Cryptography & Cyber
Security
Unit II
Based on William Stallings,
Chapter
Dr.N.Priya
�Public Key Cryptography
The Problem with Symmetric Encryption
Symmetric encryption (like AES) uses a single secret key shared
between the sender and receiver. This presents two major
problems:
Key Distribution Problem:
◦ How do you securely share the key with someone you've never
communicated with before?
◦ Two main solutions existed:
Pre-sharing the key (secure but impractical at scale).
Using a Key Distribution Center (KDC) (centralized and vulnerable to
compromise).
◦ Whitfield Diffie criticized reliance on a KDC, stating it undermines the
very secrecy cryptography is meant to protect.
Digital Signatures:
◦ Symmetric encryption can't provide a non-repudiable digital signature.
◦ We need a method to prove that a message came from a specific
individual, not just that it was authenticated.
◦ The 1976 Diffie-Hellman paper introduced the public-key concept to
address these problems by decoupling the encryption and decryption keys.
�Public Key Cryptography
The Diffie-Hellman Breakthrough (1976)
Diffie and Hellman introduced public-key cryptography, a
radically new approach:
Instead of a shared secret key, it uses a key pair:
◦ A public key (shared openly).
◦ A private key (kept secret).
The mathematical relationship between the two is such
that:
Knowing the public key does not allow you to compute the
private key (it's computationally infeasible).
Messages encrypted with one key can only be decrypted with
the other.
This addressed both:
Secure key distribution (you can share your public key
freely).
Digital signatures (only the private key holder can generate
a valid signature).
�Public Key Cryptography
Key Definitions
Asymmetric Keys: A public/private key pair used for complementary
operations (e.g., encryption/decryption or signing/verification).
Public Key Certificate: A digitally signed document issued by a
Certification Authority (CA) that verifies a user’s identity and binds it to a
public key.
Public-Key Algorithm: A cryptographic method that uses a key pair, where
deriving the private key from the public key is infeasible.
Public Key Infrastructure (PKI): The system (including software, hardware,
policies) that manages key pairs and certificates.
Public-Key Cryptosystems – How They Work
A public-key system includes six components:
Plaintext: The original, readable message.
Encryption Algorithm: Transforms plaintext into ciphertext using the
recipient's public key.
Public and Private Keys: The key pair used for encryption/decryption.
Ciphertext: The encrypted message.
Decryption Algorithm: Transforms ciphertext back into plaintext using the
recipient’s private key.
Some systems (like RSA) allow either key to encrypt and the other to decrypt,
enabling both confidentiality and digital signature verification.
�Public Key Cryptography
Public-key cryptography
revolutionized secure
communication:
It solved the long-standing problem
of securely distributing keys.
It enabled verifiable digital
signatures.
It laid the foundation for modern e-
commerce, secure email,
SSL/TLS, and cryptocurrency.
�Public Key Cryptography
Public-key cryptography
revolutionized secure
communication:
It solved the long-standing problem
of securely distributing keys.
It enabled verifiable digital
signatures.
It laid the foundation for modern e-
commerce, secure email,
SSL/TLS, and cryptocurrency.
��Basic Requirements of a Public-
Key Cryptosystem
To be secure and functional, a public-key system must meet the
following:
Key Pair Association:
◦ Each user has a unique pair of keys: {PU, PR}.
Security:
◦ It must be computationally infeasible to:
Derive PR from PU.
Recover plaintext from ciphertext without PR.
Functionality:
◦ Encryption and decryption algorithms must be efficient and correct:
Use of Keys:
The public key can be used for encryption and signature verification.
The private key is used for decryption and signature generation.
Irreversibility:
The system should ensure trapdoor one-way function behavior:
easy to compute in one direction, hard to reverse without the secret
(private key).
�Key Requirements
To ensure security and functionality, a public-key
cryptosystem must satisfy:
Each user has a key pair: {public key, private key}.
Public key is widely distributed, private key is kept
secret.
