Public key cryptography
Public key cryptography was invented in 1976 by Martin Hellman and Whitfield Diffie of Stanford University. Often called asymmetric cryptography, this scheme requires two keys. Applying one key encrypts the plaintext, while applying the other key decrypts the ciphertext; it does not matter which key is applied first. This scheme was developed to solve the key exchange problem associated with secret key cryptography.
The most common public key cryptography scheme used today is called RSA, named for its inventors: Ronald Rivest, Adi Shamir, and Leonard Adleman. The RSA scheme uses a variable size encryption block and a variable size key. The public and private keys are derived from a very large number, n, that is the product of two prime numbers chosen according to special rules; these primes will typically have 100 or more digits each. The public key includes n and a derivative of one of the factors of n. An attacker cannot determine the other factor from this information alone, and that is what makes RSA so secure. The ability for computers to factor large numbers is rapidly improving, however; in May 1994, a team from Bellcore cracked a message that was encoded in 1977 with RSA using a 129 digit key. The protection of RSA, of course, is that users can increase the key size to always stay ahead of the computers! RSA is employed in hundreds of software products.
These schemes give users a measure of privacy in sending email across the public Internet. For example, in the visual Carol has created a set of keys for secure transmissions. Using a public key program, such as Pretty Good Privacy (PGP), Carol has generated a private key that she keeps to herself, as well as a public key that she widely distributes. Now when Alice wants to send a private email to Carol, she uses the public key from Carol to encrypt the message, and only Carol, as the single holder of the associated private key, can decode the message. How does Carol return Alice a secure transmission? She uses Alice’s public key.
This approach can also verify the integrity of a message itself, as well as who the sender is. Using the same pair of keys, Carol can send Bob a message that Bob knows is definitely from Carol—he can also be sure that the message has not been tampered with. Carol can have her encryption program “sign” the email with her private key. Bob will run the message through his software using her public key, which will assure him, when Carol’s plaintext appears, that Carol did send this exact message.
If someone intercepts the message and changes anything, when Bob receives it and decodes the information using Carol’s public key, the program will alert him. Similarly, if someone other than Carol sends Bob a message purporting to be Carol, when Bob has his encryption program decode the file with Carol’s public key, he will be warned. Only Carol, with her private key, can possibly sign messages that will be successfully decoded with her public key; and once signed, the files cannot be manipulated without Bob learning of it. Both encrypting and signing a message provide extra security. The scenario presented here is greatly simplified. Due to the inherent slowness of public key cryptography, it is usually used in conjunction with secret keys and hash functions to improve performance.
|<mp3>http://podcast.hill-vt.com/podsnacks/2007q4/pkc.mp3%7Cdownload</mp3> | Public key cryptography (PKC)|