Security using encryption – Evolution of Private and Public cryptography

The Public and Private key pair are uniquely related. Such keys are basically long random numbers.

 The Public Key is what its name suggests - Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key is confidential to its owner.

 Let us look at evolution of cryptography

Scenario 1:

The initial solution to send messages securely between two parties (say a browser (A) and a server (B)) was to encrypt the message and send, so that it can be decrypted again by the receiver.

In order to do this, both A and B had to agree on an encryption mechanism. For example one of the simplest and most common is the substitution cipher (Eg: A is substituted with B, B with C, C with D….). As long as B knows this, he can decrypt the message and read it.

Scenario 2:

But how do A and B first agree on the encryption key, without others finding out about it? - this remained a challenge. So was introduced the concept of private/secure key paired with the public key.

Let us say A and B want to exchange message m securely as an encrypted message m’

Nomenclature:

• Pa = Public Key of A
• Pb = Public key of B
• S = Secret Key / Private Key 

A encrypts message using B’s public key

1.      A Pb(m) = m’

So only B can decrypt this message using his secure key.

2.      B S(m’) = m

Scenario 3:

Do you realize an underlying problem with the above methodology? Since B’s public key is public, anyone can use that key to send a message to B. So that will give imposter C and opportunity to pose as A and send a secured message to B. There is no way for B to validate whom the message came from.

To solve this, an additional layer was introduced as below:

A encrypts m using B’s public key to get m’. A then uses his own secure key to get m’’.

Encrypt

1.      A Pb(m) = m’

2.      A S(m’) = m’’

B first uses A’s public key to decode m’’ to get m’. B then uses his secure key on m’ to get the original message m.

Decrypt

3.      B Pa(m’’) = m’

4.      B S(m’) = m

This will ensure that both parties can trust the source of information and also securely exchange the information.

For example, if imposter C had pretended to be A and sent the message, then step 3 above will fail, since B will be trying to decrypt m’’ using A’s public key and it will not work as it is different from C’s public key.