TY B.

Tech Trimester-VIII (AY 2019-2020)

Computer Science and Engineering

Disclaimer:
a. Information included in these slides came from multiple sources. We have tried our
best to cite the sources. Please refer to the references to learn about the sources,
when applicable.
b. The slides should be used only for preparing notes, academic purposes (e.g. in teaching
a class), and should not be used for commercial purposes.
 Unit II: Mathematical Foundations and Public
Key Cryptography

Unit: Mathematical Foundations and Public Key Cryptography: 8

II Hrs
Mathematics for Security: Modular Arithmetic, Euclidean
Algorithm, Chinese Remainder Theorem, Discrete Logarithm,
Fermat Theorem, Secret Splitting and Sharing with
polynomials, Asymmetric key Cryptography: RSA. Hash
algorithms: SHA1, Digital Signatures: Symmetric Key
Signatures, Public Key Signatures.

12/3/2019 Information Security: Unit - II 2

 Laboratory: Lab Assignment

Assign No. Name of Assignment

B API Level - (Using Libraries) (Any two)

1 To program asymmetric key cryptography such as RSA cryptography using JAVA API, Python or C++
API.
2 To program basic cryptography hash algorithm SHA1 or MD5 Use Java or Python or C++ API.
Additionally demonstrate client server authentication using socket programming.
3 Write program for demonstration of digital signature and its verification using Java or Python or C++.

12/3/2019 Information Security: Unit - II 3

 Number Theory

 Prime Numbers
 Relative Prime Numbers
• Two numbers are called relatively prime if the greatest common divisor (GCD) of those
numbers is 1.
• 8 and 15 are relatively prime number.

• The factors of 8 are 1, 2, 4, 8 and the factors of 15 are 1, 3, 5, 15.

• Examples of relatively prime numbers are: (10, 21), (14, 15), (45, 91), ....

12/3/2019 Information Security: Unit - II 4

  The greatest common divisor (GCD) of two numbers can be determined by comparing their
prime factors and selecting the least powers of the factor.
 For example, the two numbers are 81 and 99.

12/3/2019 Information Security: Unit - II 5

 Modular Arithmetic

• m mod n
• The mod with respect to n is (0, 1, 2, ... n - 1).
• Suppose m = 23 and n = 9, then
• 23 mod 9 = 5
• For any value of m, the value of m mod 9 is from (0, 1, 2, ... 8).

1. Addition of modular number

 The addition of two numbers p and q with same modular base n is:
(p mod n + q mod n) mod n = (p + q) mod n

12/3/2019 Information Security: Unit - II 6

 2. Subtraction of modular number
 The subtraction of two numbers p and q with same modular base n is:
(p mod n - q mod n) mod n = (p - q) mod n

3. Multiplication of modular number

 The multiplication of two numbers p and q with same modular base n is:
(p mod n * q mod n) mod n = (p * q) mod n

e.g. p = 11, q = 15
[(11 mod 8) + (15 mod 8)] mod 8 = 10 mod 8 = 2, (11 + 15) mod 8 = 26 mod 8 = 2
[(11 mod 8) – (15 mod 8)] mod 8 = –4 mod 8 = 4, (11 – 15) mod 8 = –4 mod 8 = 4
[(11 mod 8) x (15 mod 8)] mod 8 = 21 mod 8 = 5, (11 x 15) mod 8 = 165 mod 8 = 5
12/3/2019 Information Security: Unit - II 7
 Example 1: Find the value of 7^7 mod 9.

Note: m ^a mod n = m^pq mod n

where a = p * q = (mp mod n)q mod n

Example 2: Find the value of 5^117 mod 19.

Answer: 5^117 mod 19 = (5 * 17 * 16 * 9 * 5) mod 19

= 61200 mod 19
=1
12/3/2019 Information Security: Unit - II 8
 Fermat’s Little Theorem

 If p is prime and a is an integer not divisible by p, then . . .

ap = a mod p.
ap-1 = 1 mod p
 Hence, ap-1 mod p = 1 where, p is prime and GCD (a, p) = 1

 E.g. 812 mod 13 = 1 mod 13 =1

 8103 mod 103 = 8 mod 103 = 8
 This theorem is useful in public key (RSA) and primality testing.

