|
ICSA Guide to Cryptography Randall Nichols $69.95 0-07-913759-8 |
|
| Chapter: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 9 | 10 |
| Reserve your copy at a Beta Bookstore near you! |
Contact Bet@books © 1998 The McGraw-Hill Companies, Inc. All rights reserved. Any use of this Beta Book is subject to the rules stated in the Terms of Use. |
There are cryptosystems that you can publicize the encryption method and still have security. The cryptanalyst has the system but is unable to crack it. This is what public-key cryptography is about - the encryption method can be made public. Another name for this form of cryptography is asymmetric cryptography because two different keys are employed; one by the sender and one by the receiver.
In 1974-75, Whitfield Diffie and Martin Hellman, working at Stanford University, and Ralph Merkle, at the University of California at Berkeley, discovered the new concept in cryptography that was to have profound implications on the technology. They published their revolutionary idea to safely give away the encryption method. The idea was brilliant. We had the birth of a new cryptography. Giving "away" the encryption method essentially gives away the decryption method because they are mathematical inverses of each other. However, the difference for public key methods is the work factor required to compute the decryption method. Suppose it takes hundreds of years for a cryptanalyst to compute the decryption method from the encryption method. We haven’t compromised the cryptosystem even though we have released the system to the public. This is a measure of safety. Tables 6-8 and 6-9 in the previous chapter showed the relative work factors required to compromise 40 and 56 bit DES keys as a function of investment and technology.
Complexity theory is the branch of mathematics that deals with the complexity of various computations. It helps us understand how much time it will take to make those computations using state-of-the-art computer horsepower. Appendix C gives a short tutorial on complexity theory and is recommended reading prior to the next sections.
One Way Functions
In mathematics, as in real life, there exist one-way streets. It is easy to go along the street from A to B, whereas it is practically impossible to go from B to A. Encryption is viewed as the direction of flow from A to B. Although you are able to travel in this direction, this does not enable you to go in the opposite direction: to decrypt.
As an example, take your local telephone book. It’s easy to find the number of a friend. On the other hand, it is difficult, but not impossible to find your friend given the number. But now add all the telephone books in the US to the pile. Two complications occur - possible duplications yielding mixed decryption’s and lots of work to find the appropriate name-telephone number combination. If we look at this as a public key system, we make the encryption context free and letter by letter. For each letter of the plain text, a name beginning with that letter is chosen at random from the directory. The corresponding telephone number constitutes the encryption of that occurrence of the letter in question.
The system is polyalphabetic and nondeterministic in nature. An enormous number of cipher texts may result from the same plain text. Figure 7–1 shows an example of this simple scheme. The encryption of COME AT ONCE might be as follows.
TABLE 7-1
TELEPHONE BOOK ENCRYPTION SCHEME
Plain Text Name Chosen Cipher Text
C Corning 5674564
O Oldre 4509128
M Murdock 7612345
E Edwards 1098787
A Arthur 6653458
T Tomas 6690344
O Oliviat 9912345
N Nuberry 1245663
C Calley 7740986
E Everst 7858883
Cipher text starts: 5674564 4509128 7612345 ..
The entire cipher text is obtained by writing, one after the other, all the numbers (or a part of them), in the right column. They are written in the order indicated.
The legal receiver has CD ROM(s) or directories listed according to the increasing order of the number. Such a reverse directory facilitates the decryption process and represents a Secret Trapdoor known only to the legal users of the system. Without knowledge of the trapdoor, i.e. possession of the reverse directory, the cryptanalyst has a difficult time. This is in spite of the fact that the cryptosystem has been publicized and he knows how to interpret the number sequences intercepted.
Exhaustive search is likely to take too long and depends on the currency of the directories.
Intractability
The study of public key cryptography is closely related to the idea of one-way functions. Given argument of value x, it is easy to compute function value f(x), whereas it is intractable to compute x from f(x). Intractability is further defined in the section covering complexity theory in Appendix C. The situation is depicted in Figure 7-2.
