Public-Key Cryptography

Scott Johnson

I. Executive Summary

Imagine you are an information security employee of a powerful regime wishing to

expose massive wiretapping and other invasions of privacy of the regimes citizens to a
member of the international media. How would you go about communicating with this
reporter? Obviously, using the telephone would be impossible; you already know it is tapped. If
the government is willing to tap all its citizens phones, it is also willing to open their mail, so
you cant send a letter. [Email] is as transparent as a postcard.1 Standard emails sent from
one place to another expose both the header and the contents, and your email is almost
certainly monitored. What you need is a way to send a message that the reporter can read, but
no one else will.

Since ancient times, people have tried to communicate with one another while
obscuring the contents of the messages from outsiders. The hiding of secrets in written and
pictorial form with the intent of passing on a message to a select few, is known as
cryptography.2 From the Greek crypto, meaning secret, and graphia, meaning writing, the
use of cryptography dates back as far as 1900 BC, when Egyptian scribes used hieroglyphs in
a non-standard manner, presumably to hide the meaning [from others.]3 However, until quite
recently, for two parties to encrypt (encode) and decrypt (decode) a message, there needed to
be a prior exchange of the encryption key, which would make your communication with an
international journalist quite dicult, unless you already had met and exchanged keys before
you were monitored.4

Public key cryptography, or asymmetric cryptography, provides an answer to your

problem. Asymmetric cryptography allows two parties to establish a common cryptographic
key over an insecure channel.5 Through the use of public key cryptography, you can encrypt
your communications to this reporter with the reporters publicly available key, and you can
Would you send this postcard in the mail? Institute for Advance Study Network Security, 2015. Web
para. 5., Accessed 29 March 2015. Available at https://security.ias.edu/node/22.
1

Batten, Lynn Margaret. Public Key Cryptography: Applications and Attacks. New Jersey: IEEE Press,
2012. eBook p. 20.
2

Damico, Tony M. A Brief History of Cryptography. Student Pulse 1.11 (2009): Web para. 4. Available
at http://www.studentpulse.com/articles/41/a-brief-history-of-cryptography.
3

Batten, supra note 2, at eBook p. 27. You may recognize this as the story of how Edward Snowden
contacted Guardian reporter Glenn Greenwald and began leaking information on the NSAs secret
programs to weaken internet security, record conversations around the world, and conduct economic
espionage. See Glenn Greenwald. How I met Edward Snowden. Toms Dispatch, 13 May 2014.
Available at http://www.tomdispatch.com/post/175843/tomgram
%3A_glenn_greenwald,_how_i_met_edward_snowden/
4

Id.

include in your encrypted message a key by which the reporter may encode his return
messages to you. Having established this secure channel, you may begin exposing the secrets
of your government.

II. Substitution Ciphers

Suppose Alice, the beautiful daughter of a haughty patrician family, wants to send Bob,
a young Roman heartthrob, the message MEET ME TONIGHT AT THE LAKE AT NINE PM
without Charlie, Alices overprotective father, deciphering the meaning of it. She decides to use
the Caesar Shift Cipher, a common method in of encryption in Ancient Rome.6 Alice shifts each
letter of the message an agreed upon number (traditionally three), writes the message PHHW
PH WRQLJKW DW WKH ODNH DW QLQH SP, ties it to a rock, and tosses it out her window,
where Bob picks it up later that day. Bob then reverses the letter shift, and learns of a time and
place to meet with his beloved.

Charlie did not become the patriarch of a powerful patrician family by being a fool,
however. Upon seeing a mysterious message tied to a rock on the edge of his estate, he
recognizes it as a secret message. He simply shifts each letter in the message between one
and 25 places, trying every possible combination. He sees a shift of three letters, deciphers the
note, learns of his daughters rendezvous, leaves the rock in its original position, and slays the
troublesome Lothario in an ambush that evening. The method by which Charlie decoded the
secret message is called a brute-force attack. 7

Though the Caesar Cipher allowed for very simple encryption (one had to remember
only how many places to shift the message), but the security of the message could be broken
very easily. Encryption methods containing substitutions for each letter, rather than simple
shifts of letters, began to develop between antiquity and the Middle Ages.8 With the cipher
alphabet able to be any rearrangement of the general alphabet, there are 4.0 * 1026 possible
keys from which to choose.9 At a rate of checking one per second, a message would take a
billion times the lifetime of the universe to decode via brute-force attack.10

Damico, supra note 3, at para. 4. It should be noted that while the first recorded use of the Caesar
Cipher was by Gaius Julius Caesar, infamous Roman dictator, other substitution ciphers were in use
prior to Caesar.
6

Simon Singh. The Code Book. New York: Anchor Books 2000. eBook.

