ECT-434

SECURE COMMUNICATION
Module 4: Public Key Cryptography, RSA and Key Management

Principles of public key cryptosystems-Public key

cryptosystems, Application for Public key Cryptosystem,
requirements, RSA algorithm,
Fermat’s theorem, Euler’s Totient Function, Euler’s theorem,

R
Key management, Distribution of public keys, Publicly available
directory, Public key authority, public key certificates,

A
Distribution of secret keys using public key
ra
cryptography
a
sh

Public-Key Cryptosystems
A public-key encryption scheme has six ingredients
Bu

● Plaintext: This is the readable message or data that is fed

into the algorithm as input.
● Encryption algorithm: The encryption algorithm performs
various transformations on the
plaintext.
● Public and private keys: This is a pair of keys that have been
selected so that if one is used for
encryption, the other is used for decryption. The exact
transformations performed by the algorithm depend on the
public or private key that is provided as input.
● Ciphertext: This is the scrambled message produced as
output. It depends on the plaintext and the key. For a given
message, two different keys will produce two different
ciphertexts.
● Decryption algorithm: This algorithm accepts the ciphertext
and the matching key and produces the original plaintext.

R
1. Each user generates a pair of keys to be used for the

A
encryption and decryption of messages.
2. Each user places one of the two keys in a public register or
a
other accessible file. This is the public key.
ar
The companion key is kept private.
sh

Each user maintains a collection of public keys obtained from

others.
Bu

3. If Bob wishes to send a confidential message to Alice, Bob

encrypts the message using Alice's public key.
4. When Alice receives the message, she decrypts it using her
private key. No other recipient can decrypt the message
because only Alice knows Alice's private key.
Bu
sh
ara
A
R
Public-Key Cryptosystem: Secrecy
❖With the message X and the encryption key PUb as input,
A forms the ciphertext Y = [Y1, Y2,..., YN]:

❖Y = E(PUb, X)
❖The intended receiver, in possession of the matching
private key, is able to invert the transformation:

❖X = D(PRb, Y)

R
A
a ra
sh
Bu
Public-Key Cryptosystem: Authentication

R
A
ra
❖A prepares a message to B and encrypts it using A's
a

private key before transmitting it.

sh

❖B can decrypt the message using A's public key. Because

Bu

the message was encrypted using A's private key, only A

could have prepared the message.
❖Therefore, the entire encrypted message serves as a
digital signature.
❖In addition, it is impossible to alter the message without
access to A's private key, so the message is authenticated
both in terms of source and in terms of data integrity.
Public-Key Cryptosystem: Authentication and Secrecy

R
A
a
ar

❖It is, however, possible to provide both the authentication

sh

function and confidentiality by a double use of the

public-key scheme (Figure 9.4):
Bu

❖Z = E(PUb, E(PRa, X))

❖X = D(PUa, E(PRb, Z))

2. Application for Public key Cryptosystem,

 ● Public-key systems are characterized by the use of a
cryptographic algorithm with two keys, one held private
and one available publicly.
● Depending on the application, the sender uses either the
sender's private key or the receiver's public key, or both, to
perform some type of cryptographic function.

➢The application for public-key cryptosystems are classified

into three categories:

R
1. Encryption/decryption: The sender encrypts a message

A
with the recipient's public key.
2. Digital signature: The sender "signs" a message with its
a
private key. Signing is achieved by a cryptographic
ar
algorithm applied to the message or to a small block of
sh

data that is a function of the message.

3. Key exchange: Two sides cooperate to exchange a session
Bu

key. Several different approaches are possible, involving

the private key(s) of one or both parties.

Some algorithms are suitable for all three applications,

whereas others can be used only for one or two
of these applications.
 3.. Requirements of Public key Cryptosystem

R
A
1. It is computationally easy for a party B to generate a pair
(public key PUb, private key PRb).
a
ar
2. It is computationally easy for a sender A, knowing the
sh

public key and the message to be encrypted, M, to

generate the corresponding ciphertext:
Bu

C = E(PUb, M)

3. It is computationally easy for the receiver B to decrypt the

resulting ciphertext using the private key to recover the
original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]

4. It is computationally infeasible for an adversary, knowing

the public key, PUb, to determine the private key, PRb.
 5. It is computationally infeasible for an adversary, knowing
the public key, PUb, and a ciphertext, C, to recover the
original message, M.

