1 Management a key sequence
Any cryptographic system is based on the use of the cryptographic keys. In symmetric cryptosystem a sender and recipient of message utillize the same secret key. This key must be unknown all of other and must periodically brush up simultaneously for a sender and recipient. The process of distributing (deliveries) of the secret keys between the participants of informative exchange in symmetric cryptosystem has difficult character.
Asymmetric cryptosystem supposes the use of two keys - opened and personal (secret). The opened key can be know for anyone, and personal it is necessary to keep in secret. At an exchange by messages, it is necessary to send the only opened key. An important requirement is providing of authenticity of sender of mesage. It is arrived at by mutual authentification of participants of informative exchange.
Under key information understand the aggregate of all of the operating in the system keys. If a reliable management of key information is not ensured, then an user violator, when he took possession of it, he gets unlimited access to all of information.
A management the keys is an informative process, including realization of the followings basic functions, such as:
generation of the keys;
storage of the keys;
distributing of the keys.
1 Passing of secret messages by asymmetric cryptosystems
Symmetric cryptosystems, in spite of great number of advantages, possess one serious failing which is related to the situation, when intercourse between itself is made by the not limited number of people, but hundreds and thousands of persons. In this case for every pair of users, writing to each other between itself, it is necessary to create the secret symmetric key. In the total results it leads to existence in the system N2/2 keys from N of users.
In addition, at violation of confidentiality of some work station a disturber (user violator) gets access to all of the keys of this user and can send messages from his name to all his subscribers.
For the decision of this problem on the base of results, got classic and modern algebra cryptosystems with the public key were offered.
In 1976 in-process “New Directions in Cryptography” Diffi and Khellman offered the principle new method of organization of secret connection without a preliminary exchange by the keys, so-called cipherement with the public key. Thus for encryption and decryption the different keys are utillized, and knowledge one of them does not give practical possibility to define the second. As a result the key of encryption can be opened without the loss of cipher firmness, and only the key of decryption must stick to a recipient in secret, therefore cryptosystem with the opened key are naming asymmetric (asymmetrical) cryptosystems.
On a figure 1 the structural chart of public key cryptosystem is resulted
Figure 1 – Structural chart of public key cryptosystem
Asymmetrical cryptosystems suppose the presence of two keys: opened, intended for encryption of transferrable message, and closed, by which a recipient decrypts the accepted cryptogram.
The unsecret key can be passed on the opened channel. It’s knowledge does not give the user violator of possibility to get access to information, to contained in a message.
The generator of key pair gives out the pair of the keys (К1, К2) depending on initial conditions (IC), known only to the recipient of message. The opened key К1 is passed to the sender on an unprotected communication channel. A sender encrypts message M, utillizing the key К1. Ciphertext C passed to the recipient on an unprotected communication channel.
A recipient decrypts a cryptogram (restoring an initial message), utillizing the secret key К2.
An unauthorized person (UP) has an access to the unprotected channels and can intercept a cryptogram C and the opened key К1. Moreover, it can own the algorithm of encipherement, because the algorithm of encipherement is published and accessible to any, who wants to send message to the addressee. Unique, what is not owned by a user violator - by the key of K2. And only a subscriber, owning the closed key, getting a message, makes with it transformation by key К2 known only to him and restores the text of message.
It is necessary to mark that if a message needs to be sent to opposite direction, already it is needed it will be to utillize other pair of the keys.
As we see, at first, in the asymmetric systems the amount of the existent keys is related to the amount of subscribers linearly (in the system from N of users utillized 2N keys), but not quadratically, as in the symmetric systems. Secondly, at violation of confidentiality of the work station k a user violator will know the key Кk only: it will allow him to read all of messages, which comings to subscriber ko, but does not allow to set up for him at the dispatch of letters.
In practice algorithms with the opened key do not replace symmetric algorithms. As a rule, they are utillized for the followings aims:
1. As an independent mean of protection of data, which are passed or saved.
2. For the encipherement of the keys or some other «auxiliary» informative blocks of relatively small length. It is caused the followings circumstances:
a) The productivity of algorithms with the opened key (speed of encipherement)
approximately in 1 thousand of one times yields to the productivity of symmetric algorithms, that places them at a disadvantage at the use for the encipherement of large volumes of information.
b) Cryptosystems with the opened key is vulnerable to the attacks on the basis of neat plaintext, especially when the number of variants of block of plaintext is limited and sorting of these variants are possible.
Therefore, most advantageous is protocol of secret connection with the use of hybrid cryptosystem, in which an asymmetric algorithm is utillized for secreting and distributing of the keys of connection, and an algorithm with the secret key of connection is utillized for the protection of data. In addition such protocol is assumed by elimination of the secret session key right after completion of session. It substantially reduces the danger of his compromising.
1. As a mean of authentification of users.
Most known systems with the opened key:
- knapsack cryptosystem of Merkle-Khellman;
- RSA cryptosystem;
- ElGamal Cryptosystem;
- Diffi-Khellman Cryptosystem;
- Cryptosystem, based on properties of elliptic curves (Elliptic Curve Cryptosystem);
- electronic-digital signature.