FIGURE 7-1
INTRACTABILITY
easy
x --------------------à f(x)
ß --------------------
intractable
F(x) can be a function or any of a range of nondeterministic encryption methods such as the telephone directory hypothetical.
The computation of x from f(x) should be intractable for the cryptanalyst only. The legal receiver should have a trapdoor available. This type of service is referred to as employing a cryptographic one-way function. In summary, cryptographic one-way functions f(x) may exhibit two qualities:
1. It is easy to compute f(x) from x;
2. Computations of x from f(x) are likely to be intractable.
No proof is known for the intractability claimed for in 2. This reflects the fact that it is very hard to establish lower bounds in complexity theory. From the point of view of public key cryptography, functions satisfying 1 and 2 are quite sufficient. In a typical public - key cryptosystem, only the straightforward cryptanalysis is based on computing x from f(x). It is possible for the cryptanalyst to crack the system even if we show that the computation of x from f(x) is intractable.
Salomaa, in his text Public-Key Cryptography gives an excellent example defining one-way functions. A problem is termed intractable if there is no algorithm for the problem, operating in polynomial time (Refer to Appendix C for a helpful tutorial). If there is such an algorithm, the problem is termed tractable. Easy refers to problems possessing an algorithm operating in low polynomial time. NP-complete problems are considered intractable. So f(x) being one-way means that the transition from x to f(x) is easy and the reverse transition from f(x) to x is intractable. The second requirement is often replaced by a lesser condition: the reverse transition is likely to be intractable. A good illustration of mathematical intractability is found in an important class of problems known as "knapsack" problems. Understanding the knapsack problem helps us to understand the general principles underlying public key cryptography.
Knapsack Problem
The knapsack problem may be defined as follows:
Given the row vector (also called an n-tuple) of distinct positive integers, and another positive integer k.
A = (a1, a2, …………… an) Eq. 7-1
The problem is to find, if possible, such integers ai whose sum equals k. Intuitively, k indicates the size of the knapsack and each of the numbers ai indicates the size of a particular item that can be packed into the knapsack (Figure 7-3). The problem is akin to an optimization problem. We must find the right items to make the knapsack full.
As an illustration, consider the row vector of length 10:
Let A =(43,129,215,473,903,302,561,1165,697,1523) Eq. 7-2
Let k = 3231 Eq. 7-3
We observe that a solution is:
3231 = 129 + 473 + 903 + 561 + 1165 Eq. 7-4
>>INSERT FIGURE 7-3 HERE<<
FIGURE 7-2
KNAPSACK GRAPHIC
In principle, a solution can always be found by checking through all subsets of A and finding out whether one of them sums up to k. In the example, this means 210=1024 subsets. This count includes even the empty subset. A more difficult problem would be say 300 ai’s. A search of 2300 subsets is definitely unmanageable. The knapsack problem is known to be NP-complete.
Our A vector defines a function f(x) as follows. Any number x in the interval 1 £ x £ 2n -1 can be given a binary representation consisting of n bits - we add leading zeros if necessary. Thus, 1, 2 and 3 are represented as 0..001,0… 010 and 0..011; 1..111 represents 2n –1. We now define f(x) to be the number obtained from A by summing up all the numbers ai such that the corresponding bit in the binary representation of x = 1.
f(1) = f(0… 001) = an, Eq. 7-5
f(2) = f(0… 010) = an-1, Eq. 7-6 f(3) = f(0… 011) = an-1 + an Eq. 7-7
Using vector multiplication, we write
f(x) = ABx, Eq. 7-8
where Bx is the binary representation of x as a column vector.
