M5410 Public Key Systems

Math 5410 Public Key Cryptosystems

Major problems with conventional cryptosystems are:

Key distribution
Authentication

Diffie and Hellman (1976) introduced the idea of a public key cryptosystem.

The system is based on each participant having a public encryption algorithm (or a common algorithm and a public key) E_U and a private decryption algorithm (or a common algorithm with a private key) D_U. These algorithms are inverses in the sense that:

PK1: D_U(E_U(m)) = m for every message m and user U.

The E_U are made public and are available to everyone. For A to send a message m to B, A looks up E_B and sends c = E_B(m). Upon recieving the message, B applies the secret D_B(c) = m. Since B is the only one who has D_B, B is the only one who can read this message.

In order to make this work, for practical reasons we require:

PK2: The algorithms do not need much computing time nor memory storage.

And for security,

PK3: It is practically impossible to find an algorithm D* from knowledge of E_U so that D*(E_U(m)) = m for all possible m.

Notice that PK3 requires the system to withstand a choosen text cryptographic attack.

Diffie & Hellman suggested the use of trapdoor one-way functions for the encryption algorithm.

A one-way function is a function f that is easy to evaluate, but whose inverse f^-1 is difficult to compute. A trapdoor one-way function is a one-way function whose inverse is easy to compute given certain additional information.

D&H seemed to have some difficulty coming up with examples, but a few years later a number of systems were suggested. RSA, Knapsack, etc.

A one-way function can be used for storage of password authorization in a computer.

Authentication - Computer Signatures

To design a signature protocol one would need:

PK4: E_U(D_U(m)) = m for all messages m and users U.

In order to prevent counterfeiting, we require:

PK5: It is practically impossible to find an algorithm D* from knowledge of E_U so that E_U(D*(m)) = m for all possible m.

If A wants to sign a message m being sent to B, then A sends D_A(m) = c and B looks up the public encryption key for A and applies it to get E_A(c) = m. As D_A is secret, only A could have sent this message ... but anyone can read it.

To send a signed crypted message, A sends E_B(D_A(m)). Only B can now read the message.