580:
known to be compromised because the data appears fine to the other user. This can lead to confusing disagreements between users such as "it must be on your end!" when neither user is at fault. Hence, man-in-the-middle attacks are only fully preventable when the communications infrastructure is physically controlled by one or both parties; such as via a wired route inside the sender's own building. In summation, public keys are easier to alter when the communications hardware used by a sender is controlled by an attacker.
658:
blocks and encrypted messages. Only the intended recipient is able to decrypt the metadata block, and having done so they can identify and download their messages and decrypt them. Such a messaging system is at present in an experimental phase and not yet deployed. Scaling this method would reveal to the third party only the inbox server being used by the recipient and the timestamp of sending and receiving. The server could be shared by thousands of users, making social network modelling much more challenging.
356:, in which a message is signed with the sender's private key and can be verified by anyone who has access to the sender's public key. This verification proves that the sender had access to the private key, and therefore is very likely to be the person associated with the public key. It also proves that the signature was prepared for that exact message, since a signature that passes verification with the public key on one message will not pass verification with the public key on other messages.
160:
151:
177:
135:
38:
525:– is out of reach of all potential attackers. In many cases, the work factor can be increased by simply choosing a longer key. But other algorithms may inherently have much lower work factors, making resistance to a brute-force attack (e.g., from longer keys) irrelevant. Some special and specific algorithms have been developed to aid in attacking some public key encryption algorithms; both
557:, in which the communication of public keys is intercepted by a third party (the "man in the middle") and then modified to provide different public keys instead. Encrypted messages and responses must, in all instances, be intercepted, decrypted, and re-encrypted by the attacker using the correct public keys for the different communication segments so as to avoid suspicion.
335:. This requirement is never trivial and very rapidly becomes unmanageable as the number of participants increases, or when secure channels are not available, or when, (as is sensible cryptographic practice), keys are frequently changed. In particular, if messages are meant to be secure from other users, a separate key is required for each possible pair of users.
670:, two parties would rely upon a key that they would exchange by means of a secure, but non-cryptographic, method such as a face-to-face meeting, or a trusted courier. This key, which both parties must then keep absolutely secret, could then be used to exchange encrypted messages. A number of significant practical difficulties arise with this approach to
609:
scheme were not used at all. An attacker who penetrates an authority's servers and obtains its store of certificates and keys (public and private) would be able to spoof, masquerade, decrypt, and forge transactions without limit, assuming that they were able to place themselves in the communication stream.
501:
As with all security-related systems, there are various potential weaknesses in public-key cryptography. Aside from poor choice of an asymmetric key algorithm (there are few that are widely regarded as satisfactory) or too short a key length, the chief security risk is that the private key of a pair
653:
in the message header, which might include the identities of the sender and recipient, the sending date, subject field, and the software they use etc. Rather, only the body of the message is concealed and can only be decrypted with the private key of the intended recipient. This means that a third
492:
key from the server to client has the advantage of not requiring that a symmetric key be pre-shared manually, such as on printed paper or discs transported by a courier, while providing the higher data throughput of symmetric key cryptography over asymmetric key cryptography for the remainder of the
254:
For example, a software publisher can create a signature key pair and include the public key in software installed on computers. Later, the publisher can distribute an update to the software signed using the private key, and any computer receiving an update can confirm it is genuine by verifying the
167:
scheme, each party generates a public/private key pair and distributes the public key of the pair. After obtaining an authentic (n.b., this is critical) copy of each other's public keys, Alice and Bob can compute a shared secret offline. The shared secret can be used, for instance, as the key for a
657:
However, there has been a recent demonstration of messaging with encrypted headers, which obscures the identities of the sender and recipient, and significantly reduces the available metadata to a third party. The concept is based around an open repository containing separately encrypted metadata
579:
In some advanced man-in-the-middle attacks, one side of the communication will see the original data while the other will receive a malicious variant. Asymmetric man-in-the-middle attacks can prevent users from realizing their connection is compromised. This remains so even when one user's data is
608:
of the certificate authority and then, in a second step, the certificates of potential communicators. An attacker who could subvert one of those certificate authorities into issuing a certificate for a bogus public key could then mount a "man-in-the-middle" attack as easily as if the certificate
599:
For example, the certificate authority issuing the certificate must be trusted by all participating parties to have properly checked the identity of the key-holder, to have ensured the correctness of the public key when it issues a certificate, to be secure from computer piracy, and to have made
345:
Public key encryption, in which a message is encrypted with the intended recipient's public key. For properly chosen and used algorithms, messages cannot in practice be decrypted by anyone who does not possess the matching private key, who is thus presumed to be the owner of that key and so the
360:
One important issue is confidence/proof that a particular public key is authentic, i.e. that it is correct and belongs to the person or entity claimed, and has not been tampered with or replaced by some (perhaps malicious) third party. There are several possible approaches, including:
237:
For example, a journalist can publish the public key of an encryption key pair on a web site so that sources can send secret messages to the news organization in ciphertext. Only the journalist who knows the corresponding private key can decrypt the ciphertexts to obtain the sources'
576:(ISP) might find a man-in-the-middle attack relatively straightforward. Capturing the public key would only require searching for the key as it gets sent through the ISP's communications hardware; in properly implemented asymmetric key schemes, this is not a significant risk.
330:
is used with the underlying algorithm by both the sender and the recipient, who must both keep it secret. Of necessity, the key in every such system had to be exchanged between the communicating parties in some secure way prior to any use of the system – for instance, via a
154:
In an asymmetric key encryption scheme, anyone can encrypt messages using a public key, but only the holder of the paired private key can decrypt such a message. The security of the system depends on the secrecy of the private key, which must not become known to any
636:
are typically valid for several years at a time, so the associated private keys must be held securely over that time. When a private key used for certificate creation higher in the PKI server hierarchy is compromised, or accidentally disclosed, then a
811:. This was the first published practical method for establishing a shared secret-key over an authenticated (but not confidential) communications channel without using a prior shared secret. Merkle's "public key-agreement technique" became known as
631:
must be considered when deploying public key systems. Some certificate authority – usually a purpose-built program running on a server computer – vouches for the identities assigned to specific private keys by producing a digital certificate.
