LECTURE SEVEN

PUBLIC-KEY CRYPTOGRAPHY
INTRODUCTION

Public-key cryptography has been said to

be the most significant new development
in cryptography in the last 300-400
years. Modern PKC was first described
publicly by Stanford University professor
Martin Hellman and graduate student
Whitfield Diffie in 1976. Their paper
described a two-key crypto system in
which two parties could engage in a
secure communication over a non-secure
communications channel without having
to share a secret key.
PKC depends upon the existence of so-
called one-way functions, or
mathematical functions that are easy to
computer whereas their inverse function
is relatively difficult to compute.
Multiplication vs. factorization:

For example: Given value 9 and 16, to calculate the product, it will take milliseconds but
factoring will take longer

Exponentiation vs. logarithms: number 3 to the 6th power; again, it is easy to calculate
36=729. but logx 729 = y, it will take longer time find x and y .

 The examples above represent two of the functional pairs that are used with PKC;
namely, the ease of multiplication and exponentiation versus the relative difficulty of
factoring and calculating logarithms, respectively.
 The mathematical "trick" in PKC is to find a trap door in the one-way function so that
the inverse calculation becomes easy given knowledge of some item of information.
 Generic PKC employs two keys that are mathematically related although knowledge
of one key does not allow someone to easily determine the other key. One key is
used to encrypt the plaintext and the other key is used to decrypt the cipher-text.
The important point here is that it does not matter which key is applied first,
but that both keys are required for the process to work (Figure 3B). Because a pair
of keys is required, this approach is also called asymmetric cryptography.
 In PKC, one of the keys is designated the public key and may be advertised as widely
as the owner wants.
 The other key is designated the private key and is never revealed to another party.
It is straight forward to send messages under this scheme.
 Suppose Alice wants to send Bob a message. Alice encrypts some information using
Bob's public key; Bob decrypts the cipher-text using his private key. This method
could be also used to prove who sent a message; Alice, for example, could encrypt
some plaintext with her private key; when Bob decrypts using Alice's public key, he
knows that Alice sent the message and Alice cannot deny having sent the message
(non-repudiation).
 Public-key cryptography algorithms that are in use today for key exchange or
digital signatures include:
 RSA: The first, and still most common, PKC implementation, named after its
inventors — Ronald Rivest, Adi Shamir, and Leonard Adleman. RSA today is
used in hundreds of software products and can be used for key exchange,
digital signatures, or encryption of small blocks of data. RSA uses a variable
size encryption block and a variable size key. The key-pair is derived from a
very large number, n, that is the product of two prime numbers chosen
according to special rules; these primes may be 100 or more digits in length
each, yielding an n with roughly twice as many digits as the prime factors.
The public key information includes n and a derivative of one of the factors of
n; an attacker cannot determine the prime factors of n (and, therefore, the
private key) from this information alone and that is what makes the RSA
algorithm so secure.
 Diffie-Hellman: After the RSA algorithm was published, Diffie and Hellman
came up with their own algorithm. D-H is used for secret-key key exchange
only, and not for authentication or digital signatures.
 Digital Signature Algorithm (DSA): The algorithm specified in NIST's Digital
Signature Standard (DSS), provides digital signature capability for the
authentication of messages.
 ElGamal: Designed by Taher Elgamal, a PKC system similar to Diffie-Hellman
and used for key exchange.
  Elliptic Curve Cryptography (ECC): A PKC algorithm based upon elliptic
curves. ECC can offer levels of security with small keys comparable to RSA
and other PKC methods. It was designed for devices with limited compute
power and/or memory, such as smartcards and PDAs.

 Hash Functions
Hash functions, also called message digests and one-way encryption, are
algorithms that, in some sense, use no key (Figure 3C). Instead, a fixed-length
hash value is computed based upon the plaintext that makes it impossible for
either the contents or length of the plaintext to be recovered. Hash algorithms are
typically used to provide a digital fingerprint of a file's contents often used to
ensure that the file has not been altered by an intruder or virus. Hash functions are
also commonly employed by many operating systems to encrypt passwords. Hash
functions, then, provide a measure of the integrity of a file.

Why Three Encryption Techniques?

So, why are there so many different types of cryptographic schemes? Why can't we do
everything we need with just one?

The answer is that each scheme is optimized for some specific application(s). Hash
functions, for example, are well-suited for ensuring data integrity because any change made
to the contents of a message will result in the receiver calculating a different hash value
than the one placed in the transmission by the sender. Since it is highly unlikely that two
different messages will yield the same hash value, data integrity is ensured to a high degree
of confidence.

Secret key cryptography, on the other hand, is ideally suited to encrypting messages, thus
providing privacy and confidentiality. The sender can generate a session key on a per-
message basis to encrypt the message; the receiver, of course, needs the same session key
to decrypt the message.

Key exchange, of course, is a key application of public-key cryptography (no pun intended).
Asymmetric schemes can also be used for non-repudiation and user authentication; if the
receiver can obtain the session key encrypted with the sender's private key, then only this
sender could have sent the message. Public-key cryptography could, theoretically, also be
used to encrypt messages although this is rarely done because secret-key cryptography
operates about 1000 times faster than public-key cryptography.
IGURE 4: Sample application of the three cryptographic techniques for secure communication.

Figure 4 puts all of this together and shows how a hybrid cryptographic scheme combines all
of these functions to form a secure transmission comprising digital signature and digital
envelope. In this example, the sender of the message is Alice and the receiver is Bob.

A digital envelope comprises an encrypted message and an encrypted session key. Alice
uses secret key cryptography to encrypt her message using the session key, which she
generates at random with each session. Alice then encrypts the session key using Bob's
public key. The encrypted message and encrypted session key together form the digital
envelope. Upon receipt, Bob recovers the session secret key using his private key and then
decrypts the encrypted message.

The digital signature is formed in two steps. First, Alice computes the hash value of her
message; next, she encrypts the hash value with her private key. Upon receipt of the digital
signature, Bob recovers the hash value calculated by Alice by decrypting the digital
signature with Alice's public key. Bob can then apply the hash function to Alice's original
message, which he has already decrypted. If the resultant hash value is not the same as the
value supplied by Alice, then Bob knows that the message has been altered; if the hash
values are the same, Bob should believe that the message he received is identical to the
one that Alice sent.

This scheme also provides nonrepudiation since it proves that Alice sent the message; if the
hash value recovered by Bob using Alice's public key proves that the message has not been
altered, then only Alice could have created the digital signature. Bob also has proof that he
is the intended receiver; if he can correctly decrypt the message, then he must have
correctly decrypted the session key meaning that his is the correct private key.