- Asymmetric cryptography or public-key cryptography is cryptography in
which a pair of keys is used to encrypt and decrypt a message so that
it arrives securely. Initially, a network user receives a public and
private key pair from a certificate authority. Any other user who
wants to send an encrypted message can get the intended recipient's
public key from a public directory. They use this key to encrypt the
message, and they send it to the recipient. When the recipient gets
the message, they decrypt it with their private key, which no one else
should have access to.
Witfield Diffie & Martin Hellman, researchers at Stanford
University, first publicly proposed asymmetric encryption in their
1977 paper, New Directions In Cryptography. (The concept had been
independently and covertly proposed by James Ellis several years
before when he was working for the British Government Communications
Headquarters.) An asymmetric algorithm, as outlined in the
Diffie-Hellman paper, is a trap door or one-way function. Such a
function is easy to perform in one direction, but difficult or
impossible to reverse. For example, it is easy to compute the product
of two given numbers, but it is computationally much harder to find
the two factors given only their product. Given both the product and
one of the factors, it is easy to compute the second factor, which
demonstrates the fact that the hard direction of the computation can
be made easy when access to some secret key is given. The function
used, the algorithm, is known universally. This knowledge does not
enable the decryption of the message. The only added information that
is necessary and sufficient for decryption is the recipient's secret
key.
In cases where the same algorithm is used to encrypt and decrypt, such
as in RSA, a message can be securely signed by a specific
sender: if the sender encrypts the message using their private key,
then the message can be decrypted only using that sender's public
key, authenticating the sender.
This also allows for the exchanging of securely signed and one-to-one
messages, as follows. The sender encrypts the message using the common
algorithm and his own secret key.
They then sign the result, encrypt it again (with their signature in
cleartext) using the recipient's public key, and send it. The
recipient decrypts the received message using their own secret key,
identifies the sender from their now-cleartext signature, and then decrypt the result using the sender's public key. This ensures the
recipient that whoever composed the message had access to the sender's
private key, and that nobody tampered with the message or read it
along the way.
In symmetric cryptography, the same key is used for both encryption
and decryption. This approach is simpler in dealing with each message,
but less secure since the key must be communicated to and known at
both sender and receiver locations.
See also: PKI, RSA
 |
Learn more about Email Security Guidelines, Encryption and Appliances |
| CONTRIBUTORS: |
Herzl (Tselly) Regev, Chris Ruffley |
| LAST UPDATED: |
29 Sep 2009
|
 |
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|

 |
More resources from around the web:
|


');
// -->



|