Example 3: Suppose a = 7 and p = 19 then prove Fermat’s Little theorem

Example 4: Compute the value of 12345^23456789 mod 101 using Fermat’s theorem

12/3/2019 Information Security: Unit - II 9

 Fermat’s little theorem and its congruence

 Suppose a positive integer be p and two integers x and y are congruent mod p.
Mathematically, x ≡ y mod p if p | (x-y)
For example:
i) 5 ≡ 2 mod 3
ii) 23 ≡ -1 mod 12

12/3/2019 Information Security: Unit - II 10

 Euler Totient Function ø(n)

 ø (n) = how many numbers there are between 1 and n - 1 that are relatively prime to n.
 ø (4) = 2 (1, 3 are relatively prime to 4)
 ø (5) = 4 (1, 2, 3, 4 are relatively prime to 5)
 ø (6) = 2 (1, 5 are relatively prime to 6)
 ø (7) = 6 (1, 2, 3, 4, 5, 6 are relatively prime to 7)

For prime p, ø(p) = p -1 e.g. ø(37) = 36

Two prime p, q with p ≠ q, ø(n) = ø(p.q) = (p -1) x (q -1) e.g. ø(21) = (3–1) x (7–1) = 2 x 6 = 12
Where 12 integers are [1, 2, 4, 5, 8, 10, 11, 13, 16, 17, 19, 20]

 This theorem generalizes Fermat’s theorem and is an important key to the RSA algorithm.

12/3/2019 Information Security: Unit - II 11

  Euler’s theorem, for every a and p that are relatively prime:
aФ(p) = 1 (mod p) i.e. aФ(p) mod p = 1

 In other words, If a and p are relatively prime, with a being the smaller integer, then when we
multiply a with itself (p) times and divide the result by p, the remainder will be 1.

12/3/2019 Information Security: Unit - II 12

 Euclidean Algorithm

• Suppose p and q are two numbers.

• GCD (p, q) is the largest number that divides evenly both p and q.

• Euclidean algorithm is used to compute the greatest common divisor (GCD) of two integer
numbers.

• Euclid theorem: GCD(p, q) = GCD(q, p mod q)

Example:
1. Compute GCD (997, 366) using Euclid's algorithm
2. Compute GCD (2222, 1234) using Euclid's algorithm.

12/3/2019 Information Security: Unit - II 13

 1. Compute GCD (997, 366) using Euclid's algorithm
2. Note: Every time divide the divisor by remainder
 997 = 2 * 366 + 265
366 = 1 * 265 + 101
265 = 2 * 101 + 63
101 = 1 * 63 + 38
63 = 1 * 38 + 25
38 = 1 * 25 + 13
25 = 1 * 13 + 12
13 = 1 * 12 + 1
12 = 12 * 1 + 0
GCD (997, 366) = 1
12/3/2019 Information Security: Unit - II 14
 2. Compute GCD (2222, 1234) using Euclid's algorithm
 2222 = 1 * 1234 + 988
1234 = 1 * 998 + 246
998 = 4 * 246 + 4
246 = 61 * 4 + 2
4=2*2+0 GCD (2222, 1234) = 2

12/3/2019 Information Security: Unit - II 15

 Extended Euclidean Algorithm

• Suppose p and q are two integer numbers. There exist two integers x and y such that
xp + yq = GCD(p, q).
Extended Euclidean algorithm is used to find the value of x and y.

 Write the two linear combinations vertically as shown below and apply Euclid's algorithm to
get g = GCD(p, q) and the values of x and the y to satisfy the equation
 xp + yq = g.

 x = 1.x + 0.y
 y = 0.x+1.y
 r = 1.x + (-z) .y

12/3/2019 Information Security: Unit - II 16

 • Find integers p and q such that 51p + 36q = 3. Also find the GCD (51, 36)

• 3 = 15 - 6(2)
• 3 = 15 - [36 - 15(2)](2)
• 3 = 15(5) - 36(2)
• 3 = [51 - 36(1)](5) - 36(2)
• 3 = 51(5) - 36(5) - 36(2)
• 3 = 51(5) - 36(7)
• 3 = 51(5) + 36(-7)
• Therefore, the values of p = 5 and q = -7 and GCD = 3.

