SE205 - Unit 3: Asymmetric Cryptography

Glossary of Terms

A cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. Also known as Public-Key Cryptography. Enables encryption, digital signatures, and key exchange without pre-sharing a secret key.

An encryption algorithm that operates on fixed-length groups of bits, called blocks. Asymmetric algorithms like RSA operate mathematically on integers representing blocks.

Trying all possible private keys. Countered by using very large key sizes (e.g., 2048 bits or more for RSA).

An asymmetric protocol used to establish a shared secret (symmetric key) between two parties over an insecure channel. It does not encrypt messages itself but enables secure key establishment.

An application of asymmetric cryptography used to verify the authenticity and integrity of a message. The sender signs (encrypts a hash of the message) with their private key, and anyone can verify using the sender's public key.

A U.S. federal standard for digital signatures based on the Digital Signature Algorithm (DSA), which is an asymmetric algorithm but cannot be used for encryption, only signing.

An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. Provides equivalent security to RSA with much smaller key sizes, leading to better performance.

An asymmetric key encryption algorithm based on the Diffie-Hellman key exchange, using the difficulty of the discrete logarithm problem. Can be used for both encryption and digital signatures.

To send a confidential message, the sender encrypts it using the recipient's public key. Only the recipient, with their corresponding private key, can decrypt the message.

In number theory, for a positive integer n, the totient φ(n) is the number of positive integers less than or equal to n that are relatively prime to n (i.e., share no common factors other than 1). For RSA, if n = p*q (p, q are prime), then φ(n) = (p-1)*(q-1).

A whole number (not a fraction). In RSA, the plaintext and ciphertext are treated as large integers for mathematical operations.

An application of asymmetric cryptography where two parties cooperate to securely establish a shared secret key (typically a symmetric key for later bulk encryption) over an insecure channel. Examples: Diffie-Hellman, RSA key transport.

A system of arithmetic for integers, where numbers "wrap around" upon reaching a certain value—the modulus. Operations like 'mod n' find the remainder after division by n. Central to RSA and Diffie-Hellman.

A mathematical function that is easy to compute in one direction (e.g., encrypting with a public key) but computationally infeasible to reverse (e.g., decrypting without the private key, or finding the private key from the public key).

An encryption program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. It typically uses a hybrid approach (asymmetric for key exchange/signing, symmetric for bulk encryption).

A natural number greater than 1 that has no positive divisors other than 1 and itself. The security of RSA relies on the difficulty of factoring the product of two large prime numbers.

In asymmetric cryptography, the key of the key pair that is kept secret by the owner. Used for decryption (in public-key encryption) or signing (in digital signatures).

In asymmetric cryptography, the key of the key pair that can be shared openly. Used for encryption (in public-key encryption) or verifying signatures (in digital signatures).

See Asymmetric Cryptography.

Two integers are relatively prime (or coprime) if their greatest common divisor (GCD) is 1. In RSA, the public exponent 'e' must be relatively prime to φ(n).

A widely used public-key cryptosystem for secure data transmission. Named after its inventors Rivest, Shamir, and Adleman. Can be used for both encryption and digital signatures.

A symmetric key used for encrypting messages during a single communication session only. Often established using an asymmetric key exchange method like Diffie-Hellman or RSA.

An attack based on information gained from the physical implementation of a cryptosystem, rather than theoretical weaknesses. Examples include timing analysis, power monitoring, or electromagnetic leaks. RSA can be vulnerable if not implemented carefully.

Key Concepts & Examples from Unit 3

Asymmetric (Public-Key) Cryptography Principles

Based on mathematical functions rather than simple substitution/permutation.

  • Uses two separate, mathematically related keys:
    • Public Key: Shared openly, used for encryption or signature verification.
    • Private Key: Kept secret, used for decryption or signature creation.
  • Key Principle: Data encrypted with one key can only be decrypted with the other key in the pair.
  • Relies on one-way functions: easy to compute forward (encrypt), computationally infeasible to reverse without the private key.
  • Essential Steps:
    1. Key Generation: Each party generates a public/private key pair.
    2. Key Exchange: Parties exchange *public* keys (private keys are never shared).
    3. Encryption: Sender encrypts data using the *recipient's* public key.
    4. Sending: Encrypted data transmitted over insecure channel.
    5. Decryption: Recipient decrypts data using their *own* private key.
  • Applications:
    • Encryption/Decryption: Sender encrypts with recipient's public key (Confidentiality).
    • Digital Signature: Sender signs (encrypts hash) with their private key (Authentication, Integrity, Non-repudiation).
    • Key Exchange: Establish a shared symmetric (session) key (e.g., Diffie-Hellman).

Comparison: Symmetric vs. Asymmetric (See slide 15 for table)

  • Speed: Symmetric is much faster.
  • Key Management: Asymmetric simplifies distribution (only public keys shared), Symmetric requires secure channel for shared key.
  • Use Cases: Symmetric for bulk data encryption (files, VPNs), Asymmetric for key exchange, digital signatures, authentication (SSL/TLS, PGP).
  • Security (Key Length): Asymmetric keys need to be much longer for equivalent security (e.g., 3072-bit RSA ≈ 256-bit AES).

Common Practice (Hybrid Approach): Use asymmetric crypto to securely exchange a symmetric session key, then use the faster symmetric crypto for bulk data encryption (e.g., SSL/TLS, PGP).

