SlideShare a Scribd company logo

Module2.pptx

Download as PPTX, PDF
S
ShilpaShettyA1

Cryptography Module 2

Engineering
1 of 71
CRYPTOGRAPHY Course Code: 18CS744
SYLLABUS MODULE 2 Public-Key Cryptography and RSA: Principles of public-key cryptosystems. Public-key cryptosystems. Applications for public-key cryptosystems, requirements for public-key cryptosystems. public-key cryptanalysis. The RSA algorithm, desription of the algorithm, computational aspects, the security of RSA. Other Public-Key Cryptosystems: Diffie-hellman key exchange, The algorithm, key exchange protocols, man in the middle attack,Elgamal Cryptographic systems
Terminology Related to Asymmetric Encryption Asymmetric Keys ◦ Two related keys, a public key and a private key, that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification. Public Key Certificate ◦ A digital document issued and digitally signed by the private key of a Certification Authority that binds the name of a subscriber to a public key. ◦ The certificate indicates that the subscriber identified in the certificate has sole control and access to the corresponding private key.
Public Key (Asymmetric) Cryptographic Algorithm ◦ A cryptographic algorithm that uses two related keys, a public key and a private key. ◦ The two keys have the property that deriving the private key from the public key is computationally infeasible. Public Key Infrastructure (PKI) ◦ A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS Public-Key Cryptosystems  Asymmetric algorithms rely on one key for encryption and a different but related key for decryption.  These algorithms have the following important characteristic. o It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key  In addition, some algorithms, such as RSA, also exhibit the following characteristic. o Either of the two related keys can be used for encryption, with the other used for decryption.
 A public-key encryption scheme has six ingredients: • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input.
• Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
The essential steps are the following. 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. Each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
 We refer to the key used in symmetric encryption as a secret key. The two keys used for asymmetric encryption are referred to as the public key and the private key.  Invariably, the private key is kept secret, but it is referred to as a private key rather than a secret key to avoid confusion with symmetric encryption.
The essential elements of a public-key encryption scheme:  There is some source A that produces a message in plaintext, X = [X1, X2, … , XM].  The M elements of X are letters in some finite alphabet.  The message is intended for destination B.  B generates a related pair of keys: a public key, PUb, and a private key, PRb.  PRb is known only to B, whereas PUb is publicly available and therefore accessible by A.
 With the message X and the encryption key PUb as input, A forms the ciphertext Y = [Y1, Y2, … , YN]: Y = E(PUb, X)  The intended receiver, in possession of the matching private key, is able to invert the transformation: X = D(PRb, Y)
Figure: Public-Key Cryptosystem: Authentication
 In this case, A prepares a message to B and encrypts it using A’s private key before transmitting it.  B can decrypt the message using A’s public key.  Because the message was encrypted using A’s private key, only A could have prepared the message.  Therefore, the entire encrypted message serves as a digital signature.
 In addition, it is impossible to alter the message without access to A’s private key, so the message is authenticated both in terms of source and in terms of data integrity.  In the preceding scheme, the entire message is encrypted, which, although validating both author and contents, requires a great deal of storage.  A more efficient way of achieving the same results is to encrypt a small block of bits that is a function of the document.  Such a block, called an authenticator, must have the property that it is infeasible to change the document without changing the authenticator.
 The encryption process discussed does not provide confidentiality.  It is possible to provide both the authentication function and confidentiality by a double use of the public-key scheme Z = E(PUb, E(PRa, X)) X = D(PUa, D(PRb, Z))  In this case, we begin as before by encrypting a message, using the sender’s private key.  This provides the digital signature.
 Next, we encrypt again, using the receiver’s public key.  The final ciphertext can be decrypted only by the intended receiver, who alone has the matching private key.  Thus, confidentiality is provided.
Applications for Public-Key Cryptosystems  We can classify the use of public-key cryptosystems into three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. • Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.
Requirements for Public-Key Cryptography 1. It is computationally easy for a party B to generate a pair (public key PUb, private key PRb). 2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M) 3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message: M = D(PRb,C) = D[PRb, E(PUb,M)]
4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine the private key, PRb. 5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a ciphertext, C, to recover the original message, M. We can add a sixth requirement that, although useful, is not necessary for all public-key applications: 6. The two keys can be applied in either order: M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
Public-Key Cryptanalysis  A public-key encryption scheme is vulnerable to a brute-force attack. The countermeasure is the same: Use large keys.  Another form of attack is to find some way to compute the private key given the public key.  Finally, a probable-message attack.  Suppose, for example, that a message were to be sent that consisted solely of a 56-bit DES key.  An adversary could encrypt all possible 56-bit DES keys using the public key and could discover the encrypted key by matching the transmitted ciphertext.
