|
|
| Line 1: |
Line 1: |
| | == Public-key cryptography == | | == Public-key cryptography == |
| | | | |
| − | '''[[Public-key cryptography|Public-key cryptography]]''', also known as '''[[Asymmetric-key cryptography|asymmetric cryptography]]''', is a system of [[Cryptography|cryptography]] that uses pairs of mathematically related keys. Unlike [[Symmetric-key cryptography|symmetric-key cryptography]], where the same secret key is used by both the sender and recipient for both [[Encryption (cryptography)|encryption]] and [[Decryption (cryptography)|decryption]], [[Public-key cryptography|public-key cryptography]] employs two different keys: a '''[[Public key|public key]]''' that can be shared openly with anyone, and a '''[[Private key|private key]]''' that must be kept secret by its owner. | + | '''Public-key cryptography''', also called '''asymmetric cryptography''', is a system that uses pairs of mathematically linked keys. Unlike symmetric cryptography, which uses one shared secret key for everything, public-key crypto uses two distinct keys: a public key everyone can see, and a private key only the owner knows. |
| | | | |
| − | This revolutionary concept, which emerged in the 1970s, solved a major challenge in traditional [[Symmetric-key cryptography|symmetric cryptography]]: the secure distribution of the secret key. [[Public-key cryptography|Public-key cryptography]] allows parties who have no prior relationship or shared secrets to communicate securely over an insecure channel and verify each other's identities. Its primary uses are for ensuring [[Confidentiality|confidentiality]] (making data unreadable to anyone except the intended recipient) and providing [[Authentication|authentication]] and [[Non-repudiation|non-repudiation]] (verifying the sender's identity and the integrity of data, preventing the sender from denying they sent it) through the use of [[Digital signature|digital signatures]]. | + | This groundbreaking idea, from the 1970s, solved the big problem of securely sharing keys in symmetric cryptography. Public-key crypto lets people with no prior connection communicate securely over an insecure channel and confirm who they are. Its main uses are for confidentiality (keeping data secret) and for authentication and non-repudiation (proving who sent data and that it hasn't been changed, meaning the sender can't deny it) using digital signatures. |
| | | | |
| | === Key Concepts === | | === Key Concepts === |
| | | | |
| − | The foundation of [[Public-key cryptography|public-key cryptography]] rests on the concept of the [[Key pair]], a set of two mathematically linked keys that are generated together:
| + | Public-key cryptography is built on the idea of a key pair, two mathematically linked keys generated together: |
| − | | |
| − | * '''[[Public key|Public Key]]:''' This key is designed to be openly distributed. Anyone who wishes to send an encrypted message that only the key's owner can read, or verify a [[Digital signature|digital signature]] created by the owner, needs a copy of this key. In many practical applications, the public key is embedded within a [[Digital certificate]] issued by a trusted [[Certificate Authority|CA]].
| |
| − | * '''[[Private key|Private Key]]:''' This key must be kept absolutely secret and secure by its owner. It is mathematically linked to the corresponding public key but is computationally infeasible to derive from the public key. The [[Private key|private key]] is used to decrypt messages that were encrypted specifically with its paired public key, and to create [[Digital signature|digital signatures]]. Its security is paramount; if the private key is compromised, the security guarantees relying on that [[Key pair]] are broken.
| |
| − | * '''[[Key pair]]:''' The set consisting of a public key and its corresponding private key. The mathematical relationship between them is such that operations performed with one key can only be reversed or verified by the other key in the pair.
| |
| | | | |
| | + | '''Public Key:''' This key is shared freely. Anyone wanting to encrypt a message for the owner (so only they can read it) or verify the owner's digital signature needs this key. Often, it's part of a digital certificate from a trusted authority. |
| | + | '''Private Key:''' This key must be kept secret by its owner. It's mathematically linked to the public key, but you can't figure it out from the public key. It's used to decrypt messages encrypted with its paired public key and to create digital signatures. If this key is compromised, the whole security system breaks. |
| | + | '''Key Pair:''' The public and private keys together. What one key does, only the other key in the pair can undo or verify. |
| | === How it Works === | | === How it Works === |
| | | | |
| − | Public-key cryptography enables two fundamental secure operations based on the unique properties of the [[Key pair]]: | + | Public-key cryptography performs two main secure operations using these key pairs: |
| | | | |
| − | * '''Encryption for Confidentiality (Ensuring Privacy):'''
| + | '''Encryption for Confidentiality (Privacy):''' |
| − | * If User A wants to send a confidential message to User B, User A first obtains User B's [[Public key|public key]]. This key is typically available publicly or provided by User B via a trusted channel, often within a [[Digital certificate]].
