previous | start | next

Public Key Authentication

This is the technique by which an entity verifies that her communication partner is who he purports to be and not an imposter. Authentication can be easily achieved if both parties share a common secret key or keys, (eg, typical password authentication) however it's much more nicely done using Public Key cryptography:
 
Public key cryptosystems can provide authentication if, in addition to:
P = D ( E ( P ) )
we also have:
P = E ( D ( P ) )
This is true for RSA. Now consider Alice, who wishes to authenticate herself to a communications partner Bob. Bob already knows Alice's public key.
 
Alice convinces Bob that she's who she claims to be
Alice announces to Bob that she wishes to communicate. Bob responds by choosing a large, single-use random number R (sometimes called a nonce) which he sends to Alice. Alice encrypts the random number using her private key, da and returns the encrypted value to Bob. Bob applies Alice's public key to the returned value, and if it decrypts to R then he can be certain of the identity of his communication partner. It's obvious that this protocol could be extended to verify the identity of Bob as well.
 


previous | start | next