THE RSA ALGORITHM Description of the Algorithm  RSA(Rivest-Shamir-Adleman) algorithm makes use of an expression with exponentials.  Encryption and decryption are of the following form, for some plaintext block M and ciphertext block C. C = Me mod n M = Cd mod n = (Me)d mod n = Med mod n  Both sender and receiver must know the value of n.  The sender knows the value of e, and only the receiver knows the value of d.
Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a private key of PR = {d, n}.  For this algorithm to be satisfactory for public-key encryption, the following requirements must be met. 1. It is possible to find values of e, d, and n such that Med mod n = M for all M < n. 2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n. 3. It is infeasible to determine d given e and n.
 Both sender and receiver must know the value of n.  The sender knows the value of e, and only the receiver knows the value of d.  Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a private key of PR = {d, n}.
 For this algorithm to be satisfactory for public-key encryption, the following requirements must be met. 1. It is possible to find values of e, d, and n such that Med mod n = M for all M < n. 2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n. 3. It is infeasible to determine d given e and n.
The ingredients are the following: p, q, two prime numbers (private, chosen) n = pq (public, calculated) e, with gcd(φ(n), e) = 1; 1 < e < φ(n) (public, chosen) d Ξ e-1 (mod φ(n)) (private, calculated)
1. Select two prime numbers, p = 17 and q = 11. 2. Calculate n = pq = 17 * 11 = 187. 3. Calculate φ(n) = (p - 1)(q - 1) = 16 * 10 = 160. 4. Select e such that e is relatively prime to φ(n) = 160 and less than φ(n); we choose e = 7. 5. Determine d such that de Ξ 1 (mod 160) and d < 160. The correct value is d = 23, because 23 * 7 = 161 = (1 * 160) + 1; d can be calculated using the extended Euclid’s algorithm
 The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.  The example shows the use of these keys for a plaintext input of M = 88.  For encryption, we need to calculate C = 887 mod 187.
 Exploiting the properties of modular arithmetic, we can do this as follows.
The Security of RSA Five possible approaches to attacking the RSA algorithm are • Brute force: This involves trying all possible private keys. • Mathematical attacks: There are several approaches, all equivalent in effort to factoring the product of two primes. • Timing attacks: These depend on the running time of the decryption algorithm. • Hardware fault-based attack: This involves inducing hardware faults in the processor that is generating digital signatures. • Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
THE FACTORING PROBLEM We can identify three approaches to attacking RSA mathematically. 1. Factor n into its two prime factors. This enables calculation of φ(n) = (p - 1) * (q - 1), which in turn enables determination of d Ξ e-1 (mod φ(n)). 2. Determine φ(n) directly, without first determining p and q. Again, this enables determination of d Ξ e-1 (mod φ(n)). 3. Determine d directly, without first determining φ(n).
TIMING ATTACKS  A snooper can determine a private key by keeping track of how long a computer takes to decipher messages  There are simple countermeasures that can be used, including the following. • Constant exponentiation time: Ensure that all exponentiations take the same amount of time before returning a result. This is a simple fix but does degrade performance. • Random delay: Better performance could be achieved by adding a random delay to the exponentiation algorithm to confuse the timing attack. • Blinding: Multiply the ciphertext by a random number before performing exponentiation.
FAULT-BASED ATTACK  The approach is an attack on a processor that is generating RSA digital signatures.  The attack induces faults in the signature computation by reducing the power to the processor.  The faults cause the software to produce invalid signatures, which can then be analyzed by the attacker to recover the private key.  The attack algorithm involves inducing single-bit errors and observing the results.
CHOSEN CIPHERTEXT ATTACK AND OPTIMAL ASYMMETRIC ENCRYPTION PADDING  The basic RSA algorithm is vulnerable to a chosen ciphertext attack (CCA).  CCA is defined as an attack in which the adversary chooses a number of ciphertexts and is then given the corresponding plaintexts, decrypted with the target’s private key. Thus, the adversary could select a plaintext, encrypt it with the target’s public key, and then be able to get the plaintext back by having it decrypted with the private key.  A simple example of a CCA against RSA takes advantage of the following property of RSA:
E(PU, M1) * E(PU, M2) = E(PU, [M1 * M2]) We can decrypt C = Me mod n using a CCA as follows. 1. Compute X = (C * 2e) mod n. 2. Submit X as a chosen ciphertext and receive back Y = Xd mod n. But now note that X = (C mod n) * (2e mod n) = (Me mod n) * (2e mod n) = (2M)e mod n
 Therefore, Y = (2M) mod n.  From this, we can deduce M.  To overcome this simple attack, practical RSA-based cryptosystems randomly pad the plaintext prior to encryption.  This randomizes the ciphertext  However, more sophisticated CCAs are possible, and a simple padding with a random value has been shown to be insufficient to provide the desired security.  To counter such attacks, modifying the plaintext using a procedure known as optimal asymmetric encryption padding (OAEP) is recommended.
 As a first step, the message M to be encrypted is padded.  A set of optional parameters, P, is passed through a hash function, H.  The output is then padded with zeros to get the desired length in the overall data block (DB).  Next, a random seed is generated and passed through another hash function, called the mask generating function (MGF).  The resulting hash value is bit-by-bit XORed with DB to produce a maskedDB.
