Vous êtes sur la page 1sur 16


Public-key Encryption
David Burianek
Saint Leo University
Network Theory & Design
Dr. Eduardo Bautista
August 01, 2014

Public-key Encryption
The intent of this paper is to present the reader with an explanation of Public-key
encryption without delving too deeply into the math behind encryption schemes to better
facilitate understanding for the layperson.
Cryptography is a fascinating world that predates computers. Beginning in ancient times
through the revolutionary period and into modern times, there have been many schemes to
protect sensitive data. Notable technics are George Washington's book-key ciphers, Thomas

Jeffersons cylinder, (Menezes, Van Oorschot, & Vanstone, 1997, p. 243) and the Nazi Enigma
Machine of World War II. (Piper & Murphy, 2002) There has always been a need to have secure
communications and the ability to safeguard data that has been intercepted.
Modern Cryptology is an art form that uses the science of mathematics in order to
provide secrecy, authenticity, and security in the transport of data. Cryptology also enables us
to create trust relationships over open networks; more in general, cryptographic protocols allow
mutually distrusting parties to achieving a common goal while protecting their own interests.
(Furnell, Katsikas, Lopez, & Patel, 2008, p. 105) The methods by which these transactions can
occur are many; however, they can be broken down into two categories; symmetric key
encryption and asymmetric key encryption. Public key encryption uses the asymmetric key
approach. We will discuss both methods later.
The advent of e-commerce has created a greater need for public-key encryption schemes
to provide security and privacy during online ordering, banking, bill payment, and other sensitive
transactions. We hear it in the news all the time about hackers breaking into supposedly secure
e-commerce websites. Most of these websites use some form of public-key encryption (PKE)
and public-key infrastructure (PKI) to encrypt sales transactions. The reality is that most hacks
involve breaking into the servers the data is stored on rather than the breaking of the encrypted
data transfer.
A Brief History of Cryptography
Cryptography is the science of designing of cipher systems, whereas cryptanalysis is the
name given to the process of deducing information about plaintext from the ciphertext without
being given the appropriate key. Cryptology is the collective term for both cryptography and
cryptanalysis. (Piper & Murphy, 2002, Kindle Location 277-279)


The information to be concealed is often called the plaintext and the operation of
disguising it is known as encryption. The encrypted plaintext is called the ciphertext or
cryptogram and the set of rules used to encrypt information plaintext is the encryption algorithm.
Normally the operation of this algorithm depends on an encryption key, which is input to the
algorithm together with the message. In order that the recipient can obtain the message from the
cryptogram there has to be a decryption algorithm which, when used with the appropriate
decryption key, reproduces the plaintext from the ciphertext. (Piper & Murphy, 2002, Kindle
Location 267-268)
A Brief Explanation of Symmetric Key Encryption
There have been numerous encryption schemes throughout history. The one common
element shared by most of these older ciphers was their use of symmetric key encryption. With
symmetric key encryption, both parties have an encryption and decryption key. When a new
party needs to send encrypted data, a set of keys must be delivered by a trusted courier to the
new party. Symmetric key encryption relies on an established level of trust between the sender
and receiver. Take the example of the briefcase protocol. In this example, we use a physical
analogy to describe the desire of Alice (sender) to send a secure message (or package) to Bob
(receiver) by locking it in a briefcase.
1. Alice begins by obtaining a padlock. Only Alice has the key to this padlock.
2. Alice places the message into the briefcase, locks the briefcase using her padlock, and
hands the locked briefcase to a courier, who transports it to Bob.
3. Bob obtains a padlock of his own. Once Bob receives the briefcase, he adds his lock
to the briefcase and returns the briefcase, now with two padlocks installed, to the
courier, who takes it back to Alice.


4. Alice removes her padlock and hands the briefcase to the courier, who once again
transports it to Bob.
5. Bob removes his padlock and opens the briefcase to obtain the message. (Martin,
2012, p. 153)

Figure 1. Example of the Briefcase Protocol (Piper & Murphy, 2002, Kindle
Location 388)
The major issue with symmetric-key encryption lies in the efficient means of both
parties to agree upon and exchange keys securely. Authorization confirmation is a vital factor in
the issuing of secure keys and is referred to as the key distribution problem, which we will
discuss later in the key management section.