| |
| − | * User A then uses User B's [[Public key|public key]] and a [[Public-key cryptography|public-key encryption algorithm]] ([[RSA (cryptography)|RSA]], [[Elliptic-curve cryptography|ECC]], etc.) to transform the readable message (plaintext) into an unreadable form called [[Ciphertext]]. The algorithm is designed so that this [[Encryption|encryption]] can only be effectively reversed by the corresponding [[Private key|private key]].
| |
| − | * User A sends the [[Ciphertext]] message to User B over any communication channel, whether secure or insecure.
| |
| − | * User B receives the [[Ciphertext]] and uses their own secret [[Private key|private key]] and the same [[Public-key cryptography|public-key encryption algorithm]] to decrypt the [[Ciphertext]] back into the original readable message (plaintext).
| |
| − | * Because only User B possesses the unique [[Private key|private key]] corresponding to the [[Public key|public key]] used for [[Encryption|encryption]], only User B can successfully decrypt and read the message. This process ensures the [[Confidentiality|confidentiality]] of the communication.
| |
| | | | |
| − | * '''[[Digital signature|Digital Signatures]] for Authentication, Integrity, and Non-repudiation (Verifying Identity and Data):'''
| + | To send a secret message to User B, User A gets User B's public key (which is public). |
| − | * If User A wants to send a message to User B and needs User B to verify that the message genuinely originated from User A and has not been altered since it was sent, User A first computes a [[Cryptographic hash function|cryptographic hash]] of the message content. This hash is a unique, fixed-size fingerprint of the message.
| + | User A uses User B's public key to encrypt the message, turning readable text (plaintext) into unreadable text (ciphertext). |
| − | * User A then uses their own secret [[Private key|private key]] and a [[Digital signature|digital signature algorithm]] (such as [[RSA (cryptography)|RSA]]'s signing function or [[Elliptic Curve Digital Signature Algorithm|ECDSA]] for [[Elliptic-curve cryptography|ECC]]) to "sign" this hash value, creating a [[Digital signature|digital signature]]. This signature is mathematically linked to the hash and the specific private key used.
| + | User A sends the ciphertext to User B. |
| − | * User A sends the original message along with this [[Digital signature|digital signature]] to User B.
| + | User B receives the ciphertext and uses their own secret private key to decrypt it back into the original message. |
| − | * User B receives the message and the [[Digital signature|digital signature]]. User B independently computes a [[Cryptographic hash function|cryptographic hash]] of the received message using the same hash algorithm that User A used.
| + | Since only User B has the correct private key, only they can read the message, ensuring privacy. |
| − | * User B then uses User A's publicly available [[Public key|public key]] (obtained from a trusted source like a [[Digital certificate]]) and the corresponding [[Digital signature|digital signature algorithm]]'s verification function to check if the received [[Digital signature|digital signature]] is valid for the hash that User B just computed from the message.
| + | '''Digital Signatures for Authentication, Integrity, and Non-repudiation (Proving Identity and Data):''' |
| − | * If the verification is successful, it mathematically confirms that the signature was created using the [[Private key|private key]] corresponding to the [[Public key|public key]] used for verification. Since only User A is supposed to possess that secret [[Private key|private key]], User B is assured that the message originated from User A ([[Authentication|authentication]]). Furthermore, if the message had been altered even slightly after User A signed it, the hash computed by User B would be different, causing the signature verification to fail. This failure confirms the message's [[Data integrity|integrity]] has been compromised. This successful verification process also provides [[Non-repudiation|non-repudiation]]; User A cannot credibly deny having signed the message later, as only their [[Private key|private key]] could have created a signature that verifies with their [[Public key|public key]].
