![]() | This ![]() It is of interest to the following WikiProjects: | |||||||||||||||||||||||
|
|
||
This page has archives. Sections older than 90 days may be automatically archived by Lowercase sigmabot III when more than 5 sections are present. |
Hello fellow Wikipedians,
I have just modified one external link on Public-key cryptography. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 11:15, 20 January 2018 (UTC)
Have just done a tidy-up of the intro. The rest of the article is in dire need of the same. - Snori ( talk) 19:14, 26 December 2018 (UTC)
I believe the introduction needs another clarification. imo it confuses the objective (mathematical) fact that asymmetric cryptography allows for two unrelated keys to encrypt and decrypt any string / message with the convention that one of those keys is considered public and the other private for most uses. Your comments welcome.-- BBird ( talk) 13:47, 7 August 2019 (UTC)
I have just reverted a spate of changes by @ 2402:3a80:19f8:c3dc::2 which had seemingly randomly copy-pasted chunks of text of the article into different sections. As far as I can tell there were no meaningful contributions made with any of these edits – just nuisance text. I think I got them all. Phidica ( talk) 02:17, 9 December 2022 (UTC)
Is the Diffie Hellman Diagram accurate? Im under the impression that the shared secret is obtained by a shared public secret combined with the two private keys. The diagram seems to indicate that the private key of Alice with the public key of Bob is equal to the private key of Bob mixed with the public key of Alice. Epachamo ( talk) 23:48, 9 February 2024 (UTC)
I would be grateful if someone explained to me the complete purpose of public and private keys if there is any type of public-private cryptosystem that does not serve, in its core, for encryption.
From my understanding, this is a simple matter: public keys serve to encrypt data and private keys serve to decrypt data. Thus, the only thing public-private cryptosystems can do is encrypt and decrypt data.
If I understood these systems correctly, the purpose of public-private cryptosystems is in fact not limited to data confidentiality, but any other application ( digital cash, password-authenticated key agreement, time-stamping services, etc.) uses encryption because that is the base of pubic-private cryptosystems.
The state of the article at my last edit was quite easier for non-experts, it would be good to have a similar first paragraph in the lead. Have I misunderstand something?
PS: after the first @ Taylor Riastradh Campbell's revert of my edit, I investigated the topic before ediiting the lead; after that, I was sure that public-private cryptosystems were limited to encryption, so I was bold to get a faster feedback, I see nothing wrong on doing this.
Emunah00 ( talk) 01:41, 18 June 2024 (UTC)
[A]ccording to its article, public-key key encapsulation does involve encryption, if I understood it correctly, doesn't it?
Do you think it's possible to summarize both public-key cryptosystems that don't envolve encryption taking a common property of all of them, yet keeping it understandable by non-expert readers?
Which one is the public key and which is the private is purely a matter of choice (often enforced by cryptographic systems but it doesn't have to be).
For example, in the public-key signature scheme Ed25519, the public key is the encoding of a point on an elliptic curve, satisfying and the private key is (or can be hashed to derive) an integer together with a 256-bit string. Even if you were to misinterpret the private scalar as the -coordinate of a public point (and ignore the extra 256-bit string in the private key), only about half of the possibilities satisfy the equation; the rest can't be valid public keys.
If you look at an RSA public key as and an RSA private key as with and if you look only at the pure RSA trapdoor function itself (which is not a public-key encryption scheme or a public-key signature scheme), the inverse is the same function so the roles of and look similar.
But the similarity ends there. Almost all encryption and signature schemes based on RSA in the real world use for efficiency (RSA supports some of the cheapest public-key operations, second only to Rabin signature), and derive , and have a host of other details on top of the trapdoor function—sometimes called padding schemes—to make a secure encryption scheme, or a host of different details to make a secure signature scheme. If you try to interchange the public key and the private key in these cases, security is immediately lost because there's no more secrets in the private key—everyone knows it's !
More generally, in secure RSA-based cryptosystems like RSA-FDH signature or RSA-KEM key encapsulation or RSAES-OAEP encryption, it is safe to use public exponent as low as 3. But to resist Wiener's attack and variants like Boneh–Durfee, [1] one must use private exponent (and it is conjectured that may be needed). That is, although the public exponent and the private exponent are syntactically the same kind of thing (exponents in ), they have completely different security requirements. So it is not ‘purely a matter of choice’ which one is the public key and which one is the private key.
You can generate the pair of keys how you like. But there is no requirement that one is specifically the public key and other is the private.
References
![]() | This ![]() It is of interest to the following WikiProjects: | |||||||||||||||||||||||
|
|
||
This page has archives. Sections older than 90 days may be automatically archived by Lowercase sigmabot III when more than 5 sections are present. |
Hello fellow Wikipedians,
I have just modified one external link on Public-key cryptography. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 11:15, 20 January 2018 (UTC)
Have just done a tidy-up of the intro. The rest of the article is in dire need of the same. - Snori ( talk) 19:14, 26 December 2018 (UTC)
I believe the introduction needs another clarification. imo it confuses the objective (mathematical) fact that asymmetric cryptography allows for two unrelated keys to encrypt and decrypt any string / message with the convention that one of those keys is considered public and the other private for most uses. Your comments welcome.-- BBird ( talk) 13:47, 7 August 2019 (UTC)
I have just reverted a spate of changes by @ 2402:3a80:19f8:c3dc::2 which had seemingly randomly copy-pasted chunks of text of the article into different sections. As far as I can tell there were no meaningful contributions made with any of these edits – just nuisance text. I think I got them all. Phidica ( talk) 02:17, 9 December 2022 (UTC)
Is the Diffie Hellman Diagram accurate? Im under the impression that the shared secret is obtained by a shared public secret combined with the two private keys. The diagram seems to indicate that the private key of Alice with the public key of Bob is equal to the private key of Bob mixed with the public key of Alice. Epachamo ( talk) 23:48, 9 February 2024 (UTC)
I would be grateful if someone explained to me the complete purpose of public and private keys if there is any type of public-private cryptosystem that does not serve, in its core, for encryption.
From my understanding, this is a simple matter: public keys serve to encrypt data and private keys serve to decrypt data. Thus, the only thing public-private cryptosystems can do is encrypt and decrypt data.
If I understood these systems correctly, the purpose of public-private cryptosystems is in fact not limited to data confidentiality, but any other application ( digital cash, password-authenticated key agreement, time-stamping services, etc.) uses encryption because that is the base of pubic-private cryptosystems.
The state of the article at my last edit was quite easier for non-experts, it would be good to have a similar first paragraph in the lead. Have I misunderstand something?
PS: after the first @ Taylor Riastradh Campbell's revert of my edit, I investigated the topic before ediiting the lead; after that, I was sure that public-private cryptosystems were limited to encryption, so I was bold to get a faster feedback, I see nothing wrong on doing this.
Emunah00 ( talk) 01:41, 18 June 2024 (UTC)
[A]ccording to its article, public-key key encapsulation does involve encryption, if I understood it correctly, doesn't it?
Do you think it's possible to summarize both public-key cryptosystems that don't envolve encryption taking a common property of all of them, yet keeping it understandable by non-expert readers?
Which one is the public key and which is the private is purely a matter of choice (often enforced by cryptographic systems but it doesn't have to be).
For example, in the public-key signature scheme Ed25519, the public key is the encoding of a point on an elliptic curve, satisfying and the private key is (or can be hashed to derive) an integer together with a 256-bit string. Even if you were to misinterpret the private scalar as the -coordinate of a public point (and ignore the extra 256-bit string in the private key), only about half of the possibilities satisfy the equation; the rest can't be valid public keys.
If you look at an RSA public key as and an RSA private key as with and if you look only at the pure RSA trapdoor function itself (which is not a public-key encryption scheme or a public-key signature scheme), the inverse is the same function so the roles of and look similar.
But the similarity ends there. Almost all encryption and signature schemes based on RSA in the real world use for efficiency (RSA supports some of the cheapest public-key operations, second only to Rabin signature), and derive , and have a host of other details on top of the trapdoor function—sometimes called padding schemes—to make a secure encryption scheme, or a host of different details to make a secure signature scheme. If you try to interchange the public key and the private key in these cases, security is immediately lost because there's no more secrets in the private key—everyone knows it's !
More generally, in secure RSA-based cryptosystems like RSA-FDH signature or RSA-KEM key encapsulation or RSAES-OAEP encryption, it is safe to use public exponent as low as 3. But to resist Wiener's attack and variants like Boneh–Durfee, [1] one must use private exponent (and it is conjectured that may be needed). That is, although the public exponent and the private exponent are syntactically the same kind of thing (exponents in ), they have completely different security requirements. So it is not ‘purely a matter of choice’ which one is the public key and which one is the private key.
You can generate the pair of keys how you like. But there is no requirement that one is specifically the public key and other is the private.
References