Unit 3:
Cryptography and Key Management (Contd..)
Outline
Asymmetric cryptography
Public and private keys
RSA
Elliptic curve
Hash function
Digital signatures
PKI
Applied cryptography
Problems with Symmetric Encryption
Symmetric encryption, although fast, suffers from several
problems in the modern digital communication
environment including:
The biggest problem - that of a single key that must be shared
in pairs of each sender and receiver.
The size of the communication space presents problems.
Because of the massive potential number of individuals who can
carry on communication in a many-to-one, one-to-many, and
many-to-many topologies supported by the Internet for example,
the secret-key cryptography, if strictly used, requires billions of
secret keys pairs to be created, shared, and stored.
3
Problems with Symmetric Encryption –II
Additional problems include:
The integrity of data can be compromised because
the receiver cannot verify that the message has not
been altered before receipt.
It is possible for the sender to repudiate the message
because there are no mechanisms for the receiver
to make sure that the message has been sent by the
claimed sender.
The method does not give a way to ensure secrecy
even if the encryption process is compromised.
The secret key may not be changed frequently
enough to ensure confidentiality.
4
Asymmetric Encryption
Asymmetric encryption (Public key encryption), uses two different
keys, a public key known by all and a private key known by only
the sender and the receiver.
Both the sender and the receiver own a pair of keys, one public
and the other a closely guarded private one.
Public-Key Cryptosystem Encryption and Decryption Process
Suppose user A wants to send a private message, M, to user B.
User A gets User B's public key from some public source.
User A encrypts message M using B's public key. This produces a ciphertext
message, C.
Ciphertext message C is sent over through communication channel .
Upon receipt, user B decrypts message C using its private key. This results
in the original message M.
As long as only B, the recipient, has access to the private key, then A, the
sender, is assured that only B, the recipient, can decrypt the message.
5
Asymmetric Encryption
Public / private key
Keys mathematically tied together
Openly distribute public key to all parties
Keep private key secret
Anyone can use your public key to send you a message
Recipient’s
Public Key
Cleartext
Message
Originator
Encrypt
Recipient’s
Private Key
Ciphertext
Decrypt
Recipient
Fig. Asymmetric cryptography
Cleartext
Message
Asymmetric Encryption
This ensures data confidentiality.
Data integrity is also ensured because for data to be modified by
an attacker it requires the attacker to have B’s, the recipient’s
private key.
Data confidentiality and integrity in public key encryption is also
guaranteed
Various algorithms exist for public key encryption including
RSA, DSA, PGP, and El Gamal.
Algorithms
RSA
 De facto public-key algorithm
 Variable length keys
 Used for key exchange and signatures
Elliptic Curve
Diffie-Hellman key exchange
 Used for key exchange only
Digital signature algorithm
 Used for signature only
8
Asymmetric Systems - Requirements
Secrecy of the private key
 Must be known only to owner
 Key ownership = identity
Availability of the public key
 Must be available to anyone
 Requires a public directory
9
Asymmetric Algorithms (continued)
Rivest, Shamir, Adelman algorithm (RSA)
One of the most well-known public key
cryptosystems
Developed in the late 1970’s
Relies on the fact that it is extremely difficult
to factor large prime numbers
Basic Knowledge for RSA
Exponentials
Prime numbers
Prime factorization
Greatest Common Denominator (GCD)
Modular arithmetic
Euler totient function
11
RSA Algorithm Steps
Step 1 – Choose two large prime numbers p and
q and get product of these two numbers
 Product(p,q)
 P and q should be very large prime numbers, at minimum
100 digits long but as larger is more secure and less
efficient
 p and q should not be the same prime number
Step 2 – Find the Totient of p and q
Phi = Totient(p,q)=(p-1)*(q-1)
Step 3 – Choose an integer e, 1 < e < phi, such
that gcd(e, phi) = 1
12
RSA Algorithm Steps
Step 4 – Compute the secret exponent d, 1 < d <
phi, such that ed ≡ 1 (mod phi)
Step 5 – The public key is (n, e) and the private
key (d, p, q). Keep all the values d, p, q and phi
secret.
n is known as the modulus.
e is known as the public exponent or encryption
exponent or just the exponent.
d is known as the secret exponent or decryption
exponent.
