In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. The two keys are related mathematically; a message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key "locks" a lock (encrypts); but a different key is required to unlock it (decrypt). See also: Topics in cryptography The security of all practical encryption schemes remains unproven, both for symmetric and asymmetric schemes. ... Flowcharts are often used to represent algorithms. ... A key is a piece of information that controls the operation of a cryptography algorithm. ...

A postal analogy

An analogy which can be used to understand the advantages of an asymmetric system is to imagine two people, Alice and Bob, sending a secret message through the public mail. In this example, Alice has the secret message and wants to send it to Bob, after which Bob sends a secret reply. Alice and Bob are common archetypal characters used in explanations in fields such as cryptography and physics. ...

With a symmetric key system, Alice first puts the secret message in a box, and then locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message. Bob can then use the same padlock to send his secret reply. A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ...

In an asymmetric key system, Bob and Alice have separate padlocks. First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her. The critical advantage in an asymmetric key system is that Bob and Alice never need send a copy of their keys to each other. This substantially reduces the chance that a third party (perhaps, in the example, a corrupt postal worker) will copy a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were to be careless and allow someone else to copy his key, Alice's messages to Bob will be compromised, but Alice's messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

Actual algorithms -- two linked keys

Not all asymmetric key algorithms operate in precisely this fashion. The most common have the property that Alice and Bob each own two keys, one for encryption and one for decryption. In a secure asymmetric key encryption scheme, the decryption key should not be deducible from the encryption key. This is known as public-key cryptography, since the encryption key can be published without compromising the security of encrypted messages. In the analogy above, Bob might publish instructions on how to make a lock ("public key"), but the lock is such that it is impossible (so far as is known) to deduce from these instructions how to make a key which will open that lock ("private key"). Those wishing to send messages to Bob use the public key to encrypt the message; Bob uses his private key to decrypt it. Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ...

Weaknesses

Of course, there is the possibility that someone could "pick" Bob's or Alice's lock. Unlike the case of the one-time pad or its equivalents, there is no currently known asymmetric key algorithm which has been proven to be secure against a mathematical attack. That is, it is not known to be impossible that some relation between the keys in a key pair, or a weakness in an algorithm's operation, might be found which would allow decryption without either key, or using only the encryption key. The security of asymmetric key algorithms is based on estimates of how difficult the underlying mathematical problem is to solve. Such estimates have changed both with the decreasing cost of computer power, and with new mathematical discoveries. In cryptography, the one-time pad (OTP) is the only theoretically unbreakable method of encryption: the plaintext is combined with a random pad the same length as the plaintext. ...

This might not be as weak as imagined though. If an estimate of how long (by brute force) it takes to crack a code is say 1000 years then if it was used to encrypt your credit card details they would be perfectly safe – because the time to decrypt the details is longer than the useful life of those details (your credit card expires after a few years).

Weaknesses have been found for promising asymmetric key algorithms in the past. The 'knapsack packing' algorithm was found to be insecure when an unsuspected attack came to light. Recently, some attacks based on careful measurements of the exact amount of time it takes known hardware to encrypt plain text have been used to simplify the search for likely decryption keys. Thus, use of asymmetric key algorithms does not ensure security; it is an area of active research to discover and protect against new and unexpected attacks.

Another potential weakness in the process of using asymmetric keys is the possibility of a 'Man in the middle' attack, whereby the communication of public keys is intercepted by a third party and modified to provide the third party's own public keys instead. The encrypted response also must be intercepted, decrypted and re-encrypted using the correct public key in all instances however to avoid suspicion, making this attack difficult to implement in practice. The attack is not impossible, and an evil staff member at Alice or Bob's ISP might find it outright easy. This form of attack is being addressed by the development of key distribution methods that can ensure sender authenticity and message integrity, even over insecure channels. In cryptography, a man in the middle attack (MTM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. ... Key exchange is any method in cryptography which, naturally, exchanges keys between users, allowing use of a cryptographic algorithm. ... In computer security, authentication (Greek: αυθεντικός, from authentes=author) is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party. ... In telecommunication, the term data integrity has the following meanings: The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. ...

