Information Security

Chapter -3

Mr.Rajasekhar Boddu
 Security Techniques: Cryptography
Terminology
 Cryptography: Schemes for encryption and decryption
 Encryption: The process by which plaintext is
converted into cipher text.
 Decryption: Recovering plaintext from the cipher text
 Secret key: Used to set some or all of the various
parameters used by the encryption algorithm. In a
classical (symmetric key) cryptography, the same
secret key is used for encryption and decryption
 Cryptanalysis: The study of “breaking the code”.
 Cryptology: Cryptography and cryptanalysis together constitute
the area of cryptology.
 Cryptography

Cryptography has five ingredients:

• Plaintext- is the original message or data
that is fed into the algorithm as an input
• Encryption algorithm -performs various
substitutions and transformations on
the plaintext
• Secret Key- is also input to the
algorithm. The exact substitutions and
transformations performed by the
algorithm depend on the key.
 Cont’d…
•Cipher text-is the scrambled message produced as output.
• It depends on the plaintext and the secret key. For a given
message, two different keys will produce two different cipher
texts.
•Decryption algorithm-is essentially the encryption
algorithm run in reverse. It takes the cipher text and
produces the original plaintext.
Security depends on the secrecy of the key, not the secrecy of
the algorithm.
 Cryptography

There are two fundamentally different

cryptographic systems
Symmetric cryptosystem/ Private key
Asymmetric cryptosystem/ Public key
 Cryptography
Symmetric Cryptosystem
Also called secret-key/private-key cryptosystem
The same key is used to encrypt and decrypt a
message
 P = DK [EK (P) ]
Have been used for centuries in a variety of forms
The key has to be kept secret
The key has to be communicated using a secure
channel
They are still in use in combination with public key
cryptosystems due to some of their advantages
 Cryptography
Simplified Encryption Model:
 Cont’d…
There are two requirements for secure use of symmetric encryption:
• We need a strong encryption algorithm.
• The opponent should be unable to decrypt cipher text or discover the
key even if he or she is in possession of a number of cipher texts
together with the plaintext that produced each cipher text.
• In symmetric encryption, Sender and receiver must have obtained
copies of the secret key in a secure fashion and must keep the key
secure.
• If someone can discover the key and knows the algorithm, all
communication using this key is readable.
 Classification of Cryptography
Cryptographic systems are generically classified along three
independent dimensions:
• The type of operations used for transforming plaintext to cipher text.
• All encryption algorithms are based on two general principles:
• Substitution, in which each element in the plaintext (bit, letter, group of bits or
letters) is mapped into another element, and
• Transposition, in which elements in the plaintext are rearranged.
 Cont’d…
• The number of keys used.
• If both sender and receiver use the same key, the system is referred to
as symmetric, single-key, secret-key, or conventional encryption.
• If they use different keys, the system is referred to as asymmetric,
two-key, or public-key encryption.
• The way in which the plaintext is processed.
• A block cipher processes the input one block of elements at a time,
producing an output block for each input block.
• A stream cipher processes the input elements continuously,
producing output one element at a time, as it goes along
 Cryptography
Description:
A sender S with a message M to a receiver R
To protect the message M, the sender first
encrypts it into an unintelligible message M’
After receipt of M’, R decrypts the message to
obtain M
M is called the plaintext
 What we want to encrypt

M’ is called the ciphertext

 The encrypted output
 Cryptography
Notation:

 Given
P=Plaintext
C=CipherText

 C = EK (P) Encryption
 P = DK ( C) Decryption
P= DK(EK(P))
C= EK(DK(C))
 Cryptanalysis
Cryptography is the science and art of creating code
Cryptanalysis is the science and art of breaking those codes
Mono-alphabetic Substitution
The relationship between symbols in plain text to a symbols In cipher text is
always one to one

Poly-alphabetic substitution cipher

Each occurrence of a character may have different substitution

The relationship between symbols in plain text to a symbols In cipher text is

always one to many

14
Additive Cipher
Multiplicative Cipher
Affine Cipher
Monoaplhabetic Substitution Cipher

15
 Key
Key
Alice k Bob
K

Plaintext Cipher text Plaintext

P C P
C=(P+K) P=(C-K) mod
mod 26 26

Encryption Decryption

a b c d e f g h i j k l m n o p q r s t u v w x y z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

