# Security Now 34

Steve and Leo discuss asymmetric key cryptography also known as Public Key Cryptography first looking at the Diffie-Hellman Key Exchange and then moving onto the operation of general purpose public key cryptology.

## Diffie-Hellman Key Exchange

• This uses simple exponentiation E.g. a^b which is easy to do
• But getting an exact logarithm in a finite field is incredibly difficult

To use it:

• Raise one number to a power and keep lower digits of the result
• This means you cant divide backwards and do exact logarithm

Also the process is cumulative E.g. :
2^3 = 8
8^2 = 64

2^2 = 4
4^3 = 64

Also
2^6 = 64

To do:

• Agree on base number (a)
• Choose a big random number (b) (b1)

Person 1

• a^b = c

Person 2

• a^b1 = c1

Person 1

• c1^b = d

Person 2

• c^b1 = d
• So due to it being cumulative both people get the same result (d)
• Can make (a) public
• Keep (b) and (b1) private
• No one can work out b and b1 in a reasonable amount of time

## Asymmetric Cryptology / Public Key Cryptography

• A cryptographic process where you have separate keys for encrypting and decrypting
• Generate a pair of keys (A and B)
• Encrypt with (A) can only decrypt with (B)
• Encrypt with (B) can only decrypt with (A)
• Must keep one of the keys private
• Can not determine A from B, or B from A

To encrypt a message

• Get the persons public key
• Encrypt with it

To decrypt

• Only the person with the matching private key can decrypt
• If message is altered in transit it wont decrypt properly.
• Can only be decrypted with your private key if it was encrypted with your public key.

To verify the sender:

• Encrypt the message with your private key
• Encrypt the result with the persons public key

Send it to other person they:

• Decrypt it with there private key
• Decrypt the result with your public key
• Will only decrypt the message properly if the person sending it is who they say they are

Limitations:

• Requires long keys to get same level of security as symmetric encryption (1024 Bits)
• 1000x slower than symmetric encryption

To work around this:

• Asymmetric encryption is used to encrypt symmetric keys. E.g.
• Message encrypted first with symmetric cipher
• Key for symmetric cipher encrypted with public asymmetric cipher key
• Sent to other person
• They decrypt the symmetric key using there asymmetric private key
• Use the key to decrypt the message.

Attacks

• If you know what someone's public key is
• Get there message they encrypted with there private key
• Encrypt all possible plain texts with there public key and look for a collision
• Tells you what plain text was

To defeat this