Saturday, October 29, 2005

Conventional Methods - Public and Private Keys

Traditionallly in cryptography, the sender and the reciever of the message know and use the same secret key. The sender uses the key to encrypt the message and the reciever uses the same key to dycrypt the message.

"The main challenge is getting the sender and receiver to agree on the secret key without anyone else finding out. If they are in separate physical locations, they must trust a courier, a phone system, or some other transmission medium to prevent the disclosure of the secret key. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all messages encrypted or authenticated using that key."
The generation, storage and management of these secret keys is reffered to as 'key management'. One of the major problems with this form of cryptography is ensuring the key remains secret, especially in open systems with a large number of users.

In order to solve this problem in 1976 public key encryption was introduced.

"each person gets a pair of keys, one called the public key and the other called the private key. The public key is published, while the private key is kept secret. The need for the sender and receiver to share secret information is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. In this system, it is no longer necessary to trust the security of some means of communications. The only requirement is that public keys be associated with their users in a trusted (authenticated) manner(for instance, in a trusted directory). Anyone can send a confidential message by just using public information, but the message can only be decrypted with a private key, which is in the sole possession of the intended recipient.Furthermore, public-key cryptography can be used not only for privacy(encryption), but also for authentication (digital signatures) and other various techniques.

In a public-key cryptosystem, the private key is always linked mathematically to the public key. Therefore, it is always possible to attack a public-key system by deriving the private key from the public key. Typically,the defense against this is to make the problem of deriving the private key from the public key as difficult as possible. For instance, some public-key cryptosystems are designed such that deriving the private key from the public key requires the attacker to factor a large number, it this case it is computationally infeasible to perform the derivation. "


From this we can see that the implementation of quantum cryptography would be a major breakthrough! It would slove many of the problems currenttly associated with crytpography by allowing secret keys to be sent between users without the possibility of interception.

References
http://www.rsasecurity.com/rsalabs/node.asp?id=2165

http://www.cryptographyworld.com/what.htm

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home