History

The first known asymmetric key algorithm was invented by Clifford Cocks of GCHQ in the UK. It was not made public at the time, and was reinvented by Rivest, Shamir, and Adleman at MIT in 1976. It is usually referred to as RSA as a result. RSA relies for its security on the difficulty of factoring very large integers. A breakthrough in that field would cause considerable problems for RSA's security. Currently, RSA is vulnerable to an attack by factoring the 'modulus' part of the public key, even when keys are properly chosen, for keys shorter than perhaps 700 bits. Most authorities suggest that 1024 bit keys will be secure for some time, barring a fundamental breakthrough in factoring practice, but others favor even longer keys. Clifford Christopher Cocks is a British mathematician and cryptographer at GCHQ who invented the widely-used encryption algorithm now commonly known as RSA, about three years before it was independently developed by Rivest, Shamir, and Adleman at MIT. He has not been generally recognised for this achievement because his work... The Government Communications Headquarters (GCHQ) (previously named the Government Code and Cipher School (GC&CS)) is the main British intelligence service providing signals intelligence (SIGINT). ... Professor Ron Rivest Professor Ronald Linn Rivest (born 1947, Schenectady, New York) is a cryptographer, and is the Viterbi Professor of Computer Science at MITs Department of Electrical Engineering and Computer Science. ... Adi Shamir at the CRYPTO 2003 conference. ... Leonard Adleman Leonard Adleman (born December 31, 1945) is a theoretical computer scientist and professor of computer science and molecular biology at the University of Southern California. ... The Massachusetts Institute of Technology, or MIT, is a research institution and university located in the city of Cambridge, Massachusetts directly across the Charles River from Bostons Back Bay district. ... In cryptography, RSA is an algorithm for public key encryption. ...

At least two other asymmetric algorithms were invented after the GCHQ work, but before the RSA publication. These were the Ralph Merkle puzzle cryptographic system and the Diffie-Hellman system. Well after RSA's publication, Taher Elgamal invented the Elgamal discrete log cryptosystem which relies on the difficulty of inverting logs in a finite field. It is used in the SSL, TLS, and DSA protocols. In cryptography, Merkles Puzzles is an early construction for a public-key cryptosystem, a protocol devised by Ralph Merkle in 1974 and published in 1978. ... Diffie-Hellman key exchange is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communication channel. ... Dr. Taher Elgamal (sometimes seen El Gamal and ElGamal, but Elgamal is preferred, see below) is an American-Egyptian cryptographer who published in 1985 a paper titled A Public key Cryptosystem and A Signature Scheme based on discrete Logarithms in which he proposed the design of the ElGamal discrete log... The ElGamal algorithm is an asymmetric key encryption algorithm for public key cryptography which is based on discrete logarithms. ... Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ... Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ... Alternate meanings for the abbreviation DSA: See DSA (disambiguation) The Digital Signature Algorithm (DSA) is a United States Federal Government standard for digital signatures. ...

A relatively new addition to the class of asymmetric key algorithms is elliptic curve cryptography. While it is more complex computationally, many believe it to represent a more difficult mathematical problem than either the factorisation or discrete logarithm problems. Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the mathematics of elliptic curves. ... This article is about the mathematical concept. ... In abstract algebra and its applications, the discrete logarithms are defined in group theory in analogy to ordinary logarithms. ...

Practical limitations and hybrid cryptosystems

One drawback of asymmetric key algorithms is that they are much slower (factors of 1000+ are typical) than comparably secure symmetric key algorithms. In actual practice, both types are used, known as a hybrid cryptosystem. The receiver's public key encrypts a symmetric algorithm key which is used to encrypt the main message. This combines the virtues of both algorithm types when properly done. A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ... A symmetric-key algorithm is an algorithm for cryptography that uses the same cryptographic key to encrypt and decrypt the message. ...