Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------

5.1 INTRODUCTION

In the real world , key management is the hardest part of

cryptology .Cryptanalysts often attack cipher system through their key

management .One of the problems facing symmetric cipher systems is key

distribution Keys must be distributed in secret , since knowledge of the key

gives knowledge of the massage .From the other side, keys are shared by

pairs , and could work well in small networks , but raised tremendously as

network grows up , since every pair of users must exchange keys .

The total numbers of key exchanges required in n-person network is

n(n-1)/2 .In six person network , 15 key exchange are required ,

in 1000 – person network ,nearly 500,000 key exchanges are requied .

Public key system are invented to over come the problems of key

distribution faced by symmetric (one - key) cipher systems .We summarize

the mentioned problems as follows :

First key must be distributed in secret .

Second : If key is compromised , then stranger can share the system

as member .

Third : number of key increases rapidly as users increased .

Public key cryptography based on one-way hash function (trap-door

function),that is depend on two keys public key used for encryption process

and it is available for every one in the network, the second key is the secret

key which is used for decryption processes , and every person in the

network has his own secret keys .In another meaning users have their own

secret keys and share others with public keys .Since public key is known

for every one , then A can communicate with B as follows :

1

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------A gets public key of B from database.

A encrypt his message using B public key and send it .

B decrypt the message using his own secret key .

5.2 ONE-WAY HAASAH FUNCTION:

The notion of one- way function is central to public key

cryptography .One way function are easy to compute , but it is significantly

hard (computationally) to reverse. That is given x , it is easy to compute

f(x) , but given f(x), it is hard to compute x .Breaking plate is a good

example of a one-way hash function , it is easy to smash a plate into

thousands of tiny pieces back together into a plate . One-way functions are

not useful in public key cryptography, in public key. We need a special

type of one –way function, that is trap-door one-way function, which has a

secret door (secret key) used to reverse the other direction .i.e giving f(x)

and some secret Value we can deduce.

5.3 PUBLIC KEY CRY TOGRAPHY:

The concept of public key or (exponential ciphers) was invented by

Whitfield Diffie and Martin Hellman and independently by Ralph Merkle

at 1976. Since 1976, numerous Public key cryptography algorithms have

been proposed, many of these are insecure, others are impractical, only a

few of them are secure and practical. Only three algorithms work well for

both encryption and digital signature, RSA, EIGamal, and Rabin. All of

them are much slower than symmetricp algorithms by 1000 limes.

Public key cryptography used two different keys, public key for

encrypting process, and secret key for decrypting process. Any one can use

public key and encrypt a message, but only those who have secret key are

2

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------allowed to decrypt the message. Mathematically, the process is based on

the trapdoor one-way function.Encryption is the easy direction, while

decryption is the hard direction unless he has the secret key.

Public key system encrypt a message block M c by computing

the exponential

C=Me mod n

Where e (public key) and are the keys of encryption transformation ,

M is restored by the same operation using different exponential d (secret

key):

M=Cd mod n

By symmetry, Encryption and decryption are commulative and malual

inverses, thus substituting 5.2 by 5.1:

M=(Md mod n)e mod n = Mde mod n = M

Encryption and decryption can be implemented using fast exponentiation

algorithm.

Figure 5-1 Fast exponentiation

3

Fastexp (a,z,n); rturn x = a mod n Begin Al := ai zi := zi x=1 While (zi<> 0) do Begin While (zI mod 2 =0) do Begin zI : = zI div 2 al:= (al*al) mod n; end; z1:=z1-1; x : =(x*a1) mod n; end; fastexp: = x; end;

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Using above algorithm then:

C = fastexp (m ,e , n)

M = fastexp (c ,d , n)

5.4 EXPONENTIAL CIPHER:Encryption and decryption transformations are based on modular

exponentiation. Modular arithmetic is easier to work with on computers,

because, it restricts She range of all intermediate values and the result.