6. The two keys can be applied in either order:

M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]

R
4. RSA ALGORITHM
RSA algorithm is a public key encryption technique and is

A
considered as the most secure way of encryption. It was
a
invented by Rivest, Shamir and Adleman in year 1978 and
hence name RSA algorithm.
ar

1. Select two prime numbers, p = 17 and q = 11.

sh

2. Calculate n = pq = 17 x 11 = 187.
3. Calculate φ(n) = (p - 1)(q - 1) = 16 x 10 = 160.
Bu

4. Select e such that e is relatively prime to φ(n) = 160 and

less than φ(n) we choose e = 7.
5. Determine d such that de = 1 (mod 160) and d < 160. The
correct value is d = 23, because
23x 7 = 161 = 10 x 160 + 1;
d can be calculated using the extended Euclid's
algorithm (d*e mod Ø(n) = 1
The resulting keys are public key PU = {7,187} and private key
PR = {23,187}. The example shows the use of these keys for a
plaintext input of M = 88. For encryption, we need to calculate
C = 887 mod 187.
Exploiting the properties of modular arithmetic, we can do this
as follows:

R
887 mod 187 = [(884 mod 187) x (882 mod 187) x (881 mod 187)]
mod 187
881 mod 187 = 88
A
a
882 mod 187 = 7744 mod 187 = 77
ar
884 mod 187 = 59,969,536 mod 187 = 132
887 mod 187 = (88 x 77 x 132) mod 187 = 894,432 mod 187 = 11
sh

For decryption, we calculate

M = 1123 mod 187:
Bu

1123 mod 187 = [(111 mod 187) x (112 mod 187) x (114 mod 187) x
(118 mod 187) x (118 mod 187)] mod 187

111 mod 187 = 11

112 mod 187 = 121
114 mod 187 = 14,641 mod 187 = 55
118 mod 187 = 214,358,881 mod 187 = 33
1123 mod 187 = (11 x 121 x 55 x 33 x 33) mod 187 = 79,720,245
mod 187 = 88

R
A
………………………………………………………………………………………………………………………………………………………
a
Euler's Totient Function
ar
sh

Euler's totient function and written φ(n), defined as the

number of positive integers less than n and relatively prime to
Bu

n.
By convention, φ(1) = 1.

Let n=7 , φ(7) = 6 {1, 2, 3, 4, 5, 6}

Let n=6 , φ(6) = 2 {1, 5}

φ(10) = ?
Determine φ(37) and φ(35).

Because 37 is prime, all of the positive integers from 1 through

36 are relatively prime to 37. Thus φ(37) = 36.

To determine φ(35), we list all of the positive integers less

than 35 that are relatively prime to it:

1, 2, 3, 4, 6, 8, 9, 11, 12, 13, 16, 17, 18, 19, 22, 23, 24, 26, 27, 29, 31, 32,
33, 34.

R
A
There are 24 numbers on the list, so φ(35) = 24.
a
It should be clear that for a prime number p, φ(p) = p-1
ar
sh

Now suppose that we have two prime numbers p and q, Then

we can show that for n = pq,
Bu

φ(n) = φ(pq) = φ(p) x φ(q) = (p - 1) x (q - 1)

 Euler’s theorem

Euler's theorem states that for every a and n that are

relatively prime {gcd(a,n) = 1}:

aφ(n) ≡ 1 (mod n)
Or aφ(n) (mod n) = 1

R
a = 3; n = 10; φ(10) = 4 aφ(n) =
34 = 81 (mod 10) = 1
φ(10) = 4 {1, 3, 7, 9}
A
a
ar
a = 2; n = 11; φ(11) = 10
aφ(n) = 210 = 1024 (mod 11) = 1
sh
Bu
 Fermat’s theorem

Fermat's theorem states the following:

If p is prime and a is a positive integer not divisible by p, then
1. aP-1 ≡ 1 (mod p)
aP-1 (mod p) = 1
2. aP ≡ a (mod p)
aP (mod p) = a

R
Eg: a=2, p=3

A
aP-1 = 22 (mod 3) = 1
a
aP = 23 (mod 3) = 8 mod 3 = 2
ar
sh
Bu
Key management - Distribution of public keys,
Publicly available directory, Public key authority

Distribution of Public Keys

Several techniques have been proposed for the distribution of public
keys. Virtually all these proposals
can be grouped into the following general schemes:
● Public announcement
● Publicly available directory

R
● Public-key authority
● Public-key certificates

A
a
Public Announcement of Public Keys
ar

● Any participant can send his or her public key to

sh

any other participant or broadcast the key to the

Bu

community at large.
 major weakness : Anyone can forge such a public announcement.
That is, some user could pretend to be user A and send a
public key to another participant or broadcast such a public
key.

