Information & Internet Security

B4 IT/E

Asymmetric Cryptography
Objectives:
What is meant by asymmetric encryption?
How it can be used?
What is the most important asymmetric encryption algorithm?
What is meant by message authentication?
What is digital signature?
Asymmetric Encryption:
The concept of public-key cryptography evolved from an attempt
to attack two of the most difficult problems associated with
symmetric encryption. The first problem is that of key distribution.
The second problem is the digital signatures. If the use of
cryptography was to become widespread, not just in military
situations but for commercial and private purposes, then electronic
messages and documents would need the equivalent of signatures
used in paper documents.
Asymmetric encryption is a form of cryptosystem in which
encryption and decryption are performed using the different keys
one a public key and one a private key. It is also known as public-key
encryption. Asymmetric encryption transforms plaintext into
ciphertext using a one of two keys and an encryption algorithm.
Using the paired key and a decryption algorithm, the plaintext is
recovered from the ciphertext.
From its earliest beginnings to modern times, virtually all
cryptographic systems have been based on the elementary tools of
substitution and permutation.
Public-key cryptography provides a radical departure from all that
has gone before. For one thing, public-key algorithms are based on
mathematical functions rather than on substitution and
permutation. More important, public-key cryptography is
asymmetric, involving the use of two separate keys, in contrast to
symmetric encryption, which uses only one key.
A public-key encryption Ingredients : A public-key encryption
scheme has six ingredients:
Plaintext: This is the readable message or data that is fed into the
algorithm as input.
Encryption algorithm: The encryption algorithm performs
various transformations on the plaintext.
Public and private keys: This is a pair of keys that have been
selected so that if one is used for encryption, the other is used for
decryption.

Eng. Fadwa Abdul-Bari Awn

Information & Internet Security

B4 IT/E

Ciphertext: This is the scrambled message produced as output. It

depends on the plaintext and the key. For a given message, two
different keys will produce two different ciphertexts.
Decryption algorithm: This algorithm accepts the ciphertext
and the matching key and produces the original plaintext.
A public-key encryption Essential Steps:
1. Each user generates a pair of keys to be used for the encryption
and decryption of messages.
2. Each user places one of the two keys in a public register or other
accessible file. This is the public key. The companion key is kept
private.
3. If sender wishes to send a confidential message to destination, it
encrypts the message using destination public key.
4. When the destination receives the message, it decrypts it using
its private key. No other recipient can decrypt the message because
the receiver only knows its private key.
Asymmetric Encryption Use:
Asymmetric encryption can be used for confidentiality,
authentication, or both.
Asymmetric Encryption for confidentiality:
There is some source A that produces a message in plaintext, X =
[X1, X2, . . . ,XM]. The M elements of X are letters in some finite
alphabet. The message is intended for destination B. B generates a
related pair of keys: a public key, PUb, and a private key, PRb. PRb is
known only to B, whereas PUb is publicly available and therefore
accessible by A. With the message X and the encryption key PUb as
input, A forms the ciphertext Y = [Y1, Y2, . . . , YN].
Y = E(PUb, X)
The intended receiver, in possession of the matching private key, is
able to invert the
transformation:
X = D(PRb, Y)

Eng. Fadwa Abdul-Bari Awn

Information & Internet Security

B4 IT/E

Asymmetric Encryption for Authentication:

In this case, A prepares a message to B and encrypts it using As
private key before transmitting it. B can decrypt the message using
As public key. Because the message was encrypted using As
private key, only A could have prepared the message. Therefore, the
entire encrypted message serves as a digital signature. In
addition, it is impossible to alter the message without access to As
private key, so the message is authenticated both in terms of source
and in terms of data integrity.
Y = E(PRa, X)
X = D(PUa, Y)

Asymmetric Encryption for Confidentiality and

Authentication:
Asymmetric Encryption can provide both the authentication function
and confidentiality by a double use of the public-key scheme
Z = E(PUb, E(PRa, X))
X = D(PUa, D(PRb, Z))
In this case, we begin as before by encrypting a message, using the
senders private key. This provides the digital signature. Next, we
encrypt again, using the receivers public key. The final ciphertext
can be decrypted only by the intended receiver, who alone has the
matching private key. Thus, confidentiality is provided.

Eng. Fadwa Abdul-Bari Awn

Information & Internet Security

B4 IT/E

The RSA Asymmetric Encryption Algorithm:

The most widely used public-key cryptosystem is RSA. One of the
first successful asymmetric encryption was developed in 1977 by
Ron Rivest, Adi Shamir, and Len Adleman. The Rivest-ShamirAdleman (RSA) scheme has since that time reigned supreme as the
most widely accepted and implemented general-purpose approach
to public-key encryption.

Eng. Fadwa Abdul-Bari Awn

Information & Internet Security

B4 IT/E

The RSA Example:

Key Generation:
1. Select two prime numbers, p = 17 and q = 11.
2. Calculate n = pq = 17 11 = 187.
3. Calculate (n) = (p - 1)(q - 1) = 16 10 = 160.
4. Select e such that e is relatively prime to (n) = 160 and less
than (n); we
choose e = 7.
5. Determine d such that de 1 (mod 160) and d < 160.The correct
value is d = 23,
because 23 7 = 161 = (1 160) + 1; d can be calculated using
the extended Euclids algorithm.
The resulting keys are public key PU = {7, 187} and private key PR
= {23, 187}.
The example shows the use of these keys for a plaintext input of M=
88. For encryption, we need to calculate C = 887 mod 187.
Exploiting the properties of modular arithmetic, we can do this as
follows.
887 mod 187 = [(884 mod 187) (882 mod 187) (881 mod 187)]
mod 187
881 mod 187 = 88
882 mod 187 = 7744 mod 187 = 77
884 mod 187 = 59,969,536 mod 187 = 132
887 mod 187 = (88 77 132) mod 187 = 894,432 mod 187 = 11

Message authentication: it is a mechanism or service used to verify the integrity of

a message and source identity. Message authentication assures that data received are
exactly as sent by (i.e., contain no modification, insertion, deletion, or replay) and that
.the purported identity of the sender is valid
Eng. Fadwa Abdul-Bari Awn

Information & Internet Security

B4 IT/E
:Hash Function

A variation on the message authentication code is the one-way hash

function. A hash function accepts a variable-size message M as
input and produces a fixed-size output, referred to as a hash code
H(M). The hash code is also referred to as a message digest or
hash value. The hash code is a function of all the bits of the
message and provides an error-detection capability: A change to any
bit or bits in the message results in a change to the hash code. It
can be used with sender private key to produce the digital
signature. It is used to produce an authenticator (small block of
message that it is infeasible to change the document without
changing it ). If the authenticator is encrypted with the senders
private key, it serves as a signature that verifies origin, content, and
sequencing..
Instead of encrypting the entire message, only the hash code is encrypted, using
public-key encryption and using the sender's private key to provides a digital
signature, because only the sender could have produced the encrypted hash code. In
.fact, this is the essence of the digital signature technique

Eng. Fadwa Abdul-Bari Awn