Talk:Public-key cryptography

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Cryptography / Computer science  (Rated C-class, Top-importance)
WikiProject icon This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the quality scale.
 Top  This article has been rated as Top-importance on the importance scale.
Taskforce icon
This article is supported by WikiProject Computer science (marked as Top-importance).
 
edit·history·watch·refresh Stock post message.svg To-do list for Public-key cryptography:

Merge sections "How it Works" and "Description"

Readers questions (Concepts that could use some clarification from contributors)[edit]

1. The article might be improved for a general audience by a single first sentence that states the goal of this technology, -the problem it is trying to solve, using specific but self contained language. For example, "The purpose of encryption is to sent a message from a sender to a receiver with only the receiver being able to read the contents." -perhaps this is wrong, but you get the idea. Some of us are not exactly sure since this is not our field.

2. Does this technology require that the sender and receiver already be in possession of the public and private keys? Or does this term and this discussion cover how that happens. It should be emphasized that the security arises more from how the two keys are created and securely delivered to each party, if that's true. The article could be improved by separating the discussion of how the keys are used to achieve encryption, from where they come from and how they are secured between the sender and receiver. :

3. It is not clear why one key is generated from the other, if the the math used to do so is chosen specifically to leave an untraceable link between the two keys. (why not used two really unrelated keys?) — Preceding unsigned comment added by Sharesmart (talkcontribs) 15:15, 14 January 2014 (UTC)


Inappropriate External Link[edit]

Surely given all that is said in this article., the link to

 http://gpg4win.org/documentation.html

is inappropriate. Far more suitable external links readily come to mind.

Please consider an edit to remove that link. G. Robert Shiplett 15:13, 15 June 2011 (UTC)

I understand your point, but gpg4win is an free libre open source(although not waived copyright like CC0 or WTFPL, but I think copyleft) implementation of the Public-key cryptography system. It is relevant in one way or another, but yeah I don't think it belongs in External links. Maybe it belongs in references! Logictheo (talk) 16:14, 20 March 2012 (UTC)

Proposal for New Parent Article (Asymmetric Encryption) and Subsequent Merger of this Article (Public-key cryptography) into New Parent Article[edit]

Ok, as far as I understand it (I'm currently behind a whitelist and unable to access verification but I can do this later today), Public-key cryptography is NOT the same as Asymmetric encryption, but rather is worked example of aspects of Asymmetric encryption in use practically. The reason I bring this up is that Asymmetric encryption currently redirects to here. This is grossly incorrect and the complete lack of a parent article on Asymmetric encryption as a form of encryption in it's entirety is rather disturbing to say the least considering it's widespread perpetuation through IT. I propose that Asymmetric encryption be come an article in it's own right and that Public-key cryptography be merged into said article as either a child article of the new parent or as a section of the new article functioning as an in-depth worked example of practical application of Asymmetric encryption. This ensures that Wikipedia effectively and efficiently covers the field by defining and explaining the top-level algorithm itself and then goes on to provide further knowledge by providing real-world examples of the algorithm in use, such as Public-key cryptography. This is a much more logical heirarchy of the article and it's non-existant parent in the scheme of things in this field, in my opinion. Terkaal (talk) 07:06, 20 February 2012 (UTC)

Read through the older revisions of this talk page to see if the point had been raised before, it was interesting to see that it had been but yet alarming to see the response to it. In the past where this was raised, at a point where an article concerning Asymmetric encryption did indeed exist, the agreed upon course of action was to wipe clean that article and have serve as a simple redirector to Public-key cryptography. Excuse my tone here for a second but, WHAT O_O!?. The argument used was that Public-key cryptography used aspects of Asymmetric encryption as well as other systems to achieve it's intended purpose. Alright, that's great. Now what I can't get my head around is how that somehow justified eliminating the entire article (despite there are other systems which are not Public-key cryptography) and repurposing it into a sign reading "Here, check out Public-key cryptography instead. It's not the same thing as what you searched for, you'd fail the CompTIA Security+ exam if you sat under the impression it was, and it doesn't even use all the aspects of what you searched for, but we think you'll like it anyway.". To the average user, and perhaps a tad higher than that too, this can easily confuse them into thinking they are one and the same thing. Is there some sort of bias going on here or a conflict of interests? Since this article and the philosophy of those who are contributing to it overall seem to be resembling that of a forum community defending their favourite anime rather than a group of users aiming to make a fair, balanced and accurate digital encyclopedia for the masses. I appreciate that may have been a bit harsh, but if you can look past the use of creative prose here, I think the point I'm trying to make is worthy of some review. Terkaal (talk) 07:26, 20 February 2012 (UTC)

