Part 1: Public Key Cryptography

Public key cryptography

• Uses two keys: public (shared) and private (kept secret).
• Goal: enable encryption and signatures without prior secret exchange.

One-way functions

• Easy to compute in one direction, hard to reverse.
• Provide the mathematical foundation for cryptography.

Trapdoor functions

• One-way functions with a secret “trapdoor” that makes inversion easy.
• Example: factoring (if one factor is known, the other is trivial).
• Example: discrete logarithm problem.

Origins

• Can two parties communicate securely without sharing a key first?

Why not use public key for everything?

• Performance: far slower than symmetric ciphers.
• Ciphertext expansion: ciphertexts larger than plaintexts.
• Security: raw RSA/ECC is unsafe without padding/schemes.
• Public key is used for key exchange and signatures, not bulk encryption.

RSA and ECC

RSA basics
- Security based on difficulty of factoring large numbers.
- Key generation: choose primes \(p, q\); compute \(n = pq\), and exponents \(e, d\).
- Encryption: \(C = P^e \bmod n\); Decryption: \(P = C^d \bmod n\).

Elliptic Curve Cryptography (ECC)
- Uses algebra on elliptic curves instead of integers.
- Provides the same security as RSA with much smaller key sizes.
- Widely used in practice, especially in TLS and mobile devices.
- Limitations
- Raw RSA is insecure; requires padding (e.g., OAEP).
- Mainly used for exchanging keys or signatures, not bulk data.
- ECC has become a preferred alternative in many systems because it provides equivalent security with much shorter key lengths.**

Part 2: Hash Functions

Hash function
- Maps arbitrary input to fixed-size output.
- Goal: provide fingerprints of data for comparison or verification.

Properties
- Deterministic, fast, preimage-resistant, collision-resistant, avalanche effect.

SHA family
- Widely used cryptographic hash functions (SHA-2, SHA-3).

Applications
- Integrity checks, digital signatures, password storage.

Entropy
- Shannon entropy measures unpredictability in data.
- Goal: ciphertext and keys should appear random (high entropy).

Part 3: Integrity Mechanisms

Message Authentication Codes (MACs)

• Provide integrity + authenticity using a shared secret.
• HMAC: standardized in RFC 2104; uses hash + key with inner/outer pads.
• CMAC: NIST SP 800-38B; block cipher in CBC mode, last block is MAC.
• Goal: detect modification and confirm source when parties share a secret.

AEAD (Authenticated Encryption with Associated Data)

• Combines encryption and integrity in one operation.
• Examples: AES-GCM, ChaCha20-Poly1305.
• Goal: provide confidentiality + integrity in one step.

Digital Signatures

• Provide integrity, authenticity, and non-repudiation.
• Basic idea: sign a hash with private key; verify with public key.
• Real-world schemes: RSA-PSS, ECDSA, EdDSA.
• Goal: prove origin and protect against forgery.

Why hashes are involved

• Efficiency: sign a digest instead of entire message.
• Security: avoids structural weaknesses in raw messages.

MACs vs. Signatures

• MACs: symmetric, efficient, no non-repudiation.
• Signatures: asymmetric, slower, provide non-repudiation.

Part 4: Diffie-Hellman Key Exchange

Core question : How can two parties who have never met agree on a shared secret?

Basic process

• Alice and Bob exchange values derived from private exponents.
• Both compute the same shared secret without revealing private keys.

Security: Relies on hardness of the discrete logarithm problem.

Elliptic Curve Diffie-Hellman (ECDH)

• Uses elliptic curve multiplication instead of exponentiation.
• Smaller keys, faster computation, same security.
• ECDH is the dominant form of Diffie-Hellman used in
• modern TLS.

Limitation: Provides secrecy but not authentication (man-in-the-middle possible).

Part 5: Putting It All Together

Hybrid cryptosystem

• Combines public key and symmetric crypto.
• Goal: public key establishes a session key; symmetric cipher encrypts data efficiently.

Long-term keys

• Persistent key pairs tied to identity (e.g., server’s RSA/ECC keys).
• Goal: prove who you are over time.

Ephemeral keys (Session keys)

• Generated per session and discarded.
• Goal: ensure each session has unique secrets.

Forward secrecy

• Old sessions stay protected if long-term keys are later compromised.
• Achieved with ephemeral DH/ECDH.

Digital certificates (X.509v3)

• Bind public keys to identities.
• Issued by certificate authorities (CAs).
• Contain subject, key, validity, issuer, signature, and extensions.
• Goal: provide trusted association of a public key with an identity.

Root certificates and trust stores

• Root certificates are self-signed (signed by the CA itself).
• Stored in OS/browser trust stores (macOS/iOS Keychain, Windows Cert Manager, Android system store, Linux CA bundles).
• Goal: establish trusted anchors for certificate chains.

Certificate verification process

1. Receive certificate and intermediates.
2. Check validity dates.
3. Build chain to a root.
4. Verify signatures at each link.
5. Ensure root is in trust store.
6. Confirm hostname matches certificate subject.
7. Optionally check revocation.
8. Verify server controls corresponding to the private key.

Protocols in practice

• TLS: certificates for authentication, ephemeral DH/ECDH for key exchange, symmetric cipher (AES-GCM or ChaCha20-Poly1305) for data, AEAD for integrity.
• PGP: sender generates session key, encrypts with recipient’s public key, uses symmetric cipher for data.

Part 6 - Quantum Attacks and Post-Quantum Cryptography

• Quantum computers: Use principles of quantum mechanics to process information in new ways. They are still experimental and not yet capable of breaking deployed systems, but they raise future risks.
• Shor’s algorithm: Shows that RSA, Diffie-Hellman, and elliptic-curve cryptography could all be broken if large-scale quantum computers become practical.
• Grover’s algorithm: Speeds up brute-force search, reducing the effective strength of symmetric keys. Symmetric systems remain safe with longer keys (for example, AES-256).
• Post-quantum cryptography (PQC): New cryptographic methods designed to resist both classical and quantum attacks. Students do not need to memorize specific algorithm names, just understand that replacements for RSA and ECC are being standardized.

Key Takeaways

• Quantum computers → potential threat to public key systems in the future.
• Shor’s algorithm → breaks RSA, Diffie-Hellman, ECC.
• Grover’s algorithm → weakens but does not break symmetric crypto.
• Post-quantum cryptography → ongoing effort to design secure alternatives to today’s public key systems.
• Migration planning → important to protect long-term data against future quantum attacks.