Cryptography Reference
In-Depth Information
key, and furthermore infeasible to compute from the encryption-key.
Such encryption schemes, called
public-key
schemes, have the advan-
tage of trivially resolving the key distribution problem (because the
encryption-key can be publicized). That is, once some Party X gener-
ates a pair of keys and publicizes the encryption-key, any party can
send encrypted messages to Party X so that Party X can retrieve the
actual information (i.e., the plaintext), whereas nobody else can learn
anything about the plaintext.
plaintext
plaintext
ciphertext
E
D
X
X
K
K
Sender's protected region
Receiver's protected region
ADVERSARY
The key
K
is known to both receiver and sender, but is unknown
to the adversary. For example, the receiver may generate
K
at
random and pass it to the sender via a perfectly-private sec-
ondary channel (not shown here).
Fig. 5.2 Private-key encryption schemes - an illustration.
In contrast to public-key schemes, traditional encryption schemes in
which the encryption-key equals the description-key are called
private-
key
schemes, because in these schemes the encryption-key must be kept
secret (rather than be public as in public-key encryption schemes). We
note that a full specification of either schemes requires the specifica-
tion of the way in which keys are generated; that is, a (randomized)
key-generation algorithm that, given a security parameter, produces a
(random) pair of corresponding encryption/decryption keys (which are
identical in the case of private-key schemes).
Thus, both private-key and public-key encryption schemes consist
of three ecient algorithms: a
key generation
algorithm denoted
G
,an