16
 Cryptography
The simplest mono-alphabetic cipher is the additive
cipher.
This cipher is sometimes called a shift cipher and
sometimes a Caesar cipher, but the term additive
cipher better reveals its mathematical nature
Plain text: are you ready Cipher text: DUH BRX UHDGB for k=3
 Cryptography

If we represent each letter of the alphabet

by an integer that corresponds to its
position in the alphabet:
The formula for replacing each character ‘p’ of
the plaintext with a character ‘c’ of the
ciphertext can be expressed as:
c = E3(p ) = (p + 3) mod 26
Cryptography
 Cryptography

A more general version of this cipher that allows

for any degree of shift:
 c = Ek(p ) = (p + k) mod 26
The formula for decryption would be
 p = Dk(c ) = (c - k) mod 26
In these formulas
 ‘k’ is the secret key. The symbols ’E’ and ’D’ stand for
Encryption and Decryption respectively, and p and c
are characters in the plain and cipher text respectively.
 Exercise
1. Use the additive/ Caesar cipher with key = 15 to encrypt the message
“hello”.
2. Use the additive/ Caesar cipher with key = 3 to decrypt the message
“qr pdwwhu iru krz orqj wkh qljkw lv, wkh gdb zloo iroorz”
 Cryptography

Properties of encryption function

It is computationally infeasible to find the key
K when given the plaintext P and associated
ciphertext C= EK (p)
It should also be computationally infeasible to
find another key k’ such as EK(p) = EK’(p).
Uniqueness.
 Cryptanalysis

Types of attacks encryption

The attacker has only the ciphertext and
his/her goal is to find the corresponding
plaintext
The attacker has a ciphertext and the
corresponding plaintext and his/her goal is
to find the key
A good cryptosystem protects against all types
of attacks
Attackers use both Mathematics and Statistics
 Cryptanalysis
Intruders
Eavesdropping (listening/spying the message)
 An intruder may try to read the message
 If it is well encrypted the intruder will not know the
content
However, just the fact the intruder knows that there
is communication may be a threat (Traffic analysis)
Modification
 Modifying a plaintext is easy, but modifying
encrypted messages is more difficult
Insertion of messages
 Inserting new message into a cipher text is difficult
 Cryptanalysis

Intruders
 Cryptanalysis
Brute-Force Attack
The intruder tries all possible keys (or passwords), and
checks which one of them returns the correct plaintext.
Exercise
1. Hana has intercepted the ciphertext
“UVACLYFZLJBYL”. Show how she can use a brute-
force attack to break the cipher.
 Cryptography
Frequency analysis/ Statistical attack
It is especially useful when attacking a substitution cipher where the statistics of
the plaintext language are known.
In English, for example, some letters will appear more often than others will,
allowing an attacker to assume that those letters may represent the key.
Exercise
1. Eden has intercepted the following cipher text. find the plaintext Using a
statistical attack.

Step-1 get frequency of each letter in the language of plain text.

Step-2 find frequency of each letter in the cipher text
 Cryptography
Step-3 find the distance between high frequency symbol of cipher text and high
frequency symbol in the language. The general idea is to find the popular letters
in the cipher text and try to replace them by the most common letters in the used
language.
Solution

When Eden tabulates the frequency of letters in this cipher text, she gets: I =14, V
=13, S =12, and so on. The most common character is I with 14 occurrences. This
means key = 4 because the distance between e and I is 4.
 Key
Key
Alice k Bob
K

Plaintext
Plaintext Cipher text
P
P C
C=(P*K) mod P=(C*K-1)
26 mod 26

Encryption Decryption

29
Multiplicative cipher
 Key Key
k1 K2
Alice

Plaintext
P T
C=(P*K1) P=(C+K2)
mod 26 mod 26
Ciphertext
Encryption C
Bob
Plaintext
P C=(P*K-1) mod P=(C-K2)
26 mod 26

Decryption

Key Key
31
k1 K2
EXAMPLE

plaintext = hello
Key pair = (7,2)
Ciphertext=?

