APPLICATIONS OF

CRYPTOGRAPHY
EE6163: Telecommunications for Electronic Business

John Griffin
110327871
17th of December 2013

0 | Page

Table of Contents
Abstract................................................................................................................. 1
Introduction........................................................................................................... 1
What is cryptography?........................................................................................ 1
Definition......................................................................................................... 1
History............................................................................................................. 1
Cryptographic Goals........................................................................................ 2
Application of cryptography...................................................................................2
Email communication......................................................................................... 2
What is email encryption?.................................................................................. 3
The importance of encrypting email...................................................................3
The consequences of not encrypting email........................................................4
Protocol.................................................................................................................. 5
PGP overview...................................................................................................... 5
General functions............................................................................................... 5
How it works....................................................................................................... 6
Authentication via Digital signature...................................................................8
Advantages of PGP............................................................................................. 9
Disadvantages of PGP......................................................................................... 9
Algorithm............................................................................................................. 10
Overview....................................................................................................... 10
Difference between RSA and ElGamal...........................................................10
The advantages of ElGamal/Diffie Hellman over RSA:...................................11
The disadvantages of using ElGamel/Diffie Hellman over RSA:.....................11
How ElGamal works.......................................................................................... 11
Conclusion........................................................................................................... 14
References........................................................................................................... 15

1 | Page

Abstract
The following report examines the application of cryptography in everyday
use through an analysis of its use in email encryption. The report first
looks at the importance of email encryption and how cryptography is
applied to make email a secure form of communication .The report then
examines the technical aspects which make this possible. This is done
through an examination of the protocol and then finally a look at the key
algorithms which make this protocol possible.

Introduction
What is cryptography?
Definition
At the most basic level cryptography is defined as secret writing. However
modern cryptography in which is used in countless applications is best
defined as a function in which transfers plaintext into cipher text, while
also providing the function of decryption that transfers cipher text into
plaintext (Al-Hamdani, 2008).
History
The area of cryptography is often referred to as the science of writing
secret code, however its origins can be traced back thousands of years.
The first known use of cryptography is said to have been around 1900 B.C
when and Egyptian scribe used unknown hieroglyphs in and inscription
with the intention of passing information secretly. Cryptography after this
time however has been seen in many cases throughout history including
Ranging in application from battle plans to diplomatic efforts between
civilisations. The modern sense of cryptography however did not appear
until

the

advent

of

the

computer

and

the

mass

(Yang,

2011)1communication between users in an untrusted medium. It has primly

1
2 | Page

grown in its modern sense since 1976, when data encryption was selected

as an official Federal Information Processing Standard (FIPS) for the United

States, cryptography has gained large attention and a great amount of
application and use (Hilal M, 2012)
Cryptographic Goals
In order for cryptography to serve the function in which it is designed to it
must

meet

specific

goals.

These

are

privacy,

data

integrity,

authentication, and non-repudiation. The main goal of cryptography is to

protect data and information from outside use while maintaining the
integrity of that data thus insuring the successful transition of secure
information. (Yang, 2011)

Application of cryptography
The following section examines email encryption as a widely used
application of cryptography.

Email communication
Over the last twenty years email as a form of communication for
businesses and individuals, has grown in both size and importance .The
growth of email usage as outlined by (The Radicati Group, 2013) notes
there are currently 3.1 billion email accounts in the world, however this is
expected to rise 4.3 billion by 2016.The enormous current and expected
email usage as a form of communication highlights its importance as a
form of communication. The mass communication through email however
poses a wider problem for those who use it. How is it possible to securely
communicate through such a medium? It is with this problem that
cryptography offers a solution in providing a means by which a user can
encrypt a message thus preventing a third part from viewing its content.

3 | Page

Figure 1 Growth in email accounts 2012-2016 (The Radicati Group, 2013)

What is email encryption?

