Secure Communication and Public Key Encryption

The "Key" Idea: Remember that A cryptosystem is a five-tuple () where the following conditions are satisfied:

1. $\QTR{bs}{P}$ is a finite set of possible plaintexts:

2. $\QTR{bs}{C}$ is a finite set of possible ciphertexts:

3. $\QTR{bf}{K}$ the keyspace, is the a finite set of possible keys:

4. For each K there is and encryption rule e and a corresponding decryption rule d. Where

e and d are functions such that for all M $\in \QTR{bs}{P}$ ,d(e(M)) $\fallingdotseq$ M.

In general we think of cryptosystems as being used for two-way communication between individuals who want to carry on a private dialog. However, this is really not be practical for e-commerce. Consider the basic function of taking a credit card over the Web.

Suppose, however, that it were possible to find a cryptosystem for which knowing e , and the general methodology used in its construction, did not lead to an easy computation of d , then we could do the following.

Secure One-Way Communication: (eg Web Form)

1. Publish e for the world to see. Tell the world that, if they want to communicate securely with you, all they need to is apply e to the message before transmitting it. This because there is an acceptably small chance of someone discovering d hence decoding there message.

2. When I received the encrypted message apply d which, presumably only I know.

Secure Two-Way Communication:

Assume that we are dealing with a Cryptosystem such that

$\QTR{bs}{P=C}$
In addition to d(e(M)) $\QTR{Large}{=}$ M, we have e(d(C)) $\QTR{Large}{=}$ C for all C.
Given d(), it is also very hard to compute e().

Suppose that we have two people P and P who want to communicate securely with each other. Each selects their own "one way system", K and K, from a Cryptosystem with the above listed properties .

P and P commmunicate as follows:

1. P gives e to P and P gives e to P.

2. Suppose P wants to send message M to P . P computes C $\QTR{Large}{=}$ e(d(M)) and transmits it.

3. P computes e(d(C)) $\QTR{Large}{=}$ e(d(e(d(M)))) $\QTR{Large}{=}$ e(d(M)) $\QTR{Large}{=}$ M.

Why does this work?

P knows that the only person who can read the message is P , the owner of K since, presumably P , is the only person who knows d().
P knows that P sent the message since, presumably P , is the only person who knows d(). We are implicitly assuming that the message P

sees is meaningful.

There are Examples of One Way Cryptosystems:

RSA ( The RSA algorithm was invented in 1978 by Ron Rivest, Adi Shamir, and Leonard Adleman):

1. Begin by choosing $\QTR{Large}{p}$ and $\QTR{Large}{q}$ to be two very large prime numbers.

2. Next choose $\QTR{Large}{e}$ , , such that $\QTR{Large}{e}$ and are relatively prime.

3. Referring back to the previous sections, we can find $\QTR{Large}{d}$ such that . Note that $\QTR{Large}{e}$ and $\QTR{Large}{d}$ are "symmetric" for two way communication.

4. Here is RSA

$\QTR{bs}{P=C}$ is the set of integers between $\QTR{Large}{1}$ and $\QTR{Large}{pq=n}$ and relatively prime to $\QTR{Large}{n}$ .
$\QTR{bf}{K}$ the keyspace, is the set of pairs $\QTR{Large}{e}$ , $\QTR{Large}{d}$ as above:
For each K in $\QTR{bs}{K}$ and all M $\in \QTR{bs}{P}$ , e(M)) $\fallingdotseq$ M $^{\QTR{Large}{e}}$ =C and d(C) $\fallingdotseq$ C $^{\QTR{Large}{d}}$

Note: d(e(M)) $\fallingdotseq$ M M (M) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ (1) $^{\QTR{Large}{a}}$ M $\fallingdotseq$ M

And d(e(M))=M.

Example- Let $\QTR{Large}{p=47}$ and $\QTR{Large}{q=53}$ .

$\vspace{1pt}$

and . So. Choose $\QTR{Large}{e=35}$ . Note

$\vspace{1pt}$

Compute

$\vspace{1pt}$

Suppose M $\QTR{Large}{=25}$ $\$ Check

$\vspace{1pt}$

An Observation:

At first glance there may appear to be a security opening in RSA. A reasonable question that could be asked is, while it may be hard to factor $\QTR{Large}{n}$ all we really need to do is find $\QTR{Large}{d}$ such that , so given, , is there a way to compute ?

The answer is that it is as "hard" to compute from $\QTR{Large}{n}$ as it is to factor $\QTR{Large}{n}$ it self. Here is the argument.

1. For the sake of clarity, set . So if we know $\QTR{Large}{p}$ and $\QTR{Large}{q}$ we can quickly compute $\QTR{Large}{m}$ .

Next the important direction.

2. Suppose there was an easy way to compute $\QTR{Large}{m}$ from $\QTR{Large}{n}$ . To factor $\QTR{Large}{n}$ , we would then only have to solve the two simultaneous equations.

in two unknowns $\QTR{Large}{p}$ and $\QTR{Large}{q}$ .

Solving the first equation for p gives.

substituting this into the second equation gives.

The quadratic formula does the rest.