32
 Transposition Cipher
All the techniques examined so far involve the substitution of a cipher text symbol
for a plaintext symbol.
A very different kind of mapping is achieved by performing some sort of
permutation on the plaintext letters. This technique is referred to as a
transposition cipher.
The simplest such cipher is the rail fence technique
Rail Fence Cipher – write the plaintext in a zig-zag pattern in rows and form the
cipher text by reading off the letters from the first row followed by the second.
Eg. Encipher the message "meet me after the toga party" with a rail fence of
depth 2
Keyless Transposition Cipher

Keyed Transposition Cipher

Combination of two

34
 Keyless Transposition Ciphers
Simple transposition ciphers, which were used in the past, are keyless.

Example

A good example of a keyless cipher using the first method is the rail fence cipher. The ciphertext
is created reading the pattern row by row. For example, to send the message “Meet me at the
park” to Bob, Alice writes

She then creates the ciphertext “MEMATEAKETETHPR”.

16.3
5
Key: 4 3 1 2 5 6 7
Plain text: a t t a c k p
o s t p o n e
d u n t i l t
o n i g h t 7
Cipher text: TTNI APTG TSUN AODO COIH KNLT PET7
The transposition cipher can be made significantly more secure by performing
more than one stage of transposition.
Exercise cipher the text “Come home tomorrow”
with key 4,6,1,2,5,3
Cont’d…
Cont’d…
Cont’d…
• The keyless ciphers permute the characters by using
writing plaintext in one way and reading it in another way

• The permutation is done on the whole plaintext to create

the whole ciphertext.

• Another method is to divide the plaintext into groups of

predetermined size, called blocks, and then use a key to
permute the characters in each block separately.

40
 Example

Alice needs to send the message “Enemy attacks tonight” to Bob..

The key used for encryption and decryption is a permutation key, which shows how the character
are permuted.

The permutation yields

 Modern Symmetric Key Encryption

Digital data is represented in strings of binary digits (bits) unlike

alphabets

Modern cryptosystems need to process this binary strings to convert in

to another binary string.
Based on how these binary strings are processed, a symmetric
encryption schemes can be classified in to:
Block Ciphers
Stream Ciphers
 Block Ciphers
In this scheme, the plain binary text is processed in blocks (groups) of bits at a
time;
i.e. A block of plaintext bits is selected,
A series of operations is performed on this block to generate a block of cipher text bits.
The number of bits in a block is fixed.
It produces a block of cipher text bits, generally of same size to plain text.
Eg. a 150-bit plaintext provides 2 blocks of 64 bits with third block of 22 bits.
The last block of bits needs to be padded up with 42 redundant bit information
to make the final block equal to block size of the scheme.
The process of adding bits to the last block is referred to as padding.
For example, the schemes DES and AES have block sizes of 64 and 128,
respectively.
 Stream Ciphers
In this scheme, the plaintext is processed one bit at a time
i.e. one bit of plaintext is taken, and
 a series of operations is performed on it to generate one bit of
ciphertext.
Technically, stream ciphers are block ciphers with a block size
of one bit.
 Feistel Block Cipher
Feistel cipher is not a specific scheme of block cipher.
It is a design model from which many different block ciphers are
derived.
DES is one example of a Feistel Cipher.
A cryptographic system based on Feistel cipher structure uses the same
algorithm for both encryption and decryption.
 Encryption Process
The encryption process uses multiple rounds of processing of the plaintext, each
round consisting of a “substitution” step followed by a permutation step.
Feistel Structure is shown in the following illustration
 Input block to each round is divided into two
halves, L and R for the left half and the right
half.
 In each round, R, goes through unchanged.
But, L, goes through an operation that
depends on R and the encryption key.
 First, we apply an encrypting function ‘f ’ that takes
two input − the key K and R. The function produces
the output f(R,K). Then, we XOR the output of the
mathematical function with L.
 The permutation step at the end of each round
swaps the modified L and unmodified R.
 Cont’d…
The number of rounds are specified by the algorithm design.
More number of rounds provide more secure system. But at the same time, more
rounds mean the inefficient slow encryption and decryption processes.
The process of decryption in Feistel cipher is almost similar in reverse order.
The only difference is that the sub keys used in encryption are used in the
reverse order.
 Cryptography
DES - Popular Example of Symmetric Cryptosystem
In 1973, the NBS (National Bureau of Standards, now called NIST -
National Institute of Standards and Technology) published a request for
an encryption algorithm that would meet the following criteria:
Have a high security level
Be easily understood
Not depend on the algorithm's confidentiality
Be adaptable and economical
Be efficient and exportable

