Public Key vs Private Key | Asymmetric vs Symmetric Encryption
When transmitting data over the Internet as plain text, it’s easy for someone to use some kind of packet sniffer like WireShark to capture the packets. A malicious person, could listen in on the conversation you had with your girlfriend or worse yet, steals passwords and credit card information. Fortunately, some very smart people came up with a way to encode information for transit and to validate someone’s identity. The process by which convert ordinary plain text into unintelligible text and vice-versa is known as cryptography.
The most basic form of encryption is called the Caesar Cypher.
In essence, both parties have a symmetric key which specifies what characters map to what symbol of the encrypted text. Those who don’t possess the key cannot read the message. For example, in the preceding image, the character ‘A’ would be encoded as a ‘t’ in our encrypted message. The individual on the receiving end could then use the same Caesar Cypther to decode the message.
In the realm of computing, the problem with symmetric encryption algorithms is that another party could be listening when you go to give the other party the key. Therefore, they came up with asymmetrical encryption. Asymmetrical encryption works by generating a public and private key pair. The public key can only be used to encrypt messages whereas the private key can only be used to decrypt messages.
For example, when you do your online banking, you give the bank your public key which can then be used to encrypt the data sent back to you. If a bad guy gets their hands on the public key, they can’t do any real harm since they only have the ability to encrypt data.
A common example of asymmetrical encryption is RSA. The key pair is generated in such a way as to give the same value when raising the data to the power of the public key or private key and then taking the modulo of the result.
Before we continue, it’s important that you understand what it means for modulo to be a one-way function. Suppose we had the following equation:
Now, say you were given the number 8 and asked to get back to 2³. Could you do it? As it turns out, it’s relatively easy to figure out all the factors from a given number.
As a quick reminder, module is synonymous with remainder. For example:
11 / 4 = 2 [remainder = 3]
If you were asked to work backwards much like the preceding example, could you do it?
It might have been possible in the preceding example but when the numerator is very large as it is in the case of RSA (i.e. 1028, 2024 or 4096 bits long), there are a lot and I mean A LOT of combinations that could give a remainder of 3.
The RSA algorithm encrypts messages by raising the message to the power of the public key and then taking the modulo of the result. To decrypt the message, you raise it to the power of the private key and then take the modulo of the result.
Given this property, hackers would have no choice but to use brute force to determine the private key from the encrypted message and public key. Given that the keys are 1028, 2024 or 4096 bits long, it would take traditional computers centuries to go through all the possible values.
One of the most famous potential uses for quantum computers is breaking up large integers into their prime factors. Eventually, a large enough quantum computer could break this type of encryption, factoring numbers that would take millions of years for a classical computer to crack. Theoretically, if a malicious person gets their hands on a powerful quantum computer, they could cause havoc.
SSL Certificates
The moment you visit https://www.amazon.com, you automatically get the public key sent to your client. The problem lies in the fact that you have no real way of guaranteeing that the public key was actually sent from the people over at amazon and not some malicious person spoofing their address.
Therefore, in addition to sending you the public key, they will encrypt the webpage with their private key and then they’ll send you a hash of the encrypted webpage. The latter is known as a digital signature. Upon receiving the digital signature, you can use the public key to encrypt the webpage, take the hash and compare it with the one that was sent to you. If they’re identical, you know for a fact that whoever sent you that webpage possesses the private key.
Unfortunately, we still need a way to prove that the private key is indeed held by amazon and not some stranger. As a result, we make use of digital certificates provided by certificate authorities. A digital certificate contains the public key, the digital signature and the a statement from the certificate authority validating the identity of the organization or individual the certificate was issued to.