09Feb2006 Public-key cryptography CIS551 / TCOM 401
Motivation for Public-Key Cryptography:
- Weakest link: Shared-key (private-key) cryptography
suffers from key-management issues How could the communicating entities
securely agree on the shared-key before secure communication can begin?
Communicating the shared-key securely is a typical case of Catch-22
- Overhead: Keys should be pro-actively refreshed to
keep the damage of a shared-key compromise in control (attacker cannot
enjoy a perpetual utility from a compromised key, that way).
- Key generation: When there are n entities involved in
communication, the number of shared-keys required are of the O(square(n)).
- Historical perspective: Enigma a German
poly-alphabetic crypto system based on shared key was compromised by the
allies not because of its cryptographic weakness but because of the
key-management issues that are innate to shared-key cryptography (and
- How does it work? Every communicating entity has its
own <private key, public key> combination. The public key, as the
name suggests, is known to all the communicating entities (more like a
telephone directory listing). The private key is known only to the associated
entity (private to the entity) and the security of Public-Key cryptography
depends on the fact that only this entity has the knowledge of
private-key. In its usual form, any communication to an entity is
encrypted using its public key and the receiving entity decrypts the
message using its private key.
- Positive Consequences:
- Key agreement: No longer do the communicating
entities need to have an agreement on a common key for encryption as well
as decryption. This is attributed to the fact that encryption and
decryption do not use the same key (as opposed to shared-key
cryptography). For this reason, the suite of public-key algorithms is
also called asymmetric cryptography.
- Key generation: Since, each entity (and not each
communication instance) requires its own <public key, private key>
combination, the number of keys required when n communicating entities
are involved is of the O(n).
- Side-effects: Since the private-key is known only
to the associated entity and no one else, this fact could be exploited to
assure authenticity that the message is received from an authenticated
sender. This is exactly what digital signature algorithms make use of.
The roles of public and private key are reversed, i.e., encryption is
done using the private key of the sender and the decryption is done using
the public key of the sender. If the message was successfully decrypted
(usually, the decrypted message is matched against a template), it is a
proof that the message came from the entity corresponding to the public
key used in decrypting the message.
- Negative Consequence:
- Since the central idea in public-key cryptography
is use of one-way (or near one-way) functions (which are computationally
complex), public-key cryptography are typically of the order of power(10,
3) slower than secret-key algorithms. It would be quite inconceivable to
perform the whole communication using computationally expensive and time
consuming public-key cryptography.
- Best of both the worlds (Secret & Public):
Attributed to the key-communication and computational cost weaknesses of
secret and public-key cryptographies, respectively, it is usual for an
implementation to use public-key cryptography only during the initial
(hand-shake) part of the communication and communicate the secret-key for
the communication session. The communication, from then on, would proceed
using the performance-friendly secret-key cryptography.
Implementation of Public-Key
- Rivest (R), Shamir (S) & Adleman (A)
are mathematicians who worked on resolving the key-management issues with
Secret-key cryptography. It was long understood that one-way functions are
the resolution to this issue. They proposed a one-way function in 1979 the
implementation of which effectively became the RSA algorithm.
- The central idea is that it is hard to factorize a
number n whose factors are two relatively large prime numbers, pf1
& pf2. Hence, pf1 * pf2 is effectively a one-way function as given
n and just n it is hard to find pf1 and pf2. Hence, there is no
harm in making n public (part of the public key in RSA). The private key
is a function of pf1 and pf2 (apart from another parameter another
component of public key). The private key is such that it would
effectively reverse the operation on the message with the public key (the vice
versa is true as well Both private and public key negate each other.).
Since the attacker contemplated with a cipher text encrypted with RSA has
only the public value n (apart from the other component of public key)
and it is computationally tedious to factorize n into pf1 and pf2,
and hence, determine the private key, RSA provides good security without
the hassles of secure key-sharing.
- Arithmetic reasoning behind why RSA works: Slides are
- Is RSA the absolute security? No! The security
provided by RSA is not absolute. It is deemed that under the availability
of current computing resources, RSA is computationally hard to crack. But,
what is computationally possible keeps evolving There are already
considerable work being done on Quantum computing, that, when made a
reality, would render RSA ineffective.
- Idiosyncrasy: Because of the function, power(message, encryption key) mod n, that is central
to RSA encryption as well as decryption, it is obvious that for values of
message block, 0 & 1, the RSA encryption does nothing but return the
message as is. In order to prevent this from compromising the security,
there are padding standards that are used to make the message less sparse
by deliberately introducing pre-determined sequence of bits at
pre-determined positions before encryption.