Cyber Security:

Asymmetric Cryptography

Asymmetric cryptography is also known as public key cryptography.

It ' side-steps' the key distribution problem as each user creates their own keys - known as a key pair:

 

The value of one key cannot easily be determined from the other, so even if the public key falls into hostile hands, the value of the private key cannot be determined.

Sending a message using public key cryptography

The mathematics behind public key cryptography is very complex, but the process of using it is relatively simple:

The sender obtains a copy of the recipient's public key, either by email or from a key chain server, and uses it to encrypt the message.

The resulting ciphertext is then sent to the recipient who uses their corresponding private key to restore the original plaintext.

Public key cryptography:

is popular because there does not have to be any initial secure exchange of secret keys for an encrypted message to be sent - users only ever exchange their public keys.

is generally far slower than symmetric encryption

traditional public key cryptographic techniques require far longer keys to offer the same level of protection as symmetric encryption. But a newer type of public key cryptography, known as 'elliptic curve cryptography', has been developed and can be just as secure as symmetric encryption while using similar key lengths.

Transcript of video from the OU that explains how Asymmetric Cryptography works:

Before we get into the details of how computers use asymmetric cryptography, it's worth spending some time on a small thought experiment.

Here's Alice, here's Bob.

Alice has a valuable document.

And Bob has gone to his local locksmith and ordered a very large number of identical padlocks, as well as a single key which can open any of those padlocks.

If anyone asks Bob for a padlock, he'll send one of them through the post, but he will never give away his key.

Alice asks Bob for a padlock.

When she receives it she places her valuable item into a box, closes it, then uses the padlock to lock the Box.

At this point, the contents of the box are secure behind the padlock and Alice can't open the box, because she doesn't have a key.

It's perfectly safe for Alice to send the box through the post because no one who gets a hold of it can open it unless they have a key. And the only key is in Bob's possession.

When both receives the box all he needs to do is use his key to open the lock, open the box, and there's the original document that Alice wanted to send him.

The boxes and padlock example should make asymmetric encryption easier to understand.

The padlocks, which are given to anyone who wants one, represent the public key.

The top secret key that can unlock the padlocks is the private key.

We'll show the public key as a coloured key on a white background. The private key will be a white key on a coloured background.

Two keys together are called a key pair, and these are normally held inside a computer on what's called a key chain. Alice and Bob are now going to use asymmetric cryptography to exchange information. Each of them will independently generate a key pair : a public key, and a private key.

The keys are generated using a whole combination of information, such as the user's name and their email address. But to ensure that they can't be created by someone else the program usually asks you to input random information, such as typing away on a keyboard, measuring the amount of traffic passing over a network, or waggling the mouse for a while.

Before they can actually use asymmetric cryptography, Alice and Bob must now exchange their public keys.

Each of them sends a copy of their public key to the other.

These are added to the key chains on their computers. Alice and Bob are now ready to go. Alice creates the document she wants to send to Bob.

She then, using her encryption program and a copy of Bob's public key, encrypts the document from plaintext into ciphertext. The only way it can be decrypted is using the private key held on Bob's computer.

So Eve, or anyone else apart from Bob, can't get at this document no matter how hard they try, which means it's perfectly safe for Alice to send this document over the internet to Bob. Obviously, the ciphertext needs to be turned back into plaintext.

Bob also has a copy of the encryption software. So when he receives the ciphertext the program uses his private key to decrypt the document. Again, this takes a few seconds, but then he's got plaintext.

Remember, he's the only person in the world with a copy of his private key, so he's the only one that can actually decrypt this document.

When Bob wants to send a message to Alice he uses his copy of her public key to encrypt the message. Alice uses her securely-stored private key to perform the decryption.

We've seen how asymmetric encryption is used in everyday practice.

Now let's look at why it's secure.

Remember, asymmetric cryptography uses two different keys – one to encrypt, another to decrypt.

Bob will give his public key to anyone who asks for it, but he always keeps his private key safe and secure.

Alice has encrypted a document using Bob's public key and sent it to him over the internet.

However, it's been intercepted by Eve, who not only has a copy of the ciphertext, but also a copy of Bob's public key.

If Eve tries to decrypt the document using Bob's public key, she's in for a nasty surprise. Eve loads the ciphertext into her encryption program and then uses her copy of the public key to try and decipher it.

She ends up with rubbish.

Remember, the document was encrypted with Bob's public key.

It can only be decrypted with Bob's private key. And that safe and secure on his computer.

No matter how hard Eve tries, she cannot decrypt this document using the public key.

She will either have to steal Bob's private key, which is hopefully very secure, or she'll have to use brute force, which could take billions of years to find the correct key.

The document is very, very secure.