A Complete Introduction on Asymmetric Cryptography

Abstract:

Currently, the significance of digital information security has escalated significantly due to the proliferation of hackers, viruses, and data breaches. Cryptography serves as the means through which data or information is concealed or encoded, ensuring that only authorized entities can decipher it. The original message or information prior to encryption is known as plaintext, while following encryption, it transforms into cipher text, typically represented by a sequence of numbers, letters, or symbols [1]. Within the realm of cryptography, three primary branches exist: symmetric cryptography, asymmetric cryptography, and hash functions. This research paper aims to delve into the fundamental concepts of asymmetric cryptography, exploring its applications and the crucial algorithms employed for both encryption and decryption [1]. My final conclusion on asymmetric cryptography is that it serves as an essential cornerstone of modern information security by mitigating cryptosystem threats and safeguarding digital assets.

?

Keywords: Cryptography, Asymmetric algorithms, Public key, Private key, Ciphers, Digital signatures

Introduction:

Asymmetric cryptography, also referred to as public-key cryptography, is a form of encryption technique that employs two distinct keys for encryption and decryption processes.

1. Public Key: This key can be openly shared with anyone and is accessible to all.

2. Private Key: Only the owner possesses knowledge of this key.

Unlike symmetric algorithms, asymmetric cryptography does not necessitate a shared key between the sender and receiver. Consequently, it offers distinct advantages, as the encryption and decryption keys cannot be derived from each other. When data or information is encrypted using the public key, only the individual possessing the corresponding private key can decrypt it [2]. This mutual key pairing ensures the integrity and security of data exchanges between the involved parties [2]. The primary goals of asymmetric cryptography encompass digital signatures, verifying the authenticity of website servers, managing access, and overseeing key distribution.

Literature Review:

The term "Cryptography" originates from the Greek word "krypto's," signifying "Hidden Secrets" [3]. The origins of cryptography trace back to as early as 700 BC in Ancient Greece, with ciphering techniques also employed in Ancient Rome [4]. However, a significant milestone occurred in 1467, marking a pivotal shift in encryption methods to those predominantly used today [4]. Another significant development in the history of cryptography occurred in 1795, followed by another during the Second World War. The end of this historical journey was marked by the discovery of the first encryption algorithm in 1979 by the National Agency of Standards [4]. Modern cryptography involves encoding or concealing data to ensure that only authorized individuals can access and respond to it. This ensures confidentiality, integrity, and accuracy, collectively referred to as the CIA Triad [3]. As a subset of cryptography, asymmetric cryptography deals with a specific facet of data and information security. It can be concluded that cryptography has a lengthy past marked by notable achievements dating back to ancient civilizations, with each milestone introducing a new phase in the field, enhancing data security with every advancement.

Advantages of Asymmetric Encryption:

1.????? Authentication – The public key confirms the senders identity [2]

2.????? Key Exchange – Facilitates secure sharing of keys during communication [2]

3.????? Security – The private key will remain a secret even if the public key is disclosed [2] ?

Disadvantages of Asymmetric Encryption:

1.????? Speed - Due to the complexity of asymmetric encryption, it is slow (not the best for encrypting servers, databases and hard drives etc.) [5]

2.????? Not feasible when implementing end-to-end encryption (like PGP) for message sharing [5]

Common Algorithms in Asymmetric Cryptography:

1.????? Rivest Shamir Adleman (RSA) Algorithm

Developed by Ron Rivest, Adi Shamir, and Leonard Adleman in 1978, RSA stands out as an outstanding encryption system widely employed for secure communication, key exchange, digital signatures, and more [6]. RSA utilizes both public and private keys, which are interconnected mathematically [7]. While the RSA algorithm offers a higher level of security, its encryption speed is relatively slow, making data vulnerable to attacks [1]. The diagram below illustrates the primary stages of RSA, encompassing key generation, encryption of plaintext into cipher text, and decryption to retrieve the original message [1].

2. Diffie – Hellman

Introduced in1976 by Diffie-Hellman, this algorithm this algorithm enables the establishment of a shared secret between two parties through a secure physical channel [1]. Each party possesses a unique key pair, distributing the public key while keeping the secret key exclusive [1]. The complexity of the algorithm prevents transmission of the secret over the channel [1]. However, drawbacks include high expenses and vulnerability to attacks such as man-in-the-middle attacks due to the absence of authentication, rendering it unsuitable for many encryption techniques [8].

