University of BATNA 2

Department of Computer Science

Chapter 2

Cryptographic Primitives

Master 1 Distributed Information Systems Engineering and Security - A.Dekhinet

 Cryptography

 Cryptography is based on the use of the mathematical

principles in storing and transmitting data in a particular
form so that only those whom it is intended can read and
process it.
 The main purpose of the cryptography, as science, is to
preserve :
• Confidentiality : Information is kept secret from all but authorized parties.
• Integrity : Messages have not been modified or altered in transit.
• Authentication : The sender of a message is authentic. An alternative term is
data origin authentication.
• Non-repudiation : The sender cannot deny later that they sent the message.
This means that an entity cannot refuse the ownership of a previous commitment
or an action.
 Encryption function

 The general principle of cryptography is based on the use of

mathematical functions and algorithms to encrypt data.
 An encryption function or algorithm, is a means of transforming
plaintext into ciphertext under the control of a secret key, this
process is called encryption or encipherment (‫)تشفير‬.
c = Ek(m) m is the plaintext,
E is the cipher function,
k is the secret key,
c is the ciphertext.

The decryption or decipherment is the reverse process :

m = Dk(c)
Note that E and D are public, the secrecy of m given c depends
totally on the secrecy of k.
Types of cryptosystems

 Three cryptosystems can be distinguished : Symmetric

cryptography, Asymmetric cryptography, Hashing
• Symmetric cryptosystem (Secret key cryptosystem) : The
communicating party use the same key (Shared key) for
encryption and decryption.
• Asymmetric cryptosystem (Public key cryptosystem) :
The communicating party use two different types of key, one is
publicly available and used for encryption while the other is
private and used for decryption.
• Cryptographic Hashing : Function used to transform large
random size data to small fixed size data. The hash functions
does not need any key (0-key).
 Symmetric cryptosystem : One-Key

 Symmetric cryptography is the oldest form of cryptosystem.

 Some cyptosystem : Shift cipher, Caeser, Affine, Vigenere, Hill, AES,
DES, IDEA, Blowfish, RC4, RC5, RC6, …
 Example : In shift cipher Ek = (m+k) mod 26 and Dk = (c-k) mod 26
 Asymmetric cryptosystem : Two-Key

• Based an idea proposed by Diffie, Hellman and Merkle : It is not necessary

that the encryption key is secret.
 Asymmetric cryptography uses a pair of keys: a public key and a private
key that are mathematically related to each other.
 The public key is made public without reducing the security of the
process, but the private key is kept safe and private.
Asymmetric cryptosystem : Two-Key

• In general, asymmetric cryptosystem scheme consists of

three algorithms :

1. Key generation(KG): A public and private key pair (pk, sk) is

generated, The public key pk is published to the public, while the
private key sk is known to its owner only.

2. Encryption(E): Given a plaintext m and a public key pk, a

ciphertext c is produced, denoted as c = E(m, pk).

3. Decryption algorithm (D): Given a ciphertext c = E(m, pk) and the

private key sk, the plaintext m is recovered, denoted as m = D(c, sk)
 Asymmetric cryptosystem : Two-Key

 Families of asymmetric cryptograhy :

• Integer-Factorization Schemes : Several public-key schemes are based on the fact
that it is difficult to factor large integers. The most prominent representative of this
algorithm family is RSA (Rivest–Shamir–Adleman).
• Discrete Logarithm Schemes : There are several algorithms which are based on
what is known as the discrete logarithm (DL) problem in finite fields. The most
prominent examples include the Diffie–Hellman key exchange, Elgamal encryption or
the Digital Signature Algorithm (DSA).
• Elliptic Curve (EC) Schemes : A generalization of the discrete logarithm algorithm
is elliptic curve public-key schemes. The most popular examples include Elliptic Curve
Diffie–Hellman key exchange (ECDH) and the Elliptic Curve Digital Signature
Algorithm (ECDSA).

RSA is the most widely used asymmetric cryptographic scheme.

Therefore, Blockchain is principally based on elliptic curve scheme.
 Asymmetric cryptosystem : RSA

 Generally used for encryption of small pieces of data, especially for key
transport, digital signatures, digital certificates, …
 The keys generation is done by following steps :

public key : kpub = (n,e) and private key : kpr = (n,d)

Choose two large primes p and q
Compute n = p · q
Compute (n) = (p−1)(q−1)
Select the public exponent e ∈ {1,2, . . . ,(n)−1} such that gcd(e,(n))=1
Compute the private key d such that d·e ≡ 1 mod (n) or d ≡ e -1mod (n)

