Asymmetric cryptography is one of the most powerful techniques in computing and a fundamental part of the security of the Internet and blockchain-type networks. Its use has allowed high levels of security where it is necessary, guaranteeing privacy and even anonymity.
Una of the most powerful cryptographic techniques designed by man is the asymmetric cryptography o public key cryptography. This system consists of using a very complex mathematical formula to create a key pair. This first key is the private key. The private key is for the exclusive use of the creator of the key pair, and is used to encrypt and decrypt messages in a completely secure way.
The second key is the call public key. This is a key that the creator can give to third parties. The public key is created from the private key, but the reverse process is impossible. In this way, the creator of the keys can share this public key with third parties, and thanks to it these people can send you encrypted information that will only be accessible using the creator's private key.
Asymmetric encryption technology was invented by Ralph Merkle, Whitfield diffie y Martin hellman in the year 1976. This scheme of private and public keys guarantees the establishment of completely secure communications, even over insecure channels. Reason why currently this cryptographic system is the most used. A clear example is the public and private structures that allow communication over the internet, where asymmetric cryptography is used to guarantee the privacy of communications.
How does asymmetric cryptography work?
The operation of the public cryptography system comprises of a series of well defined stages. Each and every one of them guarantees that the system works correctly. Here we will explain in enough detail each of them:
Algorithm and encryption curve
First, you have to define which asymmetric encryption algorithm will be used. Each algorithm has unique properties. These properties are related to the elliptic curve that the algorithm uses for its operation. At this point, the elliptical curves considered for asymmetric encryption are numerous. There are at least registered and well studied, 22 curves in total.
Eg Curve25519 de Daniel bernsteins It is widely used in compact and highly efficient encryption algorithms. However, in blockchain cryptocurrency networks such as Bitcoin, the most used curve is the secp256k1. This curve is the standard de facto of the security of cryptocurrencies.
The next step is the generation of the private and public keys. The first to be generated is the private key. For its safe creation, a random number generator very safe and a pool of entropy. These two will ensure that the random number applied to the chosen mathematical formula is truly random. This will guarantee the security of the key from the beginning.
Once the random number generator has given a number, it is applied to the chosen formula. The system begins to solve the formula and from it we obtain a number that will be our private key. Once our private key has been generated, the public key generation cycle begins. This cycle will use the number of the private key to unidirectionally link the private key with the public key. In this way, the public key can generate encrypted content that we can solve with our private key. However, nothing and nobody under any circumstances will be able to reveal our private key using a contrary process.
Once this generation process has finished, we will have our two keys ready for the next step of use.
The third element in the operation of asymmetric cryptography systems is the secure propagation of keys. This seeks to create spaces that guarantee the security of communication channels. Among these methods we have:
Public key infrastructure or PKI. This is an infrastructure in which there is one or more certification authorities. Each entity is related to a level of trust and that level serves to ensure the authenticity of public keys. This scheme is the one used on the Internet to ensure the authenticity of SSL / TLS certificates on web pages.
Establishment of a trust network. This is the simplest and most personal key propagation scheme out there. It establishes that each user has a series of contacts with whom he shares his public key in an open or private way. This propagation scheme is widely used by systems such as PGP for sending private and encrypted emails.
Use of identity-based cryptography. This is a simple propagation system that uses a centralized system that manages our keys. The generated keys are related to the real or virtual identity that we provide to the system.
Use of certificate-based cryptography. In this model, the user has a private and a public key. The public key sends it to a Certificate Authority. This is ensured using identity-based cryptography to generate a certificate that ensures the validity of the data.
Using crypto without certificates. This model is similar to the previous one except that the private key generated by the authority is partial. The final private key depends on the partial private key and a random number calculated by the user. This guarantees a higher level of security.
Sending and receiving messages
Once we have propagated the public keys safely, we can start using the system to send and receive messages safely. This sending and receiving scheme generally works as follows:
Juan generates a message which is encrypted using María's public key, and signed with Juan's private key. This guarantees that the message can only be seen by Mary and she can corroborate that it unequivocally comes from John.
The message travels signed and encrypted by the communication channel. If the effort is intercepted it will be futile because no information can be read from it.
Once the message reaches its recipient, Maria will use her private key to decrypt it. At the same time, you can use Juan's public key to validate that the message has actually been sent by him.
The process is repeated to make the corresponding answer.
As you can see, this communication process effectively solves secure communications on open channels. Corrupting or manipulating a message sent using asymmetric cryptography is not an easy thing. In fact, a well-built asymmetric encryption system would make such a thing virtually impossible. Hence its widespread use on the Internet and on the blockchain. All this in order to offer maximum security to users.
Symmetric vs. Asymmetric Cryptography
Introductory explanation about the difference between symmetric and asymmetric cryptography. (Rebollo Pedruelo Miguel, Polytechnic University of Valencia)
Using asymmetric crypto on the blockchain
Since its inception, blockchain technology has sought ways to provide the greatest possible security. In pursuit of such levels of security, asymmetric crypto has played a huge role. Its use allowed the generation of public keys (addresses) and private that allow to secure, send and receive cryptocurrencies safely.
In fact, blockchain technology has been a perfect tool for testing and developing new cryptographic techniques. Advances that not only have a positive impact on the blockchain ecosystem but on computing in general. Examples of this are, for example, schemes such as Zero Knowledge Tests (ZKP) or Schnorr firms.
How much do you know, cryptonuta?
Is asymmetric cryptography the most widely used cryptographic method today?
The potential for use and its flexibility have made asymmetric cryptography the most widely used cryptographic method today. From communication and messaging systems, decentralized permission infrastructures to the certification and security of Internet sites, all this is possible thanks to asymmetric cryptography.
Advantages and Disadvantages of Asymmetric Cryptography
This system offers a high security rate, since the encryption scheme is highly complex. Cryptanalysis of these systems is complicated and brute force attacks to break it are inefficient and impractical.
It allows to secure open and public communication channels thanks to the private and public key scheme. This allows sender and receiver to share information securely.
The system also allows the authentication of the encrypted information thanks to a digital signing process.
It offers a high level of confidentiality, integrity and guarantees non-repudiation of information.
Compared to symmetric encryption system it is computationally more expensive.
The encryption system is susceptible to elements beyond the programming of the encryption system. For example, a faulty random number generator would completely compromise the encryption system.
The complexity of the algorithms results in difficulties in analyzing their operation and security. This makes detecting faults or bugs more complex and difficult in these systems.
Some trust propagation schemes are centralized. This is a major point of failure that can result in certificate tampering if the structure is compromised.