?

3. Elliptic Curve Cryptography (ECC)

Elliptic Curve Cryptography was developed as an alternative approach to implementing public key cryptography [9]. It employs diverse keys for encryption and decryption and was first introduced in 1985 by Neil Koblitz and Victor Miller [1]. An elliptic curve constitutes a plane curve over a finite field comprising points that satisfy the equation y^2 = x^3 + ax + b [7]. The main benefit of employing ECC lies in its utilization of small key lengths, facilitating swift encryption and minimal energy consumption [1]. However, disadvantages include high cost, and being vulnerability to errors due to its complex nature.

Applications:

Since the beginning of asymmetric cryptography, numerous novel designs have emerged to address the shortcomings of earlier methods. Presently, asymmetric cryptography finds application in various fields such as:

1.????? Digital Signatures

Digital signatures serve as electronic counterparts to handwritten signatures, binding individuals or entities to digital data. A user's public data is termed as the public key, while their confidential information is known as the private key [10]. Unauthorized access to the owner's private key prevents forgery of the user's signature [10]. The significance of digital signatures lies in ensuring the integrity, non-repudiation, and authenticity of digitally signed data. A signature scheme comprises three essential algorithms: key generation, signing, and verification [10].

2. Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI) emerged in the 1990s as a dependable framework aimed at addressing issues surrounding authentication, trust, identity, and security within networks [11]. Based on public key cryptography, PKI encompasses a suite of technologies, software, hardware, and protocols working collaboratively to oversee the creation, utilization, storage, distribution, and nullification of digital certificates and public-private key pairs. Widely adopted within governmental systems and online portals [11], PKI certificates serve to validate the possession of a private key and ensure the ongoing authenticity of that association, thereby upholding security measures.

?3. TLS/ SSL

Web applications that employ SSL/ TLS (Secure Socket Layer/ Transport Layer Security) utilize authentication based on public key certificates to secure the HTTPS communication [2] by establishing connections between browsers and websites. A significant number of E-commerce applications including banking, shopping and gaming depend on the robust security provided by the SSL/ TSL protocol [12].

?

4. Secure E-mail Transmission

In modern times, email communication is extensively utilized, and ensuring the confidentiality of exchanges between senders and recipients over the internet is important. Various software tools are employed by attackers to access sensitive information such as system passwords, private documents, or confidential data [13]. To prevent this threat, digital certificates come into play, enabling emails to be encrypted using a public key and decrypted using a private key. This ensures that messages are securely transmitted and received by the intended parties, with the digital signature serving to verify authenticity [13].

?5. Block chain Transactions

Block chain is a framework wherein a shared database retains information in blocks, interconnected in the form of a chain. These blocks are linked through cryptographic methods, highlighting the fundamental role of digital encryption [14]. Due to the comprehensive storage of user transaction data, high security measures are required for optimal performance, safeguarding user privacy and upholding data consistency [14]. Additionally, cryptographic techniques play a vital role in verifying identity to authorize cryptocurrency transactions.

Cryptosystem Attacks:

Cryptosystem attacks can be divided as active and passive two based on what the attacker did.

1.????? Passive Attacks

The main goal of a passive attack is to illegally obtain access to data without altering or impacting the system's resources. Detecting passive attacks is difficult because they don't introduce new data. A passive attack endeavors to either access data or search for vulnerabilities and exposed ports within a network [7]. Examples of passive attacks include monitoring, intercepting, or eavesdropping on data transmissions, as well as releasing messages.

?

