Professional Documents
Culture Documents
3R Unit Iii Cryptography VSM 2021 22
3R Unit Iii Cryptography VSM 2021 22
Unit:III
Asymmetric Key Algorithm, Digital Signature and RSA
Prof. V. S. Mahalle
Department of Computer Science and Engineering
Shri Sant Gajanan Maharaj College of Engineering, Shegaon
o Asymmetric Key Algorithms, Digital Signatures and RSA:
o Sender and recipient share a common key for encryption & decryption respectively.
• Basic terminologies:
Plain Text, Cipher Text, Secret Key, Encryption & Decryption.
• Algorithms:
DES, 2-DES/3-DES, AES, Blowfish, IDEA, RC5 & RC4.
• ASYMMETRIC KEY CRYPTOGRAPHY / ENCRYPTION:
Also referred as public key Cryptography.
User-A User-B
(Sender) (Receiver)
• If A encrypt message M using his public key PuA , then • If A encrypt message M using B’s public key PuB , then
it is decrypted only using his private key PrA. it is decrypted only using B’s private key PrB.
• or Or • or
• If A encrypt message M using his private key PrA , • If A encrypt message M using B’s private key PrB , then
then it is decrypted only using his public key PuA. it is decrypted only using B’s public key PuB.
• Public Key: <== Known to every one, I can broadcast it on Network.
Or
We keep public key at authorized third party, receiver will take it from them.
• Private Key: <== Known to ourself & not known to others. Do not share it to others.
Case 2: A send message M to B using A’s private key then B required to decrypt
encrypted message only by using A’s public key.
• This Case is Invalid,
A B because everybody knows
(Sender) (Receiver)
PuA, So anybody can
C
E[PrA ,M] D[PuA ,C] decrypt it. No
confidentiality will achieve
here.
Case 3: A send message M to B using B’s private key then B required to decrypt
encrypted message only by using B’s public key.
A B • This Case is Invalid, here
(Sender) (Receiver) A is not able to encrypt,
C because PrB, is with B &
E[PrB ,M] D[PuB ,C] not with A.
Case 4: A send message M to B using B’s public key then B required to decrypt
encrypted message only by using B’s private key. • This Case is valid, here A
A B encrypt message M using
(Sender) (Receiver) B’s public key & B will
E[PuB ,M] C D[PrB ,C] decrypt it using his private
key & B’s private key is
• Always use receivers Public key to encrypt message M. only with B, So only B
• Receiver decrypt it by using his Private key. receiver can decrypt
• This is the basic concept of Asymmetric Key Cryptography. encrypted message.
dIFFERENCE
Symmetric Key Cryptographic System Asymmetric key Cryptographic System
✓KE = KD ✓KE ≠ KD
✓Number of Keys Used: 1 ✓Number of Keys Used: 2
(for Encryption & Decryption) (2 keys for Encryption & 2 keys for Decryption)
✓Key, K = Must kept secret. ✓One Key kept Secret = Private key
(Only known to Sender & Receiver) Other Key make public= Public key
✓Encryption & Decryption Speed: Faster ✓Encryption & Decryption Speed: Slower
✓Most commonly used Symmetric key ✓Most commonly used Symmetric key
Cryptographic Algorithms: DES, AES Cryptographic Algorithms:RSA, Diffie-
Hellman
Public Key Cryptography Algorithm
RSA
• Developers:
• Ron Rivest
• Adi Shamir
• Leonard Adleman
• Publication Year: 1977
• It is based on Number theory : Prime Numbers
• Key Size used: 1024 to 4096 bits
2. Compute Product:
n=p*q
3. Compute ᶲ(n),
ᶲ(n) = (p-1)(q-1)
Where ᶲ(n) = Euler’s Totient function
4. Choose integer, e
such that
1< e < ᶲ(n)
where e & ᶲ(n) are- Relatively prime(co-prime)
i.e. GCD(e, ᶲ(n)) = 1
5. Now, we get public key,
public key = (n,e)
6. Calculate d for private key,
7|7 2|160
|1 2|80
2|40
2|20 7 = 7, 1
2|10 160 = 2,2,2,2,2,5, 1
5|5
|1 GCD = 1*1 = 1
(iv) Determine d,
such that d*e mod160 = 1 & d <160
Therefore, select d = 23 Because(d*e), (23 *7) = 161
161 mod 160 = 1
(v) Public key & Private key:
public Key = {7,187}
private Key = {23,187}
11
88
88 887Mod 187 = 11 1123Mod 187 = 88
For encryption,
C = 887Mod 187 = 11
( me mod n)
For decryption,
M = 1123 mod187 = 88
Example-2:
Given p =3 & q =11 two prime numbers & plain test M = 5
Compute
public key, private key, cipher text & original plain text form cipher text?