Encryption and decryption functions must be easy to
compute.
It must be computationally infeasible to:
◦ Derive private key from public key.
◦ Recover plaintext from ciphertext without the private key.
Optionally, either key can be used for encryption,
depending on the application:
◦ Confidentiality: Encrypt with public key, decrypt with
private key.
◦ Authentication/Signature: Encrypt (sign) with private key,
verify with public key.
� Applications
Encryption/Decryption:
◦ Ensures confidentiality—only the intended recipient with the private key can read the message.
Digital Signatures:
◦ Provides authentication, integrity, and non-repudiation.
◦ Non-repudiation is a security property that ensures that a party in a communication cannot deny the
authenticity of their signature on a document or the sending of a message they originated.
Examples
Digital Signatures:
◦ If Alice signs a document with her private key, anyone can verify it with her public key.
◦ She cannot later claim she didn’t sign it, because only she has access to the private key.
Email Communication:
◦ If Bob sends an email with a digitally signed message, and the signature is valid, he cannot deny having sent it.
Key Exchange:
◦ Allows two parties to establish a shared secret key over an insecure channel (e.g., Diffie-Hellman).
Authentication:
◦ Confirms identity by verifying that only the legitimate user could have encrypted (signed) the message.
Limitations of Public-Key Cryptography
Performance: Significantly slower than symmetric-key algorithms.
Key Size: Requires much larger key lengths for equivalent security (e.g., RSA-2048 vs AES-128).
Not a replacement for symmetric systems: Often used to secure symmetric session keys, not to encrypt large data
directly.
Example Algorithms
RSA: Widely used public-key encryption and digital signature system.
Diffie-Hellman: Key exchange protocol, not for encryption directly.
��Summary of Key
Principles
Two keys: Public (shared) and Private
(secret).
Based on mathematical problems (e.g.,
factoring large primes in RSA, discrete
logarithm in DH).
Offers security services beyond
encryption, including digital signatures
and key exchange.
Forms the foundation of secure
communication in modern systems (e.g.,
SSL/TLS, email security, digital
certificates).
�The RSA Algorithm
Introduction to RSA
RSA (named after inventors Rivest,
Shamir, and Adleman) is the most
widely used public-key cryptographic
algorithm. It supports both:
Confidentiality: encrypting messages.
Authentication: digital signatures.
It is based on the mathematical
difficulty of factoring large integers,
specifically the product of two large
primes.
�RSA Key Concepts
Public Key: Used for encryption
or verifying signatures.
Private Key: Used for
decryption or signing.
The core idea of RSA is that
encryption and decryption are
modular exponentiation
operations with trapdoor one-
way functions.
�RSA Key Generation Steps
�Encryption and Decryption
Process
�Example
� Security of RSA
Security of RSA
RSA security depends on:
The difficulty of factoring the modulus nnn into ppp and
qqq.
If an attacker can factor nnn, they can compute ϕ(n)\
phi(n)ϕ(n), and then compute ddd from eee.
Key Size:
Recommended size for nnn: 2048 bits or more for strong
security.
�Attacks and
Countermeasures
Vulnerabilities:
Brute-force key search – mitigated by using large
key sizes.
Mathematical attacks – exploiting small eee or
structured messages.
Timing attacks – measuring decryption time to infer
keys.
Chosen ciphertext attacks – crafting messages to
reveal private key.
Countermeasures:
Use padding schemes like OAEP (Optimal
Asymmetric Encryption Padding).
Implement constant-time algorithms to avoid timing
leaks.
Avoid encrypting predictable data directly.
�Applications of RSA
Secure web communication
(HTTPS/SSL/TLS)
Email encryption (PGP, S/MIME)
Digital signatures
Authentication systems
Blockchain and cryptocurrency systems
(e.g., Bitcoin addresses)
In practice:
RSA is not used to encrypt large data
directly.
Instead, it encrypts a random session key,
which is then used with a symmetric cipher
(e.g., AES).
