A form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it.
In public key cryptography, a user has a pair of cryptographic keys—a public key and a private key. The private key is kept secret, while the public key may be widely distributed.
The two main branches of public key cryptography are:
1. Public key encryption
2. Digital signatures
PUBLIC KEY ENCRYPTION
A message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key.
Actual algorithms - two linked keys: Contd .
Now Bob send Alice a message using the public key and Alice decrypt it using her private key. Step 3: Alice publish a public key to send her a message. And has a private key to decrypt it. Step 2: The most common ones have the property that Alice and Bob each own two keys, one for encryption and one for decryption Step 1:
Public and private keys:
This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption. The exact transformations performed by the algorithm depend on the public or private key that is provided as input.
This is the scrambled message produced as output. It depends on the plaintext and the key. For a given message, two different keys will produce two different cipher texts.
A GENERAL APPROACH Contd .
When user1 receives the message, he decrypts it using his private key. No other recipient can decrypt the message because only user1 knows his private key Step 4 : If user1 wishes to send a confidential message to user2, user1 encrypts the message using user2's public key. Step 3 : Each user places public key in a public register or other accessible file. As encryption figure suggests, each user maintains a collection of public keys obtained from others. Step 2 : Each user generates a pair of keys to be used for the encryption and decryption of messages. Step 1 :
Authentication & security:
There is some source A that produces a message in plaintext, X =[X1, X2,..., XM,]. The M elements of X are letters in some finite alphabet. The message is intended for destination B. B generates a related pair of keys: a public key, PUb, and a private key, PRb. PRb is known only to B, whereas PUb is publicly available.
A generates another pair of keys: a public key, PUa, and a private key, PRa. PRa is known only to A, whereas PUa is publicly available.
Authentication & security: Secrecy Contd .
Secrecy in a public key encryption : B decrypt the massage using it’s private key PRb. Using it’s private key PRb and the cipher text Y it obtain the original massage X Step 2: A encrypt the massage using B’s public key PUb and send it to B. With the message X and the encryption key PUb as input, A forms the cipher text Y = [Y1, Y2,..., YN]: Step 1:
Authentication & security: Authentication Contd.
Authentication in a public key encryption : B can decrypt the message using A's public key. Because the message was encrypted using A's private key, only A could have prepared the message. Step 2: A prepares a message to B and encrypts it using A's private key before transmitting it. Step 1:
Comparing Secrecy and Authentication
In authentication technique :It is impossible to alter the message without access to A's private key, so the message is authenticated both in terms of source and in terms of data integrity. But secrecy doesn't provide this advantage.
Thus the authentication is much more confidential and secure in terms of alteration of the massage.
Authentication & security: Contd.
In this case, we begin as before by encrypting a message, using the sender's private key. This provides the digital signature. Next, we encrypt again, using the receiver's public key. The final cipher text can be decrypted only by the intended receiver, who alone has the matching private key. Thus, confidentiality is provided. The disadvantage of this approach is that the public-key algorithm, which is complex, must be exercised four times rather than two in each communication.
An authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
In situations where there is not complete trust between sender and receiver, something more than authentication is needed.
1. It must verify the author and the date and time of the signature.
2. It must to authenticate the contents at the time of the signature.
3. It must be verifiable by third parties, to resolve disputes.
Thus, the digital signature function includes the authentication function.
A variety of approaches has been proposed for the digital signature function. These approaches fall into two categories: direct and arbitrated
Direct Digital Signature :
The direct digital signature involves only the communicating parties (source, destination). It is assumed that the destination knows the public key of the source. A digital signature may be formed by encrypting the entire message with the sender's private key or by encrypting a hash code of the message with the sender's private key.
Arbitrated Digital Signature :
The problems associated with direct digital signatures can be addressed by using an arbiter.
As with direct signature schemes, there is a variety of arbitrated signature schemes. In general terms, they all operate as follows. Every signed message from a sender X to a receiver Y goes first to an arbiter A, which check it’s origin and context and then sent to Y.
Applications for Public-Key Cryptosystems
Public key cryptosystem used in many systems such as:
1.Decision support system
2. RSA Algorithm
3. Elliptic Curve
4. Diffie-Hellman key exchange
It is computationally easy for a party B to generate a pair (public key PUb, private key PRb).
It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext:
C = E(PUb, M)
It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message:
M = D(PRb, C) = D[PRb, E(PUb, M)]
It is computationally infeasible for an adversary, knowing the public key, PUb, to determine the private key, PRb.
It is computationally infeasible for an adversary, knowing the public key, PUb, and a ciphertext, C, to recover the original message, M.
The two keys can be applied in either order:
M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]
Weaknesses Public-key cryptography also has vulnerabilities to attacks such as the man in the middle attack. In this situation, a malicious third party intercepts a public key on its way to one of the parties involved Vulnerable to the man in the middle attack Keys in asymmetric cryptography are more vulnerable to brute force attacks than in secret-key cryptography. Vulnerable to brute force attacks Keys in public-key cryptography, due to their unique nature, are more computationally costly than their counterparts in secret-key cryptography. Computati-onal cost