What is a Public-key Crypto System?

Cryptography is the science hiding, scrambling and/or rearranging information in a way that renders the data encrypted and unusable to all but those that have the key or nonce used to encrypt the data. Cryptography is used extensively in the Internet age to protect confidential information that is transported over public networks such as the Internet. There are many different types of cryptographic algorithms available and each has a place in the scheme of technology, security and usefulness.

Public-key crypto systems (also referred to as asymmetric key crypto systems) differ from other cryptographic systems in that two keys are used; one to encrypt data (referred to as a public key) and the other to decrypt the data (referred to as a private key). Public-key crypto systems differ from the more commonly known symmetric key crypto systems in that symmetric key crypto systems use a single key to encrypt and decrypt the same data. Symmetric key algorithms (or cryptography systems) are also generally much faster than public-key crypto systems.

However, public-key crypto systems include some features that are not available with the faster symmetric key crypto systems. First, because public-key crypto systems utilize two keys, a private and a public key, the crypto system can be used for non-repudiation and authentication. For example, the private key of a public-key crypto system set can be used to encrypt data or a portion of the data being sent or a string in the message and then decrypted only by the matching public-key. The fact that the message, or encrypted data string within the message, can be decrypted by the public-key is proof that the message was sent by the person that owns/possesses the private key. Second, public-key crypto systems can also be used to negotiate and establish encryption over a public network without having to share the same encryption key over the public network. Both parties can share their public keys with the other party then each party encrypts all messages sent with their private key and decrypt messages received using their own private key. Since the only individuals that possess the private keys are the same individuals to whom each key belongs, the encrypted exchange is secure. However, since public-key crypto systems are slow, this key exchange is usually followed by a negotiation which includes sharing a secret key for a symmetric key algorithm (encrypted by the public-key crypto system when the key is sent) so that the remainder of the conversation is protected by a symmetric key algorithm that is much faster and requires less computer resources than the public-key crypto system.

Public-key crypto systems must adhere to five requirements in order to be considered secure. First, it should be computationally easy for the sender to generate both public and private keys. Second, give the public key of the receiver; it should be computationally easy for the sender to encrypt the data using the receiver’s public key. Third, it should be computationally easy for the receiver to decrypt the data using their private key. Fourth, it should be computationally infeasible to find out the private key using the public key. Fifth, computationally infeasible to find out the cipher text (data that was encrypted with the public key) using the public key. There is however a sixth (implied) requirement which is that both the public key and the private key must be able to be used for both encryption and decryption.

Public-key crypto systems are a truly amazing mathematical invention. Without public-key crypto systems the world’s data would be much less secure.