CSF352: Number Theory and Cryptology

Session: 2024-25

B. Tech (CSE) 5th Semester

Course Instructor Course Coordinator

Dr. Parul Saini Dr. Parul Saini

Assistant Professor, School Assistant Professor, School
of Computing of Computing
Public-Key Cryptosystems
• Asymmetric algorithms rely on one key for encryption and a different but related
key for decryption. These algorithms have the following important characteristic.
• It is computationally infeasible to determine the decryption key given only knowledge of the
cryptographic algorithm and the encryption key.
• Either of the two related keys can be used for encryption, with the other used for decryption.
• A public-key encryption scheme has six ingredients
1. Plaintext: This is the readable message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
3. Public and private keys: This is a pair of keys that have been selected so that if one is used
for encryption, the other is used for decryption. The exact transformations performed by
the algorithm depend on the public or private key that is provided as input.
4. Ciphertext: This is the scrambled message produced as output. It depends on the plaintext
and the key. For a given message, two different keys will produce two different ciphertexts.
5. Decryption algorithm: This algorithm accepts the ciphertext and the matching key and
produces the original plaintext.

2
The essential steps are the following.
1. Each user generates a pair of keys to
be used for the encryption and
decryption of messages.
2. Each user places one of the two keys
in a public register or other
accessible file.
3. This is the public key. The companion
key is kept private. As Figure suggest,
each user maintains a collection of
public keys obtained from others.
4. If Bob wishes to send a confidential
message to Alice, Bob encrypts the
message using Alice’s public key.
5. When Alice receives the message,
she decrypts it using her private key.
No other recipient can decrypt the
message because only Alice knows
Alice’s private key. 3
4
Conventional and Public-Key Encryption

5
Applications for Public-Key Cryptosystems
we can classify the use of public-key cryptosystems into three categories
• Encryption /decryption: The sender encrypts a message with the recipient’s public key.
• Digital signature: The sender “signs” a message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message or to a small block of data that is a function of the
message.
• Key exchange: Two sides cooperate to exchange a session key. Several different approaches are
possible, involving the private key(s) of one or both parties.
Some algorithms are suitable for all three applications, whereas others can be used only for one or
two of these applications.

6
One-way function and trap-door one-way function
in Public-Key Cryptosystems
• A one-way function is a function that is easy to compute in one direction but
computationally infeasible to reverse. That means, given an input x, it is
straightforward to compute f(x). However, given f(x), it is practically impossible
to find the original input x without exhaustive computation.
• Example: modular exponentiation:
• If you know a, b, and p, calculating c = ab mod p is easy.
• But given c and p, finding b (if it’s unknown) is difficult without knowing a, due
to the hardness of the discrete logarithm problem.
• One-way functions are essential to cryptosystems as they ensure that even if
someone intercepts the output of a function, they can’t easily determine the
original data.

7
• A trap-door one-way function extends the concept of a one-way
function by introducing a “trap-door” or special secret information
that allows the function to be reversed.
• In a trap-door one-way function:
• It is still easy to compute f(x) from x.
• Without the trap-door, reversing f(x) to get x is infeasible.
• With the trap-door, however, reversing the function to retrieve x becomes
efficient.
• Trap-door one-way functions are critical for public-key cryptography,
where:
• The public key is used for the forward, easy-to-compute operation
(encryption).
• The private key (the trap-door) is used to reverse the function (decryption).

8
• Example:
• The RSA algorithm is a prime example of a trap-door one-way function.
• The public key includes a large composite number n and an exponent e, and
it’s easy to encrypt a message.
• The private key, derived from the prime factors of n, enables decryption.
Factoring n to find the private key is computationally hard without the trap-
door (the knowledge of these factors).

