An Overview of Cryptographic Algorithms
2.1 Public-Key Cryptosystems (PKC)
Public-key cryptosystems (PKC) refer to a cryptographic system requiring two sepa-rate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. The public key may be published without compromising security, while the private key must not be revealed to anyone not authorized to read the messages.
PKC use asymmetric-key algorithms and can also be referred to by the more generic term “asymmetric-key encryption.” The algorithms used for PKC are based on mathe-matical relationships that presumably have no efficient solution. The most notable ones being the integer factorization and discrete logarithm problem (DLP). Although it is com-putationally easy for the intended recipient to generate the public and private keys, to decrypt the message using the private key, and easy for the sender to encrypt the mes-sage using the public key, it is extremely difficult or effectively impossible for anyone to derive the private key, based only on their knowledge of the public key. This is why, unlike symmetric-key algorithms, a public-key algorithm does not require a secure initial exchange of one or more secret keys between the sender and receiver. The use of these algorithms also allows the authenticity of a message to be checked by creating a digital
signature of the message using the private key, which can then be verified by using the public key. In practice, only a hash of the message is typically encrypted for signature verification purposes.
There are three primary kinds of PKC: public-key distribution systems, digital signa-ture systems, and public-key cryptosystems, which can perform both public key distri-bution and digital signature services. Diffie-Hellman key (DHK) exchange is the most widely used public-key distribution system, while the digital signature algorithm (DSA) is the most widely used digital signature system.
For the history of PKC, the pioneering paper by Diffie and Hellman [60] presented an approach to cryptography and challenged cryptologists to come up with a cryptographic algorithm that met the requirements for public-key systems. The first achievable method is the RSA [4]. It is a block cipher in which the plaintext and ciphertext are integers between 0 and n − 1 for some n. Plaintext is encrypted in blocks, with each block having a binary value less than some number n. A typical size for n is 1024 bits or 309 decimal digits. The following are the brief description of the RSA algorithm.
For some plaintext block M and ciphertext block C, encryption and decryption of RSA are of the following form.
C = Me (mod n)
M = Cd (mod n) = (Me)d (mod n) = Med (mod n).
Both sender and receiver must know the value of n. The sender knows the value of e, and only the receiver knows the value of d. Thus, this is a public-key encryption algorithm with a public key of P U = {e, n} and a private key of P R = {d, n}. For this algorithm to be satisfactory for public-key encryption, the following requirements must be met.
1. It is possible to find values of e, d, n such that Med (mod n) = M for all M < n.
2. It is relatively easy to calculate Me (mod n) and Cd (mod n) for all values of M <
n.
3. It is infeasible to determine d given e and n.
The preceding relationship holds if e and d are multiplicative inverses modulo φ(n), where φ(n) is the Euler’s totient function. For p, q prime, φ(pq) = (p − 1) × (q − 1). The
relationship between e and d can be expressed as ed (mod φ(n)) = 1. This is equivalent to saying ed ≡ 1 (mod φ(n)) and d ≡ e−1 (mod φ(n)). That is, e and d are multiplicative inverses (mod φ(n)). Note that, according to the rules of modular arithmetic, this is true only if d (and e) is relatively prime to φ(n) (i.e., gcd(φ(n), d) = 1).
We are now ready to state the RSA scheme. The ingredients are the following.
• p, q two prime numbers (private, chosen)
• n = pq (public, calculated)
• e, with gcd(φ(n), e) = 1 and 1 < e < φ(n) (public, chosen)
• d ≡ e−1 (mod φ(n)) (private, calculated)
The private key consists of {d, n} and the public key consists of {e, n}. Suppose that user Alice has published her public key and that user Bob wishes to send the message M to Alice. Then Bob calculates C = Me (mod n) and transmits C. On receipt of this ciphertext, user Alice decrypts by calculating M = Cd (mod n).
For the security of RSA, there are three approaches to attacking RSA mathematically.
1. Factor n into its two prime factors. This enables calculation of φ(n) = (p−q)×(q−1), which, in turn, enables determination of d ≡ e−1 (mod φ(n)).
2. Determine φ(n) directly, without first determining p and q. Again, this enables determination of d ≡ e−1 (mod φ(n)).
3. Determine d directly, without first determining φ(n).
Most discussions of the cryptanalysis of RSA have focused on the task of factoring n into its two prime factors. Determining φ(n) given n is equivalent to factoring n. With presently known algorithms, determining d given e and n appears to be at least as time-consuming as the factoring problem [61]. Thus, we can use factoring performance as a benchmark against which to evaluate the security of RSA.
For the size of n, a number of other constraints have been suggested by researchers.
To avoid values of n that may be factored more easily, the algorithm’s inventors suggest the following constraints on p and q.
1. p and q should differ in length by only a few digits. Thus, for a 1024-bit key, both p and q should be on the order of magnitude of 1075 to 10100.
2. Both (p − 1) and (q − 1) should contain a large prime factor.
3. gcd(p − 1, q − 1) should be small.
The key size of 1024 bits was generally considered the minimum necessary for the RSA encryption algorithm. However, it would result in high complexity of hardware cost and time execution. Figure 2.1 shows the comparison of security strengths for ECC versus RSA. It is shown that the key size of ECC can be several tens of times shorter than that of RSA with equivalent security. This also means that the user has convenience in using the shorter key by ECC approach.
Figure 2.1: Security comparison of ECC versus RSA.