I trust you'll agree that public-key cryptography is a subset of asymmetric cryptography. The question for me is are these distinct. What is asymmetric but not public-key? Skippydo (talk) 05:33, 23 February 2012 (UTC)

Well I wouldn't so much as say PK-Cryptography is a subset of asymmetric cryptography, but rather that it is based on the approach taken towards encryption as defined by asymmetric cryptography.

Asymmetric Cryptography in the simplest of terms is that data to be encrypted is done so with two keys, one used to encrypt and one used to decrypt. The key used to encrypt, cannot be used to decrypt and vice versa. Two or more non-symmetrical keys. That's it.

As for what is done with these keys and and the data is then a case of how a particular method chooses to best utilise these two keys. Public-Key Cryptography is the most common implementation of the Asymmetric foundation but that's not to say that makes the two one and the same.

For an analogy, look at synchronous transmission and phone calls. A telecommunication through a phone uses synchronous transmission and (incoming opinion) I would probably say that the most common usage of synchronous transmission is a phone call, this does not however make synchronous transmission a phone call and nor does it make a phone call synchronous transmission (You don't see girls saying "Hey, here's my number, send me a Synchronous Transmission some time" after all).

That's the point I'm trying to make, yes Public Key Cryptography is the most common implementation of the asymmetrical approach towards encryption and decryption, yes the entirety of Asymmetrical Cryptography is the cornerstone foundation of Public Key Cryptography, but this does not make them one and the same.

Now I do understand that in the field of cryptography and between those knowledgable in the field, that the two are treated and referred to as being one and the same for effecive purposes, but Wikipedia is a neutral encyclopedia aiming to be informative on collective knowledge and part of that means taking a logical approach towards it's heirarchy.

I would support a mention clarifying that the two are commonly accepted as being the same thing due to the near exclusive manifestation being public-key cryptography, but again, just because the democratic majority holds the opinion to merge the two, doesn't contest with the fact that the two are logically seperate, but being built upon for use in the case of Public Key Cryptography.

In it's present state, this merge is very confusing to those learning the area or doing research, a senior trainer and I had to spend a good 2 hours trying to wean out the opinion that they are logically the same from a class of students studying IT the other day entirely because of this article. I can only imagine this as not an exclusive case. Terkaal (talk) 07:45, 23 February 2012 (UTC)

I was hoping for a more concise answer. I'm trying to fill a Venn diagram of public-key and asymmetric cryptography with examples. What is an example of a scheme which is asymmetric but not public-key? What is an example of a scheme which is public-key but not asymmetric? Skippydo (talk) 18:06, 23 February 2012 (UTC)

My appologies for the rather long response there, Without going into personal details as to why, in the context of logical discussion involving thought and ongoing analysis, I find I am only able to do so while bringing forward the entirety of my logical process in the context of the current point, query or idea. Now, on point...

Well answering that question entirely is not possible because of a fundemental difference in what the two are. Asymmetric Encryption, is simply an approach towards encryption through use of 2 or more keys to perform seperate tasks, it doesn't have to be be one to encrypt or one to decrypt, even if you had multiple keys to perform encryption through a segmented sequence, that's assymmetric encryption, the data has been encrypted and multiple keys were used to perform the encryption, decryption doesn't even come into the picture here unless we're looking at then communicating the data or reverting back to the state pre-encryption. Of course it seems totally non-sensical that you would ever want to encrypt data without ever considering decrypting it but for the sake of painting the picture, if encryption has been performed with 2 or more keys which are non identical, that fits the logical critera as per the definition of the prefix'd word "As-Symmetric" while also fitting the criteria of being encrypted.

