Cryptography Reference
In-Depth Information
Of more concern is that both of these problems are no longer regarded as
hard if an attacker has access to a
quantum computer
, which is a computer that
is based on the principles of quantum mechanics and is capable of conducting an
exponential number of simultaneous computations. It is known that a quantum
computer can both factor and compute discrete logarithms in polynomial time.
Quantum computers are still just conceptual and it remains unclear on what
timescale practical quantum computers could actually be built. Nonetheless there
is considerable interest in developing public-key cryptosystems whose security
is based on hard problems that cannot (apparently) be efficiently solved by a
quantum computer.
We began this chapter by looking at the motivation behind the introduction
of public-key cryptosystems. We then examined two examples of public-key
cryptosystems. But what are public-key cryptosystems used for in practice?
5.5.1
Restrictions on use of public-key cryptosystems
Despite their attractive properties, there are two significant factors that restrict
the application of public-key cryptosystems:
Computational costs
. As noted in Section 5.4.2, public-key encryption and
decryption are relatively expensive computations to perform. This means that
in applications where processing speed is important (in other words, almost
every application!) it is often regarded as a good idea to restrict the number
of public-key encryption and decryption operations that are performed.
This is by far the most important restriction on use of these public-key
cryptosystems.
Long-plaintext security issues
. All our discussion of public-key encryption in this
chapter has involved encryption of single plaintexts that can be represented by
one 'unit' of public-key encryption. For example, we assumed that a plaintext
to be encrypted using an RSA public key (
n
,
e
) could be represented as a
number less than
n
. If we want to encrypt a longer plaintext then we first
have to split the plaintext up into separate 'units' and then encrypt these
separately. If we consider each of these plaintexts as 'blocks' (which is a
reasonable analogy) then, by default, we would be encrypting these separate
blocks using the public-key equivalent of ECB mode for a block cipher. This
gives rise to several security issues that we discussed in Section 4.6.1, all of
which were resolved by proposing different modes of operation for block
ciphers. However, there are no alternative modes of operation proposed for
public-key encryption. (This is, of course, primarily because of the lack of