Encryption function : c = me mod n

Decryption function : m = cd mod n
 Asymmetric cryptosystem : RSA

Example with small prime numbers (in practice very large prime numbers
are needed)
We choose two prime numbers p = 3, q = 11 ;
• Their product n = 3 × 11 = 33 is the encryption module ;
• φ(n) = (3 – 1) × (11 – 1) = 2 × 10 = 20 ;
• We choose e= 3 (prime with 20) as encryption exponent;
• The decryption exponent is d = 7, the inverse of 3 modulo 20 (in effect
e . d = 3 × 7 ≡ 1 mod 20) ;
• Alice's public key is (n, e) = (33, 3), and her private key is (n, d) = (33, 7)
• Bob sends a message to Alice :
• Encryption of m = 4 by Bob with Alice's public key: 43 ≡ 31 mod 33, the
cipher is c = 31 which Bob transmits to Alice;
• Decryption of c = 31 by Alice with her private key: 317 ≡ 4 mod 33,
Alice finds the initial message m = 4.
 Asymmetric cryptosystem : Diffie–Hellman key exchange

 The Diffie–Hellman key exchange DHKE (Symetric key agreement) scheme

enables two parties to derive a common secret key (Symmetric key ) by
communicating over an insecure channel.
 It’s widely used in cryptographic protocols, such SSL/TLS, …
 The basic idea behind the DHKE is the exponentiation in Zp, p prime, is
commutative
(ga)b mod p = (gb)a mod p

 DHKE is based on the discrete logarithm problem in finite fields

Knowing the value of gi mod p , g and p it’s very difficult to find i

 DHKE steps : Setup and main protocols

Setup
• Alice and Bob choos two numbers p and g : Domain parameters, Public
• p is a large prime number on the order of 300 decimal digits (1024 bits)
• g is a primitive root of p named generator
Asymmetric cryptosystem : Diffie–Hellman key exchange

Main
• Alice chooses a large random number a (kpr,A) such that 1<a<p −1 and
calculates A = ga mod p (kpub,A)
• Bob chooses another large random number b (kpr,B) such that 1<b<p −1
and calculates B = gb mod p (kpub,B)
• Alice sends A to Bob and Bob sends B to Alice.
• Alice calculates kA,B = Ba mod p
• Bob calculates kA,B = Ab mod p
Asymmetric cryptosystem : Diffie–Hellman key exchange

Example : Let us give a more realistic example. We used a program to create a

random integer of 512 bits (the ideal is 1024 bits). The integer p is a 159-digit
number. We also choose g, a, and b as shown below :

The following shows the values of A, B and kAB :

 Asymmetric cryptosystem : Elliptic Curve

 Elliptic curves are cubic (x3) mathematic equations, in contrast to ellipse which is
formed by quadratic curves (x2). The elliptic curves have favorable characteristics,
and especially the X-axis symmetry, in the field of cryptography and therefore in
security

 Elliptic Curve Cryptography (ECC) provides the same level of security as RSA or
discrete logarithm systems with considerably shorter operands (e.g. 160–256 bit vs.
1024–3072 bit).

 ECC is based on the generalized discrete logarithm (DL) problem, and thus DL-
protocols such as the Diffie–Hellman key exchange can also be realized using elliptic
curves. Bitcoin uses ECC as its public key cryptosystem.

 In many cases, ECC has performance advantages (fewer computations) and

bandwidth advantages (shorter signatures and keys) over RSA and DL schemes.
 Asymmetric cryptosystem : Elliptic Curve

 Elliptic curve
The elliptic curve over Zp , p > 3, is the set of all pairs (x,y) Zp
which fulfill
y2 = x3 + ax + b mod p
together with an imaginary or abstract point at infinity Ϭ, where
a,b Zp
and the condition 4a3 + 27 b2 ≠ 0 mod p
 Asymmetric cryptosystem : Elliptic Curve

 Group Operations on Elliptic Curves

Let’s denote the group operation with the addition symbol “+”. “Addition” means
that given two points and their coordinates, say P = (x1,y1) and Q = (x2,y2), we have
to compute the coordinates of a third point R such that :
P+Q = R  (x1,y1)+(x2,y2) = (x3,y3)
Point Addition R = P+Q / P ≠Q
Point Doubling 2P = P+P
Identity or Neutral Element P + Ϭ = P
 Asymmetric cryptosystem : Elliptic Curve

 In a cryptosystem we cannot perform geometric constructions.