 The maskedDB is in turn passed through the MGF to form a hash that is XORed with the seed to produce the maskedseed.  The concatenation of the maskedseed and the maskedDB forms the encoded message EM.  The EM includes the padded message, masked by the seed, and the seed, masked by the maskedDB.  The EM is then encrypted using RSA.
DIFFIE-HELLMAN KEY EXCHANGE  The purpose of the algorithm is to enable two users to securely exchange a key that can then be used for subsequent symmetric encryption of messages.  The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. A primitive root of a prime number p is one whose powers modulo p generate all the integers from 1 to p - 1. That is, if a is a primitive root of the prime number p, then the numbers a mod p, a2 mod p,..., ap-1 mod p are distinct and consist of the integers from 1 through p - 1 in some permutation.
The Algorithm
 There are two publicly known numbers: a prime number q and an integer α that is a primitive root of q.  Suppose the users A and B wish to create a shared key.  User A selects a random integer XA < q and computes YA = α XA mod q. Similarly, user B independently selects a random integer XB < q and computes YB = α XB mod q.  Each side keeps the X value private and makes the Y value available publicly to the other side.
 Thus, XA is A’s private key and YA is A’s corresponding public key, and similarly for B. User A computes the key as K = (YB)XA mod q and user B computes the key as K = (YA)XB mod q. These two calculations produce identical results:
 The result is that the two sides have exchanged a secret value.  Typically, this secret value is used as shared symmetric secret key.
 Suppose that user A wishes to set up a connection with user B and use a secret key to encrypt messages on that connection.  User A can generate a one-time private key XA, calculate YA, and send that to user B.  User B responds by generating a private value XB, calculating YB, and sending YB to user A.  Both users can now calculate the key.  The necessary public values q and a would need to be known ahead of time.  Alternatively, user A could pick values for q and a and include those in the first message.
Man-in-the-Middle Attack  The protocol depicted in Figure 10.1 is insecure against a man- in-the-middle attack. Suppose Alice and Bob wish to exchange keys, and Darth is the adversary.  The attack proceeds as follows (Figure 10.2). 1. Darth prepares for the attack by generating two random private keys XD1 and XD2 and then computing the corresponding public keys YD1 and YD2. 2. Alice transmits YA to Bob. 3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2 mod q.
4. Bob receives YD1 and calculates K1 = (YD1)XB mod q. 5. Bob transmits YB to Alice. 6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q. 7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.
Figure: Man-in-the-Middle Attack
 At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key K1 and Alice and Darth share secret key K2.  All future communication between Bob and Alice is compromised in the following way. 1. Alice sends an encrypted message M: E(K2, M). 2. Darth intercepts the encrypted message and decrypts it to recover M. 3. Darth sends Bob E(K1, M) or E(K1, M′), where M′ is any message. In the first case, Darth simply wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify the message going to Bob.
ELGAMAL CRYPTOGRAPHIC SYSTEM  The global elements of Elgamal are a prime number q and a, which is a primitive root of q.  User A generates a private/public key pair as follows: 1. Generate a random integer XA, such that 1 < XA < q - 1. 2. Compute YA = αXA mod q. 3. A’s private key is XA and A’s public key is {q, a, YA}.
 Any user B that has access to A’s public key can encrypt a message as follows: 1. Represent the message as an integer M in the range 0 ≤M ≤ q - 1. Longer messages are sent as a sequence of blocks, with each block being an integer less than q. 2. Choose a random integer k such that 1 ≤ k ≤ q - 1. 3. Compute a one-time key K = (YA)k mod q. 4. Encrypt M as the pair of integers (C1, C2) where C1 = αk mod q; C2 = KM mod q
 User A recovers the plaintext as follows: 1. Recover the key by computing K = (C1)XA mod q. 2. Compute M = (C2K-1) mod q.  These steps are summarized next. Alice generates a public/private key pair; Bob encrypts using Alice’s public key; and Alice decrypts using her private key.
 Following steps show how K is recovered by the decryption process: K = (YA)k mod q K is defined during the encryption process K = (αXA mod q)k mod q substitute using YA = α XA mod q K = αk XA mod q by the rules of modular arithmetic K = (C1)XA mod q substitute using C1 = α k mod q  Next, using K, we recover the plaintext as C2 = KM mod q (C2K-1) mod q = KMK-1 mod q = M mod q = M
 We can restate the Elgamal process as follows: 1. Bob generates a random integer k. 2. Bob generates a one-time key K using Alice’s public-key components YA, q, and k. 3. Bob encrypts k using the public-key component a, yielding C1 . C1provides sufficient information for Alice to recover K. 4. Bob encrypts the plaintext message M using K. 5. Alice recovers K from C1 using her private key. 6. Alice uses K-1 to recover the plaintext message from C2.  Thus, K functions as a one-time key, used to encrypt and decrypt the message.
Example Consider q = 19. The primitive roots are {2, 3, 10, 13, 14, 15}. Choose α= 10. Alice generates a key pair as follows: 1. Alice chooses XA = 5. 2. Then YA = α XA mod q = α 5 mod 19 = 3 3. Alice’s private key is 5 and Alice’s public key is {q, a, YA} = {19, 10, 3}.
Suppose Bob wants to send the message with the value M = 17. Then: 1. Bob chooses k = 6. 2. Then K = (YA)k mod q = 36 mod 19 = 729 mod 19 = 7. 3. So C1 = α k mod q = α 6 mod 19 = 11 C2 = KM mod q = 7 X 17 mod 19 = 119 mod 19 = 5 4. Bob sends the ciphertext (11, 5).
For decryption: 1. Alice calculates K = (C1)XA mod q = 115 mod 19 = 161051 mod 19 = 7. 2. Then K-1 in GF(19) is 7-1 mod 19 = 11. 3. Finally, M = (C2K-1) mod q = 5 X 11 mod 19 = 55 mod 19 = 17.
Module2.pptx

