Fundamental Concepts

of Data Security
W7 - Public Key Cryptography

Le Hai Duong, PhD. ([email protected])

Challenges of Symmetric Key Encryption

● key exchange problem → how to exchange secret key for

two communication parties?
○ face-to-face meeting
○ trusted courier (Grabkey???)
Diffie-Hellman Key Exchange (1976)

p: big prime number (2048-bit number) → finite cyclic group of order p

(𝐙P)
g: small prime number (e.g., 2 and 3),

Discrete Logarithm Problem → when x and p are large, finding x from

gx mod p will take very long long time, no efficient method is known
so far
Idea of Public-key encryption

keys could be public like phone

numbers in Yellow Pages
Turning DH key exchange → Public-key
encryption

Using the same tweaking to produce public-key

secret key
encryption:
encryption algorithm
● ElGamal encryption
● Integrated encryption scheme (IES)
RSA algorithm (1978)
Math background: Modulo operation
RSA algorithm (1978)
Math background: Euler’s Theorem

● Euler’s totient function counts the positive integers up to a

given integer n that are relatively prime to n
● If n is prime, all integers from 0 to n - 1 are relatively prime to n,
therefore
● If m and n are relatively prime,
● Euler’s theorem states that
Based on Euler’s theorem →

and

thus, we can compute as follow:

RSA algorithm (1978)
Math background: Extended Euclidean Alg.
● Understand Euclidean alg → how private keys are generated in
the RSA alg.
● Euclid’s alg. is an efficient method for computing the greatest
common divisor (GCD) of two numbers (the largest number that
divides both of them without leaving a remainder).
● Extended Euclidean alg. is an extension to Euclidean alg. →
not only computes the greatest common divisor of integers a
and b, but also find the integers x and y that satisfy the
following equation:

● input: a, b → output: the triple (g, x, y), such that

● RSA alg. uses the extended Euclidean alg. to find the solution to
the following equation, where e and n are components of the
public key (e is relatively prime to )

● the solution x will be used as the private key, which is typically

called d →

● let both sides modulo to

→ given e and n, find d such that

The RSA alg. -
Key generation
The RSA alg. -
Encryption
The RSA alg. -
Decryption
Exercise: Small number

Extended Euclidean Algorithm Calculator

extendedgcd(7,192) - Wolfram|Alpha (wolframalpha.com)
For faster calculation while using much less memory, use the
following rules:
179^55mod 221 - Wolfram|Alpha (wolframalpha.com)
Recommendations
Key size - Wikipedia
Hybrid Encryption
● High computation cost of public-key encryption (RSA is
1000 times slower than AES)
● Public key alg. used to exchange a secret session key
● Key (content-encryption key) used to encrypt data using a
symmetric-key alg.
Using OpenSSL tools to conduct RSA
operations

We will cover:
● Generating RSA keys
● Extracting the public key
● Encryption and Decryption
OpenSSL tools: Generating RSA keys
Example:
generate a
1024-bit
public/private
key pair
private.pem:
Base64 encoding
of DER
generated binary
output
Actual content of private.pem
Extracting the public key

Content of
public.pem
Encryption & decryption
Plaintext

Encryption

Decryption
Paddings for RSA
● Secret-key encryption uses encryption modes to encrypt
plaintext longer than block size.
● RSA used in hybrid approach (Content key length << RSA key
length)
● To encrypt:
○ short plaintext: treat it a number, raise it to the power of e (modulo n)
○ large plaintext: use hybrid approach (treat the content key as a number and
raise it to the power of e (modulo n)

Treating plaintext as a number and directly applying RSA is

called plain RSA or textbook RSA
Attacks Against Textbook RSA
● RSA is deterministic encryption algorithm
○ same plaintext encrypted using same public key gives same ciphertext
○ secret-key encryption uses randomized IV to have different ciphertext for
same plaintext
● For small e and m
○ if me < modulus n
○ e-th root of ciphertext gives plaintext
● If same plaintext is encrypted e times or more using the same
e but different n, then it is easy to decrypt the original plaintext
message via the Chinese remainder theorem
Paddings: PKCS#1 v1.5 and OAEP

