SlideShare a Scribd company logo
1 of 34
1
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 10
Assymmetric-Key
Cryptography
2
Objectives
❑ To distinguish between two cryptosystems:
symmetric-key and asymmetric-key
❑ To introduce trapdoor one-way functions and their
use in asymmetric-key cryptosystems
❑ To introduce the knapsack cryptosystem as one of
the first ideas in asymmetric-key cryptography
❑ To discuss the RSA cryptosystem
❑ To discuss the Rabin cryptosystem
❑ To discuss the ElGamal cryptosystem
❑ To discuss the elliptic curve cryptosystem
Chapter 10
3
10-1 INTRODUCTION
Symmetric and asymmetric-key cryptography will exist
in parallel and continue to serve the community. We
actually believe that they are complements of each
other; the advantages of one can compensate for the
disadvantages of the other.
10.1.1 Keys
10.1.2 General Idea
10.1.3 Need for Both
10.1.4 Trapdoor One-Way Function
10.1.5 Knapsack Cryptosystem
Topics discussed in this section:
4
10-1 INTRODUCTION
Symmetric and asymmetric-key cryptography will exist
in parallel and continue to serve the community. We
actually believe that they are complements of each
other; the advantages of one can compensate for the
disadvantages of the other.
Symmetric-key cryptography is based on sharing secrecy;
asymmetric-key cryptography is based on personal secrecy.
Note
5
Asymmetric key cryptography uses two separate keys: one
private and one public.
10.1.1 Keys
Figure 10.1 Locking and unlocking in asymmetric-key cryptosystem
6
10.1.2 General Idea
Figure 10.2 General idea of asymmetric-key cryptosystem
7
Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
ciphertext are treated as integers in asymmetric-key
cryptography.
10.1.2 Continued
C = f (Kpublic , P) P = g(Kprivate , C)
Encryption/Decryption
8
There is a very important fact that is sometimes
misunderstood: The advent of asymmetric-key
cryptography does not eliminate the need for symmetric-
key cryptography.
10.1.3 Need for Both
9
10-2 RSA CRYPTOSYSTEM
The most common public-key algorithm is the RSA
cryptosystem, named for its inventors (Rivest, Shamir,
and Adleman).
10.2.1 Introduction
10.2.2 Procedure
10.2.3 Some Trivial Examples
10.2.4 Attacks on RSA
10.2.5 Recommendations
10.2.6 Optimal Asymmetric Encryption Padding (OAEP)
10.2.7 Applications
Topics discussed in this section:
10
10.2.1 Introduction
Figure 10.5 Complexity of operations in RSA
11
10.2.2 Procedure
Figure 10.6 Encryption, decryption, and key generation in RSA
12
Two Algebraic Structures
10.2.2 Continued
Encryption/Decryption Ring: R = <Zn , +, × >
Key-Generation Group: G = <Z φ(n)∗, × >
13
10.2.2 Continued
14
Encryption
10.2.2 Continued
15
Decryption
10.2.2 Continued
16
Proof of RSA
10.2.2 Continued
17
10.2.3 Some Trivial Examples
Example 10. 5
Bob chooses 7 and 11 as p and q and calculates n = 77. The
value of φ(n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then d
is 37. Note that e × d mod 60 = 1 (they are inverses of each
Now imagine that Alice wants to send the plaintext 5 to Bob.
She uses the public exponent 13 to encrypt 5.
Bob receives the ciphertext 26 and uses the private key 37 to
decipher the ciphertext:
18
10.2.3 Some Trivial Examples
Example 10. 6
Bob receives the ciphertext 28 and uses his private key 37 to
