Public-key cryptography

src: lisk.io

public key cryptography , or asymmetric cryptography , is a cryptographic system that uses key pairs: public key that may be widely disseminated, and key private known only to the owner. This completes two functions: authentication, in which the public key verifies that the holder of the paired private key sends the message, and encryption, where only the private key holders are paired that can decrypt messages that are encrypted with the public key.

In a public key encryption system, anyone can encrypt messages using the recipient's public key. The encrypted message can only be decrypted with the recipient's private key. To be practical, the public and private key generation must be computationally economical. The power of the public key cryptography system depends on the computational effort ( working factor in cryptography) needed to find the private key of the paired public key. Effective security only requires keeping private key private; public keys can be distributed openly without sacrificing security.

Public key cryptography systems often rely on cryptographic algorithms based on math problems that currently do not accept efficient solutions, especially those attached to the factorization of certain integers, discrete logarithms, and elliptical curve relationships. Public key algorithms, unlike the symmetric key algorithm, do not do require a secure channel for the initial exchange of one or more secret keys between the parties.

Because of the computational complexity of asymmetric encryption, it is usually only used for small data blocks, typically transferring symmetric encryption keys (eg session keys). This symmetric key is then used to encrypt the remainder of a potentially long message sequence. Symmetric encryption/decryption is based on simpler and much faster algorithms.

In the public key signature system, one can combine messages with private key to create a short digital signature in messages. Anyone with an associated public key can combine messages, suspected digital signatures in them, and known public keys to verify whether a valid signature, created by the corresponding private key owner. Changing a message, even changing a single letter, will cause the verification to fail. In a secure signature system, computing is not possible for anyone who does not know the private key to deduce it from a public key or a number of signatures, or to find a valid signature on any message that has not been seen by a signature.. Thus the authenticity of the message can be indicated by the signature, provided that the owner of the private key keeps the private key secret.

Public key algorithms are fundamental security materials in cryptosystems, applications and protocols. They support various Internet standards, such as Transport Layer Security (TLS), S/MIME, PGP, and GPG. Some public key algorithms provide key distribution and secrecy (eg, Diffie-Hellman key exchanges), some provide digital signatures (for example, Digital Signature Algorithm), and some provide both (eg, RSA).

Public key cryptography finds applications in, inter alia, information security technology disciplines, information security. Information security (IS) deals with all aspects of the protection of electronic information assets against security threats. Public key cryptography is used as a method to ensure the confidentiality, authenticity, and non-repudiation of electronic communications and data storage.

Video Public-key cryptography

Description

The two most popular uses of public key cryptography are:

• Public key encryption , where messages are encrypted with the recipient's public key. Messages can not be decrypted by anyone who does not have a matching private key, which is thus regarded as the owner of that key and the person associated with the public key. This is used in an effort to ensure confidentiality.
• Digital signature , where the message is signed with the sender's private key and can be verified by anyone with access to the sender's public key. This verification proves that the sender has access to the private key, and therefore tends to be the person associated with the public key. It also ensures that the message has not been tampered with, since the signature is mathematically bound to the message it originally created, and the verification will fail for almost any other message, no matter how similar the original message is.

The analogy for public key encryption is from mailboxes that are locked with mail slots. The mail slot is open and publicly accessible - its location (street address), in essence, the public key. Anyone who knows the street address can go to the door and enter a written message through the slot. However, only people who have a key can open the mailbox and read the message.

An analogy to digital signatures is sealing envelopes with personal wax seals. Messages can be opened by anyone, but the presence of a unique stamp authenticates the sender.

The main problem with the use of public-key cryptography is the belief that certain public keys are authentic, because they are true and belong to the person or entity claimed, and have not been vandalized or replaced by a malicious third party. The usual approach to this problem is the use of public key infrastructure (PKI), in which one or more third parties - known as certificate authorities - authorize the ownership of key pairs. PGP, in addition to being a certificate authority structure, has used a scheme commonly called a "trust network", which decentralizes such public key authentication with a central mechanism, and replaces individual support of the relationship between the user and the public key. To date, no fully satisfactory solution to the "public key authentication problem" has been found.

Maps Public-key cryptography

History

During the early history of cryptography, two parties will rely on the keys they will exchange with a secure, but non-cryptographic method, such as face-to-face or courier meetings. This key, kept secret by both parties, can be used to exchange encrypted messages. A number of significant practical difficulties arise with this approach to distribute keys.

