Cryptography Reference
In-Depth Information
•
Encrypt
(
k, m
)
is a deterministic or probabilistic encryption algorithm that
takes as input a public key
k
and a plaintext message
m
, and that generates
as output a ciphertext
c
(i.e.,
c
=
Encrypt
(
k, m
)
).
•
Decrypt
(
k
−
1
,c
)
is a deterministic decryption algorithm that takes as input a
private key
k
−
1
and a ciphertext
c
, and that generates as output a plaintext
message
m
(i.e.,
m
=
Decrypt
(
k
−
1
,c
)
).
For every public key pair
(
k, k
−
1
)
and every plaintext message
m
, the algo-
rithms
Encrypt
(
k,
)
and
Decrypt
(
k
−
1
,
·
·
)
must be inverse to each other, meaning
that
Decrypt
(
k
−
1
,
Encrypt
(
k, m
)) =
m.
If
k
and
k
−
1
do not correspond to each other, then the ciphertext must decrypt
to gibberish.
In summary, an asymmetric encryption system can be fully specified by a triple
that consists of the algorithms
Generate
,
Encrypt
,and
Decrypt
. Many such systems
have been developed, proposed, and published in the literature. The most important
and widely deployed examples are overviewed, discussed, and put into perspective
in Chapter 14.
2.3.2
DSSs
Digital signatures can be used to protect the authenticity and integrity of data objects.
According to RFC 2828, a
digital signature
refers to “a value computed with a
cryptographic algorithm and appended to a data object in such a way that any
recipient of the data can use the signature to verify the data's origin and integrity”
[2]. Similarly, the term digital signature is defined as “data appended to, or a
cryptographic transformation of, a data unit that allows a recipient of the data unit
to prove the source and integrity of the data unit and protect against forgery, e.g. by
the recipient” in ISO/IEC 7498-2 [3].
According to the last definition, there are two classes of digital signatures that
should be distinguished.
•
If data representing the digital signature is appended to a data unit (or mes-
sage) then one refers to a
digital signature with appendix
.
•
If a data unit is cryptographically transformed in a way that it represents both
the data unit (or message) that is signed and the digital signature, then one