Recommended

PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Ch 30
Ch 30Ch 30
Ch 30soumya ranjan mohanty
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 

Recommended

PUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONPUBLIC KEY ENCRYPTION
PUBLIC KEY ENCRYPTIONraf_slide
 
Ch 30
Ch 30Ch 30
Ch 30soumya ranjan mohanty
 
3 public key cryptography
3 public key cryptography3 public key cryptography
3 public key cryptographyRutvik Mehta
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
RSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyRSA Algorithm - Public Key Cryptography
RSA Algorithm - Public Key CryptographyMd. Shafiul Alam Sagor
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptographyanusachu .
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Key distribution code.ppt
Key distribution code.pptKey distribution code.ppt
Key distribution code.pptPrabhat Kumar
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyBharat Kumar Katur
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Ch14
Ch14Ch14
Ch14Francis Alamina
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication CodeKeval Bhogayata
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA AlgorithmJoon Young Park
 
Rsa
RsaRsa
Rsaismaelhaider
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Ch15
Ch15Ch15
Ch15raja yasodhar
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail securityDr.Florence Dayana
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 
Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)Vinod Kumar Gorrepati
 

More Related Content

What's hot

What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesCheapSSLsecurity
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701Amit Pathak
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication CodeKeval Bhogayata
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyPopescu Petre
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network SecurityKathirvel Ayyaswamy
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5koolkampus
 

What's hot (20)

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
What is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple ExamplesWhat is Asymmetric Encryption? Understand with Simple Examples
What is Asymmetric Encryption? Understand with Simple Examples
 
Cryptography and network security Nit701
Cryptography and network security Nit701Cryptography and network security Nit701
Cryptography and network security Nit701
 
Hash Function
Hash FunctionHash Function
Hash Function
 
Ch14
Ch14Ch14
Ch14
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Message AUthentication Code
Message AUthentication CodeMessage AUthentication Code
Message AUthentication Code
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Rsa
RsaRsa
Rsa
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
Ch15
Ch15Ch15
Ch15
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
Key management
Key managementKey management
Key management
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
Electronic mail security
Electronic mail securityElectronic mail security
Electronic mail security
 
E-mail Security in Network Security NS5
E-mail Security in Network Security NS5E-mail Security in Network Security NS5
E-mail Security in Network Security NS5
 

Similar to Module2.pptx

Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsaMazin Alwaaly
 
Public-Key Cryptography.pptx
Public-Key Cryptography.pptxPublic-Key Cryptography.pptx
Public-Key Cryptography.pptxAbdulRehman970300
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Jayanth Dwijesh H P
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxVishwanathMahalle
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSADr.Florence Dayana
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptRizwanBasha12
 
Information and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystemsInformation and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystemsVaibhav Khanna
 
Cryptography based chat system
Cryptography based chat systemCryptography based chat system
Cryptography based chat systemJagsir Singh
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfBhuvanaR13
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryPriyank Kapadia
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-ittrameshvvv
 

Similar to Module2.pptx (20)

Information and data security public key cryptography and rsa
Information and data security public key cryptography and rsaInformation and data security public key cryptography and rsa
Information and data security public key cryptography and rsa
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)
 
Unit 3(1)
Unit 3(1)Unit 3(1)
Unit 3(1)
 
Public-Key Cryptography.pptx
Public-Key Cryptography.pptxPublic-Key Cryptography.pptx
Public-Key Cryptography.pptx
 
Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.Vtu network security(10 ec832) unit 3 notes.
Vtu network security(10 ec832) unit 3 notes.
 
