WEBVTT 1 00:00:00.000 --> 00:00:01.410 In this lesson, 2 00:00:01.410 --> 00:00:04.830 we will learn about Asymmetric Algorithms. 3 00:00:04.830 --> 00:00:08.490 Asymmetric Encryption Algorithms are cryptographic 4 00:00:08.490 --> 00:00:12.450 techniques that result in the generation of key pairs, 5 00:00:12.450 --> 00:00:15.270 one public and one private key. 6 00:00:15.270 --> 00:00:19.920 These key pairs are used for encryption and decryption. 7 00:00:19.920 --> 00:00:22.890 Asymmetric encryption algorithms include 8 00:00:22.890 --> 00:00:26.310 the Digital Signature algorithm, or DSA; 9 00:00:26.310 --> 00:00:28.860 RSA known for its creators, 10 00:00:28.860 --> 00:00:31.110 Rivest, Shamir, and Adleman; 11 00:00:31.110 --> 00:00:33.450 Diffie-Hellman, or DH 12 00:00:33.450 --> 00:00:37.680 and Elliptic Curve Cryptography, or ECC. 13 00:00:37.680 --> 00:00:41.370 Let's learn more about RSA, DSA, 14 00:00:41.370 --> 00:00:46.370 DH and ECC asymmetric encryption algorithms. 15 00:00:46.770 --> 00:00:48.990 First, we have RSA. 16 00:00:48.990 --> 00:00:52.350 The RSA algorithm named after its inventors, 17 00:00:52.350 --> 00:00:56.400 Ron Rivest, Adi Shamir, and Leonard Adleman 18 00:00:56.400 --> 00:00:59.550 is one of the most widely used asymmetric 19 00:00:59.550 --> 00:01:01.170 encryption methods. 20 00:01:01.170 --> 00:01:03.930 RSA is secure because it relies 21 00:01:03.930 --> 00:01:05.970 on the mathematical challenge 22 00:01:05.970 --> 00:01:08.610 of factoring large prime numbers. 23 00:01:08.610 --> 00:01:12.930 The process starts by generating two large prime numbers, 24 00:01:12.930 --> 00:01:15.330 which are then multiplied together. 25 00:01:15.330 --> 00:01:18.330 The product of these two large prime numbers 26 00:01:18.330 --> 00:01:20.910 is a critical part of the public key 27 00:01:20.910 --> 00:01:23.970 and is extremely difficult to factor back 28 00:01:23.970 --> 00:01:25.980 into its original primes 29 00:01:25.980 --> 00:01:29.820 if an attacker is trying to reverse engineer the encryption. 30 00:01:29.820 --> 00:01:33.690 This is because the original prime numbers are very large, 31 00:01:33.690 --> 00:01:36.270 typically hundreds of digits long. 32 00:01:36.270 --> 00:01:40.380 The security of RSA depends on this factoring problem, 33 00:01:40.380 --> 00:01:44.190 because while multiplying primes together is simple, 34 00:01:44.190 --> 00:01:48.150 reversing this process is computationally infeasible 35 00:01:48.150 --> 00:01:51.420 for large numbers with the current technology. 36 00:01:51.420 --> 00:01:55.200 This setup ensures only the private key owner 37 00:01:55.200 --> 00:01:59.040 can decrypt messages encrypted with the public key 38 00:01:59.040 --> 00:02:04.040 making RSA effective for secure SSL/TLS communications, 39 00:02:04.920 --> 00:02:07.830 key exchanges and digital signatures. 40 00:02:07.830 --> 00:02:11.340 RSA also supports various key sizes 41 00:02:11.340 --> 00:02:16.260 ranging from 1024 to 4,096 bits 42 00:02:16.260 --> 00:02:20.070 with larger key sizes offering stronger security 43 00:02:20.070 --> 00:02:23.850 at the cost of increased computational requirements. 44 00:02:23.850 --> 00:02:27.030 This balance of security and flexibility 45 00:02:27.030 --> 00:02:29.580 makes RSA a cornerstone 46 00:02:29.580 --> 00:02:32.340 of modern cryptographic processes. 