decipher the ciphertext:
Now assume that another person, John, wants to
send a message to Bob. John can use the same
public key announced by Bob (probably on his
website), 13; John’s plaintext is 63. John calculates
the following:
19
10.2.3 Some Trivial Examples
Example 10. 7
Suppose Ted wants to send the message “NO” to
Jennifer. He changes each character to a number
(from 00 to 25), with each character coded as two
digits. He then concatenates the two coded
characters and gets a four-digit number. The plaintext
is 1314. Figure 10.7 shows the process.
Jennifer creates a pair of keys for herself. She
chooses p = 397 and q = 401. She calculates
n = 159197. She then calculates φ(n) = 158400. She
then chooses e = 343 and d = 12007. Show how Ted
can send a message to Jennifer if he knows e and n.
20
10.2.3 Continued
Figure 10.7 Encryption and decryption in Example 10.7
21
10.2.4 Attacks on RSA
Figure 10.8 Taxonomy of potential attacks on RSA
22
10-3 RABIN CRYPTOSYSTEM
The Rabin cryptosystem can be thought of as an RSA
cryptosystem in which the value of e and d are fixed.
The encryption is C ≡ P2 (mod n) and the decryption is
P ≡ C1/2 (mod n).
10.3.1 Procedure
10.3.2 Security of the Rabin System
Topics discussed in this section:
23
10-3 Continued
Figure 10.10 Rabin cryptosystem
24
10.3.1 Procedure
Key Generation
25
Encryption
10.3.1 Continued
26
Decryption
10.3.1 Continued
The Rabin cryptosystem is not deterministic:
Decryption creates four plaintexts.
Note
27
10.3.1 Continued
Example 10. 9
Here is a very trivial example to show the idea.
1. Bob selects p = 23 and q = 7. Note that both are
congruent to 3 mod 4.
2. Bob calculates n = p × q = 161.
3. Bob announces n publicly; he keeps p and q private.
4. Alice wants to send the plaintext P = 24. Note that 161 and 24
are relatively prime; 24 is in Z161*. She calculates C = 242 = 93
mod 161, and sends the ciphertext 93 to Bob.
28
10.3.1 Continued
Example 10. 9
5. Bob receives 93 and calculates four values:
a1 = +(93 (23+1)/4) mod 23 = 1 mod 23
a2 = −(93 (23+1)/4) mod 23 = 22 mod 23
b1 = +(93 (7+1)/4) mod 7 = 4 mod 7
b2 = −(93 (7+1)/4) mod 7 = 3 mod 7
6. Bob takes four possible answers, (a1, b1), (a1, b2), (a2, b1), and
(a2, b2), and uses the Chinese remainder theorem to find four
possible plaintexts: 116, 24, 137, and 45. Note that only the
second answer is Alice’s plaintext.
29
10-4 ELGAMAL CRYPTOSYSTEM
Besides RSA and Rabin, another public-key
cryptosystem is ElGamal. ElGamal is based on the
discrete logarithm problem discussed in Chapter 9.
10.4.1 ElGamal Cryptosystem
10.4.2 Procedure
10.4.3 Proof
10.4.4 Analysis
10.4.5 Security of ElGamal
10.4.6 Application
Topics discussed in this section:
30
10.4.2 Procedure
Figure 10.11 Key generation, encryption, and decryption in ElGamal
31
Key Generation
10.4.2 Continued
32
10.4.2 Continued
33
10.4.2 Continued
The bit-operation complexity of encryption or
decryption in ElGamal cryptosystem is polynomial.
Note
34
10.4.3 Continued
Example 10. 10
Here is a trivial example. Bob chooses p = 11 and e1 = 2.
and d = 3 e2 = e1
d = 8. So the public keys are (2, 8, 11)
and the private key is 3. Alice chooses r = 4 and calculates
C1 and C2 for the plaintext 7.
Bob receives the ciphertexts (5 and 6) and calculates the
plaintext.

