So, one of the first practical asymmetric cryptography systems to be developed is RSA,
name for the initials of the three co-inventors.
Ron Rivest, Adi Shamir and Leonard Adleman.
This crypto system was patented in 1983 and was
released to the public domain by RSA Security in the year 2000.
The RSA system specifies mechanisms for generation and distribution
of keys along with encryption and decryption operation using these keys.
We won't go into the details of the math involved,
since it's pretty high-level stuff and beyond the scope of this class.
But, it's important to know that
the key generation process depends on choosing two unique,
random, and usually very large prime numbers.
DSA or Digital Signature Algorithm is another example of an asymmetric encryption system,
though its used for signing and verifying data.
It was patented in 1991 and is part of
the US government's Federal Information Processing Standard.
Similar to RSA, the specification covers
the key generation process along with the signing and verifying data using the key pairs.
It's important to call out that the security of this system is dependent on
choosing a random seed value that's incorporated into the signing process.
If this value was leaked or if it can be inferred if the prime number isn't truly random,
then it's possible for an attacker to recover the private key.
This actually happened in 2010 to Sony with their PlayStation 3 game console.
It turns out they weren't ensuring this randomized value was changed for every signature.
This resulted in a hacker group called failOverflow being able to
recover the private key that Sony used to sign software for their platform.
This allowed moders to write and sign custom software that
was allowed to run on the otherwise very locked down console platform.
This resulted in game piracy becoming a problem for Sony,
as this facilitated the illicit copying and
distribution of games which caused significant losses in sales.
I've included links to more about this in the next reading,
in case you want to dive deeper.
Earlier, we talked about how asymmetric systems are commonly used as
key exchange mechanisms to establish
a shared secret that will be used with symmetric cipher.
Another popular key exchange algorithm is
DH or Diffie-Hellman named for the co-inventors.
Let's walk through how the DH key exchange algorithm works.
Let's assume we have two people who would like to communicate over an unsecured channel,
and let's call them Suzanne and Daryll.
I've grown pretty fond of these two.
First, Suzanne and Daryl agree on
the starting number that would be random and will be very large integer.
This number should be different for every session and doesn't need to be secret.
Next, each person chooses another randomized large number but this one is kept secret.
Then, they combine their shared number with
their respective secret number and send the resulting mix to each other.
Next, each person combines their secret number
with the combined value they received from the previous step.
The result is a new value that's the same on both sides without
disclosing enough information to
any potential eavesdroppers to figure out the shared secret.
This algorithm was designed solely for key exchange,
though there have been efforts to adapt it for encryption purposes.
It's even been used as part of a PKI system or Public Key Infrastructure system.
We'll dive more into PKI systems later in this course.
Elliptic curve cryptography or ECC is a public key encryption system that
uses the algebraic structure of
elliptic curves over finite fields to generate secure keys.
What does that even mean?
Well, traditional public key systems,
make use of factoring large prime numbers whereas ECC makes use of elliptic curves.
And elliptic curve is composed of a set of coordinates that fit in equation,
similar to something like Y to the second equals X to the third,
plus A X plus B. Elliptic curves have a couple of interesting and unique properties.
One is horizontal symmetry,
which means that at any point in the curve can be mirrored
along the x axis and still make up the same curve.
On top of this, any non-vertical line will intersect the curve in three places at most.
Its this last property that allows elliptic curves to be used in encryption.
The benefit of elliptic curve based encryption systems is that they are able to achieve
security similar to traditional public key systems with smaller key sizes.
So, for example, a 256 bit elliptic curve key,
would be comparable to a 3,072 bit RSA key.
This is really beneficial since it reduces the amount of data
needed to be stored and transmitted when dealing with keys.
Both Diffie-Hellman and DSA have elliptic curve variants,
referred to as ECDH and ECDSA, respectively.
The US NEST recommends the use of EC encryption,
and the NSA allows its use to protect up the top secret data with 384 bit EC keys.
But, the NSA has expressed concern about EC encryption
being potentially vulnerable to quantum computing attacks,
as quantum computing technology continues to evolve and mature.
I'm going to buy Suzanne and Darryl drink today for all their hard work.
In the meantime, we've cooked up an assignment for
you that will test your encryption and decryption skills.
Take your time to decode all the details,
and I'll see you all in the next lesson.
