Public Key Cryptosystems RSA and ElGamal : A Technical Report

1

NIST SUMMER RESEARCH FELLOWSHIP-2013

A dissertation submitted to

NATIONAL INSTITUTE OF SCIENCE TECHNOLOGY, ODISHA, INDIA

A Technical Report On:

PUBLIC KEY CRYPTOSYSTEMS (RSA & ELGAMAL)

Guide: PREPARED BY:

Prof. Jaydip sen

Department of Computer Science

NIST, Berhampur, Odisha, India

Email: [email protected]

Kuna Siva Sankar

Student B.tech (CSE) .3rd Year

Institute: RGU IIIT, Nuzvid, AP.

Email: [email protected]

2

ACKNOWLEDGEMENT

This work is a part of the research program of the “NIST Summer Research

Fellowship(NSRF)'', which is financially supported by National Institute of Science

And Technology, Berhampur, Odisha, India.

I would like to thanks Prof. Sangram Mudali, Director of NIST and Prof. Geetika

Mudali, Placement Director of NIST for giving me such opportunity to being a part of

NIST and for fundamental support.

I would like to express the deepest gratitude to my mentor Prof. Jaydip Sen who has the

attitude and the substance of a genius: he continually and convincingly conveyed a spirit

of adventure in regard to research, and an excitement in regard to experiment and forward

thinking. Without his guidance and persistent help this dissertation would not have been

possible. I also would like to thank him for showing me some example that related to the

topic of our project.

I would also like to thank Dr. M Reza coordinator summer research program for

selecting me thus giving me a golden chance in this research internship program. It was

never possible for me to undergo this project without his support and supervision.

3

ABSTRACT

To overcome the problems faced in symmetric key algorithms, people have chosen

Asymmetric Key algorithms for communication. Communication with Asymmetric

algorithms will give us transmission of information without exchanging the key.

Public-key cryptography refers to a cryptographic system requiring two separate keys,

one of which is secret and one of which is public. Public-key cryptography

is widely used. It is an approach used by many cryptographic algorithms

and cryptosystems. It underpins such Internet standards as Transport Layer Security

(TLS), PGP, and GPG. RSA and Diffie–Hellman key exchange are the most widely used

public key distribution systems, while the Digital Signature Algorithm is the most widely

used digital signature system.

In this report we are mainly concentrating on some asymmetric algorithms which are

mostly used. They are RSA cryptosystem and ElGamal Cryptosystem. It also gives

brief mathematical explanations.

The RSA algorithm is the most commonly used encryption and authentication algorithm

and is included as part of the Web browsers from Microsoft and Netscape.RSA is

an algorithm for public-key cryptography that is based on the presumed difficulty

of factoring large integers, the factoring problem.. The RSA algorithm involves three

steps: key generation, encryption and decryption. In this we mainly concentrate on

algorithms for Primality Testing, Extended Euclidian’s algorithm, Modular

Exponentiation solving algorithm, etc.

ElGamal System is a public-key cryptosystem based on the discrete logarithm problem.

It consists of both encryption and Signature algorithms. ElGamal encryption is used in

the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.

ElGamal encryption consists of three components: the key generator, the encryption

algorithm, and the decryption algorithm. In this we concentrate on the algorithms Cyclic

Groups, Modular Exponentiation solving algorithms etc.

4

TABLE OF CONTENTS

Chapter 1 Page no.

Introduction……………………………………………………………………………………………..7-9

1.1 Introduction

1.2 History

Chapter 2

Public Key Cryptosystem……………………………..…………………………………………….10-15

2.1 Components of Public Key Cryptosystem

2.2 Applications of Public key Cryptosystem

Chapter 3

Public Key Algorithm……………………………………………………………………………….…16-19

3.1 RSA Algorithm

3.2 Diffie-Hellman Key Exchange Algorithm

3.3 ElGamal Cryptosystem

3.4 Elliptic Curve Cryptosystem

Chapter 4

Mathematical Background…………………………………………………………………………22-53

4.1 Primality Testing (AKS, Fermat, Miller-Robin)

4.2 Euclidian Algorithm

4.3 Extended Euclidian Algorithm

4.4 Modular Exponential Equations Solving Algorithm

4.5 Cyclic Groups

4.6 Primitive Roots

4.7Discrete Logarithms

5

Chapter 5

Detailed RSA and its Implementation…………………………………………………………20-49 5.1 History

5.2 How RSA System Works

5.3 Steps in RSA Algorithm

5.4 Attacks on RSA

Chapter 6

Detailed ElGamal Cryptosystem…………………………………………………………………50-57 6.1 History

6.2 Steps in ElGamal Algorithm

6.3 ElGamal Signature Scheme

6.4 Applications of ElGamal Cryptosystem

Chapter 7

Implementations ………………………….…………………………………………………………..24-49 7.1 Fermat’s Theorem

7.2 Miller-Robin Algorithm

7.3 Euclid Algorithm

7.4 Extended Euclid Algorithm

7.5 Modular Exponential Solver Algorithm

7.6 RSA algorithm

FUTURE WORK ………………………….……………………………………………………………………58

CONCLUSIONS ………………………….…………………………………………………………………….59

References ………………………….………………………………………………………………………….60

6

LIST OF FIGURES

Fig: 2.1 One-way Property...……………………………………………………11

Fig: 2.2 Asymmetric Key Scheme.……………………………………………..12

Fig: 2.3 Public Key Encryption Process.………………………………… …...12

Fig:2.4 Public Key Digital Signature.…………………………….....................13

Fig:2.5 Public key - Key Agreement.………………………………….......…...15

Fig: 3.1 Diffie-Hell man Key Exchange Scheme………………………............18

Fig:4.5 Groups, Ring and Fields Representation……………………………...52

Fig:5.1 RSA Algorithm Figure.………………………………………………...42

7

CHAPTER1: INTRODUCTION

1.1 Introduction: Cryptography is a fascinating subject and is of great importance in

most technology today, from computers to credit cards and government to

ecommerce. The data transferred from one system to another over public network

can be protected by the method of encryption. On encryption, the data is

encrypted/scrambled by any encryption algorithm using the ‘key’. Only the user

having the access to the same ‘key’ can decrypt/de-scramble the encrypted data.

This method is known as private key or symmetric Key Cryptography. There are

several standard symmetric key algorithms defined. Examples are AES, 3DES etc.

These standard symmetric algorithms defined are proven to be highly secured and

time tested. But the problem with these algorithms is the key exchange. The

communicating parties require a shared secret, ‘key’, to be exchanged between them

to have a secured communication. The security of the symmetric key algorithm

depends on the secrecy of the key. Keys are typically hundreds of bits in length,

depending on the algorithm used. Since there may be number of intermediate points

between the communicating parties through which the data passes, these keys

cannot be exchanged online in a secured manner. In a large network, where there

are hundreds of system connected, offline key exchange seems too difficult and even

unrealistic. This is where public key cryptography comes to help. Using public key

algorithm a shared secret can be established online between communicating parties

without the need for exchanging any secret data.

Public-key algorithms provide a solution to what had been a big problem for

cryptographers for thousands of years: key exchange. Historically, the same key had been

used to encrypt and decrypt a plain text message, a process known as symmetric

encryption. This meant though that the encryption key, as well as the encrypted data, had

to be sent to the intended receiver. Somehow the sender and receiver had to securely

share the encryption key in advance.

