Asymmetric Key Cryptography (original) (raw)
Last Updated : 23 Jul, 2025
In asymmetric Key cryptography, there are two keys, also known as key pairs: a public key and a private key. The public key is publicly distributed. Anyone can use this public key to encrypt messages, but only the recipient, who holds the corresponding private key, can decrypt those messages. "Public-key cryptography" is another representation used to refer to Asymmetric Key cryptography.
This cryptographic system addresses two major challenges faced in traditional (symmetric) cryptography: **key distribution and digital signatures. Asymmetric algorithms use one key for encrypting data and another, related key for decrypting it. These algorithms possess an important feature:
- It's impossible to figure out the decryption key just by knowing the encryption key and the cryptographic algorithm.
- Either of the two keys can be used for encryption, while the other is used for decryption.
Asymmetric-key cryptography uses mathematical functions to transform plaintext and ciphertext represented as numbers for encryption and decryption, while symmetric-key cryptography involves symbol substitution or permutation. In asymmetric-key cryptography, plaintext and ciphertext are treated as integers, requiring encoding and decoding processes for encryption and decryption.
General idea of asymmetric-key cryptosystem
Characteristics of Asymmetric Key Cryptography
**Security Responsibility
- In asymmetric cryptography, the burden of security primarily falls on the receiver, like Bob.
- Bob must generate both a private and a public key, with the public key distributed to the community.
- Distribution occurs through a public-key channel, which doesn't need secrecy but requires authentication and integrity to prevent impersonation.
**Unique Key Pairs
- Bob and Alice can't share the same key pair for two-way communication.
- Each entity in the community, including Bob and Alice, must create its own private and public keys.
- Alice uses Bob's public key to encrypt messages to him, while she needs her own key pair for responses.
**Key Management
- Bob needs only one private key to receive messages from anyone in the community.
- Alice, on the other hand, needs multiple public keys—one for each entity she communicates with.
- This means Alice requires a collection of public keys for effective communication.
Key Components
- **Plaintext: This refers to the original, readable message or data that is inputted into the encryption algorithm.
- **Encryption **algorithm: This algorithm transforms the plaintext in various ways.
- **Public **and **private **keys: A pair of keys chosen so that if one is used for encryption, the other is used for decryption. The specific transformations performed depend on whether the public or private key is provided as input.
- **Ciphertext: The encrypted, scrambled message produced as output. It can be find using both the plaintext and the key, but uf there are different keys then it will give different ciphertexts for the same message or plaintext.
- **Decryption **algorithm: This algorithm takes the ciphertext and the corresponding key and retrieves the original plaintext.
Concept of the T**rapdoor One-Way Function
Asymmetric-key cryptography lies in the concept of the trapdoor one-way function.Imagine a function as a simple rule we follow in math. It takes something from one group (let's call it "Set A") and matches it with something in another group (we'll call this one "Set B"). It's like connecting dots from one set to another, as can be seen below.
A function as rule mapping a domain to a range
Now, let's talk about something called a one-way function (OWF). It's a special kind of function that has two important qualities:
- f is easy to compute. We can also say that x, y = f (x) can be easily calculated.
- f−1 is difficult to compute. We can also say that, given y, it is computationally not feasible to evaluate x = f−1(y)
Now, let's add a secret ingredient to our one-way function, making it a trapdoor one-way function (TOWF). This type of function has a third feature:
- If it is given y and a trapdoor (secret), then x can be easily calculated.
If you have "y" and a special secret (let's call it a "trapdoor"), then you can easily figure out what "x" was. So, even though it's normally hard to go from "y" back to "x," if you have this secret code, it becomes a lot easier.
**We can write it as follows: A trapdoor one-way function is a relative of invertible functions f p , such that:
- **Y = f p (X) easy, if p and X are known
- **X = f p -1 (Y) easy, if p and Y are known
- **X = f p -1 (Y) infeasible, if Y is known but p is not known
**Primary Terminologies
- **Asymmetric Keys: Two keys, one public and one private, that are used together for different tasks like locking and unlocking information or verifying signatures.
- **Public Key Certificate: A digital document signed by a trusted authority's private key that confirms a person's identity and links it to their public key. This document shows that the person controls the private key associated with the public key.
- **Public Key (Asymmetric) Cryptographic Algorithm: A way to encode information that uses two keys, one public and one private. It's designed so that figuring out the private key from the public one is extremely hard.
- **Public Key Infrastructure (PKI): It is the collection of policies, procedures, server platforms, software and workstations that is used for the objective of administering certificates and public-private key pairs, it also has the ability to publish, maintain, and revoke public key certificates.
**Working
- **Key **Generation: Each user generates a pair of keys for encrypting and decrypting messages. One of the keys is made public, stored in a register or accessible file, while the other key remains private. Users collect public keys from others.
- **Encryption: The sender encrypts the message using the public key of reciever. This transforms the message into an unreadable format (ciphertext). When Alice wants to send a confidential message to Bob, Alice encrypts it using Bob’s public key.
- **Decryption: The recipient uses their private key to decrypt the ciphertext back to the original message (plaintext). Upon receiving the message, Bob decrypts it using his private key. Only Bob can decrypt the message because only he has his private key.
In this setup, all participants possess public keys, while private keys are locally generated and never distributed. As long as a user's private key remains secure and undisclosed, incoming communications are safe. The system can change its private key at any time and publish the corresponding public key to replace the old one.
**Algorithms
There are several algorithms used in asymmetric key cryptography, some of them are as follows:
- RSA (Rivest–Shamir–Adleman)
- Elliptic Curve Cryptography (ECC)
- Diffie-Hellman
- DSS (Digital Signature Standard)
RSA (Rivest–Shamir–Adleman)
It is commonly utilized to ensure secure communication and for creating digital signatures. It Uses large integer prime numbers for key generation. It Encrypts data with the public key and decrypts with the private key. It is Slower than some other algorithms but offers strong security.