Now say, we want to actually make use of this now encrypted data, of course we're going to need to be able to decrypt it using a key, which must not be identical to any of the keys used in the encryption or decryption process in order to remain asymmetrical. We might use 1 or more non-identical keys purposed for decryption which would be provided to any application, individual, hardware or whatever may wish to decrypt data, which would make it public-key cryptography. Then again at the same time we might have a theoretical dedicated cryptoprocessor which may encrypt data and decrypt data with different keys but at no point share any of these keys outside of the dedicated cryptographic process, thus protecting against cold boot attacks as an example. Or then again another theoretical machine which would encrypt data using one key but then treat the data in a polymorphic fashion while not providing a key to decrypt, if the same machine were to then decrypt the data, it would be required to calculate a fitting key in reverse from the encrypted data at the current time, thus producing a key to decrypt the data which is again asymmetrical but not public key.

As for Public Key but not Asymmetrical, that doesn't work. Public-Key is an approach to utilising Asymmetrical Cryptography Theory in a practical application. Thermal Radiators provide heat through convection, convection being a theory, a Thermal Radiator being a practical application of the theory of convection. Public-Key Cryptography utilises Asymmetrical Cryptography, providing encryption and decryption through practical application of the theory of Asymmetrical Cryptography. Just as a Thermal Radiator is fundementally application of convection, convection is not a Thermal Radiator, we can say Public-key Cryptography is at it's fundementals an application of the theory of Asmmetrical Cryptography, The theory of Asymmetrical Cryptography is not Public-key Cryptography.

Asymmetrical Cryptography is mathematical theory. Public-key Cryptography is real world practical application of this mathematical theory, albiet the most common and possibly the only to date application of this mathematical theory.

What I'm questioning here, is it is appropiate to unify the theory and a specific application of the theory, on the basis that no additional applications of said theory have either been developed and put in use, or have yet to gain significant percentage to be recognised.

At most, it might be appropiate to declare Public-key Cryptography as being the real world application of the theory, exlusive, primary or even most common, but not to write off asymmetrical encryption's identity as a mathematical theory.

At it's fundementals, the objection I raise is one based upon a question of logic, rather than validity of existing data. If there's anything you'd like me to develop upon here logically, please do ask and I'll happily enter further discussion. Terkaal (talk) 05:19, 26 February 2012 (UTC)

None of this addresses my question so let me try a different approach. Can you point to where in scholarship the distinction between these two things are made? I just need a title, author, and journal, no essay required. Skippydo (talk) 05:38, 26 February 2012 (UTC)

That's all you wanted? Why didn't you say so in the first place ^^ Sure, I'll look up some acredited evidence in a few hours once I'm done with some work I have on my hands. In the mean time however, till I can get access to such information, take a look at the History section here which shows what I mean in itself. The research was going into finding a system in which information could be encrypted but decrypted from a seperate key, if what I am to understand from the history section here is correct, then it makes it clear that the concept of using one such key as a shared key was an inherently obvious but entirely seperate concept from the initial writings on using multiple and different keys to perform encryption and decryption, albiet inspired by writings on shared keys. Terkaal (talk) 09:21, 26 February 2012 (UTC)

I'm not aware of sources that find it important to distinguish asymmetric-key cryptography and public-key cryptography. On the other hand a reputable source that does not distinguish between the two terms is the Handbook of applied cryptography by Menezies, van Oorshot and Vanstone. Figure 1.1 (page 5): A taxonomy of cryptographic primitives uses the terms "symmetric-key primitives" and "public-key primitives" side by side and there is no category of primitives in between them. Hence I see no reason for wikipedia to add such a category. 178.195.230.127 (talk) 05:46, 7 March 2012 (UTC)

This entry should reference the Lucas-based public-key and other algorithms, which are listed as Applications of the Lucas sequences Wikipedia entry. Peter Smith.118.92.203.118 (talk) 10:17, 17 March 2013 (UTC)

Encryption flow chart diagram doesn't match article text[edit]

The second encryption flow chart diagram ("I will pay $500") does not match the article text.