47 00:02:32.340 --> 00:02:35.880 Second, we have the Digital Signature Algorithm, 48 00:02:35.880 --> 00:02:37.260 or DSA. 49 00:02:37.260 --> 00:02:41.160 DSA is an asymmetric cryptographic algorithm, 50 00:02:41.160 --> 00:02:44.250 specifically designed for digital signatures, 51 00:02:44.250 --> 00:02:48.270 providing a secure way to verify the authenticity 52 00:02:48.270 --> 00:02:50.460 and integrity of data. 53 00:02:50.460 --> 00:02:54.180 Unlike RSA, which is used both for encryption 54 00:02:54.180 --> 00:02:58.830 and signatures, DSA is tailored solely for signing, 55 00:02:58.830 --> 00:03:01.020 focusing on proving that a message 56 00:03:01.020 --> 00:03:02.850 comes from a legitimate sender 57 00:03:02.850 --> 00:03:04.770 and has not been altered. 58 00:03:04.770 --> 00:03:08.520 DSA's security relies on the complexity 59 00:03:08.520 --> 00:03:11.550 of discreet logarithmic problems. 60 00:03:11.550 --> 00:03:15.450 DSA was developed independently to address the need 61 00:03:15.450 --> 00:03:17.670 for efficient digital signatures, 62 00:03:17.670 --> 00:03:21.990 offering faster signature generation compared to RSA. 63 00:03:21.990 --> 00:03:26.990 However, DSA is slower than RSA in verifying signatures, 64 00:03:27.150 --> 00:03:30.270 highlighting the typical trade-off in cryptography, 65 00:03:30.270 --> 00:03:34.140 where improvements in one area like speed of signing 66 00:03:34.140 --> 00:03:37.200 may lead to lower performance in another area, 67 00:03:37.200 --> 00:03:39.900 such as signature verification. 68 00:03:39.900 --> 00:03:44.370 Overall, DSA's design ensures data authenticity 69 00:03:44.370 --> 00:03:45.630 and integrity, 70 00:03:45.630 --> 00:03:47.430 making it an important tool 71 00:03:47.430 --> 00:03:50.400 in secure digital communications. 72 00:03:50.400 --> 00:03:54.360 Third, we have Diffie-Hellman, or DH. 73 00:03:54.360 --> 00:03:57.600 The Diffie-Hellman method was one of the first solutions 74 00:03:57.600 --> 00:04:00.450 for symmetric key exchange problems. 75 00:04:00.450 --> 00:04:04.230 It plays an important role in secure communications, 76 00:04:04.230 --> 00:04:06.690 particularly in VPN tunnels 77 00:04:06.690 --> 00:04:08.790 and other encryption protocols 78 00:04:08.790 --> 00:04:12.180 that require exchanging a shared secret key. 79 00:04:12.180 --> 00:04:14.790 Diffie-Hellman allows two parties 80 00:04:14.790 --> 00:04:17.580 to establish a common symmetric key 81 00:04:17.580 --> 00:04:21.630 over an unsecured channel without ever exchanging 82 00:04:21.630 --> 00:04:24.420 that secured key between parties, 83 00:04:24.420 --> 00:04:28.710 relying instead on a complex mathematical process 84 00:04:28.710 --> 00:04:33.180 involving discreet logarithms and a shared secret. 85 00:04:33.180 --> 00:04:36.840 To understand this complex mathematical process, 86 00:04:36.840 --> 00:04:41.280 imagine Diffie-Hellman as a secure way of mixing colors 87 00:04:41.280 --> 00:04:43.170 to create a shared secret 88 00:04:43.170 --> 00:04:47.160 or color without directly sharing that secret itself. 89 00:04:47.160 --> 00:04:50.610 Here's how the process works using colors. 90 00:04:50.610 --> 00:04:54.420 Alice and Bob, who want to communicate securely 91 00:04:54.420 --> 00:04:57.840 start by agreeing on a common base color 92 00:04:57.840 --> 00:04:59.010 such as yellow. 93 00:04:59.010 --> 00:05:01.350 This yellow color is public 94 00:05:01.350 --> 00:05:03.180 and visible to everyone, 95 00:05:03.180 --> 00:05:06.300 including any malicious eavesdroppers. 96 00:05:06.300 --> 00:05:09.690 Next, Alice and Bob each secretly choose 97 00:05:09.690 --> 00:05:11.670 their own private colors. 98 00:05:11.670 --> 00:05:15.390 Let's say Alice picks red and Bob picks blue. 99 00:05:15.390 --> 00:05:17.610 They keep these colors private 100 00:05:17.610 --> 00:05:20.430 and they do not share them with anyone. 