| |
| | | | |
| | + | If User A wants User B to confirm the message is truly from User A and hasn't changed, User A first creates a unique "fingerprint" of the message (a hash). |
| | + | User A then uses their secret private key to "sign" this fingerprint, creating a digital signature. |
| | + | User A sends the message and the digital signature to User B. |
| | + | User B receives both. User B independently creates their own fingerprint of the message. |
| | + | User B then uses User A's public key to verify if the received digital signature matches User B's newly created fingerprint. |
| | + | If it matches, User B knows: |
| | + | It's genuinely from User A (authentication), because only User A has that private key. |
| | + | The message hasn't been altered (integrity), because any change would break the signature. |
| | + | User A can't deny sending it later (non-repudiation). |
| | === History === | | === History === |
| | | | |
| − | The fundamental concept of [[Public-key cryptography|public-key cryptography]] was a significant breakthrough independently discovered by multiple parties in the 1970s. The first public description came from American cryptographers [[Whitfield Diffie]] and [[Martin Hellman]] in their 1976 paper, "New Directions in Cryptography." This paper introduced the core ideas of [[Public-key cryptography|asymmetric cryptography]] and described the [[Diffie–Hellman key exchange]] protocol, which allowed two parties to securely establish a shared secret symmetric key over an insecure channel without any prior shared secrets. | + | The core idea of public-key cryptography was a major breakthrough, discovered independently by several groups in the 1970s. Whitfield Diffie and Martin Hellman first published it in 1976, introducing asymmetric cryptography and the Diffie–Hellman key exchange, which allowed two parties to securely agree on a shared secret key even over an insecure channel. |
| | | | |
| − | Following this, in 1977, [[Ron Rivest]], [[Adi Shamir]], and [[Leonard Adleman]] at MIT developed the first widely practical [[Public-key cryptography|public-key encryption]] and [[Digital signature|digital signature]] algorithm, known as [[RSA (cryptography)|RSA]], based on the mathematical properties of factoring large prime numbers.
| + | In 1977, Ron Rivest, Adi Shamir, and Leonard Adleman at MIT developed RSA, the first widely used public-key encryption and digital signature algorithm. Its security relies on the difficulty of factoring large prime numbers. |
| | | | |
| − | Later, it was revealed that similar concepts and equivalent algorithms had been developed earlier, in the late 1960s and early 1970s, by researchers working in secrecy at the British intelligence agency [[Government Communications Headquarters|GCHQ]], including James Ellis, Clifford Cocks, and Malcolm Williamson. However, this pioneering work remained classified for several decades and did not influence the public development of the field. | + | Later, it was revealed that similar ideas were developed earlier by British intelligence (GCHQ) in the 1960s-70s by James Ellis, Clifford Cocks, and Malcolm Williamson. This work remained secret and didn't impact public development. |
| | | | |
| | === Common Algorithms === | | === Common Algorithms === |
| | | | |
| − | Several mathematical [[Algorithm|algorithms]] are used to implement [[Public-key cryptography|public-key cryptography]]. These differ in their underlying mathematical problems, performance characteristics, and typical applications:
| + | Public-key cryptography uses several mathematical algorithms, differing in their math, performance, and use cases: |
| − | | |
| − | * '''[[RSA (cryptography)|RSA]]:''' Named after its inventors, [[RSA (cryptography)|RSA]] is one of the earliest and most widely used [[Public-key cryptography|public-key cryptosystems]]. Its security relies on the computational difficulty of factoring large composite numbers into their prime factors. [[RSA (cryptography)|RSA]] can be used for both [[Encryption|encryption]] and [[Digital signature|digital signatures]].
| |
| − | * '''[[Diffie–Hellman key exchange]]:''' This is a protocol specifically designed for secure [[Key exchange]] over an insecure channel. It allows two parties to derive a shared secret symmetric key. Its security relies on the difficulty of the discrete logarithm problem in finite fields. It is a foundational element for many secure protocols.
| |
| − | * '''[[Elliptic-curve cryptography|Elliptic Curve Cryptography (ECC)]]:''' This is a more modern suite of [[Public-key cryptography|public-key algorithms]] that offers comparable levels of [[Computer security|security]] to [[RSA (cryptography)|RSA]] but typically requires shorter key lengths, resulting in smaller keys, faster computations, and lower power consumption. [[ECC]] is based on the mathematical properties of points on elliptic curves over finite fields. [[ECC]] is commonly used for [[Digital signature|digital signatures]] (e.g., [[Elliptic Curve Digital Signature Algorithm|ECDSA]]) and [[Key exchange]] (e.g., [[Elliptic-curve Diffie–Hellman|ECDH]]).
