Asymmetric cryptography
Asymmetric cryptography, also known as public-key cryptography, is a cryptographic system that uses two keys; one to encrypt (public key) and another to decrypt (private key):
- Public key: You can encrypt the message with this key. It is not confidential, meaning the key is available to anyone who wants to encrypt messages.
- Private key: This is a unique key used to decrypt the message, which makes it confidential and must remain secret.
Both keys are related and are created based on a mathematical relationship. The public key is computed from the private key but not the other way around. This means asymmetric cryptography functions are easy to compute in one direction but practically impossible to invert.
Now that we know what asymmetric cryptography is, how do you generate an asymmetric key? Asymmetric keys have specific properties needed which make them different from symmetric keys where you took several bits from a pseudo-random number generator and get the result. To generate an asymmetric key, you must:
- Send pseudorandom bits as a seed to a key-generation algorithm.
- The algorithm takes as input a seed value.
- After taking a seed value, the algorithm constructs a private key and its respective public key, making both keys compatible with each other.
Once your private key is created, remember it must remain secret. This represents a challenge, keep the key safe and secure. Only people with authorized access to the information should have it so to comply with security guidelines you can implement the following strategies:
- Key wrapping: The private key is encrypted using a second key, often generated from a password supplied by the user.
- On-the-fly generation from a password: The keys come directly from a password, which makes it more vulnerable to weak passwords. An attacker can try to decrypt the encrypted message by using a brute-force attack so if the password is weak, it will get compromised.
- Storing the key on a hardware token (smart card or USB dongle): You can store the private key in a hardware token that you carry carefully. This is the safest solution for key storage since the key remains safe even if the computer or network is compromised.
There are different types of symmetric cryptography such as Diffie-Hellman, RSA, and elliptic curves; the last one being more powerful and efficient than the first 2 alternatives.
We will discuss RSA and elliptic curves in a different article, but to finish understanding the basics of asymmetric cryptography, we will review the Diffie-Hellman algorithm.
Diffie-Hellman Protocol
It is a protocol that allows two parties who may not have had any previous contact to share information by exchanging a visible key (public key) with an eavesdropper. To better understand it let´s look at the diagram below:}
First, both parties agree on two numbers, P = prime number and G = Generator of (G is calculated from a prime number — 1).
Both parties generate a pseudo-random private key separately.
P, G, and the private key calculate both public keys (shared private keys).
Finally, Shared public keys, private keys, and the prime number calculate the shared key.
There is a variety of ways to use the DH function such as the anonymous Diffie-Hellman which is the simplest DH protocol and the authenticated Diffie-Hellman protocols.
Conclusion
Asymmetric cryptography uses two keys, a public key to encrypt a message and a private key to decrypt the message. Once the private key is computed, it must remain secret. Some examples of asymmetric cryptography are RSA, Elliptic Curves, and Diffie-Hellman. Diffie-Hellman protocol exchanges the public key to calculate the shared message using the private key. I will write about the different Diffie-Hellman protocols and how mand-in-the-middle attacks can affect the anonymous Diffie-Hellman. I took some of this information from the book Serious Cryptography by Jean-Philippe Aumasson and my cryptography classes at ULACIT by Alejandro Zamora Esquivel.
References
Jean-Philippe Aumasson. 2018. Serious cryptography: a practical introduction to modern encryption. No Starch Press.