Figure 2. Two-party communication using encryption, with a secure channel

for key exchange. The decryption key d can be efficiently computed from the
encryption key e. (Menezes et al., 1997, figure 1.7)
A Brief Explanation of Modular Arithmetic
Public-key use a mathematical technique called integer factorization, which simply
means that an integer is raised by a power as in xy. Cryptology uses a more complex method
called modular mathematics to generate these powers.
Prime numbers are used for moth the base integer and the exponential power. A prime
number is a number for which there are no numbers other than itself and 1 that divide into the
number without a remainder. Such neatly dividing numbers are termed factors. For example,
17 is a prime since the only numbers that divide neatly into 17 are 1 and 17. On the other hand,
14 is not a prime since 2 and 7 both divide neatly into, and are thus factors of, 14. There are an
infinite quantity of primes, with the smallest ten primes being 2, 3, 5, 7, 11, 13, 17, 19, 23, and
29. Primes play a very important role in mathematics, and a particularly important role in
cryptography. (Martin, 2012, p. 156)


There are a finite set of modular numbers, and Modular arithmetic provides rules for
conducting familiar operations such as addition, subtraction, and multiplication on these modular
numbers. (Martin, 2012, p. 156)
A Simplified Explanation of Modulus
Let us use the days of the week in this example of determining the modulus of a number,
modulus uses positive integers and creates a finite set of numbers in lieu of an infinite set.
When we work out what day of the week something will happen on, we often
(unconsciously) make mental calculations such as two days after Tuesday is Thursday.
We could write this in a pseudo-mathematical way as follows:
Tuesday + 2 = Thursday.
When such a calculation takes us beyond the end of a particular week then we will make
statements such as three days after Friday is Monday. Although this is actually Monday
of the following week, this does not cause us any problem since we are treating all
Mondays as the same for this purpose. So:
Friday + 3 = Monday.
Similarly we can make statements such as:
Thursday 2 = Tuesday, and Friday + 7 = Friday.
We can restate this simple idea by now replacing the days of the week, starting with
Monday, by the numbers 0 to 6 (so Monday is 0, Tuesday is 1, and Sunday is 6). It is
now possible to write all our previous pseudo-mathematical equations as mathematical
equations. In other words:


4 + 7 = 4.
Computing the days of the week in this manner is an example of modulo 7 (often
abbreviated to mod 7) arithmetic. It is just like normal arithmetic except that we wrap
back around when we reach the number 7 by treating 7 as beginning again at 0. (Martin,
2012, p. 498-499)
Modulo numbers can be manipulated using addition, subtraction, and
multiplication as you would with any normal integer.
For anyone wishing to delve deeper into Modular mathematics; see the mathematical
appendix in Keith M. Martins book Everyday Cryptography: Fundamental Principles and
Applications. (pg. 498)
As you can see by using Modular arithmetic to generate the integers needed to encrypt
plaintext, making deducting the decryption key pattern from plaintext in the Public-key difficult,
breaking a Public-key encryption takes a lot of effort. A nefarious adversary would be surely
dissatisfied to spend a large amount of computer power cracking the cypher only to find a credit
card is maxed out. It is far easier to break into the storage servers.


A Brief Explanation of block ciphers.

Some of the public-key encryption schemes assume that the message or data needing
encryption will be a fixed length (bit length). Plaintext longer than this fixed length needs to be
broken down into blocks of the appropriate size, this is where block ciphers come into play.
Block ciphers take a different approach to encryption: the plaintext is divided into larger
words of n bits, called blocks; typical values for n are 64 and 128. Every block is enciphered in
the same way, using a keyed one-way permutation (i.e., a permutation on the set of n-bit strings
controlled by a secret key). The simplest way to encrypt a plaintext using a block cipher is as
follows: divide the plaintext into n-bit blocks Pi, and encrypt these block by block. The
encryption also operates on individual blocks:
Ci = EK(Pi) and Pi = DK(Ci).
This way of using a block cipher is called the electronic codebook (ECB) mode.
The ECB mode, even if n is large, is not suited to encrypt structured plaintexts, such as text, and
images. This mode should only be used where the plaintext is random as is case in the
encryption of cryptographic keys. (Furnell et al., 2008, p. 111-112)

Figure 3. A block cipher in ECB mode (Piper & Murphy, 2002, Kindle
Location 1063)