9
THE RSA ALGORITHM (Rivest, Shamir, and
Adleman)
• The RSA scheme is a block cipher in which the plaintext and
ciphertext are integers between 0 and n - 1 for some n. A typical size
for n is 1024 bits, or 309 decimal digits. That is, n is less than 21024
• The RSA cryptosystem is a widely used public-key cryptosystem that
provides secure data encryption and digital signatures. It relies on the
mathematical difficulty of factoring large composite numbers.
• These elements are required:
• A public key (e)
• A private key (d)
• Two prime numbers (P and Q), multiplied (N)

10
RSA Algorithm
Key Generation
• Select p, q p and q both prime, p ≠ q
• Calculate n = p * q
• Calcuate Φ (n) = (p - 1)(q - 1)
• Select integer e gcd (Φ(n), e) = 1; 1 < e < Φ(n)
• Calculated d d ≡ e-1 (mod Φ (n)) or de ≡ 1 (mod Φ (n))
• Public key PU = {e, n}
• Private key PR = {d, n}

11
Encryption
• Plaintext: M<n
• Ciphertext: C = Me mod n

Decryption
• Ciphertext: C
• Plaintext: M = Cd mod n

12
One-way function in RSA
• The one-way function in RSA is modular exponentiation with a large
composite modulus. Specifically, given a message M, encryption
involves computing:
• C = Me mod n
• where e is the encryption exponent (public exponent), and n is a large
composite number, which is the product of two prime numbers. Given C and
n, it is infeasible to retrieve M without knowledge of the private key e.

13
Trapdoor in RSA
• The trapdoor in RSA is knowledge of the prime factors of n. The
composite modulus n is generated by multiplying two large prime
numbers, p and q. Only the legitimate recipient knows p and q,
allowing them to compute a decryption exponent d, which enables
efficient decryption.

14
Security of RSA system
• The security of RSA is based on the difficulty of factoring the large
composite number n. While it is easy to multiply two large primes to
generate n, factoring n back into its prime components (without
knowing them in advance) is computationally infeasible with current
technology if n is large enough (e.g., 2048 bits). This difficulty
underpins the cryptosystem's security, making it resistant to brute-
force attacks and ensuring the confidentiality and integrity of
encrypted data and signatures.

15
Example 1
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 × 11 = 187.
3. Calculate Φ(n) = (p - 1)(q - 1) = 16 × 10 = 160.
4. Select e such that e is relatively prime to Φ(n) = 160 and less than Φ(n); we
choose e = 7.
5. Determine d such that d ≡ e-1 (mod Φ (160)) or de ≡ 1 (mod 160) and d <
160. The correct value is d = 23, because 23 × 7 mod 160 = 1; d can be
calculated using the extended Euclid’s algorithm.
The resulting keys are public key PU = {7, 187} and private key PR = {23, 187}.

16
For Encryption: Suppose plaintext input of M= 88. The key is PU = {7, 187}
C = 887 mod 187
• 887 mod 187 = [(884 mod 187) × (882 mod 187)
• × (881 mod 187)] mod 187
• 881 mod 187 = 88
• 882 mod 187 = 7744 mod 187 = 77
• 884 mod 187 = (882)2 mod 187 = 772 mod 187 = 132
• 887 mod 187 = (88 × 77 × 132) mod 187 = 894,432 mod 187 = 11
For Decryption : PR = {23, 187}.
M = 1123 mod 187:
• 1123 mod 187 = [(111 mod 187) × (112 mod 187) × (114 mod 187) × (118 mod 187) ×
(118 mod 187)] mod 187
• 111 mod 187 = 11
• 112 mod 187 = 121
• 114 mod 187 = (112)2 mod 187 = 14,641 mod 187 = 55
• 118 mod 187 = (114)2 mod 187 = 552 mod 187 = 33
• 1123 mod 187 = (11 × 121 × 55 × 33 × 33) mod 187 = 88

17
Example 2
• Choose p = 3 and q = 11
• Compute n = p*q = 3 * 11 = 33
• Compute φ(n) = (p - 1)*(q - 1) = 2 * 10 = 20
• Choose e such that 1 < e < φ(n) and e and φ (n) are coprime. Let e = 7
• Compute a value for d such that d ≡ e-1 (mod Φ (20)) or de ≡ 1 (mod 20)
and d < 20. The correct value is d = 3, because 3 × 7 mod 20 = 1.
• Public key is (e, n) => (7, 33)
• Private key is (d, n) => (3, 33)
• The encryption of M (2) = 27 mod 33 = 29
• The decryption of C = 293 mod 33 = 2
18
Practice Questions of RSA :
• In RSA:
a. Given n = 221 and e = 5, find d.
b. Given n =3937 and e =17, find d.
c. Given p = 19, q = 23, and e = 3, find n, φ(n), and d.
• Perform encryption and decryption using the RSA algorithm for the following:
a. p = 3; q = 11, e = 7;M = 5
b. p = 5; q = 11, e = 3;M = 9
c. p = 7; q = 11, e = 17;M = 8
d. p = 11; q = 13, e = 11;M = 7
e. p = 17; q = 31, e = 7;M = 2
• In RSA:
a. Write an algorithm for encryption.
b. Write an algorithm for decryption.

