Public Key Cryptosystems RSA and ElGamal : A Technical Report
Transcript of Public Key Cryptosystems RSA and ElGamal : A Technical Report
1
NIST SUMMER RESEARCH FELLOWSHIP-2013
A dissertation submitted to
NATIONAL INSTITUTE OF SCIENCE TECHNOLOGY, ODISHA, INDIA
A Technical Report On:
PUBLIC KEY CRYPTOSYSTEMS (RSA & ELGAMAL)
Guide: PREPARED BY:
Prof. Jaydip sen
Department of Computer Science
NIST, Berhampur, Odisha, India
Email: [email protected]
Kuna Siva Sankar
Student B.tech (CSE) .3rd Year
Institute: RGU IIIT, Nuzvid, AP.
Email: [email protected]
2
ACKNOWLEDGEMENT
This work is a part of the research program of the “NIST Summer Research
Fellowship(NSRF)'', which is financially supported by National Institute of Science
And Technology, Berhampur, Odisha, India.
I would like to thanks Prof. Sangram Mudali, Director of NIST and Prof. Geetika
Mudali, Placement Director of NIST for giving me such opportunity to being a part of
NIST and for fundamental support.
I would like to express the deepest gratitude to my mentor Prof. Jaydip Sen who has the
attitude and the substance of a genius: he continually and convincingly conveyed a spirit
of adventure in regard to research, and an excitement in regard to experiment and forward
thinking. Without his guidance and persistent help this dissertation would not have been
possible. I also would like to thank him for showing me some example that related to the
topic of our project.
I would also like to thank Dr. M Reza coordinator summer research program for
selecting me thus giving me a golden chance in this research internship program. It was
never possible for me to undergo this project without his support and supervision.
3
ABSTRACT
To overcome the problems faced in symmetric key algorithms, people have chosen
Asymmetric Key algorithms for communication. Communication with Asymmetric
algorithms will give us transmission of information without exchanging the key.
Public-key cryptography refers to a cryptographic system requiring two separate keys,
one of which is secret and one of which is public. Public-key cryptography
is widely used. It is an approach used by many cryptographic algorithms
and cryptosystems. It underpins such Internet standards as Transport Layer Security
(TLS), PGP, and GPG. RSA and Diffie–Hellman key exchange are the most widely used
public key distribution systems, while the Digital Signature Algorithm is the most widely
used digital signature system.
In this report we are mainly concentrating on some asymmetric algorithms which are
mostly used. They are RSA cryptosystem and ElGamal Cryptosystem. It also gives
brief mathematical explanations.
The RSA algorithm is the most commonly used encryption and authentication algorithm
and is included as part of the Web browsers from Microsoft and Netscape.RSA is
an algorithm for public-key cryptography that is based on the presumed difficulty
of factoring large integers, the factoring problem.. The RSA algorithm involves three
steps: key generation, encryption and decryption. In this we mainly concentrate on
algorithms for Primality Testing, Extended Euclidian’s algorithm, Modular
Exponentiation solving algorithm, etc.
ElGamal System is a public-key cryptosystem based on the discrete logarithm problem.
It consists of both encryption and Signature algorithms. ElGamal encryption is used in
the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.
ElGamal encryption consists of three components: the key generator, the encryption
algorithm, and the decryption algorithm. In this we concentrate on the algorithms Cyclic
Groups, Modular Exponentiation solving algorithms etc.
4
TABLE OF CONTENTS
Chapter 1 Page no.
Introduction……………………………………………………………………………………………..7-9
1.1 Introduction
1.2 History
Chapter 2
Public Key Cryptosystem……………………………..…………………………………………….10-15
2.1 Components of Public Key Cryptosystem
2.2 Applications of Public key Cryptosystem
Chapter 3
Public Key Algorithm……………………………………………………………………………….…16-19
3.1 RSA Algorithm
3.2 Diffie-Hellman Key Exchange Algorithm
3.3 ElGamal Cryptosystem
3.4 Elliptic Curve Cryptosystem
Chapter 4
Mathematical Background…………………………………………………………………………22-53
4.1 Primality Testing (AKS, Fermat, Miller-Robin)
4.2 Euclidian Algorithm
4.3 Extended Euclidian Algorithm
4.4 Modular Exponential Equations Solving Algorithm
4.5 Cyclic Groups
4.6 Primitive Roots
4.7Discrete Logarithms
5
Chapter 5
Detailed RSA and its Implementation…………………………………………………………20-49 5.1 History
5.2 How RSA System Works
5.3 Steps in RSA Algorithm
5.4 Attacks on RSA
Chapter 6
Detailed ElGamal Cryptosystem…………………………………………………………………50-57 6.1 History
6.2 Steps in ElGamal Algorithm
6.3 ElGamal Signature Scheme
6.4 Applications of ElGamal Cryptosystem
Chapter 7
Implementations ………………………….…………………………………………………………..24-49 7.1 Fermat’s Theorem
7.2 Miller-Robin Algorithm
7.3 Euclid Algorithm
7.4 Extended Euclid Algorithm
7.5 Modular Exponential Solver Algorithm
7.6 RSA algorithm
FUTURE WORK ………………………….……………………………………………………………………58
CONCLUSIONS ………………………….…………………………………………………………………….59
References ………………………….………………………………………………………………………….60
6
LIST OF FIGURES
Fig: 2.1 One-way Property...……………………………………………………11
Fig: 2.2 Asymmetric Key Scheme.……………………………………………..12
Fig: 2.3 Public Key Encryption Process.………………………………… …...12
Fig:2.4 Public Key Digital Signature.…………………………….....................13
Fig:2.5 Public key - Key Agreement.………………………………….......…...15
Fig: 3.1 Diffie-Hell man Key Exchange Scheme………………………............18
Fig:4.5 Groups, Ring and Fields Representation……………………………...52
Fig:5.1 RSA Algorithm Figure.………………………………………………...42
7
CHAPTER1: INTRODUCTION
1.1 Introduction: Cryptography is a fascinating subject and is of great importance in
most technology today, from computers to credit cards and government to
ecommerce. The data transferred from one system to another over public network
can be protected by the method of encryption. On encryption, the data is
encrypted/scrambled by any encryption algorithm using the ‘key’. Only the user
having the access to the same ‘key’ can decrypt/de-scramble the encrypted data.
This method is known as private key or symmetric Key Cryptography. There are
several standard symmetric key algorithms defined. Examples are AES, 3DES etc.
These standard symmetric algorithms defined are proven to be highly secured and
time tested. But the problem with these algorithms is the key exchange. The
communicating parties require a shared secret, ‘key’, to be exchanged between them
to have a secured communication. The security of the symmetric key algorithm
depends on the secrecy of the key. Keys are typically hundreds of bits in length,
depending on the algorithm used. Since there may be number of intermediate points
between the communicating parties through which the data passes, these keys
cannot be exchanged online in a secured manner. In a large network, where there
are hundreds of system connected, offline key exchange seems too difficult and even
unrealistic. This is where public key cryptography comes to help. Using public key
algorithm a shared secret can be established online between communicating parties
without the need for exchanging any secret data.
Public-key algorithms provide a solution to what had been a big problem for
cryptographers for thousands of years: key exchange. Historically, the same key had been
used to encrypt and decrypt a plain text message, a process known as symmetric
encryption. This meant though that the encryption key, as well as the encrypted data, had
to be sent to the intended receiver. Somehow the sender and receiver had to securely
share the encryption key in advance.
