Chapter 3

Asymmetric Encryption
SRIDHAR IYER

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 1

Principles of Public key Cryptography
vAsymmetric encryption is a form of cryptosystem in which encryption and decryption are
performed using the different keys- one public key and one private key
vAlso known as public-key encryption
vIt uses mathematical functions rather than substitution and permutation
vMore secure from cryptanalysis than the symmetric encryption

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 2

Cont…
Asymmetric keys
ØTwo related keys, a public key and a private key, that are used to perform complementary
operations, such as encryption and decryption or signature generation and signature verification

Public key certificate

ØA digital document issued and digitally signed by the private key of a Certification authority that
fixes the name of a subscriber to a public key. The certificate indicates that the subscriber
identified in the certificate has sole control and access to the corresponding private key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 3

Cont…
Public key cryptographic algorithm
ØA cryptographic algorithm that uses two related keys, a public key and a private key

Public key infrastructure

ØA set of policies, processes, server platform, software and workstations used for the purpose of
controlling certificates and public-private key pairs, including the ability to issue, maintain, and
cancel public certificate

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 4

Public-key cryptosystem
Asymmetric algorithms rely on one key for encryption and a different but related key for
decryption
These algorithms have the following important characteristics
ØIt is computationally infeasible to determine the decryption key given only knowledge of the
cryptographic algorithm and the encryption key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 5

Cont…
Six ingredients:
§Plaintext - This is a readable message or data that is fed(served) into the algorithm as the input
§Encryption algorithm - The encryption algorithm performs various transformations on the
plaintext
§Public and private keys - this is a pair of keys that have been selected so that if one is used for
encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public key and the private key that is provided as input

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 6

Cont..
§Cipher text - this is the scrambled message produced as output
§Decryption algorithm - The algorithm that accepts the cipher text and matching key and
produces the original plain text

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 7

 Encryption with Public Key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 8

 Encryption with Private Key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 9

 The essential steps are
1. Each user generates a pair of keys to be used for the encryption and
decryption of messages
2. Each user places one of the two keys in public register or other
accessible file. This is public key. The other key is kept private. Each user
maintains a collection of public keys obtained from others
3. If for example, Bob wishes to send a confidential message to say Alice,
Bob encrypts the message using Alice’s public key
4. When Alice receives the message, she decrypts it using her private key
5. No other recipient can decrypt the message because only Alice knows
her private key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 10

Here, all participants have access to public keys, and private keys are generated locally by each
participant and therefore need never be distributed.
As long as a user’s private key remains protected and secret, incoming communication is secure
At any time, a system can change its private key and publish the related public key to replace its
old public key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 11

 Difference between conventional
encryption and Public-key encryption

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 12

Applications of Public-key
Cryptosystem
Applications are divided in two broad categories:
§Encryption/decryption – The sender encrypts the message with the
receiver’s public key
§Digital Signature – The sender “signs” a message with its private key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 13

 RSA Cryptosystem
vAsymmetric key cryptographic algorithm
vRivest-Shamir-Adleman (RSA) name is given by taking the firstname of its inventors
vIt uses prime numbers
vThis algorithm is based on the fact that it is easy to find and multiply large prime numbers
together, but it is extremely difficult to factor their product
vThe private and public keys in RSA are based on very large prime numbers
vThe real challenge in RSA is the selection and generation of the public key and private key
vLets see how private key and public key are generated and, using them, how can we perform
encryption and decryption

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 14

 RSA Cryptosystem –
Algorithm
1. Choose two very large prime numbers p and q
2. Calculate N = p * q
3. Calculate Euler’s Totient function Φ (n) =(p-1)(q-1)
4. Select the public key component E (i.e. Encryption key) such that it is not a factor of Φ (n) or in
other words, relatively prime to Φ (n).
5. Select the private key component D (i.e. Decryption key) such that the following equation is true
(D * E) mod Φ (n) = 1 or
6. For encryption, calculate the cipher text CT from the plain text PT as follows
CT = PT e mod N
7. Send CT as the cipher text to the receiver
8. For decryption, calculate the plain text PT from the cipher text CT as follows
PT = CTD mod N

