 Cryptography - Study of methods of encoding text for purposes of privacy
 Encryption - the process of encoding text
 Decryption - the process of decoding text
 Plaintext/cleartext unencoded text
o Information before encryption or after decryption
 Cipher – a code
 Ciphertext coded text
o Information that has been encrypted
Cryptosystem – a system that employs encryption and decryption
Conventional / Symmetric Key / Single Key Encryption
 Simple algorithm is used to encrypt / decrypt (transform) the text
 Same key is used in encryption and decryption
 Secret is primarily in the key
An Example - Substitution cipher
 Symmetric Key System
 Simple algorithm is used to encrypt / decrypt (transform) the text
o Each letter is replaced with a different letter or symbol
 Caesar’s method
o Replace every letter with letter 3 away in alphabet
A -> D
B -> E
C -> F
W -> Z
X -> A
Y -> B
Z -> C
Back to Symmetric Key / Single Key Encryption
 Both parties need same key
 How to send securely key to receiver
o Separate messenger
o Key book
 One-time pads
Public Key / Asymmetric Key Cryptosystems
 Two keys are used- public and private
 Distribute public key; keep private key…private (duh!)
A Bit on How This Could Work
What two numbers when multiplied produce 143?
 Such numbers are called factors
Now multiply 13 and 23
Which process took longer? Why?
Similar to a one-way screw
o Can drive it in, but difficult to remove it
Also, a trap-door
o Again, easy to go in, but difficult to come out
Idea is to have a function that is easy to calculate in one direction, but not the other
o Encryption uses the easy function
 Involves using the public key
o Decryption requires the hard function
 unless you have the private key
How to use it
o Freely distribute public key
 Put it on Web page, for example
o Someone sending message encrypts with public key
 Standard programs (see below) that accepts public key and message and perform
the encryption
o Receiver uses private key to decrypt message
Digital Signatures
Public key systems also allow you to digitally sign your messages
The message is signed with your private key
 You end up with a new message consisting of the original message and what appears
to be an encoded version
To verify that the message is authentic, the receiver supplies your public key
 The public key is applied to the signed message and checks that the original message
and the encoded match
 Any changes to the original message will cause a mismatch during the verification
Digital Certificates
 Solves the problem of public key authenticity
 Public key is verified by a well-known entity that verifies the authenticity of the key
Well-known Public Key Systems
 RSA - invented by Ron Rivest, Adi Shamir and Leonard Adleman
 DSA - Digital Signature Algorithm by David Kravitz
 Pretty Good Privacy - PGP - uses both conventional and public-key cryptography
The RSA Public Key System
 RSA - invented by Ron Rivest, Adi Shamir and Leonard Adleman
 Some symbols
M – message (cleartext)
C – ciphertext
e – public exponent (power)
d – private exponent
n - very large (128 bits) number – product of two primes
o The message is encrypted by …
… and decrypted by
C=Me %n
M=Cd %n
 where n = p * q , p and q are prime numbers
 Where d = e -1 mod ((p-1)*(q-1))
Notice that to decrypt you need to know d
o d can be obtained from e, which is public. However
o the calculation is infeasible
 must find all factors of n
 determine which are prime
 must try all pairs of primes to find p and q
 Pretty Good Privacy
Sending message
o PGP compresses message
 Increases security and reduces transmission time
o PGP creates session key to be used only once. Randomly created (uses keystrokes and
randomly selected mouse movements)
o Session key is used to conventionally (symmetric key) encrypt message
o Receiver’s public key is used to encrypt session key
o Encrypted message and encrypted session key are sent to receiver
Receiving message
o Private key is used to decrypt session key
o Session key is used to decrypt message
o Message is decompressed
o Convention encryption is much faster than public key (10,000 times faster)
 Only using public key on relatively small text (session key)
o One time session key prevents trying to decode previous messages to break cipher