Email encryption in simple terms is the authentication and encryption of
e-mail messages, a system which in other words prevents third party
users from receiving or accessing email. This involves several key
elements. Public key cryptography is used so others can use a key to
encrypt a message. Private keys can then be kept secret in order to
encrypt messages, sign them digitally or else decrypt them. The
importance of having the ability to do this is a key application for
cryptography as we will see with the following analysis of its application in
securing information within email. (Yang, 2011)
.

The importance of encrypting email

The problem with email security is that the majority of emails sent
currently are sent in clear text and are not encrypted, meaning that a
third party can easily intercept them. Encryption is essential in order to
protect sensitive data and content in which many emails contain. Without
the use of encryption the user puts themselves in a position in which they
are at risk of data breaches, loss of intellectual property and a variety of
other threats with serious consequences. (group T. o., 2012)

4 | Page

The consequences of not encrypting email

If an individual fails to encrypt their email numerous situation can occur in
which lead to a breach of data. These include:

Email can be intercepted

While the vast majority of email content is of no interest to third parties,
many emails con contain sensitive files which if breached effect a large
amount of people. In America for example it was recently revealed how
the NSA were tapping itno and intercepting email content.

Lost or misplaced mobile devices

Data interception can also occur when unencrypted mobile devise such as
USB sticks, tablets laptops and mobile hard drives are lost or stolen. This
occurrence has happened in the past in numerous cases resulting in the
loss of sensitive data and even intellectual party and sensitive corporate
information.
Mistakes by users
Another threat in not encrypting email content can result from simple user
mistakes. For example a user inadvertently sending an email to the wrong
person. An example of this occurred in September 2012 when an
employee of North Star healthcare sent an email that contained the
names and HIV status of patient being treats for HIV or Aids to a third
party. (group T. o., 2012)
Malicious activity by users
Despite this being less common it is also still a result of not encrypting
email .A employee who is unhappy with a company for example can use
5 | Page

sensitive content for their own means or send it to others .Sending

documents from a corporate account to a personal one for example can
mean a company could lose thousands of documents a year of a system is
not in place to block this activity by encrypting sensitive files. (group O. r.,
2013)
It is for these prime reasons that changing plain text into cipher text is
essential as an application.

Protocol
The following section examines the protocol PGP (pretty good privacy)
which forms a structure in by which cryptography can be applied in order
to protect the exchange of information via email.

PGP overview
Pretty good privacy(PGP) or it latest version PGP is a public key system
that uses a hybrid structuring combining the best features of public key
cryptography in order to provide security in communication. Because of
this structure it is ideal for securing the medium of email communication.
PGP can use either RSA or Diffie-Hellman algorithms as its encryption and
decryption standard. (Hilal M, 2012)

General functions

6 | Page

PGP provides Data integrity and security by using the following core
technologies:
digital signatures
encryption
compression
conversion

How it works
The sender creates a message

Data compression.
When a user encrypts a plaintext the PGP protocol first compresses that
plaintext. The compression of the plaintext has several advantages for the
process. Data compression saves transmission time and disk space and
also help strengthen cryptographic security. The majority of cryptanalysis
techniques use patterns in plaintext to crack the cipher. Compression
helps reduce these patterns therefore greatly enhancing security against
cryptanalysis (Hilal M, 2012)

Creation of a session Key

The sending PGP generates a random number which becomes the session
key, which is used in that message only. In other words the session key is
one time only secret key. The session key is randomly generated using the
random movements of mouse strokes and key strokes. This session key
then works with a very fast encryption algorithm to encrypt the plaintext
into cipher text.

Encryption

7 | Page

During this stage the session key is encrypted using the public key of the
recipient. The session key is encrypted using each recipient's public key.
These encrypted session keys start the message.

Figure 2 Send Process (Hilal M, 2012)

Decryption
The decryption work in the opposite way. The receivers PGP uses his/her
private key to get the session key which the PGP protocol uses to decrypt
the encrypted cipher text. If the message was compressed it would be
thus decompressed at this stage

8 | Page

Fig. 3. Received Process (Hilal M, 2012)

Authentication via Digital signature

Once the massage is received within the PGP protocol the receiver can
authenticate the message using a digital signature. The digital signature
uses a hash code or message digest algorithm, and a public-key signature
algorithm. The sequence is as follows: (Stallings, 2006)
1. The sender creates a message.
2. The sending software generates a hash code of the message.
3.