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptxUnit-III_3R-CRYPTO_2021-22_VSM.pptx
Unit-III_3R-CRYPTO_2021-22_VSM.pptx
 
Pooguzhali
PooguzhaliPooguzhali
Pooguzhali
 
2. public key cryptography and RSA
2. public key cryptography and RSA2. public key cryptography and RSA
2. public key cryptography and RSA
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
PUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.pptPUBLIC KEY & RSA.ppt
PUBLIC KEY & RSA.ppt
 
Ch9
Ch9Ch9
Ch9
 
Information and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystemsInformation and network security 32 principles of public key cryptosystems
Information and network security 32 principles of public key cryptosystems
 
Cryptography based chat system
Cryptography based chat systemCryptography based chat system
Cryptography based chat system
 
CRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdfCRYPTOGRAPHY (2).pdf
CRYPTOGRAPHY (2).pdf
 
Applying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto libraryApplying Security Algorithms Using openSSL crypto library
Applying Security Algorithms Using openSSL crypto library
 
Ch09
Ch09Ch09
Ch09
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
3 pkc+rsa
3 pkc+rsa3 pkc+rsa
3 pkc+rsa
 

Recently uploaded

Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girlsssuser7cb4ff
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerAnamika Sarkar
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxbritheesh05
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and usesDevarapalliHaritha
 

Recently uploaded (20)

Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Call Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call GirlsCall Girls Narol 7397865700 Independent Call Girls
Call Girls Narol 7397865700 Independent Call Girls
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube ExchangerStudy on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
Study on Air-Water & Water-Water Heat Exchange in a Finned Tube Exchanger
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Artificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptxArtificial-Intelligence-in-Electronics (K).pptx
Artificial-Intelligence-in-Electronics (K).pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
power system scada applications and uses
power system scada applications and usespower system scada applications and uses
power system scada applications and uses
 