1.2 History:

This problem of key distribution was solved in 1976 by two researchers at Stanford

University, Whitfield Diffie and Martin Hellman. They proposed a cryptosystem in

which the encryption key and the decryption key were different. This approach to

cryptography, known as public-key cryptography, uses a pair of cryptographic keys,

a public key and a private key. The private key is kept secret, while the public key can be

distributed openly, thereby negating the need to transmit a secret key in advance. The

keys are related mathematically, allowing the sender of a message to encrypt his message

8

using the recipient's public key. The message can then only be decrypted using the

recipient's private key.

Public-key cryptography serves both to authenticate a message and ensure its privacy, so

it's essential that you know that the public key you are using to encrypt a message does

belong to a specific person or entity. This has led to the creation of a public-key

infrastructure (PKI), in which one or more third parties, known as certificate authorities,

certify the ownership of key pairs. VeriSign Inc. is one of the best-known certificate

authorities. Several algorithms in common employ public-key cryptography, probably the

best known being the RSA algorithm named after its inventors, Ronald Rivest, Adi

Shamir and Leonard Adleman.

Although your interest is in public-key cryptography algorithms, you will need to study

other types of encryption algorithms to fully understand how different algorithms are

used in different situations. Public-key encryption is slow and computationally intensive,

so most systems only use it for highly secure transactions, such as to send the symmetric

key used to encrypt a message. The SSL/TLS family of cryptographic protocols does this,

and together they are called hybrid cryptosystems.

Another important aspect of cryptography to understand is that of breakability. All

public-key schemes are susceptible to brute-force key search attacks. Theoretically,

however, "breakable" and "practically breakable" are different. An attack is

impractical if the amount of computation needed for a break to succeed, termed work

factor, is beyond the means of a would-be attacker. For example, if it would, in theory,

take 10 years to break an encryption scheme, then it is safe to use when encrypting your

credit card details, as your credit card will expire well before the attacker can decrypt

them.

9

CHAPTER2: PUBLIC KEY CRYPTOSYSTEM

In public key cryptography each user or the device taking part in the communication have

a pair of keys, a public key and a private key, and a set of operations associated with the

keys to do the cryptographic operations. Only the particular user/device knows the

private key whereas the public key is distributed to all users/devices taking part in the

communication. Since the knowledge of public key does not compromise the security of

the algorithms, it can be easily exchanged online.

A shared secret can be established between two communicating parties online by

exchanging only public keys and public constants if any. Any third party, who has access

only to the exchanged public information, will not be able to calculate the shared secret

unless it has access to the private key of any of the communicating parties.

This is key agreement and is defined in section “Key Agreement.”

Apart from Key Agreement the other important applications of public key cryptography

are Data Encryption and Digital Signature, which are explained in sections

Encryption and Digital Signature respectively.

One-Way function:

In public key cryptography, keys and messages are expressed numerically and the

operations are expressed mathematically. The private and public key of a device is related

by the mathematical function called the one-way function. One-way functions are

mathematical functions in which the forward operation can be done easily but the reverse

operation is so difficult that it is practically impossible. In public key cryptography the

public key is calculated using private key on the forward operation of the one-way

function. Obtaining of private key from the public key is a reverse operation. If the

reverse operation can be done easily, that is if the private key is obtained from the public

key and other public data, then the public key algorithm for the particular key is cracked.

The reverse operation gets difficult as the key size increases. The public key algorithms

operate on sufficiently large numbers to make the reverse operation practically

impossible and thus make the system secure.

For e.g. RSA algorithm operates on large numbers of thousands of bits long.

10

Fig:2.1. One-wayProperty

2.1. Components Public Key Cryptosystem:

Public-Key encryption scheme have 5 ingredients. They are

i. Plaintext: This is a readable message or data that fed into the algorithm as input.

ii. Encryption Algorithm: The encryption algorithm performs various

transformations on the plain text.

iii. Public and Private Keys: These are pair of keys which have been selected so that

one is used for encryption and other is used for decryption.

iv. Cipher Text: This is the scrambled message produced as output. It depends on the

plain text and the key.

v. Decryption Algorithm: This algorithm matches the cipher text and the matching

key produces the Original plaintext.

The Scheme of this system is as follows:

• Each user generates pair of keys, used for encryption and decryption of messages.

• Each user places one of the 2 keys, in a public register or other accessible file to

everyone �Public key and other key is kept secret �Private Key.

• If Bob wishes to send a message to Alice, Bob encrypts the message using Alice’s

public key.

• When Alice receives the message, she decrypts it using her private key. No other

recipient can decrypt the message because only Alice Knows Alice’s private Key.

Public-key algorithms rely on one key for encryption and a different

decryption. These algorithms have following

Important Characteristics:

1. (Completeness) Given any message m and key pair (K, k), the encryption function

and decryption function are inverses: E

2. (Semantic Security) For any pair of messages m and m', it is computationally hard

to distinguish encryptions of m from encryptions of m', even given the public key

of a principal.

2.2. Applications of Public

Fig: 2.3.Public Key

Fig: 2.2.Asymmetric Key Scheme

key algorithms rely on one key for encryption and a different but related key for

These algorithms have following important characteristics.

(Completeness) Given any message m and key pair (K, k), the encryption function

and decryption function are inverses: EK(Dk(m)) = Dk(EK(m)) = m.

(Semantic Security) For any pair of messages m and m', it is computationally hard


. Applications of Public-Key Cryptosystems:

2.3.Public Key Encryption Process

11

but related key for

(Completeness) Given any message m and key pair (K, k), the encryption function

(Semantic Security) For any pair of messages m and m', it is computationally hard


12

It is important that device A receives the correct public key from device B, i.e. no

middleman must tamper or change the public key to its public key. One of the popular

public key encryption algorithms is RSA.

2)Digital Signature:

Using Digital signature a message “Msg” can be signed by a device using its private key

to ensure Authenticity of the message. Any device that has got the access to the public

key of the signed device can verify the signature. Thus the device receiving the message

can ensure that the message is indeed signed by the intended device and is not modified

during the transit. If any the data or signature is modified, the signature verification fails.

Fig:2.4.Public Key Digital Signature

For Ex. If a device A need to ensure the authenticity of its message, the device A signs its

message using its private key PA. The device A will then send the message ‘Msg’ and

signature ‘Sgn’ to device B. The device B, on receiving the message, can verify the

message using A’s public key UA and thereby ensuring that the message is indeed sent by

A and is also not tampered during the transit. Since only the device A knows its private

PA key, it is impossible for any other device to forge the signature.

The examples of Digital Signature algorithms are RSA, DSA and ECDSA.

The Following Table will help you in choosing Keys for respective Operations

(Encryption, Digital Signature).

13

3)Key Agreement:

Key agreement is a method in which the device communicating in the network

establishes a shared secret between them without exchanging any secret data. In this

method the devices that need to establish shared secret between them exchange their

public keys. Both the devices on receiving the other device’s public key perform key

generation operation using its private key to obtain the shared secret.

As we see in the previous section the public keys are generated using private key and

other shared constants. Let P be the private key of a device and U(P, C) be the public key.

Since public key is generated using private key, the representation U(P, C) shows that the

public key contain the components of private key P and some constants C where C is

known by all the device taking part in the communication.