1) n = p * q 4) Find d?
= 3 * 11 d*e mod ᶲ(n) = 1 6) Find M from C?
= 33 d*3 mod 20 = 1
7*3 mod 20 = 1 M = Cd mod n
2) ᶲ(n) = (p-1)*(q-1)
= 2 * 10
d=7 M
= 26= 5 33
7 mod
= 20 5) M = 5
.
C = Me mod n
3) Find e? = 53 mod 33
GCD(e, ᶲ(n)) = 1
GCD(e, 20) = 1
= 125 mod 33
C = 26
. e=3 .
Example-3 & 4:
Given p =61 & q =53 two prime numbers 0r take p =47 & q = 71
Compute
public key, private key, cipher text & original plain text form cipher text?
Example-5:
Given p =3, q =11, e = 7 & M = 5
find d?
Diffie-Hellman Key Exchange
• Cryptographic System with Key:
o For encrypting plain text to get cipher text &
o For decrypting cipher text to get original plain text.
P C P
E D
Now, we want
• Secret key, used in encryption process is
1) Symmetric Encryption: securely send to Receiver.
YA = αXA mod q
YB = αXB mod q
(iv) Generate Secret Key K at Sender site & at Receiver site:
• Public keys are available to all.
K -> K ->
• Keys Generated must
Key Generated Key Generated be equal at both the
at Sender site = at Receiver site sites, then
we can say, Key
K = (YB) XA mod q K = (YA) XB mod q Exchange is successful.
• EXAMPLE:
Prime Number q = 11
Private Key of A, XA = 8
Private Key of B, XB = 4
Determine Public key of A & Public Key of B?
Also Generate secret key at both sender & receiver sites & verify Key is exchange successfully or not?
• Select α ?
α should be Primitive root of 11
• What do you mean by primitive root? How can we find primitive root?
We say α is a Primitive root of q,
if
α mod q, α2 mod q, α3 mod q ………… αq-1 mod q
should give result ===>
{1, 2, 3, 4, … q-1} <--- Value should not be repeated.
This condition satisfied, then we say that,
α is a Primitive root of q.
Select α ?
q-1
Power of α 1 2 3 4 5 6 7 8 9 10
1 1 1 1 1 1 1 1 1 1 1
22 2 4 8 5 10 9 7 3 6 1
3 3 9 5 4
4
55
6
77
8
Number
Selecting, α
Suppose we consider α = 1,
then verify 1 is primitive root of 11 or not. Put α = 1 in equation,
α mod q, α2 mod q, α3 mod q ………… αq-1 mod q
If result is {1, 2, 3, 4, 5, 6, 7, 8, 9, 10} then 1 is primitive root of 11.
If not then consider α = 2 :
Now we selected α = 2 & Given XA = 8.
Determine YA?
YA = αXA mod q
= 2 8 mod 11
= 256 mod 11
YA=3
YB = αXB mod q
4
= 2 mod 11
=16 mod 11
= 5 (public key)
• Calculate Secret Key, K at Sender & Receiver sites:
XA = 8
XB = 4
YA = 3
YB= 5
K -> K ->
Key Generated Key Generated
at Sender site at Receiver site
K=4 K=4
Digital Signature
• Asymmetric Key Cryptography:
CASE-A: PuB PrB Sender uses receiver’s public
key to encrypt message.
C
P E D • This is valid approach.
A B Failure of encryption.
