Score:1

Asymmetric key Cryptography

by flag

In asymmetric key cryptography, public key is available to everyone. If an attacker encrypts the message sent by another user then the receiver might receive that message. Then how the security is established in this scenario.

kr flag
Does this answer your question? [How does asymmetric encryption work?](https://crypto.stackexchange.com/questions/292/how-does-asymmetric-encryption-work)
Score:2
in flag

It isn't; an attacker can encrypt any message. You have to add message integrity and authenticity to the plaintext or ciphertext. For this the sender needs to be able to authenticate the messages send. This obviously isn't possible using just the publicly available encryption key.


When we're talking about separate messages (e.g. document protection) then this is usually performed using sign-then-encrypt. Here the sender signs the messages before they are encrypted using their own private key. The receiver then verifies the messages after decryption using the public key of the sender. This public key of the sender of course needs to be trusted for this scheme to work.

As public key encryption isn't very efficient for larger messages, and because the signature (and meta information) generally expands the messages, it is generally required to use hybrid encryption for sign-then-encrypt to work. In that case the encryption scheme could also use a Key Encapsulation Method such as RSA-KEM or (EC)IES.

In principle it is also possible to use a MAC (message authentication code), but that would require a pre-shared secret key, which would destroy the advantages of using public key encryption in the first place.


In transport mode security (e.g. TLS, SSH) the public key cryptography is generally used to establish a secret between the parties before messages are send through the transport channel. In that case the messages are encrypted by a session key and protected using an authentication tag. This tag can be calculated using a MAC (e.g. HMAC) or by using an authenticated mode of encryption (e.g. ChaCha20/Poly1305).

For this to work both sides need to be authenticated as well, otherwise the sender doesn't know who is receiving the data, and the receiver doesn't know who is sending it. So although the messages themselves are protected differently, the key management is similar to protecting separate messages.

Ruhan Saini avatar
by flag
Thanks for the answer. But the answer revolves around providing the solution to the problem but my doubt is basically can attacker take any benefit of encryption of message using public key sent by the sender. Can he attack the message and manipulate it and if it will be identified by the receiver? Further what could be the possible drawback of public key accessible to attacker. Thanks again.
Maarten Bodewes avatar
in flag
That depends. If an RSA padding scheme is used then unpadding is generally catching any deliberate changes (that do not largely change the entire ciphertext). However, you could also use EC(IES) or RSA-KEM, in which case any change can only be caught by the symmetric algorithm that is used to actually encrypt the message. If that's an authenticated cipher such as AES-GCM then this is certain, but if it is e.g. AES-CBC then you might just get garbled messages, usually once in 256.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.