Today's Topic - Public Key Cryptography

• Goal
• Examples of Public Key Cryptography Systems
• General Framework
• Applications
• A Cheaper Hybrid Approach

Goal

Examples of Public Key Cryptography Systems

1. Alice wants to share a secret with Bob
   • Situation:
     • Alice has a box, a lock, and the only key to the lock
     • Bob has a lock and the only key to it
   • Strategy:
     • Alice puts her secret in the box, locks the box, and sends the box to Bob
     • Bob puts his lock on the box (in parallel to hers) and sends the box to Alice
     • Alice removes her lock and sends the box to Bob
     • Bob removes his lock and extracts the secret
   • A lock is a 1-way trapdoor function; it has 2 operations associated with it, lock and unlock. Anyone can perform a lock operation, but unlock is expensive unless you have the key.
   
   
2. Alice and Bob want to share a paint color
   • Situation: Alice and Bob each have a 3-liter paint pot containing a liter of yellow paint
   • Strategy:
     • Alice and Bob pick secret colors, S_A and S_B respectively
     • Each adds 1 liter of his/her secret color to his/her paint pot
     • They swap pots
     • Each adds a liter of his/her secret color to the pot he/she currently has
   • After following the strategy, both Alice and Bob have a full pot that is 1/3 yellow, 1/3 S_A, and 1/3 S_B. Anyone who intercepted the pots during the swap has a color that is 1/2 yellow and 1/2 S_A and a color that is 1/2 yellow and 1/2 S_B. These 2 colors cannot be combined to get the color that Alice and Bob share without first separating the mixed colors (an expensive, if not impossible operation.)
   
   
3. Diffie-Hellman Key Exchange (Bootstrap Protocol)
   • 2 principals want to agree on a key
   • Situation:
     • P is a large (at least 512 bits), publicly known prime number
     • g is a publicly known value that is less than P
       (g has other properties that are not important for this discussion.)
   • Strategy:
     • Alice and Bob pick values, S_A and S_B respectively
     • Alice calculates T_A = (g^S_A mod P). Bob calculates T_B = (g^S_B mod P).
     • Alice sends T_A to Bob. Bob sends T_B to Alice
     • Alice and Bob can now calculate the key = (T_B)^S_A = (T_A)^S_B = g^S_BS_A mod p
   • A wiretapper knows T_A and T_B, but still needs to invert exponentiation in a finite field (hard operation) to discover the key.

   General Framework

   Public key cryptosystems use pairs of keys where 1 key in the pair is public and the other is private (known only to the principal). A message for a particular principal can be encrypted using that principal's public key and later decrypted with the principal's private key. Alternatively, a message could be decrypted with a private key and later encrypted with the corresponding public key to produce the original plaintext. Some public key cryptography schemes allow both operations, while others permit only one of them.

   Applications

   Consider 2 principals, A and B

   Secrecy Protocol: A sends B a message encrypted using B's public key.

   Authentication Protocol: A sends B a random number encrypted with B's public key. B returns the number.
   Since only B knows B's private key, this method of authentication has the property of non-repudiation (identity proof could convince a 3^rd party.)

   A Cheaper Hybrid Approach

   Public key cryptography is usually much slower than secret key cryptography. To reduce the cost, public key cryptography is used to distribute a shared key (short message) and the shared key is used to encrypt the message.

   ---