(Confidentiality not achieved)
PrA PuA
PuA Accessible to anybody.
C Anybody who is interested can
P E D
decrypt message.
But
When A encrypt message using his private key, his intension is not to achieve confidentiality.
His intension here is to achieve (i) Authentication (ii) Non-repudiation
• Hacker also not achieve their any purpose, because hacker does not have A’s private key
to encrypt & resend.
• B will not believe it comes from A, because (after changes) it was not encrypted with A’s
private key (A’s private key is only with A & not with hacker or any others.
• DSS(Digital Signature Standard) --> Make use of SHA-1 algorithm for calculating Message Digest over original Message.
&
Use Message Digest to perform digital signature.
Purpose of RSA:
(i) Encryption of message
(ii) Performing Digital Signature over message
Purpose of DAS:
(i) Only performing Digital Signature over message.
1. RSA and Digital Signatures
• RSA can be used for performing digital signatures.
• Understand how this work in step-by-step in algorithm:
h
M H
M A Compare
h D
H E h
PRA, PUA
• Compare two message digest are equal, then trust & accept the message. Otherwise reject it.
Algorithm:
o Assume,
Sender A want to send message M to the receiver B along with digital signature S
calculated over the message M.
Step1: The sender (A) uses the SHA-1(message digest algorithm) to calculate the
message digest(MD1) over the original message (M).
Original Message
(M)
Message Digest
(MD1)
Step2: The sender (A) now encrypts the message digest with his/her private key. The
output of this process is called as the digital signature(DS) of A.
PrA
Message Digest Digital Signature Fig. Digital Signature Creation
Encryption
(MD1) (DS)
.
Step3: Now the sender (A) sends the original message (M) along with the digital
signature(DS) to the receiver (B).
Original Message
(M)
SHA-1
Algorithm
Fig. Receiver calculate its own Message digest
Message Digest
(MD2)
Step5: The receiver (B) now uses the sender’s (A’s) public key to decrypt the digital
signature.
Note that A has used her private key to encrypt her message digest (MD1)
to form the digital signature. Therefore, only A’s public key can be used to
decrypt it. The output of this process is the original message digest as was
calculated by A (MD1) in step 1.
PubA
Digital Signature Message Digest
(DS) Decryption
(MD1)
.
Fig. Receiver receives Sender’s message digest
Step6: B now compares the following two message digests:
• MD2, which it had calculated in step 4
• MD1, which it retrieved from A’s digital signature in step 5.
If MD1 = MD2, the following facts are established:
• B accepts the original message (M) as the correct, unaltered message from A.
• B is also assured that the message came from A, and not from someone
posing as A.
Is
MD1=MD2?
Y=
Note: Refer class notes for above 1 to 5.
w/
MWMQNC j“
W;
V’Y’H ' I. -
53.1»
, g g .
13%;?
ML“? Wt CNN”?
i .. . ¥
? 5
KNI‘ l‘ifi'C-K
*Devdp‘oeA we RaW‘n
H 4“?“qu
5"
M01)?“ M
mm we {w w MW ~s~
«#0
m 5
3a... * B4?» $847913“ ..
_. ,, _ ..
w - (x (g; .3”. I. w)
f’Kme’acK N~ @Wfi‘afi
(é)?(¢;‘p5
Vs
5‘
525ch
- ‘ V x,
m5 ?CJ£W
luv
‘fi
1
V«!
.OUU
mu “I
KnaPSwW
V A I; l
(y
(b
WWWM“?
~r~--7:~:“r:7.~%:<fl*%~ ,,
K611“ h
I» H > I
‘ .
qu
, ¢ . e .
a; glam WW
”e
, , .
‘5} Dem
—-> we“ W5
Hm,
‘ e ‘
1‘ / ‘ ‘
*1
. ‘*
4 r’ "51' ;,
Mflww——QMM‘MMA “MMWH.,,;,¢_,._._*W;,M.m
" L2,, ‘-
““"‘,’f*:fii“"i‘ff1""j:f:’:fff‘.,
1 M"
‘
__
4 t ‘
'
’ '
‘ 1Y4
WWW
"‘
0K
’ . 1
*‘~
A
e
'
-WQEE-flg T196?“
g ,
“T"
...
