Introduction to Cryptography
SUMMARY:
All encryption systems rely on the notion of a key. A key is the basis for a
transformation, usually mathematical, of an ordinary message into a unreadable one. For
centuries, most encryption systems have relied on what is called private-key encryption.
Only within the last 30 years has a challenge to private-key encryption
appeared public-key encryption.
Private-key encryption systems use a single key. This requires the sender and the receiver
to share the key. Both must have the key; the sender encrypts the message by using the
key, and the receiver decrypts the message with the same key. Both must keep the key
private to keep their communication private.
If, you are new to the area of public key cryptography it may answer some
of your questions.
Please note that when you use MailSecure, this process all takes place automatically in a
few seconds.
There are two kinds of cryptosystems: symmetric and asymmetric. Symmetric
cryptosystems use the same key (the secret key) to encrypt and decrypt a message, and
asymmetric cryptosystems use one key (the public key) to encrypt a message and a
different key (the private key) to decrypt it. Asymmetric cryptosystems are also called
public key cryptosystems.
The concept of public-key cryptography was introduced in 1976 by Whitfield Diffie
and Martin Hellman. [www.x5.net/faqs/crypto].
Their revolutionary idea was to enable secure message exchange between sender and
receiver without ever having to meet in advance to agree on a common secret key.
ENCRYPTION-DECRYPTION (DEFINITIONS):
Encryption is a key-based mathematical transformation that changes plaintext to
cipher text in such a way that the reverse operation - decryption - is very difficult
without possession of the key

