Dodo (aventuras de Alicia en el país de las maravillas)

Principle

The asymmetrical cryptography , or cryptography with public key is founded on the existence of functions to one way - i.e. it is simple to apply this function to a message, but extremely difficult to find this message as from the moment when it was transformed.

Actually, one uses in asymmetrical cryptography of the functions with one way and secret breach. Such a function is difficult to reverse, unless having particular information , held secret, named key private .

Starting from such a function, here how are held the things: Alice wishes to be able to receive quantified messages of no matter whom. She then generates a value starting from a function with one way and secret breach using an asymmetrical encryption algorithm (list here), for example RSA.

She diffuses it, but secret guard information making it possible to reverse this function. One speaks about key public for that which one diffuses (without having to be concerned with its safety) and of key private for secret information (who must remain the exclusive property of Alice).

Coding

One of the roles of the public key is to allow the Chiffrement; it is thus this key which Bob will use to send of the coded messages to Alice. The other key - secret information - is used for die to quantify. Thus, Alice, and it only, can take note of the messages of Bob, provided that the breach is not found. General diagram of asymmetrical coding: -->

Authentification of the origin

In addition, the use by Alice of her key deprived on the condensate of a message, will make it possible Bob to check that the message comes well from Alice: it will apply the public key of Alice to the provided condensate (condensate quantified with the private key of Alice) and thus finds the original condensate of the message. it will be enough for him to compare the condensate thus obtained and the real condensate of the message to know if Alice is well the shipper. It is thus as Bob will be reassured on the origin of the received message: it belongs well to Alice. It is on this mechanism in particular that functions the numerical signature.

Analogy S

The safe

Coding: Alice chose a safe. She sends it open to Bob, and the key keeps some. When Bob wants to write in Alice, it deposits its message, firm there the trunk, and returns it to Alice. With her reception, only Alice can open the trunk, since it only has the key of it, to suppose the inviolable trunk, and that nobody can find the key.

Authentification or the signature: Alice places a message in the safe which it closes before sending it to Bob. If Bob arrives using the public key of Alice it has to open the safe it is that it is well that of Alice and thus who it is well she which placed the message there. NOTE: This sentence should be remade.

-->

The box with two locks

Another possible analogy would be to imagine a box with two different locks. When the box on a side is closed, only the key corresponding to the other lock allows the opening of the box and vice versa. One of the keys is private and preserved secret, the other is known as public and a specimen perhaps obtained by whoever wishes to use the box.

To quantify a message Bob takes the box, places its message there, and the farm using the public key. Only the holder of the private key giving access the other lock, Alice in fact, will be able to reopen the box.

To sign a message, Alice places it in the box and firm this one using her private key. Thus no matter who having recovered the public key will be able to open the box. But as the box was closed by the private key, this person will be assured that it is well Alice, only holder of this key, which will have placed the message in the box and will have closed the aforementioned box.

Applications

Protected transmission of the symmetrical key

Asymmetrical cryptography meets a major need for the symmetrical Cryptographie: the protected division of a key between two correspondents, in order to prevent the interception of this key by a third person not - authorized, and thus the reading of the statistical data without authorization.

The mechanisms of symmetrical Coding being less expensive in time computing, those are privileged with the mechanisms of asymmetrical Chiffrement. However any use of symmetrical key of coding requires that the two correspondents share this key, i.e. know it before the exchange. This can be a problem if the communication of this key is carried out via a nonprotected medium, “in light”. In order to mitigate this disadvantage, one uses an asymmetrical mechanism of coding for the only phase of exchange of the symmetrical key, and one uses the latter for all the remainder of the exchange.

Mechanisms of authentification

A major disadvantage of the use of the asymmetrical mechanisms of coding is the fact that the public key is distributed to all the people: Bob , Carole ,… wishing to exchange data in a confidential way. So when the person having the private key, Alice , deciphers the statistical data, it does not have any means of checking with certainty the source of these data ( Bob , or Carole …) : one speaks about problems of authentification. In order to solve this problem, one uses Mécanismes of authentification allowing to guarantee the source of quantified information. These mechanisms are them also founded on asymmetrical coding.

Principle of authentification by asymmetrical coding:

Objective: Bob wishes to send statistical data to Alice by guaranteeing to him that he is the shipper.

