Using public key cryptography, X adds a digital signature σ to message M,…
2013
Using public key cryptography, X adds a digital signature σ to message M, encrypts ⟨M, σ⟩, and sends it to Y, where it is decrypted. Which one of the following sequences of keys is used for the operations?
- A.
Encryption: X’s private key followed by Y’s private key; Decryption: X’s public key followed by Y’s public key
- B.
Encryption: X’s private key followed by Y’s public key; Decryption: X’s public key followed by Y’s private key
- C.
Encryption: X’s public key followed by Y’s private key; Decryption: Y’s public key followed by X’s private key
- D.
Encryption: X’s private key followed by Y’s public key; Decryption: Y’s private key followed by X’s public key
Attempted by 8 students.
Show answer & explanation
Correct answer: D
Concept
Public-key cryptography uses key pairs with two complementary services. Signing provides authentication: the signer encrypts with their own private key, and anyone verifies with the signer's public key. Confidentiality encryption works the other way: the sender encrypts with the recipient's public key, and only the recipient decrypts with their private key.
When two services are layered, the receiver must undo them in REVERSE order: the outer (last-applied) operation is removed first.
Application to this message
X performs two operations, in this order:
Sign: X creates the signature on M using X's private key. This is the inner layer.
Encrypt: X encrypts the bundle (M, signature) for Y using Y's public key. This is the outer layer.
So the encryption sequence is: X's private key, followed by Y's public key.
Y now undoes the layers in reverse. The outer layer (encryption) was applied last, so it is removed first:
Decrypt: Y removes the outer encryption using Y's private key, recovering (M, signature).
Verify: Y checks the signature using X's public key, confirming the message came from X.
So the decryption sequence is: Y's private key, followed by X's public key.
Cross-check
Each key is paired with its complement and applied in the correct stage:
Sign with X's private → verify with X's public (authentication holds).
Encrypt with Y's public → decrypt with Y's private (only Y can read it).
Reverse-order rule respected: encryption was outermost, so Y's private key is used before X's public key. Decrypting before verifying is the only feasible order — the signature cannot be checked until the outer envelope is opened.
Encryption: X's private key followed by Y's public key; Decryption: Y's private key followed by X's public key.