The most-popular mode of operation for a block cipher is the cipher block chaining
(CBC) mode. CBC mode is used to prevent block manipulation that would change the message.
For example; if a plaintext message contained the phrase; the prices is four thousand dollars
without cipher block chaining an adversary knowing the message could manipulate the
cryptogram so that only certain blocks are received thus changing the message to read; the price
is four dollars. In this case, the decryption works and the messages do make sense, so the
recipient does not suspect tampering; the only clue would be if the recipient suspected the price
was too low. (Piper & Murphy, 2002) In this mode the different blocks are coupled together by
adding modulo 2 to a plaintext block. Using the previous ciphertext block we can make the
following additions:
Ci = EK(Pi (Ci1) and Pi = DK(C)i Ci1). (Furnell et al., 2008, p. 111-112)
Achieving a balance in block size and efficiency is important, if a cipher block is too
small, there will exist a smaller set of different plaintext blocks created. An adversary could
launch a dictionary attack by building up a dictionary of plaintext/ciphertext pairs sent using
that encryption key. A larger block size makes this attack harder because the dictionary needs to
be larger. (Martin, 2012, p. 114) Conversely, if the block size is too large, efficiency degrades
as shorter plaintext blocks will need to have padding applied.
What Is Public-Key Encryption?
Public-key encryption uses asymmetric keys. With the asymmetric key method, the
receiver has both the encryption and decryption keys. The receiver sends out the encryption key,
known as a public key to several interested parties who then use the public-key to encrypt their
data for transmission back to the receiver who then uses their private key, known only to them, to

decode the transmitted data. (Tyson, 2001) Most public-key schemes use some form of the
Diffie-Hellman key agreement protocol to exchange encryption keys between users.




Diffie-Hellman key agreement protocol

In 1976, Diffie and Hellman proposed an innovative protocol (now known as the DiffieHellman key agreement protocol) to establish a secret key between two parties even if they have
never met before. This marked the beginning of a new type of encryption method called public
key encryption as explained later. By using the Diffie-Hellman protocol, two unknown parties
can set up a secret key securely over the internet.... First, two numbers n and g are selected
where n is a large prime number and g is primitive mod n (i.e. the calculation of gz mod n where
1 z n 1 will produce all the possible values of 2).The foundation of the Diffie-Hellman
protocol relies on the difficulty in computing discrete logarithms. Basically, given gx mod n, gy
mod n, n, and g (i.e., even these parameters are disclosed), it is almost impossible to determine
gxy mod n provided that the prime number n is very large. (Chan, Lee, Dillon, & Chang, 2001,
p. 209-210)
The public-key does not need to be distributed to the sender(s) through secret channels
since even if an adversary possesses the public-key it should be nearly impossible to calculate
the private-key from the public-key. (Chan et al., 2001) The key pair is based on prime
numbers (numbers that only have divisors of itself and one, such as 2, 3, 5, 7, 11 and so on) of
long length. This makes the system extremely secure, because there is essentially an infinite
number of prime numbers available, meaning there are nearly infinite possibilities for keys.
(Tyson, 2001, para. 2) Most practical public key algorithms are block ciphers that regard the
message as a sequence of large integers and rely on the difficulty of solving a particular
mathematical problem for their security. (Piper & Murphy, 2002, Kindle Locations 1141-1142)
Unlike symmetric-key encryption that relies on an established level of trust between the
sender and receiver, a public-key relies on a smaller amount of trust between sender and receiver.



Still, there is the question of whether the public-key is actually that of the intended receiver. It
is also worth observing that when a public key system is used to provide confidentiality then,
since the public encryption key is widely known and can be used by everyone, the ciphertext
does not provide any authentication of the sender. (Piper & Murphy, 2002, Kindle Location
1120) Again, authorization of keys plays a large part in the distribution of keys. Public-key
encryption is noticeably slower to encrypt/decrypt than symmetric keys. Ironically, public-key
ciphers are often used to transport symmetric keys to the communicating parties. (Martin, 2012)
(Menezes et al., 1997)
Public-key algorithm systems
There are several styles of public-key encryption algorithms in use today. Each of these
public-key schemes uses a number-theoretic computational problem to provide security.
(Menezes et al., 1997) Currently there are the following public-key schemes:
Table 1
Public-key Encryption Schemes
Public-key encryption scheme
Generalized ElGamal
Merkle-Hellman knapsack
Chor-Rivest knapsack
Goldwasser-Micali probabilistic
Blum-Goldwasser probabilistic

Computational Problem
Integer factorization problem
RAS problem
Integer factorization problem
Square roots modulo composition
Discrete logarithm problem
Diffie-Helman problem
Generalized discrete logarithm problem
Generalized Diffie-Helman problem
Linear code decoding problem
Subset sum problem
Subset sum problem
Quadratic residuosity problem
Integer factorization problem
Rabin problem
(Menezes et al., 1997, table 8.1)



All of these current public-key schemes have their own unique set of strengths and
weaknesses. The most popular of these schemes is the RSA and ElGamal, which we will
examine RSA later. Anyone wishing a deeper look at these public-key schemes see Menezes et
al.s excellent book Handbook of Applied Cryptography.
RSA Encryption Algorithm
The RSA encryption algorithm was named after its inventors Rivest, Shamir, and
Adleman. (Chan et al., 2001) (Menezes et al., 1997) (Piper & Murphy, 2002)
The RSA algorithm uses the integer factorization problem which in turn makes use of
modular mathematics. As the reader will recall from our earlier discussion on of modular math,
the mathematical operated modulus (mod) can be simply defined as:
X = Y mod Z
Where X is the remainder of Y divided by Z. For example consider:
1 = 7 mod 3
Expressed in words this means that 7 divided by 3 leaves a remainder of 1. (Chan et al.,
Generating the modulus
Creating an RSA set of keys involves computing two large random primes p and q. The
public key contains n which is calculated by the product of two large prime numbers thus n= pq.