Module2.pptx

  • 2. SYLLABUS MODULE 2 Public-Key Cryptography and RSA: Principles of public-key cryptosystems. Public-key cryptosystems. Applications for public-key cryptosystems, requirements for public-key cryptosystems. public-key cryptanalysis. The RSA algorithm, desription of the algorithm, computational aspects, the security of RSA. Other Public-Key Cryptosystems: Diffie-hellman key exchange, The algorithm, key exchange protocols, man in the middle attack,Elgamal Cryptographic systems
  • 3. Terminology Related to Asymmetric Encryption Asymmetric Keys ◦ Two related keys, a public key and a private key, that are used to perform complementary operations, such as encryption and decryption or signature generation and signature verification. Public Key Certificate ◦ A digital document issued and digitally signed by the private key of a Certification Authority that binds the name of a subscriber to a public key. ◦ The certificate indicates that the subscriber identified in the certificate has sole control and access to the corresponding private key.
  • 4. Public Key (Asymmetric) Cryptographic Algorithm ◦ A cryptographic algorithm that uses two related keys, a public key and a private key. ◦ The two keys have the property that deriving the private key from the public key is computationally infeasible. Public Key Infrastructure (PKI) ◦ A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
  • 5. PRINCIPLES OF PUBLIC-KEY CRYPTOSYSTEMS Public-Key Cryptosystems  Asymmetric algorithms rely on one key for encryption and a different but related key for decryption.  These algorithms have the following important characteristic. o It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key  In addition, some algorithms, such as RSA, also exhibit the following characteristic. o Either of the two related keys can be used for encryption, with the other used for decryption.
  • 6.
  • 7.
  • 8.  A public-key encryption scheme has six ingredients: • Plaintext: This is the readable message or data that is fed into the algorithm as input. • Encryption algorithm: The encryption algorithm performs various transformations on the plaintext. • Public and private keys: This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input.
  • 9. • Ciphertext: This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different ciphertexts. • Decryption algorithm: This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
  • 10. The essential steps are the following. 1. Each user generates a pair of keys to be used for the encryption and decryption of messages. 2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. Each user maintains a collection of public keys obtained from others.
  • 11. 3. If Bob wishes to send a confidential message to Alice, Bob encrypts the message using Alice’s public key. 4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.
  • 12.
  • 13.  We refer to the key used in symmetric encryption as a secret key. The two keys used for asymmetric encryption are referred to as the public key and the private key.  Invariably, the private key is kept secret, but it is referred to as a private key rather than a secret key to avoid confusion with symmetric encryption.
  • 14.
  • 15. The essential elements of a public-key encryption scheme:  There is some source A that produces a message in plaintext, X = [X1, X2, … , XM].  The M elements of X are letters in some finite alphabet.  The message is intended for destination B.  B generates a related pair of keys: a public key, PUb, and a private key, PRb.  PRb is known only to B, whereas PUb is publicly available and therefore accessible by A.
  • 16.  With the message X and the encryption key PUb as input, A forms the ciphertext Y = [Y1, Y2, … , YN]: Y = E(PUb, X)  The intended receiver, in possession of the matching private key, is able to invert the transformation: X = D(PRb, Y)
  • 18.  In this case, A prepares a message to B and encrypts it using A’s private key before transmitting it.  B can decrypt the message using A’s public key.  Because the message was encrypted using A’s private key, only A could have prepared the message.  Therefore, the entire encrypted message serves as a digital signature.
  • 19.  In addition, it is impossible to alter the message without access to A’s private key, so the message is authenticated both in terms of source and in terms of data integrity.  In the preceding scheme, the entire message is encrypted, which, although validating both author and contents, requires a great deal of storage.  A more efficient way of achieving the same results is to encrypt a small block of bits that is a function of the document.  Such a block, called an authenticator, must have the property that it is infeasible to change the document without changing the authenticator.
  • 20.  The encryption process discussed does not provide confidentiality.  It is possible to provide both the authentication function and confidentiality by a double use of the public-key scheme Z = E(PUb, E(PRa, X)) X = D(PUa, D(PRb, Z))  In this case, we begin as before by encrypting a message, using the sender’s private key.  This provides the digital signature.
  • 21.  Next, we encrypt again, using the receiver’s public key.  The final ciphertext can be decrypted only by the intended receiver, who alone has the matching private key.  Thus, confidentiality is provided.
  • 22.
  • 23. Applications for Public-Key Cryptosystems  We can classify the use of public-key cryptosystems into three categories: • Encryption/decryption: The sender encrypts a message with the recipient’s public key. • Digital signature: The sender “signs” a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message. • Key exchange: Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.
  • 24.
  • 25. Requirements for Public-Key Cryptography 1. It is computationally easy for a party B to generate a pair (public key PUb, private key PRb). 2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M) 3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message: M = D(PRb,C) = D[PRb, E(PUb,M)]
  • 26. 4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine the private key, PRb. 5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a ciphertext, C, to recover the original message, M. We can add a sixth requirement that, although useful, is not necessary for all public-key applications: 6. The two keys can be applied in either order: M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
