key would require additional information. Note, however, that it should be computation-
ally easy to encrypt or decrypt messages when the relevant key is known.
The public key defines the encryption transformation while the private key defines the
decryption transformation. More precisely, either of the two related keys can be used for
encryption while the other key is used for decryption, although we ignore this for ease of
explanation. This approach is also called asymmetric because the encryption of messages
uses a different key than that required for the decryption of messages. Thus, other entities
can encrypt messages destined to a node using the public key of a node. Only the node can
then decrypt such a message using its private key. In those cases, those who encrypt
messages cannot decrypt the messages.
We have seen earlier that symmetric encryption schemes need a secure channel to
transfer the key used for encryption. Public key encryption on the other hand does not
require such a secure channel but has a weaker requirement on the channel. It only requires
an authenticated channel. This is to ensure the genuineness of the public key of the other
party. Information sent over this authenticated channel does not need to be confidential.
The asymmetric key schemes can achieve attributes such as nonrepudiation, confiden-
tiality, integrity, and authentication. However asymmetric encryption is substantially
slower than symmetric key encryption given the same amount of computational resources.
Due to this, generally public key encryption schemes are only used to encrypt small
amounts of data such as the keys used for symmetric encryption. Thus, we can see that
asymmetric key cryptography complements
Asymmetric key cryptography provides the ability to ensure nonrepudiation in addition
to authentication. This is done using the concept called as digital signature which is
intended to provide the digital counterpart to a handwritten signature. In this case, an
entity can transform a message using its private key. This serves as a signature of the
entity on the message. Any other entity can then verify the transformation on the
signed message using the public key of the signer. This is the concept of digital signature.
It is so called since only the entity is expected to have access to its private key. Thus, in this
case the private key is used to create signatures while the public key is used to verify
signatures. Note that a digital signature must have several features, such as it must
depend on the message signed, it must use information unique to sender in order to
prevent both forgery and denial, it must be relatively easy to produce, recognize and
verify, it must be computationally infeasible to forge (either with a new message for an
existing digital signature or with a fraudulent digital signature for a given message),
and it must be practical to store.
We show the operation of an asymmetric key system in Figure 2.3, where we illustrate
these concepts. In this case, we assume that Alice desires to transfer a message authenti-
cally and confidentially to Bob. The authenticity of the message gives a guarantee to Bob
that the message has indeed originated at Alice. In addition, the confidential communi-
cation ensures that an adversary will not be able to eavesdrop on the communication
between Alice and Bob. To achieve this, both Alice and Bob will have to have a
public-private key pair each. In addition, they will also have to obtain the genuine
public key of the other. Note that the key sizes used in the asymmetric key algorithms
are typically very large (
We assume that Alice is the source of the message. The plaintext message is first
transformed using the private key KR a of Alice. By doing this Alice is digitally signing
the message, thereby verifying that she is the source of the message. Next, in order to