1.2 History:
This problem of key distribution was solved in 1976 by two researchers at Stanford
University, Whitfield Diffie and Martin Hellman. They proposed a cryptosystem in
which the encryption key and the decryption key were different. This approach to
cryptography, known as public-key cryptography, uses a pair of cryptographic keys,
a public key and a private key. The private key is kept secret, while the public key can be
distributed openly, thereby negating the need to transmit a secret key in advance. The
keys are related mathematically, allowing the sender of a message to encrypt his message
8
using the recipient's public key. The message can then only be decrypted using the
recipient's private key.
Public-key cryptography serves both to authenticate a message and ensure its privacy, so
it's essential that you know that the public key you are using to encrypt a message does
belong to a specific person or entity. This has led to the creation of a public-key
infrastructure (PKI), in which one or more third parties, known as certificate authorities,
certify the ownership of key pairs. VeriSign Inc. is one of the best-known certificate
authorities. Several algorithms in common employ public-key cryptography, probably the
best known being the RSA algorithm named after its inventors, Ronald Rivest, Adi
Shamir and Leonard Adleman.
Although your interest is in public-key cryptography algorithms, you will need to study
other types of encryption algorithms to fully understand how different algorithms are
used in different situations. Public-key encryption is slow and computationally intensive,
so most systems only use it for highly secure transactions, such as to send the symmetric
key used to encrypt a message. The SSL/TLS family of cryptographic protocols does this,
and together they are called hybrid cryptosystems.
Another important aspect of cryptography to understand is that of breakability. All
public-key schemes are susceptible to brute-force key search attacks. Theoretically,
however, "breakable" and "practically breakable" are different. An attack is
impractical if the amount of computation needed for a break to succeed, termed work
factor, is beyond the means of a would-be attacker. For example, if it would, in theory,
take 10 years to break an encryption scheme, then it is safe to use when encrypting your
credit card details, as your credit card will expire well before the attacker can decrypt
them.
9
CHAPTER2: PUBLIC KEY CRYPTOSYSTEM
In public key cryptography each user or the device taking part in the communication have
a pair of keys, a public key and a private key, and a set of operations associated with the
keys to do the cryptographic operations. Only the particular user/device knows the
private key whereas the public key is distributed to all users/devices taking part in the
communication. Since the knowledge of public key does not compromise the security of
the algorithms, it can be easily exchanged online.
A shared secret can be established between two communicating parties online by
exchanging only public keys and public constants if any. Any third party, who has access
only to the exchanged public information, will not be able to calculate the shared secret
unless it has access to the private key of any of the communicating parties.
This is key agreement and is defined in section “Key Agreement.”
Apart from Key Agreement the other important applications of public key cryptography
are Data Encryption and Digital Signature, which are explained in sections
Encryption and Digital Signature respectively.
One-Way function:
In public key cryptography, keys and messages are expressed numerically and the
operations are expressed mathematically. The private and public key of a device is related
by the mathematical function called the one-way function. One-way functions are
mathematical functions in which the forward operation can be done easily but the reverse
operation is so difficult that it is practically impossible. In public key cryptography the
public key is calculated using private key on the forward operation of the one-way
function. Obtaining of private key from the public key is a reverse operation. If the
reverse operation can be done easily, that is if the private key is obtained from the public
key and other public data, then the public key algorithm for the particular key is cracked.
The reverse operation gets difficult as the key size increases. The public key algorithms
operate on sufficiently large numbers to make the reverse operation practically
impossible and thus make the system secure.
For e.g. RSA algorithm operates on large numbers of thousands of bits long.
10
Fig:2.1. One-wayProperty
2.1. Components Public Key Cryptosystem:
Public-Key encryption scheme have 5 ingredients. They are
i. Plaintext: This is a readable message or data that fed into the algorithm as input.
ii. Encryption Algorithm: The encryption algorithm performs various
transformations on the plain text.
iii. Public and Private Keys: These are pair of keys which have been selected so that
one is used for encryption and other is used for decryption.
iv. Cipher Text: This is the scrambled message produced as output. It depends on the
plain text and the key.
v. Decryption Algorithm: This algorithm matches the cipher text and the matching
key produces the Original plaintext.
The Scheme of this system is as follows:
• Each user generates pair of keys, used for encryption and decryption of messages.
• Each user places one of the 2 keys, in a public register or other accessible file to
everyone �Public key and other key is kept secret �Private Key.
• If Bob wishes to send a message to Alice, Bob encrypts the message using Alice’s
public key.
• When Alice receives the message, she decrypts it using her private key. No other
recipient can decrypt the message because only Alice Knows Alice’s private Key.
Public-key algorithms rely on one key for encryption and a different
decryption. These algorithms have following
Important Characteristics:
1. (Completeness) Given any message m and key pair (K, k), the encryption function
and decryption function are inverses: E
2. (Semantic Security) For any pair of messages m and m', it is computationally hard
to distinguish encryptions of m from encryptions of m', even given the public key
of a principal.
2.2. Applications of Public
Fig: 2.3.Public Key
Fig: 2.2.Asymmetric Key Scheme
key algorithms rely on one key for encryption and a different but related key for
These algorithms have following important characteristics.
(Completeness) Given any message m and key pair (K, k), the encryption function
and decryption function are inverses: EK(Dk(m)) = Dk(EK(m)) = m.
(Semantic Security) For any pair of messages m and m', it is computationally hard
to distinguish encryptions of m from encryptions of m', even given the public key
. Applications of Public-Key Cryptosystems:
2.3.Public Key Encryption Process
11
but related key for
(Completeness) Given any message m and key pair (K, k), the encryption function
(Semantic Security) For any pair of messages m and m', it is computationally hard
to distinguish encryptions of m from encryptions of m', even given the public key
12
It is important that device A receives the correct public key from device B, i.e. no
middleman must tamper or change the public key to its public key. One of the popular
public key encryption algorithms is RSA.
2)Digital Signature:
Using Digital signature a message “Msg” can be signed by a device using its private key
to ensure Authenticity of the message. Any device that has got the access to the public
key of the signed device can verify the signature. Thus the device receiving the message
can ensure that the message is indeed signed by the intended device and is not modified
during the transit. If any the data or signature is modified, the signature verification fails.
Fig:2.4.Public Key Digital Signature
For Ex. If a device A need to ensure the authenticity of its message, the device A signs its
message using its private key PA. The device A will then send the message ‘Msg’ and
signature ‘Sgn’ to device B. The device B, on receiving the message, can verify the
message using A’s public key UA and thereby ensuring that the message is indeed sent by
A and is also not tampered during the transit. Since only the device A knows its private
PA key, it is impossible for any other device to forge the signature.
The examples of Digital Signature algorithms are RSA, DSA and ECDSA.
The Following Table will help you in choosing Keys for respective Operations
(Encryption, Digital Signature).
13
3)Key Agreement:
Key agreement is a method in which the device communicating in the network
establishes a shared secret between them without exchanging any secret data. In this
method the devices that need to establish shared secret between them exchange their
public keys. Both the devices on receiving the other device’s public key perform key
generation operation using its private key to obtain the shared secret.