255:
signature using the public key. As long as the software publisher keeps the private key secret, even if a forger can distribute malicious updates to computers, they cannot convince the computers that any malicious updates are genuine.
251:. Anyone with the corresponding public key can verify whether the signature matches the message, but a forger who does not know the private key cannot find any message/signature pair that will pass verification with the public key.
184:
with Alice's private key, but the message itself is not encrypted. 1) Alice signs a message with her private key. 2) Using Alice's public key, Bob can verify that Alice sent the message and that the message has not been
567:
A man-in-the-middle attack can be difficult to implement due to the complexities of modern security protocols. However, the task becomes simpler when a sender is using insecure media such as public networks, the
544:
that exploit information leakage to simplify the search for a secret key. These are often independent of the algorithm being used. Research is underway to both discover, and to protect against, new attacks.
2341:, Chapter 6 of "Understanding Cryptography, A Textbook for Students and Practitioners". (companion web site contains online cryptography course that covers public-key cryptography), Springer, 2009.
757:. Both organisations had a military focus and only limited computing power was available in any case; the potential of public key cryptography remained unrealised by either organization:
761:
I judged it most important for military use ... if you can share your key rapidly and electronically, you have a major advantage over your opponent. Only at the end of the evolution from
815:, and was invented in 1974 and only published in 1978. This makes asymmetric encryption a rather new field in cryptography although cryptography itself dates back more than 2,000 years.
564:"). These terms refer to reading the sender's private data in its entirety. A communication is particularly unsafe when interceptions can not be prevented or monitored by the sender.
572:, or wireless communication. In these cases an attacker can compromise the communications infrastructure rather than the data itself. A hypothetical malicious staff member at an
314:) use both symmetric encryption and asymmetric encryption, often by using asymmetric encryption to securely exchange a secret key, which is then used for symmetric encryption.
654:
party could construct quite a detailed model of participants in a communication network, along with the subjects being discussed, even if the message body itself is hidden.
718:
said: "Jevons anticipated a key feature of the RSA Algorithm for public key cryptography, although he certainly did not invent the concept of public key cryptography."
338:
By contrast, in a public key system, the public keys can be disseminated widely and openly, and only the corresponding private keys need be kept secret by its owner.
1975:
854:, to encrypt and decrypt, performing both public key encryption and public key digital signatures. Its security is connected to the extreme difficulty of
223:. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.
509:, many asymmetric key algorithms are considered vulnerable to attacks, and new quantum-resistant schemes are being developed to overcome the problem.
1637:
Stohrer, Christian; Lugrin, Thomas (2023), Mulder, Valentin; Mermoud, Alain; Lenders, Vincent; Tellenbach, Bernhard (eds.), "Asymmetric
Encryption",
869:
Since the 1970s, a large number and variety of encryption, digital signature, key agreement, and other techniques have been developed, including the
859:
540:
was found to be insecure after the development of a new attack. As with all cryptographic functions, public-key implementations may be vulnerable to
1859:
533:
have known attacks that are much faster than the brute-force approach. None of these are sufficiently improved to be actually practical, however.
447:
Because asymmetric key algorithms are nearly always much more computationally intensive than symmetric ones, it is common to use a public/private
1778:
734:(GCHQ), conceived of the possibility of "non-secret encryption", (now called public key cryptography), but could see no way to implement it.
1727:"What Is a Man-in-the-Middle Attack and How Can It Be Prevented – What is the difference between a man-in-the-middle attack and sniffing?"
306:, asymmetric encryption is rather slow compared to good symmetric encryption, too slow for many purposes. Today's cryptosystems (such as
407:– a message that a sender encrypts using the recipient's public key, which can be decrypted only by the recipient's paired private key.
921:
1834:
Bjorgvinsdottir, Hanna; Bentley, Phil (24 June 2021). "Warp2: A Method of Email and
Messaging with Encrypted Addressing and Headers".
783:
These discoveries were not publicly acknowledged for 27 years, until the research was declassified by the
British government in 1997.
604:, for instance, are supplied with a long list of "self-signed identity certificates" from PKI providers – these are used to check the
102:
2084:
74:
1022:
537:
424:
systems use digital signatures to ensure that one party cannot successfully dispute its authorship of a document or communication.
383:" decentralizes authentication by using individual endorsements of links between a user and the public key belonging to that user.
55:
2057:
2413:
731:
81:
2366:
2295:
2127:
1682:
1656:
960:
432:
858:, a problem for which there is no known efficient general technique. A description of the algorithm was published in the
617:
88:
803:'s work on public key distribution, disclosed a method of public key agreement. This method of key exchange, which uses
560:
A communication is said to be insecure where data is transmitted in a manner that allows for interception (also called "
2448:
620:, which are commonly used to provide security for web browser transactions (for example, most websites utilize TLS for
521:". However, such an attack is impractical if the amount of computation needed to succeed – termed the "work factor" by
376:
relies upon this. This implies that the PKI system (software, hardware, and management) is trust-able by all involved.
2323:
2267:
1809:
1420:
1372:
1331:
927:
121:
2402:
discusses the circumstances and fundamental insights of his invention of public key cryptography with collaborators
70:
2458:
2428:
2350:
695:
234:, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.
2332:
745:, giving a practical method of "non-secret encryption", and in 1974 another GCHQ mathematician and cryptographer,
2438:
2338:
899:
808:
750:
287:
164:
59:
600:
arrangements with all participants to check all their certificates before protected communications can begin.