Consider two devices A and B. Let PA and UA(PA, C) are the private key and public key

of device A, and PB and UB(PB, C) be the private key and public key of device B

respectively. Both device exchanges their public keys.

Device A, having got the public key of B, uses its private key to calculate shared secret

KA=Generate_Key(PA, UB(PB, C)).

Device B, having got the public key of A, uses its private key to calculate the shared

secret KB=Generate_Key (PB, UA(PA, C)).

14

Fig: 2.5.Public key - Key Agreement

The key generation algorithm ‘Generate_Key’ will be such that the generated keys at the

device A and B will be the same, that is shared secret KA=KB=K(PA, PB, C). Since it is

practically impossible to obtain private key from the public key any middleman, having

access only to the public keys UA(PA, C) and UB(PB, C), will never be able to obtain the

shared secret K.

Examples of key agreement algorithms are DH, RSA and ECDH.

2.3.Public-Key Cryptanalysis:

As symmetric encryption, Public-key Cryptosystem also vulnerable to “Brute-Force

Attack”.

Counter Measure: “Usage of Large Keys”.

15

CHAPTER3: PUBLIC-KEY ALGORITHMS

This is our main session, in this we will discuss about a few public-key algorithms and

will also gives some explanation on how they works. The Different algorithms in Public-

Key Cryptosystem are,

3.1 RSA Algorithm:

The RSA cryptosystem is based on the assumption that factoring large integers is

computationally hard. This assumption is not known to be true, but is widely believed. It

is not even known if factoring is an NP-complete problem. RSA keys are often of length

a power of two, like 512, 1024, or 2048 bits.

The RSA algorithm operates as follows

Operations:

o encryption of plaintext

o decryption of ciphertext

RSA as described above suffers from several problems given our definitions. First, it is

deterministic, since a given message always encrypts to the same ciphertext. Further, it

does not satisfy Non-Malleability, since two encryptions, can, for example, be multiplied

to get a new encryption. In some contexts, this kind of malleability can be useful, but it

should be taken into account when designing systems that use RSA.

One simple way to solve malleability problems is to add some sort of Message Integrity

Check (MIC) using hash functions.

3.1.1 RSA signatures:

As noted in the discussion on trapdoor functions, signatures can sometimes be

constructed from encryption functions. RSA signatures function in a similar manner.

• Signing message m: s = md mod n.(Here m=message and d & e are decryption and

encryption keys)

• checking message-signature pair (m, s): return true if m = se mod n

RSA signatures suffer from similar problems to malleability, but now these problems

violate the fundamental CMA property of signature schemes. Since any two signatures

16

can be combined to get a signature on a new message, it is trivial for an attacker in the

CMA model to violate security.

The common solution to this problem is to hash the message first. Compute signature s =

h(m)d mod n. Then even though the above attacks can be applied, the adversary can't

figure out which message has been signed (to do so would require, given h(m)*h(m'),

finding an m'' such that h(m'') = h(m)*h(m') mod n, which is prevented by pre-image

resistance of the hash function).

3.2 Diffie-Hellman Key Exchange:

This algorithm uses arithmetic modulus as the basis of its calculation. Suppose Alice and

Bob follow this key exchange procedure with Eve acting as a man in middle interceptor

(or the bad guy).

Here are the calculation steps followed in this algorithm that make sure that eve never

gets to know the final keys through which actual encryption of data takes place.

3.2.1Diffie-Hellman Setup:

1. all users agree on global parameters:

• large prime integer or polynomial q

• a being a primitive root mod q

2. Each user (eg. A) generates their key

• chooses a secret key (number): xA< q

3. compute their public key: yA = axA

mod q

4. each user makes public that key yA

3.2.2.Diffie-Hellman Key Exchange:

� shared session key for users A & B is KAB:

KAB = axA.xB

mod q

17

= yAxB

mod q (which B can compute)

= yBxA

mod q (which A can compute)

� KAB is used as session key in private-key encryption scheme between Alice and

Bob

� if Alice and Bob subsequently communicate, they will have the same key as

before, unless they choose new public-keys

� attacker needs an x, must solve discrete log

Diffie-Hellman’s Scheme:

Fig.3.1.Diffie-Hell man Key Exchange Scheme

As explained above the Diffie-Hellman algorithm works perfectly to generate

cryptographic keys which are used to encrypt the data being communicated over a public

channel.

18

3.3 ElGamal:

ElGamal is an encryption scheme that, like RSA, depends on computational assumptions

to guarantee security. Unlike the RSA assumption, however, ElGamal depends on type

of assumption called the Discrete-Logarithm assumption.

Roughly, this assumption claims that it is hard in some groups to find x given gx mod n.

The name comes from the fact that

x log(g) mod n = log(gx) mod n

and division is easy to compute in a group, so x is easy to compute given log(gx) mod n.

ElGamal operates as follows.

ElGamal as described here also suffers from malleability attacks. Of course, these

"attacks" can be useful in some systems that require manipulation of encrypted values

without revealing these values. There exist signature functions, called Schnorr

signatures that give non-malleable ElGamal construction.

3.4 Elliptic Curve Cryptography (ECC)

Most public-key cryptosystems are built over arithmetic in finite fields (algebraic

structures that have addition and multiplication operations each with inverses). Elliptic

Curve Cryptography (ECC) builds a finite field out of the set of solutions to an elliptic

curve equation y2 = x

3 + ax + b along with an additive identity element (that corresponds

to the point at infinity).

We won't go into the details of constructing ECC versions of common cryptosystems, but

several such examples exist. It should be noted that the addition operation in the group is

not simply adding solutions in the underlying field.

ECC is valuable because it is believed to be harder to compute, e.g., discrete logs over the

finite fields of ECC than in the underlying integer finite fields. This means that key sizes

in ECC can be smaller than the corresponding key sizes in cryptosystems based on other

fields. ECC is not, however, known to be harder than any other system.

19

CHAPTER5 : DETAILED RSA AND IMPLEMENTATION

5.1.History:

The RSA cryptosystem is a public-key cryptosystem that offers both encryption

and Digital Signatures (authentication).The RSA algorithm is the most commonly

used encryption and authentication algorithm.

Ronald Rivest, Adi Shamir, and Leonard Adleman developed the RSA system in

1977; RSA stands for the first letter in each of its inventors' last names.

5.2.How the RSA System Works:

The mathematical details of the algorithm used in obtaining the public and private keys

are explained in following concepts. Briefly, the algorithm involves

Take two large primes, p and q, and compute their product n = pq; n is called the

modulus. Choose a number, e, less than n and relatively prime to (p-1)(q-1), which

means e and (p-1)(q-1) have no common factors except 1.

Find another number d such that (ed - 1) is divisible by (p-1)(q-1). The

values e and d are called the public and private exponents, respectively.

The public key is the pair (n, e); the private key is (n, d). The factors p and q may be

destroyed or kept with the private key.

It is currently difficult to obtain the private key d from the public key (n, e). However if

one could factor n into p and q, then one could obtain the private keyd. Thus the security

of the RSA system is based on the assumption that factoring is difficult. The discovery of

an easy method of factoring would "break" RSA.

Here is how the RSA system can be used for encryption and digital signatures (in

practice, the actual use is slightly different.

Encryption:

Suppose Alice wants to send a message m to Bob. Alice creates the ciphertextc by

exponentiating: c = me mod n, where e and n are Bob's public key. She sends c to Bob.