In 1874 his book The Principles of Science William Stanley Jevons wrote:

Can the reader say two numbers multiplied together will result in the number 8616460799? I think it's unlikely that anyone but myself will ever know.

Here he describes the relationship of one-way functions to cryptography, and goes on to discuss specifically the factorization problem used to create trapdoor functions. In July 1996, mathematician Solomon W. Golomb said: "Jevons anticipates a key feature of the RSA Algorithm for public key cryptography, although he certainly did not find the concept of public key cryptography."

Classified discovery

In 1970, James H. Ellis, a British cryptographer at the Office of Communications of the Government of England (GCHQ), understood the possibility of "non-secret encryption", (now called public key cryptography), but could not see how to apply it. In 1973, his colleague Clifford Cocks implements what has been known as the RSA encryption algorithm, providing a practical method of "non-secret encryption", and in 1974, another GCHQ mathematician and cryptographer, Malcolm J. Williamson, developed what is now known. as a Diffie-Hellman key exchange. The scheme was also passed to the US National Security Agency. With a military focus, and low computing power, the power of public key cryptography is not realized in both organizations:

I rate it most important for military use... if you can share your keys quickly and electronically, you have a big advantage over your opponents. It was only at the end of the evolution of Berners-Lee devising an open internet architecture for CERN, the adaptation and adoption of Arpanet... whether public key cryptography embodies its full potential.

--Ralph Benjamin

Their discovery was not publicly acknowledged for 27 years, until the study was declassified by the British government in 1997.

Public discovery

In 1976, an asymmetric key cryptosystem was published by Whitfield Diffie and Martin Hellman who, influenced by Ralph Merkle's work on the distribution of public keys, revealed a public key agreement method. This key exchange method, which uses exponentials in a limited field, is then known as the Diffie-Hellman key exchange. This is the first practical method published to generate a shared secret key through a confirmed (but not secret) communication channel without the use of shared secrets. The "public key agreement technique" of Merkle became known as Puzzle Merkle, and was discovered in 1974 and published in 1978.

In 1977, the Cocks generalization scheme was independently invented by Ron Rivest, Adi Shamir and Leonard Adleman, all at MIT. The latter authors published their work in 1978, and the algorithm came to be known as RSA, from their initials. RSA uses product exponentiation modules from two very large primes, to encrypt and decrypt, perform public key encryption and digital key signatures publicly. Its security is connected to extreme difficulty of large integer factoring, an issue that is not well known for its efficient general techniques. In 1979, Michael O. Rabin published a related cryptosystem that may be safe as long as public key factorization remains difficult - still assuming that RSA also enjoys this security.

Since the 1970s, a large number and various encryption, digital signatures, key agreements, and other techniques have been developed in the field of public key cryptography. The ElGamal cryptosystem, created by Taher ElGamal relies on the same high level and related difficulties of discrete logarithmic problems, as well as the closely related DSA, developed at the US National Security Agency (NSA) and published by NIST as a standard proposal.

The introduction of elliptical curve cryptography by Neal Koblitz and Victor Miller, independently and concurrently in the mid-1980s, has resulted in a new public key algorithm based on discrete logarithmic problems. Although mathematically more complex, elliptical curves provide smaller key sizes and faster operations for approximately equivalent security estimates.

src: i.ytimg.com

General use

Public key cryptography is often used to secure electronic communications through open network environments such as the Internet, without relying on hidden or covert channels, even for key exchanges. Open network environments are vulnerable to various communication security issues, such as man-in-the-middle and spoof attacks. Communication security usually includes the requirement that communication should not be read during transit (keep confidential), communication should not be modified during transit (maintaining communication integrity), communication must come from the identified party (authenticity of the sender), and the recipient may not refuse or refuse to accept communication. Incorporating public key cryptography with the Encryption Key Encryption (EPKE) Encryption method, allows for secure transmission of communications through open network environments. In other words, even if the enemy listens throughout the conversation including the exchange of keys, the enemy will not be able to interpret the conversation.

The distinguishing technique used in public key cryptography is the use of an asymmetric key algorithm, in which the key used by one party to encrypt is not the same as the key used by the other party in the decryption. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key. For example, a pair of keys used for a digital signature consists of a private signing key and a public verification key. Public keys can be widely distributed, while private keys are only known by the owner. The key is mathematically related, but the parameters are chosen so that computing the private key of the public key is not feasible.

