Scribd
Upload
17 views46 pages

Module-3-2

The document discusses asymmetric-key cryptography, highlighting its distinction from symmetric-key cryptography and the necessity of both systems. It introduces key concepts such as trapdoor one-way functions, the knapsack cryptosystem, and details on the RSA and Rabin cryptosystems. The document emphasizes the complementary nature of symmetric and asymmetric cryptography in securing communications.

Uploaded by

satvikhegde2905
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
17 views46 pages

Module-3-2

The document discusses asymmetric-key cryptography, highlighting its distinction from symmetric-key cryptography and the necessity of both systems. It introduces key concepts such as trapdoor one-way functions, the knapsack cryptosystem, and details on the RSA and Rabin cryptosystems. The document emphasizes the complementary nature of symmetric and asymmetric cryptography in securing communications.

Uploaded by

satvikhegde2905
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 46

Asymmetric-Key

Cryptography
Objectives
 To distinguish between two cryptosystems:
symmetric-key and asymmetric-key
 To introduce trapdoor one-way functions and their
use in asymmetric-key cryptosystems
 To introduce the knapsack cryptosystem as one of
the first ideas in asymmetric-key cryptography
 To discuss the RSA cryptosystem
 To discuss the Rabin cryptosystem
INTRODUCTION

Symmetric and asymmetric-key cryptography will exist


in parallel and continue to serve the community. We
actually believe that they are complements of each
other; the advantages of one can compensate for the
disadvantages of the other.

Topics discussed in this section:


10.1.1 Keys
10.1.2 General Idea
10.1.3 Need for Both
10.1.4 Trapdoor One-Way Function
10.1.5 Knapsack Cryptosystem
INTRODUCTION

Symmetric and asymmetric-key cryptography will exist


in parallel and continue to serve the community. We
actually believe that they are complements of each
other; the advantages of one can compensate for the
disadvantages of the other.

Note
Symmetric-key cryptography is based on sharing secrecy;
asymmetric-key cryptography is based on personal secrecy.
Keys

Asymmetric key cryptography uses two separate keys: one


private and one public.

Locking and unlocking in asymmetric-key cryptosystem


General Idea

General idea of asymmetric-key cryptosystem


Continued

Plaintext/Ciphertext
Unlike in symmetric-key cryptography, plaintext and
ciphertext are treated as integers in asymmetric-key
cryptography.

Encryption/Decryption

C = f (Kpublic , P) P = g(Kprivate , C)
Need for Both

There is a very important fact that is sometimes


misunderstood: The advent of asymmetric-key
cryptography does not eliminate the need for symmetric-
key cryptography.
Trapdoor One-Way Function

The main idea behind asymmetric-key cryptography is the


concept of the trapdoor one-way function.

Functions

Figure 10.3 A function as rule mapping a domain to a range


Continued
One-Way Function (OWF)

1. f is easy to compute.
2. f −1 is difficult to compute.

Trapdoor One-Way Function (TOWF)

3. Given y and a trapdoor, x can be


computed easily.
Continued

Example
When n is large, n = p × q is a one-way function. Given p and
q , it is always easy to calculate n ; given n, it is very difficult to
compute p and q. This is the factorization problem.

Example
When n is large, the function y = xk mod n is a trapdoor one-
way function. Given x, k, and n, it is easy to calculate y. Given
y, k, and n, it is very difficult to calculate x. This is the discrete
logarithm problem. However, if we know the trapdoor, k′ such
that k × k ′ = 1 mod (n), we can use x = yk′ mod n to find x.
Knapsack Cryptosystem

The first brilliant idea of public-key cryptography came from


Merkle and Hellman, in their knapsack cryptosystem. Although
this system was found to be insecure with today’s standards, the
main idea behind this cryptosystem.
Knapsack Cryptosystem

Definition
Suppose we are given two k-tuples, a = [a1, a2, …, ak] and
x = [x1, x2, …, xk]. The first tuple is the predefined set;
the second tuple, in which xi is only 0 or 1, defines which elements
of a are to be dropped in the knapsack.
The sum of elements in the knapsack is

s = knapsackSum (a, x) = x1a1 + x2a2 + … + xkak


Given a and x, it is easy to calculate s. However, given s and a it is
difficult to find x.
In other words, s = knapsackSum (x, a) is easy to calculate, but x =
inv_knapsackSum(s, a) is difficult.
The function knapsackSum is a one-way function if a is a general
k-tuple.
Knapsack Cryptosystem

Superincreasing :Tuple It is easy to compute knapsackSum and


inv_knapsackSum if the k-tuple a is super increasing.
In a superincreasing tuple, ai each element (except a 1 ≥ a1 + a2 + … +

ai−1 . In other words, ) is greater than or equal to the sum of all


previous elements. In this case we calculate knapsackSum and
inv_knapsackSum. The algorithm inv_knapsackSum starts from the
largest element and proceeds to the smallest one. In each iteration, it
checks to see whether an element is in the knapsack.
Knapsack Cryptosystem
Definition
a = [a1, a2, …, ak ] and x = [x1, x2, …, xk].

Given a and x, it is easy to calculate s. However, given s


and a it is difficult to find x.

Superincreasing Tuple

ai ≥ a1 + a2 + … + ai−1
Continued
Example

As a very trivial example, assume that a = [17, 25, 46, 94,


201,400] and s = 272 are given. Table 10.1 shows how the
tuple x is found using inv_knapsackSum routine in Algorithm
10.1. In this case x = [0, 1, 1, 0, 1, 0], which means that 25, 46,
and 201 are in the knapsack.
Continued

Secret Communication with Knapsacks.