101 00:05:20.430 --> 00:05:23.910 Next, Alice mixes her private red color 102 00:05:23.910 --> 00:05:28.170 with the public yellow color to create a unique orange, 103 00:05:28.170 --> 00:05:31.230 and Bob mixes his private blue color 104 00:05:31.230 --> 00:05:35.460 with the public yellow color to create a unique green. 105 00:05:35.460 --> 00:05:38.760 They then each send their mixed colors, 106 00:05:38.760 --> 00:05:42.540 orange and green, to each other over an open channel, 107 00:05:42.540 --> 00:05:44.400 which anyone can see. 108 00:05:44.400 --> 00:05:47.460 This is possible because mathematically, 109 00:05:47.460 --> 00:05:50.130 even if a malicious eavesdropper captures 110 00:05:50.130 --> 00:05:52.020 the orange and green colors, 111 00:05:52.020 --> 00:05:55.020 they cannot extract the public yellow color 112 00:05:55.020 --> 00:05:58.080 to reveal Alice and Bob's private color. 113 00:05:58.080 --> 00:06:00.240 The math just doesn't allow it. 114 00:06:00.240 --> 00:06:04.620 Now, the secret to Diffie-Hellman lies in the next step. 115 00:06:04.620 --> 00:06:07.440 When Alice receives Bob's green color, 116 00:06:07.440 --> 00:06:10.170 she mixes it with her private red color, 117 00:06:10.170 --> 00:06:13.320 creating a secret color that only she knows. 118 00:06:13.320 --> 00:06:17.220 Similarly, when Bob receives Alice's orange color, 119 00:06:17.220 --> 00:06:20.070 he mixes it with his private blue color 120 00:06:20.070 --> 00:06:22.890 to create a color that only he knows. 121 00:06:22.890 --> 00:06:26.340 And because the combination of colors that both Alice 122 00:06:26.340 --> 00:06:28.530 and Bob used was the same, 123 00:06:28.530 --> 00:06:32.070 they both create the exact same color. 124 00:06:32.070 --> 00:06:36.210 So Diffie-Hellman has enabled both Alice and Bob 125 00:06:36.210 --> 00:06:40.320 to independently derive the same symmetric key 126 00:06:40.320 --> 00:06:45.030 without ever sharing that symmetric key across the network. 127 00:06:45.030 --> 00:06:49.170 However, Diffie-Hellman does not provide authentication 128 00:06:49.170 --> 00:06:53.130 on its own, meaning it cannot verify the identity 129 00:06:53.130 --> 00:06:55.200 of communicating parties. 130 00:06:55.200 --> 00:06:58.290 This lack of authentication makes it vulnerable 131 00:06:58.290 --> 00:07:01.920 to certain attacks, such as a logjam attack, 132 00:07:01.920 --> 00:07:04.740 where attackers can pre-compute the steps 133 00:07:04.740 --> 00:07:06.720 of the Diffie-Hellman exchange 134 00:07:06.720 --> 00:07:10.860 to break keys up into 1024 bits. 135 00:07:10.860 --> 00:07:14.970 To mitigate this risk, it's recommended to use key sizes 136 00:07:14.970 --> 00:07:18.000 of 2048 bits or more, 137 00:07:18.000 --> 00:07:21.570 or switch to the more secure Elliptic-Curve 138 00:07:21.570 --> 00:07:23.490 Diffie-Hellman method. 139 00:07:23.490 --> 00:07:27.300 Additionally, Diffie-Hellman is susceptible to on-path 140 00:07:27.300 --> 00:07:29.340 or man-in-the-middle techniques 141 00:07:29.340 --> 00:07:31.350 where an attacker could intercept 142 00:07:31.350 --> 00:07:33.720 and manipulate the key exchange. 143 00:07:33.720 --> 00:07:35.790 To counter this vulnerability, 144 00:07:35.790 --> 00:07:38.100 digital certificates should be used 145 00:07:38.100 --> 00:07:40.920 at the start of the key exchange process 146 00:07:40.920 --> 00:07:44.070 to authenticate the two parties involved. 147 00:07:44.070 --> 00:07:47.788 Overall, Diffie-Hellman allows securely setting up 148 00:07:47.788 --> 00:07:50.760 encryption sessions between two parties 149 00:07:50.760 --> 00:07:53.640 who have never previously exchanged keys, 150 00:07:53.640 --> 00:07:56.640 making it fundamental in applications like 151 00:07:56.640 --> 00:07:58.560 in VPN connections. 