Asymmetric Cryptography

3DES is typically used for financial key management, and other asymmetric cryptographic scheme such as Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extensions (S/MIME).

Symmetric Cryptography, or Private-Key Cryptography is a #Cryptographic system that uses the same key for encryption and decryption. However, you can already imagine the security risk of sharing the same secret over a network, requiring a secure channel (usually via IPsec#). If the key get compromised#, it means the need to generate a new key and distribute# it again. It also requires a strong encryption #algorithm for the intruder to not be able to guess the secret key easily. That being said, it is quite fast when comparing to Asymmetric Cryptography.

Simple Secret Key Distribution, invented by Merkle in 1979, is an #Asymmetric Cryptography used to #distribute private key. There is a security risk where the intruder can intercept and impersonate both halves of the protocol. The process works as follows:

An association between client and server called SSL session will be established by SSL Handshake Protocol, which could be shared among multiple SSL connection that are transient, #p2p, communications links. Each SSL connection is private (encrypted with Symmetric Cryptographic algorithms#) and reliable (message integrity check by Message Authentication Code (MAC)# using SHA, MD5 etc. hash functions on compressed SSL data), and for each web component (provide suitable services). The session could define a set of Cryptographic parameters such as keys and algorithms used which could be shared by multiple connections. The session is kept alive by SSL Alert Protocol, where the peer’s identity can be authenticated with Asymmetric Cryptographic Scheme#. SSL Change Cipher Spec Protocol would be used if the peer wants the consequent messages to be encrypted for transmission. With SSL session, there is no need to exchange security parameters for each SSL connection which could be expensive.

SSH is a protocol that aim to establish a secure #202206151232 connection between two computers. It uses the #202203221212 in order to secure the network communication between two hosts. Additionally, one could utilise the 202203221227# feature in order to Encapsulation# one Protocol (usually insecure) under SSH thus enhance the security of the protocol.

RSA is an #Asymmetric Cryptography scheme based on exponentiation in a Galois Field over integers modulo a prime which utilises integers as large as 1024 bits. The running time for exponentiation is \(o((\log n^3))\) operations, which is reasonable. However, to break the #algorithm, it needs \(o(e^{\log n \log \log n})\) factorisations, thus it is hard to crack#.

There are many use cases in Cryptography# relies on random numbers such as Nonce# in authentication protocols, session keys, public key generation, and keystream for One-Time Pad.

Publicly Available Directory is a public storage for #public key retrieval where participants could register keys in it. It must contain entries in the form of name with associated public keys, periodically published and able to be accessed electronically. The participants should register securely with the directory and able to change their keys at any time. However, like Public Announcement, it is still vulnerable to forgery.

Public-Key Certificate is issued or signed by a trusted public-key or Certificate Authority (CA) which binds identity to public key. It allows #public key exchange without real-time access to Public-Key Authority. The certificate can be verified by anyone who knows the public-key authority’s public key.

Public-Key Authority utilises Publicly Available Directory# but tighten the control over #public key distribution. Before the user could talk to the other user, they are required to obtain public key by interacting with the directory in real-time when needed. And the user must know the public key of the directory in order to be able to interact with it.

Public Announcement is a way of #public key distribution method where users directly distribute the public keys to recipients or broadcast over the Internet. It is susceptible to forgery as people could create a key and claiming to be someone else#.

PGP is a #Asymmetric Cryptographic program used to encrypt, decrypt and sign emails over insecure transmission channel such as Internet with Digital Signature# which is developed by Philip R. Zimmermann in 1991. It has become the de facto #standard for email security. It provides five services: Confidentiality#, Authentication#, compression, e-mail compatibility (encode raw binary to ASCII characters using Radix-64 Encoding#) and segmentation (if the message is too large). It guarantees the security in Application Layer#.

MITM is a #Cryptanalytic Attack where the Cryptanalyst found a way to be in between two parties in a communication channel. It is exceptionally dangerous to encryption scheme that involves key exchange such as Symmetric Cryptography# and Asymmetric Cryptography#. It is form of #Interception.

Hybrid Key Distribution is an #Asymmetric Cryptography used for #master key distribution by relying on Key Distribution Center (KDC)#. It has a better performance and is backward compatible.

It is particularly useful in Asymmetric Cryptography and primality testing (to test whether a number is a prime). However, when used as primality test, it has several exceptions, or called as Fermat liars, such as Fermat pseudoprimes \(a > 1\) and Carmichael numbers \(n\) where \(b^n \equiv b \mod n\). The alternatives for it are Miller-Rabin and Solovay-Strassen.

It is using an Asymmetric Cryptography# approach for signing \(S = [H(M)]^d \mod n\) (using sender’s private key) and verifying \(H(M) = S^e \mod n\) (using receiver’s public key), thus is universally verifiable.

Diffie-Hellman Key Exchange is a method designed to negotiating and passing encrypted by #Asymmetric Cryptography or Symmetric Cryptography# cryptographic keys over an insecure network. The keys intended to be shared will not be transmitted in plain text, and instead encrypted by a shared secret key which in turned generated from two known prime numbers that have a special #math relationship to one another.

Note: We can’t be certain of whether the cryptographic method or algorithm is secure until we know the key size used for encryption and decryption. However, if the key size is the same for Symmetric Cryptography# and Asymmetric Cryptography#, then Symmetric Cryptography is more secure.

CDH Problem states that given \((g, g^x \mod p, g^y \mod p)\), find \(g^{xy} \mod p\). Based on the CDH assumption, it is generally a hard problem to solve (other than being solved by Discrete Logarithms (DLOG)#). Many asymmetric cryptographic scheme depends on CDH security guarantee.

As we can see from the above table, for Asymmetric Cryptography# to achieve the same security level as Symmetric Cryptography, it needs larger bits or key sizes. However, without stating the key sizes, it is rather hard to compare the security between two schemes.