WEBVTT

1
00:00:00.090 --> 00:00:01.350
In this lesson,

2
00:00:01.350 --> 00:00:04.770
we will learn about Asymmetric Cryptography.

3
00:00:04.770 --> 00:00:06.690
Asymmetric cryptography,

4
00:00:06.690 --> 00:00:09.960
also known as public-key cryptography,

5
00:00:09.960 --> 00:00:12.000
uses a pair of keys,

6
00:00:12.000 --> 00:00:14.310
one public and one private,

7
00:00:14.310 --> 00:00:16.620
to encrypt and decrypt data.

8
00:00:16.620 --> 00:00:20.280
In application, one key is used for encryption,

9
00:00:20.280 --> 00:00:23.250
and the other is used for decryption.

10
00:00:23.250 --> 00:00:24.390
The same public

11
00:00:24.390 --> 00:00:28.530
or private key cannot be used for both encryption

12
00:00:28.530 --> 00:00:30.120
and decryption.

13
00:00:30.120 --> 00:00:33.300
Let's learn more about asymmetric cryptography

14
00:00:33.300 --> 00:00:34.680
and code signing.

15
00:00:34.680 --> 00:00:38.310
First, we have asymmetric cryptography.

16
00:00:38.310 --> 00:00:42.510
Asymmetric cryptography uses two separate keys,

17
00:00:42.510 --> 00:00:44.760
a public key for encryption

18
00:00:44.760 --> 00:00:47.310
and a private key for decryption.

19
00:00:47.310 --> 00:00:51.870
This key pair approach enhances security by ensuring

20
00:00:51.870 --> 00:00:53.610
that even if one key,

21
00:00:53.610 --> 00:00:57.180
for example, the public key, is widely shared,

22
00:00:57.180 --> 00:00:58.890
the data remains secure

23
00:00:58.890 --> 00:01:01.980
because the private key is the only key

24
00:01:01.980 --> 00:01:04.200
that can decrypt the information.

25
00:01:04.200 --> 00:01:07.680
Asymmetric encryption is particularly useful

26
00:01:07.680 --> 00:01:11.310
for secure communication, digital signatures,

27
00:01:11.310 --> 00:01:13.560
and the key exchange process,

28
00:01:13.560 --> 00:01:17.790
making it fundamental in modern security protocols.

29
00:01:17.790 --> 00:01:20.613
Common asymmetric algorithms include:

30
00:01:20.613 --> 00:01:25.613
RSA, DSA, Diffie-Hellman, ElGamal,

31
00:01:25.620 --> 00:01:28.530
and Elliptic Curve Cryptography.

32
00:01:28.530 --> 00:01:30.480
The RSA algorithm,

33
00:01:30.480 --> 00:01:32.550
named after its inventors,

34
00:01:32.550 --> 00:01:34.830
Rivest, Shamir, and Adleman,

35
00:01:34.830 --> 00:01:37.620
relies on the mathematical difficulty

36
00:01:37.620 --> 00:01:40.530
of factoring large prime numbers,

37
00:01:40.530 --> 00:01:43.830
making it highly secure for encrypting data

38
00:01:43.830 --> 00:01:46.950
and for creating digital signatures.

39
00:01:46.950 --> 00:01:51.570
RSA is commonly used in secure web communications,

40
00:01:51.570 --> 00:01:55.650
such as Secure Socket Layer/Transport Layer Security,

41
00:01:55.650 --> 00:01:58.410
or SSL/TLS protocols,

42
00:01:58.410 --> 00:02:00.630
and in various applications

43
00:02:00.630 --> 00:02:03.930
requiring secure data transmission.

44
00:02:03.930 --> 00:02:07.410
The digital signature algorithm, or DSA,

45
00:02:07.410 --> 00:02:11.790
is an asymmetric encryption method designed specifically

46
00:02:11.790 --> 00:02:14.460
for creating digital signatures.

47
00:02:14.460 --> 00:02:19.080
Unlike RSA, DSA focuses on authentication

48
00:02:19.080 --> 00:02:20.910
and integrity of data,

49
00:02:20.910 --> 00:02:23.430
rather than the encryption itself.