| |
| | | | |
| | + | '''RSA:''' One of the oldest and most used public-key systems. Its security relies on the difficulty of factoring large numbers. Used for both encryption and digital signatures. |
| | + | '''Diffie–Hellman key exchange:''' A protocol for securely agreeing on a shared secret symmetric key over an insecure channel. Its security comes from the difficulty of the discrete logarithm problem. It's a core part of many secure protocols. |
| | + | '''Elliptic Curve Cryptography (ECC):''' A newer set of algorithms offering similar security to RSA but with shorter keys. This means faster computations and less power use. ECC is based on elliptic curves and is used for digital signatures (like ECDSA) and key exchange (like ECDH). |
| | === Applications === | | === Applications === |
| | | | |
| − | [[Public-key cryptography|Public-key cryptography]] is a cornerstone of modern [[Information security|information security]] and is integral to numerous applications, particularly in networking and system administration:
| + | Public-key cryptography is a core part of modern information security, essential for many applications, especially in networking: |
| − | | |
| − | * '''Securing Web Traffic ([[HTTPS]]):''' The [[TLS|TLS]] (Transport Layer Security) protocol, which succeeded [[SSL|SSL]], is used to secure communication between [[Web browser|web browsers]] and [[Web server|web servers]] over the [[Internet]], resulting in [[HTTPS]]. [[TLS]] uses [[Public-key cryptography|public-key cryptography]] during the initial handshake to authenticate the server (using its [[Digital certificate]] signed by a [[CA|Certificate Authority]]) and to securely exchange a secret symmetric session key. Once the symmetric key is established, the bulk of the data transfer is encrypted using a much faster [[Symmetric-key cryptography|symmetric algorithm]] like [[AES]].
| |
| − | * '''Secure Shell ([[SSH]]):''' [[SSH]] is a widely used protocol for secure remote command-line access to servers. While it supports password authentication, [[Public-key cryptography|public-key authentication]] is considered more secure. Users generate a [[Key pair]] on their local machine, install the [[Public key|public key]] on the remote server, and then authenticate by proving possession of the local [[Private key|private key]] without transmitting it over the network.
| |
| − | * '''[[VPN|VPN]]s:''' [[Virtual Private Network|VPN]]s create secure, encrypted tunnels over public networks. [[Public-key cryptography|Public-key cryptography]] is often used within [[VPN]] protocols (such as OpenVPN or WireGuard) for initial authentication of the endpoints and for the secure [[Key exchange]] needed to establish the encrypted tunnel's symmetric key.
| |
| − | * '''Secure Email ([[PGP]], [[S/MIME]]):''' Standards and software like [[PGP]] (Pretty Good Privacy) and [[S/MIME]] use [[Public-key cryptography|public-key cryptography]] to provide end-to-end email security. They allow users to encrypt email content for [[Confidentiality|confidentiality]] using the recipient's [[Public key|public key]] and digitally sign emails using their own [[Private key|private key]] to verify the sender's identity and the message's integrity.
| |
| − | * '''[[Digital signature|Digital Signatures]] (Code Signing, Package Verification):''' [[Digital signature|Digital signatures]] are used to verify the authenticity and integrity of software code (known as [[Code signing]]), documents, and data files. System administrators frequently encounter these when verifying the integrity of downloaded software packages (e.g., checking package signatures for `.deb` or `.rpm` files using [[GPG]]) or confirming the source of a software update.
| |
| − | * '''[[Cryptocurrency|Cryptocurrencies]]:''' [[Public-key cryptography|Public-key cryptography]] is a foundational technology for most [[Cryptocurrency|cryptocurrencies]], including [[Bitcoin]]. User wallets are essentially [[Key pair|key pairs]]: the [[Public key|public key]] is used to generate a public address where funds can be received, and the [[Private key|private key]] is used to create [[Digital signature|digital signatures]] to authorize transactions (spending funds), proving ownership without revealing the private key.