In late 1974, IBM proposed "Lucifer", which was then modified by NSA
(National Security Agency) in 1976 to become the DES (Data Encryption
Standard). DES was then approved by the NBS in 1978. DES was
standardized by the ANSI under the name of ANSI X3.92, also known as
DEA (Data Encryption Algorithm).
 Cryptography
DES- Example of Symmetric Cryptosystem …
DES Utilizes block cipher, which means that during the
encryption process, the plaintext is broken into fixed length blocks
of 64 bits.
The key is 56 bits wide. 8-bit out of the total 64-bit block key is
used for parity check (for example, if odd parity is used, each byte
has an odd number of bits set to 1).
56-bit key gives 256 ( 7.2*1016) possible key variations
DES algorithm involves carrying out combinations, substitutions
and permutations between the text to be encrypted and the key,
while making sure the operations can be performed in both
directions (for decryption).
The combination of substitutions and permutations is called a
product cipher.
 Cryptography
DES- Example of Symmetric Cryptosystem …

DES was best suited for implementation in hardware,

probably to discourage implementations in software, which
tend to be slow by comparison during that time.
Modern computers are so fast that satisfactory software
implementations for DES are possible.
DES is the most widely used symmetric algorithm despite
claims whether 56 bits is long enough to guarantee security.
Using current technology, 56-bit key size is vulnerable to a
brute force attack.
 Cryptography
DES- Example of Symmetric Cryptosystem …
DES Encryption starts with an IP of the 64 input bits.
Then divided into two 32-bit halves called L and R.
The encryption then proceeds through 16 rounds, each using the
L and R parts, and a subkey.
The R and subkeys are processed in the so called f-function, and
exclusive-or of the output of the f-function with the existing L
part to create the new R part.
The new L part is simply a copy of the incoming R part.
In the final round, the L and R parts are swapped once more
before final permutation (FP) producing the output block.
Decryption is identical to encryption, except that the subkeys are
used in the opposite order.
 Cryptography
Input-64 bit
plain text

Output-64 bit
cypher text

Structure of DES Algorithm

 Cryptography
DES- Example of Symmetric Cryptosystem …

The f-function mixes the bits of the R portion using the

Subkey for the current round. First the 32-bit R value is
expanded to 48 bits using a permutation E. That value is
then exclusive-or'ed with the subkey.
The 48 bits are then divided into eight 6-bit chunks, each of
which is fed into an S-Box that mixes the bits and produces
a 4-bit output. A little bit funny operation here!!
Those 4-bit outputs are combined into a 32-bit value, and
permuted once again to give the output of the f-function.
Step 1: Create 16 sub-keys, each of which is 48-bits long
Example: Let K = 00010011 00110100 01010111 01111001 10011011 10111100 11011111 11110001
The DES algorithm uses the following steps:
The 64-bit key is permuted according to the following table, Permuted Choice(PC-1).

Every 8th bit in the key is not used (i.e. bits numbered 8,16, 24, 32, 40, 48, 56, and 64).
We get the 56-bit permutation
K+ = 1111000 0110011 0010101 0101111 0101010 1011001 1001111 0001111
 Cont’d…
Next, split this key into left and right halves, C0 and D0, where each half has 28
bits.
C0 = 1111000 0110011 0010101 0101111
D0 = 0101010 1011001 1001111 0001111
Each pair of blocks Cn and Dn is formed from the previous pair Cn-1 and Dn-1,
respectively, for n = 1, 2, ..., 16, using the following schedule of "left shifts" of
the previous block.
 Cont’d…
So , that after one left shift the bits order looks like 2, 3,..., 28, 1.
Example: From original pair pair C0 and D0 we obtain:
C0 = 1111000011001100101010101111
D0 = 0101010101100110011110001111
C1 = 1110000110011001010101011111
D1 = 1010101011001100111100011110
C2 = 1100001100110010101010111111
D2 = 0101010110011001111000111101
C3 = 0000110011001010101011111111
D3 = 0101011001100111100011110101
C4 = 0011001100101010101111111100
D4 = 0101100110011110001111010101
 Cont’d…
By applying the following permutation table to each of the concatenated pairs CnDn.
Each pair has 56 bits, but PC-2 only uses 48 of these.