2453:
1997:
1753:"What Is a Man-in-the-Middle Attack and How Can It Be Prevented - Where do man-in-the-middle attacks happen?"
981:
2101:
1533:
612:
Despite its theoretical and potential problems, Public key infrastructure is widely used. Examples include
403:
The most obvious application of a public key encryption system is for encrypting communication to provide
238:
messages—an eavesdropper reading email on its way to the journalist cannot decrypt the ciphertexts.
2443:
2433:
2227:
916:
906:
882:
878:
295:
17:
459:
1976:"The unsung genius who secured Britain's computer defences and paved the way for safe online shopping"
1726:
2395:
2135:
1786:
1581:
1167:
1147:
1126:
592:(PKI); a set of roles, policies, and procedures needed to create, manage, distribute, use, store and
589:
573:
365:
262:, including applications and protocols that offer assurance of the confidentiality, authenticity and
95:
2149:
2071:
1103:
1075:
754:
638:
613:
554:
373:
307:
267:
2281:
266:
of electronic communications and data storage. They underpin numerous
Internet standards, such as
1189:
667:
369:
323:
48:
627:
Aside from the resistance to attack of a particular key pair, the security of the certification
2144:
2066:
1194:
1162:
1137:
847:
687:
596:
digital certificates and manage public-key encryption. However, this has potential weaknesses.
593:
536:
Major weaknesses have been found for several formerly promising asymmetric key algorithms. The
451:
2027:
1752:
1116:
1010:
966:
855:
746:
197:
2259:
2196:
1270:
1237:
1178:
436:
303:
553:
Another potential security vulnerability in using asymmetric keys is the possibility of a
8:
1474:
Alvarez, Rafael; Caballero-Gil, Cándido; Santonja, Juan; Zamora, Antonio (27 June 2017).
1443:
1152:
1083:
1060:
863:
839:
812:
633:
541:
480:
467:
384:
279:
2049:
1559:
1274:
804:
2372:
2313:
2162:
1930:
1865:
1835:
1619:
1510:
1475:
1302:
986:
971:
874:
870:
843:
742:
530:
518:
388:
2362:
2319:
2291:
2263:
2243:. The first two sections contain a very good introduction to public-key cryptography.
2197:"Still Guarding Secrets after Years of Attacks, RSA Earns Accolades for its Founders"
1934:
1678:
1652:
1623:
1611:
1515:
1497:
1416:
1399:
1368:
1351:
1327:
1294:
1286:
1173:
1121:
1039:
715:
711:
506:
411:
353:
327:
291:
263:
243:
181:
143:
2376:
1447:
2403:
2354:
2166:
2154:
2076:
2041:
1922:
1707:
1642:
1601:
1593:
1505:
1487:
1306:
1278:
1227:
792:
703:
671:
502:
becomes known. All security of messages, authentication, etc., will then be lost.
283:
220:
169:
2170:
1888:
2391:
1407:
1321:
1088:
827:
762:
561:
526:
421:
404:
347:
299:
1700:"A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem"
1647:
1582:"Secure post-quantum group key exchange: Implementing a solution based on Kyber"
1359:
1240:
1221:
894:
Examples of well-regarded asymmetric key techniques for varied purposes include:
694:
Can the reader say what two numbers multiplied together will produce the number
2399:
2309:
2305:
2251:
2247:
2045:
1699:
1403:
1395:
1355:
1347:
835:
796:
777:
738:
727:
522:
415:
332:
2358:
1926:
2422:
2080:
2021:
1615:
1501:
1290:
1258:
1142:
707:
209:
1949:
2407:
1580:
Escribano Pablos, JosĂ© Ignacio; González Vasco, MarĂa Isabel (April 2023).
1519:
1298:
1199:
1183:
800:
428:
380:
311:
259:
247:
system, a sender can use a private key together with a message to create a
216:
159:
2158:
818:
In 1977, a generalization of Cocks's scheme was independently invented by
2017:
1455:. Vol. 44. MSRI Publications. §5: Public-key signatures, pp. 543–545
999:
601:
2128:"A Method for Obtaining Digital Signatures and Public-Key Cryptosystems"
1711:
1282:
150:
1606:
1597:
1132:
1017:
Examples of notable – yet insecure – asymmetric key algorithms include:
823:
819:
212:
1492:
649:
Most of the available public-key encryption software does not conceal
176:
134:
2287:
1892:
1674:
Understanding
Cryptography: A Textbook for Students and Practitioners
1232:
1157:
994:
Examples of asymmetric key algorithms not yet widely adopted include:
628:
2414:
An account of how GCHQ kept their invention of PKE secret until 1997
1861:
The
Principles of Science: A Treatise on Logic and Scientific Method
1704:
23rd Annual
Symposium on Foundations of Computer Science (SFCS 1982)
258:
Public key algorithms are fundamental security primitives in modern
37:
2277:
650:
641:" is possible, making any subordinate certificate wholly insecure.
569:
230:
system, anyone with a public key can encrypt a message, yielding a
1840:
1473:
346:
person associated with the public key. This can be used to ensure
1672:
1098:
1043:
933:
911:
770:
475:
1034:
947:
275:
139:
2333:
1579:
1029:
Examples of protocols using asymmetric key algorithms include:
142:) number is used to begin generation of an acceptable pair of
2002:
1055:
1005:
975:
941:
937:
851:
621:
395:
system for digitally signing emails also uses this approach.
773:... did public key cryptography realise its full potential.
698:? I think it unlikely that anyone but myself will ever know.
488:
cryptography-based key exchange to share a server-generated
478:
family of schemes use this procedure; they are thus called
200:
that use pairs of related keys. Each key pair consists of a
2304:
1446:(1 May 2008). "Protecting communications against forgery".