1. Bob creates a pair of asymmetrical keys: it preserves the private key and sends the public key to Alice
2. Alice creates a pair of asymmetrical keys: private key (that it preserves), public key (that it diffuses freely, in particular with Bob)
3. Bob carries out a condensate of its message " in clair" then figure this condensate with its own key private
4. Bob quantifies its message with the public key of Alice .
5. Bob sends the coded message accompanied by the quantified condensate.
6. Alice receives the coded message of Bob, accompanied by the condensate.
7. Alice deciphers the message with its own key private . At this stage the message is readable but it cannot be sure that Bob is the shipper.
8. Alice deciphers the condensate with the public key of Bob .
9. Alice uses the same function of chopping on the text in light and compares with the deciphered condensate of Bob. If the two condensates correspond, then Alice can have the certainty that Bob is the shipper. In the contrary case, one can predict that a malevolent person with tempted to send a message to Alice while being made pass for Bob!

This method of authentification uses the specificity of the asymmetrical pairs of keys: if one quantifies a message by using the public key, then one can decipher the message by using the private key; the reverse is also possible: if one quantifies by using the key deprived then one can decipher by using the public key.

Thus if the condensate received by Alice were quantified to a private key, to decipher it, it uses the public key of the supposed shipper. The use of the public key of Bob reveals the condensate sent by Bob.

If on the contrary, it is not Bob which sent the message, when the malevolent person quantified the condensate, it used its own private key: not that of Bob! Thus deciphering with the public key of Bob will lead to an erroneous text and when Alice compares it with her own condensate, she will see that they do not correspond: she will deduce from it that Bob is not the shipper but another person!

Certificates

Asymmetrical cryptography is also used with the numerical certificates, this one containing the public key of the entity associated with the certificate. The private key as for it is stored on the level of this last entity. An application of the certificates is for example the implementation of a Infrastructure to public keys (PKI) to manage the authentification and the numerical Signature of an entity, for example a Web server (Apache with the module SSL for example), or simply a customer wishing to sign and quantify information using its certificate in the way described in the preceding sections.

An inviolable private key?

A symmetrical coding by means of a key of 128 bits proposes 2¹²⁸ (a number with thirty-eight figures) ways of quantifying a message. A pirate who would try to decipher the message by the rough force should thus test them one by one.

For the systems with public key, it goes from there differently. First of all the keys are longer (for example 1024 bits minimum for RSA); this is due to the fact that they have a very particular mathematical structure (one cannot choose a random succession of bits like secret key.) Then, there is to clearly better do than an exhaustive research on, for example, 1024 bits, namely to exploit the mathematical structure of the key (for RSA, that leads to the Factorization.)

It is necessary to note the current development of cryptography using the elliptic curved , which allow (at the price of a theory and more complex implementations) the use of keys definitely smaller than those of the traditional algorithms (a size of 160 bits being regarded as very sure currently), for an equivalent security level.

History

The concept of Cryptographie to public key - another name of asymmetrical cryptography - is due to Whitfield Diffie and Martin Hellman. It was presented for the first time to the National Computer Conference in 1976, then published a few months later in New Directions in Cryptography .

In their article of 1976, W. Diffie and Mr. Hellman had not been able to give the example of a system to public key, while not having found. 1978 had to be waited until to have a first example, in the article has Method for Obtaining DIGITAL Signatures and Public-key Cryptosystems of Ronald Rivest, Adi Shamir and Leonard Adleman, RSA, abbreviation drawn from the three names of its authors. It is at least the academic version.

Actually, James Ellis, which worked with the British cipher office (GCHQ, Government Communications Headquarters ), had had this not very front idea. In 1973, D.C. Cocks described (for the same cipher office) what one called the algorithm RSA. Lastly, in 1974, Mr. J. Williamson invent a protocol of exchange of key very close to that of Diffie and Hellman. These lucky finds were made public only in 1997 by the GCHQ.

See too

• hybrid Cryptography
• Infrastructures with Public Keys (PKI)
• Authentification
• strong Authentification
• numerical Signature
• Coding
• List D ''' algorithms of asymmetrical cryptography ''
• RSA, more used of them
• Cryptosystème de ElGamal
• Cryptosystème de Merkle-Hellman

Software of asymmetrical cryptography

• Pretty Good Privacy or PGP, existing software in versions paying and free (with the more reduced functionalities).
• GNU Privacy Guard or GPG or GnuPG, free and free version of PGP, which can clearly equalize PGP.
• OpenSSL, free and free version allowing, in particular, to develop functionalities containing asymmetrical figuring.
• Acid Cryptofiler, free version of the software of governmental coding of the ministry for French defense in particular allowing the coding of file and mountable containers in logical discs containing asymmetrical coding.

Random links:

Mount-royal (subway of Montreal) | Manor of Restigné | Caudron C. 714 | Elsa Schiaparelli | Rostémides | Dodo_(les_aventures_d'Alice_au_pays_des_merveilles)

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org