12/3/2019 Information Security: Unit - II 17

 Chinese Remainder Theorem

 used to speed up modulo computations if working modulo a product of numbers

• eg. mod M = m1m2..mk
 Chinese Remainder theorem work in each moduli mi separately
 since computational cost is proportional to size, this is faster than working in the full modulus M

 can implement CRT in several ways

 to compute A (mod M)
• first compute all ai = A mod mi separately
• determine constants ci below, where Mi = M/mi
• then combine results to get answer using:

12/3/2019 Information Security: Unit - II 18

 Chinese Remainder Theorem: If m1, m2, .., mk are pairwise relatively prime positive integers,
and if a1, a2, .., ak are any integers, then the simultaneous congruences,
x ≡ a1 (mod m1), x ≡ a2 (mod m2), ..., x ≡ ak (mod mk) have a solution, and the solution is
unique modulo m, where m = m1 m2,⋅⋅⋅.. mk

Example: Solve the simultaneous congruences

x ≡ 6 (mod 11), x ≡ 13 (mod 16), x ≡ 9 (mod 21), x ≡ 19 (mod 25).

Ans: 89469

12/3/2019 Information Security: Unit - II 19

 We will construct a solution x.
First, let Mk = m/mk for k = 1, 2, . . . , n and m = m1 m2,⋅⋅⋅.. mk.
Since gcd(mk, Mk ) = 1, the number Mk has a multiplicative inverse yk modulo mk .
i.e., Mk yk ≡ 1( mod mk )
Now we let x = a1M1y1 + a2M2y2 + · · · + anMnyn
Why does this x satisfy all the congruences?
If j ≠ k then Mj ≡ 0( mod mk ), since Mj contains mk as a factor.
Thus x mod mk = 0 + akMkyk mod mk
= (ak mod mk )(Mk yk mod mk )
= (ak mod mk ) · 1
= ak mod mk
12/3/2019 Information Security: Unit - II 20
12/3/2019 Information Security: Unit - II 21
 Example: Find the smallest multiple of 10 which has remainder 1 when divide by 3, remainder 6
when divided by 7 and remainder 6 when divided by 11.

12/3/2019 Information Security: Unit - II 22

 Public Key Cryptography

Asymmetric Key Encryption: Example

My name is
Encrypt G%er@17*
Umesh

Algorithm K1

My name is
G%er@17* Decrypt
Umesh

Algorithm K2

12/3/2019 Information Security: Unit - II 23

 Matrix of Keys

Key details A B
should know should know
A’s private key Yes No
A’s public key Yes Yes
B’s private key No Yes
B’s public key Yes Yes

12/3/2019 Information Security: Unit - II 24

 Public-Key Applications

 can classify uses into 3 categories:

• encryption/decryption (provide secrecy)
• digital signatures (provide authentication)
• key exchange (of session keys)
 some algorithms are suitable for all uses, others are specific to one

12/3/2019 Information Security: Unit - II 25

 Symmetric Encryption Asymmetric Encryption

Symmetric encryption is fast in execution Asymmetric Encryption is slow in execution due

to the high computational burden
Symmetric encryption uses a single key for both Asymmetric encryption uses a different key for
encryption and Decryption encryption and decryption

Size of resulting encrypted text usually same or Size of resulting encrypted text more than
less than original original
Problem of Key Exchange No Problem of Key Exchange
Easier to implement Practically more difficult
Exemple: DES, 3DES, AES, and RC4 Exemple: Diffie-Hellman, RSA.

12/3/2019 Information Security: Unit - II 26

 RSA Algorithm
1. Choose two large prime numbers P and Q. Ron Rivest, Adi Shamir and Leonard Adleman
• Exchange of key is not required.
2. Calculate N = P x Q.

3. Select the public key (i.e. the encryption key) E such that it is not a factor of (P – 1) and (Q – 1)

4. Select the private key (i.e. the decryption key D) : (D x E) mod (P – 1) x (Q – 1) = 1

5. For encryption, calculate the cipher text CT from the plain text PT : CT = PTE mod N

6. Send CT as the cipher text to the receiver.

7. For decryption, calculate the plain text PT from the cipher text CT as follows:
PT = CTD mod N
12/3/2019 Information Security: Unit - II 27
  B’s public key as 5 (known to A and B) and B’s private key as 77 (known only to B)
 P = 7 and Q = 17

Encryption algorithm Decryption algorithm

using the public key using the private key

1. Encode the original 1. Raise the number to the

character using A = 1, B = 2 etc power D, here 77.

2. Raise the number to the 2. Divide the result by 119 and

power E, here 5. get the remainder. The resulting
number is the cipher text.
3. Divide the result by 119 and
get the remainder. The resulting 3. Decode the original character
number is the cipher text. using 1 = A, 2 = B etc.

