Public-Key Cryptography: Difference between revisions
Jump to navigation
Jump to search
BloomWiki: Public-Key Cryptography |
BloomWiki: Public-Key Cryptography |
||
| Line 1: | Line 1: | ||
<div style="background-color: #4B0082; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | |||
{{BloomIntro}} | {{BloomIntro}} | ||
Public-Key Cryptography (also known as Asymmetric Cryptography) is a revolutionary method of encryption that uses a **Pair of Keys**: a Public Key and a Private Key. While the public key can be shared with anyone in the world, the private key is kept secret by the owner. Anything encrypted with the public key can *only* be decrypted by the matching private key. This is the "Magic" that makes the modern internet possible—allowing you to send your credit card number to a website you've never met before without a hacker being able to see it. It solved the ancient "Key Exchange Problem" and is the foundation of digital privacy and trust. | Public-Key Cryptography (also known as Asymmetric Cryptography) is a revolutionary method of encryption that uses a **Pair of Keys**: a Public Key and a Private Key. While the public key can be shared with anyone in the world, the private key is kept secret by the owner. Anything encrypted with the public key can *only* be decrypted by the matching private key. This is the "Magic" that makes the modern internet possible—allowing you to send your credit card number to a website you've never met before without a hacker being able to see it. It solved the ancient "Key Exchange Problem" and is the foundation of digital privacy and trust. | ||
</div> | |||
== Remembering == | __TOC__ | ||
<div style="background-color: #000080; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | |||
== <span style="color: #FFFFFF;">Remembering</span> == | |||
* '''Public-Key Cryptography''' — A cryptographic system that uses pairs of keys: public keys (which may be disseminated widely) and private keys (which are known only to the owner). | * '''Public-Key Cryptography''' — A cryptographic system that uses pairs of keys: public keys (which may be disseminated widely) and private keys (which are known only to the owner). | ||
* '''Public Key''' — Used to encrypt data or verify a digital signature; available to everyone. | * '''Public Key''' — Used to encrypt data or verify a digital signature; available to everyone. | ||
| Line 16: | Line 21: | ||
* '''Prime Number''' — A number that has no divisors other than 1 and itself; the "Atoms" of public-key math. | * '''Prime Number''' — A number that has no divisors other than 1 and itself; the "Atoms" of public-key math. | ||
* '''Modular Arithmetic''' — "Clock math"; the branch of math used to scramble numbers in RSA and ECC. | * '''Modular Arithmetic''' — "Clock math"; the branch of math used to scramble numbers in RSA and ECC. | ||
</div> | |||
== Understanding == | <div style="background-color: #006400; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | ||
== <span style="color: #FFFFFF;">Understanding</span> == | |||
Public-Key Cryptography is understood through the **Mailbox Analogy**. | Public-Key Cryptography is understood through the **Mailbox Analogy**. | ||
| Line 38: | Line 45: | ||
**The Trust Chain**: How do you know the "Public Key" you get from Amazon.com really belongs to Amazon and not a hacker? You check the **Digital Certificate**. A trusted third party (a CA) has "signed" Amazon's key with *their* private key, creating a chain of trust that goes up to a "Root" built into your browser. | **The Trust Chain**: How do you know the "Public Key" you get from Amazon.com really belongs to Amazon and not a hacker? You check the **Digital Certificate**. A trusted third party (a CA) has "signed" Amazon's key with *their* private key, creating a chain of trust that goes up to a "Root" built into your browser. | ||
</div> | |||
== Applying == | <div style="background-color: #8B0000; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | ||
== <span style="color: #FFFFFF;">Applying</span> == | |||
'''Modeling 'The Diffie-Hellman Key Exchange':''' | '''Modeling 'The Diffie-Hellman Key Exchange':''' | ||
<syntaxhighlight lang="python"> | <syntaxhighlight lang="python"> | ||
| Line 68: | Line 77: | ||
: '''The Green Padlock''' → The visual indicator in your browser that a site is using public-key crypto (TLS). | : '''The Green Padlock''' → The visual indicator in your browser that a site is using public-key crypto (TLS). | ||
: '''SSH Keys''' → Used by developers to log into servers without using a password. | : '''SSH Keys''' → Used by developers to log into servers without using a password. | ||
</div> | |||
== Analyzing == | <div style="background-color: #8B4500; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | ||
== <span style="color: #FFFFFF;">Analyzing</span> == | |||
{| class="wikitable" | {| class="wikitable" | ||
|+ Symmetric vs. Asymmetric | |+ Symmetric vs. Asymmetric | ||
| Line 84: | Line 95: | ||
