KPU

Public Key Cipher

Dr. Abhijit Sen

INFO 2411
KPU

Public key cipher

INFO 2411
KPU

Problems with private key

ciphers

In order for Alice & Bob to be able to

communicate securely using a private
key cipher, such as DES, they have to
have a shared key in the first place.
– Question:
What if they have never met before ?

INFO 2411
KPU

Problems with private key

ciphers

Alice needs to keep 100 different keys

if she wishes to communicate with
100 different people

INFO 2411
KPU

Motivation of Diffie &

Hellman
Is it possible for Alice & Bob, who
have no shared secret key, to
communicate securely ?
.

INFO 2411
KPU

Motivation of Diffie &

Hellman
This led to the SINGLE MOST
IMPORTANT discovery in the history
of secure communications:

W. Diffie & M. Hellman: New Directions in

Cryptography, IEEE Transactions on Information
Theory, Vol. IT-22, No.6, Nov. 1976, pp.644-654.

INFO 2411
KPU

Public Key Cipher

Utilises two separate but
mathematically connected keys
– one key is kept strictly confidential
(private)
– the other key is shared among others
(public)
– a message encrypted with the public key
can only be decrypted using private key
– also known as asymmetric-key
INFO 2411
KPU

Public Key Cipher

A common use of the public key is
– to authenticate one party to other
– to create digital signature
– to encrypt or decrypt data

INFO 2411
KPU

Public Key Cipher

Encrypted_Message = Encrypt
(Public_Key, Message)
Message = Decrypt (Private_Key,

Encrypted_Message)

INFO 2411
KPU

Public Key Encryption Methods

Different keys for encryption and

decryption
– Encryption with receiver’s public key
– Decryption with receiver’s private key
– Once encrypted, sender cannot decrypt
unless has receiver’s private key (should
not)

INFO 2411
KPU

Public Key Encryption Methods

IBM 100101 IBM

Plaintext Encryption Ciphertext Decryption Plaintext

Public Key Private Key

INFO 2411
KPU

Public Key Encryption

Everyone has a public and private key

– Keep the private key secret
– Distribute the public key to everybody
without security

INFO 2411
KPU

Public Key Encryption

Public
Key

Private
Key
Public
Key

INFO 2411
KPU

Public Key Encryption

Four Keys
– Each side has a public and a private key
– Each sends public key to other
unsecurely
– Encrypt with other party’s public key
– Decrypt with own private key

INFO 2411
KPU

Public Key Encryption

A B’s B’s
B
Pub Key Priv Key

A’s A’s
Priv Key Pub Key

INFO 2411
KPU

Public Key Cryptosystem

Public Key Directory (Yellow/White Pages)
Bob:

Plain Text Cipher Text Cipher Text

Plain Text

E Network D

Secret Key
Alice
Bob
INFO 2411
KPU

Public Key Encryption

No need for separate secret key with

each business partner
– Greatly simplifies key management
Unfortunately, highly processing-
intensive
– Can only encrypt small messages
– Exchanging single keys securely (later)
– Authentication (later)
INFO 2411
KPU

Main differences with DES

The public encryption key is different from
the secret decryption key.
Infeasible to find out the secret decryption
key from the public encryption key.
No need for Alice & Bob to distribute a
shared secret key beforehand !
Only one pair of public and secret keys for
each user !

INFO 2411
KPU

Realising public key ciphers

The most famous system that
implements Diffie & Hellman’s ideas
on public key ciphers is due to
– Ronald Rivest
– Adi Shamir
– Leonard Adleman
This public key cryptosystem is called
RSA.
INFO 2411
 KPU

RSA Public Key system

Public Key Directory (Yellow/White Pages)

Bob: (e, n)

public key:
e &n
Plain Text Cipher Text Cipher Text Plain Text

c= m=
Network
me mod n cd mod n

Alice secret key: d

Bob
INFO 2411
KPU

RSA (1)
Bob:
– chooses 2 large primes (each at least 100
digits): p, q
multiplies p and q: n = p*q
– finds out two numbers e & d such that
e * d = 1 (mod (p-1)(q-1))

INFO 2411
KPU

RSA (1)
Bob:
– public key (published in the phone book)
2 numbers: (e, n)
encryption algorithm: modular
exponentiation
– secret key: d

INFO 2411
KPU

RSA (2)
Alice has a message m to be sent to
Bob:
– finds out Bob’s public encryption key
(e, n)
– calculates
c = me (mod n)
– sends the ciphertext c to Bob

INFO 2411
KPU

RSA (3)
Bob:
– receives the ciphertext c from Alice
– uses his matching secret decryption key
d to calculate
m = cd (mod n)

INFO 2411
KPU

RSA --- a small example (1)

Bob:
– chooses 2 primes: p=5, q=11
multiplies p and q: n = p*q = 55
– finds out two numbers e=3 & d=27
which satisfy
3 * 27 = 1 (mod 40)

INFO 2411
KPU

RSA --- a small example (1)