2.????? Active Attacks

?An active attack involves the attacker directly engaging with the network or system by modifying, damaging, or interrupting its resources and functions. Active attacks pose greater danger compared to passive attacks as they inflict harm on the victims [7]. Examples of active attacks that can target the cryptosystem include [7]:

i.??????????????????? Denial Of Service (DOS)

ii.????????????????? Man-In-Middle (MIM)

iii.??????????????? Brute-Force Attacks (BFA)

iv.??????????????? Insider Threats

v.????????????????? Session Hijacking

vi.??????????????? Phishing Attacks

vii.????????????? Ciphertext-Only Attacks

viii.??????????? Dictionary Attack

ix.??????????????? Chosen Plaintext Attack (CPA)

x.????????????????? Known Plaintext Attack (KPA)

xi.??????????????? Trojan Horse Attacks

xii.????????????? Replay Attack

xiii.??????????? Side Channel Attack (SCA)

xiv.??????????? Fault Analysis Attack (FAA)

xv.????????????? Power Analysis Attack (PAA)

xvi.??????????? Timing Attacks

Future Works:

Addressing the challenge of transferring large public keys over the Internet swiftly, despite their size and the necessity for rapid encryption processes on contemporary hardware like a typical high-end laptop, is paramount.

?

Conclusion:

Following extensive research and consultations on different articles, my final conclusion on asymmetric cryptography underscores its crucial role in modern information security. Asymmetric cryptography, with its foundation in the utilization of public and private key pairs, provides robust solutions for authentication, secure communication, and digital signatures. Despite its advantages, such as enhanced security and key exchange mechanisms, challenges are present.

The exploration of asymmetric cryptography's common algorithms, including RSA, Diffie-Hellman, and Elliptic Curve Cryptography, showcases the evolution and diversification of cryptographic techniques to meet rising security demands. These algorithms, despite their varying strengths and weaknesses, collectively contribute to the protection of digital ecosystems against unauthorized access and data breaches.

Furthermore, the applications of asymmetric cryptography across diverse domains such as digital signatures, Public Key Infrastructure (PKI), secure email transmission, TLS/SSL, and blockchain transactions underscore its versatility and adaptability to address multifaceted security requirements.

In essence, while asymmetric cryptography serves as a cornerstone of modern cybersecurity, its effectiveness relies upon on continuous research, development, and collaboration within the cybersecurity community to stay ahead of evolving threats and safeguard the integrity, confidentiality, and availability of digital information.

References

[1]

M. A. Al-Shabi, "A Survey on Symmetric ad Asymmetric Cryptography Algorithms in information Security," International Journal of Scientific and Research Publications , vol. 9, no. 3, p. 15, 2019.

[2]

G. Singh, "Asymmetric Encryption," Vancouver, British Columbia, Canada, 2024.

[3]

M. Matela, "Asymmetric Cryptography (AsymmCrypto)," The International Journal of Multi-Disciplinary Research, p. 32, 2017.

[4]

K. Sourmelis, "A study in Cryptography".

[5]

"Asymmetric Encryption: Benefits, Drawbacks & Use Cases," 1KOSMOS, [Online]. Available: https://www.1kosmos.com/digital-identity-101/encryption/asymmetric-encryption/. [Accessed 3 April 2024].

[6]

H. P. Salunkhe, "Applications of Number Theory in Asymmetric Cryptography," Journal of Shivaji University: Science and Technology, vol. 43, no. 2, p. 14, 23.

[7]

D. N. H. A. K. F. Rusul Mansoor Al-Amri, "Theoritical Background of Cryptography," Mesopotamian journal of Cybersecurity, vol. 2023, p. 9, 2023.

[8]

"2010 2nd International Conference on Computer Engineering and Technology," in IEEE, Chengdu, China, 2010.

[9]

N. G. a. P. Yadav, "Comparison of Asymmetric," International Journal of Computer Science and Mobile Computing, vol. 3, no. 4, p. 7, 2014.

[10]

D. Pointcheval, "Asymmetric cryptography," JOURNAL OF TELECOMMUNICATIONS AND INFORMATION TECHNOLOGY, p. 16.

[11]

M. Y. V. A. P. M.O. Bodnia, "The main features if public key infrastructure," 2023. [Online]. [Accessed 3 April 2024].

[12]

N. S. Manik Lal Das, "On the Security of SSL/TLS enabled applications," Applied Computing and Informatics, vol. 10, no. 1-2, pp. 68-81, 2014.

[13]

C. C. W. I. R. N. A. A. N. H. A. R. Mohamad Azhar Abdul Halim, "Email authentication using symmetric and asymmetric key," in AIP Conference Proceedings, 2017.

[14]

S. Zhai, "Research on the Application of Cryptography on," Journal of Physics: Conference, p. 9, 2018.