ECEG-6530

Computer (and Network) Security

RSA, Generating Random Numbers,

EL Gamal encryption, Hybrid
Encryption

1
Random Number Generation
 Random numbers play an important role in the use of
encryption for various network security applications. In
this section, we provide a brief overview of the use of
random numbers in network security and then look at
some approaches to generating random numbers.

2
The Use of Random Numbers
A number of network security algorithms based on cryptography make
use of random numbers. For example,
•Reciprocal authentication schemes, In both of these key distribution
scenarios, nonces are used for handshaking to prevent replay attacks.
The use of random numbers for the nonces frustrates opponents' efforts
to determine or guess the nonce.
•Session key generation, whether done by a key distribution center or
by one of the principals.
•Generation of keys for the RSA public-key encryption algorithm

These applications give rise to two distinct and not necessarily

compatible requirements for a sequence of random numbers:
randomness and unpredictability.

3
Introduction to Number Theory
 Divisors
– b|a if a=mb for an integer m
– b|a and c|b then c|a
– b|g and b|h then b|(mg+nh) for any integer m,n
 Prime number
– P has only positive divisors 1 and p
 Relatively prime numbers
– No common divisors for p and q except 1

4
Prime numbers
 Upto 200
– 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97
101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181
191 193 197 199
 Largest known so far (till 2008, Jan 22)
– 232582657-1 with 9808358 digits (found 2006 using proof code G9)
– When 2n-1is prime it is said to be a Mersenne prime (a French monk
1588-1648, conjecture 1644). Clearly n must be odd.
 How many prime numbers are there?
– Infinity ---- Euclid gave simple proof
• Proof by contradiction
• They were also irregularly placed (arbitrary gap)
– How many in the range [0,n] -- Theta( n / log n)
• Approximately, the nth prime n log n
– How many primes with d bits approximately? ~ Theta(2d/d)

5
Determining Primes?
 How to determine if a given number n is prime?
– Deterministic Brute force testing
• Testing whether a number a | n, for a in certain range
– Random testing
• A prime number should satisfy some properties
• If a number x does NOT have any of such properties, then this
x is NOT a prime
– Otherwise, it may be a prime number

– Properties: for any number a, a does not divide x,

• More properties will be studied and used to design efficient
methods

6
Is that number prime?
 Use the Fermat primality test
 Given:
– n: the number to test for primality
– k: the number of times to test (the certainty)
 The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime

7
Is that number prime?
 The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime

 Let n = 105
– Iteration 1: a = 92: 92104 mod 105 = 1
– Iteration 2: a = 84: 84104 mod 105 = 21
– Therefore, 105 is composite

8
Is that number prime?
 The algorithm is:
repeat k times:
pick a randomly in the range [1, n−1]
if an−1 mod n ≠ 1 then return composite
return probably prime

 Let n = 101
– Iteration 1: a = 55: 55100 mod 100 = 1
– Iteration 2: a = 60: 60100 mod 100 = 1
– Iteration 3: a = 14: 14100 mod 100 = 1
– Iteration 4: a = 73: 73100 mod 100 = 1
– At this point, 101 has a (½)4 = 1/16 chance of still
being composite
9
RSA
 Stands for the inventors: Ron Rivest, Adi
Shamir and Len Adleman

 Three parts:
– Key generation
– Encrypting a message
– Decrypting a message

10
Key generation steps
1. Choose two random large prime numbers p ≠ q, and
n = p*q
2. Choose an integer 1 < e < n which is relatively prime
to (p-1)(q-1)
3. Compute d such that d * e ≡ 1 (mod (p-1)(q-1))
– Rephrased: d*e mod (p-1)(q-1) = 1

4. Destroy all records of p and q

11
Key generation, step 1
 Choose two random large prime numbers p ≠ q
– In reality, 2048 bit numbers are recommended
• That’s  617 digits

• We can compute if a number is prime relatively quickly

via the Fermat primality test

 We choose p = 107 and q = 97

 Compute n = p*q
– n = 10379

12
 Key generation, step 1
 Java code to find a big prime number:

BigInteger prime = new BigInteger

(numBits, certainty, random);

