0

I have a question about public key encryption if the the following example of how things play out is essentially correct. Then I wonder where I can find the implementations of the three algorithms which I call KG1, EA1, and DA1 and about how many lines of code each is.

Alice wants to get messages securely. She uses a key generation algorithm KG1 to create private key "C2A836B33FF1E" and public key "35B1AC692" and publishes the public key to the world.

Bob puts the input of his message "HELLO FROM BOB" and the public key "35B1AC692" into encryption algorithm EA1 which yields the string "DF1537532CB23B" and sends this string to Alice. Chuck intercepts a copy too.

Alice has a decryption algorithm DA1 that can take as input the string "DF1537532CB23B" and her private key "C2A836B33FF1E" and yield output "HELLO FROM BOB", but since Chuck doesn't have the private key "C2A836B33FF1E", he can't convert "DF1537532CB23B" into "HELLO FROM BOB". Also, though Chuck knows the KG1 algorithm and the public key "35B1AC692", he can't use this information to work back to the private key.

Billy ONeal
  • 104,103
  • 58
  • 317
  • 552
mring
  • 1,717
  • 2
  • 13
  • 28

2 Answers2

1

Yep that's pretty much it. Note that it is not completely correct to say that Chuck can't decrypt the message, but rather he can't do it easily with known mathematical methods. The reason for this is that the key generation algorithms rely on what are known as one-way functions. These are functions that are relatively easy to compute for a given input, but very difficult to work back from the output.

An example of a one way function is multiplying two large prime numbers together; the multiplication is easy, but finding the prime factors again is very difficult, barring some new mathematical breakthrough.

As to the implementations of the methods, they vary depending on the exact encryption scheme being used. One of the earlier and better known public key encryption schemes is RSA. There are detailed steps on all three of key generation, encryption, and decryption here.

verdesmarald
  • 11,646
  • 2
  • 44
  • 60
1

You got things right. The main problem caused by this scheme is "How can Bob be sure that the public key he got from "the world" is Alice's public key, and not Chuck's public key? Indeed, if it were Chuck's public key, Chuck would be able to decrypt the message Bob sends to Alice.

This is resolved by certificates. Every participant has a copy of the public key of well-known and trusted certificate authorities. When Alice want to publish it public key to the world, she pays one of these authorities to get a certificate, containing her public key. When getting a certificate, everyone can verify, with the authority's public key, that the certificate hasn't been corrupted, and so be sure that the public key is Alice's public key, and not Chuck's.

The basic process of certification is a cryptographic signature : the certificate authority encrypts some data with its private key. When you have the data, its signature, and the authority's public key, you may verify that decrypting the signature with the authority's public key leads to the original data.

RSA is a de facto standard, and is available in many languages and platforms. You shouldn't reimplement it yourself.

JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
  • Thanks for the additional information about authentication. Oh I didn't want to implement it, I just wanted to know about how many lines it took the professional geniuses of the world to do it in :) – mring May 26 '11 at 14:22