1.Public-key, what it is

Public-key refers to a cryptographic mechanism. It has been named public-key to differentiate it from the traditional and more intuitive cryptographic mechanism known as: symmetric-key, shared secret, secret-key and also called private-key.

Symmetric-key cryptography is a mechanism by which the same key is used for both encrypting and decrypting; it is more intuitive because of its similarity with what you expect to use for locking and unlocking a door: the same key. This characteristic requires sophisticated mechanisms to securely distribute the secret-key to both parties2.

Public-key on the other hand, introduces another concept involving key pairs: one for encrypting, the other for decrypting. This concept, as you will see below, is very clever and attractive, and provides a great deal of advantages over symmetric-key:

• Simplified key distribution

• Digital Signature

• Long-term encryption

However, it is important to note that symmetric-key still plays a major role in the implementation of a Public-key Infrastructure or PKI.

1.1A definition

Public-key is commonly used to identify a cryptographic method that uses an asymmetric-key pair3: a public-key and a private-key 4. Public-key encryption uses that key pair for encryption and decryption. The public-key is made public and is distributed widely and freely. The private-key is never distributed and must be kept secret.

Given a key pair, data encrypted with the public-key can only be decrypted with its privatekey; conversely, data encrypted with the private-key can only be decrypted with its publickey. This characteristic is used to implement encryption and digital signature. Both encryption and digital signature principles are illustrated in Figure 1 and Figure 2.

1.2Encryption and Decryption

Encryption is a mechanism by which a message is transformed so that only the sender and recipient can see. For instance, suppose that Alice wants to send a private message to Bob. To do so, she first needs Bob’s public-key; since everybody can see his public-key, Bob can send it over the network in the clear without any concerns. Once Alice has Bob’s public-key, she encrypts the message using Bob’s public-key and sends it to Bob. Bob receives Alice’s message and, using his private-key, decrypts it.

Figure 1: Encryption/Decryption principles

1.3Digital Signature and Verification

Digital signature is a mechanism by which a message is authenticated i.e. proving that a message is effectively coming from a given sender, much like a signature on a paper document. For instance, suppose that Alice wants to digitally sign a message to Bob. To do so, she uses her private-key to encrypt the message; she then sends the message along with her public-key (typically, the public key is attached to the signed message). Since Alice’s public-key is the only key that can decrypt that message, a successful decryption constitutes a Digital Signature Verification, meaning that there is no doubt that it is Alice’s private key that encrypted the message.

Figure 2: Digital Signature/Verification principles

1.4Beyond the principles

The two previous paragraphs illustrate the encryption/decryption and signature/verification principles. Both encryption and digital signature can be combined, hence providing privacy and authentication. As mentioned earlier, symmetric-key plays a major role in public-key encryption implementations. This is because asymmetric-key encryption algorithms5 are somewhat slower than symmetric-key algorithms6. For Digital signature, another technique used is called hashing. Hashing produces a message digest that is a small and unique7 representation (a bit like a sophisticated checksum) of the complete message. Hashing algorithms8 is a one-way encryption, i.e. it is impossible to derive the message from the digest. The main reasons for...