To decrypt, Bob also exponentiates: m = cd mod n; the relationship

between e and d ensures that Bob correctly recovers m. Since only Bob knows d, only

Bob can decrypt this message.

20

Digital Signature

Suppose Alice wants to send a message m to Bob in such a way that Bob is assured the

message is both authentic, has not been tampered with, and from Alice. Alice creates a

digital signature s by exponentiating: s = md mod n, where d and n are Alice's private key.

She sends m and s to Bob. To verify the signature, Bob exponentiates and checks that the

message m is recovered: m= se mod n, where e and n are Alice's public key.

Thus encryption and authentication take place without any sharing of private keys: each

person uses only another's public key or their own private key. Anyone can send an

encrypted message or verify a signed message, but only someone in possession of the

correct private key can decrypt or sign a message.

RSA works because c = me, so c

d = m

d e mod n = m mod n (need to apply Fermat's Little

Theorem and the Chinese Remainder Theorem)

5.3.Steps in RSA Algorithm:

The RSA algorithm involves three steps: key generation, encryption and decryption.

5.3.1KEY GENERATION:

RSA involves a public key and a private key. The public key can be known by everyone

and is used for encrypting messages. Messages encrypted with the public key can only be

decrypted in a reasonable amount of time using the private key. The keys for the RSA

algorithm are generated the following way:

1. Choose two distinct prime numbers p and q.

• For security purposes, the integers p and q should be chosen at random, and

should be of similar bit-length. Prime integers can be efficiently found using

a primality test.

2. Compute n = pq.

• n is used as the modulus for both the public and private keys. Its length,

usually expressed in bits, is the key length.

3. Compute φ(n) = φ(p)φ(q) = (p − 1)(q − 1), where φ is Euler's totient function.

4. Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1; i.e. e and φ(n)

are co-prime.

• e is released as the public key exponent.

5. Determine d as d−1

≡ e (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo

φ(n)).

21

• This is more clearly stated as solve for d given d⋅e ≡ 1 (mod φ(n))

• This is often computed using the extended Euclidean algorithm.

• d is kept as the private key exponent.

In this Key Generation concept we follow the above steps,

In Step1, we will choose 2 distinct prime numbers, and we will perform “PRIMALITY

TESTING”, to check whether they are Prime numbers or not.

4.1. PRIMALITY TESTING:

A primality test is a test to determine whether or not a given number is prime, as opposed

to actuallydecomposing the number into its constituent prime factors (which is known

as prime factorization).

Primality tests come in two varieties: deterministic and probabilistic.

Deterministic tests determine with absolute certainty whether a number is prime.

Examples of deterministic tests include the AKS Primality Test and Elliptic Primality

Test. Probabilistic tests can potentially (although with very small probability) falsely

identify a composite number as prime (although not vice versa). However, they are in

general much faster than deterministic tests. Numbers that have passed a probabilistic

prime test are therefore properly referred to as probable primes until their primality can

be demonstrated deterministically.

A number that passes a probabilistic test but is in fact composite is known as a pseudo-

prime. There are many specific types of pseudo-primes, the most common being

the Fermat pseudo-primes, which are composites that nonetheless satisfy Fermat's little

theorem.

The Rabin-Miller strong pseudo-prime test is a particularly efficient test.

The following are different Primality Testing procedures.

22

Deterministic Primality Testing:

4.1.1.AKS PRIMALITY TEST:

The AKS primality test (also known as Agrawal–Kayal–Saxena primality

test and cyclotomic AKS test) is a deterministic primality-proving algorithm created and

published by Manindra Agrawal, Neeraj Kayal, and Nitin Saxena, computer scientists at

the Indian, on August 6, 2002, in a paper titled "PRIMES is in P".

The algorithm determines whether a number is prime or composite within polynomial

time.

AKS is the first primality-proving algorithm to be simultaneously general, Polynomial,

Deterministic, and unconditional. Previous algorithms had been developed for centuries

but achieved three of these properties at most, but not all four.

The algorithm is guaranteed to distinguish deterministically whether the target number

is prime or composite. Randomized tests, such as Miller–Rabin , can test any given

number for primality in polynomial time, but are known to produce only a probabilistic

result.

Note: This Algorithm is under development, not implemented widely.

Probabilistic Primality Testing:

4.1.2.FERMAT’s LITTLE THEOREM:

If is a prime number and a natural number such that 1≤a<p then

(1)

Furthermore, if ( does not divide ), then there exists some smallest exponent

such that

(2)

and divides . Hence,

(3)

23

The theorem is sometimes also simply known as "Fermat's theorem"

Algorithm:

Inputs: n: a value to test for primality; k: a parameter that determines the

number of times to test for primality

Output: composite if n is composite, otherwise probably prime

Repeat k times:

pick a randomly in the range [1, n − 1]

if , then return composite

return probably prime

EX1: if P = 341, will P be PRIME?

�From previous equalities, we would be able to obtain that:

2^ (341-1) mod 341 = 1, if A = 2

EX2: if p=341,if a=3 then,

�3^ (341-1) mod 341 = 56!!!!!!!!!

That means Fermat’s Theorem is not true in this case!

7.1.FERMAT’s Implementation:

C code:

#include<stdio.h>

#include<math.h>

main() {

printf("*********** SANKAR KUNA *********************\n\n");

printf("*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM *******\n\n");

printf("*************** GUIDE: Prof.Jaydip Sen ******************************\n\n");

24

double p, n,a,b;

printf("Enter any Num:\n");

scanf("%lf", &p);

printf ("Choose any num btw 1 to %lf\n",p-1);

scanf("%lf",&n);

a=pow (n,p-1);

printf("a is %lf\n",a);

b=fmod (a,p);

if(b==1){

printf("\n%lf is Prime\n",p);

}

else{

printf("\n%lf is Composite\n",p);

}

getch ();

}

Test Cases:

Case1:

******************** SANKAR KUNA *********************

*************** Project: Report on PUBLIC KEY CRYPTOSYSTEM ******************

****************** GUIDE: Prof. Jaydip Sen **************************

25

Enter any Num: 341

Choose any num btw 1 to 340.000000: 2

a is

223974474217780420000000000000000000000000000000000000000000000000000000

000

0000000000000000000000000000.000000

Result:341.000000 is Prime

Case2:

******************** SANKAR KUNA *********************



Enter any Num: 341

Choose any num btw 1 to 340.000000: 3

a is

16642808065898149000000000000000000000000000000000000000000000000000000

00000000.000000

Result: 341.000000 is Composite

Efficiency:

So, what is the efficiency?

�Time complexity is O (log n).

26

4.1.2. Carmichael number:

In number theory, a Carmichael number is a composite positive integer which

satisfies the congruence

For all integers which are relatively prime to (see modular arithmetic). They are named

for Robert Carmichael.

Fermat's little theorem states that all prime numbers have the above property. In this

sense, Carmichael numbers are similar to prime numbers; in fact, they are called Fermat

pseudo-primes. Carmichael numbers are sometimes also called absolute Fermat

pseudoprimes.

Conclusion on Fermat’s Theorem:

This is testing which passes Carmichael numbers as Prime although they are composite.

So; this is not the Best Algorithm.

4.1.3.MILLER-RABIN’s ALGORITHM:

It is a primality test that provides an efficient probabilistic algorithm for determining if a

given number is prime. It is based on the properties of strong pseudo primes.

