Cryptography Reference
In-Depth Information
3.
Key Management
: If a multiuser large network is being used (without a
key server) then fewer private keys will be required with a PKC than with
an SKC. For instance, if
n
entities are communicating, using DES,
say (see page 98), then the number of keys required to allow any two
entities to communicate is
n
(
n
∈
N
−
1)
/
2. Also, every user on the system has
1 keys. This is called
key predistribution
. With a public-key
cryptosystem, only
n
keys are required for any two entities to communicate
since only one (public) key for each entity has to be stored. Hence, SKC,
by itself, on the Internet is completely unworkable. Internet e-commerce
cannot be supported by SKCs alone.
−
to store
n
4.
Key Exchange
: In a PKC, no (private) key exchange between communi-
cating entities is necessary. (Note that this tells us that the Di8e-Hellman
key-exchange protocol, discussed on page 166, is not a public-key cryp-
tosystem, although it contained the basic original ideas for it.) With an
SKC, it is di8cult and risky to exchange a secret key. In fact, one of the
principal uses of PKC is for the exchange of a secret symmetric key, an
important point to which we will return before we conclude this chapter.
5.
DigitalSignaturesandGeneralAuthentication
: Another of the prin-
cipal roles played by PKC is that of providing digital signatures since they
offer virtually the only means for securely doing so. On the other hand,
the principal use of SKCs is bulk data enciphering.
6.
E$ciency
: PKCs are slower than SKCs. For instance, the RSA cryptosys-
tem is roughly a thousand times slower than DES.
7.
Key sizes
: The key sizes for a PKC are significantly larger than that re-
quired for an SKC. For instance, the private key in the RSA cryptosystem
should be 1024 bits, whereas with an SKC, generally 128 bits will su
8
ce.
Usually, private keys are ten times larger than secret keys. PKC key sizes,
for such ciphers as RSA for instance, are getting so huge that some PKC
implementations are switching to ECC (see page 190). An example is that
Motorola uses ECC in its wireless phones; see Section 9.2.
8.
Nonrepudiation
: This means that the sender of a message cannot deny
having sent it. With PKCs we can ensure nonrepudiation with digital
signatures, whereas with SKCs, we need Trent as a trusted third party.
We may summarize one salient point derived from the above: PKC is
not
meant to
replace
SKC, but rather to
supplement
it for the goal of achieving max-
imum security and e8ciency. This is done as follows. The general motivation
behind modern cryptographic usage, especially on the Internet for e-commerce,
is to employ PKC to obtain symmetric keys, which are then used in an SKC.
Such cryptosystems are called
hybrid cryptosystems
or
digital envelopes
, which
have the advantages of both types of cryptosystems. Here is how they work in
practice.
Search WWH ::
Custom Search