**The Concept of "Hybrid Encryption"**: Because public-key crypto is slow, we don't use it to encrypt a whole movie. Instead, we use it for 1 second to **Exchange a Symmetric Key**. Once both sides have the secret key, they switch to the fast symmetric encryption. Analyzing this "Handshake" is the core of all internet security. | **The Concept of "Hybrid Encryption"**: Because public-key crypto is slow, we don't use it to encrypt a whole movie. Instead, we use it for 1 second to **Exchange a Symmetric Key**. Once both sides have the secret key, they switch to the fast symmetric encryption. Analyzing this "Handshake" is the core of all internet security. | ||
</div> | |||
== Evaluating == | <div style="background-color: #483D8B; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | ||
== <span style="color: #FFFFFF;">Evaluating</span> == | |||
Evaluating an asymmetric system: (1) **Key Size**: Is the key long enough (e.g., RSA-2048 is safe, RSA-512 is broken)? (2) **Computational Cost**: Is the math too heavy for a small phone battery or a smart card? (3) **The Quantum Threat**: Most current public-key math (RSA/ECC) will be **Instantly Broken** by a future quantum computer using "Shor's Algorithm." (4) **Randomness**: Is the "Private Key" truly random, or did the computer use a "weak" random number generator that a hacker can predict? | Evaluating an asymmetric system: (1) **Key Size**: Is the key long enough (e.g., RSA-2048 is safe, RSA-512 is broken)? (2) **Computational Cost**: Is the math too heavy for a small phone battery or a smart card? (3) **The Quantum Threat**: Most current public-key math (RSA/ECC) will be **Instantly Broken** by a future quantum computer using "Shor's Algorithm." (4) **Randomness**: Is the "Private Key" truly random, or did the computer use a "weak" random number generator that a hacker can predict? | ||
</div> | |||
== Creating == | <div style="background-color: #2F4F4F; color: #FFFFFF; padding: 20px; border-radius: 8px; margin-bottom: 15px;"> | ||
== <span style="color: #FFFFFF;">Creating</span> == | |||
Future Frontiers: (1) **Post-Quantum Cryptography (PQC)**: New types of public-key math (like "Lattice-based") that even a quantum computer cannot break. (2) **Homomorphic Encryption**: A type of public-key crypto that allows a server to "calculate" data without ever seeing the numbers (e.g., adding encrypted numbers to get an encrypted result). (3) **Self-Sovereign Identity**: Using your own public-key pairs to prove who you are without needing a central company like Facebook or Google. (4) **Zero-Knowledge Proofs**: Proving you are over 21 or have enough money in your bank without revealing your exact age or balance. | Future Frontiers: (1) **Post-Quantum Cryptography (PQC)**: New types of public-key math (like "Lattice-based") that even a quantum computer cannot break. (2) **Homomorphic Encryption**: A type of public-key crypto that allows a server to "calculate" data without ever seeing the numbers (e.g., adding encrypted numbers to get an encrypted result). (3) **Self-Sovereign Identity**: Using your own public-key pairs to prove who you are without needing a central company like Facebook or Google. (4) **Zero-Knowledge Proofs**: Proving you are over 21 or have enough money in your bank without revealing your exact age or balance. | ||
| Line 94: | Line 109: | ||
[[Category:Computer Science]] | [[Category:Computer Science]] | ||
[[Category:Cybersecurity]] | [[Category:Cybersecurity]] | ||
</div> | |||
Latest revision as of 01:56, 25 April 2026
How to read this page: This article maps the topic from beginner to expert across six levels � Remembering, Understanding, Applying, Analyzing, Evaluating, and Creating. Scan the headings to see the full scope, then read from wherever your knowledge starts to feel uncertain. Learn more about how BloomWiki works ?
Public-Key Cryptography (also known as Asymmetric Cryptography) is a revolutionary method of encryption that uses a **Pair of Keys**: a Public Key and a Private Key. While the public key can be shared with anyone in the world, the private key is kept secret by the owner. Anything encrypted with the public key can *only* be decrypted by the matching private key. This is the "Magic" that makes the modern internet possible—allowing you to send your credit card number to a website you've never met before without a hacker being able to see it. It solved the ancient "Key Exchange Problem" and is the foundation of digital privacy and trust.
Remembering[edit]
- Public-Key Cryptography — A cryptographic system that uses pairs of keys: public keys (which may be disseminated widely) and private keys (which are known only to the owner).
- Public Key — Used to encrypt data or verify a digital signature; available to everyone.
- Private Key — Used to decrypt data or create a digital signature; must be kept secret.
- RSA (Rivest-Shamir-Adleman) — The first and most famous public-key algorithm, based on the difficulty of factoring large numbers.
- ECC (Elliptic Curve Cryptography) — A modern, more efficient public-key system that uses the math of curves to provide the same security with much smaller keys.
- One-Way Function — A mathematical operation that is easy to do in one direction but extremely difficult to undo (e.g., multiplying two huge primes).
- Trapdoor Function — A one-way function that is easy to undo *if* you have a specific piece of "secret" information (the private key).
- Digital Signature — A mathematical scheme for verifying the authenticity of digital messages or documents.
