Understanding Cryptography – A Textbook for

Students and Practitioners

by Christof Paar and Jan Pelzl

www.crypto-textbook.com

Chapter 6 – Introduction to
Public-Key Cryptography

ver. November 18, 2010

These slides were prepared by Timo Kasper and Christof Paar

and modified by Sam Bowne -- revised 10-16-17
Topics

• Symmetric Cryptography Revisited

• Principles of Asymmetric Cryptography
• Practical Aspects of Public-Key Cryptography
• Important Public-Key Algorithms
• Essential Number Theory for Public-Key Algorithms (SKIP)

3 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Symmetric Cryptography Revisited
 Symmetric Cryptography Revisited

Alice Bob

x eK(x) dK(y) x
y

K K

• The same secret key K is used for encryption and decryption

• Encryption and Decryption are very similar (or even identical)
functions

5 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Symmetric Cryptography: Analogy

K K

Safe with a lock, only Alice and Bob have a copy of the key
• Alice encrypts -- locks message in the safe with her key
• Bob decrypts -- uses his copy of the key to open the safe

6 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Symmetric Cryptography: Shortcomings
• Symmetric algorithms, e.g., AES or 3DES, are very secure, fast & widespread but:
• Key distribution problem: The secret key must be transported securely
• Number of keys: In a network, each pair of users requires an individual key

A B

F C

E D
7
Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl
 Symmetric Cryptography: Shortcomings

• Alice or Bob can cheat each other, because they have identical
keys.
• Alice can sign a contract, and later deny it
• Bob could have faked the signature
• Doesn't provide non-repudiation

8 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Principles of Asymmetric Cryptography
 Idea Behind Asymmetric Cryptography

New Idea:
Like a mailbox:
Everyone can drop a letter

But: Only the owner has

the correct key to open the
box

1976: first publication of such an algorithm by Whitfield

Diffie and Martin Hellman,and also by Ralph Merkle.

10 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Asymmetric Cryptography: Analogy

Safe with public lock and private lock:

(Kpub) (Kpr)

• Alice deposits (encrypts) a message with Bob's - not secret - public key Kpub
• Only Bob has the - secret - private key Kpr to retrieve (decrypt) the message

11 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Key Generation

• A message encrypted with a public key can be decrypted with

the corresponding private key
• The keys are related
• Each user must generate an individual key pair
• Publish public key where everyone can find it
• Protect private key so no one else gets it

12 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 One-Way Functions

• It must be easy to calculate the public key from the private key
• So keys can be generated
• But difficult to calculate the private key from the public key
• So attacker's can't get the private key

13 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Commonly Used One-Way Functions

• Factorization
• Finding prime factors of a large number
• n is known; find p and q

• Discrete logarithm
• Find an integer x satisfying this equation
• a, b, and p are known

14 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Logarithms

• Logarithms to base 10
• log(100) = 2, because 102 = 100
• log(1000) = 3, because 103 = 100
• log(2) = 0.301
• Discrete logarithm
• Same thing, except on a ring and using only
integers
• Find an integer x satisfying this equation
• a, b and p are known

15 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Practical Aspects of Public-Key
Cryptography
 Basic Protocol for Public-Key Encryption

Alice Bob

(KpubB,KprB) = K
KpubB

x
y=eKpubB(x)
y

x=dKprB(y)
Key Distribution Problem solved *

*at least for now; public keys need to be authenticated

18 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl
Uses of Public-Key Cryptography

• Key Distribution
• Diffie-Hellman key exchange (DHKE), RSA
• Without a pre-shared secret (key)
• Nonrepudiation
• RSA, DSA or ECDSA (Elliptic Curve Digital Signature Algorithm)
• Identification
• Digital signatures
• Encryption
• RSA, ECC (Elliptic Curve Cryptography), or Elgamal

19 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Disadvantage of Public-Key Cryptography

• Computationally very intensive

• 1000 times slower than symmetric algorithms!

20 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

AES Encryption in Python
 RSA Encryption in Python

RSA Decryption in Python

Testing Speed in Python
Testing Speed in Python
Testing Speed in Python
 Basic Key Transport Protocol 1/2

In practice: Hybrid systems, incorporating

asymmetric and symmetric algorithms

1. Key exchange (for symmetric schemes) and

digital signatures are performed with (slow)
asymmetric algorithms

2. Encryption of data is done using (fast)

symmetric ciphers, e.g., block ciphers or
stream ciphers

26 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 Basic Key Transport Protocol 2/2

Example: Hybrid protocol with AES as the symmetric cipher

Alice Bob
(KpubB,KprB) = K
KpubB

Choose random
Key Exchange
symmetric key K
(asymmetric)

y1 = eKpubB(K) y1
K = dKprB(y1)

message x Data Encryption

(symmetric)
y2
y2 = AESK (x) x = AES-1 K (y2)
27 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl
Remaining Problem: Key Authenticity

• Alice wants to send a message to Bob

• Attacker can publish a fake public key for Bob
• Alice uses the fake key, so the attacker can read the message

• The current solution is digital certificates and Certificate

Authorities

28 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

Important Public-Key Algorithms
 Key Lengths and Security Levels

Symmetric ECC RSA, DL Remark

Only short term

64 Bit 128 Bit ≈ 700 Bit security (a few
hours or days)

Medium security
(except attacks from big
80 Bit 160 Bit ≈ 1024 Bit
governmental institutions
etc.)

Long term security

128 Bit 256 Bit ≈ 3072 Bit (without quantum
computers)

31
Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl
 Quantum Computers

• The existence of quantum computers would

probably be the end for ECC, RSA & DL
• TEXTBOOK SAYS:
• At least 2-3 decades away, and some people
doubt that QC will ever exist

32
Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl
NIST Recommendations from 2016

33 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

NIST Recommendations from 2016

34 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

NIST Recommendations from 2016

35 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

NIST Recommendations from 2016

36 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl

 ■ Lessons Learned

• Public-key algorithms have capabilities that symmetric ciphers don’t have,

in particular digital signature and key establishment functions.

• Public-key algorithms are computationally intensive (a nice way of saying

that they are slow), and hence are poorly suited for bulk data encryption.

• Only three families of public-key schemes are widely used. This is

considerably fewer than in the case of symmetric algorithms.

• The extended Euclidean algorithm allows us to compute modular inverses

quickly, which is important for almost all public-key schemes.

• Euler’s phi function gives us the number of elements smaller than an integer
n that are relatively prime to n. This is important for the RSA crypto scheme.

37 Chapter 6 of Understanding Cryptography by Christof Paar and Jan Pelzl