13
RSA Example
Choose p = 3 and q = 11
Compute n = p * q = 3 * 11 = 33
Compute φ(n) = (p - 1) * (q - 1) = 2 * 10 = 20
Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e =
7
Compute d such that (d * e) % φ(n) = 1. One solution is d = 3,
[(3 * 7) % 20 = 1]
Public key is (e, n) => (7, 33)
Private key is (d, n) => (3, 33)
The encryption of m = 2 is c = 27 % 33 = 29 (C = Pe mod n)
The decryption of c = 29 is m = 293 % 33 = 2 (P = Cd mod n)
P = Cd mod n = (Pe)d mod n = (Pd)e mod n
14
How to Generate RSA Key pair
Select a value of e from {3, 5, 17, 257, 65537}
repeat
p ← genprime(k/2)
until (p mod e) ≠ 1
repeat
q ← genprime(k - k/2)
until (q mod e) ≠ 1
N ← pq
L ← (p-1)(q-1)
d ← modinv(e, L)
return (N, e, d)
15
Proof of RSA
Examples
Bob chooses 7 and 11 as p and q and calculates n = 77. The
value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then d
is 37. Note that e × d mod 60 = 1 (they are inverses of each
Now imagine that Alice wants to send the plaintext 5 to Bob.
She uses the public exponent 13 to encrypt 5.
Bob receives the ciphertext 26 and uses the private key 37 to
decipher the ciphertext:
Now assume that another person, John, wants to send a
message to Bob. John can use the same public key
announced by Bob (probably on his website), 13; John’s
plaintext is 63. John calculates the following:
Bob receives the ciphertext 28 and uses his private key 37 to
decipher the ciphertext:
Elliptic Curve Cryptosystems
Although RSA is secure asymmetric-key cryptosystems,
their security comes with a price, their large keys.
Researchers have looked for alternatives that give the
same level of security with smaller key sizes. One of
these promising alternatives is the elliptic curve
cryptosystem (ECC).
Elliptic Curve Cryptography
Components
Private Key
Public Key
Set of Operations
Domain Parameters
(Predefined constants)
A random
number
Point on a curve
These are defined over
the curve
y2 = x3 + ax + b,
where 4a3 + 27b2 ≠ 0
G, a, b
= Private Key * G
Discrete Logarithm Problem (DLP)
Let P and Q be two points on the elliptic curve
Such that Q = kP, where k is a scalar value
DLP: Given P and Q, find k?
If k is very large, it becomes computationally infeasible
The security of ECC depends on the difficulty of DLP
Main operation in ECC is Point Multiplication
Point Multiplication
Point Multiplication is achieved by two basic curve
operations:
1. Point Addition, L = J + K
2. Point Doubling, L = 2J
Example:
If k = 23;
then, kP = 23*P
= 2(2(2(2P) + P) + P) + P
Point Addition
Geometrical explanation:
Point Addition
Analytical explanation:
Consider two distinct points J and K such that J = (xJ, yJ)
and K = (xK, yK)
Let L = J + K where L = (xL, yL), then
xL = s 2 - xJ – xK
yL = -yJ + s (xJ – xL)
s = (yJ – yK)/(xJ – xK), s is slope of the line through J and K
Finite Fields
The Elliptic curve operations shown were on real numbers
Issue: operations are slow and inaccurate due to round-off errors
To make operations more efficient and accurate, the curve
is defined over two finite fields
1. Prime field Fp and
2. Binary field F2m
The field is chosen with finitely large number of points
suited for cryptographic operations
EC on Prime field Fp
Elliptic Curve equation:
y2 mod p= x3 + ax + b mod p
where 4a3 + 27b2 mod p ≠ 0.
Elements of finite fields are integers between 0 and p-1
The prime number p is chosen such that there is finitely
large number of points on the elliptic curve to make the
cryptosystem secure specifying curves with p ranging
between 112-521 bits
EC on Binary field F2m
 Elliptic Curve equation:
y2 + xy = x3 + ax2 + b,
where b ≠ 0
 Here the elements of the finite field are integers of
length at most m bits.
 In binary polynomial the coefficients can only be 0 or 1.