In contrast, a symmetric key algorithm uses a single secret key , which must be shared and preserved by both the sender (for encryption) and the recipient (for decryption). To use a symmetric encryption scheme, the sender and recipient must safely share the key first.

Because symmetric key algorithms are almost always less intensive than asymmetric computing, typically key exchanges use a key exchange algorithm, then transmit data using that key and a symmetric key algorithm. PGP and SSL/TLS family of schemes use this procedure, and thus are called hybrid cryptosystems.

src: www.thesecuritybuddy.com

Security

Some encryption schemes can be proven safe on the basis of alleged math problems, such as factoring products of two large primes or calculating discrete logarithms. Note that "safe" here has the right mathematical meaning, and there are several different (meaningful) definitions of what it means for the "secure" encryption scheme. The definition of "true" depends on the context in which the scheme will be deployed.

The most obvious application of the public key encryption system is confidential - a message encrypted by the sender using the recipient's public key can be decrypted only with the recipient's private key. This assumes, of course, that no defects are found in the underlying algorithm used.

Another application in public key cryptography is a digital signature. Digital signature scheme can be used for sender authentication and non-repudiation. The sender counts the digital signature for the message to be sent, then sends the signature (along with the message) to the intended recipient. Digital signature schemes have properties that signatures can only be calculated with the correct private key knowledge. To verify that a message has been signed by a user and has not been modified, the recipient only needs to know the corresponding public key. In some cases (eg RSA), a single algorithm can be used to encrypt and create a digital signature. In other cases (eg, DSA), each algorithm can only be used for one specific purpose.

To achieve authentication and confidentiality, the sender must include the recipient's name in the message, sign it using his private key, and then encrypt messages and signatures using the recipient's public key.

This characteristic can be used to build many other (sometimes surprising) cryptography and application protocols, such as digital money, password-enforced key agreements, multi-party key agreements, time-stamping services, non-repudiation protocols, etc.

src: i.ytimg.com

Practical considerations

Improved Public Key Encryption

Public Key Public Encryption (EPKE) is a public key cryptography application method and ensures that electronic communications are transmitted in confidence, have the content of modified communications (communication integrity) and can not be rejected from being sent (non-repudiation). This is often the method used when securing communications on an open network environment such as by using the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) protocol.

EPKE consists of a two-stage process that includes Public Key Encryption (PKE) and digital signatures. Both Public Key Encryption and digital signatures are the foundation of Integrated Public Key Encryption (both of these processes are fully described in their respective sections).

In order for EPKE to work effectively, it is necessary that:

• Each participant in the communication has their own unique key pair. The first key required is a public key and the second key required is a private key.
• The private and public keys of each person must be mathematically related to where the private key is used to decrypt communications sent using the public key and vice versa. Some of the famous asymmetric encryption algorithms are based on the RSA cryptosystem.
• The private key must be kept confidential by the owner, even if the public key can be published in a public directory such as with the certification authority.

To send messages using EPKE, message senders first sign messages using their own private key, this ensures non-repudiation of messages. The sender then encrypts a digitally signed message using the recipient's public key so that it applies the digital envelope to the message. This step ensures confidentiality during message transmission. The message recipients then use their private key to decrypt the message so as to remove the digital envelope and then use the sender's public key to decrypt the sender's digital signature. At this point, if the message does not change during transmission, the message will be clear to the recipient.

Due to the complex computational nature of RSA-based asymmetric encryption algorithms, the time required to encrypt large documents or files to be transmitted can be relatively long. To speed up the transmission process, instead of applying the sender's digital signature to a large document or file, the sender may prefer hash documents or files using cryptographic hash functions and then digitally sign the generated hash value, thus enforcing non-rejections. Hashing is a much faster computing to complete than using a RSA-based digital signature algorithm alone. The sender will then sign the newly created hash value and encrypt the original document or file with the recipient's public key. Transmission will then proceed safely and with confidentiality and non-repudiation still intact. The recipient will then verify the signature and decrypt the document or file that is encrypted with their private key.

Note: The sender and receiver usually do not do the above-mentioned process manually, but rely more on advanced software to automatically complete the EPKE process.

Public Key Encryption

The purpose of Public Key Encryption (PKE) is to ensure that the communications sent are kept confidential during transit.

