Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
1
of
10
Introduction to Cryptography
SUMMARY:
All encryption systems rely on the notion of a key. A key is the basis for a
transformation, usually mathematical, of an ordinary message into a unreadable one. For
centuries, most encryption systems have relied on
what is called private

key encryption.
Only within the last 30 years has a challenge to private

key encryption
appeared public

key encryption.
Private

key encryption systems use a single key. This requires the sender and the receiver
to share the key. Bot
h must have the key; the sender encrypts the message by using the
key, and the receiver decrypts the message with the same key. Both must keep the key
private to keep their communication private.
If, you are new to the area of public key cryptography it
may answer some
of your questions
.
Please note that when you use MailSecure, this process all takes place automatically in a
few seconds.
There are two kinds of cryptosystems:
symmetric
and
asymmetric
. Symmetric
cryptosystems use the same key (the secre
t key) to encrypt and decrypt a message, and
asymmetric cryptosystems use one key (
the public key)
to encrypt a message and a
different key (the private key) to decrypt it. Asymmetric cryptosystems are also called
public key
cryptosystems.
The concept of
public

key cryptography was introduced in 1976 by Whitfield Diffie
and Martin Hellman.
[
www.x5.net/faqs/crypto].
Their revolutionary idea was to enable secure message exchange between sender and
receiver without ever having to meet in advance to agree on
a common secret key.
ENCRYPTION

DECRYPTION (DEFINITI
ONS):
Encryption is a
key

based
mathematical transformation that changes
plaintext
to
cipher text in such a way that the reverse operation

decryption

is very difficult
without possession of the
key
Decryption is the inverse transformation, and reverses the encryption (converts
cipher text back to plaintext)
• R
eversing the encryption requires you to have, or can guess, the decryption key
•
Typically the larger the key, the harder it is to gue
ss
USES OF PUBLIC KEY C
RYPTOGRAPHY:
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
2
of
10
1
Pr楶慴 me獳慧敳⁷楴潵琠灲楯t cre琠步tch慮来
䑯Dumen琠楮瑥杲瑹
䅵瑨en瑩t慴ade獳慧e猠⡮潮

repud楡瑩潮)
Confidential data transfer (“bulk” encryption)
䅳獵red en瑩t礠慮d u獥r 瑨tn瑩t慴楯a⁷楴h潵琠
“passwords in the clear”
Digital Timestamp Service

issues timestamps which associate a date and time
with a digital document in a cryptographically strong manner.
1).
Private Messages
(“Many to One” private communication) :
Example:
Entity “A”

a researcher whose workstation is on an open, insecure, network

wishes to
communicate with assured privacy with entity “B”, a collaborator on the other side of the
country
•
B’s public key is available from a source that is “reliable”. E.g. an employer
’s
X.500/LDAP or Web server (commercial enterprise public keys are frequently published
in the business section of the Sunday New York Times)
•
A obtains B’s public key over the open network
•
A uses B’s public key to encrypt a message for B
2).
Document
Integrity
:
Is what B received exactly what A sent?
•
A generates a message / document
•
A generates a “message digest” (a small, fixed

length code (bit string) that is unique to
the original message

a “one

way hash” code).
•
A encrypts the message d
igest with A’s private key and includes the encrypted digest
with the plaintext message / document.
•
Anyone can read the original message (e.g., a deed, a computer security advisory
message, etc.)
•
B verifies the
integrity
of A’s message by generating th
e hash code for the received
message, decrypting the message digest with A’s public key and comparing the two.
(a match => received message is the same as the original)
Other types of document integrity :
•
A “document” can be any digital data (e.g. a digital image, digital video clip, digital
audio clip, etc.)
•
A verified time stamp can prove
when
a document was generated

“postmarks”

time
stamps that verify the
contents of a document at a given point in time

can be generated
by sending the message digest to a trusted third party who adds a guaranteed accurate
time stamp and digitally signs the combined document (digest plus time stamp) and
returns it.
Importan
t for patent notes, lab notebooks, etc.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
3
of
10
4).
Confidential Data
(“How to exchange lots of private data”) :
Public key encryption is relatively expensive, and is not suited to encrypting large
volumes of data
Single key encryption (e.g. DES) is suitable for “bulk” encryption
Example: transferring a confidential file.
•
Using symmetric / secret key cryptogr
aphy, a temporary (“session”) key is generated
and used to encrypt large datasets.
•
The session key can be encrypted with the public key of the intended recipient and sent,
in confidence, to the recipient.
•
The encrypted data can be transferred over an i
nsecure network.
•
The intended recipient decrypts the session key using his/her private key, and then uses
the session key to decrypt the data.
5).
User Authentication
(logging in remotely without passwords) :
If a remote system can obtain a public key for which it has some confidence as to the
“identity” of the “person” to whom that public key was issued ;.. then there are protocols
that allow the remote system to authenticate the user on his/her local system
and permit a
“login” (e.g. a telnet or X

