Authentication is an area in which public key technology potentially gives a real benefit. With secret key cryptography, if Alice and Bob want to communicate, they have to share a secret. If Bob wants to be able to prove his identity to lots of entities, then with secret key technology he will need to remember lots of secret keys, one for each entity to which he would like to prove his identity. Possibly he could use the same shared secret with Alice as with Carol, but that has the disadvantage that then Carol and Alice could impersonate Bob to each other. Public key technology is much more convenient. Bob only needs to remember a single secret, his own private key. It is true that if Bob wants to be able to verify the identity of thousands of entities, then he will need to know thousands of public keys, but in general the entities verifying identities are computers which don’t mind remembering thousands of things, whereas the entities proving their identities are often humans, which do mind remembering things. Here’s an example of how Alice can use public key cryptography for verifying Bob’s identity assuming Alice knows Bob’s public key. Alice chooses a random number r, encrypts it using Bob’s public key eB, and sends the result to Bob. Bob proves he knows dB by decrypting the message and sending r back to Alice.
Another advantage of public key authentication is that Alice does not need to keep any secret information. For instance, Alice might be a computer system in which backup tapes are unencrypted and easily stolen. With secret key based authentication, if Carol stole a backup tape and read the key that Alice shares with Bob, she could then trick Bob into thinking she was Alice. In contrast, with public key based authentication, the only information on Alice’s backup tapes is public key information, and that cannot be used to impersonate Bob.
In large-scale systems, like computer networks with thousands of users and services, authentication is usually done with trusted intermediaries. As we’ll see in §7.7 Trusted Intermediaries, public key based authentication using intermediaries has several important advantages over secret key based authentication.