**Key Generation
- Choose/Select two large prime numbers, p and q.
- Calculate n = p * q.
- Calculate φ(n) = (p-1)(q-1), where φ is Euler's totient function.
- Choose an integer e, that 1 < e < φ(n) and gcd(e, φ(n)) = 1.
- Compute d, the modular multiplicative inverse of e modulo φ(n).
- Public key: (e, n)
- Private key: (d, n)
Encryption
- Convert plaintext message into an integer m.
- Compute ciphertext c = m^e mod n.
Decryption
- Calculate the plaintext message m = c^d mod n.
Elliptic Curve Cryptography (ECC)
It gives equal protection to RSA with shorter key sizes. The concept behind this is based on the mathematical properties of elliptic curves. It is Faster and more efficient for resource-constrained devices. It Gaining popularity in mobile security and the Internet of Things (IoT).
**Key Generation
- Select an elliptic curve over a finite field.
- Choose a base point on the curve and a large prime order.
- Select a private key, which is a random integer k.
- Now, Using the elliptic curve scalar multiplication, you need to find the public key by multiplying the base point by the private key.
Encryption and Decryption
- ECC is primarily used for key exchange, such as in the Elliptic Curve Diffie-Hellman (ECDH) algorithm, rather than directly for encryption/decryption.
Diffie-Hellman Key Exchange
It doesn't directly encrypt data but establishes a shared secret key for secure communication. Two parties can generate a common secret key without ever exchanging it directly. It often used in conjunction with other algorithms like RSA for key exchange.
Key Exchange
- Sender and receiver agree on a large prime number p and a primitive root g modulo p.
- Each party selects a secret key: a and b.
- Party A computes public key A = g^a mod p and sends it to Party B.
- Party B computes public key B = g^b mod p and sends it to Party A.
- Both parties compute the shared secret: s = A^b mod p = B^a mod p .
Security
- Diffie-Hellman does not provide proper authentication; it sets a shared secret between two parties.
**Digital Signature Standard (DSS)
It Uses a variant of the ElGamal encryption scheme. It is primarily for digital signatures, ensuring message authenticity and integrity. The sender signs a message with their private key, receiver verifies with the sender's public key. It is often used for secure emails and software signing.
Key Generation
- DSS uses the Digital Signature Algorithm (DSA), which relies on discrete logarithm problems in a finite field.
- Generate a prime number p and a prime divisor q of p-1.
- Choose a generator g such that g^q mod p = 1.
- Generate private key x, a random integer between 1 and q-1.
- Calculate the public key y = g^x mod p.
Signing
- Calculate a hash of the message.
- Generate any random number k such that it lies between 1 and q-1.
- Calculate r = (g^k mod p) mod q.
- Calculate s = k-1 * (hash + x * r) mod q.
- The signature is the pair (r, s).
Verification
- Recalculate the hash of the message.
- Compute w = s-1 mod q.
- Compute u1 = (hash * w) mod q and u2 = (r * w) mod q.
- Now, we need to calculate v as v = ((gu1 * yu2) mod p) mod q.
- If v is equal to r, it means that the signature is verified.
**Applications
- **Encryption / Decryption: Messages are encrypted using the recipient’s public key, ensuring only the intended recipient can decrypt it.
- **Digital Signature: Senders authenticate messages by signing them with their private key, verifying their identity and ensuring message integrity.
- **Key Exchange: Parties cooperate to establish a shared session key securely, facilitating encrypted communication. This can involve the private key(s) of one or both parties.
| Algorithm | Encryption/Decryption | Digital Signature | Key Exchange |
|---|---|---|---|
| RSA | Yes | Yes | Yes |
| Elliptic Curve | Yes | Yes | Yes |
| Diffie-Hellman | No | No | Yes |
| DSS | No | Yes | No |
Advantages
- **Enhanced Security: The private key remains secret, making it difficult for someone to decrypt intercepted messages.
- **Secure Key Distribution: Public keys can be shared openly without compromising security, unlike symmetric keys that require secure distribution.
Public-Key Cryptanalysis
Cryptanalysis is the study of studying cryptographic systems to understand their vulnerabilities or weaknesses, often with the goal of breaking or bypassing their security measures.
When it comes to public-key encryption schemes, cryptanalysis has some challenges and risks:
- **Brute-Force Attack: Imagine trying every single key combination to unlock a padlock. This is a brute-force attack. Public-key encryption is vulnerable to brute-force attacks just like symmetric encryption. The solution is similar: using large keys. The larger the key, the more difficult it is to guess correctly. Also, Public-key encryption relies on complex math functions. As the key size increases, these functions become more difficult and slower to use. We need a key size that's large enough to resist brute-force attacks but still allows for practical encryption and decryption speeds. Currently, public-key encryption is often used for specific tasks like key management and digital signatures because of this trade-off between security and speed.
- **Finding the Private Key from the Public Key: Ideally, the private key should be impossible to guess from the public key. Mathematically, this hasn't been definitively proven for any public-key algorithm, including the popular RSA algorithm. This is a concern because new mathematical breakthroughs could potentially crack these systems in the future.
- **Probable-Message Attack (Unique to Public-Key Systems): Suppose amessage consists solely of a 56-bit DES key, an adversary could encrypt all possible 56-bit DES keys using the public key and deduce the encrypted key by matching ciphertext. Consequently, regardless of the public-key scheme's key size, the attack reduces to a brute-force assault on a 56-bit key. This attack can be countered by appending random bits to simple messages.