The sending software generates a signature from the hash code

using the sender's

private key.

4. The Binary signature is then attached to the message

9 | Page

5. The receiving software keeps a copy of the message signature.

6. The receiving software generates a new hash code for the received
message and verifies

it using the message's signature. If the

verification is successful, the message is accepted as

Authentic.

Fig 4. Authentication through digital signature (Stallings, 2006)

Advantages of PGP
Flexibility-secure messages can be sent to multiple users at the same
time, and each of these users can decrypt the message using their own
private key. Added to this users can use their private keys to encrypt
personal files and documents.
Authentication-Users can sign clear messages with their PGP encrypted
signatures which other users can then then verify, providing a means by
which users can authenticate messages which increases trust.
10 | P a g e

Security-Asymmetric keys are incredibly hard to craic meaning the

protocol provides an extremely secure process.

Disadvantages of PGP
Software-The software is not built into email therefore users need the
necessary software and key in order to use the protocol.
Cost-The purchase and installation of the protocol can be financially high,
so the user must value their security highly in order to justify the protocol.
(group O. r., 2013)

Algorithm
The following section examines one of the key algorithms within the PGP
protocol. The algorithm examined is ElGamel. An outline of the algorithm is first
examined. A comparison with its main alternative is then carried out before
finally taking a look the working of the algorithm.

Overview
ElGamal is an extension of Diffie Hellmans shared secret generation. It
generates a shared secret and uses it as a one-time pad in order to
encrypt data.ElGamel can be used within the PGP protocol to both encrypt
and decrypt the message. For this reason it is necessary to examines it
algorithm.

Difference between RSA and ElGamal

11 | P a g e

The PGP protocol can also use RSA, for that reason alone ElGamel can be
seen as an alternative to RSA. The main difference between the two is as
follows. The security of the RSA algorithm revolves around the difficulty of
factoring large integers, however ElGamal depends on the difficulty of
computing discrete logs in large prime modulus.

The advantages of ElGamal/Diffie Hellman over RSA:

1. The requirement for a secure Random Number Generation (RNG). A
cryptographically secure RNG is already available
2. Major message expansion. The size of the message doubles once
encrypted. This however is not an issue as ElGamal is only used to
encrypt the session key to each recipient.
3. Speed. Encryption using ElGamal is slower than RSA.

The disadvantages of using ElGamel/Diffie Hellman over RSA:

1. ElGamal is totally unencumbered by copyright and patents. This
means that ElGamal can be used globally without the need for
licensing. RSA, however, needs licensing from RSA Labs for use in
commercial products. RSA does provide free licenses for RSA, but
there are some prohibitive licensing issues
2. Using RSA, someone could generate a fake prime or one of a special
form that facilitates factoring. Without access to the private key it is
simply impossible to check. Describes a method of checking that the
numbers used in DSA/DH are computed randomly and are indeed
prime.
3. RSA is not appropriate for use in situations where key generation
occurs regularly (e.g. for each message), such as in systems that
employ ephemeral keys.

12 | P a g e

How ElGamal works

The following algorithm is describe by (Rashmi Singh, 2012) and is
illustrated from the model below

Fig 5. Determination of the public and private Key

Sender A chooses a large prime number p such that (p) has a large
prime factor. Choose g: primitive root of p. B. Choose an integer x such
that 1 <x< (p). Compute y=g^x mod p. C. The triplet (x,g,p) forms the
private key and the triplet (y,g,p) forms the public key of the user A. D.
User A keeps the private key (x,g,p) secret and makes the public key
(y,g,p) available to all those users with whom A intends to communicate.