50
00:02:23.430 --> 00:02:27.660
DSA uses mathematical functions to verify

51
00:02:27.660 --> 00:02:30.030
that data has not been altered,

52
00:02:30.030 --> 00:02:33.540
and that it originates from a legitimate sender,

53
00:02:33.540 --> 00:02:36.540
providing an important layer of trust

54
00:02:36.540 --> 00:02:38.910
in digital communications.

55
00:02:38.910 --> 00:02:42.930
Diffie-Hellman, or DH, is primarily used

56
00:02:42.930 --> 00:02:47.820
for secure key exchange rather than direct data encryption.

57
00:02:47.820 --> 00:02:50.070
Diffie-Hellman allows two parties

58
00:02:50.070 --> 00:02:54.570
to independently derive the same shared secret key

59
00:02:54.570 --> 00:02:57.780
over an unsecured communication.

60
00:02:57.780 --> 00:03:01.560
This derived shared secret key can be used

61
00:03:01.560 --> 00:03:03.420
for symmetric encryption.

62
00:03:03.420 --> 00:03:05.820
So Diffie-Hellman is essential

63
00:03:05.820 --> 00:03:08.970
for securely setting up encrypted sessions

64
00:03:08.970 --> 00:03:12.150
between two parties who have never met before,

65
00:03:12.150 --> 00:03:15.120
such as in VPN connections.

66
00:03:15.120 --> 00:03:18.750
El Gamal is an asymmetric encryption algorithm

67
00:03:18.750 --> 00:03:23.040
that builds upon the Diffie-Hellman key exchange method.

68
00:03:23.040 --> 00:03:25.290
It is used for encrypting data

69
00:03:25.290 --> 00:03:27.840
and creating digital signatures,

70
00:03:27.840 --> 00:03:31.440
offering strong security due to its reliance

71
00:03:31.440 --> 00:03:34.590
on complex mathematical problems.

72
00:03:34.590 --> 00:03:37.890
However, ElGamal is generally slower

73
00:03:37.890 --> 00:03:41.160
and requires larger key sizes compared

74
00:03:41.160 --> 00:03:43.740
to other asymmetric algorithms,

75
00:03:43.740 --> 00:03:47.280
which can limit its practical applications.

76
00:03:47.280 --> 00:03:50.700
Elliptic Curve Cryptography, or ECC,

77
00:03:50.700 --> 00:03:53.940
is a modern asymmetric algorithm known

78
00:03:53.940 --> 00:03:58.890
for its strong security with relatively small key sizes.

79
00:03:58.890 --> 00:04:03.210
ECC provides similar security to RSA,

80
00:04:03.210 --> 00:04:05.460
but with much shorter keys,

81
00:04:05.460 --> 00:04:08.250
which reduces computational overhead

82
00:04:08.250 --> 00:04:10.650
and makes it highly efficient.

83
00:04:10.650 --> 00:04:15.570
This makes ECC particularly useful for mobile devices,

84
00:04:15.570 --> 00:04:17.190
IoT devices,

85
00:04:17.190 --> 00:04:20.520
and other environments where processing power

86
00:04:20.520 --> 00:04:22.740
and bandwidth are limited.

87
00:04:22.740 --> 00:04:25.650
Overall, asymmetric encryption

88
00:04:25.650 --> 00:04:29.880
offers a significant advantage over symmetric encryption

89
00:04:29.880 --> 00:04:33.630
because it does not require sharing a secret key

90
00:04:33.630 --> 00:04:35.130
between parties,

91
00:04:35.130 --> 00:04:39.180
reducing the risk of the key being intercepted.

92
00:04:39.180 --> 00:04:42.090
However, asymmetric encryption

93
00:04:42.090 --> 00:04:44.580
does have several challenges.