To send a message using PKE, the sender of the message uses the recipient's public key to encrypt the message content. The encrypted message is then sent electronically to the recipient and the recipient can then use the corresponding private key to decrypt the message.

The encryption process using the recipient's public key is useful for maintaining the confidentiality of the message since only the recipient has the corresponding private key to decrypt the message. Therefore, the sender of the message can not decrypt the message after it is encrypted using the recipient's public key. However, PKE does not resolve non-rejection issues, because the message can be sent by anyone who has access to the recipient's public key.

Digital signature

Digital signatures are meant to prove messages come from a particular sender; no one can impersonate as the sender or the sender can not deny sending messages. This is useful for example when making electronic stock purchases, enabling the recipient to prove who is requesting a purchase. Digital signatures do not provide confidentiality to messages sent.

The message is signed using the sender's private signer key by encrypting the message with the private key. The digitally signed message is then sent to the recipient, who can then use the sender's public key to verify the signature by decrypting the message with the sender's public key.

Certification authority

For Enveloped Public Key Encryption to be as safe as possible, there should be a public and private key "gatekeeper", or anyone can create a key pair and masquerade as the intended sender of communication, propose it as the key of the intended sender. This digital "gatekeeper" key is known as a certification authority. The certification authority is a trusted third party that can issue both public and private keys, thereby providing a public key certification. It also serves as a storehouse for storing key chains and upholding trust factors.

Post analogy

An analogy that can be used to understand the advantages of an asymmetrical system is to imagine two people, Alice and Bob, who send a secret message through a public letter. In this example, Alice wants to send a secret message to Bob, and expects a secret answer from Bob.

With a symmetric key system, Alice first puts a secret message in a box, and locks the box with a lock that she has a key. He then sends the box to Bob by regular mail. When Bob receives the box, he uses an identical copy of Alice's key (which he somehow got earlier, perhaps with face-to-face meetings) to open the box, and read his message. Bob can then use the same padlock to send his secret reply.

In an asymmetric key system, Bob and Alice have separate locks. First, Alice asks Bob to send her an open padlock through a regular letter, keeping the key to herself. When Alice receives it, she uses it to lock the box containing her message, and sends the box locked to Bob. Bob can then unlock the box with the key and read the message from Alice. To answer, Bob should also get Alice's open lock to lock the box before sending it back to him.

An important advantage in asymmetric key systems is that Bob and Alice do not need to send copies of their keys to each other. This prevents third parties - perhaps, in this instance, the corrupt postman who opens the unlocked box - from copying keys while on the move, allows third parties to spy on all future messages sent between Alice and Bob. So, in a public key scenario, Alice and Bob do not need to trust the postal service too much. Also, if Bob is careless and allows others to copy his key , Alice's messages to Bob will be compromised, but Alice's messages for others will remain secret, because others will provide a different padlock for Alice to use.

Another type of asymmetric key system, called a three-pass protocol, does not require parties to even touch another party's lock (or key to gain access); Bob and Alice have a separate padlock. First, Alice puts a secret message in the box, and locks the box using a padlock that only has a key. He then sends the box to Bob by regular mail. When Bob receives the box, he adds his own padlock to the box, and sends it back to Alice. When Alice received a box with two padlocks, she took off her padlock and sent it back to Bob. When Bob receives the box with just a padlock on it, Bob can then unlock the box with his key and read a message from Alice. Note that, in this scheme, the decryption sequence is NOT the same as the sequence of encryption - this is only possible if commutative ciphers are used. A commutative cipher is a password in which the sequence of encryption and decryption can be exchanged, such as a sequence of interchangeable products (ie, A * B * C = A * C * B = C * B * A ). This method is safe for certain options of commutative ciphers, but it is not secure for others (eg, simple XOR ). For example, let E 1 () and E 2 () be two encryption functions, and let "< code> M "into a message so that if Alice encrypts it using E 1 () and sends E 1 (M) to Bob. Bob once again encrypts the message as E 2 (E 1 (M)) and sends it to Alice. Now, Alice decrypt E 2 (E 1 (M)) using E 1 () . Alice will now get E 2 (M) , meaning that when she sends this again to Bob, she will be able to decrypt the message using E 2 () and get " M ". Although no keys have ever been exchanged, the message " M " may be the key (e.g., Alice's Public Key). This three-pass protocol is usually used during key exchanges.

