Digital Signatures and Authentication

Suppose Alice wants to send Bob the message:

Call off the attack, it's a trap! Signed, Alice

She encrypts her message with Bob's public key and radios it to him. Meanwhile, Eve sends Bob the message:

Go on with the attack, it's all clear! Signed, Alice

She also encrypts the message with Bob's public key and radios it to him. She's pretending to be Alice! What is Bob to think?

An important aspect of public key encryption: both keys can encrypt, and the two keys are opposites – one can decrypt what the other encrypts.

So, here's what Alice does: she encrypts her message with her own private key. Bob gets it and successfully decrypts it with Alice's public key (posted on her website). Bob realizes that only Alice could have sent this message, since only her private key can create a message that her public key can decrypt.

Thus, public key encryption can give us digital signatures

Key Escrow

What if Alice and Bob are bad guys and Eve is the government? How can the government eavesdrop on encrypted communications, to protect the public?

Through the 90s, the U.S. government did several things:

• categorized strong crypto systems as munitions, like napalm and cluster bombs, making it illegal to export them from the US
• established the Data Encryption Standard (DES) and required computer manufacturers to use it for any encryption
• required that the government be given a copy of any key generated, so law enforcement could decrypt any message deemed necessary to decrypt

There was a lot of resistance from computer manufacturers, privacy advocates, civil libertarians and others. The government eventually caved in, but in our current climate, the desire to clamp down on cryptography will rise again!