Cryptography Reference
In-Depth Information
giving up any capability of authentication. What Diffie
and Hellman had done was to separate the secrecy channel
from the authentication channel—a striking example of
the sum of the parts being greater than the whole. Single-
key cryptography is called symmetric for obvious reasons.
A cryptosystem satisfying conditions 1-4 is called asym-
metric for equally obvious reasons. There are symmetric
cryptosystems in which the encryption and decryption
keys are not the same—for example, matrix transforms
of the text in which one key is a nonsingular (invertible)
matrix and the other its inverse. Even though this is a two-
key cryptosystem, since it is easy to calculate the inverse
to a non-singular matrix, it does not satisfy condition 3
and is not considered to be asymmetric.
Since in an asymmetric cryptosystem each user has a
secrecy channel from every other user to him (using his
public key) and an authentication channel from him to all
other users (using his secret key), it is possible to achieve
both secrecy and authentication using superencryption.
Say
A
wishes to communicate a message in secret to
B
,
but
B
wants to be sure the message was sent by
A
.
A
first encrypts the message with his secret key and then
superencrypts the resulting cipher with
B
's public key.
The resulting outer cipher can be decrypted only by
B
,
thus guaranteeing to
A
that only
B
can recover the inner
cipher. When
B
opens the inner cipher using
A
's public
key he is certain the message came from someone know-
ing
A
is key, presumably
A
. Simple as it is, this protocol is
a paradigm for many contemporary applications.
Cryptographers have constructed several crypto-
graphic schemes of this sort by starting with a “hard”
mathematical problem—such as factoring a number that
is the product of two very large primes—and attempting
to make the cryptanalysis of the scheme be equivalent
to solving the hard problem. If this can be done, the