The number of Certainty that the The random number

bits of the prime number is a prime generator

13
Key generation, step 1
 Java code to find a big prime number:
import java.math.*;
import java.util.*;

class BigPrime {

static int numDigits = 617;

static int certainty = 100;

static final double LOG_2 = Math.log(10)/Math.log(2);

static int numBits = (int) (numDigits * LOG_2);

public static void main (String args[]) {

Random random = new Random();
BigInteger prime = new BigInteger (numBits, certainty,
random);
System.out.println (prime);
}
}

14
Key generation, step 1
 How long does this take?
– Keep in mind this is Java!
– These tests done on a 850 Mhz Pentium
machine
– Average of 100 trials (certainty = 100)
– 200 digits (664 bits): about 1.5 seconds
– 617 digits (2048 bits): about 75 seconds

15
Key generation, step 1
 Practical considerations
– p and q should not be too close together
– (p-1) and (q-1) should not have small prime
factors
– Use a good random number generator

16
Key generation, step 2
 Choose an integer 1 < e < n which is
relatively prime to (p-1)(q-1)
 Easy way to do this: make e be a prime
number
– It only has to be relatively prime to (p-1)(q-
1), but can be fully prime

17
Key generation, step 2
 Recall that p = 107 and q = 97
– (p-1)(q-1) = 106*96 = 10176 = 26*3*53
 We choose e = 85
– 85 = 5*17
– gcd (85, 10176) = 1
– Thus, 85 and 10176 are relatively prime

18
Key generation, step 3
 Compute d such that:
d * e ≡ 1 (mod (p-1)(q-1))
– Rephrased: d*e mod (p-1)(q-1) = 1

 We choose d = 4669
– 4669*85 mod 10176 = 1

19
Key generation, step 3
 Java code to find d:
import java.math.*;

class FindD {
public static void main (String args[]) {

BigInteger pq = new BigInteger("10176");

BigInteger e = new BigInteger ("85");

System.out.println (e.modInverse(pq));
}
}

 Result: 4669

20
Key generation, step 4
 Destroy all records of p and q

 If we know p and q, then we can compute

the private encryption key from the public
decryption key

d * e ≡ 1 (mod (p-1)(q-1))

21
The keys
 We have n = p*q = 10379, e = 85, and
d = 4669
 The public key is (n,e) = (10379, 85)
 The private key is (n,d) = (10379, 4669)
 Thus, n is not private
– Only d is private
 In reality, d and e are 600 (or so) digit numbers
– Thus n is a 1200 (or so) digit number

22
Encrypting messages
 To encode a message:
1. Encode the message m into a number
2. Split the number into smaller numbers m < n
3. Use the formula c = me mod n
• c is the ciphertext, and m is the message
 Java code to do the last step:
– m.modPow (e, n)
– Where the object m is the BigInteger to
encrypt

23
Encrypting messages example
1. Encode the message into a number
– String is “Go Cavaliers!!”
– Modified ASCII codes:
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03

2. Split the number into numbers < n

– 4181 0237 6788 6778 7571 8485 0303
3. Use the formula c = me mod n
– 418185 mod 10379 = 4501
– 023785 mod 10379 = 2867
– 678885 mod 10379 = 4894
– Etc…
 Encrypted message:
– 4501 2867 4894 0361 3630 4496 6720

24
Decrypting messages
1. Use the formula m = cd mod n on each
number
2. Split the number into individual ASCII
character numbers
3. Decode the message into a string

25
Decrypting messages example
 Encrypted message:
– 4501 2867 4894 0361 3630 4496 6720

1. Use the formula m = cd mod n on each number

– 45014669 mod 10379 = 4181
– 28674669 mod 10379 = 0237
– 48944669 mod 10379 = 6788
– Etc…
2. Split the numbers into individual characters
– 41 81 02 37 67 88 67 78 75 71 84 85 03 03
3. Decode the message into a string
– Modified ASCII codes:
• 41 81 02 37 67 88 67 78 75 71 84 85 03 03
– Retrieved String is “Go Cavaliers!!”
26
modPow computation
1. How to compute c = me mod n or m = cd mod
n?
– Example: 45014669 mod 10379 = 4181
 Use the script at
http://www.cs.virginia.edu/cgi-bin/cgiwrap/asb/modpo
w

 Other means:
– Java: use the BigInteger.modPow() method
– Perl: use the bmodpow function in the BigInt library
– Etc…
27
Why this works
 m = cd mod n
 c = me mod n

 cd ≡ (me)d ≡ med (mod n)

