Public key encryption (also called asymmetric cryptography) is
|“||cryptography based on algorithms that enable the use of one key (a public key) to encrypt a message and a second, different, but mathematically related, key (a private key) to decrypt a message. Asymmetric cryptography can also be used to perform digital signatures and key exchange.||”|
"Public‐key encryption originated through the secret work of British mathematicians at the U.K.'s Government Communications Headquarters (GCHQ), an organization roughly analogous to the NSA, and received broader attention through the independent work by researchers including Whitfield Diffie and Martin Hellman in the United States."
Public key encryption employs algorithms designed so that the key that is used to encrypt the original plaintext message cannot be calculated from the key that is used to decrypt the ciphertext message. These two keys complement each other in such a way that when one key is used for encryption, only the other key can decrypt the ciphertext. The public key is distributed publicly, while the private key is kept secret by the recipient. The most popular public key algorithm is RSA, named for its creators — Rivest, Shamir, and Adleman (or "RSA").
Key-based encryption fails if the plaintext or the key are not kept secret from unauthorized users. Such failures often occur not from a weakness in the technology itself, but rather as a result of poor security policies or practices or malicious insiders.
Public key cryptography can address many of the limitations of secret key cryptography regarding key management. There is no need to establish a secure channel or physical delivery services to distribute keys. However, public key cryptography has its own challenges, involving the methods of ensuring that the links between the users and their public keys are initially valid and are constantly maintained. For example, it is impractical and unrealistic to expect that each user will have previously established relationships with all of the other potential users in order to obtain their public keys. Digital certificates are one solution to this problem.
Furthermore, although a sender can provide confidentiality for a message by encrypting it with the recipient’s publicly available encryption key using public key algorithms for large messages, this is computationally time-consuming and could make the whole process unreasonably slow. Public key cryptography may be supported either in hardware by means of a cryptography co-processor or, as long as it is performed infrequently (i.e., less than once per hour), it can be supported in software.
In a typical public key application, the public key is used by others to encrypt a plaintext message, but only a specific person with the corresponding private key can decrypt the ciphertext. For example, if fictional character Bob gives his public key to fictional character Alice, only Bob has the private key that can decrypt a message that Alice has encrypted with his public key.
Public key algorithms can also be used in an inverse process, whereby the private key is used to encrypt a message and the public key is made freely available. In this process, those who decrypt the message using the corresponding public key can be confident that the message came from a specific person. For example, if Alice decrypts a message that was encrypted with Bob’s private key, she has assurance that the message came from Bob.
A copyright owner could encrypt a work using the public key of the intended recipient. Once the recipient receives the encrypted transmission, he could then use his private key to decrypt that transmission. No secret (private) keys need to be exchanged in this transaction. Without the private key of the intended recipient, the work cannot be read, manipulated or otherwise deciphered by other parties. Of course, if a decrypted copy is made and shared, then others could manipulate the work unless other means are used to protect it.
- Cryptography’s Role in Securing the Information Society, App. B, Glossary, at 353.
- Big Data and Privacy: A Technological Perspective, at 36.
- Most public key cryptographic methods can be used for both encryption and digital signatures. However, certain public key methods — most notably the Digital Signature Algorithm — cannot be used for encryption, but only for digital signatures.
- 128-bit encryption
- Advanced Encryption Standard
- Asymmetric key encryption
- Data encryption key
- Data Encryption Standard
- Encrypted data
- Encrypted key
- Encrypted network
- Encrypted tunnel
- Encryption research
- Encryption technology
- End-to-end encryption
- Private key cryptography
- Public Key Cryptography Standard