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 15

Example of RSA
1. Choose two large prime numbers P and Q
◦ Let P= 7, Q=17

2. Calculate N = P * Q
N= 7 * 17= 119
3. Calculate Φ (n) = (7-1) * (17-1)= 6*16= 96
4. Select the encryption key e such that it is not a factor of Φ (n)
The factors of 96 are 2,2,2,2,2 and 3 ( because 96 = 2*2*2*2*2*3)
◦ Thus we have to choose E such that none of the factors of E is 2 and 3
◦ Lets choose E as 5

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 16

4. Select the private key D such that the following equation is true

(D * E) mod Φ (n) = 1

◦ Lets substitute the values of E, P and Q in the equation

◦ We have (D * 5) mod 96 = 1
◦ After some calculations, let us take D=77
◦ So that (77 * 5) mod (96) = 385 mod 96 = 1

Let’s see how this is calculated

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 17

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 18
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 19
5. For encryption, calculate the cipher text CT from the plain text PT as follows
CT = PTE mod N
◦ Lets assume that plaintext PT = 10
◦ Then, CT = 105 mod 119 = 100000 mod 119 = 40

6. Send CT as the cipher text to the receiver

◦ Send 40 as the cipher text to the receiver

7. For decryption, calculate the plain text PT from the cipher text CT as follows
PT = CTD mod N
◦ PT = 4077 mod 119 = 10

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 20

Problem #2
In RSA algorithm if p = 7, q = 11 and e = 13 then what will be the value of d?

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 21

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 22
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 23
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 24
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 25
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 26
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 27
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 28
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 29
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 30
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 31
Problem #3

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 32

Problem #3

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 33

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 34
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 35
Problem #4

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 36

Problem #4

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 37

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 38
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 39
Problem #5

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 40

Problem #5

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 41

Problem #5

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 42

 Some more practice problems

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 43

 In a RSA cryptosystem, a participant A uses two prime numbers p = 13 and q = 17 to
generate her public and private keys. If the public key of A is 35, then the private key
of A is _______.
Calculate ‘n’ and totient function Ø(n).
Value of n, n = p x q
n = 13 x 17
∴ n = 221
Toilent function,
Ø(n) = (p-1) x (q-1)
Ø(n) = (13-1) x (17-1)
∴ Ø(n) = 192
We are already given the value of e = 35.
Thus, public key = (e , n) = (35 , 221)
Determine ‘d’ such that- Here,
• The least value of ‘k’ which gives the integer
value of ‘d’ is k = 2.
• On substituting k = 2, we get d = 11.
• Thus, private key of participant A = (d , n) =
(11, 221).

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 44

 In an RSA cryptosystem, a participant uses two prime numbers p = 3 and q
= 11 to generate his public and private keys. If the private key is 7, then how
will the text COMPUTER be encrypted using the public key?

Given prime numbers, p =3, q = 11 Plain text = COMPUTER

n= 3 x 11 =33 Ciphertext = me mod n
Ø(n) = (3-1) × (11-1) = 2 x 10 =20
Ciphertext for C = 33 mod 33 = 27
greatest common divisor (20, d) =1
d = Private Key = 7 Ciphertext for O = 153 mod 33 = 9
As per question d =7. Ciphertext for M = 133 mod 33 = 19
(e × d) mod Ø(n) = 1
(e x 7) mod 20 = 1 Ciphertext for P = 163 mod 33 = 4
So, e x 7= 20 x 1+1 Ciphertext for U = 213 mod 33 = 21
e= 21/7= 3 possible. Ciphertext for T = 203 mod 33 = 14
e = public Key=3 =encrypt key
So n = 33, e = 3, d = 7, Ø(n) = 20 Ciphertext for E = 53 mod 33 = 26
Ciphertext for R = 183 mod 33 = 24.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 45

