1.

public-key cryptography is asymmetric, involving the use of two separate keys, in contrast to
symmetric encryption, which uses only one key. The use of two keys has profound
consequences in the areas of confidentiality, key distribution, and authentication, as we shall
see.
2. One such misconception is that public-key encryption is more secure from cryptanalysis than
is symmetric encryption. In fact, the security of any encryption scheme depends on the
length of the key and the computational work involved in breaking a cipher. There is nothing
in principle about either symmetric or public-key encryption
3. Asymmetric Keys: Two related keys, a public key and a private key, that are used to perform
complementary operations, such as encryption and decryption or signature generation and
signature verification.
4. Public Key Certificate :A digital document issued and digitally signed by the private key of a
Certification Authority that binds the name of a subscriber to a public key. The certificate
indicates that the subscriber identified in the certificate has sole control and access to the
corresponding private key.

1.Reasons for changing from symmetric to asymmetric encryption?

A) key distribution under symmetric encryption requires either

(1) that two communicants already share a key, which somehow has been distributed to them;
or (2) the use of a key distribution center.

Public key cryptosystems:

Asymmetric algorithms rely on one key for encryption and a different but related key for
decryption. These algorithms have the following important characteristic.

■ It is computationally infeasible to determine the decryption key given only knowledge of the
cryptographic algorithm and the encryption key

A public-key encryption scheme has six ingredients

1. Plaintext: This is the readable message or data that is fed into the algorithm as input.
2. Encryption algorithm: The encryption algorithm performs various transformations on the
plaintext.
3. Public and private keys: This is a pair of keys that have been selected so that if one is used
for encryption, the other is used for decryption. The exact transformations performed by the
algorithm depend on the public or private key that is provided as input.
4. Cipher text: This is the encrypted message produced as output. It depends on the plaintext
and the key.
5. Decryption algorithm: This algorithm accepts the cipher text and the matching key and
produces the original plaintext
2. Difference between conventional encryption and public key encryption?

Conventional Encryption public key encryption

The same algorithm with the same key is One algorithm is used for encryption and a
used for encryption and decryption. related algorithm for decryption with a pair
of keys, one for encryption and one for
decryption
The sender and receiver must share the The sender and receiver must each have one
algorithm and the key of the matched pair of keys
The key must be kept secret One of the two keys must be kept secret.
It must be impossible or at least impractical It must be impossible or at least impractical
to decipher a message if the key is kept to decipher a message if one of the keys is
secret kept secret.
Knowledge of the algorithm plus samples of Knowledge of the algorithm plus one of the
cipher text must be insufficient to determine keys plus samples of cipher text must be
the key insufficient to determine the other key
Note: in the above figure if private key is used for encryption then it provides the authentication .
Therefore, the entire encrypted message serves as a digital signature.

3. How can we get both confidentiality and authentication?

It is,possible to provide both the authentication function and confidentiality by a double use of the
public-key scheme.

Cipher text(encryption) = Z = E(PUb, E(PRa,X))

Plain text(decryption)X = D(PUa, D(PRb,Z))

In this case, we begin as before by encrypting a message, using the sender’s private key. This
provides the digital signature. Next, we encrypt again, using the receiver’s public key. The final
cipher text can be decrypted only by the intended receiver, who alone has the matching private key.
Thus, confidentiality is provided. The disadvantage of this approach is that the public-key algorithm,
which is complex.
Applications of public key cryptography:

three categories:

Encryption/decryption: The sender encrypts a message with the recipient’s public key, and the
recipient decrypts the message with the recipient’s private key.

Digital signature: The sender “signs” a message with its private key. Signing is achieved by a
cryptographic algorithm applied to the message .

Key exchange: Two sides cooperate to exchange a session key, which is a secret key for symmetric
encryption generated for use for a particular transaction (or session) and valid for a short period of
time.

Requirements:

1. It is computationally easy for a party B to generate a key pair (public key PUb, private key
PRb).
2. It is computationally easy for a sender A, knowing the public key and the message to be
encrypted, M, to generate the corresponding cipher text:
C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting cipher text using the
private key to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine
the private key, PRb.
5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a
ciphertext, C, to recover the original message, M.
Rivest-Shamir-Adleman (RSA) Algorithm:
The RSA algorithm is a public-key signature algorithm developed by Ron Rivest, Adi Shamir, and
Leonard Adleman. Their paper was first published in 1977, and the algorithm uses logarithmic
functions to keep the working complex.

