Public Key Systems
The problems with conventional cryptography are elegantly solved by
public-key cryptography. Based on the Diffie-Hellman approach, a public-key
cryptosystem works something like a doorlock with two keys. One key locks
the door, and a different key unlocks it. In a public-key cryptosystem
system, every participant has two related, complementary digital keys:
* A public key, which can be widely known and could even be published in
an digital directory like a phone number.
* A private key, that only you know and that you guard very closely.
Each key decrypts the cipher that the other creates. When Alice wants to
send Bob a private message, she uses his public key to scramble the text of
her message. The scrambled message can now be unscrambled only by Bob when
he applies his private key.
Even Alice cannot unscramble the message she scrambled using Bob's public
key. Similarly, when Bob wants to reply to Alice's message, he encrypts
using Alice's public key (which she may have sent along to him in her
message if he didn't already have it) and Alice then decrypts using her
private key.
Privacy and authentication
The privacy advantages of a public-key cryptosystem on large networks are
obvious:
* Anyone can send a private message to anyone else simply by using the
intended recipient's public key which is readily available to encrypt
it.
* Anyone who intercepts the message will not be able to read it, even if
they have the sender's or the recipient's public key.
* Since knowing someone's public key provides no clues to their private
key, only the intended recipient, using their private key, can decrypt
and read it.
* The number of key exchanges on a network is minimal. For a network of
1,000 users, only 2,000 public-key exchanges are needed for everyone to
communicate privately with everyone else.
Beyond privacy, public-key cryptography provides another capability not
readily available in any other cryptosystems: the ability to "sign" a
document digitally. Alice applies her digital signature to the message by
first encrypting it with her private key and then re-encrypting it with
Bob's public key.
When Bob decrypts the message using his private key, he finds Alice's
digital signature, thus assuring him that the message did indeed come from
Alice (or at least from someone who has gotten hold of Alice's private key.)
Application of a digital signature to electronic messaging is immensely
important for carrying on business and financial transactions over computer
networks since it:
* Proves to Bob or anyone else with Alice's public key that a message
signed by Alice, really did come from Alice. This function is known as
authentication.
* Assures both Alice and Bob that no one has intercepted or altered the
message, since any such alteration would automatically be detected and
an alert posted in the message.
* Prevents the forgery of digital documents, since only Alice can sign
Alice's digital signature.
* Prevents Alice from later claiming the document did not come from her.
These functions open a vast new world of other privacy possibilities for
public-key cryptosystems, including untraceable digital cash, anonymous
electronic voting, digital pseudonyms, electronic "reputations," anonymous,
but trusted, financial transactions, and so on, and these are only a few
that people have thought of so far.
If allowed to flourish, public-key cryptography could become one of the most
widespread technologies of the information age. This is a big "IF," however,
because government pressure, export laws, and patent questions have so far
worked together to limit its use.
The patents will expire by the end of the decade,1 but the hand of the
government promises to weigh heavily on the world of private information
transfer for decades to come. While public-key cryptosystems are still
perfectly legal for anyone to use, the NSA has consistently resisted
attempts to incorporate true public-key cryptography into the Federal
Information Processing Standard (FIPS), thus preventing it from replacing
the aging DES or being used as a Digital Signature Standard (DSS). Despite
this negative pressure, one public-key cipher may already be on its way to
becoming the de facto standard, again demonstrating the momentum of a
powerful idea whose time has come.
RSA: Public-Key Enters the Mainstream
The work of Diffie and Hellman was largely theoretical, demonstrating what
could be done with public-key cryptography. It took a trio of MIT
mathematicians to develop a workable public- key system employing the
Diffie-Hellman algorithm. Supported partly by money from the National
Science Foundation and the US Navy, Professors Ronald Rivest, Adi Shamir,
and Leonard Adleman published their method, known as the RSA (named for
their initials) public-key cryptosystem in 1978.
Fearful that the government would hold up their patents or block civilian
use of their system, Rivest, Shamir, and Adleman rushed their method into
publication even before patenting it. By so doing they sacrificed their
international patent rights, although they were still able to patent it in
the US. MIT initially held the US patent for public-key cryptography
(#4,405,829, issued September 20, 1983). Both the Diffie-Hellman and RSA
patents are now held by Public Key Partners (PKP), which has licensed them
to RSA Data Security, Inc., Redwood City, California, the largest marketer
of public-key technology in the world.
