Talk:Public-key cryptography

Example?

Given that all of this is difficult by intention, is it at all possible to give worked examples? Maybe by using a quite trivial pair of keys and a trivial trapdoor program? Old_Wombat (talk) 10:12, 5 March 2011 (UTC)

da Vinci de first!?

If it is correct that,

"... Leonardo da Vinci who had invented one of the first rudimentary forms of public key encryption centuries ago ...",

D. Brown (2003), "The Da Vinci Code", Doubleday pp. 199. ISBN 0-385-50420-9.

then, this article must cite da Vinci! —Preceding unsigned comment added by 187.56.21.46 (talk) 11:53, 10 March 2011 (UTC)

Just saw the same claim in the novel, and looked it up online, and unsurprisingly, it appears not to be true:

http://boards.straightdope.com/sdmb/showthread.php?t=272184

Let's just look at the whole sentence:

"Sophie's university instructors, while presenting computer encryption methods for securing data, praised modern cryptologists like Zimmermann and Schneier but failed to mention that it was Leonardo who had invented one of the first rudimentary forms of public key encryption centuries ago."

Doh, Schneier and Zimmermann did not invent public key cryptography. Diffie, Hellman, Merkle and Cocks come to my mind. Brown's book is fiction. Hence there is no reason to expect a lot of research and no reason to expect correct statements. 81.62.140.83 (talk) 07:23, 27 September 2011 (UTC)

Electronwill (talk) 06:07, 27 September 2011 (UTC)

Inappropriate External Link

Surely given all that is said in this article., the link to

 http://gpg4win.org/documentation.html

is inappropriate. Far more suitable external links readily come to mind.

Please consider an edit to remove that link. G. Robert Shiplett 15:13, 15 June 2011 (UTC)

Actual Algorithms doesn't have any.

There is a section titled Actual Algorithms - Two Linked Keys, but when going to that section there's yet another description of encryption by means of analogies, and certain nothing resembling an Actual Algorithm. Silas Maxfield (talk) 09:26, 2 February 2012 (UTC)

Proposal for New Parent Article (Asymmetric Encryption) and Subsequent Merger of this Article (Public-key cryptography) into New Parent Article

Ok, as far as I understand it (I'm currently behind a whitelist and unable to access verification but I can do this later today), Public-key cryptography is NOT the same as Asymmetric encryption, but rather is worked example of aspects of Asymmetric encryption in use practically. The reason I bring this up is that Asymmetric encryption currently redirects to here. This is grossly incorrect and the complete lack of a parent article on Asymmetric encryption as a form of encryption in it's entirety is rather disturbing to say the least considering it's widespread perpetuation through IT. I propose that Asymmetric encryption be come an article in it's own right and that Public-key cryptography be merged into said article as either a child article of the new parent or as a section of the new article functioning as an in-depth worked example of practical application of Asymmetric encryption. This ensures that Wikipedia effectively and efficiently covers the field by defining and explaining the top-level algorithm itself and then goes on to provide further knowledge by providing real-world examples of the algorithm in use, such as Public-key cryptography. This is a much more logical heirarchy of the article and it's non-existant parent in the scheme of things in this field, in my opinion. Terkaal (talk) 07:06, 20 February 2012 (UTC)

Read through the older revisions of this talk page to see if the point had been raised before, it was interesting to see that it had been but yet alarming to see the response to it. In the past where this was raised, at a point where an article concerning Asymmetric encryption did indeed exist, the agreed upon course of action was to wipe clean that article and have serve as a simple redirector to Public-key cryptography. Excuse my tone here for a second but, WHAT O_O!?. The argument used was that Public-key cryptography used aspects of Asymmetric encryption as well as other systems to achieve it's intended purpose. Alright, that's great. Now what I can't get my head around is how that somehow justified eliminating the entire article (despite there are other systems which are not Public-key cryptography) and repurposing it into a sign reading "Here, check out Public-key cryptography instead. It's not the same thing as what you searched for, you'd fail the CompTIA Security+ exam if you sat under the impression it was, and it doesn't even use all the aspects of what you searched for, but we think you'll like it anyway.". To the average user, and perhaps a tad higher than that too, this can easily confuse them into thinking they are one and the same thing. Is there some sort of bias going on here or a conflict of interests? Since this article and the philosophy of those who are contributing to it overall seem to be resembling that of a forum community defending their favourite anime rather than a group of users aiming to make a fair, balanced and accurate digital encyclopedia for the masses. I appreciate that may have been a bit harsh, but if you can look past the use of creative prose here, I think the point I'm trying to make is worthy of some review. Terkaal (talk) 07:26, 20 February 2012 (UTC)

I trust you'll agree that public-key cryptography is a subset of asymmetric cryptography. The question for me is are these distinct. What is asymmetric but not public-key? Skippydo (talk) 05:33, 23 February 2012 (UTC)

Well I wouldn't so much as say PK-Cryptography is a subset of asymmetric cryptography, but rather that it is based on the approach taken towards encryption as defined by asymmetric cryptography.

Asymmetric Cryptography in the simplest of terms is that data to be encrypted is done so with two keys, one used to encrypt and one used to decrypt. The key used to encrypt, cannot be used to decrypt and vice versa. Two or more non-symmetrical keys. That's it.

As for what is done with these keys and and the data is then a case of how a particular method chooses to best utilise these two keys. Public-Key Cryptography is the most common implementation of the Asymmetric foundation but that's not to say that makes the two one and the same.

For an analogy, look at synchronous transmission and phone calls. A telecommunication through a phone uses synchronous transmission and (incoming opinion) I would probably say that the most common usage of synchronous transmission is a phone call, this does not however make synchronous transmission a phone call and nor does it make a phone call synchronous transmission (You don't see girls saying "Hey, here's my number, send me a Synchronous Transmission some time" after all).

