Add to collection(s) Add to saved
  1. Business
  2. Finance
  3. Public Finance

8.2 Public Key Cryptography

advertisement 
8
Cryptography
8.1
Symmetric-Key Cryptography
In symmetric-key cryptography, the encryption key can be calculated from the decryption key and vice
versa. Most symmetric algorithms use the same key for both encryption and decryption, as shown below
(figure 8.1).
Figure 8.1 – Symmetric key cryptography
8.2
Public Key Cryptography
Public-key cryptography (also called asymmetric cryptography) involves a pair of keys: a public key and a
private key, associated with an entity that needs to authenticate its identity electronically or to sign or
encrypt data. Each public key is published, and the corresponding private key is kept secret.) Data
encrypted with your public key can be decrypted only with your private key. The figure below shows a
simplified view of the way public-key cryptography works.
Figure 8.2 – Public key cryptography
The scheme shown in the figure 8.2 lets you freely distribute a public key, while only you will be able to
read data encrypted using this key. In general, to send encrypted data to someone, you encrypt the data
with that person's public key, and the person receiving the encrypted data decrypts it with the
corresponding private key.
Public-key encryption requires more computation than symmetric-key cryptography and therefore is not
recommended for large amounts of data. However, it is possible to use public-key encryption to send a
1
Best security through nature….
symmetric key, which can then be used to encrypt additional data. This is the approach used by the SSL
(Secure socket Layer) protocol.
As it happens, the reverse of the scheme shown in the figure 8.2 also works: data encrypted with your
private key can be decrypted only with your public key. This would not be a desirable way to encrypt
sensitive data, however, because it means that anyone with your public key, which is by definition
published, could decrypt the data. Nevertheless, private-key encryption is useful, because it means you
can use your private key to sign data to create a digital signature, an important requirement for electronic
commerce and other commercial applications of cryptography. Client software such as Communicator
can then use your public key to confirm that the message was signed with your private key and that it has
not been tampered with since being signed.
Bruce Schneier, a prominent figure in security compares public-key cryptography with a mailbox. He
writes:
"Putting mail in the mailbox is analogous to encrypting with the public key; anyone can do it. Just open
the slot and drop it in. Getting mail out of a mailbox is analogous to decrypting with the private key.
Generally it's hard; you need welding torches. However, if you have the secret (the physical key to the
mailbox), it's easy to get mail out of a mailbox."
8.3
Digital Signatures
The signature is a “Mathematical Function” that involves the original message and the sender’s private
key. The first step in the signature process involves performing a mathematical algorithm known as a
hash function. The hash function takes the original message and produces a fixed length (typically 160-
Figure 8.3 – Digitally signing a document
2
Best security through nature….
bit) string of characters known as messages digest (Hash). The message digest is essentially a
mathematical abstract of the original message. If a single character in the original message changes, the
message digest changes significantly. The message digest is then encrypted with the sender’s private
key. The resulting encryption is known as the digital signature. This signature is unique to each message
and is appended to the original message. This is illustrated in diagram 8.3.
Digital signatures serve the following purposes:
Check whether an entity holds a certain private key
Suppose you have the public key of A. Then, another individual states he/she is A. If he/she is A, he/she
must hold the corresponding private key of the public key you hold of A. This enables you to send a
message, and ask A to return the digital signature of the message. If you can decrypt using A’s public
key, it means you are communicating with A.
Integrity
As discussed before, if the original message changes, the hash changes, resulting in a subsequent
change of the generated digital signature. Thus, you can verify the integrity of the message by matching
the message with the digital signature.
Non-repudiation
This is a great advantage over secret key cryptography. In secret key cryptography, if a person A sends a
message to B, and later denies it, B cannot validate the claim. B having the same secret key could have
also composed the message. But with digital signatures, only A can create the digital signature as only
he/she holds the private key. Therefore, one can use the message and the digital signature to verify if A
was the originator of the message.
3
Best security through nature….
Related documents
plaintext version
plaintext version
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
Course outline Data security and Cryptography
Course outline Data security and Cryptography
- projectgenie
- projectgenie
COURSES OFFERED IN FOREIGN LANGUAGES
COURSES OFFERED IN FOREIGN LANGUAGES
“Modern Cryptography – A Mathematician in Cyberspace”
“Modern Cryptography – A Mathematician in Cyberspace”
Security
Security
Download
advertisement