94
00:04:44.580 --> 00:04:48.660
These challenges are that asymmetric encryption

95
00:04:48.660 --> 00:04:52.110
requires significant computational power,

96
00:04:52.110 --> 00:04:53.280
making it slower

97
00:04:53.280 --> 00:04:56.490
and less efficient than symmetric encryption,

98
00:04:56.490 --> 00:05:00.270
especially on devices with limited resources.

99
00:05:00.270 --> 00:05:01.530
The slower speed

100
00:05:01.530 --> 00:05:04.410
and increased computational power needs

101
00:05:04.410 --> 00:05:07.560
make it suitable only for small data,

102
00:05:07.560 --> 00:05:11.820
like digital signatures, rather than large files.

103
00:05:11.820 --> 00:05:15.120
In addition, the security of the private key

104
00:05:15.120 --> 00:05:17.940
is critical in asymmetric encryption

105
00:05:17.940 --> 00:05:20.970
because if the private key is compromised,

106
00:05:20.970 --> 00:05:24.360
the entire encryption system is vulnerable.

107
00:05:24.360 --> 00:05:26.430
Despite these limitations,

108
00:05:26.430 --> 00:05:29.100
asymmetric encryption is excellent

109
00:05:29.100 --> 00:05:32.040
for securely sharing symmetric keys,

110
00:05:32.040 --> 00:05:34.680
which are then used for bulk encryption.

111
00:05:34.680 --> 00:05:37.230
This approach combines the strengths

112
00:05:37.230 --> 00:05:39.180
of both encryption types,

113
00:05:39.180 --> 00:05:43.080
the security of asymmetric encryption for key exchange

114
00:05:43.080 --> 00:05:47.040
and the efficiency of symmetric encryption for encrypting

115
00:05:47.040 --> 00:05:49.650
and decrypting large amounts of data.

116
00:05:49.650 --> 00:05:53.700
For example, in a secure communication session,

117
00:05:53.700 --> 00:05:57.510
the sender uses the recipient's public key

118
00:05:57.510 --> 00:05:59.700
to encrypt a symmetric key

119
00:05:59.700 --> 00:06:02.490
that the sender has created for the session.

120
00:06:02.490 --> 00:06:05.280
Once the symmetric key is securely delivered

121
00:06:05.280 --> 00:06:06.600
to the recipient,

122
00:06:06.600 --> 00:06:09.660
both parties can use that symmetric key

123
00:06:09.660 --> 00:06:13.170
to encrypt and decrypt data efficiently.

124
00:06:13.170 --> 00:06:14.700
This method ensures

125
00:06:14.700 --> 00:06:17.580
that if someone intercepts the key exchange,

126
00:06:17.580 --> 00:06:21.780
they cannot access the symmetric key without having access

127
00:06:21.780 --> 00:06:25.770
to the recipient's private key, which they don't have.

128
00:06:25.770 --> 00:06:28.290
This maintains the confidentiality

129
00:06:28.290 --> 00:06:31.380
and integrity of the communication.

130
00:06:31.380 --> 00:06:33.690
This process is the basis

131
00:06:33.690 --> 00:06:38.070
of the SSL/TLS key exchange process.

132
00:06:38.070 --> 00:06:40.500
Second, we have code signing.

133
00:06:40.500 --> 00:06:43.110
Code signing is an important application

134
00:06:43.110 --> 00:06:45.240
of asymmetric cryptography

135
00:06:45.240 --> 00:06:47.640
that helps ensure the authenticity

136
00:06:47.640 --> 00:06:49.890
and integrity of software.

137
00:06:49.890 --> 00:06:51.420
In code signing,

138
00:06:51.420 --> 00:06:53.010
a software developer

139
00:06:53.010 --> 00:06:56.310
or organization uses its private key

140
00:06:56.310 --> 00:06:59.970
to create a digital signature for its code.

141
00:06:59.970 --> 00:07:04.020
This digital signature acts like a seal of approval,

142
00:07:04.020 --> 00:07:07.320
showing that the code comes from a trusted source

143
00:07:07.320 --> 00:07:10.950
and has not been altered since it was signed.

144
00:07:10.950 --> 00:07:14.070
When a user downloads the software signed

145
00:07:14.070 --> 00:07:16.500
by the developer's private key,

146
00:07:16.500 --> 00:07:20.130
their computer uses the developer's public key

147
00:07:20.130 --> 00:07:22.380
to verify the signature.

148
00:07:22.380 --> 00:07:24.630
If the signature verifies,

149
00:07:24.630 --> 00:07:27.960
the software is confirmed as genuine,

150
00:07:27.960 --> 00:07:30.120
and a user knows they can trust

151
00:07:30.120 --> 00:07:32.490
that it has not been tampered with.

152
00:07:32.490 --> 00:07:36.840
So think of code signing like a wax seal on a letter

153
00:07:36.840 --> 00:07:38.550
from a trusted sender.

154
00:07:38.550 --> 00:07:42.180
Just as that wax seal shows that the letter is genuine

155
00:07:42.180 --> 00:07:43.650
and unopened,

156
00:07:43.650 --> 00:07:47.370
a digital signature shows that code is authentic

157
00:07:47.370 --> 00:07:49.080
and safe to use.

158
00:07:49.080 --> 00:07:52.320
Without code signing, users would have no way

159
00:07:52.320 --> 00:07:56.040
of knowing whether the software they are downloading

160
00:07:56.040 --> 00:07:58.260
had been altered by an attacker

161
00:07:58.260 --> 00:08:00.870
to contain some malicious code.

162
00:08:00.870 --> 00:08:02.190
In this way,

163
00:08:02.190 --> 00:08:06.210
code signing protects both the developer's reputation

164
00:08:06.210 --> 00:08:08.400
and the user's security

165
00:08:08.400 --> 00:08:12.360
by ensuring that only legitimate, unaltered software

166
00:08:12.360 --> 00:08:14.820
is installed on a device.

167
00:08:14.820 --> 00:08:18.210
So the code signing process is essential

168
00:08:18.210 --> 00:08:21.600
for maintaining trust in software distribution,

169
00:08:21.600 --> 00:08:25.530
especially where downloads happen frequently.

170
00:08:25.530 --> 00:08:29.760
So remember, asymmetric cryptography,

171
00:08:29.760 --> 00:08:33.180
also known as public-key cryptography,

172
00:08:33.180 --> 00:08:35.520
uses a pair of keys,

173
00:08:35.520 --> 00:08:38.070
one public and one private,

174
00:08:38.070 --> 00:08:40.440
where one key encrypts the data

175
00:08:40.440 --> 00:08:42.750
and the other key decrypts it.

176
00:08:42.750 --> 00:08:47.490
The use of a key pair provides secure communication

177
00:08:47.490 --> 00:08:51.120
without needing to share secret keys directly.

178
00:08:51.120 --> 00:08:56.120
However, asymmetric encryption is computationally intensive,

179
00:08:56.370 --> 00:08:59.640
limited in the size of data that it can handle,

180
00:08:59.640 --> 00:09:03.000
and relies on keeping the private key private,

181
00:09:03.000 --> 00:09:05.370
as compromising the private key

182
00:09:05.370 --> 00:09:08.310
can jeopardize the entire system.

183
00:09:08.310 --> 00:09:11.430
But even with these limitations,

184
00:09:11.430 --> 00:09:16.050
asymmetric encryption excels as a method of encrypting

185
00:09:16.050 --> 00:09:18.870
and exchanging a symmetric key,

186
00:09:18.870 --> 00:09:22.680
which can then be used for bulk session encryption.

187
00:09:22.680 --> 00:09:26.910
So asymmetric cryptography is widely used

188
00:09:26.910 --> 00:09:30.450
in secure communications, digital signatures,

189
00:09:30.450 --> 00:09:32.490
and key exchanges.

190
00:09:32.490 --> 00:09:36.210
Common asymmetric encryption algorithms include:

191
00:09:36.210 --> 00:09:39.780
RSA, DSA, Diffie-Hellman,

192
00:09:39.780 --> 00:09:43.203
Elliptic Curve Cryptography, and ElGamal.