As we see in the previous section the public keys are generated using private key and
other shared constants. Let P be the private key of a device and U(P, C) be the public key.
Since public key is generated using private key, the representation U(P, C) shows that the
public key contain the components of private key P and some constants C where C is
known by all the device taking part in the communication.
Consider two devices A and B. Let PA and UA(PA, C) are the private key and public key
of device A, and PB and UB(PB, C) be the private key and public key of device B
respectively. Both device exchanges their public keys.
Device A, having got the public key of B, uses its private key to calculate shared secret
KA=Generate_Key(PA, UB(PB, C)).
Device B, having got the public key of A, uses its private key to calculate the shared
secret KB=Generate_Key (PB, UA(PA, C)).
14
Fig: 2.5.Public key - Key Agreement
The key generation algorithm ‘Generate_Key’ will be such that the generated keys at the
device A and B will be the same, that is shared secret KA=KB=K(PA, PB, C). Since it is
practically impossible to obtain private key from the public key any middleman, having
access only to the public keys UA(PA, C) and UB(PB, C), will never be able to obtain the
shared secret K.
Examples of key agreement algorithms are DH, RSA and ECDH.
2.3.Public-Key Cryptanalysis:
As symmetric encryption, Public-key Cryptosystem also vulnerable to “Brute-Force
Attack”.
Counter Measure: “Usage of Large Keys”.
15
CHAPTER3: PUBLIC-KEY ALGORITHMS
This is our main session, in this we will discuss about a few public-key algorithms and
will also gives some explanation on how they works. The Different algorithms in Public-
Key Cryptosystem are,
3.1 RSA Algorithm:
The RSA cryptosystem is based on the assumption that factoring large integers is
computationally hard. This assumption is not known to be true, but is widely believed. It
is not even known if factoring is an NP-complete problem. RSA keys are often of length
a power of two, like 512, 1024, or 2048 bits.
The RSA algorithm operates as follows
Operations:
o encryption of plaintext
o decryption of ciphertext
RSA as described above suffers from several problems given our definitions. First, it is
deterministic, since a given message always encrypts to the same ciphertext. Further, it
does not satisfy Non-Malleability, since two encryptions, can, for example, be multiplied
to get a new encryption. In some contexts, this kind of malleability can be useful, but it
should be taken into account when designing systems that use RSA.
One simple way to solve malleability problems is to add some sort of Message Integrity
Check (MIC) using hash functions.
3.1.1 RSA signatures:
As noted in the discussion on trapdoor functions, signatures can sometimes be
constructed from encryption functions. RSA signatures function in a similar manner.
• Signing message m: s = md mod n.(Here m=message and d & e are decryption and
encryption keys)
• checking message-signature pair (m, s): return true if m = se mod n
RSA signatures suffer from similar problems to malleability, but now these problems
violate the fundamental CMA property of signature schemes. Since any two signatures
16
can be combined to get a signature on a new message, it is trivial for an attacker in the
CMA model to violate security.
The common solution to this problem is to hash the message first. Compute signature s =
h(m)d mod n. Then even though the above attacks can be applied, the adversary can't
figure out which message has been signed (to do so would require, given h(m)*h(m'),
finding an m'' such that h(m'') = h(m)*h(m') mod n, which is prevented by pre-image
resistance of the hash function).
3.2 Diffie-Hellman Key Exchange:
This algorithm uses arithmetic modulus as the basis of its calculation. Suppose Alice and
Bob follow this key exchange procedure with Eve acting as a man in middle interceptor
(or the bad guy).
Here are the calculation steps followed in this algorithm that make sure that eve never
gets to know the final keys through which actual encryption of data takes place.
3.2.1Diffie-Hellman Setup:
1. all users agree on global parameters:
• large prime integer or polynomial q
• a being a primitive root mod q
2. Each user (eg. A) generates their key
• chooses a secret key (number): xA< q
3. compute their public key: yA = axA
mod q
4. each user makes public that key yA
3.2.2.Diffie-Hellman Key Exchange:
� shared session key for users A & B is KAB:
KAB = axA.xB
mod q
17
= yAxB
mod q (which B can compute)
= yBxA
mod q (which A can compute)
� KAB is used as session key in private-key encryption scheme between Alice and
Bob
� if Alice and Bob subsequently communicate, they will have the same key as
before, unless they choose new public-keys
� attacker needs an x, must solve discrete log
Diffie-Hellman’s Scheme:
Fig.3.1.Diffie-Hell man Key Exchange Scheme
As explained above the Diffie-Hellman algorithm works perfectly to generate
cryptographic keys which are used to encrypt the data being communicated over a public
channel.
18
3.3 ElGamal:
ElGamal is an encryption scheme that, like RSA, depends on computational assumptions
to guarantee security. Unlike the RSA assumption, however, ElGamal depends on type
of assumption called the Discrete-Logarithm assumption.
Roughly, this assumption claims that it is hard in some groups to find x given gx mod n.
The name comes from the fact that
x log(g) mod n = log(gx) mod n
and division is easy to compute in a group, so x is easy to compute given log(gx) mod n.
ElGamal operates as follows.
ElGamal as described here also suffers from malleability attacks. Of course, these
"attacks" can be useful in some systems that require manipulation of encrypted values
without revealing these values. There exist signature functions, called Schnorr
signatures that give non-malleable ElGamal construction.
3.4 Elliptic Curve Cryptography (ECC)
Most public-key cryptosystems are built over arithmetic in finite fields (algebraic
structures that have addition and multiplication operations each with inverses). Elliptic
Curve Cryptography (ECC) builds a finite field out of the set of solutions to an elliptic
curve equation y2 = x
3 + ax + b along with an additive identity element (that corresponds
to the point at infinity).
We won't go into the details of constructing ECC versions of common cryptosystems, but
several such examples exist. It should be noted that the addition operation in the group is
not simply adding solutions in the underlying field.
ECC is valuable because it is believed to be harder to compute, e.g., discrete logs over the
finite fields of ECC than in the underlying integer finite fields. This means that key sizes
in ECC can be smaller than the corresponding key sizes in cryptosystems based on other
fields. ECC is not, however, known to be harder than any other system.
19
CHAPTER5 : DETAILED RSA AND IMPLEMENTATION
5.1.History:
The RSA cryptosystem is a public-key cryptosystem that offers both encryption
and Digital Signatures (authentication).The RSA algorithm is the most commonly
used encryption and authentication algorithm.
Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in
1977; RSA stands for the first letter in each of its inventors' last names.
5.2.How the RSA System Works:
The mathematical details of the algorithm used in obtaining the public and private keys
are explained in following concepts. Briefly, the algorithm involves
Take two large primes, p and q, and compute their product n = pq; n is called the
modulus. Choose a number, e, less than n and relatively prime to (p-1)(q-1), which
means e and (p-1)(q-1) have no common factors except 1.
Find another number d such that (ed - 1) is divisible by (p-1)(q-1). The
values e and d are called the public and private exponents, respectively.
The public key is the pair (n, e); the private key is (n, d). The factors p and q may be
destroyed or kept with the private key.
It is currently difficult to obtain the private key d from the public key (n, e). However if
one could factor n into p and q, then one could obtain the private keyd. Thus the security
of the RSA system is based on the assumption that factoring is difficult. The discovery of
an easy method of factoring would "break" RSA.