1394:
1346:
1079:
1069:
1065:
951:
766:
588:
One approach to prevent such attacks involves the use of a
392:
341:
Two of the best-known uses of public key cryptography are:
1323:
Cryptography and
Network Security: Principles and Practice
1950:"The Possibility of Secure Non-secret Digital Encryption"
1913:
Golob, Solomon W. (1996). "On
Factoring Jevons' Number".
1093:
1049:
905:
DSS (Digital Signature Standard), which incorporates the
831:
791:
In 1976, an asymmetric key cryptosystem was published by
706:
to cryptography, and went on to discuss specifically the
471:
271:
2398:, University of Minnesota. Leading cryptography scholar
1257:
Bernstein, Daniel J.; Lange, Tanja (14 September 2017).
1810:"Authorities launch man-in-the-middle attack on Google"
517:
All public key schemes are in theory susceptible to a "
427:
Further applications built on this foundation include:
172:, which will be, in essentially all cases, much faster.
1833:
410:
Another application in public key cryptography is the
2126:
Rivest, R.; Shamir, A.; Adleman, L. (February 1978).
1641:, Cham: Springer Nature Switzerland, pp. 11–14,
1639:
Trends in Data Protection and Encryption Technologies
834:. The latter authors published their work in 1978 in
368:(PKI), in which one or more third parties – known as
2125:
414:. Digital signature schemes can be used for sender
62:. Unsourced material may be challenged and removed.
1671:Paar, Christof; Pelzl, Jan; Preneel, Bart (2010).
387:uses this approach, in addition to lookup in the
27:Cryptographic system with public and private keys
2420:
2246:
1670:
146:suitable for use by an asymmetric key algorithm.
1886:
1256:
842:column, and the algorithm came to be known as
322:Before the mid-1970s, all cipher systems used
2040:
1998:"GCHQ pioneers on birth of public key crypto"
1636:
2228:"SSL/TLS Strong Encryption: An Introduction"
1857:
1406:(October 1996). "8: Public-key encryption".
1358:(October 1996). "8: Public-key encryption".
765:designing an open internet architecture for
583:
548:
2276:
2034:
1557:
2392:Oral history interview with Martin Hellman
1436:
922:Elliptic Curve Digital Signature Algorithm
753:. The scheme was also passed to the US's
466:for a symmetric key encryption algorithm.
2339:"Introduction to Public-Key Cryptography"
2148:
2070:
1839:
1779:"China, GitHub and the man-in-the-middle"
1770:
1646:
1605:
1509:
1491:
1476:"Algorithms for Lightweight Key Exchange"
1442:
1388:
1319:
1231:
1219:
741:implemented what has become known as the
122:Learn how and when to remove this message
2410:at Stanford University in the mid-1970s.
2194:
1991:
1989:
1853:
1851:
1801:
175:
158:
149:
133:
2344:
2058:IEEE Transactions on Information Theory
1995:
1750:
1724:
721:
644:
442:
14:
2421:
2090:from the original on 29 November 2014.
1776:
1697:
1340:
1213:
769:, its adaptation and adoption for the
732:Government Communications Headquarters
702:Here he described the relationship of
462:to transmit data using the now-shared
138:An unpredictable (typically large and
2016:
2010:
1986:
1973:
1947:
1912:
1848:
1807:
1223:Internet Security Glossary, Version 2
282:. Some public key algorithms provide
1880:
1023:Merkle–Hellman knapsack cryptosystem
989:authenticated key agreement protocol
961:password-authenticated key agreement
730:, a British cryptographer at the UK
433:password-authenticated key agreement
60:adding citations to reliable sources
31:
2283:Introduction to Modern Cryptography
2119:
1558:Mihir, Bellare; Goldwasser, Shafi.
862:column in the August 1977 issue of
786:
24:
2225:
372:– certify ownership of key pairs.
25:
2470:
2385:
1751:Tunggal, Abi (20 February 2020).
1725:Tunggal, Abi (20 February 2020).
1320:Stallings, William (3 May 1990).
749:, developed what is now known as
505:Additionally, with the advent of
2315:Handbook of Applied Cryptography
2050:"New Directions in Cryptography"
1996:Espiner, Tom (26 October 2010).
1974:Sawer, Patrick (11 March 2016).
1948:Ellis, James H. (January 1970).
1560:"Chapter 10: Digital signatures"
1409:Handbook of Applied Cryptography
1361:Handbook of Applied Cryptography
846:, from their initials. RSA uses
805:exponentiation in a finite field
298:), and some provide both (e.g.,
36:
2188:
2094:
1967:
1941:
1906:
1827:
1744:
1718:
1691:
1664:
1630:
1573:
1415:. CRC Press. pp. 425–488.
1367:. CRC Press. pp. 283–319.
677:
634:Public key digital certificates
439:and non-repudiation protocols.
398:
208:. Key pairs are generated with
180:In this example the message is
47:needs additional citations for
1551:
1526:
1467:
1326:. Prentice Hall. p. 165.
1313:
1250:
714:. In July 1996, mathematician
317:
268:Transport Layer Security (TLS)
13:
1:
2218:
1698:Shamir, Adi (November 1982).
1567:Lecture Notes on Cryptography
928:Elliptic-curve Diffie–Hellman
519:brute-force key search attack
512:
496:
2195:Robinson, Sara (June 2003).
850:a product of two very large
538:"knapsack packing" algorithm
7:
1648:10.1007/978-3-031-33386-6_3
1259:"Post-quantum cryptography"
1109:
1052:, EMV Certificate Authority
917:Elliptic-curve cryptography
907:Digital Signature Algorithm
900:Diffie–Hellman key exchange
888:
809:Diffie–Hellman key exchange
751:Diffie–Hellman key exchange
296:Digital Signature Algorithm
288:Diffie–Hellman key exchange
165:Diffie–Hellman key exchange
10:
2475:
2337:Christof Paar, Jan Pelzl,
1808:percy (4 September 2014).
