Review Questions and Problems Week 4 Nama : Suryadin Akbar NPM : 1113100

Review Questions 1. 2. 3. 4. What are the principal elements of a public-key cryptosystem? What are the roles of the public and private key? What are three broad categories of applications of public-key cryptosystems? What requirements must a public key cryptosystems fulfil to be a secure algorithm?

Problems 1. Perform encryption and decryption using the RSA algorithm for the following: a. p = 3; q = 11, e = 7;M = 5 b. p = 5; q = 11, e = 3;M = 9 c. p = 7; q = 11, e = 17;M = 8 d. p = 11; q = 13, e = 11;M = 7 e. p = 17; q = 31, e = 7;M = 2 2. In a public-key system using RSA, you intercept the ciphertext C = 10 sent to a user whose public key is e = 5, n = 35.What is the plaintext M? 3. This is a very interesting case, Watson, Holmes said. The young man loves a girl, and she loves him too. However, her father is a strange fellow who insists that his would-be son-inlaw must design a simple and secure protocol for an appropriate public-key cryptosystem he could use in his companys computer network. The young man came up with the following protocol for communication between two parties. For example, user A wishing to send message M to user B: (messages exchanged are in the format senders name, text, receivers name) 1. A sends B the following block: (A, E(PUb, [M, A]), B). 2. B acknowledges receipt by sending to A the following block: (B,E(PUa, [M,B]),A). You can see that the protocol is really simple. But the girls father claims that the young man has not satisfied his call for a simple protocol, because the proposal contains a certain redundancy and can be further simplified to the following: 1. A sends B the block: (A, E(PUb,M), B). 2. B acknowledges receipt by sending to A the block: (B, E(PUa,M), A). On the basis of that, the girl s father refuses to allow his daughter to marry the young man, thus making them both unhappy. The young man was just here to ask me for help. Hmm, I dont see how you can help him. Watson was visibly unhappy with the idea that the sympathetic young man has to lose his love. Well, I think I could help.You know,Watson, redundancy is sometimes good to ensure the security of protocol.Thus, the simplification the girls father has proposed could make the new protocol vulnerable to an attack the original protocol was able to resist, mused Holmes. Yes, it is so,Watson. Look, all an adversary needs is to be one of the users of the network and to be able to intercept messages exchanged between A and B. Being a user of the network, he has his own public encryption key and is able to send his own messages to A or to B and to receive theirs.With the help of the simplified protocol, he could then obtain message M user A has previously sent to B using the following procedure: Complete the description. 1|Suryadin Akbar - 1113100

ANSWER :

3. A "public key cryptosystem" would be one using an asymmetric encryption algorithm. It is related to Public Key Infrastructure (PKI) and sometimes confused with it. The principal elements could be categorized as: 1) the algorithm for generating the asymmetric key pairs (private key and public key) 2) the algorithm to encrypt a message using the private key or to "sign" the message 3) the algorithm to decrypt a message using the public key or to authenticate it from the digital signature 4) a means to publish the public key 5) a means to authenticate that the public key actually belongs to the entity it purports to belong to - sometimes omitted in "public-key cryptography". PKI provides a means to achieve this. There are many different public key encryption algorithms. Some of the more popular ones are: SSL (Secure Socket Layer), TLS (Transport Layer Security), PGP (Pretty Good Privacy), and GPG (Gnu Privacy Guard). A mathematical algorithm is used to generate a private key which is held by the owner while the public key is provided to everyone that the owner wants to communicate with. The owner of the private key uses it to encrypt the message. Someone receiving it can only decrypt it by using the author's public key. This provides some authentication of the source of the message - if the recipient is confident that the public key they are using really belongs to the purported author. A user's public key can also be used to encrypt a message so that only the holder of the corresponding private key will be able to decrypt it. This provides confidentiality for the sent message. Two people can achieve secure communications by using each others public keys to encrypt messages so that only the recipient can read each message. Asymmetric encryption algorithms can also be used to digitally sign messages. In this case a message digest is created and then encrypted using the private key. The recipient can duplicate the message digest, then decrypt the digital signature using the originators public key and compare the two digests. If the message has been tampered with, then the digests will not match. Authentication of the public keys, i.e. being certain who a public key really belongs to, can be achieved in different ways: a) a web of trust - you get public keys from people or entities you personally know and trust and build up a "key ring" of those keys. If someone whom you have a public key from sends you a public key for another entity, you can decide whether or not you trust them enough to add the new key to your key ring. You have to install each certificate manually in order to be able to use it with the other person.

2|Suryadin Akbar - 1113100

b) PKI - in this scenario, you have a Certificate Authority (CA) that vouches for the ownership of a public key. PKI permits each certificate to be signed only by a single party: a certificate authority (CA). The CA's certificate may itself be signed by a different CA, all the way up to a 'self-signed' root certificate. These root certificates are maintained by a "Registration Authority" (RA). Root certificates must be available to those who use a lower level CA certificate and so are typically distributed widely. They are for instance, distributed with such applications as browsers and email clients. In this way SSL/TLS-protected Web pages, email messages, etc. can be authenticated without requiring users to manually install root certificates. Applications commonly include over one hundred root certificates from dozens of PKIs, thus by default bestowing trust throughout the hierarchy of certificates which lead back to them. An important additional feature is needed for this approach. You must also have a mechanism for revoking expired or compromised certificates and getting that information out to users. c) A third alternative is Simple Public Key Infrastructure (SPKI). SPKI does not associate users with persons, since the key is what is trusted, rather than the person. SPKI does not use any notion of trust, as the verifier is also the issuer. This is called an "authorization loop" in SPKI terminology, where authorization is integral to its design. In this case, the entity originating a connection with a subsidiary node sends a message including the key it plans to use for communication with the subsidiary node. Each entity is identified by its public key. 2. a user's private key is kept private and known only to the user. The user's public key is made available to others to use. The private key can be used to encrypt a signature that can be verified by anyone with the public key. Or the public key can be used to encrypt information that can only be decrypted by the possessor of the private Key.

3|Suryadin Akbar - 1113100

3. Three types of cryptography: secret-key, public key, and hash function.

4. 1. It is computationally easy for a party B to generate a pair(Public key KUb, Private key KRb) 2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted , M, to generate the corresponding ciphertext: C=EKUb(M) 3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message : M=DKRb(C)=DKRb[EKUb(M)] 4. It is computationally infeasible for an opponent , knowing the public key,KUb,to determine the private key,KRb. 5. It is computationally infeasible for an opponent , knowing the public key,KUb, and a ciphertext, C, to recover the original message,M. 6. The encryption and decryption functions can be applied in either order: M=EKUb[DKRb(M)]=DKUb [EKRb(M)]

4|Suryadin Akbar - 1113100