Cryptography Reference
In-Depth Information
17.1 Asymmetric Cryptosystems
The fundamental idea behind asymmetric cryptosystems was published in 1976
by Whitfield Diffie and Martin Hellman in the groundbreaking article “New
Directions in Cryptography” (see [Diff]). Asymmetric cryptosystems, in contrast
to symmetric algorithms, do not use a secret key employed both for encryption
and decryption of a message, but a pair of keys for each participant consisting
of a public key
E
for encryption and a different, secret, key
D
for decryption.
If the keys are applied to a message
M
one after another in sequence, then the
following relation must hold:
D
(
E
(
M
)) =
M.
(17.1)
One might picture this arrangement as a lock that can be closed with one key but
for which one needs a second key to unlock it.
For the sake of security of such a procedure it is necessary that a secret key
D
not be able to be derived from the public key
E
, or that such a derivation be
infeasible on the basis of time and cost constraints.
In contrast to symmetric systems, asymmetric systems enable certain
simplifications in working with keys, since only the public key of a participant
A
need be transmitted to a communication partner
B
for the latter to be in
a position to encrypt a message that only participant
A
, as possessor of the
secret key, can decrypt. This principle contributes decisively to the openness
of communication: For two partners to communicate securely it suffices to
agree on an asymmetric encryption procedure and exchange public keys. No
secret key information needs to be transmitted. However, before our euphoria
gets out of hand we should note that in general, one cannot avoid some form
of key management even for asymmetric cryptosystems. As a participant in a
supposedly secure communication one would like to be certain that the public
keys of other participants are
authentic
, so that an attacker, with the nefarious
goal of intercepting secret information, cannot undetected interpose him- or
herself and give out
his
or
her
key as the public key under the guise of its being
that of the trusted partner. To ensure the authenticity of public keys there have
appeared surprisingly complex procedures, and in fact, there are already laws on
the topics that govern such matters. We shall go into this in more detail below.
The principle of asymmetric cryptosystems has even more far-reaching
consequences: It permits the generation of
digital signatures
in which the
function of the key is turned on its head. To generate a digital signature a message
is “encrypted” with a secret key, and the result of this operation is transmitted
together with the message. Now anyone who knows the associated public key
can “decrypt” the “encrypted” message and compare the result with the original
message. Only the possessor of the secret key can generate a digital signature that
can withstand such a comparison. We note that in the case of digital signatures