152 00:07:58.560 --> 00:08:02.850 Fourth and last, we have Elliptic Curve Cryptography, 153 00:08:02.850 --> 00:08:04.410 or ECC. 154 00:08:04.410 --> 00:08:07.770 ECC is an advanced form of encryption 155 00:08:07.770 --> 00:08:10.620 that uses unique mathematical properties 156 00:08:10.620 --> 00:08:14.220 of elliptic curves to provide high security 157 00:08:14.220 --> 00:08:16.110 with smaller key sizes. 158 00:08:16.110 --> 00:08:19.440 ECC's strength comes from the difficulty 159 00:08:19.440 --> 00:08:23.700 of the elliptic curve discreet logarithm problem. 160 00:08:23.700 --> 00:08:27.480 In simple terms, the Elliptic Curve Discreet Logarithm 161 00:08:27.480 --> 00:08:31.830 problem involves finding a specific point on a curve 162 00:08:31.830 --> 00:08:33.420 starting from a known point, 163 00:08:33.420 --> 00:08:36.420 and then repeatingly adding it to itself. 164 00:08:36.420 --> 00:08:40.560 This is a process known as scalar multiplication. 165 00:08:40.560 --> 00:08:44.970 This operation is easy to perform in one direction, 166 00:08:44.970 --> 00:08:47.940 but extremely difficult to reverse 167 00:08:47.940 --> 00:08:50.790 making it nearly impossible for an attacker 168 00:08:50.790 --> 00:08:53.250 to derive the private key 169 00:08:53.250 --> 00:08:55.920 even if the public key is known. 170 00:08:55.920 --> 00:09:00.150 ECC is particularly well suited for mobile devices, 171 00:09:00.150 --> 00:09:03.060 IOT devices and other systems 172 00:09:03.060 --> 00:09:05.100 with limited processing power 173 00:09:05.100 --> 00:09:08.010 because it offers strong security 174 00:09:08.010 --> 00:09:10.710 with relatively small key sizes. 175 00:09:10.710 --> 00:09:14.610 Unlike RSA, which requires a large key size 176 00:09:14.610 --> 00:09:17.250 to maintain that high security, 177 00:09:17.250 --> 00:09:21.570 ECC achieves similar or even greater security 178 00:09:21.570 --> 00:09:23.610 with much smaller keys 179 00:09:23.610 --> 00:09:26.130 reducing computational demands 180 00:09:26.130 --> 00:09:28.140 and improving speed. 181 00:09:28.140 --> 00:09:32.803 For example, a 256-bit key in ECC 182 00:09:33.690 --> 00:09:35.940 provides comparable security 183 00:09:35.940 --> 00:09:39.840 to a 3072-bit RSA key 184 00:09:39.840 --> 00:09:42.960 making ECC not only faster, 185 00:09:42.960 --> 00:09:46.170 but also less resource intensive. 186 00:09:46.170 --> 00:09:50.430 This efficiency extends to digital signatures as well, 187 00:09:50.430 --> 00:09:53.880 where Elliptic Curve Digital Signature Algorithm 188 00:09:53.880 --> 00:09:57.360 or ECDSA, uses elliptic curves 189 00:09:57.360 --> 00:10:01.500 to provide robust security without the heavy resource 190 00:10:01.500 --> 00:10:05.640 requirements of RSA or DSA on their own. 191 00:10:05.640 --> 00:10:10.640 So ECDSA, like DSA, focuses on signing data 192 00:10:12.090 --> 00:10:14.610 and verifying its authenticity, 193 00:10:14.610 --> 00:10:16.890 but it leverages the efficiency 194 00:10:16.890 --> 00:10:19.980 and security benefits of elliptic curves, 195 00:10:19.980 --> 00:10:23.790 making it a go-to choice for secure communications 196 00:10:23.790 --> 00:10:26.520 in a resource-constrained environments. 197 00:10:26.520 --> 00:10:29.490 Next, the Elliptic-Curve Diffie-Hellman method, 198 00:10:29.490 --> 00:10:32.190 which combines ECC cryptography 199 00:10:32.190 --> 00:10:34.080 with the Diffie-Hellman method, 200 00:10:34.080 --> 00:10:39.080 uses elliptic curves to facilitate secure key exchanges. 201 00:10:39.390 --> 00:10:43.620 In the Elliptic-Curve Diffie-Hellman method two parties 202 00:10:43.620 --> 00:10:46.050 use points on an elliptic curve 203 00:10:46.050 --> 00:10:48.360 to generate a shared secret key 204 00:10:48.360 --> 00:10:50.880 over an insecure channel. 