1997-06-24 - intro to public key crypto (was Re: Comparing Cryptographic Key Sizes)

Header Data

From: Adam Back <aba@dcs.ex.ac.uk>
To: jrennie@hardy.ocs.mq.edu.au
Message Hash: 83ef7f8ef4ab267cebafbd7461ea7a3efad1a7428286e8240c238fc19820a8ef
Message ID: <199706242308.AAA00465@server.test.net>
Reply To: <Pine.SOL.3.91.970625072559.18831A-100000@hardy.ocs.mq.edu.au>
UTC Datetime: 1997-06-24 23:15:21 UTC
Raw Date: Wed, 25 Jun 1997 07:15:21 +0800

Raw message

From: Adam Back <aba@dcs.ex.ac.uk>
Date: Wed, 25 Jun 1997 07:15:21 +0800
To: jrennie@hardy.ocs.mq.edu.au
Subject: intro to public key crypto (was Re: Comparing Cryptographic Key Sizes)
In-Reply-To: <Pine.SOL.3.91.970625072559.18831A-100000@hardy.ocs.mq.edu.au>
Message-ID: <199706242308.AAA00465@server.test.net>
MIME-Version: 1.0
Content-Type: text/plain




Jason William RENNIE <jrennie@hardy.ocs.mq.edu.au>
> On Tue, 24 Jun 1997, Adam Back wrote:
> 
> > (Bearing in mind the reader in most cases hasn't grasped the
> > difference between public key crypto and symmetric key, and is
> > comparing 1024 bit keys to 56 bit keys and probably thinks that it is
> > 1024/56 times harder.)
> 
> Well i guess i'll look stupid for asking but someone has to but what is 
> the diffrence ?? I dont know either, i'm on this list to learn things 
> like this. I'm still very new to all of this. I was aware that they 
> weren't 1024/56 times harder though.

They have very different properties.  Public key systems have really
nifty key management properties.

With symmetric key crypto (as ever) things are simple and intuitive.
You have some data, you have a key, and you can scramble the data with
the key, you get out gibberish.  Some jargon, the three parts are
called: your data = plaintext, scrambled gibberish you get out is
called ciphertext, and the key is the cryptographic key which enables
to be decrypted (de-scrambled, turned back into plaintext, that you
can read again).  To unscramble the data you'll need the key again.
If you send the message to someone, that someone also has to know the
key.

Big problem: how do you get the key to them?

Phone them up?  (Painful).  If you can contact them securely why
bother with crypto in the first place.  Just tell them what it is you
want to tell them over the phone.  (Not that phones are secure, of
course).

Then Whitfield Diffie and Martin Hellman invented the first practical
public key crypto system (1976).  With public key systems you have two
keys.  One is called the public key, you give this to everyone.  The
other is the private (or secret) key which you tell no-one.

Anything encrypted with the public key can be decrypted with the
secret key.  As you can tell anyone the public key you can list it in
a directory service much like you list your phone number in the phone
book.  PGP keyservers are examples of such electronic directories of
public keys.

Now anyone who wants to send you a message just gets your public key
(from you, or from a keyserver), encrypts it to you, and sends you the
encrypted message.  So now a perfect stranger half way around the
world can encrypt a message to you, safe in the knowledge that no-one
but you can read it, not even the NSA.

Everything is beautiful and rosy.  (Well everyone except the NSA, who
thinks everything has gone all dark and horrid, 'cause they used to
have fun reading all our comms, but it's too late anyway, because we
all know how to do it now.  And folks like Tim May enthuse about the
possibilites of crypto anarchy, where we can be free from our
respective governmental leeches, by avoiding 50% tax rates, as
information workers working for cypherspace corporations situated in
off-shore tax-havens, or even situated no-where except cypherspace.
Cypherpunks dream.  NSA nightmare, government leech nightmare, spook
and leech job losses, plumetting tax revenues, lay-offs, radical loss
of government power and significance etc, etc.  You ought to read Tim
May's cyphernomicon at this point.)

Returning to technical matters, there is a minor fly in the
ointment... the man in the middle attack... so now we need
authentication.  We need digital signatures.  And things just got a
bit more complex in the key management area.

(We'll save those for lesson 2.  Someone else?)

Should this go in the comparing keys document?  Or is it going to
suffer bloat turning into another introduction to crypto?

Adam
-- 
Have *you* exported RSA today? --> http://www.dcs.ex.ac.uk/~aba/rsa/

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|dc`






Thread