# Digital Cryptography: A Subtle Art

• Print
This chapter is from the book

## 2.4 Public or Asymmetric Key Ciphers

"Public" key ciphers rely on the recent (a few decades old) discovery of encryption functions with the following characteristics:

1. A different key is needed to decrypt information than the key used to encrypt it. See Figure 2-4.

Figure 2-4 Public key encryption

2. It is computationally infeasible to determine the decryption key from the encryption key.

3. Knowing the encryption key offers no help in decryption. Knowing the decryption key offers no help in encryption.

This set of characteristics dramatically changes the security model in comparison with secret key ciphers. Some application that wants to receive confidential messages could advertise a "public" encryption key to the world, while retaining and keeping secret the private decryption key. Senders would encrypt the data under this public encryption key. Only the intended recipient, who has the private decryption key, can then read it.

This cipher eliminates the problems associated with securely distributing symmetric keys among many entities in a large system. Only one public-private key pair is required for each entity and purpose because everyone can safely know all of the public keys. Unfortunately, two new problems arise with this technique:

1. Asymmetric encryption algorithms tend to be very slow. Thus, if the user sends a large confidential message, it may be prohibitive to encrypt all of the data with a public key algorithm. This problem is solved with "enveloped encryption" (see Section 2.8).

2. It becomes critical to determine whether you are using the right public key. If an adversary can convince you to use the adversary's public encryption key, instead of the public key for the intended recipient, then the adversary can decrypt your message. Remember this individual has the private decryption key corresponding to his or her own public key. After reading your secret message, the adversary may even be able to re-encrypt it with the intended recipient's public encryption key and forward it to the intended recipient. You and the intended recipient would never realize that the message had been compromised. Certificates address this problem of trust in public keys (see Section 2.7).

Real-world use of asymmetric ciphers also requires padding methods because asymmetric ciphers usually operate on a block of data whose size may depend on the key size. For the specific asymmetric algorithms described in Chapter 18, the padding method is described or referenced there.