Each key is a pair of keys K and K-1. If a message is
encrypted using K then it can only be decrypted using K-1. If
means the application of the encryption function and text is the cleartext, then the following all hold true.
Authentication is provided by taking a piece of text, encrypting it using the private key which is only known by you. If it can be decrypted using your public key, then it is known to be encrypted by you. This then functions to authenticate the text.
But, encryption is slow, so what is used is another mathematical function which takes text in and produces a pseudo random fixed size number out that can only have come from the original input text. This is known as a hash function. The hash function takes in the whole of the cleartext, generates a 128 byte message digest, which is then encrypted using the public key. This is known as a digital signature. When the receiver receives the message, they run the hash function over the data to regenerate the message digest. They decrypt using the public key, and if the digests match, then they know that the message was really sent by the purported sender, and that the message was not interfered with - the integrity of the message has been protected.
In the original Diffie-Hellman proposal, the two parties, Alice and
Bob, choose two large integers, n and g, such that g is
less than n. Then the following occurs:
Both k and k' equal
(10.1)
(10.2)
(10.3)
(10.4) . However, its very
unlikely that anyone else listening on the channel can calculate the
key, since the calculation of discrete logarithms under field
arithmetic is very hard (see Galois Fields).
Whilst RSA is the normal set of algorithm used in public key cryptography, Diffie-Hellman is still used in such places as the SKIP protocol.
Next: Network level solutions
Up: A brief Introduction to
Previous: What size keys?
Jon CROWCROFT
1998-12-03