1777:martin (30 January 2013).
1046:, and an Internet Standard
661:
555:"man-in-the-middle" attack
460:symmetric-key cryptography
454:to encrypt and exchange a
2449:Public key infrastructure
2396:Charles Babbage Institute
2359:10.1007/978-3-662-03269-5
2136:Communications of the ACM
1927:10.1080/0161-119691884933
1449:Algorithmic Number Theory
1226:. Network Working Group.
1220:R. Shirey (August 2007).
1168:Public key infrastructure
1148:Post-quantum cryptography
1127:Identity-based encryption
982:Cramer–Shoup cryptosystem
710:problem used to create a
684:The Principles of Science
590:public key infrastructure
584:Public key infrastructure
574:Internet service provider
549:Alteration of public keys
458:, which is then used by
366:public key infrastructure
71:"Public-key cryptography"
2318:. Taylor & Francis.
2081:10.1109/TIT.1976.1055638
1887:Weisstein, E.W. (2024).
1206:
1104:Off-the-Record Messaging
1076:Transport Layer Security
856:factoring large integers
755:National Security Agency
743:RSA encryption algorithm
639:man-in-the-middle attack
324:symmetric key algorithms
2459:Cryptographic protocols
2429:Public-key cryptography
2347:Public-Key Cryptography
2308:; van Oorschot, P. C.;
2102:"Asymmetric encryption"
1534:"Asymmetric encryption"
1190:Symmetric-key algorithm
1042:, an implementation of
737:In 1973, his colleague
668:history of cryptography
370:certificate authorities
194:asymmetric cryptography
190:Public-key cryptography
2439:Cryptographic software
2349:(2 ed.). Berlin:
2345:Salomaa, Arto (1996).
2280:; Lindell, Y. (2007).
2256:Practical Cryptography
2026:. Doubleday. pp.
1195:Threshold cryptosystem
1163:Public key fingerprint
1138:Key-agreement protocol
974:encryption algorithm (
807:, came to be known as
781:
700:
688:William Stanley Jevons
452:key-exchange algorithm
437:time-stamping services
186:
173:
156:
147:
2226:Hirsch, Frederick J.
2159:10.1145/359340.359342
1858:Jevons, W.S. (1874).
1400:van Oorschot, Paul C.
1352:van Oorschot, Paul C.
1117:Books on cryptography
1011:McEliece cryptosystem
967:Paillier cryptosystem
848:exponentiation modulo
759:
747:Malcolm J. Williamson
692:
228:public-key encryption
198:cryptographic systems
179:
162:
153:
137:
2454:Network architecture
1444:Bernstein, Daniel J.
1179:Quantum cryptography
1082:and its predecessor
722:Classified discovery
645:Unencrypted metadata
616:and its predecessor
542:side-channel attacks
481:hybrid cryptosystems
443:Hybrid cryptosystems
326:, in which the same
304:symmetric encryption
204:and a corresponding
56:improve this article
2176:on 17 December 2008
1866:Macmillan & Co.
1712:10.1109/SFCS.1982.5
1283:10.1038/nature23461
1275:2017Natur.549..188B
1153:Pretty Good Privacy
1084:Secure Socket Layer
864:Scientific American
840:Scientific American
799:who, influenced by
493:shared connection.
286:and secrecy (e.g.,
2444:Banking technology
2434:Anonymity networks
2310:Vanstone, Scott A.
2232:Apache HTTP Server
2106:IONOS Digitalguide
2046:Hellman, Martin E.
1598:10.1049/cmu2.12561
1586:IET Communications
1538:IONOS Digitalguide
1404:Vanstone, Scott A.
1396:Menezes, Alfred J.
1356:Vanstone, Scott A.
1348:Menezes, Alfred J.
875:ElGamal encryption
871:Rabin cryptosystem
860:Mathematical Games
531:ElGamal encryption
389:domain name system
354:Digital signatures
292:digital signatures
196:, is the field of
187:
174:
157:
148:
2368:978-3-662-03269-5
2297:978-1-58488-551-1
2048:(November 1976).
2042:Diffie, Whitfield
1789:on 19 August 2016
1684:978-3-642-04100-6
1658:978-3-031-33386-6
1493:10.3390/s17071517
1269:(7671): 188–194.
1174:Quantum computing
1122:GNU Privacy Guard
716:Solomon W. Golomb
712:trapdoor function
704:one-way functions
682:In his 1874 book
672:distributing keys
666:During the early
507:quantum computing
412:digital signature
328:cryptographic key
264:non-repudiability
244:digital signature
221:one-way functions
132:
131:
124:
106:
16:(Redirected from
2466:
2404:Whitfield Diffie
2380:
2329:
2301:
2273:
2242:
2240:
2238:
2212:
2211:
2201:
2192:
2186:
2185:
2183:
2181:
2175:
2169:. Archived from
2152:
2132:
2123:
2117:
2116:
2114:
2112:
2098:
2092:
2091:
2089:
2074:
2054:
2038:
2032:
2031:
2014:
2008:
2007:
1993:
1984:
1983:
1971:
1965:
1964:
1962:
1960:
1954:
1945:
1939:
1938:
1910:
1904:
1903:
1901:
1899:
1889:"Jevons' Number"
1884:
1878:
1877:
1875:
1873:
1855:
1846:
1845:
1843:
1831:
1825:
1824:
1822:
1820:
1805:
1799:
1798:
1796:
1794:
1785:. Archived from
1774:
1768:
1767:
1765:
1763:
1748:
1742:
1741:
1739:
1737:
1722:
1716:
1715:
1695:
1689:
1688:
1668:
1662:
1661:
1650:
1634:
1628:
1627:
1609:
1577:
1571:
1570:
1564:
1555:
1549:
1548:
1546:
1544:
1530:
1524:
1523:
1513:
1495:
1471:
1465:
1464:
1462:
1460:
1454:
1440:
1434:
1433:
1431:
1429:
1414:
1392:
1386:
1385:
1383:
1381:
1366:
1344:
1338:
1337:
1317:
1311:
1310:
1254:
1248:
1244:
1235:
1233:10.17487/RFC4949
1217:
1078:standardized by
813:Merkle's Puzzles
793:Whitfield Diffie
787:Public discovery
290:), some provide
284:key distribution
219:problems termed
182:digitally signed
170:symmetric cipher
127:
120:
116:
113:
107:
105:
64:
40:
32:
21:
2474:
2473:
2469:
2468:
2467:
2465:
2464:
2463:
2419:
2418:
2388:
2383:
2369:
2326:
2298:
2270:
2252:Schneier, Bruce
2248:Ferguson, Niels
2236:
2234:
2221:
2216:
2215:
2199:
2193:
2189:
2179:
2177:
2173:
2150:10.1.1.607.2677
2130:
2124:
2120:
2110:
2108:
2100:
2099:
2095:
2087:
2052:
2039:
2035:
2015:
2011:
1994:
1987:
1972:
1968:
1958:
1956:
1952:
1946:
1942:
1911:
1907:
1897:
1895:
1885:
1881:
1871:
1869:
1856:
1849:
1832:
1828:
1818:
1816:
1806:
1802:
1792:
1790:
1775:
1771:
1761:
1759:
1749:
1745:
1735:
1733:
1723:
1719:
1696:
1692:
1685:
1669:
1665:
1659:
1635:
1631:
1578:
1574:
1562:
1556:
1552:
1542:
1540:
1532:
1531:
1527:
1472:
1468:
1458:
1456:
1452:
1441:
1437:
1427:
1425:
1423:
1412:
1393:
1389:
1379:
1377:
1375:
1364:
1345:
1341:
1334:
1318:
1314:
1255:
1251:
1218:
1214:
1209:
1204:
1112:
891:
828:Leonard Adleman
789:
724:
680:
664:
647:
586:
551:
515:
499:
445:
422:Non-repudiation
405:confidentiality
401:
348:confidentiality
320:
302:). Compared to
128:
117:
111:
108:
65:
63:
53:
41:
28:
23:
22:
15:
12:
11:
5:
2472:
2462:
2461:
2456:
2451:
2446:
2441:
2436:
2431:
2417:
2416:
2411:
2400:Martin Hellman
2387:
2386:External links
2384:
2382:
2381:
2367:
2342:
2335:
2330:
2324:
2306:Menezes, A. J.
2302:
2296:
2274:
2268:
2244:
2222:
2220:
2217:
2214:
2213:
2187:
2143:(2): 120–126.
2118:
2093:
2072:10.1.1.37.9720
2065:(6): 644–654.
2033:
2009:
1985:
1966:
1955:. CryptoCellar
1940:
1905:
1879:
1847:
1826:
1800:
1769:
1743:
1717:
1690:
1683:
1663:
1657:
1629:
1592:(6): 758–773.
1572:
1550:
1525:
1466:
1435:
1421:
1387:
1373:
1339:
1332:
1312:
1249:
1246:Informational.
1211:
1210:
1208:
1205:
1203:
1202:
1197:
1192:
1187:
1181:
1176:
1171:
1165:
1160:
1155:
1150:
1145:
1140:
1135:
1130:
1124:
1119:
1113:
1111:
1108:
1107:
1106:
1101:
1096:
1091:
1086:
1073:
1063:
1058:
1053:
1047:
1037:
1026:
1025:
1014:
1013:
1008:
1003:
991:
990:
984:
979:
969:
964:
957:
956:
955:
945:
931:
925:
914:
909:
903:
890:
887:
836:Martin Gardner
830:, all then at
797:Martin Hellman
788:
785:
778:Ralph Benjamin
739:Clifford Cocks
728:James H. Ellis
723:
720:
679:
676:
663:
660:
646:
643:
585:
582:
550:
547:
523:Claude Shannon
514:
511:
498:
495:
484:. The initial
444:
441:
416:authentication
400:
397:
358:
357:
351:
333:secure channel
319:
316:
130:
129:
44:
42:
35:
26:
9:
6:
4:
3:
2:
2471:
2460:
2457:
2455:
2452:
2450:
2447:
2445:
2442:
2440:
2437:
2435:
2432:
2430:
2427:
2426:
2424:
2415:
2412:
2409:
2405:
2401:
2397:
2393:
2390:
2389:
2378:
2374:
2370:
2364:
2360:
2356:
2352:
2348:
2343:
2340:
2336:
2334:
2331:
2327:
2325:0-8493-8523-7
2321:
2317:
2316:
2311:
2307:
2303:
2299:
2293:
2289:
2285:
2284:
2279:
2275:
2271:
2269:0-471-22357-3
2265:
2261:
2257:
2253:
2249:
2245:
2233:
2229:
2224:
2223:
2209:
2205:
2198:
2191:
2172:
2168:
2164:
2160:
2156:
2151:
2146:
2142:
2138:
2137:
2129:
2122:
2107:
2103:
2097:
2086:
2082:
2078:
2073:
2068:
2064:
2060:
2059:
2051:
2047:
2043:
2037:
2029:
2025:
2024:
2023:The Code Book
2019:
2013:
2005:
2004:
1999:
1992:
1990:
1981:
1980:The Telegraph
1977:
1970:
1951:
1944:
1936:
1932:
1928:
1924:
1920:
1916:
1909:
1894:
1890:
1883:
1867:
1863:
1862:
1854:
1852:
1842:
1837:
1830:
1815:
1811:
1804:
1788:
1784:
1780:
1773:
1758:
1754:
1747:
1732:
1728:
1721:
1713:
1709:
1705:
1701:
1694:
1686:
1680:
1676:
1675:
1667:
1660:
1654:
1649:
1644:
1640:
1633:
1625:
1621:
1617:
1613:
1608:
1603:
1599:
1595:
1591:
1587:
1583:
1576:
1568:
1561:
1554:
1539:
1535:
1529:
1521:
1517:
1512:
1507:
1503:
1499:
1494:
1489:
1485:
1481:
1477:
1470:
1451:
1450:
1445:
1439:
1424:
1422:0-8493-8523-7
1418:
1411:
1410:
1405:
1401:
1397:
1391:
1376:
1374:0-8493-8523-7
1370:
1363:
1362:
1357:
1353:
1349:
1343:
1335:
1333:9780138690175
1329:
1325:
1324:
1316:
1308:
1304:
1300:
1296:
1292:
1288:
1284:
1280:
1276:
1272:
1268:
1264:
1260:
1253:
1247:
1242:
1239:
1234:
1229:
1225:
1224:
1216:
1212:
1201:
1198:
1196:
1193:
1191:
1188:
1185:
1182:
1180:
1177:
1175:
1172:
1169:
1166:
1164:
1161:
1159:
1156:
1154:
1151:
1149:
1146:
1144:
1143:PGP word list
1141:
1139:
1136:
1134:
1131:
1128:
1125:
1123:
1120:
1118:
1115:
1114:
1105:
1102:
1100:
1097:
1095:
1092:
1090:
1087:
1085:
1081:
1077:
1074:
1071:
1067:
1064:
1062:
1059:
1057:
1054:
1051:
1048:
1045:
1041:
1038:
1036:
1033:
1032:
1031:
1030:
1024:
1021:
1020:
1019:
1018:
1012:
1009:
1007:
1004:
1001:
998:
997:
996:
995:
988:
985:
983:
980:
977:
973:
970:
968:
965:
962:
958:
953:
949:
946:
943:
939:
935:
932:
929:
926:
923:
920:
919:
918:
915:
913:
910:
908:
904:
901:
898:
897:
896:
895:
886:
884:
880:
876:
872:
867:
865:
861:
857:
853:
849:
845:
841:
837:
833:
829:
825:
821:
816:
814:
810:
806:
802:
798:
794:
784:
780:
779:
774:
772:
768:
764:
758:
756:
752:
748:
744:
740:
735:
733:
729:
719:
717:
713:
709:
708:factorization
705:
699:
697:
691:
689:
685:
675:
673:
669:
659:
655:
652:
642:
640:
635:
630:
625:
623:
619:
615:
610:
607:
603:
597:
595:
591:
581:
577:
575:
571:
565:
563:
558:
556:
546:
543:
539:
534:
532:
528:
524:
520:
510:
508:
503:
494:
491:
487:
483:
482:
477:
473:
469:
465:
464:symmetric key
461:
457:
456:symmetric key
453:
450:
440:
438:
434:
430:
425:
423:
419:
417:
413:
408:
406:
396:
394:
390:
386:
382:
377:
375:
371:
367:
362:
355:
352:
350:of a message.
349:
344:
343:
342:
339:
336:
334:
329:
325:
315:
313:
309:
305:
301:
297:
293:
289:
285:
281:
277:
273:
269:
265:
261:
260:cryptosystems
256:
252:
250:
246:
245:
239:
235:
233:
229:
224:
222:
218:
214:
211:
210:cryptographic
207:
203:
199:
195:
191:
183:
178:
171:
166:
161:
152:
145:
141:
136:
126:
123:
115:
104:
101:
97:
94:
90:
87:
83:
80:
76:
73: –
72:
68:
67:Find sources:
61:
57:
51:
50:
45:This article
43:
39:
34:
33:
30:
19:
2408:Ralph Merkle
2346:
2314:
2282:
2255:
2235:. Retrieved
2231:
2207:
2203:
2190:
2178:. Retrieved
2171:the original
2140:
2134:
2121:
2109:. Retrieved
2105:
2096:
2062:
2056:
2036:
2022:
2018:Singh, Simon
2012:
2001:
1979:
1969:
1957:. Retrieved
1943:
1918:
1914:
1908:
1896:. Retrieved
1882:
1870:. Retrieved
1860:
1829:
1817:. Retrieved
1813:
1803:
1791:. Retrieved
1787:the original
1782:
1772:
1760:. Retrieved
1756:
1746:
1734:. Retrieved
1730:
1720:
1703:
1693:
1677:. Springer.
1673:
1666:
1638:
1632:
1589:
1585:
1575:
1566:
1553:
1541:. Retrieved
1537:
1528:
1483:
1479:
1469:
1457:. Retrieved
1448:
1438:
1426:. Retrieved
1408:
1390:
1378:. Retrieved
1360:
1342:
1322:
1315:
1266:
1262:
1252:
1245:
1222:
1215:
1200:Web of trust
1184:Secure Shell
1028:
1027:
1016:
1015:
1002:cryptosystem
993:
992:
893:
892:
868:
817:
801:Ralph Merkle
790:
782:
775:
760:
736:
725:
701:
693:
683:
681:
678:Anticipation
665:
656:
648:
626:
611:
605:
602:Web browsers
598:
587:
578:
566:
559:
552:
535:
516:
504:
500:
489:
485:
479:
463:
455:
448:
446:
429:digital cash
426:
420:
409:
402:
399:Applications
381:web of trust
378:
363:
359:
340:
337:
321:
312:Secure Shell
257:
253:
248:
242:
240:
236:
231:
227:
225:
217:mathematical
205:
201:
193:
189:
188:
118:
112:January 2024
109:
99:
92:
85:
78:
66:
54:Please help
49:verification
46:
29:
2180:15 November
1915:Cryptologia
1868:p. 141
1706:: 145–152.
1607:10016/37141
1486:(7): 1517.