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 46
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 47
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 48
3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 49
Key Management

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 50

Key management
One of the major roles of public-key encryption has been to address the problem of key
distribution
There are actually two distinct aspects to the use of public-key cryptography in this regard:
◦ The distribution of public keys
◦ The use of public-key encryption to distribute secret keys

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 51

Distribution of Public Keys
Schemes for Key distribution:
ØPublic announcement
ØPublicly available directory
ØPublic-key authority
ØPublic-key certificates

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 52

Public announcement of Public Keys
vThe point of public-key encryption is that the public key is public
vThus, if there is some broadly accepted public-key algorithm, such as RSA, any participant can
send his or her public key to any other participant or broadcast the key to the community at
large
vAlthough this approach is convenient, it has a major weakness
vAnyone can forge such a public announcement
vThat is, some user could pretend to be user A and send a public key to another participant or
broadcast such a public key
vUntil such time as user A discovers the forgery and alerts other participants, the forger is able
to read all encrypted messages intended for A and can use the forged keys for authentication

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 53

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 54
Publicly Available Directory
vA greater degree of security can be achieved by maintaining a publicly available dynamic
directory of public keys
vMaintenance and distribution of the public directory would have to be the responsibility of
some trusted entity or organization
vSuch a scheme would include the following elements:

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 55

1. The authority maintains a directory with a {name, public key} entry for each participant.
2. Each participant registers a public key with the directory authority. Registration would have
to be in person or by some form of secure authenticated communication.
3. A participant may replace the existing key with a new one at any time, either because of the
desire to replace a public key that has already been used for a large amount of data, or
because the corresponding private key has been compromised in some way.
4. Participants could also access the directory electronically. For this purpose, secure,
authenticated communication from the authority to the participant is mandatory.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 56

This scheme is clearly more secure than individual public announcements but still has
vulnerabilities
If an adversary succeeds in obtaining or computing the private key of the directory authority, the
adversary could authoritatively pass out counterfeit public keys and subsequently impersonate
any participant and eavesdrop on messages sent to any participant

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 57

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 58
Public-Key Authority
Stronger security for public-key distribution can be achieved by providing tighter control over
the distribution of public keys from the directory
As before, the scenario assumes that a central authority maintains a dynamic directory of public
keys of all participants
Each participant reliably knows a public key for the authority, with only the authority knowing
the corresponding private key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 59

The following steps occur:
1. A sends a timestamped message to the public-key authority containing a request for the
current public key of B.
2. The authority responds with a message that is encrypted using the authority's private key,
PRauth Thus, A is able to decrypt the message using the authority's public key. Therefore, A
is assured that the message originated with the authority. The message includes the
following:
1. B's public key, PUb which A can use to encrypt messages destined for B
2. The original request, to enable A to match this response with the corresponding earlier request
and to verify that the original request was not altered before reception by the authority
3. The original timestamp, so A can determine that this is not an old message from the authority
containing a key other than B's current public key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 60

3. A stores B's public key and also uses it to encrypt a message to B containing an identifier of
A (IDA) and a nonce (N1), which is used to identify this transaction uniquely.
4, 5. B retrieves A's public key from the authority in the same manner as A retrieved B's public key

6. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new
nonce generated by B (N2) because only B could have decrypted message (3), the presence of
N1 in message (6) assures A that the correspondent is B.
7. A returns N2, encrypted using B's public key, to assure B that its correspondent is A.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 61

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 62
Public-Key Certificates
vThe public-key authority could be somewhat of a bottleneck in the system, for a user must
appeal to the authority for a public key for every other user that it wishes to contact
vThe directory of names and public keys maintained by the authority is vulnerable to tampering.
vAn alternative approach is to use certificates that can be used by participants to exchange keys
without contacting a public-key authority
vA certificate consists of a public key plus an identifier of the key owner, with the whole block
signed by a trusted third party
vThe third party is a certificate authority, such as a government agency or a financial institution,
that is trusted by the user community

