|
Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. Cryptography has had a long and colourful history. ...
A key is a piece of information that controls the operation of a cryptography algorithm. ...
A key is a piece of information that controls the operation of a cryptography algorithm. ...
The term asymmetric key cryptography is a synonym for public key cryptography.
In public key cryptography, the private key is generally kept secret, while the public key may be widely distributed. In a sense, one key "locks" a lock; while the other is required to unlock it. It should not be possible to deduce the private key of a pair given the public key.
There are many forms of public-key cryptography, including:
- public key encryption — keeping a message secret from anyone that does not possess a specific private key.
- public key digital signature — allowing anyone to verify that a message was created with a specific private key.
- key agreement — generally, allowing two parties that may not initially share a secret key to agree on one.
Typically, public-key techniques are much more computationally intensive than purely symmetric algorithms, but the judicious use of these techniques enables a wide variety of applications. In cryptography, encryption is the process of obscuring information to make it unreadable without special knowledge. ...
Digital signature (or public key digital signature) is a type of method for authenticating digital information analogous to ordinary physical signatures on paper, but implemented using techniques from the field of public key cryptography. ...
In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. ...
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption. ...
History
For most of the history of cryptography, a key had to be kept absolutely secret and would be agreed upon beforehand using a secure, but non-cryptographic, method; for example, a face-to-face meeting or a trusted courier. There are a number of significant practical difficulties in this approach to distributing keys. Public-key cryptography was invented to address these drawbacks — with public-key cryptography, users can communicate securely over an insecure channel without having to agree upon a shared key beforehand. The history of cryptography dates back thousands of years, and for the most part, it has been the history of classical cryptography; that is, methods of encryption which can be performed using pen and paper (or perhaps with simple mechanical aids). ...
Key distribution is done through public key servers. ...
The first invention (*) of an asymmetric key algorithm was by Clifford Cocks, then a recent mathematics graduate and a new staff member at GCHQ in the UK) early in the 1970s. This fact was kept secret until 1997. Clifford Christopher Cocks is a British mathematician and cryptographer at GCHQ who invented the widely-used encryption algorithm now commonly known as RSA, about three years before it was independently developed by Rivest, Shamir, and Adleman at MIT. He has not been generally recognised for this achievement because his work...
The Government Communications Headquarters (GCHQ) (previously named the Government Code and Cipher School (GC&CS)) is the main British intelligence service providing signals intelligence (SIGINT). ...
An asymmetric key cryptosystem was published in 1976 by Diffie and Hellman, who, influenced by Merkle's work on public key distribution, disclosed a method of public key agreement. This method of exponential key exchange, which came to be known as Diffie-Hellman key exchange, was the first published practical method for establishing a shared secret key over an unprotected communications channel without using a prior shared secret. Merkle's public key agreement technique known as Merkle's Puzzles was published in 1978. Diffie-Hellman key exchange (alternatively key agreement or key negotiation) is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communications channel. ...
In cryptography, Merkles Puzzles is an early construction for a public-key cryptosystem, a protocol devised by Ralph Merkle in 1974 and published in 1978. ...
The Cocks method was reinvented in 1977 by Rivest, Shamir and Adleman all then at MIT. The latter authors published their work in 1978, and the algorithm appropriately came to be known as RSA. RSA uses exponentiation modulo a product of two large primes to encrypt and decrypt, performing both public key encryption and public key digital signature, and its security is based on the presumed difficulty of factoring large integers. Professor Ron Rivest Professor Ronald Linn Rivest (born 1947, Schenectady, New York) is a cryptographer, and is the Viterbi Professor of Computer Science at MITs Department of Electrical Engineering and Computer Science. ...
Adi Shamir at the CRYPTO 2003 conference. ...
Leonard Adleman Leonard Adleman (born December 31, 1945) is a theoretical computer scientist and professor of computer science and molecular biology at the University of Southern California. ...
The Massachusetts Institute of Technology, or MIT, is a research and educational institution located in the city of Cambridge, Massachusetts, USA. MIT is a world leader in science and technology, as well as in many other fields, including management, economics, linguistics, political science, and philosophy. ...
1978 was a common year starting on Sunday (the link is to a full 1978 calendar). ...
In cryptography, RSA is an algorithm for public key encryption. ...