Here is how the RSA system can be used for encryption and digital signatures (in
practice, the actual use is slightly different.
Encryption:
Suppose Alice wants to send a message m to Bob. Alice creates the ciphertextc by
exponentiating: c = me mod n, where e and n are Bob's public key. She sends c to Bob.
To decrypt, Bob also exponentiates: m = cd mod n; the relationship
between e and d ensures that Bob correctly recovers m. Since only Bob knows d, only
Bob can decrypt this message.
20
Digital Signature
Suppose Alice wants to send a message m to Bob in such a way that Bob is assured the
message is both authentic, has not been tampered with, and from Alice. Alice creates a
digital signature s by exponentiating: s = md mod n, where d and n are Alice's private key.
She sends m and s to Bob. To verify the signature, Bob exponentiates and checks that the
message m is recovered: m= se mod n, where e and n are Alice's public key.
Thus encryption and authentication take place without any sharing of private keys: each
person uses only another's public key or their own private key. Anyone can send an
encrypted message or verify a signed message, but only someone in possession of the
correct private key can decrypt or sign a message.
RSA works because c = me, so c
d = m
d e mod n = m mod n (need to apply Fermat's Little
Theorem and the Chinese Remainder Theorem)
5.3.Steps in RSA Algorithm:
The RSA algorithm involves three steps: key generation, encryption and decryption.
5.3.1KEY GENERATION:
RSA involves a public key and a private key. The public key can be known by everyone
and is used for encrypting messages. Messages encrypted with the public key can only be
decrypted in a reasonable amount of time using the private key. The keys for the RSA
algorithm are generated the following way:
1. Choose two distinct prime numbers p and q.
• For security purposes, the integers p and q should be chosen at random, and
should be of similar bit-length. Prime integers can be efficiently found using
a primality test.
2. Compute n = pq.
• n is used as the modulus for both the public and private keys. Its length,
usually expressed in bits, is the key length.
3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1), where φ is Euler's totient function.
4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e. e and φ(n)
are co-prime.
• e is released as the public key exponent.
5. Determine d as d−1
≡ e (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo
φ(n)).
21
• This is more clearly stated as solve for d given d⋅e ≡ 1 (mod φ(n))
• This is often computed using the extended Euclidean algorithm.
• d is kept as the private key exponent.
In this Key Generation concept we follow the above steps,
In Step1, we will choose 2 distinct prime numbers, and we will perform “PRIMALITY
TESTING”, to check whether they are Prime numbers or not.
4.1. PRIMALITY TESTING:
A primality test is a test to determine whether or not a given number is prime, as opposed
to actuallydecomposing the number into its constituent prime factors (which is known
as prime factorization).
Primality tests come in two varieties: deterministic and probabilistic.
Deterministic tests determine with absolute certainty whether a number is prime.
Examples of deterministic tests include the AKS Primality Test and Elliptic Primality
Test. Probabilistic tests can potentially (although with very small probability) falsely
identify a composite number as prime (although not vice versa). However, they are in
general much faster than deterministic tests. Numbers that have passed a probabilistic
prime test are therefore properly referred to as probable primes until their primality can
be demonstrated deterministically.
A number that passes a probabilistic test but is in fact composite is known as a pseudo-
prime. There are many specific types of pseudo-primes, the most common being
the Fermat pseudo-primes, which are composites that nonetheless satisfy Fermat's little
theorem.
The Rabin-Miller strong pseudo-prime test is a particularly efficient test.
The following are different Primality Testing procedures.
22
Deterministic Primality Testing:
4.1.1.AKS PRIMALITY TEST:
The AKS primality test (also known as Agrawal–Kayal–Saxena primality
test and cyclotomic AKS test) is a deterministic primality-proving algorithm created and
published by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, computer scientists at
the Indian, on August 6, 2002, in a paper titled "PRIMES is in P".
The algorithm determines whether a number is prime or composite within polynomial
time.
AKS is the first primality-proving algorithm to be simultaneously general, Polynomial,
Deterministic, and unconditional. Previous algorithms had been developed for centuries
but achieved three of these properties at most, but not all four.
The algorithm is guaranteed to distinguish deterministically whether the target number
is prime or composite. Randomized tests, such as Miller–Rabin , can test any given
number for primality in polynomial time, but are known to produce only a probabilistic
result.
Note: This Algorithm is under development, not implemented widely.
Probabilistic Primality Testing:
4.1.2.FERMAT’s LITTLE THEOREM:
If is a prime number and a natural number such that 1≤a<p then
(1)
Furthermore, if ( does not divide ), then there exists some smallest exponent
such that
(2)
and divides . Hence,
(3)
23
The theorem is sometimes also simply known as "Fermat's theorem"
Algorithm:
Inputs: n: a value to test for primality; k: a parameter that determines the
number of times to test for primality
Output: composite if n is composite, otherwise probably prime
Repeat k times:
pick a randomly in the range [1, n − 1]
if , then return composite
return probably prime
EX1: if P = 341, will P be PRIME?
�From previous equalities, we would be able to obtain that:
2^ (341-1) mod 341 = 1, if A = 2
EX2: if p=341,if a=3 then,
�3^ (341-1) mod 341 = 56!!!!!!!!!
That means Fermat’s Theorem is not true in this case!
7.1.FERMAT’s Implementation:
C code:
#include<stdio.h>
#include<math.h>
main() {
printf("*********** SANKAR KUNA *********************\n\n");
printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");
printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");
24
double p, n,a,b;
printf("Enter any Num:\n");
scanf("%lf", &p);
printf ("Choose any num btw 1 to %lf\n",p-1);
scanf("%lf",&n);
a=pow (n,p-1);
printf("a is %lf\n",a);
b=fmod (a,p);
if(b==1){
printf("\n%lf is Prime\n",p);
}
else{
printf("\n%lf is Composite\n",p);
}
getch ();
}
Test Cases:
Case1:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof. Jaydip Sen **************************
25
Enter any Num: 341
Choose any num btw 1 to 340.000000: 2
a is
223974474217780420000000000000000000000000000000000000000000000000000000
000
0000000000000000000000000000.000000
Result:341.000000 is Prime
Case2:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof. Jaydip Sen **************************
Enter any Num: 341
Choose any num btw 1 to 340.000000: 3
a is
16642808065898149000000000000000000000000000000000000000000000000000000
00000000.000000
Result: 341.000000 is Composite
Efficiency:
So, what is the efficiency?
�Time complexity is O (log n).
26
4.1.2. Carmichael number:
In number theory, a Carmichael number is a composite positive integer which
satisfies the congruence
For all integers which are relatively prime to (see modular arithmetic). They are named
for Robert Carmichael.
Fermat's little theorem states that all prime numbers have the above property. In this
sense, Carmichael numbers are similar to prime numbers; in fact, they are called Fermat
pseudo-primes. Carmichael numbers are sometimes also called absolute Fermat
pseudoprimes.
Conclusion on Fermat’s Theorem:
This is testing which passes Carmichael numbers as Prime although they are composite.
So; this is not the Best Algorithm.
4.1.3.MILLER-RABIN’s ALGORITHM:
It is a primality test that provides an efficient probabilistic algorithm for determining if a
given number is prime. It is based on the properties of strong pseudo primes.
The algorithm proceeds as follows.
Given an odd integer , let with odd. Then choose a random integer
with .
