The problems of key distribution are solved by public-key cryptography, the concept of which was introduced by Whitfield Diffie and Martin Hellman in 1975. (There is now evidence that the British Secret Service invented it a few years before Diffie and Hellman, but kept it a military secret and did nothing
Public-key cryptography uses a pair of keys: a public key, which encrypts data, and a corresponding private key, for decryption. Because it uses two keys, it is sometimes called asymmetric cryptography. You publish your pub- lic key to the world while keeping your private key secret. Anyone with a copy of your public key can then encrypt information that only you can read, even people you have never met.
It is computationally infeasible to deduce the private key from the public key. Anyone who has a public key can encrypt information but cannot decrypt it. Only the person who has the corresponding private key can decrypt the information.
The primary benefit of public-key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure chan- nel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. Some examples of public-key cryptosys- tems are Elgamal (named for its inventor, Taher Elgamal), RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman), Diffie-Hellman (named, you guessed it, for its inventors), and DSA, the Digital Signature Algorithm, (invented by David Kravitz).
Because conventional cryptography was once the only available means for relaying secret information, the expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings). Public-key encryption is the technological revolution that provides strong cryptography to the adult masses. Remember the courier with the locked briefcase hand- cuffed to his wrist? Public-key encryption puts him out of business (probably to his relief).
PGP combines some of the best features of both conventional and public-key cryptography. PGP is a hybrid cryptosystem to learn about trading discount.
When a user encrypts plaintext with PGP, PGP first compresses the plaintext. Data compression saves modem transmission time and disk space and, more importantly, strengthens cryptographic security and trading discount. Most cryptanalysis tech- niques exploit patterns found in the plaintext to crack the cipher. Compres- sion reduces these patterns in the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too short to compress or which do not compress well are not compressed.)
PGP then creates a session key, which is a one-time-only secret key. This key is a random number generated from the random movements of your mouse and the keystrokes you type. The session key works with a very secure, fast conventional encryption algorithm to encrypt the plaintext; the result is ciphertext. Once the data is encrypted, the session key is then encrypted to the recipient’s public key. This public key-encrypted session key is transmit- ted along with the ciphertext to the recipient.