Actual algorithm: two linked keys

Not all asymmetric key algorithms operate in this way. Most commonly, Alice and Bob each have a two keys, one for encryption and another for decryption. In a secure asymmetric key encryption scheme, the private key should not be deducted from the public key. This allows public key encryption, since the encryption key can be published without compromising the security of an encrypted message with that key.

In other schemas, keys can be used to encrypt messages. When Bob encrypts the message with his private key, only his public key will succeed in decrypting it, authenticating Budi's message of the message. Alternatively, when a message is encrypted with a public key, only private keys can decrypt it. In this setting, Alice and Bob can exchange secret messages without a prior secret agreement, each using another public key to encrypt, and each using their own private key to decrypt.

Weakness

Among the symmetric key encryption algorithms, only a one-time pad proves to be safe against the enemy - no matter how much computing power is available. However, there is no public key scheme with this property, since all public-key schemes are vulnerable to "brute-force key search attacks". Such an attack is impractical if the amount of computation required to succeed - called "work factor" by Claude Shannon - is beyond the reach of all potential attackers. In many cases, work factors can be improved simply by choosing a longer key. Yet another algorithm may have a much lower work factor, so resistance to brute-force attacks is irrelevant. Several specific and specific algorithms have been developed to help attack some public key encryption algorithms - both RSA and ElGamal encryption have known attacks much faster than brute force approaches. These factors have changed dramatically in the last few decades, both with the decline in computing power costs and with new mathematical discoveries.

Apart from resistance to certain key pair attacks, the security of the certification hierarchy should be considered when applying the public key system. Some certificate authorities - typically custom-made programs running on server computers - guarantee the identity set for a particular private key by generating a digital certificate. Public key digital certificates are usually valid for several years at a time, so the corresponding private key must be stored securely during that time. When private keys used for higher certificate creation in the PKI server hierarchy are compromised, or inadvertently disclosed, "man-in-the-the-middle attack" is possible, making the subordinate certificate completely unsafe.

The main drawback has been found for some previously promising asymmetric key algorithms. The knapsack packing algorithm was found unsafe after the development of a new attack. Recently, some attacks based on careful measurement of the exact amount of time that hardware required to encrypt plain text have been used to simplify possible decryption key searches (see "side channel attacks"). Thus, only the use of asymmetric key algorithms does not guarantee security. A lot of active research is currently being done to discover, and to protect against, new attack algorithms.

Another potential security vulnerability in using asymmetric keys is the possibility of a "man-in-the-middle" attack, where public key communication is intercepted by a third party ("man in the middle") and then converted into providing a different public key. Encrypted messages and responses must also be intercepted, decrypted and re-encrypted by the attacker using the correct public key for different communication segments, in all cases, to avoid suspicion. This attack may seem difficult to implement in practice, but not impossible when using unsafe media (eg public networks, such as the Internet or other forms of wireless communication) - for example, evil staff members on the Internet Alice or Bob Service Providers (ISPs) may feel pretty easy to do. In the previous postal analogy, Alice must have a way of making sure that the key on the returned packet actually belongs to Bob before he releases the key and sends the packet back. Otherwise, the padlock could be put into a package by a corrupt postman who pretended to be Bob, so that he could cheat Alice.

One approach to prevent such attacks involves the use of a certificate authority, a trusted third party responsible for verifying the identity of a system user. This authority issues a digital certificate anti-wrecker and can not be undoofed for participants. The certificate is a signed data block stating that the public key belongs to that person, company, or other entity. This approach also has disadvantages - for example, the certificate authority issuing the certificate must be trusted to correctly check the keyholder's identity, must verify the public key when issuing the certificate, be secure from the piracy computer, and must make arrangements with all participants to check all their certificates before protected communications can begin. The web browser, for example, comes with a long list of "self-signed identity certificates" from PKI providers - this is used to check the bona fides of the certificate authority and then, in step two, the certificates of potential communicators. An attacker who can subvert any of the certificate authority to issue a certificate because a fake public key can then perform a "man-in-the-middle" attack as easily as if the certificate scheme is not used at all. In a rarely discussed alternative scenario, an attacker who breaks through an authority server and obtains a stored certificate and key (public and private) will be able to spoof, disguise, decrypt, and forge unlimited transactions.