 The m is chosen such that there is finitely large number
of points on the elliptic curve to make the cryptosystem
secure specifying curves with m ranging between 113571 bits
Implementations
ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Generation:
For signing a message m by sender A, using A’s private key dA
and public key QA = dA * G
1. Calculate e = HASH (m), where HASH is a cryptographic hash function, such as
SHA-1
2. Select a random integer k from [1,n − 1]
3. Calculate r = x1 (mod n), where (x1, y1) = k * G. If r = 0, go to step 2
4. Calculate s = k − 1(e + dAr)(mod n). If s = 0, go to step 2
5. The signature is the pair (r, s)
Implementations
 ECDSA - Elliptic Curve Digital Signature Algorithm
Signature Verification:
For B to authenticate A's signature, B must have A’s public key QA
1. Verify that r and s are integers in [1,n − 1]. If not, the signature is invalid
2. Calculate e = HASH (m), where HASH is the same function used in the signature
generation
3. Calculate w = s −1 (mod n)
4. Calculate u1 = ew (mod n) and u2 = rw (mod n)
5. Calculate (x1, y1) = u1G + u2QA
6. The signature is valid if x1 = r(mod n), invalid otherwise
Hash Function in Cryptography
a Hash Function produces a fingerprint of some
file/message/data
h = H(M)
condenses a variable-length message M
to a fixed-sized fingerprint
assumed to be public
Requirement for Hash Function
1. can be applied to any sized message M
2. produces fixed-length output h
3. is easy to compute h=H(M) for any message M
30
MD5
designed by Ronald Rivest (the R in RSA)
latest in a series of MD2, MD4
produces a 128-bit hash value
until recently was the most widely used hash
algorithm
in recent times have both brute-force & cryptanalytic
concerns
specified as Internet standard RFC1321
31
MD5 Overview
1. pad message so its length is congruent 448,
mod 512
2. append a 64-bit length value to message
3. initialise 4-word (128-bit) MD buffer (A,B,C,D)
4. process message in 16-word (512-bit) blocks:
 using 4 rounds of 16 bit operations on message block
& buffer
 add output to buffer input to form new buffer value
5. output hash value is the final buffer value
32
MD5 Overview
33
MD5 Compression Function
each round has 16 steps of the form:
a = b+((a+g(b,c,d)+X[k]+T[i])<<<s)
a,b,c,d refer to the 4 words of the buffer,
but used in varying permutations
note this updates 1 word only of the buffer
after 16 steps each word is updated 4 times
where g(b,c,d) is a different nonlinear
function in each round (F,G,H,I)
T[i] is a constant value derived from sin
34
Secure Hash Algorithm (SHA-1)
SHA was designed by NIST & NSA in 1993, revised
1995 as SHA-1
US standard for use with DSA signature scheme
standard is FIPS 180-1 1995, also Internet RFC3174
note: the algorithm is SHA, the standard is SHS
produces 160-bit hash values
now the generally preferred hash algorithm
35
SHA Overview
1. pad message so its length is congruent 448, mod 512
2. append a 64-bit length value to message
3. initialise 5-word (160-bit) buffer (A,B,C,D,E) to
(67452301,efcdab89,98badcfe,10325476,c3d2e1f0)
4. process message in 16-word (512-bit) chunks:
 expand 16 words into 80 words by mixing & shifting
 use 4 rounds of 20 bit operations on message block &
buffer
 add output to input to form new buffer value
5. output hash value is the final buffer value
36
SHA-1 Compression Function
each round has 20 steps which replaces the 5 buffer
words thus:
(A,B,C,D,E) <(E+f(t,B,C,D)+(A<<5)+Wt+Kt),A,(B<<30),C,D)
a,b,c,d,e refer to the 5 words of the buffer
t is the step number
f(t,B,C,D) is nonlinear function for round
Wt is derived from the message block
Kt is a constant value derived from sin
37
SHA-1 Compression Function
38
SHA-1 verses MD5
brute force attack is harder (160 vs 128 bits for MD5)
not vulnerable to any known attacks (compared to
MD4/5)
a little slower than MD5 (80 vs 64 steps)
both designed as simple and compact
optimised for big endian CPU's (vs MD5 which is
optimised for little endian CPU’s)
39
Revised Secure Hash Standard
NIST has issued a revision FIPS 180-2
adds 3 additional hash algorithms
SHA-256, SHA-384, SHA-512
designed for compatibility with increased security
provided by the AES cipher
structure & detail is similar to SHA-1
hence analysis should be similar
40
Digital Signature: Outline
What is a Digital Signature
Digital Signature Features
Digital Signature Concepts
How Digital Signature Works
How to Register
What is a Digital Signature
Digital signature means a type of electronic
signature that transforms a message using an
asymmetric cryptosystem ( public and private key
capability )
A person having the initial message and the
signer’s public key can accurately determine
Whether the transformation was created using the
private key that corresponds to the signer’s public key
Whether the initial message has been altered since the
transformation was made
A Digital Signature is:
Intended by the party using it to have the same force and
effect as the use of a manual signature
Unique to the party using it
Capable of verification
Under the sole control of the party using it
Linked to data in such a manner that it is invalidated if the
data is changed
In conformity with rules adopted by Office of Controller of
Certification (a Certificate Authority) pursuant to this act
What is a Digital Signature
Digital Signature Features
Signer authentication
Message authentication
Non-repudiation
Integrity
Digital Signature Concepts
The first is that each user has a pair of matching virtual
keys ( the private key and public key ), which have a
unique mathematical relationship
The second concept is that of a digital certificate
Public-key Cryptography
Each person’s public key is published while the
private key is kept secret
Communications involve only the public keys, and
no private key is ever transmitted or shared.
