Web hosting bandwidth - 546Part IIIAdvanced Features and TechniquesWe shall call Alice s
546Part IIIAdvanced Features and TechniquesWe shall call Alice s keys Paliceand Salice,respectively and, likewise, Bob s keys Pboband Sbob. They publish their public keys in the newspaper but hide their secret keys under their mattresses. Alice has a sensitive message Mfor Bob. With her keys, Alice received a set of instructions fortranslating a message with a key. We write the translation like this: Pbob(M).She translates hermessage with Bob s public key and hands the result to a shady-looking character on a pony. Our friends keys were not chosen arbitrarily. They have the special property that if theytranslate a message with one key, then translate the result with the other, they get the originalmessage back. That is, Salice(Palice(M)) = Palice(Salice(M)) = M.There s no other way to resurrectthe original message. In this case, Bob translates the message he receives, which he knows tobe Pbob(M)with his secret key. Sbob(Pbob(M)) = M,so he can read Alice s original message. Bob knows that nobody else could have read that message, because nobody else has hissecret key. But he does not know that it came from Alice: Anyone who reads the newspapermay have sent that message, signing the name Aliceat the bottom. Now Alice wants to send another message to Bob, and this time she wants no doubt that itwas from her. First, she translates the message with her secret key and writes the result afterher message as a signature:M + Salice(M).She sends this off to Bob, who reads Alice s message, which instructs him to translate the signature with her public key: Palice(Salice(M)) = M,and hesees her message again. Because nobody else has Alice s secret key, she is the only one who could have created thissignature, so this message must have come from her. But note that this time Alice sent hermessage Mto Bob directly. Any rogue could have waylaid the Pony Express and read it. If shehad so desired, she could have first signed the message, then encrypted the message and thesignature using the first method, resulting in a signed, encrypted message. There is a hitch in this scheme. Without meeting Alice, Bob can t be sure that the public key he found in the newspaper is really Alice s key. What if someone else had his or her keyprinted under her name? This could become a real problem if Bob communicates with lots of people he simply doesn t have the time to check keys with each of them face-to-face. Assume that there is at least one person everyone trusts; call him Tom. Tom picks a set ofkeys and offers to sign documents with his secret key, if the owner of the document showsproof of his or her identity. Alice has her public key signed by Tom, and then publishes thesigned key, called a certificate,in the newspaper. Bob checks the signature on the key he seesin the newspaper, using Tom s public key. He knows that Tom signed that message, and Tommust have checked Alice s identification, so the key in the newspaper must really belong toAlice. Single-key encryptionIn single-key encryption, the same key can encrypt and decrypt a message. In general, it runsmuch more quickly than other forms of encryption, but it is more difficult to use for commu- nication because the key must somehow be transmitted from one end to the other without anyeavesdroppers picking it up. This is precisely where public-key encryption can lend a hand. Returning briefly to our characterization, imagine Alice and Bob want to have a private con- versation using single-key encryption. Alice asks Bob for his certificate, which contains hispublic key. She then picks a new single key and encrypts that key with Bob s public key, send- ing the result to Bob. Using his secret key, he decrypts the message to reveal Alice s singlekey and then uses it to begin a single-key encryption conversation.