The algorithm proceeds as follows.

Given an odd integer , let with odd. Then choose a random integer

with .

If or for some , then passes the test.

A prime will pass this test for all .

Algorithm:

Input: n> 3, an odd integer to be tested for primality;

Input: k, a parameter that determines the accuracy of the test

Output: composite if n is composite, otherwise probably prime

Write n − 1 as 2s·d with d odd by factoring powers of 2 from n − 1

27

Witness Loop: repeat k times:

pick a random integer a in the range [2, n − 2]

x ← ad mod n

if x = 1 or x = n − 1 then do next WitnessLoop

repeat s − 1 times:

x ← x2 mod n

if x = 1 then return composite

if x = n − 1 then do next WitnessLoop

return composite

return probably prime

7.2.Miller Robin Implementation Details:

/* Miller-Rabin primality test, iteration signifies the accuracy of the test */

bool Miller (long long p,int iteration){

if(p<2){

return false;

}

if(p!=2 && p%2==0){

return false;

}

long long s=p-1;

while(s%2==0){

s/=2;

}

for(int i=0;i<iteration;i++){

long long a=rand()%(p-1)+1,temp=s;

long long mod=modulo(a,temp,p);

while(temp!=p-1 && mod!=1 && mod!=p-1){

mod=mulmod(mod,mod,p);

temp *= 2;

}

if(mod!=p-1 && temp%2==0){

return false;

}

}

return true;

}

28

Efficiency:

• It can be shown that for any composite number p, at least (3/4) of the numbers less

than p will witness p to be composite when chosen as 'a' in the above test. Which

means that if we do 1 iteration, probability that a composite number is returned as

prime is (1/4)

�So, Hence till now we have studied about different Primality Tests to test the taken

Numbers ‘p’ and ‘q’ whether prime numbers are or not?, If we have confirmed them as

Prime numbers, then we will go for the next step i.e. Prime multiplication n=p*q.

After that step, we will go for the Euler Totient Function calculation, i.e .

φ(n) = φ(p)φ(q) = (p − 1)(q − 1),

So, after this we need to select Encryption Key ‘e’ value such that GCD(e, φ(n))=1,by

using “Euclidian Algorithm”, the explanation of it as follows.

4.2.EUCLIDIAN ALGORITHM:

This algorithm is used to find the GCD of any two numbers. It indicated as follows.

gcd(a,b)- the greatest common divisor of integers a and b

Algorithm:

function gcd(a, b)

while b ≠ 0

temp := b

b := a mod temp

a := temp

return a

Time Complexity:

β = max{log a, log b} - number of bits to encode a and b

T’(a,b) = Θ(β) - number of arithmetic operations

29

T(a,b) = Θ(β3) - total complexity

7.3.Euclid’s Implementation:

C code:

#include<stdio.h>

#include<math.h>

main(){




double a,b;

printf("Enter Your 1st Number:\n");

scanf("%lf",&a);

printf("Enter Your 2nd Number:\n");

scanf("%lf",&b);

printf("GCD is %d",gcd(a,b));

}

int gcd(double a,double b){

double r;

while(b!=0){

r=fmod(a,b);

a=b;

b=r;

30

}

if(b==0){

return a;

}

}

Test Cases:

Case1:

******************** SANKAR KUNA *********************



Enter Your 1st Number:1024

Enter Your 2nd Number:1024

Result: GCD is 1024

Case2:

******************** SANKAR KUNA *********************


****************** GUIDE: Prof.Jaydip Sen **************************

Enter Your 1st Number:2048

Enter Your 2nd Number:1024

Result: GCD is 1024

31

Hence, we have Implemented the solution for Finding GCD of two given numbers, So,

we can easily find Encryption Key “e” such that “GCD(e, φ(n))=1”.

Our next step is to

Determine d as d−1

≡ e (mod φ(n)), i.e., d is the multiplicative inverse of e (modulo φ(n)).

So, Here to find multiplicative inverse, we will follow “Extended Euclidian Algorithm”

The explanation of it is as follows,

4.3.EXTENDED EUCLIDIAN ALGORITHM:

The Extended Euclidean algorithm is an extension to the algorithm. Besides finding

the greatest common divisor (GCD)of integers a and b, as the Euclidean algorithm does,

it also finds integers x and y (one of which is typically negative) that satisfy Bézout's

identity

ax + by = d = gcd(a, b)

� Useful for later crypto computations

� Follow sequence of divisions for GCD but assume at each step i, can find x &y:

r = ax + by

� At end find GCD value and also x & y

� If GCD(a,b)=1 these values are inverses

Algorithm:

function extended_gcd(a, b)

x := 0 lastx := 1

y := 1 lasty := 0

while b ≠ 0

quotient := a div b

(a, b) := (b, a mod b)

(x, lastx) := (lastx - quotient*x, x)

(y, lasty) := (lasty - quotient*y, y)

return (lastx, lasty)

32

Example:

Consider example of two numbers a = 29, m = 168

29x + 168y = 1

168 = 0*29 + 1*168

29 = 1*29 + 0*168

First Step: 168 = 5*29 + 23

23 = (-5)*29 + 1*168 = (-5)*[1*29 + 0*168] + 1*[0*29 + 1*168]

Second Step: 29 = 1*23 + 6

6 = 1*29 + (-1) *23 = 1*[0*168 + 1*29] + (-1)*[(-5)*29 + 1*168] = 6*29 + (-1)*168

Third Step: 23 = 3*6 + 5

5 = 1*23 + (-3)*6 = 1*[ (-5)*29 + 1*168] + (-3)*[6*29 + (-1)*168] = (-23)*29 + 4*168

Fourth Step: 6 = 1*5 + 1

1 = (-1)*5 + 1*6 = (-1)*[(-23)*29 + 4*168] + 1*[6*29 + (-1)*168] = 29*29 + (-5)*168

Hence final solution comes as:

29*29 + (-5)*168 = 1

x = 29 and y = (-5)

Here x=29 is the Modular inverse of 29 mod 168 and

y=-5 is the Modular inverse of 168 mod 29.

7.4.Extended_Euclidian Algorithm Implementation:

C code:

#include<stdio.h>

int extended(double k,int b)

33

{

double a3=k;

int a1=1,a2=0,b1=0,b2=1,b3=b,q,t1,t2,t3;

abc: if(b3==0)

{

return a3;

}

if(b3==1)

{

return b2;

}

q=a3/b3;

t1=a1-(q*b1);

t2=a2-(q*b2);

t3=a3-(q*b3);

a1=b1;

a2=b2;

a3=b3;

b1=t1;

b2=t2;

b3=t3;

goto abc;

34

}

main(){




int b,r;

double a;

printf("Enter a b values\n");

scanf("%lf %d",&a,&b);

printf("\nA value is %lf\nB value is %d\n",a,b);

r=extended(b,a);

printf("\nInverse is:%d\n",r);

}

Test Cases:

Case1:

******************** SANKAR KUNA *********************



Enter A and B values: 29

168

Result: Inverse is : 29

35

Case2:

******************** SANKAR KUNA *********************



Enter A and B values: 168

29

Result: Inverse is : -5

Hence, we have calculated the decryption key ‘d’ such that d−1

≡ e (mod φ(n)),

So, Till now we have done the “Key Generation Phase” by applying some “Mathematical

Logics and Algorithms”

So, in RSA 2nd

step is,

5.3.2.ENCRYPTION OF MESSAGE:

When Bob intends to send an encrypted message to Alice, these are the steps to be

taken:

1. Obtain Alice's public-key (n,e), which should be listed in a public directory.

2. Represent the plaintext message as a positive integer x, whereby x < n.

3. Compute the ciphertext using the encryption function: C = EK(M) =Me mod n

4. Transmit the ciphertext to Alice.

5.3.3.DECRYPTION OF CIPHER TEXT:

Upon receiving the encrypted message, there are several steps to be taken by Alice:

1. Compute the integer representation of the plaintext using the decryption

function: x = DK(C) =Cd mod n and her own private key (p,q,d).