The diagram shows the private key used for encryption and public key used for decryption. However the article says the opposite: public key is used for encryption and private key for decryption.

The article says: "The publicly available encrypting-key is widely distributed, while the private decrypting-key is known only to its proprietor", also "a message encrypted with a recipient's public key cannot be decrypted by anyone except a possessor of the matching private key". Either the article or diagram need changing. I assume the diagram is wrong. Someone with expertise in this area needs to validate this and make the change. Joema (talk) 15:16, 10 April 2013 (UTC) joema

The diagram is wrong, i've removed it. Skippydo (talk) 03:23, 11 April 2013 (UTC)

Actual Algorithm, simple example[edit]

such a long distracting article, and no algorithm So I'll just put this here. Learn by Example!

  • All integers.
  • 2 facilitating numbers are to be calculated in order to find the encrypt/decrypt keys. lets call them m,n
  • message=6;

(1) choose two prime numbers (preferably huge)

11,23

(2) define n=11*23

           =253

(3) find this multiplier 10,22 ==> m = 220

(4) find encryption key

   lowest non element in 220....==>3

(5) Encrypted message= 6^3 mod 253= 216

(6) find Decryption Key lowest value possible so that (220*value +1)/3 is integer; because (220*2+1)/3= 441 / 3 ==> 147

(7) Decrypt (encrypted message , decryption key)

    216^147 mod 253 =....= 6

--Namaste@? 00:04, 18 November 2013 (UTC)

Your example is an example of the RSA algorithm, which is linked from this article. Since public key cryptography is about the general concept rather than RSA specifically and covers many different algorithms, it would be inappropriate to include that here. An equivalent example is in the linked article for that specific algorithm. —Quondum 00:25, 18 November 2013 (UTC)
Quondum, I couldn't disagree more...you're seriously claiming that an example exists which is both general and specific?? Or are you claiming that examples are inappropriate? This article suffers from a severe case of pomposity which makes it very difficult for someone who doesn't already understand the subject to learn anything. I agree with Diza, a simple example SHOULD be included, and a section titled "Examples" should OBVIOUSLY contain one or more (simple) examples - NOT links to other articles. A list of links is not "Examples" it is References or Reference Examples.Abitslow (talk) 17:26, 18 May 2014 (UTC)
The suggested example illustrates only the operation used in the RSA algorithm, and not the concept of public key cryptography, aside from the fact that encryption and decryption use a different key (which in itself is not a defining characteristic). The crucial aspect of public key cryptography is a one-way function, and the one-wayness is not illustrated by this example. In short, the example does not reasonably illustrate anything that the article is primarily about. This is adequately explained there, and linking to it is sufficient for those who want it – after all, WP is structured as a richly linked medium. Including the example would be undue clutter for the majority who use WP for what it is intended: a reference. In an article about multiplication, one does not give a simple example of addition (e.g. 1 + 1 = 2), one leaves that to the article on addition, and links to it, even though multiplication is built upon addition. An encyclopaedia is a reference, not a textbook. —Quondum 19:08, 18 May 2014 (UTC)

Intro to Article needs some editing[edit]

I would do it myself but I know enough about public key technology to know how complex it is and that's about it, I'm not enough of a security guy to take a shot at editing this. But the intro doesn't correspond to Wiki standards. Articles are supposed to start with the name of the article in bold at the beginning. Also, the name of the article is Public-Key cryptography but the intro starts off talking about "asymetric" which is confusing to users. Either the article should be changed to be about assymetric algorithms or there should be an intro sentence that says something like "also known as asymetric algorithms because... The second one would be my suggestion. --MadScientistX11 (talk) 19:53, 28 April 2014 (UTC)