  • 27. Public-Key Cryptanalysis  A public-key encryption scheme is vulnerable to a brute-force attack. The countermeasure is the same: Use large keys.  Another form of attack is to find some way to compute the private key given the public key.  Finally, a probable-message attack.  Suppose, for example, that a message were to be sent that consisted solely of a 56-bit DES key.  An adversary could encrypt all possible 56-bit DES keys using the public key and could discover the encrypted key by matching the transmitted ciphertext.
  • 28. THE RSA ALGORITHM Description of the Algorithm  RSA(Rivest-Shamir-Adleman) algorithm makes use of an expression with exponentials.  Encryption and decryption are of the following form, for some plaintext block M and ciphertext block C. C = Me mod n M = Cd mod n = (Me)d mod n = Med mod n  Both sender and receiver must know the value of n.  The sender knows the value of e, and only the receiver knows the value of d.
  • 29. Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a private key of PR = {d, n}.  For this algorithm to be satisfactory for public-key encryption, the following requirements must be met. 1. It is possible to find values of e, d, and n such that Med mod n = M for all M < n. 2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n. 3. It is infeasible to determine d given e and n.
  • 30.  Both sender and receiver must know the value of n.  The sender knows the value of e, and only the receiver knows the value of d.  Thus, this is a public-key encryption algorithm with a public key of PU = {e, n} and a private key of PR = {d, n}.
  • 31.  For this algorithm to be satisfactory for public-key encryption, the following requirements must be met. 1. It is possible to find values of e, d, and n such that Med mod n = M for all M < n. 2. It is relatively easy to calculate Me mod n and Cd mod n for all values of M < n. 3. It is infeasible to determine d given e and n.
  • 32. The ingredients are the following: p, q, two prime numbers (private, chosen) n = pq (public, calculated) e, with gcd(φ(n), e) = 1; 1 < e < φ(n) (public, chosen) d Ξ e-1 (mod φ(n)) (private, calculated)
  • 33. 1. Select two prime numbers, p = 17 and q = 11. 2. Calculate n = pq = 17 * 11 = 187. 3. Calculate φ(n) = (p - 1)(q - 1) = 16 * 10 = 160. 4. Select e such that e is relatively prime to φ(n) = 160 and less than φ(n); we choose e = 7. 5. Determine d such that de Ξ 1 (mod 160) and d < 160. The correct value is d = 23, because 23 * 7 = 161 = (1 * 160) + 1; d can be calculated using the extended Euclid’s algorithm
  • 34.  The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.  The example shows the use of these keys for a plaintext input of M = 88.  For encryption, we need to calculate C = 887 mod 187.
  • 35.  Exploiting the properties of modular arithmetic, we can do this as follows.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. The Security of RSA Five possible approaches to attacking the RSA algorithm are • Brute force: This involves trying all possible private keys. • Mathematical attacks: There are several approaches, all equivalent in effort to factoring the product of two primes. • Timing attacks: These depend on the running time of the decryption algorithm. • Hardware fault-based attack: This involves inducing hardware faults in the processor that is generating digital signatures. • Chosen ciphertext attacks: This type of attack exploits properties of the RSA algorithm.
  • 41. THE FACTORING PROBLEM We can identify three approaches to attacking RSA mathematically. 1. Factor n into its two prime factors. This enables calculation of φ(n) = (p - 1) * (q - 1), which in turn enables determination of d Ξ e-1 (mod φ(n)). 2. Determine φ(n) directly, without first determining p and q. Again, this enables determination of d Ξ e-1 (mod φ(n)). 3. Determine d directly, without first determining φ(n).
  • 42. TIMING ATTACKS  A snooper can determine a private key by keeping track of how long a computer takes to decipher messages  There are simple countermeasures that can be used, including the following. • Constant exponentiation time: Ensure that all exponentiations take the same amount of time before returning a result. This is a simple fix but does degrade performance. • Random delay: Better performance could be achieved by adding a random delay to the exponentiation algorithm to confuse the timing attack. • Blinding: Multiply the ciphertext by a random number before performing exponentiation.
  • 43. FAULT-BASED ATTACK  The approach is an attack on a processor that is generating RSA digital signatures.  The attack induces faults in the signature computation by reducing the power to the processor.  The faults cause the software to produce invalid signatures, which can then be analyzed by the attacker to recover the private key.  The attack algorithm involves inducing single-bit errors and observing the results.
  • 44. CHOSEN CIPHERTEXT ATTACK AND OPTIMAL ASYMMETRIC ENCRYPTION PADDING  The basic RSA algorithm is vulnerable to a chosen ciphertext attack (CCA).  CCA is defined as an attack in which the adversary chooses a number of ciphertexts and is then given the corresponding plaintexts, decrypted with the target’s private key. Thus, the adversary could select a plaintext, encrypt it with the target’s public key, and then be able to get the plaintext back by having it decrypted with the private key.  A simple example of a CCA against RSA takes advantage of the following property of RSA:
  • 45. E(PU, M1) * E(PU, M2) = E(PU, [M1 * M2]) We can decrypt C = Me mod n using a CCA as follows. 1. Compute X = (C * 2e) mod n. 2. Submit X as a chosen ciphertext and receive back Y = Xd mod n. But now note that X = (C mod n) * (2e mod n) = (Me mod n) * (2e mod n) = (2M)e mod n
  • 46.  Therefore, Y = (2M) mod n.  From this, we can deduce M.  To overcome this simple attack, practical RSA-based cryptosystems randomly pad the plaintext prior to encryption.  This randomizes the ciphertext  However, more sophisticated CCAs are possible, and a simple padding with a random value has been shown to be insufficient to provide the desired security.  To counter such attacks, modifying the plaintext using a procedure known as optimal asymmetric encryption padding (OAEP) is recommended.
  • 47.
  • 48.  As a first step, the message M to be encrypted is padded.  A set of optional parameters, P, is passed through a hash function, H.  The output is then padded with zeros to get the desired length in the overall data block (DB).  Next, a random seed is generated and passed through another hash function, called the mask generating function (MGF).  The resulting hash value is bit-by-bit XORed with DB to produce a maskedDB.