2. Decode the corresponding plaintext from its integer representation, x.

36

So, in above Encryption and Decryption steps, we are facing two Modular exponential

Equations to be solved.

For small values we can simply calculate But for Larger Values we can’t Store and

Forward Me or C

d values.

So, To simply solving them we will follow “Modular Exponentiation Algorithm”.

The Explanation as Follows,

4.4.Modular Exponentiation Solving Algorithm:

Modular exponentiation is a type of exponentiation performed over a modulus.

A "Modular exponentiation" calculates the remainder when a positive integer b (the base)

raised to the m-th power (the exponent), be, is divided by a positive integer n, called the

modulus. In symbols, this is, given base b, exponent e, and modulus n, the modular

exponentiation C is:

be mod n

Complexity of modular operations:

Multiplication:

For given a and b find x such that a*b mod n = x

Multiplication + Division, i.e. time complexity ΘΘΘΘ(ββββ2)

Division:

For given a and b find x such that bx mod n = a

Not always such x exists - we should have gcd(b,n) | a

Extended Euclid's algorithm:

Finds x and y such that gcd(s,t) = su + tv

Take b = s and t = n and set x = ua/gcd(b,n)

Time complexity ΘΘΘΘ(ββββ3)

37

Exponentiation:

For given b and e and n, find x such that : be mod n = x

Time complexity T(β) = ΘΘΘΘ(ββββ3)

Algorithm:

function modular_pow(base, exponent, modulus)

result := 1

while exponent > 0

if (exponent mod 2 == 1):

result := (result * base) mod modulus

exponent := exponent >> 1

base = (base * base) mod modulus

return result

7.5.Modular Exponential Equations Solving Implementation:

C code:

#include<stdio.h>

#include<math.h>

int expo();

main(){




double base;

38

int exp;

double n,result;

printf("Enter Base,Exp,N values");

scanf("%lf %d %lf",&base,&exp,&n);

result=expo(base,exp,n);

printf("\n\nResult is :%lf\n",result);

getch();

}

int expo(double base,int exp,double n){

int a=1,b,mod[10],i,j,m=1;

if(exp%2==0){

printf("\n\t\tExponent is EVEN\n");

for(i=0;exp!=0;exp=exp-2,i++){

a=a*pow(base,2);

b=fmod(a,n);

mod[i]=b;

a=b;

}

}

if(exp%2==1){

printf("\n\t\tExponent is ODD\n\n");


39

a=a*pow(base,2);

b=fmod(a,n);

mod[i]=b;

a=b;

}

if(exp==1){

a=a*base;

a=fmod(a,n);

}

}

return a;

}

Test Cases:

Case1:

******************** SANKAR KUNA *********************



Input:14623

mod 187

40

Enter Base, Exponent, Modulo values: 146

23

187

Result: Exponent is ODD

Value is 5.00

Case2:

******************** SANKAR KUNA *********************



Input:20010

mod 100

Enter Base, Exponent, Modulo values: 200

10

100

Result: Exponent is EVEN

Value is 0.00

So, now using this program we can simply calculate the modular exponential equations

values easily.

Hence, we can simply calculate modular values of

C=Me mod n

M=Cd mod n.

41

5.3.1.DIGITAL SIGNATURE:

When sending a message to Alice, Bob uses a digital signature to assure Alice that the

message has indeed been sent by him. The following procedures are taken to generate the

signature:

1. Create a message digest of the message to be transmitted. A message digest is a

short "fingerprint" of the data that can be constructed via a hash function: h(x) = y

2. Represent the message digest as an integer, y, with a value between 0 and n-1.

3. Compute the signature using his private key: z = sigK(y) = yd mod n.

4. Send the signature, z, along with the message, x, to Alice.

5.3.2.SIGNTURE VERIFICATION:

Upon receiving the signed message, these are the steps taken by Alice

to authenticate the message:

1. Use Bob's public key to compute the integer representation of the message digest

using the function: y = ze mod n.

2. Extract the message digest from this value.

3. Compute the message digest from the received message independently.

4. Verify if both the extracted and computed message digests are identical. If so, the

signature is valid.

RSA Algorithm:

Fig:5.1.RSA Algorithm Figure

42

7.6.RSA IMPLEMENTATION:

C code:

#include<stdio.h>

#include<conio.h>

#include<math.h>

int gcd(int a,int b){

int r;

while(b!=0){

r=a%b;

a=b;

b=r;

}

if(b==0){

return a;

}

}

int extended();

int expo(double base,int exp,double n){

int a=1,b,mod[10],i,j,m=1;

if(exp%2==0){

printf("\n\n\t\tExponent is EVEN\n");


43

a=a*pow(base,2);

b=fmod(a,n);

mod[i]=b;

a=b;

}

}

if(exp%2==1){

printf("\n\n\t\tExponent is ODD\n\n");


a=a*pow(base,2);

b=fmod(a,n);

mod[i]=b;

a=b;

}

if(exp==1){

a=a*base;

a=fmod(a,n);

}

}

44

return a;

}

void main()

{




double p,q,n,k,z,d1,c1,y,i;

double c2;

double m,l,x,d2,c;

int e,d,ms;

printf("The P,Q Primary values:");

scanf("%lf%lf",&p,&q);

n=p*q;

printf("N value is %lf",n);

k=(p-1)*(q-1);

printf("\n K(n) value is:%lf",k);

for(i=2;i<k;i++){

if(extended(k,1) == i)

printf("%d\t",i);

}

printf("\n\n");

printf("\n Enter the Integer which is relative to the prime to the K(n)");

45

scanf("%d",&e);

d=extended(k,e);

printf("\n\n\n\t\t\tEncryption Process\n\n\n");

printf("\n Enter the plain text number ");

scanf("%lf",&m);

c=expo(m,e,n);

printf("\n\n\n\t\t\tDecryption Process\n\n\n");

printf("Cipher Txt is %lf",c);

ms=expo(c,d,n);

printf("Plain Text Entered is: %d\n",ms);

getch();

}

int extended(double k,int b){

double a3=k;

int a1=1,a2=0,b1=0,b2=1,b3=b,q,t1,t2,t3;

abc: if(b3==0){

return a3;

}

if(b3==1){

return b2;

}

q=a3/b3;

46

t1=a1-(q*b1);

t2=a2-(q*b2);

t3=a3-(q*b3);

a1=b1;

a2=b2;

a3=b3;

b1=t1;

b2=t2;

b3=t3;

goto abc;

}

Test Cases:

Case1:

******************** SANKAR KUNA *********************



Enter P,Q values :11

17

N value is:187.00000

K(N) values is :160.000000

47

Enter The Number which is relative to the K(N):7

Public Key is : {7,187.0000}

Private Key is : {23,187.0000}

:Encryption Process:

Enter The Plain text Number:5

Cipher Text is: 146

:Decryption Process:

Plain Text entered is :5

Case2:

******************** SANKAR KUNA *********************



Enter P,Q values : 17

31

N value is: 527.00000

K(N) values is : 480.000000

Enter The Number which is relative to the K(N): 11

Public Key is : {11,527.0000}

Private Key is : {611,527.0000}

48

:Encryption Process:

Enter The Plain text Number: 45

Cipher Text is:505

:Decryption Process:

Plain Text entered is : 45

So, Finally we have done the implementation of “RSA Cryptosystem”.