A F F 6 4177 F
41 B
65
Result modulo 119 Result modulo 119
= 41 6 F
12/3/2019 Information Security: Unit - II 28
 RSA En/decryption

 by Ron Rivest, Adi Shamir and Leonard Adleman of MIT in 1977

 best known & widely used public-key scheme
 based on exponentiation in a finite (Galois) field over integers modulo a prime
 uses large integers (eg. 1024 bits)

12/3/2019 Information Security: Unit - II 29

 RSA Key Setup

 each user generates a public/private key pair by: selecting two large primes at random:
p, q
 computing their system modulus n = (p * q)
 Compute: ø(n) = (p -1)(q -1)
 selecting at random the encryption key (public) e, where 1< e < ø(n), gcd(e,ø(n)) = 1
 solve following equation to find decryption key d
d * e = 1 mod ø(n) and 0 ≤ d ≤ n
 publish their public encryption key: PU = {e, n}
 keep secret private decryption key: PR = {d, n}
12/3/2019 Information Security: Unit - II 30
  to encrypt a message M the sender:
• obtains public key of recipient PU = {e, n}
• computes Ciphertext : C = Me mod n, where 0 ≤ M < n
 to decrypt the ciphertext C the owner:
• uses their private key PR = {d, n}
• computes: M = Cd mod n
 note that the message M must be smaller than the modulus n (block if needed)

12/3/2019 Information Security: Unit - II 31

 Why RSA Works

 because of Euler's Theorem:

• aø(n) mod n = 1 where gcd(a, n) = 1
 in RSA have:
• n = p*q
• ø(n) = (p-1)(q-1)
• carefully chose e & d to be inverses mod ø(n)
• hence e * d = 1+ k * ø(n) for some k
 hence :
Cd = (Me.)d = Me.d = M1+ k.ø(n) = M1.(Mø(n))k
= M1.(1)k = M1 = M mod n
12/3/2019 Information Security: Unit - II 32
 RSA Example - Key Setup

1. Select primes: p = 17 & q = 11

2. Calculate n = pq = 17 x 11 = 187
3. Calculate ø(n) = (p - 1)(q - 1) = 16 x 10 = 160
4. Select e: gcd(e,160) = 1; choose e = 7
5. Determine d: de = 1 mod 160 and d < 160
Value is d = 23 since 23 x 7 =161 = 10 x 160 + 1
6. Publish public key PU = {7,187}
7. Keep secret private key PR = {23,187}

12/3/2019 Information Security: Unit - II 33

 RSA Example - En/Decryption

 sample RSA encryption/decryption is:

8. given message M = 88 (nb. 88 < 187)
9. encryption:
C = 887 mod 187 = 11
10. decryption:
M = 1123 mod 187 = 88

12/3/2019 Information Security: Unit - II 34

  Choosing the right keys is the real challenge.
 Knowing e and n an attacker could find the value of private key d by trial and error.
 Attacker needs to find out values of p and q using n as n = p x q.
 For small it may be easy to find out p and q out of n.
 But in actual practice p and q are chosen as very large numbers.
 Therefore factoring N to get p and q is not at all easy. It is complex and time consuming.
Key size may be 309 decimal digits or more than that.

12/3/2019 Information Security: Unit - II 35

 Advantages of RSA
 Can be used for both encryption as well as for digital signature.
 Trapdoor in RSA is in knowing value of n but not knowing the primes of that are factors of n

Disadvantages of RSA

 If any one value of p, q, Φ(n) and e is known then the other values can be calculated.
 To protect the encryption, the minimum number of bits in n should be of 2048 bits.

12/3/2019 Information Security: Unit - II 36

 Example 1: The parameters given are p = 5, q = 17. Find out the possible public keys
and private key for RSA algorithm. Also encrypt the message “4”.

Example 2: Using RSA algorithm to encrypt the message m = “6” use parameters p = 3,

q = 17, e = 7, calculate decryption key.

12/3/2019 Information Security: Unit - II 37

 Message Digest: MD 5 and SHA -1

 The digest is sometimes called the "hash" or "fingerprint" of the input.

 Hash value is used to check the integrity of the message

 MD5 processes a variable-length message into a fixed-length output of 128 bits.