However, by applying simple coordinate geometry, we can express both
of the geometric constructions from above through analytic expressions.
 Asymmetric cryptosystem : Elliptic Curve

Example : We consider a curve over the small field Z17

E : y2 = x3 + 2x + 2 mod 17
We want to double the point P = (5,1)

 The points on an elliptic curve E together with Ϭ have cyclic sub

groups. Under certain conditions all points on an elliptic curve form a
cyclic group. Let's denote n the number of point operations on the curve
until the resultant is : nP=Ϭ
 Asymmetric cryptosystem : Elliptic Curve

Example : We want to find all points on the curve

E : y2 = x3 + 2x + 2 mod 17
Let’s start with the primitive element P=(5,1). We compute now all “powers” of
P. More precisely, since the group operation is addition, we compute P,2P, . . . ,
nP. Here is a list of the elements that we obtain :
2P = (5,1)+(5,1) = (6,3) 8P = (13,7) 14P = (9,1)
3P = 2P+P = (10,6) 9P = (7,6) 15P = (3,16)
4P = (3,1) 10P = (7,11) 16P = (10,11)
5P = (9,16) 11P = (13,10) 17P = (6,14)
6P = (16,13) 12P = (0,11) 18P = (5,16)
7P = (0,6) 13P = (16,4) 19P = Ϭ
From now on, the cyclic structure becomes visible since :
20P = 19P+P = Ϭ +P = P 21P = 2P .............
The elliptic curve has order #E=19, it contains 19 points in its cyclic group.
It is also instructive to look at the last computation above, which yielded :
18P+P = Ϭ
This means that P=(5,1) is the inverse of 18P=(5,16), and vice versa.
 Asymmetric cryptosystem : Elliptic Curve

 The ECC is a great technique to generate the keys, but is used along
side other techniques for digital signatures and key exchange.
 For example, ECC is quite popularly used for key exchange (ECDH )
and digital signatures (ECDSA).
 The ECDSA is an important cryptographic component in Bitcoin and
Ethereum blockchains.
 The private key in ECC is integer and it’s length depends on the
underlying curve.
 In most applications (Like OpenSSL, OpenSSH, Bitcoin and Ethereum)
the default key length for the ECC private keys is 256 bits : secp256k1.
 Depending on the curve many different ECC key sizes are possible :192-
bit (curve secp192r1), 233-bit (curve sect233k1), 224-bit (curve
secp224k1), 256-bit (curves secp256k1 and Curve25519), 283-bit (curve
sect283k1), 384-bit (curves p384 and secp384r1), …
Elliptic curve Diffie–Hellman key exchange
 Cryptographic Hash function

 Hash function is a form of cryptographic scheme but they are not the
same : They are interrelated concepts.
 Hash function is an integral part of blockchain technology.
 It is a mathematical function H or algorithm that maps data M of
arbitrary size of m bits (m is variable) to a bit array hash value or
digest h of n bits (n is fixe).
H(M) = h ; m << n
 H is a one-way function , which is practically infeasible to invert.
 Cryptographic Hash function

 An ideal cryptographic H hash function should has the following

main properties :

Arbitrary message size : H(x) can be applied to messages x of any size.

Fixed output length : H(x) produces a hash value z of fixed length.
Efficiency : H(x) is relatively easy to compute.
Preimage resistance : For a given output z, it is impossible to find any
input x such that H(x) = z, i.e, H(x) is one-way.
Collision resistance : It is computationally infeasible to find any pairs
x1 ≠x2 such that H(x1) = H(x2).
 Cryptographic Hash function

 Cryptographic hash functions have many information-

security applications, notably in digital signatures, message
authentication codes (MACs), blockchain data structure
and mining, and other forms of authentication.
 Example : SHA-256 hash algorithm is used in Bitcoin, and
Keccak-256 in Ethereum.
 There are many cryptographic hash algorithms, the table
below enumerate some hash functions and it's life cycle.
SHA-2 (Secure Hash Algorithm 2) is a family including
SHA-224, SHA-256, SHA-384, SHA-512.
 List of hash functions :
https://en.wikipedia.org/wiki/List_of_hash_functions
Cryptographic Hash function

Source http://valerieaurora.org/hash.html
 Cryptographic Hash function Example: SHA-1

 The Secure Hash Algorithm (SHA-1) is based on a Merkle Damgard scheme. It

produces a message digest based on principles similar to those used in the design of
the MD2, MD4 and MD5, but generates a larger hash value
 An interpretation of the SHA-1 algorithm is that the compression function works
like a block cipher, where the input is the previous hash value Hi−1 and the key is
formed by the message block xi
 Cryptographic Hash function : SHA-1

 SHA-1 produces a 160-bit message digest output. Before the hash computation, the
algorithm has to preprocess the message.
 The compression function processes the message in 512-bit chunks. The
compression function consists of 80 rounds which are divided into four stages of 20
rounds each.
• Preprocessing : Before the actual hash computation, the message x has to be
padded to fit a size of a multiple of 512 bit. For the internal processing, the padded
message must then be divided into blocks. Also, the initial value H0 is set to a
predefined constant
 Padding : l is the length of the message x
 Cryptographic Hash function : SHA-1