Therefore, the first bit of Kn is the 14th bit of CnDn, the second bit the 17th, and so on,
ending with the 48th bit of Kn being the 32th bit of CnDn
Example: For the first key we have
C1D1 = 1110000 1100110 0101010 1011111 1010101 0110011 0011110 0011110
which, after we apply the permutation PC-2, becomes
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
 Step 2: Encode each 64-bit block of data
Example: Let M be the plain text message M = 0123456789ABCDEF, where M is in
hexadecimal (base 16) format.
Rewriting M in binary format, we get the 64-bit block of text:
 Cont’d…
There is an initial permutation, IP of the 64 bits of the message data M. This
rearranges the bits according to the following table, where the entries in the table show
the new arrangement of the bits from their initial order.

Example: Applying the initial permutation to the block of text M, we get

M = 0000 0001 0010 0011 0100 0101 0110 0111 1000 1001 1010 1011 1100 1101 1110 1111
IP = 1100 1100 0000 0000 1100 1100 1111 1111 1111 0000 1010 1010 1111 0000 1010 1010
 Cont’d…
Next divide the permuted block IP into a left half L0 of 32 bits, and a right half R0 of 32
bits.
Example: From IP, we get L0 and R0
L0 = 1100 1100 0000 0000 1100 1100 1111 1111
R0 = 1111 0000 1010 1010 1111 0000 1010 1010
Using a function f, which operates on two blocks--a data block of 32 bits and a key Kn
of 48 bits--to produce a block of 32 bits.
To calculate f, we first expand each block Rn-1 from 32 bits to 48 bits. This is done by
using a selection table that repeats some of the bits in Rn-1 . We'll call the use of this
selection table the function E. Thus E(Rn-1) has a 32 bit input block, and a 48 bit output
block.
 Cont’d…
Next in the f calculation, we XOR the output E(Rn-1) with the key Kn: Kn + E(Rn-1)
Example: For K1 , E(R0), we have
K1 = 000110 110000 001011 101111 111111 000111 000001 110010
E(R0) = 011110 100001 010101 010101 011110 100001 010101 010101
K1+E(R0) = 011000 010001 011110 111010 100001 100110 010100 100111.
We now have 48 bits, or eight groups of six bits
We now do something strange with each group of six bits: we use them as addresses in
tables called "S boxes". Each group of six bits will give us an address in a different S box.
The net result is that the eight groups of 6 bits are transformed into eight groups of 4 bits
(the 4-bit outputs from the S boxes) for 32 bits total.
 Cont’d…
The first and last bits of B represent in base 2 a number in the decimal range 0 to 3 (or
binary 00 to 11). Let that number be i. The middle 4 bits of B represent in base 2 a
number in the decimal range 0 to 15 (binary 0000 to 1111). Let that number be j.

Look up in the table the number in the i-th row and j-th column. That block is
the output S1(B) of S1 for the input B.
For example, for input block B = 011011 the first bit is "0" and the last bit "1" giving
01 as the row. The middle 4 bits => 13, In row 1, column 13 appears 5. This determines
the output; 5 is binary 0101, so that the
output is 0101. Hence S1(011011) = 0101.
 Cont’d…
It results =
0101 1100 1000 0010 1011 0101 1001 0111
The final stage in the calculation of f is to do a permutation P of the S-box
output to obtain the final value of f: using p table below

Then ,Ln = Rn-1

Rn = Ln-1 + f(Rn-1,Kn)
At the end of the sixteenth round we have the blocks L16 and R16. We then
reverse(swap) the order of the two blocks into the 64-bit block
 Cont’d…
Then, apply a final permutation IP-1 as defined by the following table:

IP-1 will give us the encrypted text

Decryption is simply the inverse of encryption, following the same steps as above, but
reversing the order in which the sub keys are applied.
 Cryptography
DES- Example of Symmetric Cryptosystem …
Cracking: The most basic method of attack for any cypher is
brute force - trying every possible key in turn.
The length of the key determines the number of possible
keys, and hence the feasibility of the approach.
DES is not adequate with this regard due to its key size
In academia, various proposals for a DES-cracking machine
were advanced.
In 1977, Diffie and Hellman proposed a machine costing an
estimated US$20 million which could find a DES key in a single day.
By 1993, Wiener had proposed a key-search machine costing US$1
million which would find a key within 7 hours.
However, none of these early proposals were ever
implemented.
 Cryptography
DES- Example of Symmetric Cryptosystem …