If or for some , then passes the test.
A prime will pass this test for all .
Algorithm:
Input: n> 3, an odd integer to be tested for primality;
Input: k, a parameter that determines the accuracy of the test
Output: composite if n is composite, otherwise probably prime
Write n − 1 as 2s·d with d odd by factoring powers of 2 from n − 1
27
Witness Loop: repeat k times:
pick a random integer a in the range [2, n − 2]
x ← ad mod n
if x = 1 or x = n − 1 then do next WitnessLoop
repeat s − 1 times:
x ← x2 mod n
if x = 1 then return composite
if x = n − 1 then do next WitnessLoop
return composite
return probably prime
7.2.Miller Robin Implementation Details:
/* Miller-Rabin primality test, iteration signifies the accuracy of the test */
bool Miller (long long p,int iteration){
if(p<2){
return false;
}
if(p!=2 && p%2==0){
return false;
}
long long s=p-1;
while(s%2==0){
s/=2;
}
for(int i=0;i<iteration;i++){
long long a=rand()%(p-1)+1,temp=s;
long long mod=modulo(a,temp,p);
while(temp!=p-1 && mod!=1 && mod!=p-1){
mod=mulmod(mod,mod,p);
temp *= 2;
}
if(mod!=p-1 && temp%2==0){
return false;
}
}
return true;
}
28
Efficiency:
• It can be shown that for any composite number p, at least (3/4) of the numbers less
than p will witness p to be composite when chosen as 'a' in the above test. Which
means that if we do 1 iteration, probability that a composite number is returned as
prime is (1/4)
�So, Hence till now we have studied about different Primality Tests to test the taken
Numbers ‘p’ and ‘q’ whether prime numbers are or not?, If we have confirmed them as
Prime numbers, then we will go for the next step i.e. Prime multiplication n=p*q.
After that step, we will go for the Euler Totient Function calculation, i.e .
φ(n) = φ(p)φ(q) = (p − 1)(q − 1),
So, after this we need to select Encryption Key ‘e’ value such that GCD(e, φ(n))=1,by
using “Euclidian Algorithm”, the explanation of it as follows.
4.2.EUCLIDIAN ALGORITHM:
This algorithm is used to find the GCD of any two numbers. It indicated as follows.
gcd(a,b)- the greatest common divisor of integers a and b
Algorithm:
function gcd(a, b)
while b ≠ 0
temp := b
b := a mod temp
a := temp
return a
Time Complexity:
β = max{log a, log b} - number of bits to encode a and b
T’(a,b) = Θ(β) - number of arithmetic operations
29
T(a,b) = Θ(β3) - total complexity
7.3.Euclid’s Implementation:
C code:
#include<stdio.h>
#include<math.h>
main(){
printf("*********** SANKAR KUNA *********************\n\n");
printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");
printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");
double a,b;
printf("Enter Your 1st Number:\n");
scanf("%lf",&a);
printf("Enter Your 2nd Number:\n");
scanf("%lf",&b);
printf("GCD is %d",gcd(a,b));
}
int gcd(double a,double b){
double r;
while(b!=0){
r=fmod(a,b);
a=b;
b=r;
30
}
if(b==0){
return a;
}
}
Test Cases:
Case1:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof. Jaydip Sen **************************
Enter Your 1st Number:1024
Enter Your 2nd Number:1024
Result: GCD is 1024
Case2:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Enter Your 1st Number:2048
Enter Your 2nd Number:1024
Result: GCD is 1024
31
Hence, we have Implemented the solution for Finding GCD of two given numbers, So,
we can easily find Encryption Key “e” such that “GCD(e, φ(n))=1”.
Our next step is to
Determine d as d−1
≡ e (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo φ(n)).
So, Here to find multiplicative inverse, we will follow “Extended Euclidian Algorithm”
The explanation of it is as follows,
4.3.EXTENDED EUCLIDIAN ALGORITHM:
The Extended Euclidean algorithm is an extension to the algorithm. Besides finding
the greatest common divisor (GCD)of integers a and b, as the Euclidean algorithm does,
it also finds integers x and y (one of which is typically negative) that satisfy Bézout's
identity
ax + by = d = gcd(a, b)
� Useful for later crypto computations
� Follow sequence of divisions for GCD but assume at each step i, can find x &y:
r = ax + by
� At end find GCD value and also x & y
� If GCD(a,b)=1 these values are inverses
Algorithm:
function extended_gcd(a, b)
x := 0 lastx := 1
y := 1 lasty := 0
while b ≠ 0
quotient := a div b
(a, b) := (b, a mod b)
(x, lastx) := (lastx - quotient*x, x)
(y, lasty) := (lasty - quotient*y, y)
return (lastx, lasty)
32
Example:
Consider example of two numbers a = 29, m = 168
29x + 168y = 1
168 = 0*29 + 1*168
29 = 1*29 + 0*168
First Step: 168 = 5*29 + 23
23 = (-5)*29 + 1*168 = (-5)*[1*29 + 0*168] + 1*[0*29 + 1*168]
Second Step: 29 = 1*23 + 6
6 = 1*29 + (-1) *23 = 1*[0*168 + 1*29] + (-1)*[(-5)*29 + 1*168] = 6*29 + (-1)*168
Third Step: 23 = 3*6 + 5
5 = 1*23 + (-3)*6 = 1*[ (-5)*29 + 1*168] + (-3)*[6*29 + (-1)*168] = (-23)*29 + 4*168
Fourth Step: 6 = 1*5 + 1
1 = (-1)*5 + 1*6 = (-1)*[(-23)*29 + 4*168] + 1*[6*29 + (-1)*168] = 29*29 + (-5)*168
Hence final solution comes as:
29*29 + (-5)*168 = 1
x = 29 and y = (-5)
Here x=29 is the Modular inverse of 29 mod 168 and
y=-5 is the Modular inverse of 168 mod 29.
7.4.Extended_Euclidian Algorithm Implementation:
C code:
#include<stdio.h>
int extended(double k,int b)
33
{
double a3=k;
int a1=1,a2=0,b1=0,b2=1,b3=b,q,t1,t2,t3;
abc: if(b3==0)
{
return a3;
}
if(b3==1)
{
return b2;
}
q=a3/b3;
t1=a1-(q*b1);
t2=a2-(q*b2);
t3=a3-(q*b3);
a1=b1;
a2=b2;
a3=b3;
b1=t1;
b2=t2;
b3=t3;
goto abc;
34
}
main(){
printf("*********** SANKAR KUNA *********************\n\n");
printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");
printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");
int b,r;
double a;
printf("Enter a b values\n");
scanf("%lf %d",&a,&b);
printf("\nA value is %lf\nB value is %d\n",a,b);
r=extended(b,a);
printf("\nInverse is:%d\n",r);
}
Test Cases:
Case1:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Enter A and B values: 29
168
Result: Inverse is : 29
35
Case2:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Enter A and B values: 168
29
Result: Inverse is : -5
Hence, we have calculated the decryption key ‘d’ such that d−1
≡ e (mod φ(n)),
So, Till now we have done the “Key Generation Phase” by applying some “Mathematical
Logics and Algorithms”
So, in RSA 2nd
step is,
5.3.2.ENCRYPTION OF MESSAGE:
When Bob intends to send an encrypted message to Alice, these are the steps to be
taken:
1. Obtain Alice's public-key (n,e), which should be listed in a public directory.
2. Represent the plaintext message as a positive integer x, whereby x < n.
3. Compute the ciphertext using the encryption function: C = EK(M) =Me mod n
4. Transmit the ciphertext to Alice.
5.3.3.DECRYPTION OF CIPHER TEXT:
Upon receiving the encrypted message, there are several steps to be taken by Alice:
1. Compute the integer representation of the plaintext using the decryption
function: x = DK(C) =Cd mod n and her own private key (p,q,d).