window session from the local to the remote system) without
exchanging any passwords “in the clear” (and over an encrypted channel, if desired)
See, e.g., “SSH (Secure Shell) Remote Login Program”
(http://www.cs
.hut.fi/ssh)
“Identity”
Several of the uses of public key cryptography (e.g. user authentication) depend on
establishing the identify of the holder of a private key.
That is, how do you know that the holder of the private key (the person that encrypt
ed
the message that you have just received and were able to decrypt with the corresponding
public key)
is really the person that you think it is
?
all that public key cryptography “guarantees” is that public and private keys come in
uniquely associated pa
irs, not who holds the private key
In this theory, each person/company gets a pair of keys, one called the
public key
and the
other called the
private key.
Each person’s public key is published, which is published
under the users name in a
public director
y
accessible for everyone to read while the
private key is kept secret. The need for the sender and receiver to share secret information
is eliminated; all communications involve only public keys, and no private key is ever
transmitted or shared. No longer
is it necessary to trust some communications channel to
be secure against eavesdropping or betrayal. The only requirement is that public keys are
associated with their users in a trusted (authenticated) manner (for instance, in a trusted
directory). Anyon
e can send a confidential message by just using public information, but
the message can only be decrypted with a private key, which is in the sole possession of
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
4
of
10
the intended recipient. Furthermore, public

key cryptography can be used not only for
privacy (
encryption
), but also for authentication (
digital signatures
).
ADVANTAGES OF PUBLIC

KEY CRYPTOGRAPHY
1.
Only the private key must be kept secret (authenticity of public keys must, however, be
guaranteed).
2.
The administration of keys on a network requires th
e presence of only a functionally
trusted TTP as opposed to an unconditionally trusted TTP. Depending on the mode of
usage, the TTP might only be required in an
offline
manner, as opposed to in real time.
3.
Depending on the mode of usage, a private key/publ
ic key pair may remain unchanged
for considerable periods of time, e.g., many sessions (even several years).
4.
Many public

key schemes yield relatively efficient digital signature mechanisms. The
key used to describe the public verification function is typi
cally much smaller than for the
symmetric

key counterpart.
5.
In a large network, the number of keys necessary may be considerably smaller than in the
symmetric

key scenario.
DISADVANTAGES OF PUB
LIC

KEY ENCRYPTION
1.
Throughput rates for the most popular publi
c

key encryption methods are several orders
of magnitude slower than the best

known symmetric

key schemes.
2.
Key sizes are typically much larger than those required for symmetric

key encryption,
and the size of public

key signatures is larger than that of t
ags providing data origin
authentication from symmetric

key techniques.
3.
No public

key scheme has been proven to be secure (the same can be said for block
ciphers). The most effective public

key encryption schemes found to date have their
security based on
the presumed difficulty of a small set of number

theoretic problems.
DIGITAL SIGNATURES
Two additional components of information security are integrity and authenticity. How
can a recipient know that the message has not been tampered with or changed and
is
actually from the purported party? If we communicate electronically with those we do not
know, we must have a way to address these concerns. Digital signatures provide this.
A digital signature is a portion of a message encrypted with a user's private
key. Anyone
who knows this user's public key could now decrypt this digital signature and the
message it signs.
By doing so, the recipient would know that this message and its digital signature could
have come only from the owner of the private key corresp
onding to the public key used
to decrypt.
Only the corresponding private key could have originally encrypted the message. Digital
signatures not only ensure that the received message is exactly the one sent, but also
verify that the alleged sender actually
sent it. In a public key system, the private key is
never transferred or distributed. Consequently, the risk of an outsider obtaining this
critical item is very small.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
5
of
10
DIGITAL CERTIFICATES
However, we still need to know, without doubt, that the owner of
a public key is who he
claims to be. This involves the intervention of a disinterested, trusted third party that
binds a public key to an individual or entity that it has positively identified. This binding
mechanism is know as a digital certificate. A di
gital certificate can be considered
analogous to a passport.
Like a passport, a certificate serves as a credential; it contains information that establishes
an individual's identity, along with a unique identifying number. A digital certificate is an
elect
ronic credential that contains specific identification information

name, address, and
company

along with the individual's public key. With a passport, information is verified
and A Certificate Authority issues, verifies, and revokes certificates, just as a
government
issues, validates, and seizes passports. The Certificate Authority's digital signature attests
to the binding of the individual's identity and his public key. The CA, like any individual,
has a certificate containing its identifying information
and public key so that anyone who
needs to authenticate a CA signature can do so. To create a digital signature, a
cryptographic function takes digitized information and a CA's private key as inputs and
returns the signature as the unique output.
Finally,
if necessary, the digital signature can be authenticated with an inverse
cryptographic function that take the same digitized certificate information and the CA's
public key as inputs to generate a unique output called an authenticator. The CA can then
be
compared to the claimed signature.
In the near future, a hierarchy of Certificate Authorities will exist. Two parties with
certificates issued and signed by different Certificate Authorities will be able to mutually
authenticate each other by relying on t
he signature of a higher level of Certificate
Authority, such as the U.S. Postal Service.
CERTIFICATE ATTRIBUT
ES
Digital signatures, like handwritten signature, can be used as proof of agreement with or
ownership of the contents of a document. The identi
fying information in the certificate
can be trusted because the digital signature is cryptographically strong. The signature
contained in a digital certificate meets the following criteria (listed in Schneier's Applied
Cryptography, Wiley
& sons, 1994):
1)
. It must be non