12/3/2019 Information Security: Unit - II 38

 Algorithm:
 Step -1: Padding
 Step - 2: Append length
 Step - 3: Divide the input into 512-bit blocks.
 Step - 4: Initialize chaining variables (4 variables)
 Step - 5: Process blocks

12/3/2019 Information Security: Unit - II 39

 Step 1: Padding
 To make the length of the original message equal to a value, which is 64 bits less than an exact multiple
of 512
 Note: Padding is always added, even if the original message is already 64 bits less than a multiple of 512

Original Message + Padding (1-512 bits)

Original Message Padding

The total length of this should be 64 bits less than a multiple of 512

For example, it can be 448 bits (448 = 512 – 64) or 960 bits
(960 = [2 x 512] – 64) or 1472 (1472 = [3 x 512] – 64), etc.
12/3/2019 Information Security: Unit - II 40
 Step 2: Append length
 Add a 64-bit binary-string which is the representation of the message’s length
 If the original length is greater than 264, then only the low-order 64 bits of the length are used.
 Thus, field contains the length of the original message, modulo 264.

Original Message Padding (Optional) + Length

Original Message Padding (Optional) Length

64 bits
Data to be hashed (digested)

The length of the original message (excluding the padding) is calculated, and is appended to
the end of the message block + padding. This length is expressed in 64 bits. If the length of
the message exceeds 64 bits (i.e. it is greater than 264, then only the last 64 bits of the length
are used, i.e. a modulus 64 of the length is taken. After the 64-bit length of the message is
appended, this becomes the final message (i.e. the message to be hashed).
12/3/2019 The length of the message is nowInformation
a multiple Security:
of 512 bits.
Unit - II 41
 Step 3: Divide the input into 512-bit blocks

Data to be hashed (digested)

Block 1 Block 2 Block 3 … Block n

512 bits 512 bits 512 bits … 512 bits

12/3/2019 Information Security: Unit - II 42

 Step 4: Initialize MD buffer

 A four-word buffer (A, B, C, D) is used to compute the message digest.

 Here each of A, B, C, D is a 32 bit register.

12/3/2019 Information Security: Unit - II 43

 Step 5: Process Blocks (or message)

 Divide the 512- bit block into 16 sub-blocks.

 Each sub-block undergoes 4 rounds of operations. Total 16 operations are performed.

Block 1 (512 bits)

Sub block 1 Sub block 2 … Sub block 16

32 bits 32 bits … 32 bits

12/3/2019 Information Security: Unit - II 44

 A = B + (( A + Process F (B, C, D) + Mi + Ki ) <<< s )

 There are four possible functions F; a

different one is used in each round:
Round Process F
1 ( B AND C ) OR (( NOT B) AND (D))
2 (B AND D) OR (C AND (NOT D))
3 B XOR C XOR D
4 C XOR ( B OR (NOT D))

12/3/2019 Information Security: Unit - II 45

 Types of Attack on Hashes

 Preimage: An attacker has an output and finds an input that hashes to that output
 2nd Preimage: An attacker has an output and an input x and finds a 2nd input that produces
the same output as x
 Collision: An attacker finds two inputs that hash to the same output
 Length Extension: An attacker, knowing the length of message M and a digest of M signed
by a sender can extend M with an additional message N and can compute the digest of M || N
even without the key used to sign the digest of M

12/3/2019 Information Security: Unit - II 46

 Secure Hash Algorithm (SHA)
 SHA is a modified version of MD5. (Published in 1993)
 SHA works any input message less than 264 bits and produces a hash value of 160 bits.
 SHA is designed to be computationally infeasible to:
• Obtain the original message
• Find two message producing the same MD.

12/3/2019 Information Security: Unit - II 47

 Algorithm:
 Step -1: Padding
 Step - 2: Append length
 Step - 3: Divide the input into 512-bit blocks.
 Step - 4: Initialize chaining variables (5 variables)
 Step - 5: Process blocks

12/3/2019 Information Security: Unit - II 48

 Process each block with A, B, C, D, E

12/3/2019 Information Security: Unit - II 49

 Comparison of MD5 and SHA

Point of discussion MD5 SHA

Message digest length in bits 128 160
Attack to try and find the original Requires 2128 operations to break in Requires 2160 operations to
message given a message digest break in, therefore more secure

Attack to try and find two Requires 264 operations to break in Requires 280 operations to
messages producing the same break in
message digest
Successful attacks so far There have been reported attempts to No such claims so far
some extent
Speed Faster (64 iterations, and 128-bit Slower (80 iterations, and 160-
buffer) bit buffer)
Software implementation Simple, does not need any large Simple, does not need any large
programs or complex tables programs or complex tables
12/3/2019 Information Security: Unit - II 50
 Symmetric and Asymmetric Key Cryptography Together

12/3/2019 Information Security: Unit - II 52

  Takes the one-time symmetric key (i.e. K1), and encrypts K1 with B’s public key (K2). This process
is called key wrapping of the symmetric key

12/3/2019 Information Security: Unit - II 53

  A puts the cipher text CT and the encrypted symmetric key together inside a digital envelope.

