Re: [Glug-nith-discuss] Keysigning

[Debarshi 'Rishi' Ray]

>> Publicizing a public key slightly reduces the security of a key pair
 
> Why does it reduce the security of a key pair?

Let us have a very *brief* insight into how asymmetric or public key encryption
works. We shall take the example of the RSA (http://en.wikipedia.org/wiki/Rsa)
algorithm since: "It was the first algorithm known to be suitable for signing
as well as encryption, and one of the first great advances in public key
cryptography." (CSE students learn it in 7th semester as part of an elective!)

The keys are an ordered pair of (usually very large) integers.
private key: (n, d)
public key: (n, e)
where 'n' is the modulus
      'd' is the private exponent
      'e' is the private exponent

Now if someone wants to encrypt a plaintext message M, which has somehow been
represented as an integer, then the ciphertext C (in integer form) is given by,
C = (M ^ e) mod n
C can then be decrypted to obtain M as,
M = (C ^ e) mod n

The whole idea is that since the keys are composed of very large numbers, it
is computationally infeasible to find 'd' from 'e' and vice versa. In other
words, one can find your private key from your public key, but that will take
such a long amount of time that the key would have lost its significance.

However, if the public key is known by a very large number of people, then there
is the chance that by running multiple parallel tasks someone (whom you do not
trust) might figure out the private key. Therefore in principle you should only
hand your public key to those whom you trust, and never reveal your private key
to anybody. Since any anonymous person can get your key from a keyserver, they
slightly reduce its security.

Please correct me if I am wrong.

Cheers,
Debarshi
-- 
GPG key ID: 63D4A5A7
Key server: pgp.mit.edu

pgpqBJk3mcd5B.pgp
Description: PGP signature