Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, (which may be public to widely) , and private keys, (which will be known only to the owner.) The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.
This allows, for instance, a server to generate a cryptographic key intended for symmetric-key cryptography, then use a client's openly-shared public key to encrypt that newly-generated symmetric key. Now, the server can send this encrypted symmetric key on insecure channels to the client, and only the client can decrypt it using the client's private key pair to the public key used by the server to encrypt this message. With the client and server both having the same symmetric key now, they can safely transition to symmetric key encryption to securely communicate back and forth on otherwise-insecure channels.
This has the advantage of not having to manually pre-share symmetric keys, while also gaining the higher data throughput advantage of symmetric-key cryptography over asymmetric key cryptography. With public-key cryptography, robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key
- Asymmetric algorithms rely on one key for encryption and a different but related key for decryption.
- These algorithms have the following important characteristic:
- It is computationally infeasible to determine the decryption key given only knowledge of the cryptographic algorithm and the encryption key.
- In addition, some algorithms, such as RSA, also exhibit the following characteristic:
- Either of the two related keys can be used for encryption, with the other used for decryption.
Use of public key algorithm to provide confidentiality
When Alice wants to send a message to Bob maintaining confidentiality:
- Alice use Public key of Bob (PU-b) to encrypt; Bob uses his private key (PR-b) to decrypt. Ie the key pair of receiver is used.
Y = E(PU-b, X)
key pair of receiver is used
2. Use of public key algorithm to provide authentication
- To use public-key encryption to provide authentication:
- Alice (sender) use her private key for encryption; receiver use Alice’s public key for decryption. (key pair of sender is used)
- It is important to emphasize that this does not provide confidentiality. That is, the message being sent is safe from alteration but not from eavesdropping.
- Here only the signature in the message can be encrypted, and rest of the message is transmitted in the clear.
- Even in the case of complete encryption, there is no protection of confidentiality because any observer can decrypt the message by using the sender’s public key.
3.to provide both the authentication function and confidentiality
- For this a double use of the public-key scheme is used.
- We begin as before by encrypting a message, using the sender’s private key. This provides the digital signature.
- Next, we encrypt again, using the receiver’s public key.
- The final ciphertext can be decrypted only by the intended receiver, who alone has the matching private key. Thus, confidentiality is provided.
RSA cryptography is using for asymmetric cryptography
Some More points:
- The concept of public-key cryptography evolved from an attempt to attack two of the most difficult problems associated with symmetric encryption:
- Key distribution: How to have secure communications in general without having to trust a KDC (key distribution center) with your key
- Digital Signature: How to verify that a message comes intact from the claimed sender
- Whitfield Diffie and Martin Hellman from Stanford University achieved a breakthrough in 1976 by coming up with a method that addressed both problems and was radically different from all previous approaches to cryptography
- From its earliest beginnings to modern times, virtually all cryptographic systems have been based on the elementary tools of substitution and permutation
- Earlier days: algorithms relied on calculation by hand.
- A major advance in symmetric cryptography occurred with the development of the rotor encryption/decryption Machine. (German Enigma, Japanese Purple, ..)
- With the availability of computers, even more complex systems like DES came, which still used substitution and permutation.
- Public-key cryptography provides a radical departure from all that has gone before:
- For one thing, public-key algorithms are based on mathematical functions, rather than on substitution and permutation
- Public-key cryptography is asymmetric, involving the use of two separate keys.