This page was made with ClickFunnels - Create Marketing Funnels in Minutes! Click here to get a free 14 day trial account. Your page? Want to remove this banner?
Public Key Cryptography - The story of Security, Integrity and Authentication in Open Network Communications
Written by Grant Hunter, 24 October 2017
If the internet was a piece of art, public key cryptography would be the brushes used to express the painter's vision - I think this analogy works on every level! It is the application of maths in a practical environment, such that the algorithms themselves are the very building blocks.
I really enjoyed learning about this. I hope you do too!
Symmetric Cryptography
This is where both the sender and recipient of a coded message use the same key for encryption and decryption. Symmetric cryptography has therefore been well suited for organisations such as governments, military, and big financial corporations where both parties have easy access to ‘both’ keys. The Scytale is a good example of this - having been used primarily by the Spartans of Ancient Greece.
With the spread of computer networks in last few decades, the symmetrical key was found to be problematic in terms of key management. The question of how to exchange the encryption/decryption keys across an open network environment (un-secure) created a need for a different kind of cryptography that could be used on a wider and more public scale. This gave rise to the public key cryptosystem.
Asymmetric Cryptography
Otherwise known as public key cryptography, this cryptosystem is based in the use of a pair of asymmetrical keys to create a one-way function of encryption and decryption: 

1) A public key, used to encrypt the message. This is a one-way function of converting plaintext into ciphertext. It can only be reversed by knowing the private key.

2) A private key, used to decrypt the message. This was created with the public key and is known only by the owner/recipient, 
There are some factors that affect how effective this system can be. Firstly, it must be computationally infeasible to calculate the private key using the public key. Secondly, it must be computationally easy for a user to generate a public and private key-pair. This means that security is only dependant on keeping the private key safe.

One of the first publicly published examples of this idea is the Diffie–Hellman (D-H) key exchange protocol. It was originally conceptualised by Ralph Merkle, and named after Whitfield Diffie and Martin Hellman. It has been used as the basis and influence for several cryptographic schemes since it was published in 1976. The reason for this is due to the speed at which a new, secure key-pair can be generated. 

One notable scheme is the Signal Protocol. This uses something called forward secrecy, where a new key-pair is created and discarded for each communicative session. (A session is considered anytime two or more communicating devices interact with each other). This negates the opportunity for an attacker to gain access to a used key-pair in order to intercept communications/transactions or create a fraudulent communication/transaction. 

You will have seen this in effect anytime you have used Whatsapp, Google Allo and Facebook Messenger. These apps implement the Signal Protocol to provide end-to-end encryption of instant messages, voice calls and video calls.
Message Digests
Encryption/decryption mathematically secures the privacy of communications. However, there is still potential for someone to modify the original message or substitute it with a different one; maybe in order to compromise your bank accounts. This is known as a Man in the Middle (MITM) attack. Also, encrypting a large file or document using an asymmetric algorithm like RSA, can take a relatively long time.

One way of solving both these problems is to create a concise summary of the message to be sent, a digital fingerprint. This is known as message digest, one-way function or hash function. (This is one of the foundational protocols used in some blockchains; you will know it as - Proof of Work. For example, Bitcoin uses the SHA-256 Hash Algorithm to generate verifiably "random" numbers in a way that requires a predictable amount of CPU effort. This maths problem serves as a vehicle to confirm and record the transactions on the blockchain. See [insert article link] for a deep dive into ‘what makes Bitcoin... Bitcoin’). 

Upon receipt of the message, the receiver creates their own copy and compares it with the one sent. If the summaries (hashes) are the same then the message has been received intact.

Asymmetric encryption/decryption gives us message security. Message Digests ensures message integrity. Now you need to ask, ‘How does your bank confirm the identity of you and hence the validity of your message?’ A process of authentication is therefore require.
Digital Signatures
A digital signature is an application of asymmetric cryptography, and is a means to apply a seal or signature digitally. They are the digital equivalent of traditional seal stamps and handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type!

They are created by encrypting a digest of the message and other information (including a unique a sequence number) with the sender's private key. Though anyone can decrypt the signature itself using the public key, only the sender knows the private key. This means that only the sender can have signed the message. 

Including the digest in the signature means the signature is only good for that message; it also ensures the integrity of the message since any change in the message after signature invalidates the signature. 

You will seen this anytime you have attempted to visit a website and/or download something and received a message like, ‘There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.’ 
Furthermore, there is no efficient way to modify a message and its signature to produce a new message with a valid signature, because this is still considered to be computationally infeasible by most cryptographic hash functions. 

This collision resistance is another important feature of any hash function. When there are more inputs than outputs there will inevitably be collisions. Therefore a hash function is said to be collision resistant if it is hard to find two inputs that hash to the same output such that (where H is the hash function and a & b are inputs):
H(a) = H(b) and a ≠ b
(Lets consider again, the hash function SHA-256. This produces 256 bits of output from an arbitrarily large input. Since it must generate one of 2256 outputs for each member of a much larger set of inputs, the pigeonhole principle guarantees that some inputs will hash to the same output. This means that it is mathematically unfeasible to find two inputs from the same hash with a reasonable time - nullifying brute force attacks).

Non-repudiation is another important byproduct of digital signatures. Because they can guarantee that the sender sent the transmission; the sender then, can’t deny being the one who sent it.
You have sent a private message to your bank. You have encrypted it, hashed it and digitally signed it to ensure its security, integrity and authenticity. You now need to know that the entity you are communicating with, is in fact ‘your’ bank. It could be very costly if it was an attacker pretending to be your bank. Similarly, the bank needs to be able to confirm that the digital signature was signed using your private key. 

A digital certificate is a means to prove ownership of a public key. In a typical public-key infrastructure (PKI) scheme, these are issued by a trusted agency called a certificate authority, and they usually charge their customers for this service.

One such authority is Versign. Verisign is a subsidiary of RSA Security. Yes, that’s RSA, as in Ron Rivest, Adi Shamir and Len Adleman, who published the RSA Algorithm!
A type of certificate management that you already use, is Transport Layer Security (TLS). Formally known as Secure Socket Layer (SSL), the TLS certificate's subject are usually a computer or other device, though they may be used to identify organizations or individuals in addition. 

TLS is most commonly used a part of HTTPS, a protocol for securely browsing the web. With TLS a web browser can validate that an HTTPS web server is authentic, so you can feel secure that the web site is who it claims to be and also has no eavesdroppers on your communication channel. This security is relevant for electronic commerce. 

Remember to always check that the address reads ‘https://…’ and not ‘http://…’ when you are connected with websites and are dealing with your private, sensitive and financial information.
Here at Cypherpunks2.0 we aim to provide you with interesting and informative articles.  
If you enjoy reading and see the value, please share this post with you friends!

BTC - 1KssP7Y47doZMFKf4ke5b7qAPiYyXLaN82
ETH - 0x8cb45afeffd7c26818f27be3d198dc59a6bd7490
LTC - LfnmBLtnogxNEBq4wS62y9DDvUTpddK8S3

About Author: Grant Hunter

Blogger, privacy advocate and content contributor. Grant is a deep philosophical thinker, arm-chair economist, a cryptocurrency expert and a Cypherpunk! 
FB Comments Will Be Here (placeholder) - All Rights Reserved - Terms Of Service
support at
Powered By