the principle of public-key encryption
The principle of asymmetric encryption (also called public-key encryption) first appeared in 1976, with the publication of a work about cryptography by Whitfield Diffie and Martin Hellman.
In an asymmetric cryptosystem (or
public-key cryptosystem), keys exists in pairs:
- A public key for encryption;
- A secret key for decryption.
In a public-key encryption system, users choose a random key that only they know (this is the private key). From this key, they each automatically deduce an algorithm (this is the public key). Users exchange this public key over an insecure channel.
When a user wants to send a message to another user, he simply needs to encrypt the message to be sent using the recipient's public key (which he can find, for example, in a key server such as an LDAP directory). The latter will be capable of decrypting the message with his private key (that only he knows).
This system is based on a function that is easy to compute in one direction (called a one-way trapdoor function) and is mathematically extremely hard to invert without the private key (called the trapdoor).
To put this in images, this means having a user randomly create a small metal key (the private key) and then produce a large number of padlocks (public keys) he keeps in a locker that can be accessed by anyone (the locker plays the role of an insecure channel). To send him a document, each user can take an (open) padlock, close a portfolio containing the document with this padlock, then send the portfolio to the owner of the public key (the padlock's owner). Only the owner will be capable of opening the portfolio with his private key.
Advantages and disadvantages
The problem of communicating the decryption key no longer exists, in that public keys can be sent freely. Public-key encryption therefore lets people exchange encrypted messages without having a shared secret.
On the other hand, the challenge involves making sure the public key you recover actually belongs to the person you want to send the encrypted information to!