● Simple fix to defend against previous attacks is to add

randomness to the plaintext before encryption
● Approach is called padding
● Types of padding:
○ PKCS#1 (up to version 1.5): weakness discovered since 1998
○ Optimal Asymmetric Encryption Padding (OAEP): prevents attacks on
PKCS
● rsautl command provides options for both types of
paddings (PKCS#1 v1.5 is default)

PKCS (Public Key Cryptography Standard)- Wikipedia

PKCS Padding

● Plaintext is padded to 128 bytes

● Original plaintext is placed at the end of the block
● Data inside the block (except the first two bytes) are all
random numbers
● First byte of the padding is always 00 (so that padded
plaintext as integer is less than modulus n)
● Second byte is 00, 01, and 02 (different strings used for
padding for different types)
PKCS Padding (Contd.)
OAEP Padding

● Original plaintext is not directly copied into the encryption

block
● Plaintext is XORed with a value derived from random
padding data
Digital Signature
•Goal: provide an authenticity proof by signing digital documents
•Diffie-Hellman authors proposed the idea, but no concrete solution
•RSA authors developed the first digital signature algorithm
Digital Signature using RSA
• Apply private-key operation on m using private key, and get a
number s, everybody can get the m back from s using our public
key
• For a message m that needs to be signed:
Digital signature = md mod n

• In practice, message may be long resulting in long signature and

more computing time
• Instead, we generate a cryptographic hash value from the original
message, and only sign the hash
Digital Signature using RSA
(Contd.)
Generate message hash
Digital Signature using RSA
(Contd.)
Generate and verify the signature
Attack Experiment on Digital
Signature
• Attackers cannot generate a valid signature from a modified
message because they do not know the private key
• If attackers modifies the message, the hash will change and it will
not be able to match with the hash produced from the signature
verification
• Experiment: modify 1 bit of signature file msg.sig and verify the
signature
Attack Experiment on Digital
Signature (Contd.)
After applying the RSA public key on the signature, we get a block of
data that is significantly different
Programming using Public-Key
Cryptography APIs
• Languages, such as Python, Java, and C/C++, have well-developed
libraries that implement the low-level cryptographic primitives for
public-key operations
• Python:
• no built-in cryptographic library
• use Python packages (e.g. PyCryptodome)
• We will cover:
• Key Generation
• Encryption and Decryption
• Digital Signature
Public-Key Cryptography APIs:
Key Generation
• Python example (next slide) using Python Crypto APIs to generate
a RSA key and save it to a file
• Lines in code:
• Line (1): generate a 2048-bit RSA key
• Line (2): export key() API serializes the key using the ASN.1 structure
• Line (3): extract public-key component
Public-Key Cryptography APIs:
Key Generation (Contd.)
from Crypto.PublicKey import RSA
key = RSA.generate(2048)
pem = key.export_key(format='PEM', passphrase='dees',)
with open('private.pem', 'wb') as f:
f.write(pem)
f.close()

pub = key.publickey()
pub_pem = pub.export_key(format='PEM')
with open('public.pem', 'wb') as f:
f.write(pub_pem)
f.close()
Public-Key Cryptography APIs:
Encryption
• To encrypt a message using public keys, we need to decide what
padding scheme
• For better security, it is recommended that OAEP is used
• Lines in code (example on next slide):
• Line (1): import the public key from the public-key file
• Line (2): create a cipher object using the public key
Public-Key Cryptography APIs:
Encryption (Contd.)

