About this blog

Welcome guest,

Here is a Weblog which discuss all about Public key Cryptography(PKC). The content of this blog is updated from different sources like other similar blogs, books, and etc. So everything related to this PKC is found here.

And I hope this blog will be useful for students, lecturers and learners as everything related to PKC are explained here, in a simple and effective manner.

Thank you.

Saturday, February 28, 2009

Pros and Cons of Public-key Systems.

Public-key systems have a clear advantage over symmetric algorithms: there is no need to agree on a common key for both the sender and the receiver. As seen in the previous example, if someone wants to receive an encrypted message, the sender only needs to know the receiver's public key (which the receiver will provide; publishing the public key in no way compromises the secure transmission). As long as the receiver keeps the private key secret, no one but the receiver will be able to decrypt the messages encrypted with the corresponding public key. This is due to the fact that, in public-key systems, it is relatively easy to compute the public key from the private key, but very hard to compute the private key from the public key (which is the one everyone knows). In fact, some algorithms need several months (and even years) of constant computation to obtain the private key from the public key.

Another important advantage is that, unlike symmetric algorithms, public-key systems can guarantee integrity and authentication, not only privacy. The basic communication seen above only guarantees privacy. We will shortly see how integrity and authentication fit into public-key systems.

The main disadvantage of using public-key systems is that they are not as fast as symmetric algorithms. Public key algorithms are powerful but this, in turn, adds a computation cost. The amount of Computation needed in public key algorithms is typically several orders of magnitude more than the amount of computation needed for symmetric key algorithms.

Posted by at 1 comment:

Digital Signatures: Integrity in Public-Key Systems

Integrity is guaranteed in public-key systems by using digital signatures. A digital signature is a piece of data which is attached to a message and which can be used to find out if the message was tampered with during the conversation (e.g. through the intervention of a malicious user).

The digital signature for a message is generated in two steps:

  1. A message digest is generated. A message digest is a 'summary' of the message we are going to transmit, and has two important properties:

    1. It is always smaller than the message itself and

    2. Even the slightest change in the message produces a different digest.

    The message digest is generated using a set of hashing algorithms.

  2. The message digest is encrypted using the sender's private key. The resulting encrypted message digest is the digital signature.



Figure 6. Digital signatures

The digital signature is attached to the message, and sent to the receiver. The receiver then does the following:

  1. Using the sender's public key, decrypts the digital signature to obtain the message digest generated by the sender.

  2. Uses the same message digest algorithm used by the sender to generate a message digest of the received message.

  3. Compares both message digests (the one sent by the sender as a digital signature, and the one generated by the receiver). If they are not exactly the same, the message has been tampered with by a third party. We can be sure that the digital signature was sent by the sender (and not by a malicious user) because only the sender's public key can decrypt the digital signature (which was encrypted by the sender's private key; remember that what one key encrypts, the other one decrypts, and vice versa). If decrypting using the public key renders a faulty message digest, this means that either the message or the message digest are not exactly what the sender sent.


Using public-key cryptography in this manner ensures integrity, because we have a way of knowing if the message we received is exactly what was sent by the sender.

Posted by at 1 comment:
Labels:

Introduction to Public key Cryptography

Public-key algorithms are asymmetric algorithms and, therefore, are based on the sue of two different keys, instead of just one. In public-key cryptography, the two keys are called the Private key and the Public key.
  • Private key: This key must be known only by its owner.
  • Public key:This key is known to everyone (it is public).
  • Relation between both keys: What one key encrypts, the other one decrypts, and vice versa. It means that if A encrypts something with B’s public key (which A would know, because it's public), B would need his private key to decrypt the message.
Secure conversation using public-key cryptography:

In a basic secure conversation using public-key cryptography, the sender encrypts the message using the receiver's public key. The encrypted message is sent to the receiving end, who will decrypt the message with his private key. Only the receiver can decrypt the message because no one else has the private key. Also, the encryption algorithm is the same at both ends: what is encrypted with one key is decrypted with the other key using the same algorithm.


Key-pair Generation:

A public key cryptosystem is based on a “trap door one-way function,” that is, a function that is easy to compute in one direction and hard to compute in other direction. The purpose of the trap door is to ensure that an attacker cannot use the public information to recover the secret information.


Figure 5. Public key generation

Posted by at No comments:
Labels: , ,

Friday, February 27, 2009

Symmetric and Asymmetric key-based algorithms

Symmetric key-based algorithms use a single secret key for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must share a key in advance. Because symmetric encryption is less computationally intensive and requires less bandwidth, it is common to exchange a key using a key-exchange algorithm and transmit data using an enciphering scheme.



Figure 3. Key-based Symmetric algorithm

Asymmetric key-based algorithm uses two keys - the key used to encrypt a message differs from the key used to decrypt it. In this, a user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, while the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (i.e., in actual or projected practice) derived from the public key.



Figure 4. Key-based asymmetric algorithm
Posted by at 1 comment:
Labels: , , ,

Key-based Algorithms

A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a 'key'.

Figure 1. Key-based encryption

The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key':

Figure 2. Key-based decryption

Posted by at 1 comment:
Labels: , , ,

The Need for Cryptography

Security often requires that data be kept safe from unauthorized access. And the best line of defense is physical security (placing the machine to be protected behind physical walls). However, physical security is not always an option (due to cost and/or efficiency considerations). Instead, most computers are interconnected with each other openly, thereby exposing them and the communication channels that they use.

This problem can be broken down into five requirements that must be addressed:
  1. Confidentiality: assuring that private data remains private.
  2. Authentication: assuring the identity of all parties attempting access.
  3. Authorization: assuring that a certain party attempting to perform a function has the permissions to do so.
  4. Data Integrity: assuring that an object is not altered illegally.
  5. Non-Repudiation: assuring against a party denying a data or a communication that was initiated by them.

Modern cryptosystems are typically classified as either public-key or private-key. Private-key encryption methods, such as the Data Encryption Standard (DES), use the same key to both encrypt and decrypt data. The key must be known only to the parties who are authorized to encrypt and decrypt a particular message. Public-key cryptosystems, on the other hand, use different keys to encrypt and decrypt data. The public-key is globally available. The private-key is kept confidential.
Posted by at 1 comment:
Labels: ,

Introduction to Cryptography

The term ‘Cryptography’ is derived from the Greek word ‘Kryptos’. Kryptos is used to describe anything that is hidden, obscured, veiled, secret or mysterious. In the world of data communications, cryptography can be defined as follows:

Cryptography, defined as “the science and study of secret writing concerns the ways in which communications and data can be encoded to prevent disclosure of their contents through eavesdropping or message interception, using codes, ciphers and other methods, so that only certain people can see the real message”.

Encrypting is the act of translating a ‘normal message’ to a message written with ‘secret characters’ (also known as the encrypted message). Decrypting is the act of translating a message written with ‘secret characters’ into a readable message (the unencrypted message). It is, by far, one of the most important areas in computer security, since modern encryption algorithms can ensure all three pillars of a secure conversation: privacy, integrity, and authentication.
Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)