Despite theoretical and potential issues, this approach is widely used. Examples include SSL and its successor, TLS, which is typically used to provide security for web browser transactions (for example, to securely send credit card details to an online store).

Cost of computing

The public key algorithm known so far is relatively computationally expensive compared to most seemingly equivalent security symmetric key algorithms. The difference factor is the use of keys that are usually quite large. This has important implications for their practical use. Mostly used in hybrid cryptosystems for efficiency reasons - in such cryptosystems, the shared secret key ("session key") is generated by one party, and the shorter session key is then encrypted by the recipient's public key. Each recipient then uses his own private key to decrypt the session key. After all parties get session keys, they can use faster symmetric algorithms to encrypt and decrypt messages. In many of these schemes, a unique session key for each message exchange, selected pseudo-randomly for each message.

Associate a public key with an identity

The binding between the public key and the "owner" must be true, or perhaps the algorithm works perfectly and is completely unsafe in practice. Like most cryptographic applications, the protocol used to establish and verify these binding is very important. Associating a public key with its owner is usually done by a protocol that implements public key infrastructure - this allows the validity of the association to be officially verified by referring to a trusted third party in the form of a hierarchical certificate authority (eg X. 509), a local trust model (eg SPKI ), or a network of trust schemes, such as those originally built into PGP and GPG, and still to some extent can be used with them. Whatever the cryptographic warranty of the protocol itself, the relationship between the public key and the owner ultimately is a subjective judgment problem on a trusted third party, since the key is a mathematical entity, while the owner - and the relationship between owner and key - is not. For this reason, the formalism of the public key infrastructure must provide an explicit statement of the policies followed when making this assessment. For example, the complex and never applied X.509 standard allows the certificate authority to identify its policy by using an object identifier, which serves as an index into a registered policy catalog. Policies may exist for a variety of purposes, ranging from anonymity to military classification.

Relationship with real world events

The public key will be known to large users and, in practice, unknown. Any event that requires removal or replacement of a public key can take a long time to fully apply to everyone who should be notified (that is, all users who have that key). For this reason, systems that must react to events in real time (eg, important security systems or national security systems) should not use public key encryption without being very careful. There are four interesting issues:

Key revocation privileges

The wrong (or wrong) retraction of some (or all) keys in the system may, or in the second case, inevitably, lead to a total system failure. If the public key can be revoked individually, this is a possibility. However, there is a design approach that can reduce the practical chance of this occurrence. For example, with a certificate, we can create what is called a "compound principal" - one such principle might be "Alice and Bob have a Revoke Authority". Now, only Alice and Bob (in concert) can pull the key, and neither Alice nor Bob can pull the key out. However, unplugging the key now requires both Alice and Bob to be available, and this creates reliability issues. Concretely, from a security standpoint, there is now "a single point of failure" in a public key revocation system. A successful Denial of Service attack against Alice or Bob (or both) will block the required retraction. In fact, any division of authority between Alice and Bob will have this effect, regardless of how it happens.

Because the principle that enables key authority revocation is robust, the mechanisms used to control it should involve well as many participants as possible (to protect against this type of malicious attack), while at the same time as little as possible (to ensure that keys can be revoked without a dangerous delay). Public key certificates that include an expiration date are not satisfactory because the expiration date may not correspond to real-world extraction, but at least such certificates do not need to be all tracked to the entire system, nor do all users always have to be in touch with the system always.

New key distribution

After a key is revoked or when a new user is added to the system, the new key must be distributed in the predefined way. Assume that Carol's key has been revoked. Until a new key has been distributed, no one can send messages and messages from it can not be signed without violating the system protocol (i.e., without a valid public key, nobody can encrypt the message to him).

One can abandon the power to create, validate, and unplug keys in the hands of any user, such as the original PGP design, but this poses a problem of user understanding and operation. For security reasons, this approach has many difficulties - if nothing else, some users may become forgetful, negligent, or confused. On the one hand, a message revoking the public key certificate should be deployed as quickly as possible, while on the other hand, parts of the system may not be able to operate before a new key can be installed. The time window can be reduced to zero by always issuing a new key along with a certificate revoking the old key, but this requires a co-location of authority to revoke the key and generate a new key.

Most likely a widespread system failure if the principal (possibly combined) that issued a new key failed by issuing the key incorrectly. This is an example of a "shared mutual exclusion" - the design can make system reliability high, but only at the expense of system availability (and otherwise ).