Encryption (Say by User B)

When any user (say user B) possessing As public key (y,g,p) intends to
send a message M(0M<p) to user A user B proceeds as follows:-

13 | P a g e

A. Choose a random integer k such that (1<k< (p)).

B. Knowing public key (y,g,p) of intended recipient A. User B computes
the cipher-text, Which comprises of a pair of integers: - (g^K mod P,my^K
mod P)

C .User B transmits the cipher text to the intended recipient user

A
The first component of the cipher text i.e g^k mod p is called CLUE.It
contains a clue of the random value K,which is not known to the intended
recipient of CLUE for the extraction of the plaintext from the second
component of the cipher text.

Decryption (User B):

User A receives the cipher-text (g^k mod p, M^k mod p). A proceeds to
decrypt the received cipher-text using its private key(x,g,p).
1) Choose (-x) mod (p) = (p)-x = p-1-x
2) Compute (g^k mod p) ^ (-x mod (p)) mod p = g^ -kx mod p.
3) Compute M= ((My^k mod p). (g^-kx mod p))Mod p.

Working of Elgamals Algorithm:

Message decrypted at the recipient end
= ((My^k mod p) (g^-kx mod p)) mod p
= ((Mg^kx mod p) (g^-kx mod p)) mod p
= ((Mg^kx g^-kx) mod p = M mod p
=M (same as the message sent)
Thus, the recipient is able to extract the original plaintext message M from
the received cipher-text. Proved that the message received at the
recipient end is same as the message sent.

Determination of public and private key

Let p=11; g=2 Let x=5 Y=g^x mod p = 2^5 mod 11 = 32 mod 11=10
14 | P a g e

Thus, A is the PRIVATE KEY =(x,g,p) = (5,2,11) And A s public key =

(y,g,p)= (10,2,11)

Encryption
Suppose a user B wants to send message M= 3 to A , then B will
encrypt M a follows and transmit C to A:- B will select an integer k such
that 0<k<(p).
Let k=7
C= (g^k mod p, My^k mod p)
= (2^7 mod 11, 3x 10^7 mod 11)
= (128 mod 11, (100x100x100x30) mod 11)
= (7,8)
.
Decryption
Knowing (x,g,p), user A will decrypt the cipher-text C as follows:Compute (-x) mod (p) = (-x) mod 10=10-x=10-5=5.
Compute (g^k)^-x mod p =(7)^5 mod 11 = (49x49x7)mod 11
Compute (M.y^k.g^-xk) mod p
= (8x 10) mod 11
=3
=M (Original Message) (Rashmi Singh, 2012)

Conclusion
The application of cryptography in securing email is only one of its many
essential applications in the modern world, however without it many
individuals and companies security and privacy would be under huge risk
with the result of major consequences. It is for this reason that the
development of the protocols and algorithms which ensure this security
has become an issue of utmost importance. This report simply outlines an
15 | P a g e

example of a basic application and the functions of one of the uses of

cryptography but in the end it shows that even this most basic application
is of key importance to almost everyone using this modern form of
communication.

References
A.J Menezes P.C Van Oarschot, S. V. (1996). Handbook of Applied
Cryptography. London: CRC Press.
group, O. r. (2013). Why Should You Encrypt Email and what happens if
you don't? Symantic.
group, T. o. (2012). Why Securing Communications and content is a
critical best practive. The osterman research group.
Hilal M, Y. A.-B. (2012). PGP Protocols and it's applications. In D. Sen,
Cryptography and security in computing (pp. 182-202). Rijeka:
InTech.
Rashmi Singh, S. K. (2012). Elgamals Algorithm in Cryptography.
International Journal of Scientific & Engineering, 1-4.
Stallings, W. (2006). Digital Signatures. In W. Stallings, Cryptography and
Network security. London: Pearson Education.
The Radicati Group, I. (2013). Email Statistics Report, 2011-2015 . Palo
Alto: The Radicati Group, Inc.
W Diffie, M. H. (1976). New Directions In cryptography. IEEE Transactions
on information theory.
Yang, H. R. (2011). Applied cryptography for cyber security and defense.
New York: Hershey.

16 | P a g e

17 | P a g e