The public keys are associated with their users in
a trusted manner
Public-key Cryptography
Anyone can send a confidential message by just
using public information, but the message can only
be decrypted with a private key
Public-key cryptography can be used not only for
privacy (encryption), but also for authentication
(digital signatures)
Certificate Authority
The Certificate Authority is an individual
organization that acts as a notary to authenticate
the identity of users of a public-key encryption
A Certificate Authority is used to:
1) Associate a pair of keys with a person
2) Publishing the public keys in a directory
3) Maintain functions associated with the keys
Digital Certificate
The digital certificate acts like an electronic
envelope in which the public key travels
This electronic ID file verifies the connection
between the public key and the owner
The digital certificate is issued by a Certificate
Authority and signed with that Certificate
Authority’s private key, authenticating the public
key
Digital Certificate
Typically includes:
Public key and owner’s name
Certificate Authority issuing the key
Serial number
Digital signature of Certificate Authority, signed using the
Certificate Authority’s private key
Other optional identifying information
Digital Signature Creation
Message
Message
Hash
Function
Message
Digest
Signature Private Key
Signature
Function
Digital
Signature
Digital Signature Creation
Sign
A process known as hash function must occur
1) A hash function is a mathematical algorithm which
creates a digital representation or fingerprint in the form
of a hash result or message digest
2) The hash function generally consists of a standard
length that is usually much smaller than the message but
nevertheless substantially unique to it
Digital Signature Creation
Sign
The sender’s digital signature software transforms the
hash result into a digital signature using the sender’s
private key
Seal
The message is encrypted with a fast symmetric key
Then the symmetric key is encrypted with the receiver’s
public key
Digital Signature Verification
Message
Digest
Signature
Hash Function
Signature
Function
Signer’s Public Key
Message
Digest
Message
Digest
If the message
digest are identical,
the signature is valid.
If they are different,
the signature is not
valid.
Digital Signature Verification
Accept
Open
The receiver decrypts the symmetric key by
using the receiver’s private key
The message is decrypted using the symmetric
key
Verify
Accomplished by computing a new hash result
of the original message
Digital Signature Verification
Verify
Then, using the sender’s public key and the new hash
result, the verifier checks whether:
1) the digital signature was created using the corresponding
private key
 2) the newly computed hash result matches the original
hash result
The software will confirm the digital signature as:
 1) verified
2) failed
How to register
How to register
A LRA (Local Registration Authority) uploads
information about an authorized user
The LRA verifies the user’s identity and provides
them with their user number and password
The user connects to the CA, the key pair is
generated automatically in the user’s browser, and
the private key is stored to their hard drive
How to register
The user’s public key is automatically sent to the
CA, and the CA generates the certificate after
verifying the user number and password
The CA passes a copy of the certificate back to the
user
The CA automatically posts a copy of the
certificate in the directory server to make the
public key available to others
Summary
Digital signature is based on asymmetric cryptography
Every user has a unique pair of private and public key
certified by a trusted Certification Authority
When the sender signs a transaction, a unique
mathematical code is created with their private key and the
actual content of the transaction
Digital signature can identify the signer’s identity by its
relationship to the digital certificate
Digital signature provides more value than any other
electronic signature method
Summary
Goals of cryptography are confidentiality, integrity,
nonrepudiation, and authentication
General steps in cryptography are to
Create a plaintext message
Use a cryptographic key and algorithm to produce a ciphertext message
Apply the same or a related key and algorithm to the ciphertext message
Recreate the original plaintext message
There are two types of cryptographic algorithms
Symmetric (uses a shared secret key)
Asymmetric (uses a public and private key pair)
Summary
Digital signatures are used to add integrity and non-repudiation
functionality to cryptosystems
Digital signatures are created using hash functions applied to
the message to create a message digest that is then encrypted
Digital certificates allow a third party Certificate Authority to
verify the identity of a sender who may not be well known to the
recipient
A digital certificate is a copy of a user’s public key that has been
digitally signed by a Certificate Authority.
Assignment - 2
Analyze the policy/law adopted by Nepal
Government regarding the implementation of
Digital Signature on behalf of developed policy:
“Electronic Transaction Act - 2063” or any latest
policy adopted.
And its implementation with pros and cons if any.
65
References
1. https://engineering.purdue.edu/kak/compsec/NewLectures/Lecture15.pdf