There are two broad components when it comes to RSA cryptography, they are:

 Key Generation: Generating the keys to be used for encrypting and decrypting the data to be
exchanged.

 Encryption/Decryption Function: The steps that need to be run when scrambling and
recovering the data.

Steps:

Key generation:

First we need to generate public and private keys.

 Choose two large prime numbers (p and q)

 Calculate n = p*q and z = (p-1)(q-1)

 Choose a number e where 1 < e < z

 Calculate d = e-1mod(p-1)(q-1)

 You can bundle private key pair as (n,d)

 You can bundle public key pair as (n,e)

Encryption and Decryption functions:

Once you generate the keys, you pass the parameters to the functions that calculate your ciphertext
and plaintext using the respective key.

 If the plaintext is m, ciphertext = me mod n.

 If the ciphertext is c, plaintext = cd mod n.

To understand the above steps better, you can take an example where p = 3 and q=11. Value of e
can be 3 as it satisfies the condition 1 < e < (p-1)(q-1).

N = p * q =33

d e mod(p-1)(q-1)=1

7*3 mod(20)=1

Public Key pair = (33,3)

Private Key pair = (33,7)

Advantages:

 no need of sharing secret key.

 Authentication
 Faster encryption than DSA
 Data cannot be modified even if data is tampered

Diffie–Hellman key exchange:

The Diffie-Hellman algorithm is a method for securely exchanging cryptographic keys over insecure
channels without compromising the security and integrity of data transmission.

It was developed and published in 1976 by Martin Hellman and Whitefield Diffie.

Steps in Key Exchange:

1.You choose a prime number q and select a primitive root of q as α. To be a primitive root, it must
satisfy the following criteria:
Step 2: You assume the private key for our sender as Xa where Xa < q. The public key can be
calculated as Ya = αxa mod q. So, the key pair for your sender becomes {Xa, Ya}.

Assume the private key for the receiver to be Xb where Xb < q. The public key for the
receiver is calculated as Yb = αxb mod q. For the receiver, the key pair becomes {Xb, Yb}.

Step 3: To generate the final secret key, you use three parameters. For the sender, you need
the private key (Xa), the receiver’s public key (Yb), and the original q. The formula to
calculate the key is K = (Yb)Xa mod q.

For the receiver, you need the private key (Ya), sender’s public key (Xb), and the original q.
The formula to calculate the secret key is K = (Ya)Xb mod q.

If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is
complete.

Example:
1. Key exchange is based on the use of the prime number q = 353
2. a primitive root of 353, in this case a = 3.
3. A and B select private keys XA = 97 and XB = 233, respectively.
4. Each computes its public key: A computes YA = 397 mod 353 = 40.
5. B computes YB = 3233 mod 353 = 248.
6. After they exchange public keys, each can compute the common secret key:
7. A computes K = (YB) XA mod 353 = 24897 mod 353 = 160.
 8. B computes K = (YA) XB mod 353 = 40233 mod 353 = 160.

Man-in-the-middle Attack:
Suppose Alice and Bob wish to exchange keys, and Darth is the adversary. The attack proceeds as
follows
1. Darth prepares for the attack by generating two random private keys XD1 and XD2 and then
computing the corresponding public keys YD1 and YD2.
2. Alice transmits YA to Bob.
3. Darth intercepts YA and transmits YD1 to Bob.
Darth also calculates K2 = (YA) XD2 mod q.
4. Bob receives YD1 and calculates K1 = (YD1) XB mod q.
5. Bob transmits YB to Alice.
6. Darth intercepts YB and transmits YD2 to Alice.
Darth calculates K1 = (YB) XD1 mod q.
7. Alice receives YD2 and calculates K2 = (YD2) XA mod q.
At this point, Bob and Alice think that they share a secret key, but instead Bob and Darth share
secret key K1 and Alice and Darth share secret key K2.
The Elgamal Cryptosystem: