Cryptography or cryptology is the art and study of transiting the information without the intrusion of prying eyes. History suggests that this method has been prevalent since ages, right from the ancient Greeks to the World War era; nonetheless, its contemporary form is still being used in modern-day digital communication and computer security authentication.
The inexplicable failure of traditional encryption (symmetric cryptography) in terms of computer security and reliability of data, compelled scientists all over the world to devise something which would eliminate these shortcomings. Hence, public key encryption (the brainchild of Whitfield Diffie and Martin Hellman) was introduced in 1976; which in the realm of cryptography, escalated computer security to a whole new level.
What is it?
In traditional (symmetric) cryptography, when the sender fires off an indecipherable message to the recipient, both the parties use the same secret key for locking/unlocking the message. Now, here is the problem. The secret key, which would be used by both the parties, has to delivered via some or the other media. Therefore, there is no guarantee that the key might travel without unsolicited tampering, thus risking the integrity of the data.
Public key encryption was the impending solution to this problem. In this technique, both the parties are handed a pair of unique keys ― public and private. These keys work hand-in-hand to protect and decode the desired information. The public key is freely available, whereas the private key, as the name suggests, is confidential and protected by its respective owner. One of the most noted example could be the RSA algorithm. RSA is an acronym for Rivest, Shaman and Alderman, who wrote this algorithm.
How Does it Work?
As stated previously, public key encryption revolves around the concept of two keys. Let us imagine the following scenario.
A wants to send an encrypted message to B. Both of them have a pair of aforementioned keys. A looks up for B's public key in the directory. Once found, he creates his digital signature by computing his private key and the actual message. Done that, he encrypts the message and sends it to B which in turn, is verified by B using some calculations with the message, the signature and A's public key. Consequently, if the calculations at B's end prove that the signature is authentic then the message is decoded; otherwise it's considered to be tampered with or the signature has been forged. This technique virtually eliminates the problem regarding data encryption for information security.
Pros and Cons
The most significant advantage of this type of encryption is optimum security and ease of use. Moreover, each user is liable to protect his/her private key, which provides complete independence of ownership. At the same time, this system lowers the risks of widespread forgery by decentralization of keys. In fact, this process is called non-repudiation.
On the other hand, this cryptographic technique has a couple of drawbacks too. It is comparatively slower than a couple of advanced encryption techniques. This is because of its long computation time in factoring large numbers while encoding, decoding, and authenticating the messages. Also, public key encryption like RSA is virtually close to impossible to crack because of its complex algorithm. This proves to be a major setback for security personnel who wish to track sensitive data security breach of a company's or of a government organization.
The sudden surge in information security has compelled cryptographers to come up with better and upgraded solutions everyday.