Decryption is the inverse transformation, and reverses the encryption (converts
cipher text back to plaintext)
• Reversing the encryption requires you to have, or can guess, the decryption key
• Typically the larger the key, the harder it is to guess
USES OF PUBLIC KEY CRYPTOGRAPHY:
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 1 of 10
1 Private messages without prior secret key exchange
Document integrity
Authenticated messages (non-repudiation)
Confidential data transfer (“bulk” encryption)
Assured identity and user authentication without “passwords in the clear”
Digital Timestamp Service - issues timestamps which associate a date and time
with a digital document in a cryptographically strong manner.
1). Private Messages (“Many to One” private communication) :
Example:
Entity “A” - a researcher whose workstation is on an open, insecure, network - wishes to
communicate with assured privacy with entity “B”, a collaborator on the other side of the
country • B’s public key is available from a source that is “reliable”. E.g. an employer’s
X.500/LDAP or Web server (commercial enterprise public keys are frequently published
in the business section of the Sunday New York Times)
• A obtains B’s public key over the open network
• A uses B’s public key to encrypt a message for B
2). Document Integrity :
Is what B received exactly what A sent?
• A generates a message / document
• A generates a “message digest” (a small, fixed-length code (bit string) that is unique to
the original message - a “one-way hash” code).
• A encrypts the message digest with A’s private key and includes the encrypted digest
with the plaintext message / document.
• Anyone can read the original message (e.g., a deed, a computer security advisory
message, etc.)
• B verifies the integrity of A’s message by generating the hash code for the received
message, decrypting the message digest with A’s public key and comparing the two.
(a match => received message is the same as the original)
Other types of document integrity :
• A “document” can be any digital data (e.g. a digital image, digital video clip, digital
audio clip, etc.)
• A verified time stamp can prove when a document was generated - “postmarks” - time
stamps that verify the contents of a document at a given point in time - can be generated
by sending the message digest to a trusted third party who adds a guaranteed accurate
time stamp and digitally signs the combined document (digest plus time stamp) and
returns it. Important for patent notes, lab notebooks, etc.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 2 of 10
4). Confidential Data (“How to exchange lots of private data”) :
Public key encryption is relatively expensive, and is not suited to encrypting large
volumes of data
Single key encryption (e.g. DES) is suitable for “bulk” encryption
Example: transferring a confidential file.
• Using symmetric / secret key cryptography, a temporary (“session”) key is generated
and used to encrypt large datasets.
• The session key can be encrypted with the public key of the intended recipient and sent,
in confidence, to the recipient.
• The encrypted data can be transferred over an insecure network.
• The intended recipient decrypts the session key using his/her private key, and then uses
the session key to decrypt the data.
5). User Authentication (logging in remotely without passwords) :
If a remote system can obtain a public key for which it has some confidence as to the
“identity” of the “person” to whom that public key was issued ;.. then there are protocols
that allow the remote system to authenticate the user on his/her local system and permit a
“login” (e.g. a telnet or X-window session from the local to the remote system) without
exchanging any passwords “in the clear” (and over an encrypted channel, if desired)
See, e.g., “SSH (Secure Shell) Remote Login Program”
(http://www.cs.hut.fi/ssh)
“Identity”
Several of the uses of public key cryptography (e.g. user authentication) depend on
establishing the identify of the holder of a private key.
That is, how do you know that the holder of the private key (the person that encrypted
the message that you have just received and were able to decrypt with the corresponding
public key) is really the person that you think it is?
 all that public key cryptography “guarantees” is that public and private keys come in
uniquely associated pairs, not who holds the private key
In this theory, each person/company gets a pair of keys, one called the public key and the
other called the private key. Each person’s public key is published, which is published
under the users name in a public directory accessible for everyone to read while the
private key is kept secret. The need for the sender and receiver to share secret information
is eliminated; all communications involve only public keys, and no private key is ever
transmitted or shared. No longer is it necessary to trust some communications channel to
be secure against eavesdropping or betrayal. The only requirement is that public keys are
associated with their users in a trusted (authenticated) manner (for instance, in a trusted
directory). Anyone can send a confidential message by just using public information, but
the message can only be decrypted with a private key, which is in the sole possession of
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 3 of 10
the intended recipient. Furthermore, public-key cryptography can be used not only for
privacy (encryption), but also for authentication (digital signatures).
ADVANTAGES OF PUBLIC-KEY CRYPTOGRAPHY
1. Only the private key must be kept secret (authenticity of public keys must, however, be
guaranteed).
2. The administration of keys on a network requires the presence of only a functionally
trusted TTP as opposed to an unconditionally trusted TTP. Depending on the mode of
usage, the TTP might only be required in an offline manner, as opposed to in real time.
3. Depending on the mode of usage, a private key/public key pair may remain unchanged
for considerable periods of time, e.g., many sessions (even several years).
4. Many public-key schemes yield relatively efficient digital signature mechanisms. The
key used to describe the public verification function is typically much smaller than for the
symmetric-key counterpart.
5. In a large network, the number of keys necessary may be considerably smaller than in the
symmetric-key scenario.
DISADVANTAGES OF PUBLIC-KEY ENCRYPTION
1. Throughput rates for the most popular public-key encryption methods are several orders
of magnitude slower than the best-known symmetric-key schemes.
2. Key sizes are typically much larger than those required for symmetric-key encryption,
and the size of public-key signatures is larger than that of tags providing data origin
authentication from symmetric-key techniques.
3. No public-key scheme has been proven to be secure (the same can be said for block
ciphers). The most effective public-key encryption schemes found to date have their
security based on the presumed difficulty of a small set of number-theoretic problems.
DIGITAL SIGNATURES
Two additional components of information security are integrity and authenticity. How
can a recipient know that the message has not been tampered with or changed and is
actually from the purported party? If we communicate electronically with those we do not
know, we must have a way to address these concerns. Digital signatures provide this.
A digital signature is a portion of a message encrypted with a user's private key. Anyone
who knows this user's public key could now decrypt this digital signature and the
message it signs.
By doing so, the recipient would know that this message and its digital signature could
have come only from the owner of the private key corresponding to the public key used
to decrypt.
Only the corresponding private key could have originally encrypted the message. Digital
signatures not only ensure that the received message is exactly the one sent, but also
verify that the alleged sender actually sent it. In a public key system, the private key is
never transferred or distributed. Consequently, the risk of an outsider obtaining this
critical item is very small.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 4 of 10
DIGITAL CERTIFICATES
However, we still need to know, without doubt, that the owner of a public key is who he
claims to be. This involves the intervention of a disinterested, trusted third party that
binds a public key to an individual or entity that it has positively identified. This binding
mechanism is know as a digital certificate. A digital certificate can be considered
analogous to a passport.
Like a passport, a certificate serves as a credential; it contains information that establishes
an individual's identity, along with a unique identifying number. A digital certificate is an
electronic credential that contains specific identification information-name, address, and
company-along with the individual's public key. With a passport, information is verified
and A Certificate Authority issues, verifies, and revokes certificates, just as a government
issues, validates, and seizes passports. The Certificate Authority's digital signature attests
to the binding of the individual's identity and his public key. The CA, like any individual,
has a certificate containing its identifying information and public key so that anyone who
needs to authenticate a CA signature can do so. To create a digital signature, a
cryptographic function takes digitized information and a CA's private key as inputs and
returns the signature as the unique output.
Finally, if necessary, the digital signature can be authenticated with an inverse
cryptographic function that take the same digitized certificate information and the CA's
public key as inputs to generate a unique output called an authenticator. The CA can then
be compared to the claimed signature.
In the near future, a hierarchy of Certificate Authorities will exist. Two parties with
certificates issued and signed by different Certificate Authorities will be able to mutually
authenticate each other by relying on the signature of a higher level of Certificate
Authority, such as the U.S. Postal Service.
CERTIFICATE ATTRIBUTES
Digital signatures, like handwritten signature, can be used as proof of agreement with or
ownership of the contents of a document. The identifying information in the certificate
can be trusted because the digital signature is cryptographically strong. The signature
contained in a digital certificate meets the following criteria (listed in Schneier's Applied
Cryptography, Wiley
& sons, 1994):
1). It must be non-forgeable. The signature proves that the signer deliberately signed the
document.
2).It must be authentic. The signature convinces the document's recipient that the signer
deliberately signed the document.
3). It must not be reusable. The signature is part of the document, and an unscrupulous
person cannot move the signature to a different document.
4). It must make the signed document unalterable. In the case of digital signatures, after a
document is signed, it cannot be altered without detection.
5). It cannot be repudiated. The signature and the document, although intangible, are
physical entities. The signer cannot claim later that he or she did not sign it.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 5 of 10
PUBLIC-KEY CIPHERS