In mathematics, a prime number (or prime) is a natural number greater than one whose only positive divisors are one and itself. ...
(*) Apparently not wanting to appear outdone, the NSA — the US signals security agency — has also claimed to have invented public-key cryptography, in the 1960s; however, there is currently (as of 2004) little supporting public evidence for their claims [1]. NSA can stand for: National Security Agency of the USA The British Librarys National Sound Archive This page concerning a three-letter acronym or abbreviation is a disambiguation page — a navigational aid which lists other pages that might otherwise share the same title. ...
1960 was a leap year starting on Friday (link will take you to calendar). ...
2004 is a leap year starting on Thursday of the Gregorian calendar. ...
Since the 1970's, a large number and variety of encryption, digital signature, key agreement, and other techniques have been developed in the field of public key cryptography. The ElGamal cryptosystem (invented by Taher Elgamal then of Netscape) relies on the (similar, and related) difficulty of the discrete logarithm problem, as does the closely related DSA developed by the NSA and NIST. The introduction of elliptic curve cryptography by Neal Koblitz in the mid '80s has yielded a new family of analogous public key algorithms. Although mathematically more complex, elliptic curves appear to provide a more efficient way to leverage the discrete logarithm problem, particularly with respect to key size. The ElGamal algorithm is an asymmetric key encryption algorithm for public key cryptography which is based on discrete logarithms. ...
Dr. Taher Elgamal (sometimes seen El Gamal and ElGamal, but Elgamal is preferred, see below) is an American-Egyptian cryptographer who published in 1985 a paper titled A Public key Cryptosystem and A Signature Scheme based on discrete Logarithms in which he proposed the design of the ElGamal discrete log...
Netscape Communications Corporation was the publisher of the Netscape Navigator web browser as well as many other internet and intranet client and server software products. ...
In abstract algebra and its applications, the discrete logarithms are defined in group theory in analogy to ordinary logarithms. ...
Alternate meanings for the abbreviation DSA: See DSA (disambiguation) The Digital Signature Algorithm (DSA) is a United States Federal Government standard for digital signatures. ...
As a non-regulatory agency of the United States Department of Commerce’s Technology Administration, the National Institute of Standards (NIST) develops and promotes measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. ...
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the mathematics of elliptic curves. ...
Neal Koblitz is a Professor of Mathematics in the University of Washington in the Department of Mathematics. ...
In abstract algebra and its applications, the discrete logarithms are defined in group theory in analogy to ordinary logarithms. ...
In cryptography, the key size (alternatively key length) is a measure of the number of possible keys which can be used in a cipher. ...
Security Regarding security, there is nothing especially more secure about asymmetric key algorithms than symmetric key algorithms. There are popular ones and unpopular ones. There are broken ones and ones that are (at least) not (yet) broken. Unfortunately, popularity is not a reliable indicator of security. Some algorithms have security proofs with various properties, and of varying quality. Many proofs claim that breaking an algorithm, with respect to some well-defined security goals, is equivalent to solving one of the more popular mathematical problems that are presumed to be intractible, like factoring or discrete logarithm. And some proofs have been shown to be broken too. In general, none of these algorithms has been proved secure in as absolute a sense as the one-time pad has. As with all cryptographic algorithms, these algorithms must be chosen and used with care. In cryptography, the one-time pad (OTP) is the only theoretically unbreakable method of encryption: the plaintext is combined with a random pad the same length as the plaintext. ...
Applications The most obvious application of a public key encryption system is confidentiality; a message which a sender encrypts using the recipient's public key can only be decrypted by the recipient's paired private key. Confidentiality has been defined by the International Standards Organization (ISO) as ensuring that information is accessible only to those authorized to have access and is one of the cornerstones of Information security. ...
Public-key digital signature algorithms can be used for sender authentication. For instance, a user can encrypt a message with his own private key and send it. If another user can successfully decrypt it using the corresponding public key, this provides assurance that the first user (and no other) sent it. Digital signature (or public key digital signature) is a type of method for authenticating digital information analogous to ordinary physical signatures on paper, but implemented using techniques from the field of public key cryptography. ...
In computer security, authentication (Greek: αυθεντικός, from authentes=author) is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party. ...