The vulnerability of DES was practically demonstrated in

1997, where RSA Security sponsored a series of contests,
offering a $10,000 prize to the first team that broke a
message encrypted with DES for the contest. That contest
was won by the DESCHALL Project, led by Rocke Verser,
Matt Curtin, and Justin Dolske, using idle cycles of
thousands of computers across the Internet.
The feasibility of cracking DES quickly was demonstrated
in 1998 when a custom DES-cracker was built by the
Electronic Frontier Foundation (EFF), a cyberspace civil
rights group, at the cost of approximately US$250,000. Their
motivation was to show that DES was breakable in practice
as well as in theory.
 Cryptography
DES- Example of Symmetric Cryptosystem …

The EFF's US$250,000 DES

cracking machine
contained 1,856 custom
chips and could brute force
a DES key in a matter of
days - the photo shows a
DES Cracker circuit board
fitted with several Deep
Crack chips.
 Cryptography
Challenge of Symmetric Key Cryptography
There are two restrictive challenges of employing symmetric key
cryptography.
Key establishment - Before any communication, both the sender
and the receiver need to agree on a secret symmetric key. It requires
a secure key establishment mechanism in place.

Trust Issue - there is an implicit requirement that the sender and

the receiver ‘trust’ each other.
For example, if receiver lost the key to an attacker and the sender is not
informed.
 Cryptography
Today, people need to exchange information with non-familiar and non-
trusted parties.
Eg . online seller and customer

These limitations of symmetric key encryption gave rise to

asymmetric key encryption schemes
 Cryptography
Asymmetric Cryptosystem
Also called public-key cryptosystem
 keys for encryption and decryption are different but form a unique pair
 P = DKD [EKE (P) ]
 Only one of the keys need to be private while the other can be public
Invented by Diffie and Hellman in 1976

Uses Mathematical functions whose inverse is not known by

Mathematicians of the day
It avoids the need of using a secure channel to communicate the
key
It has made cryptography available for the general public and made
many of today’s on-line application feasible
 Cryptography
Public-key Cryptosystem
Which one of the encryption or decryption key is
made public depends on the use of the key
 If Hana wants to send a confidential message to
Ahmed
 Sheencrypts the message using Ahmed’s public key
 Send the message
 Ahmed will then decode it using his own private key

 On the other hand, if Ahmed needs to make sure that

a message sent by Hana really comes from her, how
can he make that?
 Cryptography
Public-key Cryptosystem

Using digital signature

 Hana has to first encrypt a digital signature using her
private key
 Then encrypt the message (signature included) with
Ahmed’s public key
 Sends the encrypted message to Ahmed
 Ahmed decrypts the message using his private key
 Ahmed then decrypts the signature using Hana’s
public key
 If successful, he insures that it comes from Hana
 Cryptography
Public-key Cryptosystem: Example RSA
RSA is from R. Rivest, A. Shamir and L. Adelman
Principle: No mathematical method is yet known to efficiently
find the prime factors of large numbers
In RSA, the private and public keys are constructed from very
large prime numbers (consisting of hundred of decimal digits)
One of the keys can be made public

Breaking RSA is equivalent to finding the prime factors: this is

know to be computationally infeasible
It is only the person who has produced the keys from the prime
number who can easily decrypt the messages
 Cryptography
Public-key Cryptosystem: Average time required
for exhaustive key search

Key Size Number of Time required at

(bits) Alternative Keys 106 Decryption/µs
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
 Cryptography
Public-key Cryptosystem

Properties of public key cryptosystem

 A pair of keys (private, public)
 If you have the private key, you can easily
decrypt what is encrypted by the public key
 Otherwise, it is computationally infeasible to
decrypt what has been encrypted by the public
key
 Cryptography
More on RSA
The RSA algorithm
 Used for both public key encryption and digital
signatures.
 Security is based on the difficulty of factoring large
integers.