Wm?”I" /4§~_
W‘
we me
"/7 ..
£5 f
‘
5%“
‘ 5
HQAQ
P
<53:
”WW—”I
2
I ' i ;
3:? , ,
-,
““‘” """“
-
“' : """"
~
,3.-MM...W._.3__..______.__.. l .31.:
Mb
. ,
”rim
.
.
.
1w a K . em
.ii . L. ’ I , wz-y. . I I ‘ H.
- ..
_ r_')4mB-¢.KQ ‘
L541“! Mow]4|
._ . .
.é
f
’ ’ m a {a
’1" ’
6"" “ é -‘
n 4 M49.WM:. c a 5
m
‘
. m J) a «a. ‘
-S'ritr‘.
-
\
‘QEV‘M
“ .
. m
1.1 ., 1. <3
1.42233 ;
)
gm..wm_wwmmwwflm*; Www’ mw....,%®wf. ”7...“-..
éum PAM—WW Hat”‘44,-3,“
' .~ ”mar .. .3 i - .....3.....,,.. .
ouxn«.m.;f
' , . » .
*W‘” Hétfi4LmS—»‘.
3»
vamw 3-...
.
g’
H
,1. , i,”
3’“ .
.m
’t
_‘_..~-«-"
a
,‘
’
" h
Nyghw. m3 Hg‘ .,
..,
:
<¢r‘
:
1,.
t {5’9
‘‘
4'?“
4
“$-1;M
4 . y
W
NJ
'_
\
‘5
J 9
_'
E
E
'1
:5
‘
-
‘iMuHifih
Emmi
/
_
1456
'
W1 éé
'
”
6bI
I"
-;
1+
W--.
K€V
WC
0”
In
,
mm»
——>
‘
-.--
-;;,''-
fiQhe}.§ L (“V
2’?
W5’
No.4. 51
.
W--- .2
—""
mam
-
<
t;
b ‘3 r4 KQ
h
‘2,
"'_""""
.
at.
1
M~
.
W...
WW”)...
0")
5m
eqc
_.
.4: 2;.
'
m.
3‘
..
hahdpm $0.99
Noe
#3:;ngW
flh'ritrfigflmw
a "x e--
m
z
.2.
,1
bun A344 K?
.
.. I I};
“j
”MW.
W
>1
{LEw
'
_.-.__._,,M_,, -
1
_’
1/
a
'
2W“‘0‘ m , 0 l c {5
m,..' "u
,H.z,;~t(Hv+w+1ro:—7§L
15"" ‘ A
‘41 / 7 ’ ~
Page: ' I]
215%”
a3;
. ‘ ‘ . " v » - - A v. w,_,...,_.;,.._....,. ‘ ' "4- W ’
w is
'
'
-
13
W1: .
,3.
. ‘
1.;
e
1. 1o I a
QJLW 0 . L o 0
‘ /
. : _ ‘ ' '
1 ‘
' f
,. s
‘, l1
. 1 .
A , . I" , . ' D a
A. r i -w.>...,......:.....~.. 4»""“‘"“"‘ «oLw... -« A» .,, “a. -A 4‘:
”0.1530.
~-
3 ; m
'‘
, >
@m__4_., , i I '
f:
.31 A”
at
New
n. A“),
o
3‘
3
c
.
A;
;
wank
‘
3
oo
.
'
*
1;
MSW
3’
I
,
t,
A,
,
1
o
LmAkj’JAA
._ AAAA
3'
AMAAA
101110313.”
9°13)pr
1
\. > \ l I lo. l2
PM w (3/6)» 2» m, AA; E
I ‘
,1 ',
9n7M8 flak *Ww
.,
+924 2%
[J P
3
w “w. ;
~_-::~::Wfl~--C*)t‘:ifi:fr -‘_
Mfiwé‘g e SNQH
M
m
“ ""
{T
- :-
_¢'
‘ '
P .(
‘ T
C'MC‘
.
