INVITATION TO CYBERSECURITY 168 vides authentication in the same way written signatures do in physical space. If Bob has a message that he wants to prove he wrote, he can sign the message with his private key and then make the signed message public. At this point, anybody can verify that Bob produced the message by applying Bob’s public key to it (see Figure 7.14). Signing also provides non-repudiation. Since we assume that the only person with access to Bob’s private key is Bob, then Bob must have signed it and cannot deny doing so. Of course, in a court of law, this may or may not pass muster, since Bob’s private key could have been compromised. Figure 7.14 Bob signs a message with his private key that anyone can verify with his public key. With public key cryptography, the communicating parties do not need to meet ahead of time in a secure environment in order to exchange a shared secret. People can communicate securely even if they have never met since public keys are publicly available. This solves the key distribution problem that plagues symmetric key cryptography, and it makes the modern Internet possible. On the Internet, public key cryptography is used constantly to secure network communications. Email messages, personal records, passwords, and financial transactions propagate between endpoints over untrusted channels but still remain confidential due to public key cryptography. 7.2.2.2 Key Management and Efficiency “A public-key cryptosystem needs no private couriers; the keys can be distributed over the insecure communications channel.” - “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” by Rivest, Shamir, and Adleman Public key cryptography key management also scales well. The formula to calculate the number of keys needed for n people to communicate with one another on a one-on-one basis is: n × 2 This is because each person needs their own key pair and that is it! Five people would need ten keys, fifty people would need 100 keys, and 500 people would need 1,000 keys. Symmetric key cryptography is quadratic (n2) in the number of keys required and public key cryptography is linear (2n).
RkJQdWJsaXNoZXIy MTM4ODY=