Public key Algorithms in Cryptography
When considering secure access to application or platforms,this type of algorithms may used. As an example you may setup and access your GCP compute engine using SSH authentication using private and public keys. I think compared to just type user name and password, it is more secure way to access. Using puttygen we can generate public and private key pair. If you used Winscp to login, you provide private key and when set up public key store in compute engine configuration settings.
So let’s see those public and private key terms. and how they work
As you can see above diagram, we have sender and recipient and Different keys are used for encryption and decryption. This is a property which set this scheme different than symmetric encryption scheme.Each receiver possesses a unique decryption key, generally referred to as his private key.Receiver needs to publish an encryption key, referred to as his public key.Some assurance of the authenticity of a public key is needed in this scheme to avoid spoofing by adversary as the receiver. Generally, this type of cryptosystem involves trusted third party which certifies that a particular public key belongs to a specific person or entity only.Encryption algorithm is complex enough to prohibit attacker from deducing the plaintext from the ciphertext and the encryption (public) key.Though private and public keys are related mathematically, it is not be feasible to calculate the private key from the public key. In fact, intelligent part of any public-key cryptosystem is in designing a relationship between two keys.
Using this concept, we can see there are three types of Public Key Encryption techniques.
RSA Method
This was invented by three scholars Ron Rivest, Adi Shamir, and Len Adleman and therefore, it is called as RSA.
Generation of RSA Key Pair- It was include some sub parts
- Generate the RSA modulus (n)
- Find Derived Number (e)
- Form the public key
- Generate the private key
Encryption and Decryption- After generating the key pair, the next process is encryption and decryption. RSA does not directly operate on strings of bits as in case of symmetric key encryption. It operates on numbers modulo n. Hence, it is necessary to represent the plaintext as a series of numbers less than n.
RSA Encryption: Here P get as plaintext, P multiplied by itself e times and then reduced modulo n. This means that cipertext is also a number less than n. The example P=10 e=5 and n=91, then cipertext is =82
RSA Decryption: Here C is cipertext, C multiplied by itself e times and then reduced modulo n.
The security of RSA depends on the strengths of two separate functions. The RSA cryptosystem is most popular public-key cryptosystem strength of which is based on the practical difficulty of factoring the very large numbers.If either of these two functions are proved non one-way, then RSA will be broken. In fact, if a technique for factoring efficiently is developed then RSA will no longer be safe.The strength of RSA encryption drastically goes down against attacks if the number p and q are not large primes and/ or chosen public key e is a small number.
ElGamal Method
ElGamal cryptosystem, called Elliptic Curve Variant, is based on the Discrete Logarithm Problem. It derives the strength from the assumption that the discrete logarithms cannot be found in practical time frame for a given number, while the inverse operation of the power can be computed efficiently.
Generation of ElGamal Key Pair: It is bit different method compare to previous method
Choosing a large prime p. Generally a prime number of 1024 to 2048 bits length is chosen.
Choosing a generator element g.This number must be between 1 and p − 1, but cannot be any number.
Choosing the private key. The private key x is any number bigger than 1 and smaller than p−1.
Encryption and Decryption
The generation of an ElGamal key pair is comparatively simpler than the equivalent process for RSA. But the encryption and decryption are slightly more complex than RSA.In ElGamal system, each user has a private key x. and has three components of public key − prime modulus p, generator g, and public Y = gx mod p. The strength of the ElGamal is based on the difficulty of discrete logarithm problem.
The secure key size is generally > 1024 bits. Today even 2048 bits long key are used. On the processing speed front, Elgamal is quite slow, it is used mainly for key authentication protocols. Due to higher processing efficiency, Elliptic Curve variants of ElGamal are becoming increasingly popular.
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is a term used to describe a suite of cryptographic tools and protocols whose security is based on special versions of the discrete logarithm problem. It does not use numbers modulo p.
ECC is based on sets of numbers that are associated with mathematical objects called elliptic curves. There are rules for adding and computing multiples of these numbers, just as there are for numbers modulo p.
ECC includes a variants of many cryptographic schemes that were initially designed for modular numbers such as ElGamal encryption and Digital Signature Algorithm.
It is believed that the discrete logarithm problem is much harder when applied to points on an elliptic curve. This prompts switching from numbers modulo p to points on an elliptic curve. Also an equivalent security level can be obtained with shorter keys if we use elliptic curve-based variants.
The shorter keys result in two benefits like Ease of key management,Efficient computation