## Math 5410 Public Key Cryptosystems

Major problems with conventional cryptosystems are:
1. Key distribution
2. Authentication

Diffie and Hellman (1976) introduced the idea of a public key cryptosystem.

The system is based on each participant having a public encryption algorithm (or a common algorithm and a public key) EU and a private decryption algorithm (or a common algorithm with a private key) DU. These algorithms are inverses in the sense that:

PK1: DU(EU(m)) = m for every message m and user U.

The EU are made public and are available to everyone. For A to send a message m to B, A looks up EB and sends c = EB(m). Upon recieving the message, B applies the secret DB(c) = m. Since B is the only one who has DB, B is the only one who can read this message.

In order to make this work, for practical reasons we require:

PK2: The algorithms do not need much computing time nor memory storage.

And for security,

PK3: It is practically impossible to find an algorithm D* from knowledge of EU so that D*(EU(m)) = m for all possible m.

Notice that PK3 requires the system to withstand a choosen text cryptographic attack.

Diffie & Hellman suggested the use of trapdoor one-way functions for the encryption algorithm.

A one-way function is a function f that is easy to evaluate, but whose inverse f-1 is difficult to compute. A trapdoor one-way function is a one-way function whose inverse is easy to compute given certain additional information.

D&H seemed to have some difficulty coming up with examples, but a few years later a number of systems were suggested. RSA, Knapsack, etc.

A one-way function can be used for storage of password authorization in a computer.

### Authentication - Computer Signatures

To design a signature protocol one would need:

PK4: EU(DU(m)) = m for all messages m and users U.

In order to prevent counterfeiting, we require:

PK5: It is practically impossible to find an algorithm D* from knowledge of EU so that EU(D*(m)) = m for all possible m.

If A wants to sign a message m being sent to B, then A sends DA(m) = c and B looks up the public encryption key for A and applies it to get EA(c) = m. As DA is secret, only A could have sent this message ... but anyone can read it.

To send a signed crypted message, A sends EB(DA(m)). Only B can now read the message.