Deploy retraction

Notice of revoking key certificates should be disseminated to everyone who has the potential to hold it, and as soon as possible.

There are only two means of disseminating information (ie, key retraction) in a distributed system: the information is "pushed" to the user from a central point (or point), or else "withdrawn" from the center point (or points) by the end user.

Pushing information is the simplest solution, in the sense that messages are sent to all participants. However, there is no way to tell if all participants will actually receive the message. If the number of participants is large, and some of their physical or network spacing is large, then the chances of complete success (which, under ideal circumstances, are required for system security) will be lower. In a partially updated state, the system is particularly vulnerable to "denial of service" attacks because security has been violated, and windows vulnerabilities will continue to exist as long as some users have not "gotten a word". In other words, encouraging certificate revocation messages is not easy to secure, nor is it reliable.

An alternative to encouraging exciting. To the extreme, all the certificates contain all the keys needed to verify that the public key of interest (that is, the property the user wants to send the message to, or whose signature to check) is still valid. In this case, at least some system usage will be blocked if the user can not reach the verification service (that is, one of the systems can specify the current validity of another user's key). Again, such system design can be made as reliable as desired, at the cost of lowering security - the more servers to check for possible revocation of locks, the longer the windows vulnerabilities.

Another exchange is to use a slightly less reliable verification service, but it is more secure, but to include an expiration date for each verification source. How long this "timeout" should be is a decision that requires a trade-off between availability and security to be decided before, at the time of system design.

Recovery of a leaky key

Assume that the principal authorized to revoke the key has decided that a particular key should be revoked. In most cases, this happens after a fact - for example, it becomes known that at some time in the past there was an event that harmed the private key. Let us show you the time at which it was decided that the compromise occurred as T .

Such compromise has two implications. First, messages that are encrypted with a matching public key (now or in the past) can no longer be considered confidential. One solution to avoiding this problem is to use a protocol that has perfect forward secrecy. Second, signatures made with no longer-trusted-to-be-real-private keys after time T can no longer be considered authentic without additional information (that is, who, where, when, etc.) about events leading to a digital signature. It will not always be available, so all those digital signatures will be less credible. The solution to reduce the impact of leaking private keys from a signature scheme is to use a timestamp.

The loss of confidentiality and/or authenticity, even for one user, has broad system security implications, and a strategy for recovery should be established. Such a strategy will determine who has the authority to, and under what conditions a person should, revoke a public key certificate. We must also decide how to deploy retractions, and ideally, how to handle all signed messages with keys since the T time (which is rarely known correctly). Messages sent to that user (who require rights - now compromised - private key to decrypt) should be considered disturbed as well, no matter when they are sent.

src: www.welivesecurity.com

Example

Examples of asymmetric key techniques that are considered good for a variety of purposes include:

• the Diffie-Hellman key exchange protocol
• DSS (Digital Signature Standard), which incorporates the Digital Signature Algorithm
• ElGamal
• Various elliptical curve techniques
• Various key approval techniques are authenticated with keywords
• Paillier cryptosystem
• RSA encryption algorithm (PKCS # 1)
• Cramer-Shoup cryptosystem
• YAK authenticates the key agreement agreement

Examples of asymmetric key algorithms that are not widely adopted include:

• NTRUEncrypt cryptosystem
• McEliece cryptosystem

Examples of important but unsafe - asymmetric key algorithms include:

• mercle-Hellman knapsack cryptosystem

Examples of protocols that use asymmetric key algorithms include:

• S/MIME
• GPG, OpenPGP implementation
• Internet Key Exchange
• PGP
• ZRTP, secure VoIP protocol
• Secure Sockets Layer, now codified as IETF Standard Transport Layer Security (TLS)
• SILC
• SSH
• Bitcoin
• Message Without Note

src: i.ytimg.com

See also

src: images.techhive.com

Note

src: i.ytimg.com

References

src: slideplayer.com

External links

• Oral history interview with Martin Hellman, Charles Babbage Institute, University of Minnesota. Leading cryptographic intellectual Martin Hellman discusses the underlying circumstances and insights of the discovery of public key cryptography with collaborators Whitfield Diffie and Ralph Merkle at Stanford University in the mid-1970s.
• The account of how GCHQ kept PKE's secret discoveries until 1997

Source of the article : Wikipedia