5.4.ATTACKS ON RSA:

The main security of “RSA Cryptosystem depends on the Factorization of Primes.”

• There were so many methods for “FACTORING”, But no method can solve it in

Limited time, if have chosen as Very Large Primes.

• Elementary attack, Small Private Key attack, Using Chinese Remainder Theorem,

Hastards Broad Cost Attack are the different “Attacks on RSA Cryptosystem”

49

CHAPTER6 : DETAILED ELGAMAL CRYPTOSYSTEM

6.1.History:

In cryptography, the ElGamal encryption system is an asymmetric key encryption

algorithm for public-key cryptography which is based on the Diffie–Hellman key

exchange. It was described by Taher ElGamal in 1984. ElGamal encryption is used in

the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems.

The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which

should not be confused with ElGamal encryption.

ElGamal encryption can be defined over any cyclic group G. Its security depends upon

the difficulty of a certain problem in G related to computing discrete logarithms.

ElGamal encryption consists of three components:

• The key generator

• The encryption algorithm

• The decryption algorithm.

Before Going to these steps we need to know some Mathematical concepts.

4.5.CYCLIC GROUPS:

Group:

A group is a collection of G, together with an operator "·", it combines any two

elements a and b to form another element, denoted as a b. The symbol "·" is given

specific operations, such as the addition of the placeholder. To have become eligible for

group, called group axioms this collection and computing (G, ·) must meet four

requirements:

1.Closed. For all a, b, computing a · b The results of the G is G.

2.Associativity. For all G in A, B and c, equation (a · b) · c = a · (b · c) was established.

3.Units. Exists an element e of G such that for all G elements a, the

equation e · a = a · e = a established.

4.Anti-

elements.

For each G of A, G an element b such that a · b = b · a = e, where e is

the unit.

For example, the set of integers and addition operations, has the following properties

1. For any two integers a and b, and a + b is an

the sum of two integers can be drawn integer result.

”Closed” under addition .

2. For any integers a, b, and

the a b, then add c to connect them and the

add b and c, are equal. This property is called

3. If a is any integer, then 0 +

unit, because it added to any integer.

4. For any integer A, there is another integer

is called the inverse of the integers a, denoted by

A group is called a finite group

number of elements is called the

Refer the Following image to get different categories in

Fig 4.5.:Group, Ring and Fields Representation

For any two integers a and b, and a + b is an integer. In other words, at any time,

the sum of two integers can be drawn integer result. This property is

under addition .

and c (a + b) + c = a + (b + c). Words to express, first add

to connect them and the results obtained with

This property is called Associativity.

is any integer, then 0 + a = a + 0 = a. Are the same integer zero

unit, because it added to any integer.-->Unity or ADDITIVE IDENTIRY

there is another integer b such that a + b = b +

of the integers a, denoted by - a.-->Multiplicative inverse

finite group, if it has a finite number of elements.

number of elements is called the order of the group G

Refer the Following image to get different categories in Groups,

Fig 4.5.:Group, Ring and Fields Representation

50

In other words, at any time,

This property is called

Words to express, first add

obtained with a and

Are the same integer zero-called adder

or ADDITIVE IDENTIRY

a = 0. Integer b

Multiplicative inverse

, if it has a finite number of elements. Order of the

51

Cyclic group:

Cyclic group whose elements are all specific elements of a group of power (to use the

term multiple group operation is written as addition). Multiplication sign, the second

group of elements:

..., A - 3, a - 2, a - 1, a 0 = e, a, a 2, a 3, ...,

This element is called a generator of this group or primitive element.

4.6.PRIMITIVE ROOTS:

In modular arithmetic, a branch of number theory, a number g is a primitive root

modulo n if every number co-prime to n is congruent to a power of g modulo n.

In other words, g is a generator of the multiplicative group of integers modulo n. That

is, for every integer a co-prime to n, there is an integer k such that gk ≡ a (mod n).

Such k is called the index or discrete logarithm of a to the base g modulo n.

Example: 3 is a primitive root of 5:

N 3n 3

n mod 5

1 3 3

2 9 4

3 27 2

4 81 1

Example2: 4 is not a primitive root of 5:

X 4x 4

x mod 5

1 4 4

2 16 1

3 64 4

4 256 1

The order of m modulo n = Phi (n), M is nth primitive element

52

Reason: The set of integers in the third column is not the same as the set of integers in

the first column. So 4 is not a prime root of 5.

4.7.Discrete Logarithm:

Discrete logarithms are logarithms defined with regard to multiplicative cyclic groups.

If G is a multiplicative cyclic group and g is a generator of G, then from the definition of

cyclic groups, we know every element h in G can be written as gx for some x

Let (G;”.”) be an abelian group.

Discrete Logarithm Problem:

Given g; h 2 G, find an x (if it exists) such that

The difficulty of this problem depends on the group G:

• Very easy: polynomial time algorithm, e.g. (ZN; +)

• Hard: sub-exponential time algorithm, e.g. (Fp;_).

• Very hard: exponential time algorithm, e.g. elliptic curve groups.

Example: If the group is Z5*, and the generator is 2, then the discrete logarithm of 1 is 4

because 24 ≡ 1 mod 5.

Example2: Z13* = <2> 21=2, 2

2=4, 2

3=8, 2

4=3, 2

5=6, 2

6=12, 2

7=11, 2

8=9, 2

9=5, 2

10=10,

211

=7, 212

=1

Log2(5) = 9.

So, we learnt all the basics for “ElGamal Cryptosystem”

6.2.Steps in ElGamal Encryption Algorithm:

ElGamal Key generation:

The key generator works as follows:

gx = h:

• Alice generates an efficient description of a multiplicative cyclic group

order with generator

of this group.

• Alice chooses a random

• Alice computes

• Alice publishes , along with the description of

retains as her private key

Encryption:

The encryption algorithm works as follows: to encrypt a message

public key(G,q,g,h).

Next Bob to send Message “M” it

and send s (C1,C2) it to Alice.

Decryption:

To decrypt it, Alice calculates

Here To find S-1

we will use Extended Euclidian Algorithm.(Ref:4.3)

ElGamal Message Exchange:

� Bob encrypt a message to send to A comput

• represent message M in range 0 <= M <= q

� longer messages must be sent as blocks

• chose random integer k with 1 <= k <= q

• compute one-time key K = y

• encrypt M as a pair of integers (C

Alice generates an efficient description of a multiplicative cyclic group

generator . See below for a discussion on the required properties

Alice chooses a random from .

.

, along with the description of , as her public key

private key which must be kept secret.