Exponentiation in modular arithmetic is performed without huge

intermediate results. For example, to calculate a8 mod n, don't use the

naive approach and perfonn seven multiplications and one huge modular

reduction:

a8 mod n = (a . a. a. a . a . a. a. a) mod n

Instead, perform three smaller multiplications and three smaller modular

reductions:

a8 modn = ((a2 mod n)2 mod n)2 mod n also

a16 modn = (((a2 mod n)2 mod n)2 mod n)2 mod n

a25 mod n= (a . a24) mod n

=(a. a8 . a16) mod n

=(((a2 . a2)2)2 . (((a2)2)2)2) mod n

= ((((a2- a)2)2)2. a) mod n

=(((((((a2 mod n) .a) mod n)2 mod n)2 mod n)2 mod n) . a) mod n

Inverses is a problem of finding an integer x such that:

ax mod n = 1 a-1 = x mod n .

For example 3 and 7 are multiplicative inverses mod 10, because

21 mod 10 = 1. In general a-1 = x mod n has a unique solution if a and n

4

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------are relatively prime. If n is prime number then every number in the range

(1, n-1) is relatively prime to n and has exactly one inverse modulo in that

range. Femat's theorem and Euler's generalization can solve such a

problem.

Fermit's theorem:Let n is a prime number; then for every a such that gcd (a,n) =1:

a n-1 mod n =1

Totient Function:For n = p q and p, q are prime

Ø(n)=(p-1)(q-1)

Where Ø(n) is Euler totient function, the number of'elements in tlie

reduced set of residues modulo n.

Example: let p = 3, q = 5, 11 = p , q = 15 '.

Ø (15) = (3-1) (5-1) =8

There are eight elements in the reduced set of residues modulo 15 (1, 2, 4,

7, 8, 11, 13, 14) are relatively prime to 15

5.5 POHLIG-HELLMAN CIPHERS:

Pohlig-Helman scheme is not a symmetric algorithm because different keys

are used for encryption and decryption. It is not a public key scheme,

because the keys are easily derived from each other, both encryption and

decryption keys must kept secret .In the Pohlig-Helman scheme, the

modulus is chosen to be a large prime P. because P is prime,

then Ø(P) =P-1 , which is trivially derived from P, thus the scheme can

only be used for conventional encryption where e and d are both kept

secret.The enciphering and deciphering functions are thus given by :

5

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------C=Me mod p and M = Cd mod p

Where e d = l ( mod some complex number )

Example:

Let p = l l , whence Ø (p) = p – l = 10; chose d = 7 and compute e

e = inv(7,10) = 3 , M = 5

C = Me mod p = 53 mod l l = 4

M = Cd mod p = 47 mod l l = 5

5.6 RSA CIPHER SYSTEM:

One of the most well known and popular public key systems is the

RSA system, named after the first letters of the surnames of its designers

(Rivest, Shamir and Adleman of the Massachusetts lnstitute of Technology

MIT). The RSA based on the fact that it is relatively easy to calculate the

product of tow prime numbers, but giving the product it far more

complicated. First two prime numbers are generated (p and q of

length 100 -200 digit ), and their product is calculated and denoted by :

n = p* q

Chose e (encryption key ) randomly, relatively prime to p and q and

satisfy the following expression:

3 < e < (p – l) (q – l) and gcd [ e , (p – 1 ) * (p – 1 ) ] = 1

The value of e is used to determine another, d ( decryption key ) for which:

e d = 1 (mod (p -1) (q – 1))

d = e-1 mod ((p – 1) * (q – 1))

The public key consists of the pair (e. n). The encipherment of atext is

performed by taking the binary representation of a message divided into

blocks and denoted by M. the cipher block C is computed by raising the

6

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------decimal value of M To the power of e and taking the remainder of a

division by n:

Encrypt: C = Me mod n ciphertext

Decrypt M = Cd mod n plaintext

Public key gets its efficiency from the difficulty of factorizing large prime

numbers. Furthermore, it is almost impossible to calculate the value of d if

only the public key (e, n) is known. In order to calculate d then p and q

must be known too.

Example

Let p = 3, q = 17 ;

n = p * q , 3 x 17 = 51

(p – 1 ) (q – 1) = 2 x 16 = 32

Find a number e between 3 and 32 which has no factor in common with 32.