Id.

Id.

10

Id.

III. Cryptanalysis

Complicated enough substitution ciphers were able to secure messages against enemy
scrutiny for most of human history. Over time, the science of cryptanalysis, the art of breaking
ciphers, developed. One common method of cryptanalysis is frequency analysis.

Imagine Charlie, in our above example, was not dealing with a simple shift cipher, but a
substitution cipher with a random key. All is not lost for our overprotective parent. He knows
that certain letters, such as E, appear more often in the Roman alphabet11 than others. In the
above message, he can see that H appears five times, the most of any letter in the message.
He also knows that THE is a very common word. So, he replaces the WKH in the above
message with the. Now, he makes replacements of t for W, and h for K. This uncovers
more parts of words. Through this method of finding and replacing letters, gradually uncovering
more of the message, he can decipher the whole message. Frequency analysis came to be the
primary means by which messages were decoded by eavesdroppers.

IV. Modern symmetric ciphers

To defeat frequency analysis attacks, ciphers became more and more complicated.
Ciphers would use multiple keys within each message, changing keys each letter.12 The
ultimate in this concept was reached after the First World War, in the one-time pad. The onetime pad uses a key that is a random set of letters that is as long as the message being
transmitted. This cipher is unbreakable even through a dedicated brute-force attack, since
even though the attack will uncover the true message, it will also uncover every possible wrong
message that could be created with the ciphertext.13 One-time pads were very impractical to
use perfectly, however, and most new ciphers used machines.

As electronic computers became powerful and cheap enough, ciphers that used
computers began to emerge. The Data Encryption Standard, or DES, is a well-known electronic
cipher. DES and its successors oered nearly unbreakable encryption, but there was still a
fundamental flaw: for two parties to communicate, they still needed to exchange a key. Without
a secure way to exchange keys, an eavesdropper could thwart their secure communication by
somehow obtaining the key.14

11

That is, the alphabet developed by the Romans and being used to type this very paper.

See Singh, supra note 7, at page 124. These ciphers are known as polyalphabetic substitution ciphers,
the most famous of which was Le Chiffre Indchiffrable.
12

13

Id. at eBook page 285. The security of the one-time pad has been mathematically proven.

14

Id. at eBook page 569.

V. Asymmetric Cryptography Algorithms

Imagine Alice, a young, computer-savvy teenage girl, wants to send Bob, an equally-

savvy ladykiller, a message encrypted with DES, which would ordinarily be impossible for
Charlie, Alices overbearing father, to decipher. There is one major problem with this: without
the key, Bob also cannot decipher the message. How does Alice deliver the key to Bob? If
Charlie monitors the mail, the telephone, her email, and her personal contact with Bob, it is
impossible to deliver the key to Bob, so that Bob may decrypt Alices message. The problem of
key exchange was considered to be an axiom of cryptographyan indisputable truth.15

A. Die-Hellman

Imagine a box that you send to a friend with an unlocked padlock that only you have

the key to. Your friend can place a message in the box, lock the padlock, and send the box
back to you. Here we have managed to deliver a secret message without first delivering a
secret key. Whitfield Die and Martin Hellman spent the better part of a decade trying to create
a mathematical method to accomplish this.16 They did so by examining one-way functions,
functions that are not easily reversible. Most functions are easily reversible. Take the function 3x
= y. If you know y, solving for x is easy. If you were given 3x = 81, you could quickly solve this
by simple trial and error. First, you would make a guess, say 3, and discover that 33 = 27.
Realizing that this is too small, you try 4, and find that 34 = 81. Had you guessed 5, you would
have realized that your answer was too large, and tried a smaller number.17

Modular arithmetic can create one-way functions. In modular arithmetic, you divide by a

certain number, and the remainder is your answer, e.g. 26 mod 5 = 25 / 5 remainder 1 = 1. If we
change our earlier function to 3x (mod 7) = 1, it becomes much harder to solve for x, even
knowing y.18

With a very large modulus and exponent, it is nearly impossible to deduce the modulus

and exponent from the answer. Die and Hellman used this concept to create an algorithm for
secure key exchange. The math behind this is beyond the scope of this paper, but it allows two
parties to agree on an encryption key by agreeing on the exponents base and modulus,
without an eavesdropper being able to deduce the key from this information.19

15

Id., page 580.

16

Id.

17

See id.

18

For 3x (mod 7) = 1, x = 6, but if we guess x = 5, the y is 5, and for x = 4, y = 4

19See

Singh, supra note 7, eBook page 595.