| |
| − | * '''[[API|API]] Security:''' [[Public-key cryptography|Public-key cryptography]] can be used to secure [[API]] communications, for example, by requiring clients to sign requests to authenticate themselves or by using [[TLS]] to encrypt the channel over which [[API]] calls are made.
| |
| | | | |
| | + | '''Securing Web Traffic (HTTPS):''' TLS (Transport Layer Security) secures HTTPS. It uses public-key crypto in the handshake to verify the server (via a digital certificate) and securely exchange a symmetric key. Then, a faster symmetric algorithm like AES encrypts the bulk of data. |
| | + | '''Secure Shell (SSH):''' Used for secure remote access to servers. Public-key authentication is more secure than passwords. You create a key pair, put the public key on the server, and authenticate by proving you have the private key locally. |
| | + | '''VPNs:''' Create secure, encrypted tunnels over public networks. Public-key cryptography often authenticates endpoints and sets up the symmetric key for the tunnel. |
| | + | '''Secure Email (PGP, S/MIME):''' Provide end-to-end email security. You encrypt emails with the recipient's public key for privacy and digitally sign them with your private key to verify your identity and message integrity. |
| | + | '''Digital Signatures (Code Signing, Package Verification):''' Verify the authenticity and integrity of software, documents, and data. Used for signing code or checking downloaded software packages (e.g., with GPG). |
| | + | '''Cryptocurrencies:''' A core technology for most cryptocurrencies like Bitcoin. Your wallet holds a key pair: the public key creates your address for receiving funds, and the private key signs transactions to spend them. |
| | + | '''API Security:''' Secures API communications by requiring clients to sign requests for authentication or by using TLS to encrypt the channel. |
| | === Advantages === | | === Advantages === |
| | | | |
| − | [[Public-key cryptography|Public-key cryptography]] offers significant advantages, particularly in distributed systems and open networks:
| + | Public-key cryptography offers big advantages, especially for distributed systems and open networks: |
| − | | |
| − | * '''Secure [[Key exchange]]:''' It elegantly solves the problem of securely exchanging symmetric secret keys over insecure channels, which is a critical step in establishing secure communication sessions like [[TLS]] connections.
| |
| − | * '''Authentication and [[Non-repudiation|Non-repudiation]]:''' The ability to create [[Digital signature|digital signatures]] provides strong methods for verifying the identity of a sender and ensuring data integrity, preventing a party from legitimately denying having sent or signed a piece of data.
| |
| − | * '''Scalability of Key Management:''' For a group of N users who need to communicate securely, a [[Symmetric-key cryptography|symmetric system]] requires a unique secret key for every pair of users, leading to a large number of keys ($N \times (N-1)/2$). In a [[Public-key cryptography|public-key system]], each user only needs one [[Key pair]], significantly simplifying key management in large networks, although managing trust in [[Public key|public keys]] through a [[PKI]] introduces its own complexity.
| |
| | | | |
| | + | '''Secure Key Exchange:''' Solves the problem of securely exchanging secret symmetric keys over insecure channels, crucial for TLS connections. |
| | + | '''Authentication and Non-repudiation:''' Digital signatures strongly verify a sender's identity and data integrity, preventing them from denying they sent or signed data. |
| | + | '''Scalable Key Management:''' In a symmetric system, many keys are needed for multiple users. Public-key systems need only one key pair per user, simplifying key management in large networks, though Public Key Infrastructure (PKI) for trust adds its own complexities. |
| | === Disadvantages and Challenges === | | === Disadvantages and Challenges === |
| | | | |
| − | Despite its power, [[Public-key cryptography|public-key cryptography]] also has drawbacks and faces ongoing challenges: | + | Despite its power, public-key cryptography has drawbacks and challenges: |
| − | | |
| − | * '''Performance:''' [[Public-key cryptography|Public-key encryption]] and [[Digital signature|digital signature]] operations are significantly more computationally intensive and thus much slower than [[Symmetric-key cryptography|symmetric-key cryptography]] operations (often orders of magnitude slower, especially for large data). This is why, in practice, hybrid cryptosystems are almost always used for encrypting large amounts of data.
