Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

Asymmetric Cryptography: RSA & Digital Signatures

Lesson 11 of 15 in the free Cyber Security notes on Siksha Sarovar, written by Rohit Jangra.

Asymmetric Cryptography: RSA & Digital Signatures

Asymmetric (public-key) cryptography uses mathematically linked key pairs: a public key (shared openly with anyone) and a private key (kept secret by the owner). Data encrypted with the public key can only be decrypted with the corresponding private key, and vice versa. This elegantly solves the key distribution problem of symmetric cryptography.

---

RSA Algorithm — Step-by-Step

RSA (Rivest-Shamir-Adleman, 1977) is the most widely used asymmetric algorithm. Its security depends on the mathematical difficulty of integer factorization: it is easy to multiply two large primes, but computationally infeasible to factor the product.

RSA Key Generation (Simplified Example):

StepOperationNumerical ExampleMathematical Basis
1. Choose two primesSelect large primes p and qp=61, q=53Must be large in practice (1024+ bits each)
2. Compute nn = p × qn = 61 × 53 = 3233n is the modulus (public)
3. Compute φ(n)φ(n) = (p−1)(q−1)φ(3233) = 60 × 52 = 3120Euler's totient function
4. Choose ee: 1 < e < φ(n), gcd(e, φ(n)) = 1e = 17e is public exponent (65537 in practice)
5. Compute dd × e ≡ 1 (mod φ(n))d = 2753d is private exponent (extended Euclidean)
6. Public Key(e, n)(17, 3233)Shared openly
7. Private Key(d, n)(2753, 3233)Never revealed

RSA Encryption and Decryption:

  • Encrypt: C = M^e mod n (where M is plaintext as integer)
  • Decrypt: M = C^d mod n

Security of RSA:

  • With real RSA, p and q are 1024-bit primes each; n is 2048 bits
  • Current recommended minimum: 2048-bit RSA
  • Factoring a 2048-bit number would take astronomical time with classical computers
  • Quantum threat: Shor's algorithm on a quantum computer could break RSA

---

Symmetric vs Asymmetric Cryptography Comparison

PropertySymmetric (AES)Asymmetric (RSA)Hybrid (TLS)
Keys1 shared key2 keys (public + private)Both types
SpeedVery fast (GB/s)Slow (KB/s)Fast overall
Key distributionProblem: must share securelySolved: public key is publicUses asymmetric for key exchange
Key management scalen(n-1)/2 keys for n users2n keys for n usersSimple
Use caseEncrypting large dataKey exchange, signaturesInternet communications
Security basisKey secrecyInteger factorization / ECDLPCombined
ExamplesAES-256, ChaCha20RSA-2048, ECDSA, Ed25519TLS 1.3, HTTPS, S/MIME

---

Digital Signatures

A digital signature is a cryptographic mechanism that provides:

  1. Authentication — Verifies the identity of the signer
  2. Integrity — Proves the message has not been altered
  3. Non-repudiation — Signer cannot deny having signed the document

How Digital Signatures Work:

  1. Signing (by Alice):
  • Alice computes hash of message: h = SHA-256(message)
  • Alice encrypts hash with her private key: signature = RSA_encrypt(private_key, h)
  • Alice sends: [message + signature]
  1. Verification (by Bob):
  • Bob receives [message + signature]
  • Bob decrypts signature with Alice's public key: h' = RSA_decrypt(public_key, signature)
  • Bob independently computes hash: h = SHA-256(message)
  • If h == h': signature is valid; message is authentic and unaltered
Signature Verification ResultMeaningPossible Cause
Valid signature, hashes matchMessage authentic, unaltered, from claimed senderLegitimate document
Valid signature, hashes don't matchMessage tampered after signingMan-in-the-middle attack
Invalid signatureNot signed by claimed senderForgery, wrong key, or message corruption

---

Message Authentication Codes (MAC)

A MAC (Message Authentication Code) provides integrity and authentication using a shared secret key (symmetric). Unlike digital signatures, MACs do not provide non-repudiation (since both parties have the same key, either could generate the MAC).

HMAC (Hash-based MAC):

  • HMAC-SHA256(key, message) = SHA256((key XOR opad) || SHA256((key XOR ipad) || message))
  • Uses nested hashing with the secret key to prevent length-extension attacks
  • Widely used in: TLS MAC, JWT token signatures, TOTP (time-based OTP)
MechanismKeysProvides IntegrityProvides AuthenticationProvides Non-repudiationPerformance
Hash (SHA-256)NoneFastest
MAC (HMAC)Shared symmetric key✅ (between parties)Fast
Digital SignatureAsymmetric key pairSlow

---

Public Key Infrastructure (PKI)

PKI is the ecosystem of cryptographic certificates, certificate authorities, and protocols that makes large-scale public key cryptography practical. Without PKI, how would you know Bob's "public key" was really Bob's and not an attacker's?

PKI Components:

ComponentRoleExampleTrust Basis
Certificate Authority (CA)Issues and signs digital certificatesDigiCert, Let's EncryptRoot CA trusted by OS/browsers
Digital Certificate (X.509)Binds public key to identityHTTPS certificate for amazon.comCA's digital signature on cert
Certificate Revocation List (CRL)List of revoked certificatesCRL published by CAMust be checked before trusting
OCSPOnline certificate validity checkReal-time revocation checkCA responds with valid/revoked
Registration Authority (RA)Verifies identity before cert issuanceDomain validation, EV validationPolicy-based identity verification
Exam Tip: Digital Signature = sign with PRIVATE key, verify with PUBLIC key. Encryption = encrypt with PUBLIC key, decrypt with PRIVATE key. This is the opposite direction and a common exam trick. RSA security = difficulty of factoring product of two large primes. Digital signatures provide authentication, integrity, AND non-repudiation.

---

Study Deep: Public-Key Cryptography

  1. Elliptic Curve Cryptography (ECC) is more efficient than RSA: ECC achieves equivalent security to RSA with much shorter keys: 256-bit ECC ≈ 3072-bit RSA in security strength. Shorter keys mean faster operations and lower power consumption — critical for IoT, mobile devices, and TLS performance. Most modern TLS connections use ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) for key exchange.
  1. Certificate Transparency prevents fraudulent certificates: Google's Certificate Transparency (CT) project requires all publicly trusted certificates to be logged in public, auditable CT logs. This allows detection of fraudulently issued certificates (mis-issuance) within hours. The 2011 DigiNotar hack (CA compromised, fraudulent Google certs issued) accelerated the adoption of CT.
  1. Perfect Forward Secrecy (PFS) protects past sessions: In classic RSA key exchange, if the server's private key is ever compromised, all past recorded sessions can be decrypted. PFS (using ephemeral Diffie-Hellman or ECDHE) generates fresh session keys for every connection, so compromising the server key today does not decrypt yesterday's sessions. TLS 1.3 mandates PFS.
  1. Blockchain uses asymmetric cryptography: Bitcoin and Ethereum use ECDSA (Elliptic Curve Digital Signature Algorithm) for transaction signing. Your private key signs transactions; the network verifies with your public key (Bitcoin address). Losing your private key means losing your funds permanently — there is no recovery mechanism.
  1. The RSA 768-bit factoring milestone: In 2009, researchers factored a 768-bit RSA modulus using distributed computing over 2.5 years (special number field sieve algorithm). This is why 1024-bit RSA is now considered deprecated and 2048-bit is the minimum. NIST recommends 3072-bit or 4096-bit for post-2030 security.