Publicly Available Directory

R
A
a
ar
1. The authority maintains a directory with a {name, public
sh

key} entry for each participant.

2. Each participant registers a public key with the directory
Bu

authority.
3. A participant may replace the existing key with a new one
at any time.
4. Participants could also access the directory electronically.

This scheme is clearly more secure than individual public announcements but still
has vulnerabilities. If an adversary succeeds in obtaining or computing the private
key of the directory authority, the adversary could authoritatively pass out
counterfeit public keys and subsequently impersonate any participant and
eavesdrop on messages sent to any participant.
 Public-Key Authority

R
A
a ra
sh

1. A sends a time stamped message to the public-key authority

containing a request for the current public key of B.
Bu

2. The authority responds with a message that is encrypted using the

authority's private key, PRauth. Thus, A is able to decrypt the
message using the authority's public key. Therefore, A is assured
that the message originated with the authority. The message
includes the following:
● B's public key,
● PUb The original request
 ● The original timestamp, so A can determine that this is
not an old message from the authority containing a key
other than B's current public key

R
A
a ra
sh

3. A stores B's public key and also uses it to encrypt a message to B

containing an identifier of A (IDA) and a nonce (N1), which is used to
Bu

identify this transaction uniquely.

4. B retrieves A's public key from the authority in the same manner
as A retrieved B's public key.
5. At this point, public keys have been securely delivered to A and B,
and they may begin their protected exchange. However, two
additional steps are desirable:
6. B sends a message to A encrypted with PU a and containing A's
nonce (N1) as well as a new nonce generated by B (N2) Because only
 B could have decrypted message (3), the presence of N1 in message
(6) assures A that the correspondent is B.
7. A returns N2, encrypted using B's public key, to assure B that its
correspondent is A.

Public-Key Certificates

R
A
a ra
sh
Bu

1. Any participant can read a certificate to determine the

name and public key of the certificate's owner..
2. Any participant can verify that the certificate originated
from the certificate authority and is not counterfeit.
3. Only the certificate authority can create and update
certificates.
4. Any participant can verify the currency of the certificate.
 CA = E(PRauth, [ T || IDA || PUa ] )

where PRauth is the private key used by the authority and T is a

timestamp.
A may then pass this certificate on to any other participant, who
reads and verifies the certificate as follows:
D(PUauth, CA) = D(PUauth, E(PRauth, [T||IDA||PUa])) = (T||IDA||PUa)

R
A
a ra
sh
Bu
 Distribution of Secret Keys Using Public-Key
Cryptography

1. Simple Secret Key Distribution

R
A
ra
1. A generates a public/private key pair {PUa, PRa} and transmits a
message to B consisting of PUa and an identifier of A, IDA.
a

2. B generates a secret key, Ks, and transmits it to A, encrypted

sh

with A's public key.

Bu

3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because

only A can decrypt the message, only A and B will know
the identity of Ks

4. A discards PUa and PRa and B discards PUa

 2. Secret Key Distribution with Confidentiality and
Authentication

R
A
ra
1. A uses B's public key to encrypt a message to B containing an
identifier of A (IDA) and a nonce (N1), which is used to
a

identify this transaction uniquely.

sh

2. B sends a message to A encrypted with PUa and containing A's

nonce (N1) as well as a new nonce generated by B (N2)
Bu

Because only B could have decrypted message (1), the

presence of N1 in message (2) assures A that the
correspondent is B.
3. A returns N2 encrypted using B's public key, to assure B that its
correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B.
Encryption of this message with B's public key ensures
 that only B can read it; encryption with A's private key
ensures that only A could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.

R
➕please subscribe
ra
A
a
sh
Bu