Cryptography Reference
In-Depth Information
However, nothing ever comes for free. There are two major problems with the
briefcase protocol:
Authentication
. The very freedom that we gain through being able to securely
communicate with an entity that we had no prior trust relationshipwith, comes
with a significant vulnerability. This is a lack of assurance that we have indeed
securely communicated with the entity that we
think
we are communicating
with. Alice has no guarantees (other than the word of the courier) that it is
Bob who applies the second padlock. There is no authentication of any type in
the briefcase protocol. While it is true that we did not specify authentication
in our requirements, the briefcase protocol illustrates the dangers of omitting
authentication as a requirement in such a scenario.
Efficiency
. The briefcase protocol involves three journeys (or
passes
) between
Alice and Bob. This is clearly inefficient since we normally require a
message to be passed securely using just one communication. We must do
better than this because in many applications communication bandwidth is
expensive.
A BLUEPRINT FOR A PUBLIC-KEY CRYPTOSYSTEM
The briefcase protocol shows us that it is possible to exchange a secure message
between two parties who have not previously established a shared key. We
can thus use the briefcase protocol as a reference point from which to derive
a blueprint (a 'wish list' if you like) for the properties that a public-key
cryptosystem should have. This is formed by identifying some of the attractive
properties of the briefcase protocol and some of the properties that were not
provided:
1.
The keys used to encrypt and decrypt should be different
. The briefcase protocol
achieves this in the sense that the final key used by Bob to 'decrypt' is different
fromthe key usedby Alice to 'encrypt' themessage . This is a necessary property
if we are to overcome the problems with symmetric cryptography discussed in
Section 5.1.1.
2.
Anyone who wants to be a receiver needs a unique decryption key
. We will
generally refer to this key as a
private key
(we prefer this to the ambiguous
use of
secret key
, which is a term shared with symmetric cryptography). The
briefcase protocol achieves this since everyone uses their own padlock, the key
for which acts as a private key since only the key holder can unlock it.
3.
Anyone who wants to be a receiver needs to publish an encryption key
.We
will generally refer to this key as a
public key
. One of the problems with the
briefcase protocol is that this notion of a public key is not explicitly present.
Since we have no 'public keys' we are unable to target a specific recipient for
the message in the briefcase.
4.
Some guarantee of the authenticity of a public key needs to be provided
.It
is necessary to be confident of the correct 'owner' of a public key otherwise
we will still have the authenticity problem of the briefcase protocol. In the