- Certificate Authority (CA) — A trusted organization that "vouches" for your public key (the "Passport Office" of the internet).
- SSL/TLS (HTTPS) — The protocol that uses public-key cryptography to secure website connections.
- Diffie-Hellman — A specific method for two people to create a shared secret key over an insecure channel.
- Prime Number — A number that has no divisors other than 1 and itself; the "Atoms" of public-key math.
- Modular Arithmetic — "Clock math"; the branch of math used to scramble numbers in RSA and ECC.
Understanding[edit]
Public-Key Cryptography is understood through the **Mailbox Analogy**.
- 1. The Open Mailbox**:
Imagine Alice has a mailbox with a slot on the top. The slot is the **Public Key**.
- Anyone can walk up and drop a secret letter into the slot.
- Once the letter is inside, only Alice (who has the **Private Key** to the back door) can read it.
Even the person who sent the letter can't get it back out!
- 2. The Math of Prime Factors**:
Why is it secure?
- It is very easy for a computer to multiply two 500-digit prime numbers together.
- It is **Impossible** for any current computer to take that massive resulting number and figure out which two primes made it.
The "Result" is your public key. The "Two Primes" are your private key.
- 3. Digital Signatures (The Reverse)**:
Public-key crypto can also be used backwards to prove identity.
- If Alice encrypts a message with her **Private Key**, everyone can decrypt it with her **Public Key**.
- If it works, it **Proves** that only Alice could have written it. This is a "Digital Signature."
- The Trust Chain**: How do you know the "Public Key" you get from Amazon.com really belongs to Amazon and not a hacker? You check the **Digital Certificate**. A trusted third party (a CA) has "signed" Amazon's key with *their* private key, creating a chain of trust that goes up to a "Root" built into your browser.
Applying[edit]
Modeling 'The Diffie-Hellman Key Exchange': <syntaxhighlight lang="python"> def generate_shared_secret(g, p, my_private_key, their_public_part):
""" Shows how two people can create a secret key without ever sending the key itself. Formula: (g^b mod p)^a mod p == (g^a mod p)^b mod p """ shared_secret = (their_public_part ** my_private_key) % p return shared_secret
- Alice and Bob agree on g=5, p=23
- Alice chooses private_a=6. Bob chooses private_b=15.
- Alice sends (5^6 mod 23) = 8. Bob sends (5^15 mod 23) = 19.
alice_secret = generate_shared_secret(5, 23, 6, 19) bob_secret = generate_shared_secret(5, 23, 15, 8)
print(f"Alice's secret: {alice_secret}") print(f"Bob's secret: {bob_secret}")
- They both calculated '2' without ever sending it!
</syntaxhighlight>
- Asymmetric Landmarks
- PGP (Pretty Good Privacy) → The first software to bring public-key encryption to the masses for email.
- Bitcoin → Uses **ECC** to prove ownership of coins without needing a bank.
- The Green Padlock → The visual indicator in your browser that a site is using public-key crypto (TLS).
- SSH Keys → Used by developers to log into servers without using a password.
Analyzing[edit]
| Feature | Symmetric (AES) | Asymmetric (RSA/ECC) |
|---|---|---|
| Key Usage | Same key for Lock/Unlock | Different keys for Lock/Unlock |
| Speed | Very Fast (Gigabits/sec) | Very Slow (Milliseconds/operation) |
| Key Sharing | Difficult (Must be kept secret) | Easy (Public key is public) |
| Main Use | Encrypting big files/hard drives | Exchanging keys / Signatures |
- The Concept of "Hybrid Encryption"**: Because public-key crypto is slow, we don't use it to encrypt a whole movie. Instead, we use it for 1 second to **Exchange a Symmetric Key**. Once both sides have the secret key, they switch to the fast symmetric encryption. Analyzing this "Handshake" is the core of all internet security.
Evaluating[edit]
Evaluating an asymmetric system: (1) **Key Size**: Is the key long enough (e.g., RSA-2048 is safe, RSA-512 is broken)? (2) **Computational Cost**: Is the math too heavy for a small phone battery or a smart card? (3) **The Quantum Threat**: Most current public-key math (RSA/ECC) will be **Instantly Broken** by a future quantum computer using "Shor's Algorithm." (4) **Randomness**: Is the "Private Key" truly random, or did the computer use a "weak" random number generator that a hacker can predict?
Creating[edit]
Future Frontiers: (1) **Post-Quantum Cryptography (PQC)**: New types of public-key math (like "Lattice-based") that even a quantum computer cannot break. (2) **Homomorphic Encryption**: A type of public-key crypto that allows a server to "calculate" data without ever seeing the numbers (e.g., adding encrypted numbers to get an encrypted result). (3) **Self-Sovereign Identity**: Using your own public-key pairs to prove who you are without needing a central company like Facebook or Google. (4) **Zero-Knowledge Proofs**: Proving you are over 21 or have enough money in your bank without revealing your exact age or balance.