This document provides an overview of public-key cryptography. It discusses how public-key cryptography uses two keys, a public key for encryption and a private key for decryption. The document outlines the key principles of public-key cryptography including key distribution and digital signatures. It also describes the basic public-key cryptosystem process and categories of public-key cryptography including encryption/decryption, digital signatures, and key exchange. The document concludes with requirements for public-key cryptography and examples of applications and cryptoanalysis techniques.
3. Introduction
Public-key Cryptography is asymmetric, involving the use of two separate
keys, in contrast to symmetric encryption, which uses only one key. The use
of two keys has profound consequences in the areas of confidentiality, key
distribution, and authentication.
A message sender uses a recipients Public Key to encrypt the message.
To decrypt sender's message only the recipients Private Key is used
Asymmetric algorithms rely on one key for encryption and a different but
related key for decryption.
Public-key algorithms are based on mathematical functions rather than on
substitution and permutation.
4. Principle of PKC
The concept of public-key cryptography evolved from an attempt to attack two of
the most difficult problems associated with symmetric encryption.
1. Key Distribution
• That the communicants has already shares a key or someone has distributed it
• How to secure communications in general without having to trust a Key Distribution
Center.
2. Digital Signatures
• How to Verify that a digital message had been sent by a particular person
5. Public Key Cryptosystem
Plaintext
This is the readable
message or data that is fed
into the algorithm as input.
Encryption
Algorithm
The encryption algorithm
performs various
transformations on the
plaintext.
Public Key
Key used for encryption or
for decryption.
Private Key
Key used for encryption or
for decryption.
Ciphertext
This is the encrypted
message produced as
output. It depends on the
plaintext and the key. For a
given message, two
different keys will produce
two different ciphertexts.
Decryption
Algorithm
This algorithm accepts the
ciphertext and the matching
key and produces the
original plaintext.
A public-key encryption scheme has six ingredients.
9. Conventional and Public-Key Encryption
Conventional Encryption Public-Key Encryption
Needed to Work
• The same algorithm with the same key is used
for encryption and decryption.
Needed to Work
• One algorithm is used for encryption and a related
algorithm for decryption with a pair of keys, one
for encryption and one for decryption
• The sender and receiver must share the
algorithm and the key.
• The sender and receiver must each have one of
the matched pair of keys (not the same one).
Needed for Security:
• The key must be kept secret.
Needed for Security
• One of the two keys must be kept secret.
• It must be impossible or at least impractical to
decipher a message if the key is kept secret.
• It must be impossible or at least impractical to
decipher a message if one of the keys is kept
secret.
• Knowledge of the algorithm plus samples of
ciphertext must be insufficient to determine the
key
• Knowledge of the algorithm plus one of the keys
plus samples of ciphertext must be insufficient to
determine the other key
10. Confidentiality
• This figure provides
confidentiality because two
related keys are used one
used for encryption and
the other being used for
decryption
11. Authentication
• There is no protection of
confidentiality because
any observer can decrypt
the message by using the
sender’s public key
12. Authentication and Secrecy
Source A Destination B
It is, however, possible to
provide both the authentication
function and confidentiality by a
double use of the public-key
scheme
Z = E(PUb, E(PRa,X))
X = D(PUa, D(PRb,Z))
In this case, we begin as before
by encrypting a message, using
the sender’s private key. This
provides the digital signature.
Next, we encrypt again, using
the receiver’s public key. The
final ciphertext can be
decrypted only by the intended
receiver, who alone has the
matching private key. Thus,
13. PKC
Categories
THE SENDER ENCRYPTS
A MESSAGE WITH THE
RECIPIENT’S PUBLIC
KEY, AND THE
RECIPIENT DECRYPTS
THE MESSAGE WITH THE
RECIPIENT’S PRIVATE
KEY.
THE SENDER “SIGNS” A
MESSAGE WITH ITS
PRIVATE KEY. SIGNING
IS ACHIEVED BY A
CRYPTOGRAPHIC
ALGORITHM APPLIED TO
THE MESSAGE OR TO A
SMALL BLOCK OF DATA
THAT IS A FUNCTION OF
THE MESSAGE.
TWO SIDES COOPERATE
TO EXCHANGE A
SESSION KEY, WHICH IS
A SECRET KEY FOR
SYMMETRIC
ENCRYPTION
GENERATED FOR USE
FOR A PARTICULAR
TRANSACTION (OR
SESSION) AND VALID
FOR A SHORT PERIOD
OF TIME. SEVERAL
DIFFERENT
APPROACHES ARE
POSSIBLE, INVOLVING
THE PRIVATE KEY(S) OF
ONE OR BOTH PARTIES
Public-Key cryptosystems can be classified in to Three
categorizes
ENCRYPTION/
DECRYPTION:
Digital
signature:
Key
exchange:
14. Requirements for
PKC
1. It is computationally easy for a party B to generate a key pair (public key PUb, private key
PRb).
2. It is computationally easy for a sender A, knowing the public key and the message to be
encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private
key to recover the original message: M = D(PRb, C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an adversary, knowing the public key, PUb, to determine the
private key, PRb
5. It is computationally infeasible for an adversary, knowing the public key, PUb, and a ciphertext,
C, to recover the original message, M.
6. The two keys can be applied in either order: M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)
15. Application for PKC
Algorithm Encryption / Decryption Digital Signature Key Exchange
RSA Yes Yes Yes
Elliptic Curve Yes Yes Yes
Diffie–Hellman No No Yes
DSS No Yes No
17. Public-Key
Cryptoanalysis
Try every Possible key Until an intelligible translation of the
cyphertext into plaintext is obtained.
Exhausted Key search and Guessing.
• Brute-Force Attack:
• Man-In-Middle Attack:
Combining known plaintext and chosen plaintext attacks by
performing computations in both directions to find matching
pairs.
• Known Plaintext Attack :
In a known plaintext attack, the cryptanalyst possesses
knowledge of both the plaintext and the corresponding
ciphertext. The objective is to determine the secret key or find
vulnerabilities in the encryption algorithm.
• Chosen Plaintext Attack
In a chosen plaintext attack, the cryptanalyst has the ability to
select specific plaintexts and obtain their corresponding
ciphertexts from the encryption system.