Asymmetrical Cryptography - An Overview of DH, RSA and ECC

Introduction To Public Key Cryptography

Introduction To Public Key Cryptography

How Does Public Key Cryptography Work?

Asymmetrical Cryptographic Algorithms

• Diffie-Hellman Key Exchange(DHKE)
• Rivest-Shamir-Adleman(RSA)
• Elliptic-curve Cryptography(ECC)

Diffie-Hellman Key Exchange

The Algorithm

1. Both alice and Bob, publicly agree to use a prime number p(modulus) and a primitive-modulo-p g(generator);
2. Alice chooses a secret number and sends Bob the result of \(A = g^a \ mod \ p\)
3. Bob chooses a secret number and sends Alice the result of \( B = g^b \ mod \ p \)
4. Alice computes \( s = B^a \ mod \ p \), which is her secret key;
5. Bob computes \( s = A^b \ mod \ p \), which is his secret key.

Mathematical background

>

A cyclic group \( G \) is an Abelian group that can be generated by a single element \( g \in G \). In other words: $$ G = {g^n \ : \ n \in \mathbb{Z} } $$

>

Modular exponentiation is a type of exponentiation performed over a modulus, in other words: $$ c = b^e\pmod n $$

Exponentiation by squaring

                
def mod_pow(b, e, m):
  if m == 1:
    return 0
  else:
    r = 1
    b = (b % m)
    while e > 0:
      if (e % 2) == 1:
        r = (r*b) % m
      e = e >> 1
      b = (b^2) % m
  return r
                
            

1. Alice and Bob agree to use \( p = 17 \) and \( g = 3 \) (the first one is a prime number, while the second one is a primitive root modulo 17);
2. Alice chooses \( a = 5 \) as a private number and sends Bob the result of \( A = 3^5 \pmod{17} = 5 \);
3. Bob chooses \( b = 4 \) as a private number and sends Alice the result of \( B = 3^4 \pmod{17} = 13 \);
4. Alice retrieve the shared password with \( s = 13^5 \pmod{17} = \boxed{13} \);
5. Bob retrieve the shared password with \( s = 5^4 \pmod{17} = \boxed{13} \)

Advantages And Disadvantages

Applications

RSA Cryptosystem

The Algorithm

1. Choose two random prime numbers \( p \) and \( g \). These two numbers must remain private;
2. Compute \( n = p \cdot q \), it will be used as the modulus for other computation. Also, do note that their product \( n = p \cdot q \) should be equal to the required bit length(for instance, 1024);
3. Use Euler's totient function to compute \( \phi = (p-1)(q-1) \);
4. Choose an integer \( 1 < e < \phi \) such that \( \gcd(e, \phi) = 1 \)(i.e., they are coprime);
5. Compute the exponent \( 1 < d < \phi \), such that \( ed \equiv 1 \pmod{\phi(n)} \)

• The public key \( (n,e) \);
• The private key \( (n,d) \);
• p, g and \( \phi \) must also remain secret, since they could be used to determine d. In fact, you can discard all of them after has been successfully generated.

Mathematical proof using Fermat's Little Theorem

Fermat's Little Theorem

>

Let \( p \) be a prime number and let \( a \) be an integer \( a \in \mathbb{Z} \) then: $$ a^p \equiv a \pmod p $$ Furthermore, if \( \gcd(p,a) = 1 \) then $$ a^{p-1} \equiv 1 \pmod p $$

RSA Proof

A Worked Example

1. She chooses two prime numbers \( p = 11 \) and \( q=23 \), then she computes \( n = 11 \cdot 23 = 253 \);
2. Alice computes \( \phi(n) \) which is quite simple since she already knows the factors of \( n \): $$ \phi(253) = (11-1)\cdot(23-1) = 220 $$
3. Alice computes the second part of the public key(i.e., e) such that $$ \gcd(e, \phi(n)) = 1 $$ She sets \( e = 3 \);
4. Alice computes the second part of the private key(i.e., d) such that $$ ed \equiv 1 \pmod{\phi(n)} $$ Thus $$ 3d \equiv 1 \pmod{220} \implies d = 147 $$

1. He encrypts the secret message \( m = 6 \) using $$ c = m^e \pmod n $$ $$ \iff 6^3 \pmod{253} = 216 $$
2. He sends the cyphered text \( c = 216 \);

1. She decrypts the message using $$ m = c^d \pmod n $$ $$ \iff 216^{147} \pmod{253} = 6 $$
2. She reads the secret message \( m = 6 \).