| |
| − | * '''Key Management and Trust ([[PKI]]):''' While key distribution is easier (just share the [[Public key|public key]]), verifying that a given [[Public key|public key]] genuinely belongs to the claimed identity is complex. This is the role of [[PKI|Public Key Infrastructure]], which relies on trusted third parties ([[CA|Certificate Authorities]]) to issue and manage [[Digital certificate]]s that cryptographically bind a public key to an identity. Managing [[Digital certificate]]s (issuance, renewal, revocation) is a common administrative task. If the [[PKI]] itself is compromised or mismanaged, the trust in [[Public key|public keys]] can be undermined.
| |
| − | * '''Vulnerability to Quantum Computing:''' Many currently used [[Public-key cryptography|public-key algorithms]], most notably [[RSA (cryptography)|RSA]] and standard [[Elliptic-curve cryptography|ECC]], are known to be vulnerable to efficient attack by a sufficiently powerful [[Quantum computer|quantum computer]] using [[Shor's algorithm]]. This potential future threat is driving active research and development in the field of [[Post-quantum cryptography]].
| |
| | | | |
| | + | '''Performance:''' Public-key operations are much slower than symmetric ones. That's why hybrid systems (using both) are typically used for large amounts of data. |
| | + | '''Key Management and Trust (PKI):''' While sharing public keys is easy, verifying a public key's true owner is complex. Public Key Infrastructure (PKI) handles this through trusted Certificate Authorities that issue digital certificates. If PKI is compromised, trust in public keys is broken. |
| | + | '''Vulnerability to Quantum Computing:''' Many current public-key algorithms (like RSA and ECC) are vulnerable to future quantum computers using Shor's algorithm. This drives research into post-quantum cryptography. |
| | === Relation to Symmetric Cryptography (Hybrid Cryptography) === | | === Relation to Symmetric Cryptography (Hybrid Cryptography) === |
| | | | |
| − | Due to the significant performance difference between [[Public-key cryptography|public-key]] and [[Symmetric-key cryptography|symmetric-key]] operations, they are almost always used together in practice within a '''[[Hybrid cryptography|hybrid cryptosystem]]'''. In this approach, [[Public-key cryptography|public-key cryptography]] is used for the initial setup of a secure communication session: it authenticates the parties (especially servers via [[Digital certificate]]s and [[Digital signature|digital signatures]]) and enables the secure exchange of a secret, single-use symmetric session key over an insecure channel (e.g., using [[Diffie–Hellman key exchange]] or [[RSA (cryptography)|RSA]] key transport). Once this symmetric key is securely established, the bulk of the actual data transfer for that session is encrypted and decrypted using the much faster [[Symmetric-key cryptography|symmetric algorithm]] (such as [[AES]]). This effectively combines the key establishment and authentication benefits of [[Public-key cryptography|public-key cryptography]] with the speed and efficiency of [[Symmetric-key cryptography|symmetric encryption]] for data transfer.
| + | Because public-key operations are much slower than symmetric ones, they're almost always used together in a '''hybrid cryptosystem'''. Public-key cryptography handles the initial setup: it authenticates parties (like servers using digital certificates and signatures) and securely exchanges a fast, symmetric session key over an insecure channel (e.g., using Diffie–Hellman or RSA). Once that symmetric key is secure, the much faster symmetric algorithm (like AES) encrypts the bulk of the data transfer. This blends public-key's benefits for setup and authentication with symmetric encryption's speed for data. |
| | | | |
| | === See Also === | | === See Also === |
| | | | |
| − | * [[Cryptography]] | + | *[[Cryptography]] |
| − | * [[Symmetric-key cryptography]]
| + | *[[Public key]] |
| − | * [[Hybrid cryptography]]
| + | *[[Private key]] |
| − | * [[Key pair]]
| |
| − | * [[Public key]] | |
| − | * [[Private key]] | |
| − | * [[Digital signature]]
| |
| − | * [[Key exchange]]
| |
| − | * [[RSA (cryptography)]]
| |
| − | * [[Elliptic-curve cryptography]]
| |
| − | * [[Diffie–Hellman key exchange]]
| |
| − | * [[Post-quantum cryptography]]
| |
| − | | |
| − | === References ===
| |
| − | | |
| − | * {{cite book |last=Stallings |first=William |title=Cryptography and Network Security: Principles and Practice |publisher=Pearson |year=2017 |edition=7th |isbn=978-0134444284}} - A standard textbook covering public-key cryptography relevant to networking and security.
