2. The principles of a public key cryptographic
system are as follows:
• Public and Private Keys: As the name suggests, there are two keys in
this system. The public key is freely available to anyone and is used for
encryption. The private key is kept secret by the owner and is used for
decryption.
• Encryption: The sender uses the recipient's public key to encrypt the
message. Once encrypted, the message cannot be decrypted with the
public key; only the corresponding private key can decrypt it.
• Decryption: The recipient, who possesses the corresponding private
key, uses it to decrypt the message. Since only the private key can
decrypt the message encrypted with the public key, the secrecy of the
communication is maintained.
3. • Digital Signatures: Public key cryptography also enables the creation of digital signatures.
A digital signature is generated using the sender's private key and can be verified using
the sender's public key. This ensures the authenticity and integrity of the message.
• Key Exchange: Public key cryptography can also be used for secure key exchange. For
example, in protocols like Diffie-Hellman key exchange, two parties can agree upon a
shared secret key over an insecure channel without directly exchanging the secret key.
• Security: The security of public key cryptography relies on the computational difficulty of
certain mathematical problems, such as factoring large prime numbers or computing
discrete logarithms. For example, in RSA encryption, the security is based on the
difficulty of factoring large composite numbers into their prime factors.
• Trust: Users need to trust that the public keys they receive actually belong to the
intended recipients. This trust is often established through digital certificates issued by
trusted third parties known as certificate authorities (CAs).
• Revocation: In cases where a private key is compromised or no longer valid, mechanisms
for revoking and replacing keys are essential to maintaining the security of the system.
4. • public key cryptography provides a powerful framework for secure
communication, digital signatures, and key exchange in various
applications, including secure email, online transactions, and digital
identity management.
5. RSA
• RSA (Rivest-Shamir-Adleman) is one of the most widely used public-
key cryptography algorithms. It is named after its inventors Ron
Rivest, Adi Shamir, and Leonard Adleman, who introduced it in 1977.
The RSA algorithm is based on the computational difficulty of
factoring large integers, which forms the basis of its security.
6. • Key Generation:
• Choose two large prime numbers, p and q.
• Compute their product, n=p×q. This forms the modulus for the public
and private keys.
• Compute Euler's totient function, ϕ(n)=(p−1)×(q−1). This function is
important for ensuring the security of RSA.
• Choose an integer e such that 1<e<ϕ(n) and e is coprime with ϕ(n).
Typically, e is chosen as a small prime,
• Compute the modular multiplicative inverse d×e≡1 modϕ(n). This will
be the private exponent.
7. • Public and Private Keys:
• The public key is (e,n).
• The private key is (d,n).
• The public key is made available to everyone, while the private key is kept
secret.
• Encryption:
• To encrypt a message M, the sender uses the recipient's public key (e,n).
• The sender computes mod C≡Memodn.
• The ciphertext C is then sent to the recipient.
8. • Decryption:
• The recipient uses their private key (d,n) to decrypt the ciphertext C.
• The recipient computes M≡Cdmodn.
• The decrypted message M is then obtained.
9. • Security:
• The security of RSA relies on the difficulty of factoring the large
composite number n into its prime factors p and q. As long as
factoring large numbers remains computationally infeasible, RSA
encryption remains secure.
• Digital Signatures:
• RSA can also be used for digital signatures. To create a signature, the
sender encrypts a hash of the message using their private key. The
recipient can then decrypt the signature using the sender's public key
and verify the authenticity of the message.
10. • RSA is widely used in various applications such as secure
communication (SSL/TLS), digital signatures, and secure email.
However, it's worth noting that RSA's security relies on the proper
selection of key sizes. As computing power increases, longer key sizes
may be necessary to maintain security.
11. Rsa algorithm example
• Key Generation:
• Choose two prime numbers: p=5 and q=7.
• Compute n= p × q = 5 ×7 = 35.
• Compute ϕ(n)=(p−1)×(q−1)=4×6=24.
• Choose e=5 (relatively prime to ϕ(n)).
• Compute the modular multiplicative inverse of e modulo ϕ(n). Here,d=5 since
(5×5)mod 24=1(5×5)mod24=1.
• So, the public key is (e,n)=(5,35) and the private key is (d,n)=(5,35).
12. • Encryption:
• Let's encrypt the message M=10.
• To encrypt, we use the public key (e,n).
• Compute C≡ 10 ^5 mod35=10.
• So, the ciphertext C is 10.
• Decryption:
• To decrypt, we use the private key (d,n).
• Compute M ≡ 10^ 5mod 35.
• The result is M=10, which is the original message.
• So, we successfully decrypted the ciphertext back to the original
message M=10.
13. Symmetric key distribution using symmetric
encryption
• For symmetric encryption to work, the two parties to an exchange must
share the same key, and that key must be protected from access by others.
• For two parties A and B, key distribution can be achieved in a number of
ways, as fllows:
• A can select a key and physically deliver it to B
• A third party can select the key and physically deliver it to A and B
• If A and B have previously and recently used a key, one party can transmit
the new key to the other, encrypted using the old key
• If A and b each has an encrypted connection to a third party C, C can
deliver a key on the encrypted links to A and B
14.
15. Key management
• Key Generation:
• Asymmetric key pairs consist of a public key and a corresponding private key. These keys are
generated using algorithms like RSA, DSA, or ECC.
• The generation process must use secure random number generators to ensure that the keys are
sufficiently unpredictable.
• Key Storage:
• Private keys must be securely stored to prevent unauthorized access. They are typically stored in
key stores or hardware security modules (HSMs) that provide strong physical and logical
protection.
• Public keys are generally distributed widely and are not considered sensitive information.
• Key Distribution:
• Public keys are distributed to entities with whom secure communication is desired. This
distribution can be done through various means, such as public key directories, digital certificates,
or direct exchange.
• Public keys should be authenticated to ensure that they belong to the intended owner. This can be
achieved through digital signatures or certificates issued by trusted certificate authorities (CAs).
16. • Key Rotation and Expiration:
• Asymmetric keys may have a limited lifespan due to security reasons or regulatory
requirements. Key rotation involves replacing old keys with new ones periodically.
• Key expiration policies ensure that keys are not used beyond their validity period, reducing
the risk associated with compromised keys.
• Revocation and Key Recovery:
• In case of compromise or loss of a private key, mechanisms for revocation and recovery
should be in place. This typically involves publishing revocation information through
certificate revocation lists (CRLs) or using online certificate status protocol (OCSP).
• Key recovery mechanisms may also be implemented to recover encrypted data in the event
of key loss, though these should be carefully controlled to prevent unauthorized access to
private keys.
• Secure Key Destruction:
• When asymmetric keys are no longer needed or have reached the end of their lifecycle, they
should be securely destroyed to prevent unauthorized use. This may involve cryptographic
erasure techniques or physical destruction of storage media.
17. • Key Usage:
• Public keys are used for encryption and verification of digital signatures.
• Private keys are used for decryption of encrypted messages and generation of
digital signatures.
• Private keys should never be shared and should only be used by the intended
owner.
18. Distribution of public keys
• Several techniques have been proposed for the distribution of public
keys. Virtually all these proposals can be grouped into the following
general schemas.
• Public announcement
• Publicly available directory
• Public-key authority
• Public-key certificates
19.
20.
21. • Public-Key Authority
• Stronger security for public-key distribution can be achieved by
providing tighter control over the distribution of public keys from the
directory. As before, the scenario assumes that a central authority
maintains a dynamic directory of public keys of all participants. In a
addition, each participant reliably knows a public key for authority,
with only the authority knowing the corresponding private key.