Scribd
Upload
22 views

Asymmetric Key Cryptography

The document discusses asymmetric-key cryptography and introduces trapdoor one-way functions and their use in asymmetric cryptosystems. It describes the RSA and ElGamal cryptosystems, including their key generation, encryption, and decryption procedures. It also discusses attacks on asymmetric cryptosystems and comparisons between symmetric and asymmetric approaches.

Uploaded by

aswanidhruv
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
22 views

Asymmetric Key Cryptography

The document discusses asymmetric-key cryptography and introduces trapdoor one-way functions and their use in asymmetric cryptosystems. It describes the RSA and ElGamal cryptosystems, including their key generation, encryption, and decryption procedures. It also discusses attacks on asymmetric cryptosystems and comparisons between symmetric and asymmetric approaches.

Uploaded by

aswanidhruv
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 49

Asymmetric-Key

Cryptography
Objectives
 To distinguish between two cryptosystems:
symmetric-key and asymmetric-key
 To introduce trapdoor one-way functions and their
use in asymmetric-key cryptosystems
 To introduce the knapsack cryptosystem as one of
the first ideas in asymmetric-key cryptography
 To discuss the RSA cryptosystem
 To discuss the ElGamal cryptosystem
INTRODUCTION

 Symmetric and asymmetric-key cryptography will


exist in parallel and continue to serve the
community.
 We actually believe that they are complements of
each other; the advantages of one can compensate
for the disadvantages of the other.

Symmetric-key cryptography is based on sharing secrecy;


asymmetric-key cryptography is based on personal secrecy.
Difference Between Symmetric And
Asymmetric Key Cryptography
 Symmetric is based on substitution and
permutation of symbols whereas asymmetric is
based on applying mathematical functions to
numbers.
 In symmetric, plaintext and cipher text are
thought of as a combination of symbols whereas
in asymmetric plain text and cipher text are
numbers.
Keys

Asymmetric key cryptography uses two separate keys: one


private and one public.

Figure Locking and unlocking in asymmetric-key cryptosystem


General Idea

Figure General idea of asymmetric-key cryptosystem


Continued

Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext
and cipher text are treated as integers in
asymmetric-key cryptography.

Encryption/Decryption

C = f (Kpublic , P) P = g(Kprivate , C)
Need for Both

There is a very important fact that is sometimes


misunderstood: The advent of asymmetric-key
cryptography does not eliminate the need for
symmetric-key cryptography.
Trapdoor One-Way Function

The main idea behind asymmetric-key


cryptography is the concept of the trapdoor one-
way function.

Functions

Figure A function as rule mapping a domain to a range


Continued
One-Way Function (OWF)

1. f is easy to compute.
2. f −1 is difficult to compute.

Trapdoor One-Way Function (TOWF)

3. Given y and a trapdoor, x can be


computed easily.
Continued

Example
When n is large, n = p × q is a one-way function. Given p and
q , it is always easy to calculate n ; given n, it is very difficult to
compute p and q. This is the factorization problem.

Example
When n is large, the function y = xk mod n is a trapdoor one-
way function. Given x, k, and n, it is easy to calculate y. Given
y, k, and n, it is very difficult to calculate x. This is the discrete
logarithm problem. However, if we know the trapdoor, k′ such
that k × k ′ = 1 mod f(n), we can use x = yk′ mod n to find x.
Knapsack Cryptosystem
Definition
a = [a1, a2, …, ak ] and x = [x1, x2, …, xk].

Given a and x, it is easy to calculate s. However, given s


and a it is difficult to find x.

Superincreasing Tuple

ai ≥ a1 + a2 + … + ai−1
Continued

e.g. : Assume that a = [17, 25, 46, 94, 201,400] and s = 272 are
given.
Continued

Example
As a very trivial example, assume that a = [17, 25, 46, 94,
201,400] and s = 272 are given. Table 10.1 shows how the
tuple x is found using inv_knapsackSum routine in Algorithm
10.1. In this case x = [0, 1, 1, 0, 1, 0], which means that 25, 46,
and 201 are in the knapsack.
Secret Communication with Knapsacks.
Continued

Secret Communication with Knapsacks.

Figure Secret communication with knapsack cryptosystem


RSA CRYPTOSYSTEM

The most common public-key algorithm is the RSA


cryptosystem, named for its inventors (Rivest, Shamir,
and Adleman).
Introduction

Figure Complexity of operations in RSA


Procedure

Figure Encryption, decryption, and key generation in RSA


Continued

Two Algebraic Structures

Encryption/Decryption Ring: R = <Zn , +, × >

Key-Generation Group: G = <Z f(n)∗, × >


Continued
Continued

Encryption
Continued

Decryption

Example : Encrypt P using RSA algorithm if


p=7, q=11, e=13 and P=5.
Some Trivial Examples
Example

Bob chooses 7 and 11 as p and q and calculates n = 77. The


value of f(n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then d
is 37. Note that e × d mod 60 = 1 (they are inverses of each
Now imagine that Alice wants to send the plaintext 5 to Bob.
She uses the public exponent 13 to encrypt 5.