Let e = 7; d can be determined using equation 5.13, then d = 23

e d = 7 x 23 = 161 mod 32 = 1

Let M = 2 then using (5.14) C = 27 mod 51 = 26 and

2623 mod 51 = 261 . 262 . 264.2616 (mod 51 ) = 16 x 13 x 16 x 1 (mod 51) = 2

Figure 5-3 RSA algorithm

Example 2:

7

1 .Cenerate two large prime mumbers p and q.2 .Calculate their product n. = p* q .

3 .Determine encryption key e such that ; 3 > e < (p – 1) (q – 1) and Ø (n) = (p – 1) * (q – 1)

gcd ( e, (p – 1) ( q – 1 ) ) = 1 4 .Calculate d = d = e-1 mod (( p – 1 ) * ( q – 1 ) = e-1 mod Ø (n)

5 .Encrypt : C = Me mod n

6.Decrypt : M = Cd mod n

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Let p = 53 and q 61 , then pq 3233, and Ø (n)= (p – 1) (q -1) =52 X 61=

3120, the value of e must be chosen some where between 3 and 3233.

Assume e =71, we can calcuilate d with d =e–1 mod (p -1) (q – 1) = 71–1

mod 3120 = 157.

Assuume that the message is given by M = RENAISSANCE. And the

alphabet is represented by decimal values a = 00, b = 01, c = 02, ete. with

space = 26, And divided into 4 –digit blocks, then we can proceeds as

follows:

M = RE NA I S SA NC E

1704 1300 0818 1800 1302 0426

M1 M2 M3 M4 M5 M6

Now encrypt:

C1 = M171 mod 3233, = 1704 71 mod 3233 = 3106

C2 =M271 mod 3233 , C3 = M371m 3233, etc…

C = 3106 0100 0931 2691 1984 2927

C1 C2 C3 C4 C5 C6

And decrypt:

M1 = C1791 mod 3233 =3106791 mod 3233

M1 = C1791 mod 3233, M2 = C2791 mod 3233, M3 = C3791mod 3233, etc

5.7 KNAPSACK CIPHER :

Knapsack cipher system is a public key system based on the so –

called Knapsack problem . The Knapsack problem can be described as

follows .The vector A = (a1,a2,a3……..an) consist of positive integer .The

elements of this vector are multiplied by a binary vector denoted by

X=(x1,x2……xn) in which every xi ; i= 1,……..,n is either 0 or 1 . This

results is the sum s :

8

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------

S=

If X and A are given the value of S can be calculated with out any effort .

However if S and A are given , it is considerably move difficult to calculate

X. figure 5-3illustrates the knapsack problem . A Knapsack filled with a

selection of object) from a large set , each object has a different weight (the

elements of a correspond to the determine which items are in the

Knapsack?

In other word is it possible to determine the elements of X ? when A is

sufficiently large (more than 100 elements), it is almost impossible to

calculate X from a given S and A.

Figure 5-3 The knapsack

9

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------Now suppose A is selected such that Scan be calculated from X and A , but

the calculation of X given S and A is almost impossible , unless additional

information is available .The vector X would then represent the plaintext ,

which would be converted to a cipher text S with the aid of A. The

procedure is performed as follows :

Select two numbers , u and v, which are relatively prime and u > Σaj, the

knapsack vector A (which is a super – increasing sequence) is transformed

to vector B whose elements satisfy :

bi = V ai (mod u) for all values of i :

The vector B is made public u , v and A are kept secret .The vector X can

now enciphered to S according to S = BX . Deciphering of the cipher is

only possible if u ,v and A are available . The following procedure can be

used for deciphering :

Example :

Let A= (3,5,9,19), u = 40 ,v =7 , x =(0110)

10

1. Chose a knapsack vector A with super – increasing sequence .

2. Select two relatively prime number u and v where > 3. Transform vector A into vector B .

bi = vai (mod u) for all values of i .4. Make B public and keep u , v and secret 5. Encrypt S =BX

6. Decrypt X=v-1 S(mod u) =

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------

Figure 5-4 Knapsack Algorithm

5.8 PUBLIC KEY DIGITAL SIGNATURE ALGORITHM (DSA):In august 1991 , the national institute of standards and technology proposed the

digital signature algorithm (DSA). DSA is a variant of Schnorr and ELgamal

signature algorithm.

