Public-key Cryptography

• also called asymmetric cryptography

• = cryptographic system that uses pairs of keys: public keys & private keys
• public keys – can be disseminated widely
• private keys – known only to the owner
• generating such keys depends on cryptographic algorithms based on mathematical problems to
produce one-way functions
• effective security: keep the private key private; the public key can be openly distributed without
compromising the security

• any person can encrypt a message using the receiver's public key, but decryption can only happen with
receiver's private key
• allows robust authentication => a sender can combine message + private key  short digital
signature on the message
o anyone with the sender's public key can combine the same message and the digital signature
associated with it to verify whether the signature was valid
• fundamental in modern cryptosystems, application and protocols
• assures confidentiality, authenticity, non-repudiability (provides proof of the integrity and origin of data)
• underpin various Internet standards, for e.g. TLS (Transport Layer Security), S/MIME, PGP, GPG
• can provide key distribution & secrecy ( Diffie-Hellman key exchange)
• can provide digital signatures (DSA – Digital Signature Algorithm)
• or both (RSA)
• further applications: digital cash, password-authenticated key agreement, time-stamping services
• PKI = public key infrastructure
o provides a set of roles, policies and procedures needed to create, manage, distribute, use, store
and revoke digital certificates and manage public-key encryption
• weaknesses:
o algorithms: susceptible to brute-force key search attacks – improbable nowadays
o alteration of public keys: "man-in-the-middle" attack