Major Activities
 Key Generation (Algorithm)
 Encryption
 Digital signing
 Decryption
 Signature verification
 Cryptography
RSA- Key Generating Algorithm

1. Generate two large random primes, p and q

2. Compute n = pq and (φ) n = (p-1)(q-1)
3. Choose an integer e, 1 < e < (φ) n , such that gcd(e, (φ) n ) = 1
4. Compute the secret exponent d, 1 < d < (φ) n , such that
(φ) n divides (ed-1) -> d =

5. The public key is (n, e) and the private key is (n, d).
 Keep all the values d, p, q and (φ) n secret
 n is known as the modulus
 e is known as the public exponent or encryption exponent
 d is known as the secret exponent or decryption exponent.
 Cryptography
RSA- Encryption

Sender A does the following

 Obtains the recipient B's public key (n, e)
 Represents the plaintext message as a positive integer m
 Computes the ciphertext c = me mod n
 Sends the ciphertext c to B

RSA- Decryption

Recipient B does the following

 Uses his private key (n, d) to compute m = cd mod n
 Extracts the plaintext from the message representative
m
 Cryptography
RSA- Digital signing
Sender A does the following
 Creates a message digest of the information to be sent
 Represents this digest as an integer m between 0 and n-1
 Uses his/her private key (n, d) to compute the signature
s = md mod n.
 Sends this signature s to the recipient, B.

RSA- Signature verification

Recipient B does the following
 Uses sender A's public key (n, e) to compute integer v = se mod n
 Extracts the message digest from this integer
 Independently computes the message digest of the information that has
been signed
 If both message digests are identical, the signature is valid
 Cryptography
RSA- Key Generation Simple Example
1. Select primes p=11, q=13.
2. n = pq = 11*13 = 143
(φ) n = (p-1)(q-1) = 10*12 =120
3. Choose e= 7
Check gcd(e, (φ) n ) = gcd(7,120) = 1 (i.e. 7 and 120 are relatively prime -
have no common factors except 1)

4. Compute d (1<d< (φ) n ) such that d = e-1 mod (φ) n = 7-1 mod 120
i.e. find a value for d such that phi divides ed-1 (120 divides 7d-1.)
Simple testing (d = 2, 3 ...) gives d = 103
Check: ed-1 = 7*103 - 1 = 120, which is divisible by phi (120).
5. Public key = (n, e) = (143, 7)
Private key = (n, d) = (143, 103).
 Cryptography
Given
Public key = (n, e) = (143, 7)
Private key = (n, d) = (143, 103)

RSA- Encryption Example

Now say we want to encrypt the message m = 7

 c = me mod n = 77 mod 143 = 823,543 mod 143 = 6
 Hence the ciphertext c = 6

RSA- Decryption Example

To check decryption we compute

 m = cd mod n = 6103 mod 143 = 7
 Cryptography
RSA- More Meaningful Example

Message: ATTACKxATxSEVEN
Grouping the characters into blocks of three and computing a
message representative integer for each block:
 ATT ACK XAT XSE VEN
 In the same way that a decimal number can be represented as the sum
of powers of ten, e.g. 135 = 1 x 102 + 3 x 101 + 5, we could represent our
blocks of three characters in base 26 using A=0, B=1, C=2, ..., Z=25
ATT = 0 x 262 + 19 x 261 + 19 = 513
ACK = 0 x 262 + 2 x 261 + 10 = 62
XAT = 23 x 262 + 0 x 261 + 19 = 15567
XSE = 23 x 262 + 18 x 261 + 4 = 16020
VEN = 21 x 262 + 4 x 261 + 13 = 14313
 Cryptography
RSA- More Meaningful Example – Key Generation

1. We "generate" primes p=137 and q=131 (we cheat by

looking for suitable primes around √n)
2. n = pq = 137*131 = 17,947
phi = (p-1)(q-1) = 136*130 = 17680
3. Select e = 3
check gcd(e, p-1) = gcd(3, 136) = 1, OK and
check gcd(e, q-1) = gcd(3, 130) = 1, OK.
4. Compute d = e-1 mod phi = 3-1 mod 17680 = 11787.
 d = e-1 mod phi , i.e. phi divides (ed-1)
5. Hence
 public key, (n, e) = (17947, 3) and
 private key (n, d) = (17947, 11787).
 Cryptography
Given
Public key = (n, e) = (17947, 3)
Private key = (n, d) = (17947, 11787)
RSA- More Meaningful Example – Encryption/Decryption
To encrypt the first integer that represents "ATT“ (513),
we have
 c = me mod n = 5133 mod 17947 = 8363
We can verify that our private key is valid by decrypting
 m = cd mod n = 836311787 mod 17947 = 513