These characteristics are useful for many other, sometimes surprising, applications, like digital cash, password-authenticated key agreement, multi-party key agreement, etc. Digital cash is usually a plastic smart card or any other key-like item, which can substitute cash in small quantities for certain purposes - i. ...
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more partys knowledge of a password. ...
Practical considerations
A postal analogy An analogy which can be used to understand the advantages of an asymmetric system is to imagine two people, Alice and Bob, sending a secret message through the public mail. In this example, Alice has the secret message and wants to send it to Bob, after which Bob sends a secret reply. Alice and Bob are common archetypal characters used in explanations in fields such as cryptography and physics. ...
With a symmetric key system, Alice first puts the secret message in a box, and then locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and reads the message. Bob can then use the same padlock to send his secret reply. Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related cryptographic keys for both decryption and encryption. ...
In an asymmetric key system, Bob and Alice have separate padlocks. First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alice's open padlock to lock the box before sending it back to her.
The critical advantage in an asymmetric key system is that Bob and Alice never need send a copy of their keys to each other. This substantially reduces the chance that a third party (perhaps, in the example, a corrupt postal worker) will copy a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were to be careless and allow someone else to copy his key, Alice's messages to Bob will be compromised, but Alice's messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.
Actual algorithms -- two linked keys Not all asymmetric key algorithms operate in precisely this fashion. The most common have the property that Alice and Bob each own two keys, one for encryption and one for decryption. In a secure asymmetric key encryption scheme, the decryption key should not be deducible from the encryption key. This is known as public-key encryption, since the encryption key can be published without compromising the security of encrypted messages. In the analogy above, Bob might publish instructions on how to make a lock ("public key"), but the lock is such that it is impossible (so far as is known) to deduce from these instructions how to make a key which will open that lock ("private key"). Those wishing to send messages to Bob use the public key to encrypt the message; Bob uses his private key to decrypt it. PKC, see PKC (disambiguation) Public-key cryptography is a form of modern cryptography which allows users to communicate securely without previously agreeing on a shared secret key. ...
Weaknesses Of course, there is the possibility that someone could "pick" Bob's or Alice's lock. Unlike the case of the one-time pad or its equivalents, there is no currently known asymmetric key algorithm which has been proven to be secure against a mathematical attack. That is, it is not known to be impossible that some relation between the keys in a key pair, or a weakness in an algorithm's operation, might be found which would allow decryption without either key, or using only the encryption key. The security of asymmetric key algorithms is based on estimates of how difficult the underlying mathematical problem is to solve. Such estimates have changed both with the decreasing cost of computer power, and with new mathematical discoveries. In cryptography, the one-time pad (OTP) is the only theoretically unbreakable method of encryption: the plaintext is combined with a random pad the same length as the plaintext. ...
This might not be as weak as imagined though. If an estimate of how long (by brute force) it takes to crack a code is say 1000 years then if it was used to encrypt your credit card details they would be perfectly safe – because the time to decrypt the details is longer than the useful life of those details (your credit card expires after a few years).
Weaknesses have been found for promising asymmetric key algorithms in the past. The 'knapsack packing' algorithm was found to be insecure when an unsuspected attack came to light. Recently, some attacks based on careful measurements of the exact amount of time it takes known hardware to encrypt plain text have been used to simplify the search for likely decryption keys. Thus, use of asymmetric key algorithms does not ensure security; it is an area of active research to discover and protect against new and unexpected attacks.
Another potential weakness in the process of using asymmetric keys is the possibility of a 'Man in the middle' attack, whereby the communication of public keys is intercepted by a third party and modified to provide the third party's own public keys instead. The encrypted response also must be intercepted, decrypted and re-encrypted using the correct public key in all instances however to avoid suspicion, making this attack difficult to implement in practice. The attack is not impossible, and an evil staff member at Alice or Bob's ISP might find it outright easy. This form of attack is being addressed by the development of key distribution methods that can ensure sender authenticity and message integrity, even over insecure channels. In cryptography, a man in the middle attack (MTM) is an attack in which an attacker is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. ...
Key exchange is any method in cryptography which, naturally, exchanges keys between users, allowing use of a cryptographic algorithm. ...
