Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!nbires!vianet!devine
From: devine@vianet.UUCP (Bob Devine)
Newsgroups: sci.crypt
Subject: Re: encryption with public keys
Message-ID: <112@vianet.UUCP>
Date: Mon, 22-Dec-86 21:34:27 EST
Article-I.D.: vianet.112
Posted: Mon Dec 22 21:34:27 1986
Date-Received: Tue, 23-Dec-86 18:37:37 EST
References: <3072@ihuxf.UUCP> <93@vianet.UUCP> <1828@ncoast.UUCP>
Organization: ViaNetix  Boulder, CO
Lines: 47

In article <1828@ncoast.UUCP>, btb@ncoast.UUCP (Brad Banko) writes:
> I'm sure I won't be the first to want to clarify this for Bob Devine.

  The only clarification needed was in what I wrote.  What I mushily posted
was an attempt to find out the intended use of the public-key cryptosystem.
I was wondering if something besides authentication was in the works.  From
an exchange of mail, my query was answered; the poster wanted authentication
for mail.

> Public Key cryptography is a system where encoding and decoding are
> controlled by separate keys which are hopefully underivable from each
> other even if the system is known.

  Almost.  The two keys are inverses and, theoretically, are derivable
from each other.  What makes the RSA system secure is the enormous
computational effort needed to go from public-key to private-key for
a large key.  A small key can be derived with a generic computer.
The explosion of effort required for larger and larger keys makes 
cracking expensive (to put it mildly).  In the RSA algorithm, the
"system" is known by whomever can photocopy the article or the many
other articles inspired by RSA in the public literature.

> 	So, what you have are two separate keys for each encryption.
> One is know only to you, and the decoding key is known only to the
> person that you send the encrypted message and you.  A way around this
> is for two people to use each others keys:
> 
> 	text => your key1 => his public key => cipher
> 	cipher => his key1 => your public key => text

  If authentication is all you want, the above interchange is not really
needed; it provides security as well as authentication.  In your notation,
it is done this way:

        plaintext => decrypt with private key => cipher
        send or store message
        cipher => encrypt with public key => plaintext

  This is what the initial poster asked about.  Note that both schemes
have a lot of hand-waving about them as to how the key pairs are generated
and who/what holds onto the public keys.  The hard part is not always the
keys; it is identifying the implicit trusts and dealing with them.

  I'm working on a public-key system and, unfortunately, it won't be
available for public domain use.

Bob Devine