Elliptic-Curve Cryptography

Galois Fields

>

Any non-empty set \( K \) together with two binary operations called addition and multiplication is a field if and only if

• \( (K, +) \) is an Abelian group wit 0 as the neutral element;
• \( (K - 0, * ) \) is an Abelian group with 1 as the neutral element;
• Multiplication is distributive to addition (i.e., \( a(b+c) = (ab) + (ac) \))

>

A Galois field(or finite field) is any field with a discrete number of elements with the following properties:

• A finite field has \( p^n \) elements, where \( p \in \mathbb{P} \) is a prime number and \( n \in \mathbb{N} \);
• \( \forall n \in \mathbb{N}, n \geq 1 \) and \( \forall p \in \mathbb{P} \) \( \exists! \ \mathbb{F}_{p^n} \) with \( p^n \) elements, exception made for isomorphism.

Elliptic Curves

>

An elliptic curve is a plane curve defined over a Galois field given by an equation of the form $$ y^2 = x^3 + ax +b $$ Where the polynomial \( x^3 + ax + b \) must have distinct solutions. In other words the discriminant \( \Delta = 4a^3 + 27b^2 \) must not be equal to zero.

Trapdoor Function

1. Choose a point on the curve, let us call it \( A \);
2. Choose another arbitrary point \( B \) on the curve;
3. Draw a line that intersect both \( A \) \( B \);
4. The line should intersect a third point;
5. Find the sum of \( A + B \) by reflecting the third point

1. Set an arbitrary point \( P \);
2. Draw a tangent line and find a point of intersection on the elliptic curve;
3. Reflect the intersection point on the y-axis;
4. The result point(let us called it \( R \) ) is the sum of \( P \), meaning \( 2P = P + P \)

Did I Just Discover A Pitfall Of Elliptic Curves?

Q:

Can I break the security of elliptic curve cryptography by simply repeating the same process(i.e., multiplying \( P \) to itself \( N \) times) until I get to the coordinates of \( NP \) ?

1. Take \( P \) and double it, we get \( 2P \) (i.e., \( 2^1 P \));
2. Do not add anything since \( 2^1 P \) represent a null bit;
3. Double \( 2P \), we get \( 2^2 P \);
4. Do not add anything since \( 2^2 P \) represent a null bit;
5. Double \( 2P \) , we get \( 2^3 P \);
6. Add \( 8P \) to the final result(which was empty);
7. Double \( 2^3P \), we get \( 2^4 P \);
8. Add \( 2^4P \) to \( 2^3P \), we get \( 2^4P + 2^3P \);
9. Double \( 2^4P \), we get \( 2^5 P \);
10. Add \( 2^5P \) to the final result, we get \( 2^5P +2^4P + 2^3P \);
11. Double \( 2^5P \), we get \( 2^6 P \);
12. Add \( 2^6P \) to the final result, we get \( 2^6P + 2^5P +2^4P + 2^3P \);

Elliptic Curves Over \( \mathbb{F}_P \)

Elliptic Curves Diffie Hellmans

1. Alice generates her key pair using the methods previously described. She ends with \( NP \)(pubkey) and \( N \) (privkey); She sends her public key to Bob;
2. Bob does the same and sends his public key \( MP \) to Alice;
3. Both of them agree on using \( P \) as the starting point;
4. Alice computes the shared secret key by adding \( MP \) to itself \( N \) times, that is $$ \underbrace{MP + MP + \cdots + MP}_{N\ times} = N \cdot MP $$
5. Bob computes the shared secret key by adding \( NP \) to itself \( M \) times, that is $$ \underbrace{NP + NP + \cdots + NP}_{M\ times} = M \cdot NP $$
6. They both end up with the same value(let us call it \( K \) ) since \( (NM)P = (MN)P \).

Discrete Logarithm Problem

>

Let \( G \) be a finite cyclic group of \( n \) elements. Let \( b \) be a generator of \( G \) , then \( \forall g \in G \) we can use the following notation $$ g = b^k $$ with \( k \in \mathbb{Z} \). We can define the discrete logarithm function as $$ \log_b \colon G \to \mathbb{Z}_n $$ Where \( \mathbb{Z}_p \) is the ring of integers modulo \( n \).

Thus, the function is a group homomorphism.