Public-key cryptography

From Wiki @ Karl Jones dot com
Jump to: navigation, search

Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys:

  • Public keys that may be disseminated widely.
  • Private keys which are known only to the owner.


Description

There are two functions that can be achieved:

  • Using a public key to authenticate that a message originated with a holder of the paired private key.
  • Encrypting a message with a public key to ensure that only the holder of the paired private key can decrypt it.

In a public-key encryption system, any person can encrypt a message using the public key of the receiver, but such a message can be decrypted only with the receiver's private key.

For this to work it must be computationally easy for a user to generate a public and private key-pair to be used for encryption and decryption.

The strength of a public-key cryptography system relies on the degree of difficulty (computational impracticality) for a properly generated private key to be determined from its corresponding public key.

Security then depends only on keeping the private key private, and the public key may be published without compromising security.

Public-key cryptography systems often rely on cryptographic algorithms based on mathematical problems that currently admit no efficient solution—particularly those inherent in certain integer factorization, discrete logarithm, and elliptic curve relationships.

Public key algorithms, unlike symmetric key algorithms, do not require a secure channel for the initial exchange of one (or more) secret keys between the parties.

Because of the computational complexity of asymmetric encryption, it is usually used only for small blocks of data, typically the transfer of a symmetric encryption key (e.g. a session key). This symmetric key is then used to encrypt the rest of the potentially long message sequence. The symmetric encryption/decryption is based on simpler algorithms and is much faster.

Message authentication involves hashing the message to produce a "digest," and encrypting the digest with the private key to produce a digital signature. Thereafter anyone can verify this signature by:

  • Computing the hash of the message;
  • Decrypting the signature with the signer's public key;
  • Comparing the computed digest with the decrypted digest.

Equality between the digests confirms the message is unmodified since it was signed, and that the signer, and no one else, intentionally performed the signature operation — presuming the signer's private key has remained secret.

The security of such procedure depends on a hash algorithm of such quality that it is computationally impossible to alter or find a substitute message that produces the same digest - but studies have shown that even with the MD5 and SHA-1 algorithms, producing an altered or substitute message is not impossible.

The current hashing standard for encryption is SHA-2.

The message itself can also be used in place of the digest.

Applications

Public-key algorithms are fundamental security ingredients in cryptosystems, applications and protocols.

They underpin various Internet standards, such as Transport Layer Security (TLS), S/MIME, PGP, and GPG.

Some public key algorithms provide key distribution and secrecy (e.g., Diffie–Hellman key exchange), some provide digital signatures (e.g., Digital Signature Algorithm), and some provide both (e.g., RSA).

Public-key cryptography finds application in, among others, the information technology security discipline, information security.

Information security (IS) is concerned with all aspects of protecting electronic information assets against security threats.

Public-key cryptography is used as a method of assuring the confidentiality, authenticity and non-repudiability of electronic communications and data storage.

See also

External links