 Recall that:
– ed ≡ 1 (mod p-1)
– ed ≡ 1 (mod q-1)
 Thus,
– med ≡ m (mod p)
– med ≡ m (mod q)
 med ≡ m (mod pq)
 med ≡ m (mod n)
28
Cracking a message
 In order to decrypt a message, we must compute m = cd mod n
– n is known (part of the public key)
– c is known (the ciphertext)
– e is known (the encryption key)
 Thus, we must compute d with no other information
– Recall: choose an integer 1 < e < n which is relatively prime to
(p-1)(q-1)
– Recall: Compute d such that d * e ≡ 1 (mod (p-1)(q-1))
 Thus, we must factor the composite n into it’s component primes
– There is no efficient way to do this!
– We can tell that n is composite very easily, but we can’t tell what its factors
are
 Once n is factored into p and q, we compute d as above
– Then we can decrypt c to obtain m
29
Cracking a message example
 In order to decrypt a message, we must compute m = cd
mod n
– n = 10379
– c is the ciphertext being cracked
– e = 85

 In order to determine d, we need to factor n

– d * e ≡ 1 (mod (p-1)(q-1))
– We factor n into p and q: 97 and 107
– d * 85 ≡ 1 (mod (96)(106))
– This would not have been feasible with two large prime
factors!!!
 We then compute d as above, and crack the message

30
Signing a message
 Recall that we computed
d*e mod (p-1)(q-1) = 1

 Note that d and e are interchangable!

– You can use either for the encryption key

 You can encrypt with either key!

– Thus, you must use the other key to decrypt
31
Signing a message
 To “sign” a message:
1. Write a message, and determine the MD5
hash
2. Encrypt the hash with your private
(encryption) key
3. Anybody can verify that you created the
message because ONLY the public
(encryption) key can decrypt the hash
4. The hash is then verified against the message

32
ElGamal
ElGamal
We will also take a look at the ElGamal public key
cipher system for a number of reasons:

 To show that RSA is not the only public key

system
 To exhibit a public key system based on a
different one way function
 ElGamal is the basis for several well-known
cryptographic primitives

34
Setting up ElGamal
 Let p be a large prime
– By “large” we mean here a prime rather typical in length to that of
an RSA modulus

 Select a special number g

– The number g must be a primitive element modulo p.

 Choose a private key x

– This can be any number bigger than 1 and smaller than p-1

 Compute public key y from x, p and g

– The public key y is g raised to the power of the private key x
modulo p. In other words: 

y = gx mod p
35
Setting up ElGamal: example
Step 1: Let p = 23

Step 2: Select a primitive element g = 11

Step 3: Choose a private key x = 6

Step 4: Compute y = 116 (mod 23)

=9

Public key is 9
Private key is 6

36
ElGamal encryption
The first job is to represent the plaintext as a series
of numbers modulo p. Then:
1. Generate a random number k
2. Compute two values C1 and C2, where

C1 = gk mod p and C2 = Myk mod p

3. Send the ciphertext C, which consists of the two

separate values C1 and C2.

37
ElGamal encryption: example

To encrypt M = 10 using Public key 9

1 - Generate a random number k = 3

2 - Compute C1= 113 mod 23 = 20

C2= 10 x 93 mod 23
= 10 x 16 = 160 mod 23 = 22

3 - Ciphertext C = (20 , 22 )

38
ElGamal decryption
C1 = gk mod p C2 = Myk mod p

1 - The receiver begins by using their private key x to

transform C1 into something more useful:

C1x = (gk)x mod p

NOTE: C1x = (gk)x = (gx)k = (y)k = yk mod p

2 - This is a very useful quantity because if you divide

C2 by it you get M. In other words:

C2 / yk = (Myk) / yk = M mod p

39
ElGamal decryption: example

To decrypt C = (20 , 22 )

1 - Compute 206 = 16 mod 23

2 - Compute 22 / 16 = 10 mod 23

3 - Plaintext = 10

40
Security of ElGamal
Recall the two different strategies for trying
to “break” RSA:
1. Trying to decrypt a ciphertext without
knowledge of the private key
2. Trying to determine the private key

41
 ElGamal v RSA
PROS of ElGamal CONS of ElGamal
 Does not rely on
 Requires a random number
factorisation being hard generator
 Message expansion

42
Diffie-Hellman
Diffie-Hellman
The Diffie–Hellman (DH) key exchange technique was first defined
in their seminal paper in 1976.
DH key exchange is a method of exchanging public (i.e. non-secret)
information to obtain a shared secret.
DH is not an encryption algorithm.

