Which statement best illustrates the advantages and disadvantages of using asymmetric encryption

Symmetric Algorithms

Many asymmetric algorithms, such as the RSA algorithm used in a number of systems, involve taking a block of plaintext (treated as a binary number) to the power of the key, using some modulus. The computational power required as the key length increases becomes prohibitive for encrypting and decrypting video streams. Computational power may be traded off for time; but when you are transferring digital video, whether compressed or not, you don't have a lot of time to process the signal. Thus, many times a good asymmetric algorithm, such as RSA, will be used for certificate verification and/or key exchange, which are only done periodically. Then a symmetric algorithm will be used for actual data encryption. In the DTLA nomenclature, this symmetric key is called the content channel key. The key may be long, but the way it is used reduces the computational complexity to something manageable at the requisite speed.

Often the RSA algorithm is used for certificate validation. Then a symmetric key is agreed upon for the actual information scrambling and descrambling. The symmetric key is used in some manner to generate the actual encryption string, which in some encryption techniques is exclusive ORed with the plaintext to create the encrypted data, or ciphertext.

Figure 22.12 illustrates a simple four-bit shift register used to generate ciphertext.21 Real shift registers are a lot longer, and multiple shift registers may be used. The shift register is clocked at the same rate as the plaintext data is clocked. Each time the shift register is clocked, the bits in each position shift one place to the right. (The clock is a signal that synchronizes operations dealing with delivery of the video.) The shift register is a series of flip-flops. On a clock cycle, the bit (1 or 0) in b4 is shifted to b3, the bit in b3 is shifted to b2, and so on. The bit in b1 is supplied to XOR2, which exclusive ORs it with the plaintext bit presented on the same clock cycle.

This type of shift register is called a linear feedback shift register (LFSR). The linear feedback is supplied by XOR1. It XORs the output of two bits, in this case, b4 and b1, feeding the result back as the input to the shift register, which is loaded into b4 on the following clock cycle. The bit sequence (a pseudorandom stream) obtained from a properly designed n-bit LFSR is 2n −1 states (clock cycles) long before it repeats. It can be initialized with the secret symmetric key, which loads the starting state into the LFSR. A listener will not be able to duplicate the LFSR initialization without knowing the key used to initialize it.

Many other methods of generating the encrypting code are known. A different LFSR may be used for each bit of a parallel encryption system. The LFSRs may be initialized with the same key or different portions of the same key. Nonlinear generators may be used, in which AND functions combine the outputs of various stages to form the output. The outputs of several LFSRs may be combined to form the encryption signal.

Asymmetric Key Algorithms

The RSA algorithm, named for its creators Ron Rivest, Adi Shamir, and Leonard Adleman, is an asymmetric algorithm used all over the world, including in the Secure Sockets Layer (SSL) protocol, which is used to secure many common transactions such as Web and e-mail traffic. RSA was created in 1977 and is still one of the most widely used algorithms in the world to this day.

Elliptic curve cryptography (ECC) is a class of cryptographic algorithms, although it is sometimes referred to as though it were an algorithm in and of itself. ECC is named for the type of mathematical problem on which its cryptographic functions are based. ECC has several advantages over other types of algorithms. It has a higher cryptographic strength with shorter keys than many other types of algorithms, meaning that we can use shorter keys with ECC while still maintaining a very secure form of encryption. It is also a very fast and efficient type of algorithm, allowing us to implement it on hardware with a more constrained set of resources, such as a cell phone or portable device, more easily. We can see ECC implemented in a variety of cryptographic algorithms, including Secure Hash Algorithm 2 (SHA-2) and Elliptic Curve Digital Signature Algorithm (ECDSA).

Several other asymmetric algorithms exist, including ElGamal, Diffie-Hellman, and Digital Signature Standard (DSS). We can also see a variety of protocols and applications that are based on asymmetric cryptography, including Pretty Good Privacy (PGP) for securing messages and files, SSL and Transport Layer Security (TLS) for several kinds of traffic including Web and e-mail, and some Voice over IP (VoIP) protocols for voice conversations. Asymmetric cryptography has allowed many of the modern methods of secure communication to exist and will likely continue to be the basis of them for some time.

More Advanced

PGP, created by Phil Zimmerman, was one of the first strong encryption tools to reach the eye of the general public and the media. Created in the early 1990s, the original release of PGP was based on a symmetric algorithm and could be put to use in securing data such as communications and files. The original release of PGP was given away as free software, including the source code. At the time of its release, PGP was regulated as a munition under the U.S. International Traffic in Arms Regulations (ITAR) law. Zimmerman spent several years under investigation for criminal activities, as he was suspected of exporting PGP out of the country, which was then illegal and considered to be arms trafficking.

