Public-key cryptosystems
In a public-key cryptosystem, each participant has both a
public key
and a
secret
key
. Each key is a piece of information. For example, in the RSA cryptosystem,
each key consists of a pair of integers. The participants “Alice” and “Bob” are
traditionally used in cryptography examples; we denote their public and secret
keys as
P
A
,
S
A
for Alice and
P
B
,
S
B
for Bob.
Each participant creates his or her own public and secret keys. Secret keys are
kept secret, but public keys can be revealed to anyone or even published. In fact,
it is often convenient to assume that everyone’s public key is available in a pub-
lic directory, so that any participant can easily obtain the public key of any other
participant.
The public and secret keys specify functions that can be applied to any message.
Let
D
denote the set of permissible messages. For example,
D
might be the set of
all finite-length bit sequences. In the simplest, and original, formulation of public-
key cryptography, we require that the public and secret keys specify one-to-one
functions from
D
to itself. We denote the function corresponding to Alice’s public
key
P
A
by
P
A
./
and the function corresponding to her secret key
S
A
by
S
A
./
. The
functions
P
A
./
and
S
A
./
are thus permutations of
D
. We assume that the functions
P
A
./
and
S
A
./
are efficiently computable given the corresponding key
P
A
or
S
A
.
The public and secret keys for any participant are a “matched pair” in that they
specify functions that are inverses of each other. That is,
M
D
S
A
.P
A
.M // ;
(31.35)
M
D
P
A
.S
A
.M //
(31.36)
for any message
M
2
D
. Transforming
M
with the two keys
P
A
and
S
A
succes-
sively, in either order, yields the message
M
back.
In a public-key cryptosystem, we require that no one but Alice be able to com-
pute the function
S
A
./
in any practical amount of time. This assumption is crucial
to keeping encrypted mail sent to Alice private and to knowing that Alice’s digi-
tal signatures are authentic. Alice must keep
S
A
secret; if she does not, she loses
her uniqueness and the cryptosystem cannot provide her with unique capabilities.
The assumption that only Alice can compute
S
A
./
must hold even though everyone
960
Chapter 31
Number-Theoretic Algorithms
decrypt
communication channel
encrypt
Bob
Alice
eavesdropper
M
M
P
A
S
A
C
C
D
P
A
.M /
Do'stlaringiz bilan baham: |