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 63

A user can present his or her public key to the authority in a secure manner, and obtain a
certificate And then can publish the certificate
Anyone needed this user's public key can obtain the certificate and verify that it is valid by way
of the attached trusted signature
A participant can also convey its key information to another by transmitting its certificate. Other
participants can verify that the certificate was created by the authority

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 64

We can place the following requirements on this scheme:
1. Any participant can read a certificate to determine the name and public key of the
certificate's owner.
2. Any participant can verify that the certificate originated from the certificate authority and is
not counterfeit.
3. Only the certificate authority can create and update certificates.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 65

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 66
Distribution of Secret Keys Using Public-
Key Cryptography
Simple Secret Key Distribution
Secret Key Distribution with Confidentiality and Authentication
A Hybrid Scheme

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 67

Simple Secret Key Distribution
If A wishes to communicate with B, the following procedure is employed:
1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of
PUa and an identifier of A, IDA.
2. B generates a secret key, Ks, and transmits it to A, encrypted with A's public key.
3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the
message, only A and B will know the identity of Ks.
4. A discards PUa and PRa and B discards PUa.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 68

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 69
A and B can now securely communicate using conventional encryption and the session key Ks
At the completion of the exchange, both A and B discard Ks.
Despite its simplicity, this is an attractive protocol. No keys exist before the start of the
communication and none exist after the completion of communication.
The risk of compromise of the keys is minimal

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 70

The protocol depicted in Figure is insecure against an adversary who can intercept messages and
then either relay the intercepted message or substitute another message
Such an attack is known as a man-in-the-middle attack
In this case, If an adversary, E, has control of the intervening communication channel, then E can
compromise the communication in the following fashion without being detected:

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 71

1. A generates a public/private key pair {PUa, PRa} and transmits a message intended for B
consisting ofP Ua and an identifier of A, IDA.
2. E intercepts the message, creates its own public/private key pair {PUe, PRe} and transmits
PUe||IDA to B.
3. B generates a secret key, Ks, and transmits E(PUe, Ks).
4. E intercepts the message, and learns Ks by computing D(PRe, E(PUe, Ks)).
5. E transmits E(PUa, Ks) to A.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 72

Secret Key Distribution with
Confidentiality and Authentication
It provides protection against both active and passive attacks
It is assumed that A and B have exchanged public keys by one of the schemes
1. A uses B's public key to encrypt a message to B containing an identifier of A (IDA) and a nonce
(N1), which is used to identify this transaction uniquely.
2. B sends a message to A encrypted with PUa and containing A's nonce (N1) as well as a new nonce
generated by B (N2) Because only B could have decrypted message (1), the presence of N1 in
message (2) assures A that the correspondent is B.
3. A returns N2 encrypted using B's public key, to assure B that its correspondent is A.
4. A selects a secret key Ks and sends M = E(PUb, E(PRa, Ks)) to B. Encryption of this message with
B's public key ensures that only B can read it; encryption with A's private key ensures that only A
could have sent it.
5. B computes D(PUa, D(PRb, M)) to recover the secret key.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 73

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 74
A Hybrid Scheme
This scheme retains the use of a key distribution center (KDC) that shares a secret master key
with each user and distributes secret session keys encrypted with the master key
A public key scheme is used to distribute the master keys
The following rationale is provided for using this three-level approach:

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 75

Performance:
ØThere are many applications, especially transaction-oriented applications, in which the session
keys change frequently.
ØDistribution of session keys by public-key encryption could degrade overall system performance
because of the relatively high computational load of public-key encryption and decryption. With
a three-level hierarchy, public-key encryption is used only occasionally to update the master key
between a user and the KDC.
Backward compatibility:
ØThe hybrid scheme is easily overlaid on an existing KDC scheme, with minimal disruption or
software changes.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 76

