|
ADVANTAGES OF PUBLIC KEY CRYPTOGRAPHY Classical cryptosystems were limited to use by a small trusted group. A person or organisation (e.g., a bank), which wished to receive coded messages from many sources had to have a separate code for each source. Public Key cryptography enabled such organisations to go public with their encoding function and receive secure coded messages from many sources. The organisation needs to use only a single code. A Public Key cryptosystem also satisfies the four desirable properties mentioned above. We illustrate this with an example: Suppose Arindam wishes to send messages to his broker Bombaywallah. They use a Public Key Cryptosystem for exchange of messages. Let their encoding functions be EA and EB respectively. These are public, and hence can be used by anybody to send encoded messages to them. Let their decoding functions be DA and DB respectively. These are not public but are kept secret. Arindam needs to send the message M to Bombaywallah. He computes EB(M) to get the encoded message C that he transmits. The encoded message could be transmitted even through a non-secure channel. Any malicious eavesdropper needs DB to decode C to M. As the encoding functions are trapdoor functions, he will find it impossible to find DB (from the knowledge of EB) in a reasonable time. Bombaywallah of course knows his decoding key and hence can recover the original message easily. Thus Confidentiality is ensured. The problem now is that of Authenticity: as the encoding functions are public knowledge, anybody could have send this message using Arindams name.
Arindam could also use public knowledge of the encoding keys as an excuse and he could later deny having sent the message. This is the problem of Non-repudiation. "Signatures" are generally used to handle these two problems: Arindam has a well-known signature P e.g., his full name. Arindam will prefix his message (M) with the message DA(P). He encodes this message and transmits EB(DA(P)M). When the broker receives the message and decodes it, he gets a legible message prefixed with some gibberish. The message purports to be from Arindam, so Bombaywallah applies EA to this gibberish, whereupon he gets P. He knows that he would get P only if the sender of this message had applied DA to P. As only Arindam knows DA, therefore only Arindam could have sent the message and thus Authenticity and Non-repudiation are satisfied. Any tampering will generally damage the coded message and hence produce rubbish when the decoding function is applied. This takes care of Integrity.
Copyright © 2022 ICICI Centre for Mathematical Sciences |
