Cryptography Reference
In-Depth Information
Note from Table 5.2 that a symmetric key can always be represented as a
short plaintext with respect to the recommended lengths of security parameters
for public-key cryptosystems. Indeed, a 128-bit AES key is small enough to
be encrypted as a single plaintext using any of the public-key cryptosystem
parameters in Table 5.2, including those of an elliptic-curve-based cryptosystem
offering just 64 bits of symmetric security (although it would be rather bizarre to
do this since the effective security of the hybrid encryption would be reduced to
just 64 bits).
In this way hybrid encryption gains the best of both cryptographic worlds by
benefitting from:
Speed
. The speed of symmetric key encryption is utilised for the encryption of
the plaintext.
Convenience
. The key management convenience of public-key cryptosystems
enable two entities who do not have a direct trust relationship to securely
communicate.
For encryption in open networks, hybrid encryption is essentially the default
technique. We will see examples of this in Section 12.1 and Section 12.7.
5.5.3
Other uses of public-key cryptosystems
In addition to hybrid encryption, public-key encryption is often used in
cryptographic protocols (see Chapter 9) where it is typically used to encrypt short
messages. The only other application for which public-key cryptosystems are
commonly employed is for the provision of a very different security service where
the 'plaintext' to be 'encrypted' is short. This application is not for confidentiality
purposes (hence our use of the quotation marks) and will be the subject of
Chapter 7.
We note that this chapter has dealt exclusively with 'conventional' public-
key encryption. There is, however, another family of public-key cryptosystems
that tends to be referred to as
identity-based public-key cryptography
. The main
difference between identity-based cryptosystems and cryptosystems such as RSA
lies in the key management issues, which are significantly different. As a result,
the potential applications for both types of cryptosystem are quite different.
We will postpone discussion of identity-based public-key cryptography until
Section 11.4.2.