The encryption algorithm works as follows: to encrypt a message M to Alice under her

to send Message “M” it assumes one number r, andcalculates

C1=gr mod q

C2=(hr mod q)*M

To decrypt it, Alice calculates

S=C1x mod q

M=C2*S-1

Extended Euclidian Algorithm.(Ref:4.3)

ElGamal Message Exchange:

Bob encrypt a message to send to A computing

represent message M in range 0 <= M <= q-1

longer messages must be sent as blocks

chose random integer k with 1 <= k <= q-1

time key K = yAk mod q

encrypt M as a pair of integers (C1,C2) where

53

Alice generates an efficient description of a multiplicative cyclic group of

ion on the required properties

public key. Alice

to Alice under her

54

� C1 = ak mod q ; C2 = KM mod q

� A then recovers message by

• recovering key K as K = C1xA

mod q

• computing M as M = C2 K-1

mod q

� a unique k must be used each time

• otherwise result is insecure

ElGamal Example:

Key Generation:

Say the receiver chooses prime , and (one can check that 33 is a generator

of ), and secret exponent .

Then . (I won’t explicitly write the “ ” anymore.)

The receiver would publish the public key .

Encryption:

Say a sender wants to send the message . It chooses random exponent , say,

computes the ciphertext

, and sends this to the receiver.

Decryption:

To decrypt the ciphertext , the receiver needs to compute

.

Recall that dividing by 62 modulo 71 really means to multiply by . We did

not discuss how to compute multiplicative inverses in class, but one can verify

that because . Thus, the receiver will compute

. (Here to find Inverse again we will use Extended

Euclid Algorithm (Ref:4.3))

Of course, this was exactly the message ‘M=15’ sent by the sender!

55

6.3.ElGamal Signature Scheme:

• In1985, ElGamal proposed a digital signature scheme based

on discrete logarithms. Until now, this scheme is still secure under its

cryptographic assumption (discrete logarithm problem)

� Sign Function: Signature (r, s) for message M.

1. Select a random integer k between 1 and P-1 such that gcd(k, P-1) = 1.

2. Compute r=gk mod P.

3. Compute s=k-1

(M-xr) mod (P-1).

� Verification Function:

Verify by checking whether

gM

mod P = (rs) ×(y

r) mod P

(rs) ×(y

r)=g

(M-xr) × g

xr = g

(M-xr)+xr=g

M mod P.

Example:

1. P=23, g=5.

2. x=3, then y=10 (for 53 mod 23 =10).

3. Sign for the message M=8.

4. Select k=5 between 1 and 22 (P-1).

5. Compute r = gk mod P = 5

5 mod 23 = 20.

6. Compute s = k-1

(M-xr) mod (P-1) = 5-1

(8-3×20) mod 22 = 9×14 mod 22 = 16.

7. Verification:

gM

= 58 mod 23 =16

(rs)(y

r) mod P = 20

16 × 10

20 mod 23= 13×3 mod 23 = 16.

56

6.4. Applications of ElGamal System:

1. Popular for ElGamal Signature Scheme

2. Also used for ElGamal encryption

3. Digital Signature Standard (DSS) – a variant of ElGamal – standardized by NIST

4. Open Source Free Libraries – Crypto++, CryptoLib, Python, Java Cryptix.

6.5. RSA Vs EL-GAMAL Performances:

• Tests for key generation, encryption and decryption for RSA.

• The encryption tests were performed on large key blobs for a symmetric cipher

since that is generally what one encrypts with public key cryptography.

• Observation: The time required for key generation is very costly compared to the

cubic time required for encryption and decryption.

• Observation: There is a constant factor difference in performance between

encryption and decryption, resulting in a difference of orders of magnitude

between the two operations.

• So where encryption may take tens of milliseconds, decryption can take seconds,

and key generation may even take minutes.

57

Future Work:

Till now I have done research on the public key cryptographic algorithms and its

applications.

Due to time constraint as well as a considerable amount of time spent setting up and

understanding the system, the suggested improvements could not be completed during

this semester. As a result, one of the suggested future works for this project is to

implement an optimized version of algorithm for public key cryptosystems.

Another area of future work is to integrate the cryptosystem protocols described in above

with “Wireless Sensor Networks” and to evaluate the change in security performance

with the addition of the protocols.

58

CONCLUSIONS:

In this Project I have analyzed and done research and Implemented the following topics.

These all are implemented in C programming.

� Analysis and Description of Public Key cryptosystem.

� Analysis of RSA and ElGamal Cryptosystems with suitable Examples.

� Analysis of Mathematical Concepts of RSA and ElGamal Cryptosystem.

� Implementation of Fermat’s Theorem.

� Implementation of Euclid and Extended Euclid Algorithms.

� Implementation of Modular Exponential Solving Algorithm

� Implementation of RSA Key generation, Encryption and Decryption algorithms.

� Differences between RSA and ElGamal Cryptosystems.

59

References:

1. William Stallings, Cryptography and Network Security, Prentice Hall of India

PHI, 6th

Edition.

2. Public Key Cryptography - Applications Algorithms and Mathematical

Explanations. URL: http://www.dkrypt.com/home/pkcs

3. Differences between Symmetric Key and Asymmetric Key Algorithms.

URL: http://voices.yahoo.com/comparing-symmetric-asymmetric-key-encryption-

6329400.html

4. CMSC414: Computer/Networks Security-reading Materials of University of

Maryland, College Park, USA.

5. Primality Test for Applications.

URL: http://www-math.mit.edu/phase2/UJM/vol1/DORSEY-F.PDF

6. Douglas Stinson, Cryptography: Theory and Practice, 3rd

Edition.

7. Different Primality Testings and Time Complexities.

URL:http://www.topcoder.com/tc?module=Static&d1=education&d2=overview

8. Public Key Cryptography and its Related Topics.

URL: http://www.wikipedia.com

9. The Basis of ElGamal Encryption Algorithm.

URL: http://www.cprogramdev.com/75562/

10. Cryptography and its Applications Tutorial Lectures.

URL: https://www.khanacademy.org/math/applied-math/cryptography/

11. Jaydip Sen (Editor), Applied Cryptography and Network Security, 1st Edition,

INTECH Publishers, Croatia, April 2012.

12. Jaydip Sen (Editor), Cryptography and Security in Computing, 1st Edition,

INTECH Publishers, Croatia, April 2012.

13. Jaydip Sen (Editor), Theory and Practice of Cryptography and Network Security

Protocols and Technologies, 1st Edition, INTECH Publishers, Croatia, July 2013.

14. Jaydip Sen, “Reputation- and Trust-Based Systems for Wireless Self-Organizing

Networks”, book chapter in Security of Self-Organizing Networks: MANET, WSN,

WMN, VANET, A.S.K. Pathan (Ed), pp. 91-122, Auerbach Publication, CRC

Press, USA, 2010.

15. Jaydip Sen and Indranil Sengupta, “Autonomous Agent Based Distributed Fault-

Tolerant Intrusion Detection System”, in Proceedings of the 2nd

International

Conference on Distributed Computing and Internet Technology (ICDCIT’05),

Lecture Notes in Computer Science (LNCS) Vol 3186, pp. 125-131, December

2005.

Public Key Cryptosystems RSA and ElGamal : A Technical Report

Documents

Transcript of Public Key Cryptosystems RSA and ElGamal : A Technical Report