  • 49.  The maskedDB is in turn passed through the MGF to form a hash that is XORed with the seed to produce the maskedseed.  The concatenation of the maskedseed and the maskedDB forms the encoded message EM.  The EM includes the padded message, masked by the seed, and the seed, masked by the maskedDB.  The EM is then encrypted using RSA.
  • 50. DIFFIE-HELLMAN KEY EXCHANGE  The purpose of the algorithm is to enable two users to securely exchange a key that can then be used for subsequent symmetric encryption of messages.  The Diffie-Hellman algorithm depends for its effectiveness on the difficulty of computing discrete logarithms. A primitive root of a prime number p is one whose powers modulo p generate all the integers from 1 to p - 1. That is, if a is a primitive root of the prime number p, then the numbers a mod p, a2 mod p,..., ap-1 mod p are distinct and consist of the integers from 1 through p - 1 in some permutation.
  • 52.  There are two publicly known numbers: a prime number q and an integer α that is a primitive root of q.  Suppose the users A and B wish to create a shared key.  User A selects a random integer XA < q and computes YA = α XA mod q. Similarly, user B independently selects a random integer XB < q and computes YB = α XB mod q.  Each side keeps the X value private and makes the Y value available publicly to the other side.
  • 53.  Thus, XA is A’s private key and YA is A’s corresponding public key, and similarly for B. User A computes the key as K = (YB)XA mod q and user B computes the key as K = (YA)XB mod q. These two calculations produce identical results:
  • 54.  The result is that the two sides have exchanged a secret value.  Typically, this secret value is used as shared symmetric secret key.
  • 55.
  • 56.  Suppose that user A wishes to set up a connection with user B and use a secret key to encrypt messages on that connection.  User A can generate a one-time private key XA, calculate YA, and send that to user B.  User B responds by generating a private value XB, calculating YB, and sending YB to user A.  Both users can now calculate the key.  The necessary public values q and a would need to be known ahead of time.  Alternatively, user A could pick values for q and a and include those in the first message.
  • 57. Man-in-the-Middle Attack  The protocol depicted in Figure 10.1 is insecure against a man- in-the-middle attack. Suppose Alice and Bob wish to exchange keys, and Darth is the adversary.  The attack proceeds as follows (Figure 10.2). 1. Darth prepares for the attack by generating two random private keys XD1 and XD2 and then computing the corresponding public keys YD1 and YD2. 2. Alice transmits YA to Bob. 3. Darth intercepts YA and transmits YD1 to Bob. Darth also calculates K2 = (YA)XD2 mod q.
  • 58. 4. Bob receives YD1 and calculates K1 = (YD1)XB mod q. 5. Bob transmits YB to Alice. 6. Darth intercepts YB and transmits YD2 to Alice. Darth calculates K1 = (YB)XD1 mod q. 7. Alice receives YD2 and calculates K2 = (YD2)XA mod q.
  • 60.  At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share secret key K1 and Alice and Darth share secret key K2.  All future communication between Bob and Alice is compromised in the following way. 1. Alice sends an encrypted message M: E(K2, M). 2. Darth intercepts the encrypted message and decrypts it to recover M. 3. Darth sends Bob E(K1, M) or E(K1, M′), where M′ is any message. In the first case, Darth simply wants to eavesdrop on the communication without altering it. In the second case, Darth wants to modify the message going to Bob.
  • 61. ELGAMAL CRYPTOGRAPHIC SYSTEM  The global elements of Elgamal are a prime number q and a, which is a primitive root of q.  User A generates a private/public key pair as follows: 1. Generate a random integer XA, such that 1 < XA < q - 1. 2. Compute YA = αXA mod q. 3. A’s private key is XA and A’s public key is {q, a, YA}.
  • 62.  Any user B that has access to A’s public key can encrypt a message as follows: 1. Represent the message as an integer M in the range 0 ≤M ≤ q - 1. Longer messages are sent as a sequence of blocks, with each block being an integer less than q. 2. Choose a random integer k such that 1 ≤ k ≤ q - 1. 3. Compute a one-time key K = (YA)k mod q. 4. Encrypt M as the pair of integers (C1, C2) where C1 = αk mod q; C2 = KM mod q
  • 63.  User A recovers the plaintext as follows: 1. Recover the key by computing K = (C1)XA mod q. 2. Compute M = (C2K-1) mod q.  These steps are summarized next. Alice generates a public/private key pair; Bob encrypts using Alice’s public key; and Alice decrypts using her private key.
  • 64.
  • 65.
  • 66.  Following steps show how K is recovered by the decryption process: K = (YA)k mod q K is defined during the encryption process K = (αXA mod q)k mod q substitute using YA = α XA mod q K = αk XA mod q by the rules of modular arithmetic K = (C1)XA mod q substitute using C1 = α k mod q  Next, using K, we recover the plaintext as C2 = KM mod q (C2K-1) mod q = KMK-1 mod q = M mod q = M
  • 67.  We can restate the Elgamal process as follows: 1. Bob generates a random integer k. 2. Bob generates a one-time key K using Alice’s public-key components YA, q, and k. 3. Bob encrypts k using the public-key component a, yielding C1 . C1provides sufficient information for Alice to recover K. 4. Bob encrypts the plaintext message M using K. 5. Alice recovers K from C1 using her private key. 6. Alice uses K-1 to recover the plaintext message from C2.  Thus, K functions as a one-time key, used to encrypt and decrypt the message.
  • 68. Example Consider q = 19. The primitive roots are {2, 3, 10, 13, 14, 15}. Choose α= 10. Alice generates a key pair as follows: 1. Alice chooses XA = 5. 2. Then YA = α XA mod q = α 5 mod 19 = 3 3. Alice’s private key is 5 and Alice’s public key is {q, a, YA} = {19, 10, 3}.
  • 69. Suppose Bob wants to send the message with the value M = 17. Then: 1. Bob chooses k = 6. 2. Then K = (YA)k mod q = 36 mod 19 = 729 mod 19 = 7. 3. So C1 = α k mod q = α 6 mod 19 = 11 C2 = KM mod q = 7 X 17 mod 19 = 119 mod 19 = 5 4. Bob sends the ciphertext (11, 5).
  • 70. For decryption: 1. Alice calculates K = (C1)XA mod q = 115 mod 19 = 161051 mod 19 = 7. 2. Then K-1 in GF(19) is 7-1 mod 19 = 11. 3. Finally, M = (C2K-1) mod q = 5 X 11 mod 19 = 55 mod 19 = 17.