ABSTRACT
In the classical model of cryptography that we have been studying up until now, Alice and Bob secretly choose the key . then gives rise to an encryption rule
and a decryption rule
. In the cryptosystems we have seen so far,
is either the same as
, or easily derived from it (for example, DES decryption is identical to encryption, but the key schedule is reversed). A cryptosystem of this type is known as a symmetric-key cryptosystem, since exposure of either of
or
renders the system insecure. One drawback of a symmetric-key system is that it requires the prior commu-
nication of the key between Alice and Bob, using a secure channel, before any ciphertext is transmitted. In practice, this may be very difficult to achieve. For example, suppose Alice and Bob live far away from each other and they decide that they want to communicate electronically, using email. In a situation such as this, Alice and Bob may not have access to a reasonable secure channel.