Table 7 -1 shows the natural encoding of the English alphabet:
Table 7-2
Natural Encoding of the English Alphabet
|
Letter |
Number |
Binary Notation |
|
Space |
0 |
00000 |
|
A |
1 |
00001 |
|
B |
2 |
00010 |
|
C |
3 |
00011 |
|
D |
4 |
00100 |
|
E |
5 |
00101 |
|
F |
6 |
00110 |
|
G |
7 |
00111 |
|
H |
8 |
01000 |
|
I |
9 |
01001 |
|
J |
10 |
01010 |
|
K |
11 |
01011 |
|
L |
12 |
01100 |
|
M |
13 |
01101 |
|
N |
14 |
01110 |
|
O |
15 |
01111 |
|
P |
16 |
10000 |
|
Q |
17 |
10001 |
|
R |
18 |
10010 |
|
S |
19 |
10011 |
|
T |
20 |
10100 |
|
U |
21 |
10101 |
|
V |
22 |
10110 |
|
W |
23 |
10111 |
|
X |
24 |
11000 |
|
Y |
25 |
11001 |
|
Z |
26 |
11010 |
Consider encrypting the phrase SAUNA AND HEALTH. We break the plain into groups of 10 bits each, for a block division of our plain text:
SA UN Aspace AN Dspace HE AL TH
from Table 7-2 the corresponding eight sequences of bits are:
These sequences are the argument values of f(x). The cipher text vector is:
(2942,3584,903,3326,215,2817,2629,819)
Using Eq. 7-2 we derive the original k solution vector as:
f(364)=f(0101101100)= 129 + 473 + 903 + 561 + 1165 = 3231
Eq. 7-9
and functions values related to the plain text:
f(609)=f(1001100001)= 43 +473 +903 +1523 = 2942 Eq. 7-10
[first element in the cipher vector]
f(686)=f(1010101110)= 43 +215 +903 +561 + 1165 +697 = 3584
Eq. 7-11
f(32)=f(0000100000) = 903 Eq. 7-12
f(46)=f(0000101110)=903 +561 +1165 +697 = 3326 Eq. 7-13
f(128)=f(0010000000)= 215 Eq. 7-14
f(261)=f(0100000101)= 129 +1165 +1523 = 2817 Eq. 7-15
f(44)=f(0000101100)=903 + 561 +1165 = 2629 Eq. 7-16
f(648)=f(1010001000)= 43 +215 =561 =819 Eq. 7-17
These knapsack vectors can be used for both a classical and public key cryptosystem. The task of the cryptanalyst is to solve the basic A vector, and hence the knapsack problem. The goal of the system designer is to make illegal decryption immensely harder to solve than for the legal receiver. Furthermore, the decryption must be unique. This means, in our example, no two different sums formed from the entities of A should be equal. The number of elements may be the same but each entry can be used only once. The vector (17, 103, 50, 81, 33) does not have this property. The corresponding cipher text vector (131, 33, 100, 234,33) decrypts with some ambiguity to either SAUNA or FAUNA.
Our example can be improved by specifying that the knapsack be made up of superincreasing elements (or n-tuples). Vector A is superincreasing if each number exceed the sum of the preceding numbers. So:
j-1
aj > S ai for j = 2,…,n Eq. 7-18
i=1
Exhaustive search is not required to solve this knapsack problem. It suffices to scan through A once from right to left. An algorithm might be: given k (the size of the knapsack) we find out if k ³ an.
If yes, then we define:
k1 = k if k < an ; k- an if k ³ an Eq. 7-19
The procedure is carried out for k1 and an-1 for all elements through a1. The algorithm shows for k, the knapsack has one solution, providing A is superincreasing.
The level of difficulty of the knapsack may be transformed (scrambled) by modular multiplication. We choose an integer m > S aj. Since we have defined A as superincreasing, m is large in comparisons with all numbers in knapsack vector A. Another integer t, with no common factors with m, is chosen; m and t are called the modulus and the multiplier. The choice of t guarantees that there exists another integer t-1 such that:
tt-1 º 1(mod m) Eq. 7-20
The integer t-1 is regarded as the multiplicative inverse. It can be easily computed from t and m.