Figure 10.4 Secret communication with knapsack cryptosystem


Secret Communication with Knapsacks

Let us see how Alice can send a secret message to Bob using a
knapsack cryptosystem. The idea is shown in Figure
Example

This is a trivial (very insecure) example just to show the


procedure.
10-2 RSA CRYPTOSYSTEM

The most common public-key algorithm is the RSA


cryptosystem, named for its inventors (Rivest, Shamir,
and Adleman).

Topics discussed in this section:


10.2.1 Introduction
10.2.2 Procedure
10.2.3 Some Trivial Examples
10.2.4 Attacks on RSA
10.2.5 Recommendations
10.2.6 Optimal Asymmetric Encryption Padding (OAEP)
10.2.7 Applications
10.2.1 Introduction

Figure 10.5 Complexity of operations in RSA


10.2.2 Procedure

Figure 10.6 Encryption, decryption, and key generation in RSA


10.2.2 Continued

Two Algebraic Structures

Encryption/Decryption Ring: R = <Zn , +, × >

Key-Generation Group: G = <Z (n)∗, × >


10.2.2 Continued
10.2.2 Continued

Encryption
10.2.2 Continued

Decryption
10.2.2 Continued
Proof of RSA
10.2.3 Some Trivial Examples
Example 10. 5
Bob chooses 7 and 11 as p and q and calculates n = 77. The
value of (n) = (7 − 1)(11 − 1) or 60. Now he chooses two
exponents, e and d, from Z60∗. If he chooses e to be 13, then
d is 37. Note that e × d mod 60 = 1 (they are inverses of each
Now imagine that Alice wants to send the plaintext 5 to Bob.
She uses the public exponent 13 to encrypt 5.

Bob receives the ciphertext 26 and uses the private key 37 to


decipher the ciphertext:
10.2.3 Some Trivial Examples
Example 10. 6

Now assume that another person, John, wants to


send a message to Bob. John can use the same
public key announced by Bob (probably on his
website), 13; John’s plaintext is 63. John calculates
the following:

Bob receives the ciphertext 28 and uses his private key 37 to


decipher the ciphertext:
10.2.3 Some Trivial Examples
Example 10. 7

Jennifer creates a pair of keys for herself. She


chooses p = 397 and q = 401. She calculates
n = 159197. She then calculates (n) = 158400. She
then chooses e = 343 and d = 12007. Show how Ted
can send a message to Jennifer if he knows e and n.

Suppose Ted wants to send the message “NO” to


Jennifer. He changes each character to a number
(from 00 to 25), with each character coded as two
digits. He then concatenates the two coded
characters and gets a four-digit number. The plaintext
is 1314. Figure 10.7 shows the process.
10.2.3 Continued

Figure 10.7 Encryption and decryption in Example 10.7


10.2.4 Attacks on RSA

Figure 10.8 Taxonomy of potential attacks on RSA


10.2.6 OAEP
Figure 10.9 Optimal asymmetric encryption padding (OAEP)
10.2.6 Continued
Example 10. 8

Here is a more realistic example. We choose a 512-bit p


and q, calculate n and (n), then choose e and test for
relative primeness with (n). We then calculate d.
Finally, we show the results of encryption and
decryption. The integer p is a 159-digit number.
10.2.6 Continued
Example 10. 8 Continued

The modulus n = p × q. It has 309 digits.

(n) = (p − 1)(q − 1) has 309 digits.


10.2.6 Continued
Example 10. 8 Continued

Bob chooses e = 35535 (the ideal is 65537) and tests it to


make sure it is relatively prime with (n). He then finds
the inverse of e modulo (n) and calls it d.
10.2.6 Continued
Example 10. 8 Continued

Alice wants to send the message “THIS IS A TEST”,


which can be changed to a numeric value using the
00−26 encoding scheme (26 is the space character).

The ciphertext calculated by Alice is C = Pe, which is


10.2.6 Continued
Example 10. 8 Continued

Bob can recover the plaintext from the ciphertext using


P = Cd, which is

The recovered plaintext is “THIS IS A TEST” after


decoding.
10-3 RABIN CRYPTOSYSTEM

The Rabin cryptosystem can be thought of as an RSA


cryptosystem in which the value of e and d are fixed.
The encryption is C ≡ P2 (mod n) and the decryption is
P ≡ C1/2 (mod n).

Topics discussed in this section:


10.3.1 Procedure
10.3.2 Security of the Rabin System
10-3 Continued

Figure 10.10 Rabin cryptosystem


10.3.1 Procedure

Key Generation
10.3.1 Continued

Encryption
10.3.1 Continued
Decryption

Note
The Rabin cryptosystem is not deterministic:
Decryption creates four plaintexts.
10.3.1 Continued
Example 10. 9

Here is a very trivial example to show the idea.


1. Bob selects p = 23 and q = 7. Note that both are
congruent to 3 mod 4.
2. Bob calculates n = p × q = 161.
3. Bob announces n publicly; he keeps p and q private.
4. Alice wants to send the plaintext P = 24. Note that 161 and 24
are relatively prime; 24 is in Z161*. She calculates C = 242 = 93
mod 161, and sends the ciphertext 93 to Bob.
10.3.1 Continued
Example 10. 9

5. Bob receives 93 and calculates four values:


a1 = +(93 (23+1)/4) mod 23 = 1 mod 23
a2 = −(93 (23+1)/4) mod 23 = 22 mod 23
b1 = +(93 (7+1)/4) mod 7 = 4 mod 7
b2 = −(93 (7+1)/4) mod 7 = 3 mod 7
6. Bob takes four possible answers, (a1, b1), (a1, b2), (a2, b1), and
(a2, b2), and uses the Chinese remainder theorem to find four
possible plaintexts: 116, 24, 137, and 45. Note that only the
second answer is Alice’s plaintext.

You might also like