More Related Content

Similar to 10 AsymmetricKey Cryptography students.pptx

Crack wep-wifi-under100seconds (copied)
Crack wep-wifi-under100seconds (copied)Crack wep-wifi-under100seconds (copied)
Crack wep-wifi-under100seconds (copied)
Pedro Mateus
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
rameshvvv
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
AfiqEfendy Zaen
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystem
IAEME Publication
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
Siva Rushi
 
Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327
Editor IJARCET
 
Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327
Editor IJARCET
 

Similar to 10 AsymmetricKey Cryptography students.pptx (20)

Unit --3.ppt
Unit --3.pptUnit --3.ppt
Unit --3.ppt
 
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
1982 - Probabilistic Encryption & How To Play Mental Poker Keeping Secret All...
 
Introduction to cryptography
Introduction to cryptographyIntroduction to cryptography
Introduction to cryptography
 
rsa.pdf
rsa.pdfrsa.pdf
rsa.pdf
 
Crack wep-wifi-under100seconds (copied)
Crack wep-wifi-under100seconds (copied)Crack wep-wifi-under100seconds (copied)
Crack wep-wifi-under100seconds (copied)
 
F010243136
F010243136F010243136
F010243136
 
Rsa cryptosystem
Rsa cryptosystemRsa cryptosystem
Rsa cryptosystem
 
Ntewrok secuirty cs7
Ntewrok secuirty cs7Ntewrok secuirty cs7
Ntewrok secuirty cs7
 
Rsa rivest shamir adleman
Rsa rivest shamir adlemanRsa rivest shamir adleman
Rsa rivest shamir adleman
 
Rsa diffi-network security-itt
Rsa diffi-network security-ittRsa diffi-network security-itt
Rsa diffi-network security-itt
 
Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2Secure Encyrption Systems Chapter 2
Secure Encyrption Systems Chapter 2
 
Cryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using VerilogCryptosystem An Implementation of RSA Using Verilog
Cryptosystem An Implementation of RSA Using Verilog
 
Cryptography using rsa cryptosystem
Cryptography using rsa cryptosystemCryptography using rsa cryptosystem
Cryptography using rsa cryptosystem
 
A comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystemA comparative analysis of the possible attacks on rsa cryptosystem
A comparative analysis of the possible attacks on rsa cryptosystem
 
RSA & MD5 algorithm
RSA & MD5 algorithmRSA & MD5 algorithm
RSA & MD5 algorithm
 
Rsa encryption
Rsa encryptionRsa encryption
Rsa encryption
 
A survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic EncryptionA survey on Fully Homomorphic Encryption
A survey on Fully Homomorphic Encryption
 
B017631014
B017631014B017631014
B017631014
 
Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327
 
Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327Ijarcet vol-2-issue-7-2323-2327
Ijarcet vol-2-issue-7-2323-2327
 

Recently uploaded

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
Kamal Acharya
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
HenryBriggs2
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
AldoGarca30
 

Recently uploaded (20)

Hospital management system project report.pdf
Hospital management system project report.pdfHospital management system project report.pdf
Hospital management system project report.pdf
 
Passive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.pptPassive Air Cooling System and Solar Water Heater.ppt
Passive Air Cooling System and Solar Water Heater.ppt
 
Computer Graphics Introduction To Curves
Computer Graphics Introduction To CurvesComputer Graphics Introduction To Curves
Computer Graphics Introduction To Curves
 
Databricks Generative AI Fundamentals .pdf
Databricks Generative AI Fundamentals  .pdfDatabricks Generative AI Fundamentals  .pdf
Databricks Generative AI Fundamentals .pdf
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
Convergence of Robotics and Gen AI offers excellent opportunities for Entrepr...
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Dr Mrs A A Miraje C Programming PPT.pptx
Dr Mrs A A Miraje C Programming PPT.pptxDr Mrs A A Miraje C Programming PPT.pptx
Dr Mrs A A Miraje C Programming PPT.pptx
 
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...
 
Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)Introduction to Artificial Intelligence ( AI)
Introduction to Artificial Intelligence ( AI)
 
Autodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptxAutodesk Construction Cloud (Autodesk Build).pptx
Autodesk Construction Cloud (Autodesk Build).pptx
 
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
1_Introduction + EAM Vocabulary + how to navigate in EAM.pdf
 
History of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & ModernizationHistory of Indian Railways - the story of Growth & Modernization
History of Indian Railways - the story of Growth & Modernization
 
Adsorption (mass transfer operations 2) ppt
Adsorption (mass transfer operations 2) pptAdsorption (mass transfer operations 2) ppt
Adsorption (mass transfer operations 2) ppt
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
Call for Papers - Journal of Electrical Systems (JES), E-ISSN: 1112-5209, ind...
 
TMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdf
TMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdf
TMU_GDSC_20240509.pdfTMU_GDSC_20240509.pdf
 
UNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptxUNIT 4 PTRP final Convergence in probability.pptx
UNIT 4 PTRP final Convergence in probability.pptx
 

10 AsymmetricKey Cryptography students.pptx

  • 1. 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 10 Assymmetric-Key Cryptography
  • 2. 2 Objectives ❑ To distinguish between two cryptosystems: symmetric-key and asymmetric-key ❑ To introduce trapdoor one-way functions and their use in asymmetric-key cryptosystems ❑ To introduce the knapsack cryptosystem as one of the first ideas in asymmetric-key cryptography ❑ To discuss the RSA cryptosystem ❑ To discuss the Rabin cryptosystem ❑ To discuss the ElGamal cryptosystem ❑ To discuss the elliptic curve cryptosystem Chapter 10
  • 3. 3 10-1 INTRODUCTION Symmetric and asymmetric-key cryptography will exist in parallel and continue to serve the community. We actually believe that they are complements of each other; the advantages of one can compensate for the disadvantages of the other. 10.1.1 Keys 10.1.2 General Idea 10.1.3 Need for Both 10.1.4 Trapdoor One-Way Function 10.1.5 Knapsack Cryptosystem Topics discussed in this section:
  • 4. 4 10-1 INTRODUCTION Symmetric and asymmetric-key cryptography will exist in parallel and continue to serve the community. We actually believe that they are complements of each other; the advantages of one can compensate for the disadvantages of the other. Symmetric-key cryptography is based on sharing secrecy; asymmetric-key cryptography is based on personal secrecy. Note
  • 5. 5 Asymmetric key cryptography uses two separate keys: one private and one public. 10.1.1 Keys Figure 10.1 Locking and unlocking in asymmetric-key cryptosystem
  • 6. 6 10.1.2 General Idea Figure 10.2 General idea of asymmetric-key cryptosystem
  • 7. 7 Plaintext/Ciphertext Unlike in symmetric-key cryptography, plaintext and ciphertext are treated as integers in asymmetric-key cryptography. 10.1.2 Continued C = f (Kpublic , P) P = g(Kprivate , C) Encryption/Decryption
  • 8. 8 There is a very important fact that is sometimes misunderstood: The advent of asymmetric-key cryptography does not eliminate the need for symmetric- key cryptography. 10.1.3 Need for Both
  • 9. 9 10-2 RSA CRYPTOSYSTEM The most common public-key algorithm is the RSA cryptosystem, named for its inventors (Rivest, Shamir, and Adleman). 10.2.1 Introduction 10.2.2 Procedure 10.2.3 Some Trivial Examples 10.2.4 Attacks on RSA 10.2.5 Recommendations 10.2.6 Optimal Asymmetric Encryption Padding (OAEP) 10.2.7 Applications Topics discussed in this section:
  • 10. 10 10.2.1 Introduction Figure 10.5 Complexity of operations in RSA
  • 11. 11 10.2.2 Procedure Figure 10.6 Encryption, decryption, and key generation in RSA
  • 12. 12 Two Algebraic Structures 10.2.2 Continued Encryption/Decryption Ring: R = <Zn , +, × > Key-Generation Group: G = <Z φ(n)∗, × >
  • 17. 17 10.2.3 Some Trivial Examples Example 10. 5 Bob chooses 7 and 11 as p and q and calculates n = 77. The value of φ(n) = (7 − 1)(11 − 1) or 60. Now he chooses two exponents, e and d, from Z60∗. If he chooses e to be 13, then d is 37. Note that e × d mod 60 = 1 (they are inverses of each Now imagine that Alice wants to send the plaintext 5 to Bob. She uses the public exponent 13 to encrypt 5. Bob receives the ciphertext 26 and uses the private key 37 to decipher the ciphertext:
