What is asymmetric (public key) encryption?

 

As we mentioned before, the main problem with symmetric encryption or private key encryption is the distribution of the key.  The point with asymmetric encryption is that it allows the exchange of secret information in public domain and without the requirement for exchange of secret (the key) in advance of communication.  There is still a need for the obtaining of a key but it does not happen in secret.

 

The public key algorithms are based on a series of arithmetical computations.  Instead of one key for both encryption and decryption processes as it is the case with symmetric encryption, there is a pair of associated keys, one of which is called private and the other public.  The way algorithms work is that if one encrypts with one of the keys (either the private or the public), the resulting cyphertext can only be decrypted using the other key in that pair.  Sender encrypts using receiver's public key.  Encrypted message is forwarded to the receiver in public domain.  Receiver decrypts the cyphertext using his private key.  Therefore, the idea is that the receiver would need to have a pair of matching keys, one referred to as private and the other as public.  Public key can be forwarded to the sender without the requirement for secrecy.

 

 

In actual fact the initial obtaining of the key does not take place until the sender (client) sends a message to the receiver (the server) stating that it requires secure communication.  At this stage server sends its public key to the client with essentially no prior arrangements. In fact if both sender and receiver obtain their own pair of keys they could communicate securely and without the need for arrangements in advance.  Also note that neither party discloses his private key of his pair. This is off course of limited application to online trading as it assumes that consumers hold a pair of keys. In fact SSL protocol is employed for the exchange of a symmetric session key between the consumer client and the merchant server.

 

The development of public key cryptography is undoubtedly one of the major breakthroughs of 20th century and notably it was sometime during mid 1070s that a number of different groups of workers developed algorithms for secure communication in public almost at the same time.  The first of group of workers were Whitfield Diffie and Martin Hellman and their algorithm is referred to as Diffie-Hellman.  According to this algorithm, the two communicating parties can produce a shared secret value that can be used as the key for symmetric encryption.  This is done through exploitation of mathematical procedure that if 'x' is raised first to the power of 'y' and the result is then raised to the power of 'z', sequence does not play a part.

 

The way it works is that both of the parties have a pair of numbers that could be hard coded or they could obtain from the server.  One is "p" that is a large prime number and the other is "b" that is smaller than "p" and referred to as the base.

 

 

"X" and "Y" are generated at the two computers (both "X" and "Y" are less than "p-1"). The two entities and  are calculated at Ken and Barbie respectively and forwarded to counterparts.  The two entities and are then calculated at Ken and Barbie respectively.  These two entities are equal and used as key for symmetric encryption.  This is referred to as Diffie-Hellman's key agreement.

 

The other teams also exploited difficult to crack mathematical formulations for the encryption algorithm.  Notably one should mention public key cryptosystem RSA (Rivest, Shamir, and Adelman).  RSA is the most popular public key algorithm in use and it uses keys that range from 512 bits to 1024 bits.  The size of the key depends on the algorithm being used and the useful life of information. The size of key is rapidly changing due to increase in computational power and technological advances.   To give some idea if you consider a key of "n" bits, in order to hack the key one must try " "different variations (possible keys).  A key of 56 bits therefore would mean " " number of keys to try and if computational power is such that we can try 1.6 million keys per second to break the cipher, it may take up to 1428 years to do it.

 

Work out how many years it may take to try all possible 128 bits keys to decrypt cipher, if computational power is such that you can try 10 million keys per second.

 

 

 

 

RSA algorithm is a development of Diffie-Hellman's idea.  Consider that if you have two different prime numbers 'p' and 'q', from 'pq', the product of the two numbers it is very difficult to determine 'p' and 'q'.  This off course is only true if the two numbers are sufficiently large.  For example '15' would quite easily suggest '3' and '5' as the prime numbers.  However '311822296686307' would provide us with very few clues as to what the two prime numbers are.  RSA's algorithm is based on modular exponentiation and it works as follows:

 

Receiver

Sender
  • Two large and different prime numbers are chosen,  and . Let
  • Two other numbers  and  are worked out such
  • Receiver publishes two pieces of information:
    • Public key; Two numbers
    • Encryption algorithm; Modular exponentiation
  •  works as the receiver's private key and is kept secret

 

 

 

 

 

 

  • Message  is recovered as follows;

 

 

 

 

 

 

 

 

 

 

 

  • Sender looks up receiver's public key and encryption algorithm in public domain, i.e. yellow pages, etc.
  • Message  is encrypted to form the cipher  as follows;
  •  is sent to the receiver

 

 

Note that  is equivalent to the remainder of mathematical operation ,

 

Do a little bit of research on the Web to find out about at least two other algorithms.