RSA is rarely used by itself, but is typically incorporated into other
software to provide data security. RSA Data Security's president Jim Bidzos
compares the system to the Dolby noise suppression technology used in stereo
systems. "We're to computers what Dolby is to tape decks," says Bidzos. "We
get built in and we stay ahead of the market by innovating." RSA has so far
been included in millions of software packages both in the US and in the
rest of the world and is seen by many as the de facto standard for
commercial data communications security, especially outside the US.
Whether RSA will ever replace the DES has been the focus of a raging
political storm since the late 1980s. Twice the National Institute of
Standards and Technology (NIST) has proposed RSA as the digital security
standard, and twice NSA, without any direct authority over civilian data
security, has nevertheless managed to slap it down, proposing instead
systems where data security and privacy plays a secondary role to electronic
surveillance. (See The NSA Vs. RSA.)
How RSA Works
RSA cryptosystems provide three basic functions:
Key management
The creation of public and private keys; the transmission of public
keys; assuring the security of private keys.
Privacy
The encryption of messages in the equivalent of digital envelopes that
can only be opened using the addressee's private key.
Creation and verification of digital signatures
Ensuring that the contents of a message are correct and complete and
have not been tampered with.
The essence of the RSA cipher lies in an age-old mathematical problem: It is
very difficult to factor large prime numbers. While the math of RSA is
beyond the scope of this book, a brief, simplified explanation may be useful
for understanding the cipher's strengths and weaknesses. First, a couple of
definitions.
Prime number
A prime number, or simply, a prime, is any number that is evenly
divisible only by 1 and itself. Small prime numbers include 3, 5, 11,
13, 17, 19, and 23. In RSA, the keys are based on the product of two
prime numbers that may be hundreds of digits long.
Factoring
Factoring means dividing a whole number into its component parts. The
factors of 25 (not a prime) are 25 & 1, and 5 & 5. The factors of 23, a
prime, are 23 & 1. Breaking RSA requires factoring the 100+ digit-long
product of the multiplication of two large primes to discover what
those two initial primes were. If you had to determine the two primes
that made up 21, a few seconds of thought would tell you they were 3
and 7. But if the number has hundreds of digits, the task becomes as
difficult as any in mathematics, even with the help of the most
powerful computers in the world.
Sending a message with RSA
Here's what happens when you send a message using an RSA cipher:
Step 1: Create public and private keys
First you need to create a public and a private key. You need only do
this once.
The RSA software does this automatically by multiplying two long, randomly
chosen prime numbers together. The product then undergoes a series of
mathematical transformations that result in a private key and a related
public key. Actually, these keys are very large numbers the software uses to
scramble the message. So large are the numbers involved, that knowing one
key will not help you deduce the other.
Your public key is clearly readable, although it looks like a random
collection of letters. Your private key is encrypted with a password or pass
phrase that you select and keep in a safe place, preferably your memory.
Step 2: Convert the message to numbers
Using a relatively straightforward algorithm, the characters that
comprise the message are transformed into numbers (eg, A=17, B=12, ...,
Z=516). Once converted to numbers, they can be easily manipulated in
any imaginable way by complex mathematical functions.
Step 3: Encrypt
Once Alice's message is converted to numerical values, applying Bob's
public key plus the RSA algorithm scrambles the message beyond
recognition. In effect, Alice has placed her message in a digital
envelope that only Bob can open.
Step 4: Decrypt
Upon receiving Alice's message and noting it has been sealed inside an
envelope using his public key, Bob simply applies his private key to
the message using the same RSA software system, thus revealing the
contents of the message in normal- looking text (plaintext).
Go to Encryption Always Wins
Return to Table of Contents
[Want to keep the snoopers out of your private life? Wantcontinued access to this HyperBook? Then beam us $9.95 now!Here's how!]
We want to hear from you. Send us feedback! And/or submit your writing and
art to Smart Publications for inclusion in Tools For Privacy!
Tools For Privacy copyright 1995 Smart Publications
smart@crl.com