12/3/2019 Information Security: Unit - II 54

12/3/2019 Information Security: Unit - II 55
12/3/2019 Information Security: Unit - II 56
 Digital Signature Techniques
 DSS uses SHA-1
 RSA and DSA
RSA and Digital Signature

12/3/2019 Information Security: Unit - II 57

 Digital Signature Algorithm (DSA)

 creates a 320 bit signature with 512-1024 bit security

 smaller and faster than RSA

 a digital signature scheme only

 security depends on difficulty of computing discrete logarithms

 variant of ElGamal & Schnorr schemes

12/3/2019 Information Security: Unit - II 58

 DSA Key Generation

 have shared global public key values (p, q, g):

Note: L will be one member of the set {512,
– choose a large prime p with 2L-1 < p < 2L 576, 640, 704, 768, 832, 896, 960, 1024}
• where L= 512 to 1024 bits and is a multiple of 64
– choose 160-bit prime number q
• such that q is a 160 bit prime divisor of (p-1)
– choose g = h(p-1)/q
• where 1 < h < p-1 and h(p-1)/q mod p > 1
 users choose private & compute public key:
– choose random private key: x < q
– compute public key: y = gx mod p
12/3/2019 Information Security: Unit - II 59
 DSA Signature Creation

 to sign a message M the sender:

 generates a random signature key k, k < q
 then computes signature pair:
r = (gk mod p) mod q
s = [k-1(SHA(M) + x * r)] mod q
 sends signature (r, s) with message M

12/3/2019 Information Security: Unit - II 60

 DSA Signature Verification

 having received M & signature (r, s)

 to verify a signature, recipient computes:
w = s-1 mod q
u1= [SHA(M) * w ] mod q
u2 = (r * w) mod q
v = [(gu1 * yu2) mod p] mod q
 if v = r then signature is verified

12/3/2019 Information Security: Unit - II 61

 Discrete Logarithms
 The inverse problem to exponentiation is to find the discrete logarithm of a number modulo p
that is to find i such that b ≡ ai (mod p) where, 0≤i≤(p-1)
 This is written as i = dloga b (mod p)
 if a is a primitive root then it always exists, otherwise it may not, eg. (Ex) p=11, a=2, b=9, since
 Ex: p=11, a=2, b=9, x=? b(p-1)/2 ≡95≡1,then check for
even numbers {0,2,4,6,8,10}
x = log3 4 mod 13 has no answer only to find x=6 such that
26 ≡ 9 (mod 11)
x = log2 3 mod 13 = 4 by trying successive powers
 whilst exponentiation is relatively easy, finding discrete logarithms is generally a hard problem
 used in Diffe-Hellman and the digital signature algorithm.

12/3/2019 Information Security: Unit - II 62

12/3/2019 Information Security: Unit - II 65
 Discrete Logarithms mod 19

12/3/2019 Information Security: Unit - II 66

 Secret Splitting and Sharing with polynomials:
Shamir’s Secret Sharing Scheme(SSSS)
Problem: Eleven scientists are working on a secret project. They wish to lock up the
documents in a cabinet so that the cabinet can be opened if and only if six or more of the
scientists are present.
What is the smallest number of locks needed?
What is the smallest number of keys to the locks each scientist must carry?

Secret Sharing is an algorithm in cryptography created by Adi Shamir. It is a form of secret

sharing, where a secret is divided into parts, giving each participant its own unique part.

12/3/2019 Information Security: Unit - II 67

 More particularly Shamir Secret Sharing Scheme (SSSS) enables to split a secret S in n
parts such that with any k-out-of-n pieces you can reconstruct the original secret S, but with
any k-1 pieces no information is exposed about S. That is conventionally called a (n, k)
threshold scheme.

12/3/2019 Information Security: Unit - II 68

.
from the polynomial:
Example

 Suppose that our secret is 1234

 We wish to divide the secret into 6 parts. (n = 6)
 where any subset of 3 parts, (k = 3) is sufficient to reconstruct the secret.
 At random we obtain two ( k - 1) numbers: 166 and 94.
 (a1 = 166; a2 = 94)
 Our polynomial to produce secret shares (points) is therefore:

 We construct 6 points

12/3/2019 Information Security: Unit - II 69

12/3/2019 Information Security: Unit - II 70
12/3/2019 Information Security: Unit - II 71
12/3/2019 Information Security: Unit - II 72