Overall, our plaintext is represented by the set of integers m

 (513, 62, 15567, 16020, 14313)
 We compute corresponding cipher text integers c = me mod n
 (8363, 5017, 11884, 9546, 13366)
 Cryptography
Key Distribution: Verifying Someone’s Public Key
Even with public-key cryptosystems and digital
signatures, we still have the problem of authentication:
binding users to keys.
Early days articles envisioned phonebook-like database
with Name and Public Key entries.

Problem: How secure is that database itself ?

Attacker can put in his own key for someone else, and
start signing fake contracts (and even checks!).
Maybe we can secure the phonebook, but then it kills the
idea of keys widely and easily available (publicly) .
 Cryptography
Key Distribution: Problems

Distribution of a key is a difficult matter!

For a symmetric cryptosystem, the initial key must

be communicated along a secured channel(?)

For public key, we need a body that certifies the

public key is that of the party we need to
communicate with

Solution: Certification/Certificate Authority (CA)

that signs (certifies) the public key
 Cryptography
Certification
The critical thing is that the name in the certificate must match the
supposed name.
Common solution to public key distribution today is to have trusted
third party to sign the user’s public encryption key.

A certificate is a public key and some naming “stuff ”, digitally signed

by someone you trust (third party) - Certification Authority (CA).
Remark: Just because they are CAs doesn’t mean you should trust them.

Resulting certificate will contain information like user’s name/ID,

user’s public key, name of CA, start date of certificate, and length of
time it is valid.
User publishes certificate with the X.509 standard (for formatting
certificates).
 Cryptography
Certification - Associated Overheads

An important issue is the durability of certificates

Lifelong certificates are not feasible

Therefore, we need a way to revoke certificates

 Certificate Revocation List (CRL) published regularly
 Problems
 Vulnerability between the publishing and the request for
revocation
 Restricting the lifetime of a certificate
 A client contacts the certification authority for each public key,
checks whether it is valid or not
 Cryptography
Applications – Security in Electronic Payment
General requirements
 In cash based systems (using ATM), the main issue is
authentication
 Use of magnetic card
 PIN

 Digital money
 Protection against fraud
 It should not be possible to use the money more than once
 It should not be possible to use forged money

 Credit card or check based system

 No tampering/alteration
 Protection against repudiation (the buyer denies having made
the order)
 Cryptography
Applications – Electronic Cash (E-Cash)

There are a number of electronic payment

systems based on the concept of digital coins
E-cash is one of the most famous
 Achieves secrecy in the payment system
 When Alice wants to buy some goods from Bob she
contacts her bank and requests for withdrawal
 The Bank hands out the digital money in the form of
signed notes representing some value with each
having a uniquely associated signature
 Cryptography
Applications – Electronic Cash (E-Cash) …

To prevent the notes to be copied each note has a

serial number
Bob can check that it is not a forged money by
looking at the bank’s signature
Bob can check that the money has not already
been spent by contacting the bank
The drawback of this system is that the bank has
to remember the serial numbers that have been
spent or not
 Cryptography
Applications – Secure Electronic Transaction (SET)

SET is the result of efforts by VISA, Mastercard, etc.

to develop a standard way of purchasing goods over a
network using a credit card
SET is an open standard: entire protocol is published

Dual signature is used in order to avoid

 The merchant from knowing the detail of the payment
information
 The Bank from knowing about the order information
 Cryptography
The concept of session keys after authentication

During the establishment of a secure channel, after the

authentication phase, the communicating parties use
session/temporary keys
Benefits
 The session key is safely discarded when the channel is no longer
used
 When a key is used very often it becomes vulnerable. Thus by
using the main key less often, we make them less vulnerable
 Replay attacks can be avoided
Authentication keys are often expensive to replace
Such a combination of long-lasting and cheaper/more
temporary/ session keys is a good choice
The End