1. Network Security Tutorial-16 Design Fundamentals PGP ET-IDA-082
, v6
Prof. W. Adi

2. P1: PGP Authentication and Confidentiality:
A PGP-based security system as shown in fig.1 is setup such that an appropriate prime number p = 4 q + 1 = 4 · = 173
is generated for GF(P), where q=41 is a prime.
Prove that p is a prime according to Pocklington’s theorem.
Prove that the element α=2 is primitive in GF(173) and compute the probability that a randomly selected element is primitive in GF(173).
Setup ElGamal public key crypto-system for public key encryption and ElGamal signature in DSA constellation over GF(173) for sender A and receiver B as shown in Fig. 1. Use Xa=12 and Xb=18 . Use the primitive element “α” and compute the corresponding public keys for A and B. Use the random R=k=9 for encryption and signature and use a session key KS =7. Select any necessary parameters to let the system work.
The message M= is sent. Use the hash function H (M) = (M mod 100) mod 32 and state all necessary computations for all framed symbols in Fig. 1.
MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?
Exam 2012

3. PGP Message with Confidentiality & Authentication
Ks: Session Key
PRa: A’s Private key for PK scheme
PUa: A’s Public key for PK scheme
EP : Public Key Encryption
DP : Public Key Decryption
EC: Symmetric Encryption
DC: Symmetric Decryption
H : Hash Function
|| : Concatenation
Z : Compression (not applied)
MD: Message Digest
A: Sender
H(M)=MD
Signed
Message
Z=1
PE(PUb, Ks)
PE(PRa, MD)
B: Emfänger
PE(PUb, Ks)
PE(PRa, MD)
Message MD is ciphered
using key PRa Ks MD
Z-1=1
Fig. 1 MD

4. Solution:
1. Prove that p is a prime according to Pocklington’s theorem.
N = R . F + 1 = = 173, F = 43 and R = Is 173 a prime?
Proof: gcd ( a (N-1)/ pj –1 , N ) = gcd ( 2172/43 –1 , 173 ) = gcd (15 , 173 ) = 1 is true
2. a N-1 = 1 ( mod N )  2172= 1 (mod 173) is true
F > 173 => > 13,15 is true
As all conditions 1, 2 and 3 are all true  173 is prime
2. Prove that the element α=2 is primitive in GF(173) and compute the probability that a randomly selected element is primitive in GF(173).
Possible multiplicative orders are the divisors of of φ (173) =172
that is => 1, 2, 4, 43, 86, 172
Checking if the element 2 is a primitive one:
2 1 ≠ 1 , 2 2 ≠ 1 , = 16≠ 1, =80 ≠1, =-1 ≠1
Ord (2) =  is a primitive element
# of all non-zero elements 173 – 1 =172
# of primitive elements: φ ( 172 ) = φ ( ) = (1-1/2) (1 -1/43) = 84
P( element=primitive ) = ( 84 / 172 ) = 48.8% 4

5. ElGamal Digital Signature Algorithm in DSA, Standard form (1994)
3. Setup ElGamal public key crypto-system for public key encryption and ElGamal signature in DSA constellation over GF(173) for sender A and receiver B as shown in Fig. 1. Use Xa=12 and Xb=18 . Use the primitive element “α” and compute the corresponding public keys for A and B. Use the random R=k=9 for encryption and signature and use a session key KS =7. Select any necessary parameters to let the system work.
ElGamal Digital Signature Algorithm in DSA, Standard form (1994)
public directory
User A signs M
Verifier
β=24 =16 is element in GF(173)
with order q, where q = 43
Xa = 12 Secret Key of A
 Xa = ya
p, q, , ya
ya =  Xb = 117 public key of A M
or H(M) If M S r
k -1 ( M + r . Xa ) in GF(q) = S
Rq(M . S -1 )
Rq(r . S -1)
Rp[β ya ] = U k
Rq[ Rp(βk) ] = r
r = Rq( U )
M= H(M) = 28
q= 43, k=9
k-1= -19 mod q
= 24
Then M is authentic
S= k -1 ( M + r . Xa ) in GF(43)
Signed Message
Rq[ Rp(βk) ] = r
FIG (2)

6. 3. User A encrypts M = Ks = 7 to B =2 primitive element in GF(173)
User B receives
=2 primitive element in GF(173)
Xa = 12 secret key of A
 Xa=212 = 117
Xb =18 secret key of B
 Xb=218 = 49
Ya =  Xa = 117 public key of A
Yb =  Xb = 49 public key of B C
86 x 159 mod 173 = 7= Ks X X
M= Ks = 7
C = M . Z = 7 x 37 = 86 / m
Z = mod 172 = = 37 yb
(49)9
r = 2 9= 166 r
Z-1 =r -Xb = (166) 154 = 159
2 9
-Xb =- 18
R=9
Random Generator : R = p-1
a new R is needed for every message
Xb = (173-1) – 18
= 154
FIG (3)

7. 4. The message M= is sent. Use the hash function H (M) = (M mod 100) mod 32 and state all necessary computations for all framed symbols in Fig. 1.
H(M) = M mod 100 mod 32
H(M) = mod 100 mod 32 = 28
Referring to Fig (2)
PRa =Xa = 12
q= 43, K=9, K-1= -19= 24
M= 28
Rq[ Rp(βk) ] = r
S= k -1 ( M + r . Xa ) in GF(q)
r = R43[ R173(169) ] = 23
S= 24 ( ) mod 43 = 29
Referring to Fig (3)
Message M = Ks=7
Ks = M = 7 in Fig. (3)
R = 9
PUb = Yb= 49 = 218
r=2 9 mod 173 = 166
PE(PUb, KS) = KS (yb )R mod 173 = (7) (49)9 mod 173 = 86
PRb = Xb= 18
PUa =Ya= 117

