Public Key Cryptography

[Dave Bird---St Hippo of Augustine]

In article <Marcel-1.26-0829114836-345UU5&@oxted.demon.co.uk>, George
Foot <georgefoot@oxted.demon.co.uk> writes
>
>
>The Privacy of Electronic Communications.
>A Critique of Public Key Cryptosystems.

This is an excellent essay---forgive me if my comments as a layperson
are somewhat simpleminded---I am interested in solutions,
remedies and alternatives, for the problems posed.
>
>I have been diffident about posting the following Article because 
>of its length.

It is in fact very concise i.e. covers much content per unit of text.

>It is very difficult to keep something secret for an extended period 
>of time when it has to be employed every day and guarded every night -- 
>the more so obviously when the owner of a Private Key is a company or 
>other organization engaged in large scale business at numerous locations.
>Apart from other considerations the considerable vigilance which 
>is necessary to operate any security system cannot be maintained 
>at a sufficiently high level and be continued ceaselessly over 
>long periods by human beings who are concerned with day-to-day 
>problems relating to  their duties and distracted not infrequently 
>by various personal worries.  Lapses on the part of operators are 
>the commonest weaknesses in any security system.

This indeed applies to every kind of security hence no other kind
would do better.

>It is the vulnerability of the Private Key which is the inherent 
>weakness of a Public Key Cryptosystem.  The loss of a Private 
>Key for whatever reason is a disaster which, in practice, is very 
>likely to occur and almost impossible to prevent.

Likewise losing the key is a problem in every security system. 
The only way round a 3rd party getting the key material---but not a
legitimate user being corrupt[ed]---is including a codesigned voiceprint
or similar physical identifier of the person in the "passphrase".

>(3)  THE PUBLIC KEY:
>
Key distribution is the traditional problem; of a PK for me that
will enable you to (a) send messages to me or (b) recognise my
signature. (a) is only a problem if they can *also* fake what
my address is and thus fake being me as recipient, (b) could be
used to forge me as being sender and/or authenticator of text.

I can't see any way round except exchanging keys directly or
via introduction though a trusted middleman---which is how we
verify identity now.

>A major weakness inherent in a Public Key Cryptosystem is the 
>difficulty of withdrawing a Public Key which is no longer valid 
>-- this difficulty needs emphasis because it could bring Public 
>Keys methods into disrespect.  The problem is simple to explain 
>but an effective solution does not exist and possibly is 
>impossible to find.

Logically the structure in terms of data structures is that
each *trusted*middleman* public directory for keys must on
aquiring a new key also have a "two way pointer"---tell the
owner it has a copy of his key.  Then the owner can repudiate
all of them when the time comes.  To test malicious blocking
of deletions you would try a second directory at random and
delete at one only rings alarm bells.  Continuing a repudiated
public key presumably give me the (a) problem above.

>(4)  ESCROW

I think every sensible person agrees with your arguments against this.

>(5)  TECHNIQUES

>The response is to increase the Key length employed for encryption but 
>this can only be done at the expense of increasing computational 
>load -- the battle therefore becomes a contest between larger and 
>larger computers.  It is true that computers of greater capacity are 
>becoming available at lower cost but nevertheless it is not rewarding 
>to squander computer power in this manner and older and slower computers 
>are penalised.  

This is a decision on priorities and value for money i.e.
if it's worthwhile the means will be found.

>of a specified length.   Moreover, breaking the Key enables the 
>cryptoanalyst surreptitiously to learn the contents of every 
>message sent with that Key both after and before the Key was 
>broken. 

True of all public transit security systems---not true if the data
owner has all copies and simply destroys it when no longer needed.  
The solution to datasniffing in transit areas, as opposed to at
sender or recipient,  is private or pseudoprivate transit.  
"Private" means that the disk goes by courrier or the modulated
data down your own wire:  not through a public area.

"PseudoPrivate" means when proxies are used that an attempt is
made to cloak its passage through public areas.  As with an
extended intranet across multiple locations which goes tripleDES
protected across public links.  Here you would use proxies 
like current remailers with their own monthly-changing keys:
to get cyphertext intruders have to have compromised the keys of
enough proxies then know which it's going through and unwrap
their encryption to get the sender's cyphertext.  No cyphertext
even with the public key cracked means no plaintext. 

Concealed plaintext might include a not-so-public revised sending key,
not revealed in public directories hence not open to continual
cracking attempts.  Such measures shift the effort out of public transit
areas and back to message snatching near the two ends.  No security is
infinitely strong, but this much increases the effort-to-crack.

> 
>(6)  DIGITAL SIGNATURES
>
>Much weight has been given to the possibility of confirming the 
>origin of an electronic transmission if double encryption is 
>employed in a manner which utilises the Public Keys of both sender 
>and receiver.
>
>This is technologically a brilliant concept but not a very 
>serviceable feature.  In the first place it is supposed that the 
>evidence of origin produced in this manner will satisfy the very 
>rigorous examination to which it will be subjected by the legal 
>system.  The debate which is being conducted at the present time 
>shows that this is far from the case.  Legal experts have expressed 
>themselves as dissatisfied and uneasy with the arguments presented 
>to them.  

How does it work with the electronic transfer of large 
sums between banks?  Really important documents will still
be physically signed and witnessed in permanent ink, and
sent by trusted courrier.

>(7)  REALITY
>
>Why use a Public Key Cryptosystem ?    
>
>There is an appeal in the idea of Public Keys which can be 
>published by everybody and become available to everyone else 
>but the idea is more romantic than sensible.  

I suspect people will use it to the extent their perceived
need outweighs the inconvenience of doing so.  Measures to
reduce inconvenience would increase use.

>Our need is for a simple method of encrypting those portions of 
>our electronic communications which need protection from other 
>eyes.  For that purpose Public Key Cryptosystems are subject 
>to all the drawbacks which have been described above.
> 
>
>George Foot.
>

                                            |~/           |~/
~~|;'^';-._.-;'^';-._.-;'^';-._.-;'^';-._.-;||';-._.-;'^';||_.-;'^'0-|~~
P |      Woof Woof, Glug Glug               ||____________||      0  | P
O |   Who Drowned the Judge's Dog?          | . . . . . . . '----. 0 | O
O |         answers on                  *---|_______________  @__o0  | O
L |{a href="news:alt.religion.scientology"}{/a}_____________|/_______| L
and{a href="http://www.xemu.demon.co.uk/clam/lynx/q0.html"}{/a}XemuSP4(:)