 Dividing the padded message : Prior to applying the compression function, we

need to divide the message into 512-bit blocks x1,x2, ... ,xn. The i th block xi is
subdivided into 16 words xi(k) of size of 32 bits :

 Initial value H0 : A 160-bit buffer is used to hold the initial hash value for the first
iteration. The five 32-bit words are fixed and given in hexadecimal notation as:
 Cryptographic Hash function : SHA-1

 Hash Computation : As mensionned before, each message block xi is processed in

four stages with 20 rounds each. The algorithm uses :
• A message schedule which computes a 32-bit word W0 ,W1 , ...,W79 for each of
the 80 rounds The words Wj are derived from the 512-bit message block as
follows :

Where X≪n indicates a circular left shift of the word X by n bit positions.
• Five working registers of size of 32 bits A,B,C,D,E.
• A hash value Hi consisting of five 32-bit words

 In the beginning, the hash value holds the initial value H0

Cryptographic Hash function : SHA-1
 Cryptographic Hash function : SHA-1

 The four SHA-1 stages have a similar structure but use different internal
functions ft and stage-dependent constants Kt, where 1 ≤ t ≤ 4.

 The output after 80 rounds is added to the input value Hi−1 modulo 232 .

 The operation within round j in stage t is given by the equation and

depicted by the figure below.

 According to the table and depending on the stage every 20 rounds a new
function and a new constant are being used.
Cryptographic Hash function : SHA-1 Round
 Digital Signature

 A digital signature is a means or a scheme for verifying the

authenticity of digital messages or documents.

 A valid digital signature, when conditions are met,

provides the recipient with sufficient assurance that the
message originated from a recognized sender
(Authenticity) and that it remained unaltered during
transit (Integrity).

 Digital signature can also ensure Non-repudiation,

meaning that the signer cannot deny signing the message.
 Digital Signature Model

 The model of digital signatures was invented by Diffie and

Hellman in 1976.
Digital Signature Model

 Typically, a digital signature scheme consists of three

algorithms.

1. Key generation(KG): A public and private key pair (pk, sk) is

generated, The public key pk is published to the public, while the
private key sk is known to its owner only.

2. Signing algorithm (S): Given a message m and a private key sk, a

signature s is produced, denoted as s = S(m, sk).

3. Verification algorithm (D): Given a message m , the signature s and

the public key pk, the algorithm outputs a value V(m,s,pk) ∈
{True,False}, where V(m,s,pk) is equal to True if s is a valid
signature, and false otherwise.
Digital Signature with Hash

 The generic model of digital signature with hash

Digital Signature with Hash

 Bob wants to send a message to Alice. Although it is not important that the
message be kept secret, he wants Alice to be certain that the message is indeed
from him.
 Bob uses a secure hash function, such as SHA-512, to generate a hash value for
the message.
 The hash value, together with Bob’s private key serves as input to a digital
signature generation algorithm, which produces a short block that functions as a
digital signature.
 Bob sends the message with the signature attached.
 When Alice receives the message plus signature, she calculates a hash value for
the message; provides the hash value and Bob’s public key as inputs to a digital
signature verification algorithm.
 If the algorithm returns the result that the signature is valid, Alice is assured
that the message must have been signed by Bob.
 No one else has Bob’s private key and therefore no one else could have created a
signature that could be verified for this message with Bob’s public key. It is
impossible to alter the message without access to Bob’s private key, so the
message is authenticated both in terms of source and in terms of data integrity.
Digital Signature with Hash

 Digital signature process example :

RSA Digital Signature Scheme

 Key generation : Key generation in the RSA digital signature scheme is exactly
the same as key generation in the RSA cryptosystem.
 Signing : Alice creates a signature out of the message using her private exponent,
S = Md mod n and sends the message and the signature to Bob.
 Verifying : Bob receives M and S. Bob applies Alice’s public exponent to the
signature to create a copy of the message M′ = Se mod n. Bob compares the value
of M′ with the value of M. If the two values are congruent, Bob accepts the
message.
RSA Digital Signature Example

 Alice chooses p = 823 and q = 953,

 Calculates n = 784319.
 Calculates φ(n) = 782544.
 Chooses e = 313 and calculates d = 160009.
 Alice wants to send a message with the value of M = 19070 to Bob.
 She uses her private exponent, 160009, to sign the message
M: 19070 → S = (19070160009) mod 784319 = 210625 mod 784319
 Alice sends the message and the signature to Bob
 Bob receives the message and the signature. He calculates :
M′ = 210625313 mod 784319 = 19070 mod 784319

 M ≡ M′ mod n

 Bob verified Alice’s signature and accepts the message.