Public-Key Cryptography - University of Texas at Austin · Public-Key Cryptography The science of cryptography is as old as the need to transmit secret information. Until recently,

Public-Key Cryptography

The science of cryptography is as old as the need to transmit secret information.Until recently, cryptography was mostly used for military purposes. In recent times, theneed for secure, efficient cryptosystems has increased due to the large volume ofsensitive information that is transmitted daily by satellite, computer, and over telephonelines. Historically, when two parties communicated using a secret code, they used thesame key to encode and decode the message. For example, a very secure method oftransmitting information involves use of a book of random digits called a one-time keypad. In this system, both sender and receiver have a copy of the book. The text messageis translated by an agreed upon system to a numerical message. For example, one couldtranslate “space”=99, A=11, B=12, C=13, and so forth. The message would then bebroken up into blocks of uniform length and the sender would add to each block a blockof random digits from the one-time key pad. The receiver would subtract the samerandom digits from the blocks to retrieve the original message. Unless the one-time keypad is intercepted, this is an unbreakable system. It has the disadvantage of beinginefficient when long messages are to be sent routinely, as the one-time key pads cannever be reused, and one must supply a new key-pad for each new message. It has thefurther disadvantage of limiting the number of participants in the exchange ofinformation to those in possession of the one-time key pad.

In contrast, a public-key cryptography system is one in which the encoding key isnot the same as the decoding key. Furthermore, knowledge of the encoding key does notgive enough information to obtain the decoding key in a reasonable amount of time.Consequently, the encoding algorithm of each participant can be published withoutcompromising the security of the message. There are several public-key cryptographysystems currently in use. One such system, the RSA system, was developed in 1977 byR. Rivest, A. Shamir, and L. Aldeman and is based on the fact that it is easy to multiplytwo large numbers, but the process of factoring is extremely time-consuming.

The method works as follows: The encoding key consists of two integers, m ande, where m = pq, with p and q being large primes (at least 100 digits each), and e is aninteger which is relatively prime to

†

j(m)= (p -1)(q -1). The pair of integers, e and m canbe published and anyone wishing to send an encrypted message will do so as follows:

1) Translate the message from text to a numerical value using a standardtranslation scheme.

2) Break the message into blocks of digits so that each block is a number B < m.3) Encode the message by computing for each block

†

Bi the encoded block

†

Ci ≡ Bie(mod m), where

†

0 £ Ci < m .

We will illustrate the method with small primes for ease of computation. Wechoose m = 5141 = (53)(97), so that

†

j(m)= 52 ⋅ 96 = 4992. Thus we can choose e=19,since neither 52 nor 96 is divisible by 19. If we translate text to a numerical messageusing the scheme A = 11, B = 12, C = 13, … , “space” = 99, then the message “Help me”would be written as 18152226992315. The sender would break this message into 3 digit

blocks, so that

†

B1 =181,

†

B2 = 522 ,

†

B3 = 269 ,

†

B4 = 923 , and

†

B5 =15 . Now they wouldencode the blocks by computing

†

Ci ≡ Bi19(mod 5141):

†

18119(mod 5141)≡ 3649 = C1

†

52219(mod 5141)≡ 975 = C2

†

26919(mod 5141)≡ 992 = C3

†

92319(mod 5141)≡ 840 = C4

†

1519(mod 5141)≡ 3416 = C5

So the encoded message we receive is 3649 975 992 840 3416. How would we decodethat message?

Note that the only way to compute

†

j(m)= (p -1)(q -1), is to know that m = pq.For large numbers (m having 200 digits or more) it is currently impossible to factor m ina reasonable amount of time. (An estimate for the time needed to factor such a number isin the millions of years.) So only the person who chose the factors of m will have accessto

†

j(m). Now, e was chosen to be relatively prime to

†

j(m), so there is an integer f suchthat

†

ef ≡1(mod j(m)), but only those who know

†

j(m) will be able to calculate it. Theinteger f is the key to decoding the message. To recover the original message, it sufficesto calculate

†

Cif (mod m) because, as we shall see below,

†

Cif (mod m)≡ Bi .

For example, to decode the message above, we need to calculate the inverse of 19modulo

†

j(5141)= 4992 . We can do so easily using the Euclidean Algorithm to find thatf = 1051. Now, we decode:

†

36491051(mod 5141)≡ 181

†

9751051(mod 5141)≡ 522

†

9921051(mod 5141)≡ 269

†

8401051(mod 5141)≡ 923

†

34161051(mod 5141)≡ 15

Why does this work? The theorem below, which is a consequence of Euler’s theorem,provides the justification.

Theorem: Let m = pq be the product of two primes and let e be a positive integer whichis relatively prime to

†

j(m). Let f be a positive integer satisfying

†

ef ≡1(mod j(m)). If

†

C ≡ B e (mod m), then

†

B ≡ C f (mod m).

Proof: We will consider two cases:

Case 1) gcd (B, m) = 1.In this case, we know by Euler’s theorem that

†

Bj(m ) ≡1(mod m). Now, since

†

ef ≡1(mod j(m)), there is some integer k such that

†

ef +kj(m)=1. So then

†

B = B1 = Bef + kj(m ) = (Be )f (Bj (m ))k, and reducing modulo m, we have

†

B ≡ (Be )f (Bj(m ))k(mod m)≡ C f (mod m).

Case 2) B and m are not relatively prime.In this case, it must be that either p or q divides B, but not both. WLOG p divides

B and gcd(q, B) = 1. Since we want to show that

†

B ≡ C f (mod m), or in other words that

†

m| (B -C f ), it will suffice to show that

†

p| (B -C f ) and

†

q | (B - C f ), or equivalentlythat

†

B ≡ C f (mod p) and

†

B ≡ C f (mod q).Now, since p|B,

†

B ≡ 0(mod p), and

†

C ≡ B e (mod p)≡ 0(mod p), so clearly

†

B ≡ C f (mod p). On the other hand, since gcd(q, B) = 1, it follows from Euler’s theoremthat

†

Bj(q) ≡1(mod q),and since

†

j(q)| j(m), it also follows that

†

Bj(m ) ≡1(mod q). We cannow reason, as in case 1, that

†

B ≡ (Be )f (Bj(m ))k(mod q)≡ C f (mod q).

Signatures

Since the encoding key is accessible to anyone who wants to send a message, theproblem of forgery must be considered. Suppose that your bank receives a codedmessage claiming to be from you, requesting that a transfer be made from your account tosomeone else’s account. How can the bank be sure that you are the one sending themessage? The solution is quite simple and is based on the fact that the encoding anddecoding keys are inverses of each other, so that applying one after the other, in eitherorder, results in the original message sent. The bank can then require that any transactionbe accompanied by a signature that only you can send. Here is how it works: you willapply your decoding algorithm to your name. The bank will then apply your encodingalgorithm to recover your name. Since you are the only person who knows yourdecoding key, you are the only person who could possibly have sent the message.