The following algorithm is Variant ofSchnorr and Elgamal signature algorithm, which

uses the following parameters:

P : 512 – 1024 bit prime number .

q : 160 bit prime , factor of p – 1 .

g = h(p-1)/q mod p, where h is any number less than p – 1 such that:

h(p-1)q mod p > 1 .

y = gx mod p .

x : private key < q.

k : random number < q.

x = (gk mod p) mod q.

s = k-1 (H(m) + xr )) mod q.

The algorithm makes use of a one- way hash function h(m) . p, q and g are public and

can be common across a net work of users. The private key is X , The public key is y.

To sign a message m follow the procedure shown in figure 5-6 .

11

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------

Figure 5-5 Digital Signature Algorithm

5.9 Key EXCHANGE:1. using public key : attacked by man- in – the –middle (cipher text attack), and

prevented by interlock protocol .

2. using digital signature , one way hash function .

3. Keys and messages transmission .

5.10 AUTHENTICATION Using one way function attacked by dictionary attack , prevented by using

SALT.e.g skid2,skid3 . DASS, Distributed Authentication Security Service for matual

authentication and key exchange.

5.11 PUBLIC KEY CRY PT ANALYSIS: 1. Mathematically: deduce d from n and e.

2. Guess (p -1) and (q-1)

3. Factoring n : having e ===> deduce d.

4. Chosen ciphertext attack: (Protocol attack): scenario:

eve wants Alice to sign m3; she generates ml and m2 Such that

m3 ml m2 (mod n)

m3d (m1d mod n) (m2d mod n)

moral: never use RSA to sign a random document presented by a stranger.

5. Common modulus: Known n,c1. c2., e1, and e2;

Select two random numbers r and s such that:

rel +,se2 1, assume r is negative:

( C1-1 )- r. c25 =m mod n

Moral: Don't share a common n among a group of users.

12

SENDER Generate a random mmber k<q. Generate r = (qr mod p ) mod q

S=k-1 (H(m)+xr) mod q Receiver:

Verify the signature by computing :w= S-1 mod qul= (h(m).w)mod q.

U2= (rw) mod q. v= ((qn1 yn2) mod p)mod q .

If bv = r then the signature is verfied

Chapter Five : Public key Cipher Systems ----------------------------------------------------------------------6. Genetic algorithm:

Choose a set of prime numbers such that the product of any two of them less than n

use fitness function with the following characteistics:

- Neglect all even numbers, and those least significant digit = 0.

- Neglect numbers, which are divided by 3.

- Generated numbers by mating should be relatively prime to e.

7. Crypt analysis knowing n and e:

8. It is possible for cryptanalyst to try every possible d, until he fined the correct one.

This is called brute-force attack. It is less efficient than other methods.

9. There is a common probabilistic algorithm for computing primesp and q.

10. Factoring n is the most obvious means of attack. Factoring a number means

finding its prime factors. There are some factoring algorithm such as number field

sieve (NFS), Quadratic sieve (QS), elliptic curve method (ECM), pollards Montecarlo

algorithm, ..., etc. In March 1994, a 129-digit (428-bit) number was factored using the

double prime variation of the multiple polynomial (QS) by a team of mathematician,

led by Lenstra. Volunteers on the Internet carried out the computation; 600 people and

1600 machines over the course of eight months. The machines communicated via

electronic mail sending their intermediate result to a central machine where the final

steps of analysis took Lessons learned:

• Knowledge of encryption/decryption pail of exponent for a given modulus (e, n),

enables attacker of factoring the modules.

• Knowledge of encryption/decryption pair of exponent for a given modulus (e,n), c,

n enables attacker to calculale other pairs with out factoring n.

• Common modulus should not been used in network.

• Messages should be padded with random values on low encryption exponents

• Decryption exponent should be large.

13