We form the products tai, i = 1,…,n and reduce them modulo m. Let bi be the least positive remainder of tai modulo m.
The resulting vector is
B = (b1,b2,…,bn) Eq. 7-21
and it is publicized as the encryption key. The encryption is performed on blocks of plain text consisting of n bits each.
The items t, t-1, and m are kept as the secret trapdoor. Before comparing the situation from the point of legal receiver and cracker, lets finish the decryption details. The B vector (A renamed) is:
B =(43,129,215,473,903,302,561,1165,697,1523) Eq. 7-22
It is obtained by modular multiplication with m=1590 and t=43 from the superincreasing knapsack vector:
A=(1,3,5,11,21,44,87,175,349,701) Eq. 7-23
Verifying:
The first five elements are obtained from the corresponding numbers in A by direct multiplication with 43 - no reduction with respect to modulus is necessary. The next five elements are calculated:
43 * 44 = 1892 = 1590 + 302 Eq. 7-24
43 * 87 =3741 = 2 * 1590 +561 Eq. 7-25
43 * 175 = 7525 =4 * 1590 +1165 Eq. 7-26
43 * 349 = 15007 = 9 * 1590 +697 Eq. 7-27
43 * 701 = 30143 = 18 * 1590 + 1523 Eq. 7-28
Observe that t and m have no common factors.
43 * 37 = 1591 º 1 (mod 1590) and Eq. 7-29
t t-1 º 1 (mod m) Eq. 7-30
Hence, the inverse t-1 = 37. Eq. 7-31
The decryption method for the legal receiver must be easy as compared to the interloper (cryptanalyst) who must have an immensely more difficult job to decrypt the message. Since A was defined as an superincreasing vector and B is found from A by multiplying each number in A with t(mod m). The legal receiver knows t-1 and m (the inverse and modulus); he is able to find the plain text equivalents A from the public key B. This is done as follows:
After receiving a cipher text block c’, which is an integer, the legal receiver calculates (t-1)c’ and its smallest positive remainder c(mod m). To decrypt, he solves the easy knapsack problem defined by A and c. The solution is a unique sequence p of n bits. It is also a correct block of plain text because any solution p’ of the knapsack problem defined by B and c’ must equal p.
Here’s why:
c º (t-1) c’ [inversion for each cipher text element]
Eq. 7-32
and
c’ = Bp’ Eq. 7-33
So:
c º (t-1) c’ = (t-1) Bp’ Eq. 7-34
The cipher text block elements are computed from the public key and the claimed solution for the knapsack problem. The plain text vector A and solution p’ is congruent for the public key B and modulus t:
(t-1) Bp’ º (t-1) tAp’ Eq. 7-35
by definition of an inverse, (t-1)t = 1(mod m)
(t-1) tAp’º Ap’ (mod m) and finally, Eq. 7-36
c = Ap’ (mod m)
provided: m > a1 + a2 + a3 +…+ an.
Since the knapsack has only one solution, p = p’.
Let’s complete the solution of our example. The c’ vector defined from the bit representation was:
(2942,3584,903,3326,215,2817,2629,819)
We multiply by t-1 = 37, we obtain for the first element:
37 x 2942 = 108854 = 68 x 1590 +734 º 734 (mod 1590)
Eq. 7-37
Continuing, we get the plain text vector:
( 734,638,21,632,5,879,283,93 )
From the plain text vector and the superincreasing A - we can convert back into a binary sequence. The number 734 is 1001100001. Since 734 > 701, the last bit is 1. The numbers in A are now compared to the difference 734 - 701 = 33. Going from right to left, the first number smaller than 33 is 21. The next number is 11 and is smaller than the difference 33 - 21 = 12. The first number 1 equals the difference of 12 -11. The positions from right to left of 1, 11, 21, 701 in A are 1, 4, 5, 10 in the bit sequence and are represented by 1’s. All other positions in the sequence are 0’s. We do these calculations on the entire vector 638,….., 93. They yield the seven 10 bit sequences listed above. The legal receiver reads the plain text SAUNA and HEALTH.