2. Decode the corresponding plaintext from its integer representation, x.
36
So, in above Encryption and Decryption steps, we are facing two Modular exponential
Equations to be solved.
For small values we can simply calculate But for Larger Values we can’t Store and
Forward Me or C
d values.
So, To simply solving them we will follow “Modular Exponentiation Algorithm”.
The Explanation as Follows,
4.4.Modular Exponentiation Solving Algorithm:
Modular exponentiation is a type of exponentiation performed over a modulus.
A "Modular exponentiation" calculates the remainder when a positive integer b (the base)
raised to the m-th power (the exponent), be, is divided by a positive integer n, called the
modulus. In symbols, this is, given base b, exponent e, and modulus n, the modular
exponentiation C is:
be mod n
Complexity of modular operations:
Multiplication:
For given a and b find x such that a*b mod n = x
Multiplication + Division, i.e. time complexity ΘΘΘΘ(ββββ2)
Division:
For given a and b find x such that bx mod n = a
Not always such x exists - we should have gcd(b,n) | a
Extended Euclid's algorithm:
Finds x and y such that gcd(s,t) = su + tv
Take b = s and t = n and set x = ua/gcd(b,n)
Time complexity ΘΘΘΘ(ββββ3)
37
Exponentiation:
For given b and e and n, find x such that : be mod n = x
Time complexity T(β) = ΘΘΘΘ(ββββ3)
Algorithm:
function modular_pow(base, exponent, modulus)
result := 1
while exponent > 0
if (exponent mod 2 == 1):
result := (result * base) mod modulus
exponent := exponent >> 1
base = (base * base) mod modulus
return result
7.5.Modular Exponential Equations Solving Implementation:
C code:
#include<stdio.h>
#include<math.h>
int expo();
main(){
printf("*********** SANKAR KUNA *********************\n\n");
printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");
printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");
double base;
38
int exp;
double n,result;
printf("Enter Base,Exp,N values");
scanf("%lf %d %lf",&base,&exp,&n);
result=expo(base,exp,n);
printf("\n\nResult is :%lf\n",result);
getch();
}
int expo(double base,int exp,double n){
int a=1,b,mod[10],i,j,m=1;
if(exp%2==0){
printf("\n\t\tExponent is EVEN\n");
for(i=0;exp!=0;exp=exp-2,i++){
a=a*pow(base,2);
b=fmod(a,n);
mod[i]=b;
a=b;
}
}
if(exp%2==1){
printf("\n\t\tExponent is ODD\n\n");
for(i=0;exp!=1;exp=exp-2,i++){
39
a=a*pow(base,2);
b=fmod(a,n);
mod[i]=b;
a=b;
}
if(exp==1){
a=a*base;
a=fmod(a,n);
}
}
return a;
}
Test Cases:
Case1:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Input:14623
mod 187
40
Enter Base, Exponent, Modulo values: 146
23
187
Result: Exponent is ODD
Value is 5.00
Case2:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Input:20010
mod 100
Enter Base, Exponent, Modulo values: 200
10
100
Result: Exponent is EVEN
Value is 0.00
So, now using this program we can simply calculate the modular exponential equations
values easily.
Hence, we can simply calculate modular values of
C=Me mod n
M=Cd mod n.
41
5.3.1.DIGITAL SIGNATURE:
When sending a message to Alice, Bob uses a digital signature to assure Alice that the
message has indeed been sent by him. The following procedures are taken to generate the
signature:
1. Create a message digest of the message to be transmitted. A message digest is a
short "fingerprint" of the data that can be constructed via a hash function: h(x) = y
2. Represent the message digest as an integer, y, with a value between 0 and n-1.
3. Compute the signature using his private key: z = sigK(y) = yd mod n.
4. Send the signature, z, along with the message, x, to Alice.
5.3.2.SIGNTURE VERIFICATION:
Upon receiving the signed message, these are the steps taken by Alice
to authenticate the message:
1. Use Bob's public key to compute the integer representation of the message digest
using the function: y = ze mod n.
2. Extract the message digest from this value.
3. Compute the message digest from the received message independently.
4. Verify if both the extracted and computed message digests are identical. If so, the
signature is valid.
RSA Algorithm:
Fig:5.1.RSA Algorithm Figure
42
7.6.RSA IMPLEMENTATION:
C code:
#include<stdio.h>
#include<conio.h>
#include<math.h>
int gcd(int a,int b){
int r;
while(b!=0){
r=a%b;
a=b;
b=r;
}
if(b==0){
return a;
}
}
int extended();
int expo(double base,int exp,double n){
int a=1,b,mod[10],i,j,m=1;
if(exp%2==0){
printf("\n\n\t\tExponent is EVEN\n");
for(i=0;exp!=0;exp=exp-2,i++){
43
a=a*pow(base,2);
b=fmod(a,n);
mod[i]=b;
a=b;
}
}
if(exp%2==1){
printf("\n\n\t\tExponent is ODD\n\n");
for(i=0;exp!=1;exp=exp-2,i++){
a=a*pow(base,2);
b=fmod(a,n);
mod[i]=b;
a=b;
}
if(exp==1){
a=a*base;
a=fmod(a,n);
}
}
44
return a;
}
void main()
{
printf("*********** SANKAR KUNA *********************\n\n");
printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");
printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");
double p,q,n,k,z,d1,c1,y,i;
double c2;
double m,l,x,d2,c;
int e,d,ms;
printf("The P,Q Primary values:");
scanf("%lf%lf",&p,&q);
n=p*q;
printf("N value is %lf",n);
k=(p-1)*(q-1);
printf("\n K(n) value is:%lf",k);
for(i=2;i<k;i++){
if(extended(k,1) == i)
printf("%d\t",i);
}
printf("\n\n");
printf("\n Enter the Integer which is relative to the prime to the K(n)");
45
scanf("%d",&e);
d=extended(k,e);
printf("\n\n\n\t\t\tEncryption Process\n\n\n");
printf("\n Enter the plain text number ");
scanf("%lf",&m);
c=expo(m,e,n);
printf("\n\n\n\t\t\tDecryption Process\n\n\n");
printf("Cipher Txt is %lf",c);
ms=expo(c,d,n);
printf("Plain Text Entered is: %d\n",ms);
getch();
}
int extended(double k,int b){
double a3=k;
int a1=1,a2=0,b1=0,b2=1,b3=b,q,t1,t2,t3;
abc: if(b3==0){
return a3;
}
if(b3==1){
return b2;
}
q=a3/b3;
46
t1=a1-(q*b1);
t2=a2-(q*b2);
t3=a3-(q*b3);
a1=b1;
a2=b2;
a3=b3;
b1=t1;
b2=t2;
b3=t3;
goto abc;
}
Test Cases:
Case1:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Enter P,Q values :11
17
N value is:187.00000
K(N) values is :160.000000
47
Enter The Number which is relative to the K(N):7
Public Key is : {7,187.0000}
Private Key is : {23,187.0000}
:Encryption Process:
Enter The Plain text Number:5
Cipher Text is: 146
:Decryption Process:
Plain Text entered is :5
Case2:
******************** SANKAR KUNA *********************
*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************
****************** GUIDE: Prof.Jaydip Sen **************************
Enter P,Q values : 17
31
N value is: 527.00000
K(N) values is : 480.000000
Enter The Number which is relative to the K(N): 11
Public Key is : {11,527.0000}
Private Key is : {611,527.0000}
48
:Encryption Process:
Enter The Plain text Number: 45
Cipher Text is:505
:Decryption Process:
Plain Text entered is : 45
So, Finally we have done the implementation of “RSA Cryptosystem”.