Generating e
Next we need a unique number e which must be greater than one and less than the
product of the primes pq (1 e w) where w = (p - 1)(q - 1). The property of e must be that no
numbers can divided evenly into e and (p - 1)(q - 1)except 1.(Martin, 2012)(Menezes et al.,
1997) We can compute e such that 1 = (d x e) mod w (i.e., when (d x e)/w, the remainder is 1)
(Chan et al., 2001, p. 211)
Generating d
The private key d is computed from the values for p, q, and e. Since the private key d is
determined by the public key (e, n) there can only be one value for d. (Martin, 2012) Since d is
calculated as the inverse of e mod w we get the formula ed = 1 mod w. Fortunately there is a
convenient algorithm called the Extended Euclidean Algorithm that take the input of p, q, and e
and outputs d. (Martin, 2012, p. 162) (Menezes et al., 1997)
When all the variables are found we have the public key as (e, n) and the private key as
(d, n).(Martin, 2012) (Menezes et al., 1997) (Piper & Murphy, 2002) (Chan et al., 2001)
RSA key generation sample
We will now demonstrate RSA key generation using the following values for the
variables: Let p = 47, q = 59 and e = 17, also that w = (p - 1)(q - 1).
Generating the modulus
Recall n = pq substituting the values we get n = 47 x 59 = 2773.
Generating e
The number 17 is picked because no number divides evenly into it except 1.
Thus 17 and w have no numbers but 1 that will divided into them. We can calculate w as
(47 1)(59 1) = 2668.



Forming the public key

The pair of numbers (n, e) = (2773, 17) for the public key.
Forming the private key
Input p = 47, q = 59 and e = 17 to the Extended Euclidean Algorithm. The output will
be d = 157. We can check that this result is correct by computing:
de = 17 157 = 2669 = 1 mod 2668. (Martin, 2012, p. 163)
Finally we have the public key (e, n) of (17, 2773) and the private key (d, n) of (157,
2773) (Martin, 2012) (Menezes et al., 1997) (Chan et al., 2001)
Key Management
The best encryption scheme is useless if the key management is weak. An inadequate or
faulty key management system can allow an adversary access to the decryption keys. (Martin,
2012) (Piper & Murphy, 2002)
Proper key management involves the awareness of the following factors
Technical controls an example of this is the use of special hardware for storing the
cryptographic keys (Martin, 2012)
Process controls This is the concept of using policies, practices, and procedures to
ensure cryptographic keys stay secure during normal business transactions.
Environmental controls where is the physical location of the cryptographic keys and
there storage locations. Political and natural disruptions must be considered here.
Human factors security is only as strong as the weakest link, which in this case are
humans themselves. When employees ignore procedures the security of the cryptographic keys
are at risk. (Martin, 2012) (Menezes et al., 1997) (Chan et al., 2001) (Piper & Murphy, 2002)



Chan, H., Lee, R., Dillon, T., & Chang, E. (2001). E-commerce : Fundamentals and
Applications. [Adobe Digital Editions version]. Retrieved from eBook Academic
Collection (EBSCOhost) Accession Number: 78992
Furnell, S., Katsikas, S., Lopez, J., & Patel, A. (2008). Securing Information And
Communications Systems : Principles, Technologies, And Applications. [Adobe Digital
Editions version]. Retrieved from eBook Academic Collection (EBSCOhost) Accession
Number: 284257
Martin, K. M. (2012). Public-Key Encryption. In Everyday Cryptography Fundamental
Principles and Applications (pp. 150-184). [Kindle DX]. Retrieved from Amazon.com
Menezes, A. J., Van Oorschot, P. C., & Vanstone, S. A. (1997). In Handbook of Applied
Cryptography). Boca Raton, Fl: CRC Press LLC.
Piper, F., & Murphy, S. (2002). Uses of Cryptography. In Cryptography A Very Short
Introduction (pp. 1519-1589). [Kindle]. Retrieved from Amazon.com
Tyson, J. (2001). How Encryption Works. Retrieved Aug 02, 2014 , from