8. P2: PGP Authentication and Confidentiality:
Design a RSA public-key solution for P1.
Use the hash-mapping as MD=H(M) = [ ∑ mi2 mod 100 ] mod 83, where mi are the message parts each having two digits, M =
2. Let a trusted authority TA create its RSA signature scheme and sign the public keys of A and B Generate the certificates for both public keys and show how to verify them.
1. PGP messages:
Setup RSA Parameters for A and B
All selected public keys should be at least larger than the hash value 83, and also larger than the value of any two digits, that is 99.
USER A:
Na = pa . qa = 17x 11= 187 open modulus of A
pa . qa = 17 ,11 two secret primes
(Na) = (pa-1).(qa -1) = (17-1)(11-1) = 160
Ea = open Encryption key of A =7
Da = Ea-1 [mod (Na) ] = 7-1 mod 160 = 23
Open Directory
Na = 187
Ea= 7
MH: Unterscheidet sich der Font auf dieser Folie absichtlich von den anderen?
USER B:
Nb = pb . qb = 19 x 7 = 133 open modulus of B
pb . qb = 19 ,7 two secret primes
(Nb) = (pb-1).(qb -1) = (19-1)(7-1) = 108
Eb = open Encryption key of B =11
Db = Eb-1 [mod (Nb) ] = 11-1 mod 108 = -49 Db = = 59
Open Directory
Nb = 133
Eb= 11

9. PGP Message with Confidentiality & Authentication
Ks: Session Key
PRa: A’s Private key for PK scheme
PUa: A’s Public key for PK scheme
EP : Public Key Encryption
DP : Public Key Decryption
EC: Symmetric Encryption
DC: Symmetric Decryption
H : Hash Function
|| : Concatenation
Z : Compression (not applied)
MD: Message Digest
A: Sender
H(M)=MD
Signed
Message
Z=1
PE(PUb, Ks)
PE(PRa, MD)
B: Emfänger
PE(PUb, Ks)
PE(PRa, MD)
Message MD is ciphered
using key PRa Ks
MD’
Fig. 4
Z-1=1 MD Mr

10. Referring to Fig (4) Sender A Encrypting Ks
4. The message M= is sent. Use the hash function [ ∑ mi2 mod 100 ] mod 83, where mi are the message parts each having two digits and M = and state all necessary computations for all framed symbols in Fig. 4.
Referring to Fig (4)
m1=21  m12 mod 100=41
m2=35  m22 mod 100=25 
m3=86  m32 mod 100=96
Computing MD=H(M)
MD= H(M) = [ ∑ mi2 mod 100 ] mod 83
MD = [ ] mod 83 = 79
Sender A
PRa = Da = 23
PUa = Ea =7
- EP[PRa, H(M) ] = [23, 79] = 7923 mod 187= 173
M || EP[PRa, H(M) ] = ||173
Encrypting Ks
Message M = Ks=7
PUb = Yb= 11
Nb = 133
- PE(PUb, KS) = (KS )Pub mod 133 = (7)11 mod 133 = 49

11. Receiver B Computing Ks PRb = 59 Nb = 133 Computing MD‘ PUa = 7
Ks= DP [ PRb, PE(PUb, Ks) ] = [59, 49] = 4959 mod 133 = 7
Computing MD‘
PUa = 7
Na = 187
MD’ = DP{ PUa, EP[PRa, H(M) ] } = [7, 173] = 1737 mod 187 = 79
Decrypted hash digest from the signature of A
Compare : MD = H (Mr) <?=> MD‘
B computes the hash value of the received message Mr, MD = H (Mr) = 79
m1=21  m12 mod 100=41
m2=35  m22 mod 100=25 
m3=86  m32 mod 100=96
MD = H(Mr) = [ ∑ mi2 mod 100 ] mod 83
MD = [ ] mod 83 = 79

12. TA creates ist own RSA setup
2. Certificates for the public keys of A and B
TA creates ist own RSA setup
RSA setup for TA:
Na = pa . qa = 17x 19= 323 open modulus of TA
pa . qa = 17 ,19 two secret primes
(Na) = (pa-1).(qa -1) = (17-1)(19-1) = 288
Eta = open Encryption key of TA =55
Dta = Eta-1 [mod (Na) ] = 55-1 mod 288 = -89= 199
TA’s signing secret key is: Dta = 199
TA Open Directory
Na = 323
Ea= 55
Certificate for user A public key
Assume the name of A = 12 35
Ea= PUa = 7
Na = 187
Info of A‘s certificate: Inf-A = A || Ea || Na
Info of A‘s certificate: Inf-A =
Cert A = Inf-A , { H(Inf-A) }TA = , mod 323 = , mod 323 = , 89
Dta
That is Cert A = , 89
H(Inf-A) = [ ∑ mi2 mod 100 ] mod 83
H(Inf-A) = [ ] mod 100 mod 83 = ( ) mod 83 = 13
Verify certificate of user A
Check if : H(Inf-A) = mod 323
H( ) = this true, that is the public key of A is authentic