Caveat
The above example based on an easy knapsack problem, in practice, is unreliable. El Gamal designed a polynomial-time algorithm to crack it. The cracking algorithm was based on the fact that it is not necessary for the cryptanalyst to find the correct multiplier t and modulus m, the correct ones used by the system designer. It suffices to find any t’ and m’ such that the multiplication of the publicized vector by t’-1 (mod m’) yields a superincreasing vector. The cryptanalyst breaks the system by preprocessing, after the encryption key has been publicized.
One-way functions (or streets) are prima facie to public key cryptography. Think of the fish that goes into a snare cage or a turtle excluder device. Both allow their catch to go into the device without difficulty, but escape is nearly impossible. The legal receiver takes the turtle or fish out of the cage via an opening (trapdoor) on the top of the cage.
The cryptosystem based on the superincreasing knapsack vectors serves as a simple example of the principles that designers need to be concerned with when constructing a public-key cryptosystem.
General Principles
The simplest analogy for comparing classical and public key cryptography is the lock box. In classical systems, the receiver would receive the lock box with one lock and the key sent by some trusted external channel. Key management represents an essential issue for classical systems. Since the knowledge of the encryption key Ek should not give away the decryption key Dk, the computation of Dk from Ek should be intractable for all keys. Public key cryptography corresponds to having open padlocks on the box available to the public. A person who wants to send a message padlocks the box with YOUR padlock and sends the box to you. You open it with your key.
There is a protocol modification that does not require the open padlocks to be sent in advance to the legal receiver. First, A sends the box to B locked with A’s padlock. B sends the box to A with B’s lock on it in addition. Next, A opens the A lock (decrypts it) and returns the box to B, who opens (decrypts) his B lock. The box is always protected with at least one lock and will stop passive eavesdropping.
We can now list general principals governing the construction of a public-key cryptosystem.
Step 1: Choose a difficult mathematical problem P. P must be intractable according to complexity theory: there is no algorithm that solves all cases of P in polynomial time with regard to size of instance. The average complexity as well as the worst case complexity must be high.
Step 2: Choose an easy subproblem P(easy) of P. P(easy) should be solvable in polynomial time, preferably linear.
Step 3: Encrypt P(easy) in such a way that the resulting problem P(encrypted) does not resemble P(easy).
Step 4: Publicize P(encrypted) describing how it is to be used as an encryption key. The information concerning how P(easy) can be recovered from P(encrypted) is kept as the secret trapdoor.
Step 5: The details of the system must be such that decryption is different for the cryptanalyst and the legal receiver. The former must solve P(encrypted) while the latter may use the trapdoor to solve P(easy).
Step 6: Test the system from all points of view. Don’t be surprised when it fails a practical test.
Some lesser abstractions are determination of the process of encryption, the easiness of P, the specification of the trapdoor and its resistance to preprocessing and similar issues. The previous example of the knapsack fits well into the above five steps.
Table 7-3 presents some of the fundamental number-theoretic problems used in public key systems. They have defied serious attempts to classify their complexities. They do not possess a deterministic polynomial time algorithm or are they complete for any natural complexity class. Some mutual reductions among the problems have been made; some classification as to hard versus easy has been estimated. All have been very useful for public key systems.
Table 7-3
Number-Theoretic Problems
FACTOR(n). Find the factorization of n.
PRIMALITY(n). Decide whether or not n is prime.
FIND-PRIME(>n). Find a prime number >n.
SQUARE-FREENESS(n). Decide whether or not a square of a prime divides n.
QUAD-RESIDUE(a,n). Decide whether or not x2 º a (mod n) holds for some x.
SQUARE ROOT(a,n). Find, if possible, an x such that x2 º a (mod n).