| |
| − | * {{cite book |last=Schneier |first=Bruce |title=Applied Cryptography: Protocols, Algorithms, and Source Code in C |publisher=Wiley |year=1996 |edition=2nd |isbn=978-0471117094}} - A widely referenced book including details on public-key algorithms and their use in protocols.
| |
| − | * [https://www.cloudflare.com/learning/security/what-is-public-key-cryptography/ Cloudflare - What is Public Key Cryptography?] - Explains the concepts for a technical audience.
| |
| − | * [https://www.digicert.com/learn/ssl/what-is-public-key-cryptography DigiCert - What is Public Key Cryptography?] - Explains public key crypto in the context of SSL/TLS and digital certificates.
| |
| − | * [https://www.ssh.com/academy/ssh/protocol/authentication/public-key Public Key Authentication - SSH.COM] - Explains how public keys are used for SSH authentication.
| |
| − | * [https://docs.kernel.org/admin-guide/module-signing.html Linux Kernel Documentation - Module Signing] - Example of digital signatures used in a Linux context (signing kernel modules).
| |
| | | | |
| − | [[Category:Public-key cryptography]]
| + | [[Category:Information]] |
| − | [[Category:Cryptography]]
| |
| − | [[Category:Computer security]]
| |
| − | [[Category:Information security]] | |
| − | [[Category:Networking protocols]]
| |
| − | [[Category:Algorithms]]
| |
Public-key cryptography
Public-key cryptography, also called asymmetric cryptography, is a system that uses pairs of mathematically linked keys. Unlike symmetric cryptography, which uses one shared secret key for everything, public-key crypto uses two distinct keys: a public key everyone can see, and a private key only the owner knows.
This groundbreaking idea, from the 1970s, solved the big problem of securely sharing keys in symmetric cryptography. Public-key crypto lets people with no prior connection communicate securely over an insecure channel and confirm who they are. Its main uses are for confidentiality (keeping data secret) and for authentication and non-repudiation (proving who sent data and that it hasn't been changed, meaning the sender can't deny it) using digital signatures.
Key Concepts
Public-key cryptography is built on the idea of a key pair, two mathematically linked keys generated together:
Public Key: This key is shared freely. Anyone wanting to encrypt a message for the owner (so only they can read it) or verify the owner's digital signature needs this key. Often, it's part of a digital certificate from a trusted authority.
Private Key: This key must be kept secret by its owner. It's mathematically linked to the public key, but you can't figure it out from the public key. It's used to decrypt messages encrypted with its paired public key and to create digital signatures. If this key is compromised, the whole security system breaks.
Key Pair: The public and private keys together. What one key does, only the other key in the pair can undo or verify.
How it Works
Public-key cryptography performs two main secure operations using these key pairs:
Encryption for Confidentiality (Privacy):
To send a secret message to User B, User A gets User B's public key (which is public).
User A uses User B's public key to encrypt the message, turning readable text (plaintext) into unreadable text (ciphertext).
User A sends the ciphertext to User B.
User B receives the ciphertext and uses their own secret private key to decrypt it back into the original message.
Since only User B has the correct private key, only they can read the message, ensuring privacy.
Digital Signatures for Authentication, Integrity, and Non-repudiation (Proving Identity and Data):
If User A wants User B to confirm the message is truly from User A and hasn't changed, User A first creates a unique "fingerprint" of the message (a hash).
User A then uses their secret private key to "sign" this fingerprint, creating a digital signature.
User A sends the message and the digital signature to User B.
User B receives both. User B independently creates their own fingerprint of the message.
User B then uses User A's public key to verify if the received digital signature matches User B's newly created fingerprint.
If it matches, User B knows:
It's genuinely from User A (authentication), because only User A has that private key.
The message hasn't been altered (integrity), because any change would break the signature.
User A can't deny sending it later (non-repudiation).
History
The core idea of public-key cryptography was a major breakthrough, discovered independently by several groups in the 1970s. Whitfield Diffie and Martin Hellman first published it in 1976, introducing asymmetric cryptography and the Diffie–Hellman key exchange, which allowed two parties to securely agree on a shared secret key even over an insecure channel.
