Public-key algorithms are based on mathematical functions and are asymmetric in nature, involving the use of two keys, as opposed to conventional single key encryption. Several misconceptions are held about p-k:
- That p-k encryption is more secure from cryptanalysis than conventional encryption. In fact the security of any system depends on key length and the computational work involved in breaking the cipher.
- That p-k encryption has superseded single key encryption. This is unlikely due to the increased processing power required.
- That key management is trivial with public key cryptography, this is not correct.
Principles of Public-Key Cryptosystems
The concept of P-K evolved from an attempt to solve two problems, key distribution and the development of digital signatures. In 1976 Whitfield Diffie and Martin Hellman achieved great success in developing the conceptual framework. For conventional encryption the same key is used for encryption and decryption. This is not a necessary condition. Instead it is possible to develop a cryptographic system that relies on one key for encryption and a different but related key for decryption. Furthermore these algorithms have the following important characteristic:
It is computationally infeasible to determine the decryption key given only knowledge of the algorithm and the encryption key. In addition, some algorithms such as RSA, also exhibits the following characteristics:
Either of the two related keys can be used for encryption, with the other used for decryption.
Figure illustrates the P-K process. The steps are:
- Each system generates a pair of keys.
- Each system publishes its encryption key (public key) keeping its companion key private.
- If A wishes to send a message to B it encrypts the message using B’s public key.
- When B receives the message, it decrypts the message using its private key. No one else can decrypt the message because only B knows its private key.
Considering P-K in more detail we have a source A that produces plaintext X destined for B. B generates a pair of keys KUb (a public key) and KRb (a private key). With X and KUb as inputs, A forms the ciphertext Y :Y = EKUb(X)
The intended receiver B is able to invert the transformation with his private key:
X = DKRb(Y ).
As previously mentioned, either key may be used for encryption with the other used for subsequent decryption. This facilitates a different form of scheme as shown in figure. In this case A prepares a message to B using his private key to encrypt and B can decrypt it using A’s public key .
Y = EKRa(X)
X = DKUa(Y ).
As the message was prepared using A’s private key it could only have come from A therefore the entire message serves as a digital signature. It should be noted that this scheme does not provide confidentiality because everyone has access to A’s public key. Also the scheme is not efficient because B must maintain/ store both the ciphertext (as proof of authenticity) and the decoded plaintext (for practical use of the document). A more efficient way of achieving the same result is to encrypt a small block of bits that are a function of the document. This block, called an authenticator, must have the property that it is infeasible to change the document without changing the authenticator. If the authenticator is encrypted using the senders private key then it serves as a signature that verifies the origin, content and sequencing of the document.