RSA

The first known asymmetric algorithm was invented by Clifford Cocks but was not public. It was therefore reinvented by Ronald Rivest, Adi Shamir, and Leonard Adelman, (RSA) at MIT during the 1970s. RSA is a public-key cryptographic approach that allows for both encryption and digital signatures. The RSA algorithm relies for its security on factoring very large integers. Encryption and authentication occur without sharing private keys. Each party uses the other's public key or its own private key for operations. Any party can send an encrypted message and/or verify a signed message, but only the party that possesses the correct private key can decrypt or sign a message. RSA has certain weaknesses and is vulnerable to attack by factoring the modulus part of the public key.

RSA

In the year following the Diffie-Hellman proposal, Ron Rivest, Adi Shamir, and Leonard Adleman proposed another public key encryption system. Their proposal is now known as the RSA algorithm, named for the last initials of the researchers. RSA shares many similarities with the Diffie-Hellman algorithm in that RSA is also based on multiplying and factoring large integers. However, RSA is significantly faster than Diffie-Hellman, leading to a split in the asymmetric cryptography field that refers to Diffie-Hellman and similar algorithms as Public Key Distribution Systems (PKDS) and RSA and similar algorithms as Public Key Encryption (PKE). PKDS systems are used as session-key exchange mechanisms, while PKE systems are generally considered fast enough to encrypt reasonably small messages. However, PKE systems like RSA are not considered fast enough to encrypt large amounts of data like entire filesystems or high-speed communications lines.

NOTE

RSA, Diffie-Hellman and other asymmetric algorithms use much larger keys than their symmetric counterparts. Common key sizes include 1024-bits and 2048-bits, and the keys need to be this large because factoring, while still a difficult operation, is much easier to perform than the exhaustive key search approach used with symmetric algorithms. The relative slowness of public key encryption systems is also due in part to these larger key sizes. Since most computers can only handle 32-bits of precision, different “tricks” are required to emulate the 1024-bit and 2048-bit integers. However, the additional processing time is somewhat justified, since for security purposes 2048-bit keys are considered to be secure “forever”—barring any exponential breakthroughs in mathematical factoring algorithms, of course.

Because of the former patent restrictions on RSA, the algorithm saw only limited deployment, primarily only from products by RSA Security, until the mid-1990s. Now you are likely to encounter many programs making extensive use of RSA, such as PGP and Secure Shell (SSH). The RSA algorithm has been in the public domain since RSA Security placed it there two weeks before the patent expired in September 2000. Thus the RSA algorithm is now freely available for use by anyone, for any purpose.

Signature Algorithms

For the “many-show” type of authentication, asymmetric algorithms such as RSA [22] must be used. Signing a time stamp with the signer’s secret key, in our case equivalent to the version number of the LSU, and an integrity check value relating to the LSU’s topology information prevents alterations in transit. The secure one-way hash functions just described can be used to construct such integrity check values. Normally, the secret key is not applied to full messages, but only to such integrity check values. It is therefore impossible to derive the content of the signed message from a signature.

The signature verification with the signer’s public key is generally four times as fast as the signature generation with the pertinent private key. Heuristically, signature operations are slower by a factor of 100 than secure one-way hash functions.

Asymmetric key algorithms

The RSA algorithm, named for its creators Ron Rivest, Adi Shamir, and Leonard Adleman, is an asymmetric algorithm used all over the world, including in the Secure Sockets Layer (SSL) protocol, which is used to secure many common transactions such as Web and e-mail traffic. RSA was created in 1977 and is still one of the most widely used algorithms in the world to this day.

Elliptic curve cryptography (ECC) is a class of cryptographic algorithms, although it is sometimes referred to as though it were an algorithm in and of itself. ECC is named for the type of mathematical problem on which its cryptographic functions are based. ECC has several advantages over other types of algorithms. It has a higher cryptographic strength with shorter keys than many other types of algorithms, meaning that we can use shorter keys with ECC while still maintaining a very secure form of encryption. It is also a very fast and efficient type of algorithm, allowing us to implement it on hardware with a more constrained set of resources, such as a cell phone or portable device, more easily. We can see ECC implemented in a variety of cryptographic algorithms, including Secure Hash Algorithm 2 (SHA-2) and Elliptic Curve Digital Signature Algorithm (ECDSA).