‘I":
'31
. ‘ ‘
‘
p.
u-.. ‘0 ‘
.,
.,.—-—-—- x
‘
. . 3
, ‘ V
.-( “v“y:
‘ x ‘
W
I.‘
~ ~. -
‘- '
5 L: .
r"
" ‘ '
.( 5‘»
~
4‘ ’ /. 2—.
y- i
‘
‘
,7, ‘ i
‘
an.
W
I ‘‘
.
I " ~
-
A
V.
's
M
‘
. .
‘ f $ ..‘ z
E
.. I , f .‘ o ' ‘ ‘f
“
. g : , ,
‘ , .
v”
' _ ' ‘4'»; ‘ ; ., e ‘9
y
.
W}
p
I
.4
' ‘ a”?
.3
;
. . »
'
.
C -‘-
'A
"
o . n
i- - * ' - ‘
I.
E
. > I
I} f‘ ' . ‘
.
y i
I
:
“W h;
'
1 _
_,
”'—'W‘ w" .“nmw‘b
.
'2
. a. ‘1 ’1‘. ‘fi
tr
‘ >
.5
‘
a: ' A,
‘ \
I;
x.
‘
Q ’ ’ ,,
.
Sffjilx K3334 9V? \\ 1“ch WOW—2:2; ‘ 2)
9" 92‘ PW
m:-(.\,'z- ,Wfl,l§mt-3012fl9m
‘92 2922: 2‘29 ' *
E:
in.
I, HWWXWMWIWQWRWJJLLW
22m”
,
9%-“.14429923219h
Message Authentication
M E M D M
User A User B
M E M D M
User A User B
PUA, PRA, PUB, PRB,
• Confidentiality:
“Unauthorized user should not get message. i.e. Only authorized user have access to message”
When we are using public key of user B for encryption, then private key of user B must be needed for decryption.
Public key available to all -----> Any user can encrypt the message & send to receiver.
i.e. No authentication is possible.
But for decryption, we require private key & it is available only with user B. The message is decrypted only
with user B’s private key. Only user B can decrypt the received message.
Therefore, Confidentiality is achieved but Authentication fails.
Case-II:
PRA PUA
M E M D M
User A User B
Only user A can encrypt the Any user (third party) may use
message & send to receiver. public key of user A to decrypt
User A is Authenticate User. the message.
No confidentiality of message
M E M E M
M D M D M
User A User B
Message encrypted using Private key of A: message Only decrypt using A’s public key.
Message encrypted using public key of B: message Only decrypt using B’s private key.
User A User B
K=abc K=abc
M AEF123 k
Help sita + MAC If message altered, then different MAC
MAC(generated) There is no encryption,
M Append C Therefore,
k A M Compared
M MAC No confidentiality
MAC(appende)
C MAC AEF123 MAC is used to
authenticate a message.
Fixed Length Code
Authenticity is there
k2
M MAC
C
Append D MA If equal, then
M Compared data is send
k1 A E M C
by perfect
M MAC MAC(appende) Sender.
C MAC k2
Authenticity
Fixed Length Code is there.
3. Hash function:
Hash code act as an authenticator,
independent from key
H(M) = fixed length code
h
M H
M A Compare
h D
H E h
PRA, PUA
Anybody can decrypt the hash code--> Drawback of this
k
M H
A E M D h
M h D
H E k
PRA,
Sign up
User name: VSM User name: VSM
Password: VSM12 Password: fdfdfdfdf
MD-5
Sign in
User name: VSM User name: VSM
Password: abddddeeertretretr Password: fdfdfdfdff
|64bits
• Now process each block
• Each & every register having capacity of 32bits. (Total 5*32 = 160 bits)
• We need to initialize this registers by 32 bits random hexadecimal value.
Step4: Process original message with the help of initialization registers(buffers).
128bits
f1, k, w[0 – 19]
128bits
f1, k, w[0 – 19]
128bits
f1, k, w[0 – 19]
128bits
f1, k, w[0 – 19]
Step5: Output
128bits
f1, k, w[0 – 19]
128bits
f1, k, w[0 – 19]
128bits
f1, k, w[0 – 19]