seems safe.
for numbers in the range of 100 decimal
digits or so (approximately 300 bits).
¾A worldwide team cooperating over the
internet and using 1600 computers
recently cracked the code in eight months.
¾Currently, a 1024-bit key size (about 300
decimal digits) is considered strong
enough for virtually all applications.

Diffie-Hellman Key Exchange D-H Algorithm

• A and B want to agree on secret key.

• Proposed in 1976.
¾ They agree on two large numbers n and g,
• Allows group of users to agree on such that 1<g<n.
secret key over insecure channel. ¾ A choose random x, computes X=gx mod n,
• Cannot be used to encrypt and and sends X to B.
decrypt messages. ¾ B chooses random y, computes Y=gy mod n,
and sends Y to A.
• Depends for its effectiveness on the
difficulty of computing discrete ¾ A computes k1= Yx mod n .
logarithms. ¾ B computes k2= Xy mod n .
• Note: k1 = k2 = gyx mod n .

D-H Algorithm: contd.

Choose x Choose y

X=gx mod n
• Requires no prior communication
between A and B.
• Security depends on difficulty of
computing x, given X = gx mod n .
A Y=gy mod n
B • Choices for g and n are critical.
¾Both n and (n-1)/2 should be prime.
¾n should be large.
• Susceptible to intruder-in-the-middle
Compute Yx mod n Compute Xy mod n
(man-in-the-middle) attack.
¾Active intruder.

4
 Man-in-the-Middle Attack A Comparison

Intruder
• Symmetric encryption/decryption is
much faster than asymmetric
encryption/ decryption:
RSA: kilobits/second
DES: megabits/second
⇓
A B DES is about 100 times faster than RSA
• Key size:
¾RSA: selected by user
¾DES: 56 bits

Various Approaches

• Authentication using conventional

encryption.
Message Authentication ¾Only the sender and receiver should share
a key.
• Message authentication without message
encryption.
¾An authentication tag is generated and
appended to each message.
• Message authentication code.
¾Calculate the MAC as a function of the
message and the key: MAC = F(K, M)

Commonly Used Schemes

K
M M • The MD family
M
E E E MAC ¾MD2, MD4 and MD5 (128-bit hash).
S S S
S S
Algorithm • The SHA family
S
A A TRANSMIT A ¾SHA-1 (160-bit), SHA-256 (256-bit), SHA-
G G G 384 (384-bit) and SHA-512 (512-bit).
E E E
• RIPEMD-128 (128-bit), RIPEMD-160
M M
A A (160-bit).
MAC C
=?
C
Algorithm

5
 SOLUTIONS TO QUIZ
QUESTIONS ON
LECTURE 32

Quiz Solutions on Lecture 32 Quiz Solutions on Lecture 32

1. What is the main difference between 3. What is the main difference between
passive and active attacks? substitution cipher and transposition
In passive attack, the opponent passively cipher?
listens to passing packets. In active
In substitution cipher, each letter or group
attacks, the opponent makes some
of letters of the plaintext are replaced by
changes to the packets.
some other letter or group of letters.
2. 10 parties exchange messages securely
In transposition cipher, letters of the
using DES. How many distinct key values
plaintext are permuted in some form.
are required?

A total of 10C2 or 45 keys would be required.

Quiz Solutions on Lecture 32 Quiz Solutions on Lecture 32

4. For breaking transposition ciphers, what 6. What is the key length of DES? How
are the initial guesses that needs to be does triple DES helps to increase the
made? effective key length?

Number of columns and some probable Key length of DES is 56.

words in the plaintext.
In triple DES, three runs of DES are made
5. How many rounds are there in DES? during encryption, and three runs during
decryption, using three different keys.
Sixteen. So effective key length is 168 bits.

6
 Quiz Questions on Lecture 33

1. For 10 parties communicating using RSA,

how many keys are required in total?
QUIZ QUESTIONS ON 2. In public key cryptography, how are the keys
LECTURE 33 used for encryption applications?
3. In public key cryptography, how are the keys
used for authentication applications?
4. Which of the two is faster, RSA or DES?
5. On what factor does the security of the RSA
algorithm depend on?
6. Give an efficient algorithm to compute XY,
where X and Y are integers.