Bob:
– Bob’s public key
2 numbers: (3, 55)
encryption alg: modular exponentiation
– secret key: 27

INFO 2411
KPU

RSA --- a small example (2)

Alice has a message m=13 to be sent
to Bob:
– finds out Bob’s public encryption key (3,
55)
– calculates
c = me (mod n)
= 133 (mod 55)
= 2197 (mod 55) = 52
– sends the ciphertext c=52 to Bob
INFO 2411
KPU

RSA --- a small example (3)

Bob:
– receives the ciphertext c=52 from Alice
– uses his matching secret decryption key
27 to calculate
m = 5227 (mod 55)
= 13 (Alice’s message)

INFO 2411
KPU

Use of private
and public key
ciphers in Practice

INFO 2411
KPU

Private key ciphers

Good points
– in-expensive to use
– fast
– low cost VLSI chips available
Bad points
– key distribution is a problem

INFO 2411
KPU

Combining 2 type of ciphers

In practice, we
– use a public key cipher (such as RSA) to
distribute keys
– use a private key cipher (such as DES) to
encrypt and decrypt messages

INFO 2411
KPU

Combining Public, Single

Key
Not competitors--Used Together in
Practice
– Use public key encryption for short
initial messages to negotiate security
methods to be used during the
A transactions. Initially Use B
Public Key Encryption

INFO 2411
KPU

Combining Public, Single

Key
Not competitors--Used Together in
Practice
– Thereafter, both sides use the single
session key to encrypt longer messages.

INFO 2411
KPU

Combining Public, Single

Key

Single Single
Session Session
Key Key
A B

INFO 2411
KPU

Hybrid Cryptosystem (1)

Public Key Directory (Yellow/White Pages)
Bob:

encrypted encrypted
DES key
DES key DES key DES key

E Network D

Secret Key
Alice
Bob
INFO 2411
KPU

Hybrid cryptosystem (2)

Plain Text Cipher Text Original
Cipher Text Plain Text

Network D
E
or Storage

DES key DES key

Alice Bob

INFO 2411
KPU

Aside: Characters to Numbers

Process: to translate a collection of characters

to a number
– convert the characters to ASCII
– treat the ASCII code like a binary number and
convert it to decimal
it

0110100101110100

214 x 213 x 211 x 28 x 26 x 25 x 24 x 22

26996
INFO 2411
KPU

Aside: Numbers to Characters

Process: to translate a number to a collection of

characters
– convert the number to binary
– treat the binary number like an ASCII code

26995

0110100101110011

is
INFO 2411
KPU

RSA Example

Select p and q to be two digit primes: p = 41, q =

53
Then n = pq = 2173 and (p-1)(q-1) = 40*52 = 2080
Select any d between 54 and 2079 which does not
share any factors with 2080, say d = 623
Now, compute e so that ed = 1 mod 2173
It turns out that e = 207 works since 207*623 =
128961 which when divided by 2080 leaves a
remainder of 1

INFO 2411
KPU

Message
Now we need to divide the message into
blocks of bits
– RULE: find the highest power of 2 less than n
– In our case, n = 2173 and 211 = 2048 but 212 =
4096
– So, divide the plaintext into blocks of 11 bits
Encrypt the message “JABBERWOCKY”

01011010 01000001 01000010 01000010 01000101

01010010 01010111 01001111 01000011 01001011
01011001

INFO 2411
KPU

Blocks
The 11 bit blocks and their decimal equivalent
are: binary decimal
01011010010 722
00001010000 80
10010000100 1156
10001010101 1109
00100101011 299
10100111101 1341
00001101001 105
01101011001 857

This represents the 8 message blocks, m1 through m8 which

will be transformed into 8 ciphertext blocks c1 through c8
INFO 2411
KPU

Ciphertext
The ciphertext is generated by:
722207 = 1794 = c1 mod 2173
80207 = 1963 = c2 mod 2173
1156207 = 1150 = c3 mod 2173
1109207 = 702 = c4 mod 2173
299207 = 145 = c5 mod 2173
1342207 = 593 = c6 mod 2173
105207 = 2013 = c7 mod 2173
857207 = 1861 = c8 mod 2173

So the transmitted message is

1794 1963 1150 702 145 593 2013 1861
INFO 2411
KPU

Decipher

To decipher the message:

1794623 = 722 = m1 mod 2173
1963623 = 80 = m2 mod 2173
1150623 = 1156 = m3 mod 2173
702623 = 1109 = m4 mod 2173
145623 = 299 = m5 mod 2173
593623 = 1341 = m6 mod 2173
2013623 = 105 = m7 mod 2173
1861623 = 857 = m8 mod 2173

Convert these numbers back to binary, the binary back to

characters and the plaintext message reappears
INFO 2411
KPU

RSA Performance

Key Generation is slow

Ciphertext generation is about
1000 times slower than DES
Often times, RSA is used to
protect session keys which are
used with DES

INFO 2411