Cryptography Reference
In-Depth Information
Adversary
Ciphertext
Y
Plaintext
X
Encryption
Decryption
Y
X
Key
Key
K
K
Exchange
A
Exchange
B
AUTHENTICATED
Figure 9.2.
Secure Channel Setup by a Key Exchange Protocol.
for this extra channel is not confidentiality, it is indeed authentication; the sender of
the encrypted message must be ensured that the public key he uses is the appropriate
one.
We clearly see here that encryption and decryption are essentially
asymmetric
:
only the recipient of the ciphertext needs to have access to the secret key in order to
decrypt. In conventional cryptography, the secret key had to be used for both encryption
and decryption, and decryption was essentially the same operation as encryption in an
opposite order. Asymmetry is better (here) since we should not have access to a secret
in order to be able to encrypt. In addition, the secret key is the secret of a person instead
of being the secret of a pair of users.
Of course, this benefit has a cost: public-key cryptosystems are much more involved
(both in terms of human being understanding and in terms of computer operations); they
are quite rare (Diffie and Hellman did not provide any example of such a cryptosystem:
they gave the notion of such a thing without proving it actually existed); as conventional
cryptosystems, their security is not guaranteed, and is often more risky to claim.
9.1.2 The Diffie-Hellman Key Agreement Protocol
Although Diffie and Hellman did not provide any example of a public-key cryptosystem,
they proposed a concrete
key agreement protocol
. The aim of this protocol is to generate
a common secret key between two parties over an insecure (but authenticated) channel
which can later be used with conventional cryptography (see Fig. 9.2). This kind of
protocol is also often called
key exchange protocol
, but there is no real exchange here
since the key is randomly generated.
3
3
For this some authors distinguish “key exchange,” “key transfer,” and “key agreement.”
Search WWH ::
Custom Search