The addition of a public-key layer provides a secure, efficient means of distributing master keys
This is an advantage in a configuration in which a single KDC serves a widely distributed set of
users

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 77

Diffie-Hellman Key Exchange Algorithm
vThe Diffie Hellman Key Exchange Algorithm was developed by Whitfield Diffie and Martin
Hellman.
vIt is used to generate symmetric cyptographic key at sender as well as receiver end so that
there is no need to transfer key from sender to receiver.
vIf sender and receiver want to communicate with each other they first need to agree on the
same key generated by Diffie Hellman algorithm, later on they can use this key for encryption or
decryption.
vThis algorithm can be used only for key agreement, but not for encryption and decryption
vOnce both parties agree on the key to be used, they need to use other symmetric encryption
algorithms

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 78

Description of algorithm
Lets assume that Alice and Bob want to agree upon a key to be used for encrypting/decrypting
messages that would be exchanged between them
Then the Diffie-Hellman algorithm works as follows:
1. Firstly, Alice and Bob agree on two large prime numbers, n and g (primitive root of n). these
two integers need not be kept secret. Alice and Bob can use insecure channel to agree on
them
2. Alice chooses another large random number x, and calculates A such that
A = gx mod n

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 79

3. Alice sends the number A to Bob
4. Bob independently chooses another large random integer y and then calculates B such that
B = gy mod n
5. Bob sends the number B to Alice
6. A now computes the secret key K1
K1 = Bx mod n
7. B now computes the secret key K2
K2 = Ay mod n

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 80

 The common secret key is : 3

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 81

Example
1. Let n=11, g=7
2. Let x=3. then, we have A=73 mod 11=343 mod 11 =2
3. Alice sends 2 to Bob
4. Let y=6. then we have, B=76 mod 11=117649 mod 11 =4
5. Bob sends the 4 to Alice
6. We have, K1=43 mod 11= 64 mod 11 = 9
7. We have K2 = 26 mod 11=64 mod 11 = 9

The common secret key is : 9

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 82

 The common secret key is : 1

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 83

 The common secret key is : 160

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 84

 The common secret key is : 2

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 85

 The common secret key is : 5

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 86

Discrete Logarithm Problem
The Discrete Logarithm Problem (DLP) in Diffie-Hellman key exchange is a fundamental security
assumption that ensures the protocol's security.

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 87

 DLP in Diffie-Hellman Key Exchange

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 88

Security & DLP in Diffie-Hellman

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 89

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 90
Elliptic Curve Cryptography(ECC)
An elliptic curve (EC) is a smooth, projective algebraic curve on which there is a specified
point O
The main difference between RSA and ECC is that unlike RSA, ECC offers the same level of
security for smaller key sizes
ECC requires much smaller keys than those used in conventional public key cryptosystem, while
maintaining the same level of security
The use of elliptic cures therefore allows faster encryption and decryption
ECC is highly mathematical in nature
An Elliptic Curve is similar to a normal curve draw as a graph on x-axes and y-axes and has points
Each point can be designated by an (x , y) coordinate

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 91

This is how elliptic curve public key cryptography works
For Alice and Bob to communicate securely over an unsecure network they can exchange a
private key over this network in the following way:
ØA particular rationale base point P is published in a public domain for use with a particular
elliptic curve E also published in a public domain
ØAlice and Bob choose random integers Ka and Kb respectively, which they use as private key

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 92

ØAlice computes Ka * P, Bob computes Kb * P and they exchange these values over the network
ØUsing the information they received from each other and their private keys, both Alice and Bob
compute (Ka * Kb)*P = Ka * (Kb * P) =Kb * (Ka * P)
ØThis value is then the shared secret that only Alice and Bob possess.
ØThe private keys Ka and Kb and the shared secrety (Ka * Kb)*P are difficult to compute given Ka
* P and Kb * P
ØThus Alice and Bob do not compromise their private keys or their shared secret in exchange

3/13/25 PROF. SRIDHAR IYER, DJSCE, MUMBAI 93