1068:, a secure
1000:NTRUEncrypt
954:(ECDH/EdDH)
763:Berners-Lee
391:(DNS). The
318:Description
206:private key
18:Private key
2423:Categories
2219:References
1959:18 January
1921:(3): 243.
1898:18 January
1872:18 January
1133:Key escrow
963:techniques
824:Adi Shamir
820:Ron Rivest
696:8616460799
606:bona fides
513:Algorithms
497:Weaknesses
486:asymmetric
474:, and the
449:asymmetric
232:ciphertext
213:algorithms
202:public key
82:newspapers
2288:CRC Press
2278:Katz, Jon
2204:SIAM News
2145:CiteSeerX
2067:CiteSeerX
1935:205488749
1893:MathWorld
1841:1411.6409
1814:GreatFire
1783:GreatFire
1624:255650398
1616:1751-8628
1502:1424-8220
1459:8 October
1428:8 October
1380:8 October
1291:0028-0836
1158:Pseudonym
726:In 1970,
629:hierarchy
490:symmetric
249:signature
215:based on
185:modified.
2377:24751345
2351:Springer
2312:(1997).
2254:(2003).
2237:17 April
2085:Archived
2020:(1999).
1520:28654006
1299:28905891
1110:See also
1072:protocol
959:Various
902:protocol
889:Examples
651:metadata
570:Internet
562:sniffing
2353:. 275.
2167:2873616
1819:26 June
1793:27 June
1762:26 June
1757:UpGuard
1736:26 June
1731:UpGuard
1511:5551094
1480:Sensors
1307:4446249
1271:Bibcode
1099:Bitcoin
1044:OpenPGP
934:Ed25519
924:(ECDSA)
912:ElGamal
771:Arpanet
662:History
476:SSL/TLS
294:(e.g.,
163:In the
96:scholar
2375:
2365:
2322:
2294:
2266:
2165:
2147:
2111:9 June
2069:
1933:
1681:
1655:
1622:
1614:
1543:2 June
1518:
1508:
1500:
1419:
1371:
1330:
1305:
1297:
1289:
1263:Nature
1035:S/MIME
976:PKCS#1
948:X25519
930:(ECDH)
852:primes
690:wrote:
594:revoke
276:S/MIME
155:other.
140:random
98:
91:
84:
77:
69:
2373:S2CID
2260:Wiley
2200:(PDF)
2174:(PDF)
2163:S2CID
2131:(PDF)
2088:(PDF)
2053:(PDF)
2030:–292.
2003:ZDNet
1953:(PDF)
1931:S2CID
1836:arXiv
1620:S2CID
1563:(PDF)
1453:(PDF)
1413:(PDF)
1365:(PDF)
1303:S2CID
1207:Notes
1186:(SSH)
1170:(PKI)
1129:(IBE)
1056:IPsec
1006:Kyber
942:EdDSA
938:Ed448
622:HTTPS
241:In a
226:In a
192:, or
103:JSTOR
89:books
2406:and
2363:ISBN
2320:ISBN
2292:ISBN
2264:ISBN
2239:2013
2210:(5).
2182:2019
2113:2022
1961:2024
1900:2024
1874:2024
1821:2020
1795:2015
1764:2020
1738:2020
1679:ISBN
1653:ISBN
1612:ISSN
1545:2022
1516:PMID
1498:ISSN
1461:2022
1430:2022
1417:ISBN
1382:2022
1369:ISBN
1328:ISBN
1295:PMID
1287:ISSN
1241:4949
1089:SILC
1080:IETF
1070:VoIP
1066:ZRTP
952:X448
950:and
936:and
881:and
826:and
795:and
767:CERN
529:and
393:DKIM
278:and
144:keys
75:news
2355:doi
2155:doi
2077:doi
2028:279
1923:doi
1708:doi
1643:doi
1602:hdl
1594:doi
1506:PMC
1488:doi
1279:doi
1267:549
1238:RFC
1228:doi
1094:SSH
1061:PGP
1050:EMV
1040:GPG
987:YAK
972:RSA
883:ECC
879:DSA
844:RSA
838:'s
832:MIT
624:).
618:SSL
614:TLS
527:RSA
472:SSH
468:PGP
385:PGP
379:A "
374:TLS
308:TLS
300:RSA
280:PGP
272:SSH
58:by
2425::
2394:,
2371:.
2361:.
2290:.
2286:.
2262:.
2258:.
2250:;
2230:.
2208:36
2206:.
2202:.
2161:.
2153:.
2141:21
2139:.
2133:.
2104:.
2083:.
2075:.
2063:22
2061:.
2055:.
2044:;
2000:.
1988:^
1978:.
1929:.
1919:20
1917:.
1891:.
1864:.
1850:^
1812:.
1781:.
1755:.
1729:.
1702:.
1651:,
1618:.
1610:.
1600:.
1590:17
1588:.
1584:.
1565:.
1536:.
1514:.
1504:.
1496:.
1484:17
1482:.
1478:.
1402:;
1398:;
1354:;
1350:;
1301:.
1293:.
1285:.
1277:.
1265:.
1261:.
1236:.
885:.
877:,
873:,
866:.
822:,
686:,
674:.
470:,
435:,
431:,
418:.
364:A
310:,
274:,
270:,
2379:.
2357::
2328:.
2300:.
2272:.
2241:.
2184:.
2157::
2115:.
2079::
2006:.
1982:.
1963:.
1937:.
1925::
1902:.
1876:.
1844:.
1838::
1823:.
1797:.
1766:.
1740:.
1714:.
1710::
1687:.
1645::
1626:.
1604::
1596::
1569:.
1547:.
1522:.
1490::
1463:.
1432:.
1384:.
1336:.
1309:.
1281::
1273::
1243:.
1230::
978:)
944:)
940:(
776:—
637:"
125:)
119:(
114:)
110:(
100:·
93:·
86:·
79:·
52:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.