19
Key distribution problem
• The means of delivering a key to two parties who wish to exchange
data without allowing others to see the key.
• Key-Distribution Center: KDC
• Alice sends a request to the KDC stating
that she needs a session (temporary)
secret key between herself and Bob.
• The KDC informs Bob about Alice’s
request.
• If Bob agrees, a session key is created
between the two.

20
Protocol Using a KDC
• Alice request the KDC to obtain a symmetric session
key between Bob and herself.
• The KDC creates a ticket. The ticket is encrypted using
Bob’s key (KB). The ticket contains the identities of Alice
and Bob and the session key (KAB). Alice receives the
message, decrypts it, and extracts the session key. She
cannot decrypt Bob’s ticket; the ticket is for Bob, not
for Alice. In the second message, Alice is actually
authenticated to the KDC, because only Alice can open
the whole message using her secret key with KDC.
• Alice sends the ticket to Bob. Bob opens the ticket and
knows that Alice needs to send messages to him using
KAB as the session key. Note that in this message, Bob
is authenticated to the KDC because only Bob can open
the ticket. Because Bob is authenticated to the KDC, he
is also authenticated to Alice, who trusts the KDC. In
the same way, Alice is also authenticated to Bob,
because Bob trusts the KDC and the KDC has sent Bob
the ticket that includes the identity of Alice.
• One can easily do the replay attack in this approach.
21
DIFFIE-HELLMAN KEY EXCHANGE
• In the Diffie-Hellman protocol two parties create a symmetric session key without
the need of a KDC.
• Before establishing a symmetric key, the two parties need to choose two numbers
p and g.
• The first number, p, is a large prime number on the order of 300 decimal digits
(1024 bits).
• g is a primitive root of a prime number whose powers modulo generate all the
integers from 1 to p-1. That is, if is g is a primitive root of the prime number p ,
then the numbers
g mod p, g2 mod p,....., gp-1 mod p
are distinct and consist of the integers from 1 through p-1 in some permutation
• These two (p and g) do not need to be confidential. They can be sent through the
Internet; they can be public.

22
Suppose the users A and B wish to exchange a key. Values of p and g
are public. The steps for Diffie-Hellman Key Agreement are:
1. User A selects a random integer private XA (XA < p)
2. User A calculates public YA YA = gXA mod p
3. User B selects a random integer private XB (XB < p)
4. User B calculates public YB YA = gYA mod p
5. User A sends YA to User B . Note that User A does not send the
value of XA; he sends only YA.
6. User B sends YB to User A . Again, note that User B does not send
the value of XB, he sends only YB.
7. User A calculates K = (YB)XA mod p.
8. User B also calculates K = (YA)XB mod p.

23
 The values of
USER A p and g are public. USER B

Select XA , (XA < p) Select XB , (XB < p)

Calculates YA = gXA mod p Calculates YB = gXB mod p

YB YA

Calculates K = (YB)XA mod p Shared Secret Key, K = g XA XB mod p

Calculates K = (YA)XB mod p

24
Example: This example uses small numbers, but note that in a real
situation, the numbers are very large.
Assume that g = 7 and p = 23. The steps are as follows:
1. User A selects a random integer private XA = 3 (3 < 23)
2. User A calculates public YA YA = 73 mod 23 = 21
3. User B selects a random integer private XB = 6 (6 < 23)
4. User B calculates public YB YA = 76 mod 23 = 4
5. User A sends YA= 21 to User B .
6. User B sends YB = 4 to User A .
7. User A calculates K = (YB)XA mod p = 43 mod 23 = 18
8. User B also calculates K = (YA)XB mod p = 216 mod 23 = 18
9. The value of K is the same for both User A and User B; K = g XA XB mod p
= 718 mod 23 = 18.

25
26