5.4.ATTACKS ON RSA:
The main security of “RSA Cryptosystem depends on the Factorization of Primes.”
• There were so many methods for “FACTORING”, But no method can solve it in
Limited time, if have chosen as Very Large Primes.
• Elementary attack, Small Private Key attack, Using Chinese Remainder Theorem,
Hastards Broad Cost Attack are the different “Attacks on RSA Cryptosystem”
49
CHAPTER6 : DETAILED ELGAMAL CRYPTOSYSTEM
6.1.History:
In cryptography, the ElGamal encryption system is an asymmetric key encryption
algorithm for public-key cryptography which is based on the Diffie–Hellman key
exchange. It was described by Taher ElGamal in 1984. ElGamal encryption is used in
the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.
The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which
should not be confused with ElGamal encryption.
ElGamal encryption can be defined over any cyclic group G. Its security depends upon
the difficulty of a certain problem in G related to computing discrete logarithms.
ElGamal encryption consists of three components:
• The key generator
• The encryption algorithm
• The decryption algorithm.
Before Going to these steps we need to know some Mathematical concepts.
4.5.CYCLIC GROUPS:
Group:
A group is a collection of G, together with an operator "·", it combines any two
elements a and b to form another element, denoted as a b. The symbol "·" is given
specific operations, such as the addition of the placeholder. To have become eligible for
group, called group axioms this collection and computing (G, ·) must meet four
requirements:
1.Closed. For all a, b, computing a · b The results of the G is G.
2.Associativity. For all G in A, B and c, equation (a · b) · c = a · (b · c) was established.
3.Units. Exists an element e of G such that for all G elements a, the
equation e · a = a · e = a established.
4.Anti-
elements.
For each G of A, G an element b such that a · b = b · a = e, where e is
the unit.
For example, the set of integers and addition operations, has the following properties
1. For any two integers a and b, and a + b is an
the sum of two integers can be drawn integer result.
”Closed” under addition .
2. For any integers a, b, and
the a b, then add c to connect them and the
add b and c, are equal. This property is called
3. If a is any integer, then 0 +
unit, because it added to any integer.
4. For any integer A, there is another integer
is called the inverse of the integers a, denoted by
A group is called a finite group
number of elements is called the
Refer the Following image to get different categories in
Fig 4.5.:Group, Ring and Fields Representation
For any two integers a and b, and a + b is an integer. In other words, at any time,
the sum of two integers can be drawn integer result. This property is
under addition .
and c (a + b) + c = a + (b + c). Words to express, first add
to connect them and the results obtained with
This property is called Associativity.
is any integer, then 0 + a = a + 0 = a. Are the same integer zero
unit, because it added to any integer.-->Unity or ADDITIVE IDENTIRY
there is another integer b such that a + b = b +
of the integers a, denoted by - a.-->Multiplicative inverse
finite group, if it has a finite number of elements.
number of elements is called the order of the group G
Refer the Following image to get different categories in Groups,
Fig 4.5.:Group, Ring and Fields Representation
50
In other words, at any time,
This property is called
Words to express, first add
obtained with a and
Are the same integer zero-called adder
or ADDITIVE IDENTIRY
a = 0. Integer b
Multiplicative inverse
, if it has a finite number of elements. Order of the
51
Cyclic group:
Cyclic group whose elements are all specific elements of a group of power (to use the
term multiple group operation is written as addition). Multiplication sign, the second
group of elements:
..., A - 3, a - 2, a - 1, a 0 = e, a, a 2, a 3, ...,
This element is called a generator of this group or primitive element.
4.6.PRIMITIVE ROOTS:
In modular arithmetic, a branch of number theory, a number g is a primitive root
modulo n if every number co-prime to n is congruent to a power of g modulo n.
In other words, g is a generator of the multiplicative group of integers modulo n. That
is, for every integer a co-prime to n, there is an integer k such that gk ≡ a (mod n).
Such k is called the index or discrete logarithm of a to the base g modulo n.
Example: 3 is a primitive root of 5:
N 3n 3
n mod 5
1 3 3
2 9 4
3 27 2
4 81 1
Example2: 4 is not a primitive root of 5:
X 4x 4
x mod 5
1 4 4
2 16 1
3 64 4
4 256 1
The order of m modulo n = Phi (n), M is nth primitive element
52
Reason: The set of integers in the third column is not the same as the set of integers in
the first column. So 4 is not a prime root of 5.
4.7.Discrete Logarithm:
Discrete logarithms are logarithms defined with regard to multiplicative cyclic groups.
If G is a multiplicative cyclic group and g is a generator of G, then from the definition of
cyclic groups, we know every element h in G can be written as gx for some x
Let (G;”.”) be an abelian group.
Discrete Logarithm Problem:
Given g; h 2 G, find an x (if it exists) such that
The difficulty of this problem depends on the group G:
• Very easy: polynomial time algorithm, e.g. (ZN; +)
• Hard: sub-exponential time algorithm, e.g. (Fp;_).
• Very hard: exponential time algorithm, e.g. elliptic curve groups.
Example: If the group is Z5*, and the generator is 2, then the discrete logarithm of 1 is 4
because 24 ≡ 1 mod 5.
Example2: Z13* = <2> 21=2, 2
2=4, 2
3=8, 2
4=3, 2
5=6, 2
6=12, 2
7=11, 2
8=9, 2
9=5, 2
10=10,
211
=7, 212
=1
Log2(5) = 9.
So, we learnt all the basics for “ElGamal Cryptosystem”
6.2.Steps in ElGamal Encryption Algorithm:
ElGamal Key generation:
The key generator works as follows:
gx = h:
• Alice generates an efficient description of a multiplicative cyclic group
order with generator
of this group.
• Alice chooses a random
• Alice computes
• Alice publishes , along with the description of
retains as her private key
Encryption:
The encryption algorithm works as follows: to encrypt a message
public key(G,q,g,h).
Next Bob to send Message “M” it
and send s (C1,C2) it to Alice.
Decryption:
To decrypt it, Alice calculates
Here To find S-1
we will use Extended Euclidian Algorithm.(Ref:4.3)
ElGamal Message Exchange:
� Bob encrypt a message to send to A comput
• represent message M in range 0 <= M <= q
� longer messages must be sent as blocks
• chose random integer k with 1 <= k <= q
• compute one-time key K = y
• encrypt M as a pair of integers (C
Alice generates an efficient description of a multiplicative cyclic group
generator . See below for a discussion on the required properties
Alice chooses a random from .