The flaw in Die-Hellman is that the key exchange must occur prior to the transmission

of the message, which means that if the two parties cannot communicate at the same time, the
message cant be sent until both parties have agreed on a key. For messengers living in
separate time zones, this presents an inconvenience.20 A truly asymmetric cryptosystem would
not be discovered for another year.

B. RSA

Ron Rivest, Leonard Adleman, and Adi Shamir were MIT computer science researchers

searching for a way to create an asymmetric cypher. Rivest eventually found a one-way
function that, with special information, a receiver could reverse.21 This was a huge
breakthrough. The RSA encryption algorithm, as it came to be known, involved splitting the key
into a public key used for encryption, and a private key used for decryption.

Lets use our star-crossed lovers as an example. Alice wants to send Bob a message

about where to meet for tonights tryst. Bob publishes his public key, N, which is the product of
two large (at least 1024 bit) prime numbers, P and Q, as well as a third number, e.22

Alice takes her message and converts it to a number, M. Alice encrypts the messages

ciphertext, C to Bob using the algorithm C = Me (mod N). Well 3 for P, 7 for Q, and 5 for e in our
example, but remember that in real life the numbers would be quite large.

For the message X, a kiss, we convert it to ASCII,23 1011000, which is 88 in decimal.

We encrypt first C = 883(mod 35) = 681472 (mod 35) = 22. She sends the ciphertext, 22, to
Bob. Exponentials in modular arithmetic are one-way functions, so it is hard to work backward
from C = 11 to M = 88. Bob can decipher the message, though, because he knows P and Q.
He creates a special number, D, his decryption key, by finding the modular multiplicative
inverse of e (mod N)24. He applies this decryption key to the message M, and obtains the
plaintext, all without ever having to exchange keys with Alice.25

20

Id., eBook page 602.

21

See id, eBook page 616.

22

e should be relatively prime to (p - q) * (q - 1).

23

Any numerical format will work, so long as both parties know what to use.

is the result of Eulers totient function, finding the positive integers less than or equal to n that
are relatively prime to n. For a prime number P, is equal to P - 1, and for the product of two primes,
PQ, equals the of P * the of Q.
24

See R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital
Signatures and Public-Key Cryptosystems. Communications of the ACM 21 (2): 120-126. Available at:
http://people.csail.mit.edu/rivest/Rsapaper.pdf
25

This simple example could be easily decrypted by an eavesdropper factoring N,

discovering the private key, but for extremely large (1024 bit or larger) prime numbers P and Q,
the diculty of factoring N product renders RSA essentially unbreakable, so long as an easy
way to factor large numbers is not discovered.26

For our star-crossed lovers, public-key cryptography is a way for Alice to send a

message to Bob, without Charlie, knowing Bobs public key, being able to decrypt the
message and intercept their rendezvous. For the rest of us, it allows us to send sensitive
information, like credit card numbers and Social Security numbers, over the internet without
worrying about eavesdroppers.

VI. Conclusion

Without public-key cryptography, the Internet as we know it would not exist. It may

have become a fine repository of ideas, a wondrous library accessible from anywhere in the
world, but the vast and wonderful Internet, where one can order a pizza to be delivered to your
door with a few keystrokes, send a secure message to ones business partners in China, and to
securely plan a military campaign involving satellite-controlled unmanned drones from across
the world, would not exist.

For thousands of years, our cryptosystems have become more and more secure, but a

determined attacker could always bypass that security by somehow compromising the
exchange of cryptographic keys. The United States arguably won World War II by
compromising enemy codes and surprising the enemy.27 With the invention of public-key
cryptography, a secure channel was made mathematically that enabled the exchange of
symmetric keys and entire messages without the possibility of eavesdropping. Army generals
50 years ago would have killed for such an ability,28 yet it is now so mundane that a community
college student has just used it to securely upload a paper on public-key cryptography to be
sent across town to his teacher.

26

See Singh, supra note 7, eBook page 625.

27

See id. at eBook page 427.

28

Augustus Caesar would have probably instructed the Senate to deify you.

Bibliography

Would you send this postcard in the mail? Institute for Advance Study Network Security, 2015..
Available at https://security.ias.edu/node/22.
Batten, Lynn Margaret. Public Key Cryptography: Applications and Attacks. New Jersey: IEEE Press,
2012. eBook.
Damico, Tony M. A Brief History of Cryptography. Student Pulse 1.11 (2009). Available at http://
www.studentpulse.com/articles/41/a-brief-history-of-cryptography.
Simon Singh. The Code Book. New York: Anchor Books 2000. eBook.
R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key
Cryptosystems. Communications of the ACM 21 (2): 120-126. Available at http://people.csail.mit.edu/
rivest/Rsapaper.pdf