Traditional secret key cryptography uses a single key shared by both sender and
receiver.
If this key is disclosed communications are compromised
Also does not protect sender from receiver forging a message & claiming is sent
by sender, parties are equal

public-key (or two-key) cryptography involves the use of two keys:
o a public-key, which may be known by anybody, and can be used to
encrypt messages, and verify signatures
o a private-key, known only to the recipient, used to decrypt messages,
and sign (create) signatures

The public-key is easily computed from the private key and other information
about the cipher (a polynomial time (P-time) problem)
However, knowing the public-key and public description of the cipher, it is still
computationally infeasible to compute the private key (an NP-time problem).
Thus, the public-key may be distributed to anyone wishing to communicate
securely with its owner (although secure distribution of the public-key is a nontrivial problem - the key distribution problem)
Have three important classes of public-key algorithms:
o Public-Key Distribution Schemes (PKDS) - where the scheme is used to
securely exchange a single piece of information (whose value depends on
the two parties, but cannot be set).
o This value is normally used as a session key for a private-key scheme
o Signature Schemes - used to create a digital signature only, where the
private-key signs (create) signatures, and the public-key verifies
signatures.
o Public Key Schemes (PKS) - used for encryption, where the public-key
encrypts messages, and the private-key decrypts messages.
o Any public-key scheme can be used as a PKDS, just by selecting a
message which is the required session key.



Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 6 of 10
o
Many public-key schemes are also signature schemes (provided
encryption & decryption can be done in either order) .
DIFFIE-HELLMAN PUBLIC-KEY DISTRIBUTION SCHEME

First public-key type scheme proposed was a PKDS by Diffie & Hellman in 1976:
W Diffie, M E Hellman, "New directions in Cryptography", IEEE Trans.
Information Theory, IT-22, pp644-654, Nov 1976 .

An excellent overview of cryptography at this time is:
W Diffie, M E Hellman, "Privacy and Authentication: An Introduction to
Cryptography", Proc. of the IEEE, Vol 67 No 3, pp 397-427, Mar 1979



It is a public-key distribution scheme
o it cannot be used to exchange an arbitrary message
o only a key, whose value depends on the participants (and their private and
public key information)
Is based on exponentiation in a finite (Galois) field, either over integers modulo a
prime, or a polynomial field
o nb exponentiation takes O((log n)3) operations
Its security relies on the difficulty of computing logarithms in these fields
o nb discrete logarithms takes O(e log n log log n) operations ..
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 7 of 10
CONCLUSION
With private-key encryption, you have to be careful of stolen or intercepted keys. In
public-key encryption, where anyone can create a key pair and publish the public key, the
challenge is in verifying that the owner of the public key really is the person you think it
is. There is nothing to stop a user from creating a key pair and publishing the public key
under a false name. The person listed as the owner of the public key will not be able to
read messages encrypted with that key because he or she will not have the private key. If
the creator of the false public key can intercept these messages, that person can decrypt
and read messages intended for someone else. To counteract the potential for forged
keys, public-key systems provide mechanisms for validating public keys (and other
information) with digital signatures and digital certificates
[Source:http:// www.unicom.com/pw/pubnetinfosec/ crypto-pubkey.gif ]
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 8 of 10
[http://www.home7.inet.tele.dk/ hunter/basics.html]

Some sample symmetric ciphers:
o Export-grade RC4 (40 bits)
o DES (56 bits)
o Domestic-grade RC4 (128 bits)
o IDEA (128 bits)
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 9 of 10
Practice:
Alice and Bob want to communicate in secret, while Eve wants to eavesdrop. Alice
and Bob could be military jets, on-line businesses or just friends trying to have a
private conversation. They can't stop Eve listening to their radio signals (or tapping
their phone line, or whatever), so what can they do to keep their communication
secret
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page 10 of 10