DISCRETE-LOG(a,b,n). Find, if possible, an x such that ax º b (mod n).
ELLIPTIC CURVE DISCRETE-LOG (a,b,x,y,P,Q) An elliptic curve, defined modulo a prime p, is the set of solutions (x,y) to an equation of the form: y2 = x3 + ax + b (mod p) for two numbers a and b. If (x,y) satisfies the above equation then P=(x,y) is a point on the elliptic curve. Fix a prime p and an elliptic curve where xP represents the point P added to itself x times. Suppose Q is a multiple of P, so that Q = xP for some x. Determine x given P and Q.
Work Factor
According to Whitfield Diffie, time is the essential element in measuring computation.
The question is "How much will it cost me to get the answer when I need it?" Moore’s Law states that computing power doubles every 18 months; thus a personal computer purchased for $1,000 today will have twice the computing power of one purchased less than 2 years ago. Moore’s Law has been remarkably accurate over the last decade. These improvements in speed have had profound implications for cryptographic systems.
The number of operations required to break a cryptographic system is called its work-factor. The form or complexity of the operations is not precisely stated. They might be encryption’s, as they are when the analytic process is one of searching through the keys, or they might be something entirely different. In a spirit of oversimplification, we will assume that operations are always entirely parallelizable. If two processors can do a million operations in 5 seconds, then ten processors can do the same number of operations in 1 second. For our purposes, this assumption is conservative because if it is false the problem merely becomes harder. Another consideration is that specialized hardware is available (and specifically programmed for the application) to specifically work on finding a cryptographic solution.
If a system has a workfactor of 230, it can be broken by a billion operations. These may not be elementary computer instructions; they may be complex operations requiring hundreds of instructions each. Even so, many specialized computers today can do a billion instructions in 5 seconds. If such a cryptosystem requires several hundred instructions per encryption, it can be searched in under an hour. In short, breaking a system with a work-factor of 230 is not trivial but is attainable in reasonable time.
A workfactor of 260 means that a million processors, each doing a million operations a second, can solve the problem in a million seconds (between 11 and 12 days). It is clear that a system with a workfactor of 260 can be broken today if the analytic operations are such that processors capable of executing them are worth building or already available (Figure 6-9). If the operations are encryption’s, the processors might be built from available encryption processors.
On this path, systems with workfactors of 290 are the first that seem beyond reach for the foreseeable future. A billion processors in parallel can certainly be imagined. A billion operations a second, even operations as complex as DES encryption’s, have been achieved. A billion seconds, however, is 30 years-long enough to count as secure for most applications.
Work-factors 2120 seem beyond reach for the indefinite future. A trillionth of a second is less than one gate delay in the fastest experimental technologies; a trillion processors operating in parallel is beyond reach; and a trillion seconds is 30,000 years.
Estimating the cost of searching through keys and validating the estimates by actually doing it have become sports in the cryptographic community. In the fall of 1995, a group of cryptographers met and prepared an estimate of search costs concluding that 40-bit keys (the largest that could be readily exported) could easily be searched and that keys at least 70 to 90 bits long were needed to provide security for commercial applications. The previous August, students at the Ecole Polytechnique in Paris had searched out a 40-bit key. The following January, students at MIT repeated the feat using an $83,000 graphics computer. This amounted to a cost of $584 per key. At its annual conference in January 1997, RSA Data Security offered prizes for searching keyspaces of various sizes. The 40-bit prize was claimed before the conference ended and the 48-bit prize was claimed a week later. The 56-bit DES challenge lasted for only 5 months.
Lifetimes of Cryptosystems
Diffie and Landau present two lifetime design criteria for a cryptographic system: 1) how long the system will be in use and 2) how long the messages it encrypts will remain secret.
