Cryptography Reference
In-Depth Information
Asymmetric methods
(also called
public-key methods
) also use two methods
(which can be identical), but they always use two keys. One of them is the
private key
, and its algorithm is referred to as the
decryption algorithm
; the
other key is the
public key
, and its algorithm is the
encryption algorithm
. This
still looks pretty much symmetric. But the decisive point is:
The private key cannot
1
be derived from the public key.
In contrast, the reverse may easily hold. This is the actual asymmetry. It makes
the following procedure possible, where the names used start making more sense.
We create a private key and a public key. We give the public key to somebody
without having to fear that the security of the private key may be compromised.
We don't show the private key to anybody. Everybody can now encrypt a
message with
our
public key and send it to us; only we as the owners of the
private key can read it. So we actually make public keys public to
receive
messages rather than to
send
them!
This means that asymmetric methods have to guarantee cryptological security
in two ways: they must guarantee (i) that the plaintext cannot be derived from
the ciphertext (encrypted with the public key); and (ii) that nobody can derive
the private key from the public key. Again, this is meant in the sense of
cryptology, i.e., they should prevent these things against available algorithms
and justifiable cost and time.
There is a twofold reward in return: in addition to the security gained, there is
a key that
cannot
be compromised since it is not secret. The real secret — the
private key — never has to leave the owner's computer. That's a cute thing
indeed. A practicable and more secure asymmetric algorithm would presum-
ably drive symmetric algorithms quickly into a corner. Some magazine articles
actually give you the impression that the golden times have already dawned.
Unfortunately, however, there are huge drawbacks. Only very few principles
for secure and practicable algorithms are known to date. These algorithms are
extremely slow and vulnerable to chosen-ciphertext attacks, which is critical
when used for digital signatures (see Sections 4.5.3 and 6.3.3). This is why
asymmetric methods are currently used only to exchange session keys, but not
to encrypt messages. Session keys are secret keys for symmetric methods
.
We will have a closer look at this use in the following section.
1
'Not' is meant in the cryptologic sense, i.e., you cannot derive it with the known means
within a practically feasible time.