from Crypto.Cipher import PKCS1_OAEP

from Crypto.PublicKey import RSA

message = b'A secret message!\n'

key = RSA.importKey(open('public.pem').read())
cipher = PKCS1_OAEP.new(key)
ciphertext = cipher.encrypt(message)
with open('ciphertext.bin', 'wb') as f:
f.write(ciphertext)
f.close()
Public-Key Cryptography APIs:
Decryption
Uses the private key and the decrypt() API

from Crypto.Cipher import PKCS1_OAEP

from Crypto.PublicKey import RSA

ciphertext = open('ciphertext.bin', 'rb').read()

prikey_pem = open('private.pem').read()
prikey = RSA.importKey(prikey_pem, passphrase='dees')
cipher = PKCS1_OAEP.new(prikey)
message = cipher.decrypt(ciphertext)
print(message)
Public-Key Cryptography APIs:
Digital Signature
• In Python code, one can use PyCryptodome library’s
Crypto.Signature package
• Four supported digital signature algorithms:
• RSASSA-PKCS1-v1_5
• RSASSA-PSS
• DSA
• RSASSA-PSS
• Show example with RSASSA-PSS
Public-Key Cryptography APIs:
Digital Signature using PSS
• Probabilistic Signature Scheme (PSS) is a cryptographic signature
scheme designed by Mihir Bellare and Phillip Rogaway
• RSA-PSS is standardized as part of PKCS#1 v2.1
• Sign a message in combination with some random input.
• For same input:
• two signatures are different
• both can be used to verify
Public-Key Cryptography APIs:
Digital Signature using PSS
(Contd.)
• Lines in code example:
• line (1): create a signature object
• line (2): generate the signature for the hash of a message

from Crypto.Signature import pss

from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA

message = b'An important message'

key_pem = open('private.pem').read()
prikey = RSA.importKey(key_pem, passphrase='dees')
h = SHA256.new(message)
signer = pss.new(prikey)
signature = signer.sign(h)
with open('signature.bin', 'wb') as f:
f.write(signature)
Applications
We will cover:

• Authentication
• HTTPS and TLS/SSL
• Chip Technology Used in Credit Cards
Applications: Authentication
• Typical way to conduct authentication is to use passwords
• Disadvantage:
• A sends password to B: B can get hacked and A may use same password for

multiple accounts

• cannot be used for many parties to authenticate a single party

• Fundamental problem: password authentication depends on a

shared secret
Applications: Authentication
(Contd.)
Solution:
• Making the encryption and decryption keys different
• generate the authentication data using one key, and verify the data
using a different key
Applications: Authentication
(Contd.)
SSH Case Study
• SSH uses public-key based authentication to authenticate users
• Generate a pair of public and private keys: ssh-keygen -t
rsa
• private key: /home/seed/.ssh/id_rsa
• public key: /home/seed/.ssh/id_rsa.pub
• For Server:
• send the public key file to the remote server using a
secure channel
• add public key to the authorization
file~/.ssh/authorized_keys
• Server can use key to authenticate clients
https://phoenixnap.com/kb/ssh-with-key
Applications: HTTPS and TLS/SSL
• HTTPS protocol is used to secure web services
• HTTPS is based on the TLS/SSL protocol (uses both public key
encryption and signature
• encryption using secret-key encryption algorithms

• public key algorithms are mainly used for key exchange

Applications: HTTPS and TLS/SSL
(Contd.)
Applications: Credit Card Chip
• Past: cards store card information in magnetic stripe (easy to clone)
• With Chip:
• chips can conduct computations and store data (not disclosed to outside)
• EMV standard (Europay, MasterCard, and Visa)
• We will cover how public key technologies are used for:
• Card authentication
• Transaction authentication
Applications: Credit Card Chip
Authentication
• Card contains a unique public and private key pair
• Private key is protected and will never be disclosed to the outside
• Public key is digitally signed by the issuer, so its authenticity can be verified by
readers
Applications: Credit Card
Transaction Authentication
• Issuer needs to know whether the transaction is authentic
• Transaction needs to be signed by the card using its private key
• Verified Signature:
• To issuers: card owner has approved the transaction
• To honest vendor: enables the vendor to save the transactions and submit them
later
Summary
We covered:
• the basics of public key cryptography
• both theoretical and practical sides of public key cryptography
• RSA algorithm and the Diffie-Hellman Key Exchange
• tools and programming libraries to conduct public-key operations
• how public key is used in real-world applications