RSA Algorithm (Rivest, Shamir, Adleman)

Most widely used public-key algorithm. Can be used for encryption and digital signatures.

RSA Key Generation Steps

  1. Select two large distinct prime numbers, p and q. (Must be kept secret).
  2. Calculate modulus n = p * q. (n is part of the public/private key, its bit length determines key size).
  3. Calculate Euler's Totient Function: φ(n) = (p-1) * (q-1). (Must be kept secret).
  4. Choose public exponent e such that:
    • 1 < e < φ(n)
    • e and φ(n) are relatively prime (gcd(e, φ(n)) = 1). (Common values are 3, 65537).
  5. Calculate private exponent d such that:
    • (d * e) mod φ(n) = 1. (i.e., d is the modular multiplicative inverse of e modulo φ(n)).
  6. Public Key: KU = {e, n}
  7. Private Key: KR = {d, n}

RSA Encryption/Decryption

Plaintext M and Ciphertext C are integers (M < n).

Encryption: C = Me mod n

Decryption: M = Cd mod n

RSA Example (from slide 26-27):

  1. Select p = 13, q = 11.
  2. Calculate n = p * q = 13 * 11 = 143.
  3. Calculate φ(n) = (p-1)*(q-1) = (12)*(10) = 120.
  4. Choose e = 13 (Check: 1 < 13 < 120, gcd(13, 120)=1. OK).
  5. Calculate d such that (d * 13) mod 120 = 1.
    • Using Extended Euclidean Algorithm or trial: d = ((φ(n) * i) + 1) / e
    • i=1: (120*1+1)/13 = 9.30
    • i=2: (120*2+1)/13 = 18.53
    • i=3: (120*3+1)/13 = 27.76
    • i=4: (120*4+1)/13 = 481 / 13 = 37. So, d = 37.
  6. Public Key KU = {13, 143}.
  7. Private Key KR = {37, 143}.

Encryption Example: Plaintext M = 13.

C = Me mod n = 1313 mod 143

(Calculation requires modular exponentiation)

Ciphertext C = 52 (as per slide)

Decryption Example: Ciphertext C = 52.

M = Cd mod n = 5237 mod 143

Plaintext M = 13 (as per slide)

Exercise 1 (Slide 28): p=7, q=17, e=5. Encrypt M=? (Need M). Decrypt C=? (Need C). Let's find keys first.

n = 7 * 17 = 119

φ(n) = (7-1)*(17-1) = 6 * 16 = 96

e = 5 (Given, gcd(5, 96)=1)

Find d: (d * 5) mod 96 = 1. (96*i + 1) / 5

i=1: 97/5 X, i=2: 193/5 X, i=3: 289/5 X, i=4: 385/5 = 77. d = 77.

Public Key = {5, 119}, Private Key = {77, 119}.

Slide encrypts M=6: C = 65 mod 119 = 7776 mod 119. 7776 / 119 = 65.34... 7776 - 65*119 = 7776 - 7735 = 41. C = 41.

Slide decrypts C=41: M = 4177 mod 119. (Requires modular exponentiation). M = 6.

Keys: KU={5, 119}, KR={77, 119}. If M=6, C=41. If C=41, M=6.

RSA Pros & Cons

  • Advantages: Very secure (if key is large), Public-key mechanism (key exchange, digital sig), Widely used standard.
  • Disadvantages: Slow processing speed, Requires large key sizes (computationally expensive), Vulnerable to side-channel attacks (implementation issue), Vulnerable to quantum computing (future threat), Key management of private key critical.

Diffie-Hellman Key Exchange

Allows two parties to establish a shared secret (symmetric key) over an insecure channel.

Algorithm Steps

  1. Alice and Bob agree on large prime P and a primitive root generator G (both public).
  2. Alice chooses a secret random integer a. Bob chooses a secret random integer b.
  3. Alice computes her public key: A = Ga mod P. Sends A to Bob.
  4. Bob computes his public key: B = Gb mod P. Sends B to Alice.
  5. Alice computes the shared secret: S = Ba mod P = (Gb)a mod P.
  6. Bob computes the shared secret: S = Ab mod P = (Ga)b mod P.
  7. Both now share the same secret key S = Gab mod P, which was never transmitted directly.

Diffie-Hellman Example (Slide 36):

  1. Public numbers: P = 23, G = 9.
  2. Alice secret a = 4. Bob secret b = 3.
  3. Alice computes public key: A = Ga mod P = 94 mod 23 = 6561 mod 23 = 6.
  4. Bob computes public key: B = Gb mod P = 93 mod 23 = 729 mod 23 = 16.
  5. Alice and Bob exchange public keys A=6, B=16.
  6. Alice computes shared secret: S = Ba mod P = 164 mod 23 = 65536 mod 23 = 9.
  7. Bob computes shared secret: S = Ab mod P = 63 mod 23 = 216 mod 23 = 9.
Shared Secret Key = 9

Other Asymmetric Systems

  • ElGamal Cryptosystem: Based on Diffie-Hellman concepts and discrete logarithm problem. Used for digital signatures (part of DSS) and encryption.
  • Elliptic Curve Cryptography (ECC): Uses mathematics of elliptic curves. Provides equivalent security to RSA with much smaller keys, leading to better performance (important for mobile/constrained devices). Used for key exchange and digital signatures.

Fill in the Blank Questions

True/False Questions

Multiple Choice Questions