Several other asymmetric algorithms exist, including ElGamal, Diffie–Hellman, and Digital Signature Standard (DSS). We can also see a variety of protocols and applications that are based on asymmetric cryptography, including Pretty Good Privacy (PGP) for securing messages and files, SSL and Transport Layer Security (TLS) for several kinds of traffic including Web and e-mail, and some Voice over IP (VoIP) for voice conversations. Asymmetric cryptography has allowed many of the modern methods of secure communication to exist and will likely continue to be the basis of them for some time.

Answers

1.

Correct answer and explanation: C. Answer C is correct; digital signatures require asymmetric encryption. ECC is the strongest asymmetric algorithm per bit of key length. This allows shorter key lengths that require less CPU resources.

Incorrect answers and explanations: A, B, and D. Answers A, B, and D are incorrect. AES is a symmetric cipher; symmetric ciphers are not used in digital signatures. RSA is based on factoring composite numbers into their primes, and ElGamal is based on discrete logarithms. Both methods provide roughly the same strength per bit and are far weaker per bit than ECC.

Correct answer and explanation: C. Answer C is correct; chosen ciphertext attacks are usually launched against asymmetric cryptosystems, where the cryptanalyst may choose public documents to decrypt that are signed (encrypted) with a user's public key.

Incorrect answers and explanations: A, B, and D. Answers A, B, and D are incorrect. None of these are primarily used against asymmetric encryption.

Correct answer and explanation: C. Answer C is correct; linear cryptanalysis analyzes large amounts of plaintext/ciphertext pairs created with the same key, trying to deduce information about the key.

Incorrect answers and explanations: A, B, and D. Answers A, B, and D are incorrect. Linear cryptanalysis is a known plaintext attack, but the question references linear specifically, making known plaintext attack incorrect. Differential cryptanalysis seeks to find the “difference” between related plaintexts that are encrypted. A cryptanalyst chooses the plaintext to be encrypted during a chosen plaintext attack.

Correct answer and explanation: B. Answer B is correct; the sender generates a hash of the plaintext and encrypts the hash with a private key. The recipient decrypts the hash with a public key.

Incorrect answers and explanations: A, C, and D. Answers A, C, and D are incorrect. The sender encrypts the hash with the private key, not public. The plaintext is hashed and not encrypted.

Correct answer and explanation: D. Answer D is correct; Blowfish was not an AES finalist (Twofish, based on Blowfish, was).

Incorrect answers and explanations: A, B, and C. Answers A, B, and C are incorrect. MARS, RC6, and Serpent were all AES finalists.

Bulk Data Encryption without Prior Shared Secrets

The final major feature of public key technology is that it can encrypt bulk data without generating a shared secret key first. The biggest disadvantage of using asymmetric algorithms for encryption is the slowness of the overall process, which results from the necessary intense computations; the largest disadvantage of using symmetric algorithms for encryption of bulk data is the need for a secure communication channel for exchanging the secret key. The Windows 2000 operating system combines symmetric and asymmetric algorithms to get the best of both worlds at just the right moment.

For a large document that must be kept secret, because secret key encryption is the quickest method to use for bulk data, a session key is used to scramble the document. To protect the session key, which is the secret key needed to decrypt the protected data; the sender encrypts this small item quickly by using the receiver's public key. This encryption of the session key is handled by asymmetric algorithms, which use intense computation but do not require much time, due to the small size of the session key. The document, along with the encrypted session key, is then sent to the receiver. Only the intended receiver will possess the correct private key to decode the session key, which is needed to decode the actual document. When the session key is in plaintext, it can be applied to the ciphertext of the bulk data and then transform the bulk data back to plaintext.

Asymmetric and Symmetric Tradeoffs

Asymmetric encryption is far slower than symmetric encryption, and is also weaker per bit of key length. The strength of asymmetric encryption is the ability to securely communicate without pre-sharing a key.

Table 4.16 compares symmetric and asymmetric algorithms based on key length. Note that systems based on discrete logarithms and factoring prime numbers are far weaker per bit of key length than symmetric systems such as Triple DES and AES. Elliptic Curve fares much better in comparison, but is still twice as weak per bit compared to AES.

Table 4.16. Symmetric vs. Asymmetric Strength [25]

Asymmetric and symmetric encryption are typically used together: use an asymmetric algorithm such as RSA to securely send someone an AES (symmetric) key. The symmetric key is called the session key; a new session key may be retransmitted periodically via RSA.

This approach leverages the strengths of both cryptosystems. Use the slower and weaker asymmetric system for the one part that symmetric encryption cannot do: securely pre-share keys. Once shared, leverage the fast and strong symmetric encryption to encrypt all further traffic.