Alessio Di Mauro

A Crash Course in Cryptography

To better understand asymmetric cryptography, you need knowledge of some basic concepts.

For those that are not familiar with public-key cryptography, I will provide here a brief, stripped-down introduction to the topic.

In asymmetric or public-key encryption there are two main players: the encryption algorithm itself (RSA, ECC, ElGamal, …) and a cryptographic key pair (there are also encryption/signature schemes such as PKCS#1, ECDSA and ECDH, but that is another discussion). The former is something that is (or should be…) publicly available. It tells us what are the steps to follow in order to encrypt and decrypt messages. crypto bug

A public/private key pair on the other hand is part of the input to the encryption algorithm and provides two things: the information necessary to uniquely identify a user (public key), and a connected secret required to make the scheme secure (private key).

How does this work all together? Each encryption algorithm is normally based on a computationally hard problem. That is, some kind of mathematical operation that can be performed and inverted relatively easily provided that some information is available. The mathematical transformation constitutes the operation that the encryption scheme can perform, encrypt/decrypt, whereas the keys provide the additional data.

The two keys of a same key pair are strongly interconnected. If the public key is used as part of a message transformation, only the private key can be used to invert it and obtain the same data back. This is a fundamental property of asymmetric cryptography and, depending on how the transformations are applied, and as long as the private key remains so, it allows us to achieve different properties such as confidentiality, authenticity and integrity.

Confidentiality is the guarantee a message will only be received (in a meaningful state) by its intended recipients. This is achieved by encrypting the message with the public key of the recipient, so that only she will be able to decrypt it with her private key.

Authenticity, on the other hand, guarantees the identity of the author and can be achieved by signing a message with the private key of the author and verifying it with his public key.

Finally, integrity is a somewhat orthogonal property, necessary for both confidentiality and authenticity to be upheld. It can guarantee that a message has reached a recipient (intended or not) unmodified. A typical way of providing integrity is through message authentication codes (MACs).

See Part 1 of our 3-part blog series on cryptographic key length, and Yubikey NEO/NEO-n.


Comments are closed.