.
, along with the description of , as her public key
private key which must be kept secret.
The encryption algorithm works as follows: to encrypt a message M to Alice under her
to send Message “M” it assumes one number r, andcalculates
C1=gr mod q
C2=(hr mod q)*M
To decrypt it, Alice calculates
S=C1x mod q
M=C2*S-1
Extended Euclidian Algorithm.(Ref:4.3)
ElGamal Message Exchange:
Bob encrypt a message to send to A computing
represent message M in range 0 <= M <= q-1
longer messages must be sent as blocks
chose random integer k with 1 <= k <= q-1
time key K = yAk mod q
encrypt M as a pair of integers (C1,C2) where
53
Alice generates an efficient description of a multiplicative cyclic group of
ion on the required properties
public key. Alice
to Alice under her
54
� C1 = ak mod q ; C2 = KM mod q
� A then recovers message by
• recovering key K as K = C1xA
mod q
• computing M as M = C2 K-1
mod q
� a unique k must be used each time
• otherwise result is insecure
ElGamal Example:
Key Generation:
Say the receiver chooses prime , and (one can check that 33 is a generator
of ), and secret exponent .
Then . (I won’t explicitly write the “ ” anymore.)
The receiver would publish the public key .
Encryption:
Say a sender wants to send the message . It chooses random exponent , say,
computes the ciphertext
, and sends this to the receiver.
Decryption:
To decrypt the ciphertext , the receiver needs to compute
.
Recall that dividing by 62 modulo 71 really means to multiply by . We did
not discuss how to compute multiplicative inverses in class, but one can verify
that because . Thus, the receiver will compute
. (Here to find Inverse again we will use Extended
Euclid Algorithm (Ref:4.3))
Of course, this was exactly the message ‘M=15’ sent by the sender!
55
6.3.ElGamal Signature Scheme:
• In1985, ElGamal proposed a digital signature scheme based
on discrete logarithms. Until now, this scheme is still secure under its
cryptographic assumption (discrete logarithm problem)
� Sign Function: Signature (r, s) for message M.
1. Select a random integer k between 1 and P-1 such that gcd(k, P-1) = 1.
2. Compute r=gk mod P.
3. Compute s=k-1
(M-xr) mod (P-1).
� Verification Function:
Verify by checking whether
gM
mod P = (rs) ×(y
r) mod P
(rs) ×(y
r)=g
(M-xr) × g
xr = g
(M-xr)+xr=g
M mod P.
Example:
1. P=23, g=5.
2. x=3, then y=10 (for 53 mod 23 =10).
3. Sign for the message M=8.
4. Select k=5 between 1 and 22 (P-1).
5. Compute r = gk mod P = 5
5 mod 23 = 20.
6. Compute s = k-1
(M-xr) mod (P-1) = 5-1
(8-3×20) mod 22 = 9×14 mod 22 = 16.
7. Verification:
gM
= 58 mod 23 =16
(rs)(y
r) mod P = 20
16 × 10
20 mod 23= 13×3 mod 23 = 16.
56
6.4. Applications of ElGamal System:
1. Popular for ElGamal Signature Scheme
2. Also used for ElGamal encryption
3. Digital Signature Standard (DSS) – a variant of ElGamal – standardized by NIST
4. Open Source Free Libraries – Crypto++, CryptoLib, Python, Java Cryptix.
6.5. RSA Vs EL-GAMAL Performances:
• Tests for key generation, encryption and decryption for RSA.
• The encryption tests were performed on large key blobs for a symmetric cipher
since that is generally what one encrypts with public key cryptography.
• Observation: The time required for key generation is very costly compared to the
cubic time required for encryption and decryption.
• Observation: There is a constant factor difference in performance between
encryption and decryption, resulting in a difference of orders of magnitude
between the two operations.
• So where encryption may take tens of milliseconds, decryption can take seconds,
and key generation may even take minutes.
57
Future Work:
Till now I have done research on the public key cryptographic algorithms and its
applications.
Due to time constraint as well as a considerable amount of time spent setting up and
understanding the system, the suggested improvements could not be completed during
this semester. As a result, one of the suggested future works for this project is to
implement an optimized version of algorithm for public key cryptosystems.
Another area of future work is to integrate the cryptosystem protocols described in above
with “Wireless Sensor Networks” and to evaluate the change in security performance
with the addition of the protocols.
58
CONCLUSIONS:
In this Project I have analyzed and done research and Implemented the following topics.
These all are implemented in C programming.
� Analysis and Description of Public Key cryptosystem.
� Analysis of RSA and ElGamal Cryptosystems with suitable Examples.
� Analysis of Mathematical Concepts of RSA and ElGamal Cryptosystem.
� Implementation of Fermat’s Theorem.
� Implementation of Euclid and Extended Euclid Algorithms.
� Implementation of Modular Exponential Solving Algorithm
� Implementation of RSA Key generation, Encryption and Decryption algorithms.
� Differences between RSA and ElGamal Cryptosystems.
59
References:
1. William Stallings, Cryptography and Network Security, Prentice Hall of India
PHI, 6th
Edition.
2. Public Key Cryptography - Applications Algorithms and Mathematical
Explanations. URL: http://www.dkrypt.com/home/pkcs
3. Differences between Symmetric Key and Asymmetric Key Algorithms.
URL: http://voices.yahoo.com/comparing-symmetric-asymmetric-key-encryption-
6329400.html
4. CMSC414: Computer/Networks Security-reading Materials of University of
Maryland, College Park, USA.
5. Primality Test for Applications.
URL: http://www-math.mit.edu/phase2/UJM/vol1/DORSEY-F.PDF
6. Douglas Stinson, Cryptography: Theory and Practice, 3rd
Edition.
7. Different Primality Testings and Time Complexities.
URL:http://www.topcoder.com/tc?module=Static&d1=education&d2=overview
8. Public Key Cryptography and its Related Topics.
URL: http://www.wikipedia.com
9. The Basis of ElGamal Encryption Algorithm.
URL: http://www.cprogramdev.com/75562/
10. Cryptography and its Applications Tutorial Lectures.
URL: https://www.khanacademy.org/math/applied-math/cryptography/
11. Jaydip Sen (Editor), Applied Cryptography and Network Security, 1st Edition,
INTECH Publishers, Croatia, April 2012.
12. Jaydip Sen (Editor), Cryptography and Security in Computing, 1st Edition,
INTECH Publishers, Croatia, April 2012.
13. Jaydip Sen (Editor), Theory and Practice of Cryptography and Network Security
Protocols and Technologies, 1st Edition, INTECH Publishers, Croatia, July 2013.
14. Jaydip Sen, “Reputation- and Trust-Based Systems for Wireless Self-Organizing
Networks”, book chapter in Security of Self-Organizing Networks: MANET, WSN,
WMN, VANET, A.S.K. Pathan (Ed), pp. 91-122, Auerbach Publication, CRC
Press, USA, 2010.
15. Jaydip Sen and Indranil Sengupta, “Autonomous Agent Based Distributed Fault-
Tolerant Intrusion Detection System”, in Proceedings of the 2nd
International
Conference on Distributed Computing and Internet Technology (ICDCIT’05),
Lecture Notes in Computer Science (LNCS) Vol 3186, pp. 125-131, December
2005.