  • 18. 18 10.2.3 Some Trivial Examples Example 10. 6 Bob receives the ciphertext 28 and uses his private key 37 to decipher the ciphertext: Now assume that another person, John, wants to send a message to Bob. John can use the same public key announced by Bob (probably on his website), 13; John’s plaintext is 63. John calculates the following:
  • 19. 19 10.2.3 Some Trivial Examples Example 10. 7 Suppose Ted wants to send the message “NO” to Jennifer. He changes each character to a number (from 00 to 25), with each character coded as two digits. He then concatenates the two coded characters and gets a four-digit number. The plaintext is 1314. Figure 10.7 shows the process. Jennifer creates a pair of keys for herself. She chooses p = 397 and q = 401. She calculates n = 159197. She then calculates φ(n) = 158400. She then chooses e = 343 and d = 12007. Show how Ted can send a message to Jennifer if he knows e and n.
  • 20. 20 10.2.3 Continued Figure 10.7 Encryption and decryption in Example 10.7
  • 21. 21 10.2.4 Attacks on RSA Figure 10.8 Taxonomy of potential attacks on RSA
  • 22. 22 10-3 RABIN CRYPTOSYSTEM The Rabin cryptosystem can be thought of as an RSA cryptosystem in which the value of e and d are fixed. The encryption is C ≡ P2 (mod n) and the decryption is P ≡ C1/2 (mod n). 10.3.1 Procedure 10.3.2 Security of the Rabin System Topics discussed in this section:
  • 23. 23 10-3 Continued Figure 10.10 Rabin cryptosystem
  • 26. 26 Decryption 10.3.1 Continued The Rabin cryptosystem is not deterministic: Decryption creates four plaintexts. Note
  • 27. 27 10.3.1 Continued Example 10. 9 Here is a very trivial example to show the idea. 1. Bob selects p = 23 and q = 7. Note that both are congruent to 3 mod 4. 2. Bob calculates n = p × q = 161. 3. Bob announces n publicly; he keeps p and q private. 4. Alice wants to send the plaintext P = 24. Note that 161 and 24 are relatively prime; 24 is in Z161*. She calculates C = 242 = 93 mod 161, and sends the ciphertext 93 to Bob.
  • 28. 28 10.3.1 Continued Example 10. 9 5. Bob receives 93 and calculates four values: a1 = +(93 (23+1)/4) mod 23 = 1 mod 23 a2 = −(93 (23+1)/4) mod 23 = 22 mod 23 b1 = +(93 (7+1)/4) mod 7 = 4 mod 7 b2 = −(93 (7+1)/4) mod 7 = 3 mod 7 6. Bob takes four possible answers, (a1, b1), (a1, b2), (a2, b1), and (a2, b2), and uses the Chinese remainder theorem to find four possible plaintexts: 116, 24, 137, and 45. Note that only the second answer is Alice’s plaintext.
  • 29. 29 10-4 ELGAMAL CRYPTOSYSTEM Besides RSA and Rabin, another public-key cryptosystem is ElGamal. ElGamal is based on the discrete logarithm problem discussed in Chapter 9. 10.4.1 ElGamal Cryptosystem 10.4.2 Procedure 10.4.3 Proof 10.4.4 Analysis 10.4.5 Security of ElGamal 10.4.6 Application Topics discussed in this section:
  • 30. 30 10.4.2 Procedure Figure 10.11 Key generation, encryption, and decryption in ElGamal
  • 33. 33 10.4.2 Continued The bit-operation complexity of encryption or decryption in ElGamal cryptosystem is polynomial. Note
  • 34. 34 10.4.3 Continued Example 10. 10 Here is a trivial example. Bob chooses p = 11 and e1 = 2. and d = 3 e2 = e1 d = 8. So the public keys are (2, 8, 11) and the private key is 3. Alice chooses r = 4 and calculates C1 and C2 for the plaintext 7. Bob receives the ciphertexts (5 and 6) and calculates the plaintext.