In 1977, Ron Rivest, Adi Shamir, and Leonard Adleman at MIT developed RSA, the first widely used public-key encryption and digital signature algorithm. Its security relies on the difficulty of factoring large prime numbers.
Later, it was revealed that similar ideas were developed earlier by British intelligence (GCHQ) in the 1960s-70s by James Ellis, Clifford Cocks, and Malcolm Williamson. This work remained secret and didn't impact public development.
Common Algorithms
Public-key cryptography uses several mathematical algorithms, differing in their math, performance, and use cases:
RSA: One of the oldest and most used public-key systems. Its security relies on the difficulty of factoring large numbers. Used for both encryption and digital signatures.
Diffie–Hellman key exchange: A protocol for securely agreeing on a shared secret symmetric key over an insecure channel. Its security comes from the difficulty of the discrete logarithm problem. It's a core part of many secure protocols.
Elliptic Curve Cryptography (ECC): A newer set of algorithms offering similar security to RSA but with shorter keys. This means faster computations and less power use. ECC is based on elliptic curves and is used for digital signatures (like ECDSA) and key exchange (like ECDH).
Applications
Public-key cryptography is a core part of modern information security, essential for many applications, especially in networking:
Securing Web Traffic (HTTPS): TLS (Transport Layer Security) secures HTTPS. It uses public-key crypto in the handshake to verify the server (via a digital certificate) and securely exchange a symmetric key. Then, a faster symmetric algorithm like AES encrypts the bulk of data.
Secure Shell (SSH): Used for secure remote access to servers. Public-key authentication is more secure than passwords. You create a key pair, put the public key on the server, and authenticate by proving you have the private key locally.
VPNs: Create secure, encrypted tunnels over public networks. Public-key cryptography often authenticates endpoints and sets up the symmetric key for the tunnel.
Secure Email (PGP, S/MIME): Provide end-to-end email security. You encrypt emails with the recipient's public key for privacy and digitally sign them with your private key to verify your identity and message integrity.
Digital Signatures (Code Signing, Package Verification): Verify the authenticity and integrity of software, documents, and data. Used for signing code or checking downloaded software packages (e.g., with GPG).
Cryptocurrencies: A core technology for most cryptocurrencies like Bitcoin. Your wallet holds a key pair: the public key creates your address for receiving funds, and the private key signs transactions to spend them.
API Security: Secures API communications by requiring clients to sign requests for authentication or by using TLS to encrypt the channel.
Advantages
Public-key cryptography offers big advantages, especially for distributed systems and open networks:
Secure Key Exchange: Solves the problem of securely exchanging secret symmetric keys over insecure channels, crucial for TLS connections.
Authentication and Non-repudiation: Digital signatures strongly verify a sender's identity and data integrity, preventing them from denying they sent or signed data.
Scalable Key Management: In a symmetric system, many keys are needed for multiple users. Public-key systems need only one key pair per user, simplifying key management in large networks, though Public Key Infrastructure (PKI) for trust adds its own complexities.
Disadvantages and Challenges
Despite its power, public-key cryptography has drawbacks and challenges:
Performance: Public-key operations are much slower than symmetric ones. That's why hybrid systems (using both) are typically used for large amounts of data.
Key Management and Trust (PKI): While sharing public keys is easy, verifying a public key's true owner is complex. Public Key Infrastructure (PKI) handles this through trusted Certificate Authorities that issue digital certificates. If PKI is compromised, trust in public keys is broken.
Vulnerability to Quantum Computing: Many current public-key algorithms (like RSA and ECC) are vulnerable to future quantum computers using Shor's algorithm. This drives research into post-quantum cryptography.
Relation to Symmetric Cryptography (Hybrid Cryptography)
Because public-key operations are much slower than symmetric ones, they're almost always used together in a hybrid cryptosystem. Public-key cryptography handles the initial setup: it authenticates parties (like servers using digital certificates and signatures) and securely exchanges a fast, symmetric session key over an insecure channel (e.g., using Diffie–Hellman or RSA). Once that symmetric key is secure, the much faster symmetric algorithm (like AES) encrypts the bulk of the data transfer. This blends public-key's benefits for setup and authentication with symmetric encryption's speed for data.
See Also