forgeable. The signature proves that the signer deliberately signed the
document.
2).It must be authentic. The signature convinces the document's recipient that the signer
deliberately signed the document.
3). It must not be reusable. The
signature is part of the document, and an unscrupulous
person cannot move the signature to a different document.
4). It must make the signed document unalterable. In the case of digital signatures, after a
document is signed, it cannot be altered without
detection.
5). It cannot be repudiated. The signature and the document, although intangible, are
physical entities. The signer cannot claim later that he or she did not sign it.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
6
of
10
PUBLIC

KEY CIPHERS
Traditional
secret key
cryptography uses a single key sha
red by both sender and
receiver.
If this key is disclosed communications are compromised
Also does not protect sender from receiver forging a message & claiming is sent
by sender, parties are equal
public

key
(or
two

key
)
cryptography
involves the use of
two keys:
o
a
public

key
, which may be known by anybody, and can be used to
encrypt messages
, and
verify signatures
o
a
private

key
, known only to the recipient, used to
decrypt messages
,
and
sign
(create)
signatures
The public

key is easily computed from the private key and other information
about the cipher (a polynomial time (P

time) problem)
However, knowing the public

key and publ
ic description of the cipher, it is still
computationally infeasible to compute the private key (an NP

time problem).
Thus, the public

key may be distributed to anyone wishing to communicate
securely with its owner (although secure distribution of the pub
lic

key is a non

trivial problem

the
key distribution
problem)
Have three important classes of public

key algorithms:
o
Public

Key Distribution Schemes
(PKDS)

where the scheme is used to
securely exchange a single piece of information (whose value depe
nds on
the two parties, but cannot be set).
o
This value is normally used as a session key for a private

key scheme
o
Signature Schemes

used to create a digital signature only, where the
private

key signs (create) signatures, and the public

key verifies
si
gnatures.
o
Public Key Schemes (PKS)

used for encryption, where the public

key
encrypts messages, and the private

key decrypts messages.
o
Any public

key scheme can be used as a PKDS, just by selecting a
message which is the required session key.
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
7
of
10
o
Many publ
ic

key schemes are also signature schemes (provided
encryption & decryption can be done in either order) .
DIFFIE

HELLMAN PUBLIC

KEY DISTRIBUTION SCH
EME
First public

key type scheme proposed was a PKDS by Diffie & Hellman in 1976:
W Diffie, M E Hellman,
"New directions in Cryptography", IEEE Trans.
Information Theory, IT

22, pp644

654, Nov 1976 .
An excellent overview of cryptography at this time is:
W Diffie, M E Hellman, "Privacy and Authentication: An Introduction to
Cryptography", Proc. of the IEEE,
Vol 67 No 3, pp 397

427, Mar 1979
It is a public

key distribution scheme
o
it cannot be used to exchange an arbitrary message
o
only a key, whose value depends on the participants (and their private and
public key information)
Is based on exponentiation i
n a finite (Galois) field, either over integers modulo a
prime, or a polynomial field
o
nb exponentiation takes O((log n)
3
) operations
Its security relies on the difficulty of computing logarithms in these fields
o
nb discrete logarithms takes O(e
log n log
log n
) operations ..
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
8
of
10
CONCLUSION
With private

key encryption, you have to be careful of stolen or intercepted keys. In
public

key encryption, where anyone can create a key pair and publish the public key, the
challenge is in verifying that the owner of
the public key really is the person you think it
is. There is nothing to stop a user from creating a key pair and publishing the public key
under a false name. The person listed as the owner of the public key will not be able to
read messages encrypted wit
h that key because he or she will not have the private key. If
the creator of the false public key can intercept these messages, that person can decrypt
and read messages intended for someone else. To counteract the potential for forged
keys, public

key sy
stems provide mechanisms for validating public keys (and other
information) with digital signatures and digital certificates
[Source:http:// www.unicom.com/
pw/pubnetinfosec/ crypto

pubkey.gif ]
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
9
of
10
[http://www.home7.inet.tele.dk/ hunter/basics.html]
Some sample symmetric ciphers
:
o
Export

grade RC4 (40 bits)
o
DES (5
6 bits)
o
Domestic

grade RC4 (128 bits)
o
IDEA (128 bits)
Author : Deepank Gupta
Topic :Introduction to Cryptography
Page
10
of
10
Practice:
Alice and Bob want to communicate in secret, while Eve wants to eavesdrop. Alice
and Bob could be military jets, on

line businesses or just friends trying to have a
private conversation. T
hey can't stop Eve listening to their radio signals (or tapping
their phone line, or whatever), so what can they do to keep their communication
secret
Comments 0
Log in to post a comment