That's the point I'm trying to make, yes Public Key Cryptography is the most common implementation of the asymmetrical approach towards encryption and decryption, yes the entirety of Asymmetrical Cryptography is the cornerstone foundation of Public Key Cryptography, but this does not make them one and the same.

Now I do understand that in the field of cryptography and between those knowledgable in the field, that the two are treated and referred to as being one and the same for effecive purposes, but Wikipedia is a neutral encyclopedia aiming to be informative on collective knowledge and part of that means taking a logical approach towards it's heirarchy.

I would support a mention clarifying that the two are commonly accepted as being the same thing due to the near exclusive manifestation being public-key cryptography, but again, just because the democratic majority holds the opinion to merge the two, doesn't contest with the fact that the two are logically seperate, but being built upon for use in the case of Public Key Cryptography.

In it's present state, this merge is very confusing to those learning the area or doing research, a senior trainer and I had to spend a good 2 hours trying to wean out the opinion that they are logically the same from a class of students studying IT the other day entirely because of this article. I can only imagine this as not an exclusive case. Terkaal (talk) 07:45, 23 February 2012 (UTC)

I was hoping for a more concise answer. I'm trying to fill a Venn diagram of public-key and asymmetric cryptography with examples. What is an example of a scheme which is asymmetric but not public-key? What is an example of a scheme which is public-key but not asymmetric? Skippydo (talk) 18:06, 23 February 2012 (UTC)

My appologies for the rather long response there, Without going into personal details as to why, in the context of logical discussion involving thought and ongoing analysis, I find I am only able to do so while bringing forward the entirety of my logical process in the context of the current point, query or idea. Now, on point...

Well answering that question entirely is not possible because of a fundemental difference in what the two are. Asymmetric Encryption, is simply an approach towards encryption through use of 2 or more keys to perform seperate tasks, it doesn't have to be be one to encrypt or one to decrypt, even if you had multiple keys to perform encryption through a segmented sequence, that's assymmetric encryption, the data has been encrypted and multiple keys were used to perform the encryption, decryption doesn't even come into the picture here unless we're looking at then communicating the data or reverting back to the state pre-encryption. Of course it seems totally non-sensical that you would ever want to encrypt data without ever considering decrypting it but for the sake of painting the picture, if encryption has been performed with 2 or more keys which are non identical, that fits the logical critera as per the definition of the prefix'd word "As-Symmetric" while also fitting the criteria of being encrypted.

Now say, we want to actually make use of this now encrypted data, of course we're going to need to be able to decrypt it using a key, which must not be identical to any of the keys used in the encryption or decryption process in order to remain asymmetrical. We might use 1 or more non-identical keys purposed for decryption which would be provided to any application, individual, hardware or whatever may wish to decrypt data, which would make it public-key cryptography. Then again at the same time we might have a theoretical dedicated cryptoprocessor which may encrypt data and decrypt data with different keys but at no point share any of these keys outside of the dedicated cryptographic process, thus protecting against cold boot attacks as an example. Or then again another theoretical machine which would encrypt data using one key but then treat the data in a polymorphic fashion while not providing a key to decrypt, if the same machine were to then decrypt the data, it would be required to calculate a fitting key in reverse from the encrypted data at the current time, thus producing a key to decrypt the data which is again asymmetrical but not public key.

As for Public Key but not Asymmetrical, that doesn't work. Public-Key is an approach to utilising Asymmetrical Cryptography Theory in a practical application. Thermal Radiators provide heat through convection, convection being a theory, a Thermal Radiator being a practical application of the theory of convection. Public-Key Cryptography utilises Asymmetrical Cryptography, providing encryption and decryption through practical application of the theory of Asymmetrical Cryptography. Just as a Thermal Radiator is fundementally application of convection, convection is not a Thermal Radiator, we can say Public-key Cryptography is at it's fundementals an application of the theory of Asmmetrical Cryptography, The theory of Asymmetrical Cryptography is not Public-key Cryptography.

Asymmetrical Cryptography is mathematical theory. Public-key Cryptography is real world practical application of this mathematical theory, albiet the most common and possibly the only to date application of this mathematical theory.

What I'm questioning here, is it is appropiate to unify the theory and a specific application of the theory, on the basis that no additional applications of said theory have either been developed and put in use, or have yet to gain significant percentage to be recognised.

At most, it might be appropiate to declare Public-key Cryptography as being the real world application of the theory, exlusive, primary or even most common, but not to write off asymmetrical encryption's identity as a mathematical theory.

At it's fundementals, the objection I raise is one based upon a question of logic, rather than validity of existing data. If there's anything you'd like me to develop upon here logically, please do ask and I'll happily enter further discussion. Terkaal (talk) 05:19, 26 February 2012 (UTC)

None of this addresses my question so let me try a different approach. Can you point to where in scholarship the distinction between these two things are made? I just need a title, author, and journal, no essay required. Skippydo (talk) 05:38, 26 February 2012 (UTC)

That's all you wanted? Why didn't you say so in the first place ^^ Sure, I'll look up some acredited evidence in a few hours once I'm done with some work I have on my hands. In the mean time however, till I can get access to such information, take a look at the History section here which shows what I mean in itself. The research was going into finding a system in which information could be encrypted but decrypted from a seperate key, if what I am to understand from the history section here is correct, then it makes it clear that the concept of using one such key as a shared key was an inherently obvious but entirely seperate concept from the initial writings on using multiple and different keys to perform encryption and decryption, albiet inspired by writings on shared keys. Terkaal (talk) 09:21, 26 February 2012 (UTC)