205 00:10:50.880 --> 00:10:54.840 Each party generates a public and private key pair 206 00:10:54.840 --> 00:10:57.960 based on their chosen point on the curve, 207 00:10:57.960 --> 00:11:00.330 and they exchange the public key 208 00:11:00.330 --> 00:11:02.010 with the other party. 209 00:11:02.010 --> 00:11:06.720 Using their own private key and the received public key, 210 00:11:06.720 --> 00:11:10.410 both parties can independently compute the same 211 00:11:10.410 --> 00:11:14.340 shared secret without directly sharing that secret 212 00:11:14.340 --> 00:11:18.600 between themselves, keeping it secure from eavesdropers. 213 00:11:18.600 --> 00:11:22.440 So remember, asymmetric cryptography, 214 00:11:22.440 --> 00:11:25.350 also known as public key cryptography, 215 00:11:25.350 --> 00:11:28.410 uses a pair of keys, one public 216 00:11:28.410 --> 00:11:32.100 and one private to encrypt and decrypt data 217 00:11:32.100 --> 00:11:35.130 enhancing security by eliminating the need 218 00:11:35.130 --> 00:11:37.170 to share a secret key. 219 00:11:37.170 --> 00:11:40.080 Common asymmetric algorithms include: 220 00:11:40.080 --> 00:11:44.220 RSA; DSA, the Digital Signature Algorithm; 221 00:11:44.220 --> 00:11:47.520 Diffie-Hellman; and Elliptic Curve Cryptography, 222 00:11:47.520 --> 00:11:49.020 or ECC. 223 00:11:49.020 --> 00:11:52.560 RSA relies on the difficulty of factoring 224 00:11:52.560 --> 00:11:56.550 large prime numbers, making it highly secure 225 00:11:56.550 --> 00:12:00.090 and widely used for secure data transmission 226 00:12:00.090 --> 00:12:02.130 and digital signatures. 227 00:12:02.130 --> 00:12:05.160 DSA, the Digital Signature Algorithm, 228 00:12:05.160 --> 00:12:08.100 specifically designed for digital signatures, 229 00:12:08.100 --> 00:12:12.690 focuses on verifying data authenticity and integrity 230 00:12:12.690 --> 00:12:16.440 using discrete logarithmic problems for security, 231 00:12:16.440 --> 00:12:20.490 but trading off slower signature verification speeds 232 00:12:20.490 --> 00:12:22.620 as compared to RSA. 233 00:12:22.620 --> 00:12:26.910 Diffie-Hellman primarily used for secure key exchanges 234 00:12:26.910 --> 00:12:30.480 allows two parties to establish a shared secret 235 00:12:30.480 --> 00:12:32.520 over an unsecured channel 236 00:12:32.520 --> 00:12:35.520 without ever directly sharing the key. 237 00:12:35.520 --> 00:12:38.880 Though Diffie-Hellman does lack authentication, 238 00:12:38.880 --> 00:12:41.280 making it vulnerable to certain attacks 239 00:12:41.280 --> 00:12:44.700 unless supplemented with additional security measures 240 00:12:44.700 --> 00:12:46.890 such as digital certificates. 241 00:12:46.890 --> 00:12:50.910 Next, ECC, or Elliptic Curve Cryptography, 242 00:12:50.910 --> 00:12:54.330 leverages the unique properties of elliptic curves 243 00:12:54.330 --> 00:12:57.960 to provide strong security with smaller keys, 244 00:12:57.960 --> 00:13:00.780 making it highly efficient for devices 245 00:13:00.780 --> 00:13:04.050 with limited resources like mobile phones 246 00:13:04.050 --> 00:13:06.210 and IOT devices. 247 00:13:06.210 --> 00:13:10.140 This is increasingly favored for secure communications, 248 00:13:10.140 --> 00:13:13.380 digital signatures, and key exchanges. 249 00:13:13.380 --> 00:13:16.950 Together these asymmetric encryption algorithms 250 00:13:16.950 --> 00:13:20.730 are the backbone of modern asymmetric cryptography, 251 00:13:20.730 --> 00:13:24.030 each with its specific strengths, applications, 252 00:13:24.030 --> 00:13:25.953 and considerations.