Cryptographic systems and cryptographic equipment often have very long lifetimes. The Sigaba system, introduced before World War II, was in use until the early 1960s. The KL-7, a later rotor machine, served from the 1950s to the 1980s. DES has been the U.S. standard for more than 20 years. Other systems that are neither formal standards nor under the tight control of organizations such as the American military probably have longer lifetimes still.
Secrets can also have very long lifetimes. The Venona messages were studied for nearly 40 years in hopes that they would reveal the identities of spies who had been young men in the 1930s and who might have been the senior intelligence officers of the 1970s. The principles of the Sigaba system were discovered in the mid-1930s and were not made public until 1996. Much of the "H-bomb secret" has been kept secret since its discovery in 1950, and the trade secrets of many industrial processes are much older. In the United States, census data, income tax returns, medical records, and other personal information are supposed to be kept secret for a lifetime.
If we set out to develop a piece of cryptographic equipment today, we might reasonably plan to have it in widespread use by the year 2000. We might also reasonably plan for the system to be in use for 20 or 25 years. No individual piece of equipment is likely to last that long; however, if the product is successful, the standards it implements will. If the equipment is intended for the protection of a broad range of business communications, some of the messages it encrypts may be intended to remain secret for decades. A cryptosystem designed today might thus encrypt its last message in 2025, and that message might be expected to remain secret 25 years later. It must therefore withstand attack by a cryptanalyst, whose mathematical and computing resources we have no way of predicting-in the year 2050.
Public Key Cryptography Advantages - Key Management
The advantages of public-key cryptography are tremendous. The most far-reaching innovation due to public keys concerns how to manage and send keys.
Consider any classical (that is, symmetric) cryptosystem. The encryption key gives away the decryption key and, hence, the former cannot be publicized. This means that the two legal parties (sender and receiver) have to agree in advance upon the encryption method. This can happen either in a meeting between the two parties or else by sending the encryption key via some absolutely secure channel.
If a public-key cryptosystem is used, the two parties do not have to meet. They do not even have to know each other or be in any kind of previous communication! This is a huge advantage, for instance, in the case of a big data bank, where there are numerous users and some user wants to communicate only with a specific other user. Then he/she can do so just by applying the information in the data bank itself.
One can compare classical and public-key cryptosystems by the length of a key. Since every key has to be described somehow, the description being a sequence of letters of some alphabet (that is, a word), it is natural to talk about the length of a key. There is a remarkable difference between classical and public-key cryptosystems.
Consider first a classical cryptosystem. If the key is longer than the plain text, nothing has really been achieved. Since the key has to be transmitted securely, one could transmit the plain text instead of the key via this secure channel. Of course, in some situations the key is transmitted earlier to wait for the crucial moment.
Consider next a public-key cryptosystem. The length of the encryption key is largely irrelevant. The key is publicized anyway. This means that also the length of the decryption key is largely irrelevant: the receiver only has to store it in a secure place.
The easiness of key management can justly be regarded as the chief advantage of public-key cryptography. In Chapter 2 we introduced some of the requirements of cryptosystems in the commercial theater. Figure 7-4 shows some of the primary functions that cryptosystems are used for in commercial operations, as well as, their respective algorithms.
The purview is indeed significant.
>>INSERT FIGURE 7-3 ("PRIMARY") HERE<<
FIGURE 7-3
PRIMARY FUNCTIONS AND THEIR RESPECTIVE ALGORITHMS
Wrap-Up
The discovery of public-key cryptography (PK) has greatly increased the options available to protect messages and reduce the management issues concerning cryptographic keys. A specific problem was used to illustrate some qualitative one-way functions, which are vital to the study of public key (PK) cryptography. A generalized public key cryptosystem design was introduced. Public-key cryptography expands the capabilities of commercial computer systems (refer back to Figure 7-3).
Chapter: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 9 | 10 |
| Reserve your copy at a Beta Bookstore near you! |
Contact Bet@books © 1998 The McGraw-Hill Companies, Inc. All rights reserved. Any use of this Beta Book is subject to the rules stated in the Terms of Use. |