DH key exchange has the following important properties:

1. The resulting shared secret cannot be computed by either of the
parties without the cooperation of the other.
2. A third party observing all the messages transmitted during DH
key exchange cannot deduce the resulting shared secret at the
end of the protocol.

44
Principle behind DH
DH key exchange was first proposed before there were any
known public key algorithms, but the idea behind it motivated
the hunt for practical public key algorithms.
DH key exchange is not only a useful and practical key
establishment technique, but also a significant milestone in
the history of modern cryptography.

DH key exchange assumes first that there exists:

1. A public key cipher system that has a special property (we
come to this shortly).

2. A carefully chosen, publicly known function F that takes two

numbers x and y as input, and outputs a third number F(x,y)
(for example, multiplication is such a function).

45
 Principle behind DH
Assume that Alice and Bob are the parties who wish to establish a
shared secret, and let their public and private keys in the public
key cipher system be denoted by (PA , SA) and (PB , SB)
respectively.
The basic principle behind Diffie–Hellman key exchange is as
follows:

1. Alice and Bob exchange their public keys PA and PB.

2. Alice computes F(SA , PB)
3. Bob computes F(SB, PA)
4. The special property of the public key cipher system, and the
choice of the function F, are such that F(SA , PB) = F(SB,
PA). If this is the case then Alice and Bob now share a secret.
5. This shared secret can easily be converted by some public
means into a bitstring suitable for use as, for example, a DES
key.
46
 Diffie-Hellman key exchange
The most commonly described implementation of DH key
exchange uses the keys of the ElGamal cipher system and a
very simple function F.

The system parameters (which are public) are:

• a large prime number p – typically 1024 bits in length
• a primitive element g

1. Alice generates a private random value a, calculates ga (mod p) and

sends it to Bob. Meanwhile Bob generates a private random value
b, calculates gb (mod p) and sends it to Alice.
2. Alice takes gb and her private random value a to compute
(gb)a = gab (mod p).
3. Bob takes ga and his private random value b to compute
(ga)b = gab (mod p).
4. Alice and Bob adopt gab (mod p) as the shared secret.

47
Hybrid Encryption

Definition - What does Hybrid Encryption mean?

 Hybrid encryption is a mode of encryption that merges two
or more encryption systems. It incorporates a combination
of asymmetric and symmetric encryption to benefit from
the strengths of each form of encryption. These strengths
are respectively defined as speed and security.
 Hybrid encryption is considered a highly secure type of
encryption as long as the public and private keys are fully
secure.

48
Hybrid Encryption
 A hybrid encryption scheme is one that blends the convenience of an asymmetric
encryption scheme with the effectiveness of a symmetric encryption scheme.
 Hybrid encryption is achieved through data transfer using unique session keys along
with symmetrical encryption. Public key encryption is implemented for random
symmetric key encryption. The recipient then uses the public key encryption method to
decrypt the symmetric key. Once the symmetric key is recovered, it is then used to
decrypt the message.
 The combination of encryption methods has various advantages. One is that a
connection channel is established between two users' sets of equipment. Users then have
the ability to communicate through hybrid encryption. Asymmetric encryption can slow
down the encryption process, but with the simultaneous use of symmetric encryption,
both forms of encryption are enhanced. The result is the added security of the transmittal
process along with overall improved system performance.

49
Summary
 Public key systems replace the problem of distributing symmetric keys
with one of authenticating public keys
 Public key encryption algorithms need to be trapdoor one-way functions
 RSA is a public key encryption algorithm whose security is believed to
be based on the problem of factoring large numbers
 ElGamal is a public key encryption algorithm whose security is believed
to be based on the discrete logarithm problem
 RSA is generally favoured over ElGamal for practical rather than
security reasons
 RSA and ElGamal are less efficient and fast to operate than most
symmetric encryption algorithms because they involve modular
exponentiation
 DH key exchange is an important protocol on which many real key
exchange protocols are based

50