In computer security, authentication (Greek: αυθεντικός, from authentes=author) is the process by which a computer, computer program, or another user attempts to confirm that the computer, computer program, or user from whom the second party has received some communication is, or is not, the claimed first party. ...
In telecommunication, the term data integrity has the following meanings: The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. ...
Computational cost Note that most public key algorithms are relatively computationally costly, in comparison with many symmetric key algorithms of apparently equivalent security. This fact has important implications for their practical use. Most are used in hybrid cryptosystems for reasons of efficiency; in such a cryptosystem, a secret key ("session key") is generated for each message and used to encrypt the message; the much briefer session key is then encrypted to each recipient's public key. The recipient uses the corresponding private key to decrypt the session key, which she then uses to decrypt the message.
Associating public keys with identities Furthermore, the binding between a public key and its 'owner' must be correct, lest the algorithm function perfectly and yet be entirely insecure in practice. As with most cryptography, the protocols used to establish and verify this binding are critically important. Associating a public key with its owner is typically done by protocols implementing a public key infrastructure; these allow the validity of the association to be formally verified by reference to a trusted third party, either in the form of a hierarchical certificate authority (eg, X.509), a local trust model (eg, SPKI), or a statistical web of trust (eg, PGP and GPG). Whatever the cryptographic assurance of the protocols themselves, the association between a public key and its owner is ultimately a matter of subjective judgement on the part of the trusted third party, since the key is a mathematical entity whilst the owner and the connection between owner and key is not. For this reason, the formalism of a public key infrastructure provides for explicit statements of the policy followed when making this judgement. For example, the X.509 standard allows a certificate authority to identify its policy by means of an object identifier which functions as an index into a catalogue of registered policies. Policies may exist for many different purposes, ranging from anonymity to military classification. A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods. ...
In cryptography, a public key infrastructure (PKI) is an arrangement which provides for third-party vetting of, and vouching for, user identities. ...
In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. ...
In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...
In cryptography, X.509 is an ITU-T standard for public key infrastructure (PKI). ...
Simple public key infrastructure (SPKI, pronounced spoo-key) was born out of a joint effort to overcome the overcomplication and scalability problems of traditional X.509 PKI. External links SPKI homepage, JSDSI (open source development effort) CDSA (open source development effort). ...
In cryptography, a web of trust is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and a user. ...
Pretty Good Privacy (PGP) is a computer program which provides cryptographic privacy and authentication. ...
The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License. ...
In cryptography, a public key infrastructure (PKI) is an arrangement which provides for third-party vetting of, and vouching for, user identities. ...
A policy is a plan of action for tackling political issues. ...
In cryptography, a certificate authority or certification authority (CA) is an entity which issues digital certificates for use by other parties. ...
An Object identifier or OID is an identifier used to name an object (compare URN). ...
Examples Examples of well-regarded public key techniques include: Examples of not well regarded asymmetric key algorithms include: Diffie-Hellman key exchange is a cryptographic protocol which allows two parties to agree on a secret key over an insecure communication channel. ...
In cryptography, RSA is an algorithm for public key encryption. ...
The ElGamal algorithm is an asymmetric key encryption algorithm for public key cryptography which is based on discrete logarithms. ...
The Digital Signature Algorithm (DSA) is a United States Federal Government standard for digital signatures. ...
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the mathematics of elliptic curves. ...
In cryptography, a password-authenticated key agreement method is an interactive method for two or more parties to establish cryptographic keys based on one or more partys knowledge of a password. ...
The Paillier cryptosystem is an asymmetric algorithm for public key cryptography, invented by Pascal Paillier in 1999. ...
In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. ...
- Merkle-Hellman the 'knapsack' algorithms
Examples of protocols using asymmetric key algorithms include: Merkle-Hellman (MH) was one of the earliest public key cryptosystems invented by Ralph Merkle and Martin Hellman in 1978. ...
In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. ...
Pretty Good Privacy (PGP) is a computer program which provides cryptographic privacy and authentication. ...
The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software, released under the GNU General Public License. ...
An Open Specification for Pretty Good Privacy (openpgp) OpenPGP is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440. ...
It has been suggested that this article or section be merged with SSH file transfer protocol. ...
Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ...
The Internet Engineering Task Force (IETF) is charged with developing and promoting Internet standards. ...
Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ...
See also |
Feeds |
Contact