Bob receives the ciphertext 26 and uses the private key 37 to


decipher the ciphertext:
Some Trivial Examples
Example

Now assume that another person, John, wants to


send a message to Bob. John can use the same
public key announced by Bob (probably on his
website), 13; John’s plaintext is 63. John calculates
the following:

Bob receives the ciphertext 28 and uses his private key 37 to


decipher the ciphertext:
Some Trivial Examples
Example

Jennifer creates a pair of keys for herself. She


chooses p = 397 and q = 401. She calculates
n = 159197. She then calculates f(n) = 158400. She
then chooses e = 343 and d = 12007. Show how Ted
can send a message to Jennifer if he knows e and n.

Suppose Ted wants to send the message “NO” to


Jennifer. He changes each character to a number
(from 00 to 25), with each character coded as two
digits. He then concatenates the two coded
characters and gets a four-digit number. The plaintext
is 1314. Figure 10.7 shows the process.
Continued

Figure Encryption and decryption


Attacks on RSA

Figure Taxonomy of potential attacks on RSA


Factorization Attack

1. Eve can factor n and obtain p and q and once


p and q is obtained then nothing left.
2. To be secure, RSA requires that n should be
more than 300 decimal digits , which means
that modulus must be at least 1024 bits.
Chosen cipher text Attack
Attacker intercepts C and uses following steps to
find P :
Attacks on Encryption Exponent (e)
Recommendation is to use e=216 + 1 i.e. 65537
(or a prime close to this value)
1. Coppersmith theorem attack
2. Broadcast attack:

3. Related Message Attack


4. Short Pad Attack
Attacks on Decryption Exponent (d)
1. Revealed Decryption exponent attack :
If d is compromised, then p, q, n, e and d
must be regenerated
2. Low decryption exponent attack:
recommendation is to have d >=1/3 n1/4
Plaintext attacks
1. Short message attack: Strongly
recommended that messages be padded
with random bits before encryption
using OAEP.
2. Cycling Attack:

3. Unconcealed message attack


Attacks on Modulus (n)

1. Common modulus attack: to prevent this


type of attack, the modulus must not be
shared. Each entity needs to calculate her or
his own modulus.
Attacks on Implementation
1. Timing Attack:

2. Power Attack: Same techniques used to


prevent timing attack can be used to
prevent power attacks
ELGAMAL CRYPTOSYSTEM

Besides Knapsack, RSA another public-key


cryptosystem is ElGamal. ElGamal is based
on the discrete logarithm problem.
ElGamal Cryptosystem

If p is a very large prime, e1 is a primitive


root in the group G=<Zp*,X> and r is an
integer, then e2=e1r mod p is easy to
compute using Fast Exponential
algorithm(square and multiply method)
But…. Given e2, e1 and p, it is infeasible to
calculate r i.e. r = loge1e2 mod p (discrete
logarithm problem)
Procedure

Figure Key generation, encryption, and decryption in ElGamal


Continued

Key Generation
Continued
Continued

Note
The bit-operation complexity of encryption or
decryption in ElGamal cryptosystem is polynomial.
Continued
Example

Here is a trivial example. Bob chooses p = 11 and e1 = 2.


and d = 3 e2 = e1d = 8. So the public keys are (2, 8, 11)
and the private key is 3. Alice chooses r = 4 and calculates
C1 and C2 for the plaintext 7.

Bob receives the ciphertexts (5 and 6) and calculates the


plaintext.
Continued

Example
Instead of using P = [C2 × (C1d) −1] mod p for decryption, we can
avoid the calculation of multiplicative inverse and use
P = [C2 × C1 p−1−d] mod p (Fermat’s little theorem). In previous
example, we can calculate P = [6 × 5 11−1−3] mod 11
= 7 mod 11.
Analysis of ElGamal
ElGamal cryptosystem is a puzzle. It can be solved as
follows:
1.

2.

3.
Security of ElGamal
Two attacks have been mentioned for this
cryptosystem:
1. Low-Modulus Attack:
If p is not large enough, attacker can use efficient algorithms to
solve discrete logarithm problem to find d or r.
Recommended that p be at least 1024 bits (300 decimal digits)
2. Known-Plaintext Attack:
It is recommended that sender use a fresh value of r to prevent
this type of attack.

For the ElGamal cryptosystem, p must be at least 300 digits


and r must be new for each encipherment.
Application
 It can be used whenever RSA can be used.
 Used for key exchange, authentication,
encryption and decryption of small
messages.

You might also like