Cryptography Reference
In-Depth Information
14.5
FINAL REMARKS
In this chapter, we elaborated on asymmetric encryption systems. More specifically,
we overviewed and discussed basic systems (i.e., RSA, Rabin, and ElGamal), and
secure systems (i.e., probabilistic encryption and OAEP), and we addressed the
notion of IBE.
In addition to the asymmetric encryption systems addressed so far, there are
other systems that have been developed and proposed in the literature. Some of these
systems have been broken and become obsolete. For example, we mentioned in Sec-
tion 6.6.2.2 that the
-complete subset sum problem has served as a basis for
many public key cryptosystems. All of these knapsack-based public key cryptosys-
tems proposed in the past have been broken. In fact, knapsack-based cryptosystems
are good candidates to illustrate the fact that it is a necessary but usually not suffi-
cient condition that a public key cryptosystem is based on a mathematical problem
that is assumed to be intractable. Breaking a knapsack-based public key cryptosys-
tem is generally possible without solving the underlying subset sum problem.
Nevertheless, there are still a few asymmetric encryption systems that have
turned out to be resistant against various types of cryptanalytical attacks. An example
is the McEliece public key cryptosystem developed and published in the late 1970s
[23]. In spite of their resistance against cryptanalytical attacks, these asymmetric
encryption systems are not further addressed in this topic.
Early in Section 14.2, we said that we assume verification keys to be published
in some certified form. This simple and innocent assumption has huge implications
on the practical side. How does one make sure that all entities have public keys?
How does one publish them, and how does one certify them? Finally, how does
one make sure that public keys can be revoked and that status information about a
public key is publicly available in a timely fashion? All of these questions related
to digital certificates are typically addressed (and solved) by a PKI. Unfortunately,
the establishment and operation of a PKI is more involved than it looks at first sight
(see, for example, Chapter 7 of [20]). We revisit and more specifically address the
notion of a PKI in Section 19.5.
NP
References
[1]
Rackoff, C., and D.R. Simon, “Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen
Ciphertext Attack,”
Proceedings of CRYPTO '91
, Springer-Verlag, LNCS 576, 1992, pp. 433-
444.
[2]
Goldwasser, S., and S. Micali, “Probabilistic Encryption,”
Journal of Computer and System
Sciences
, Vol. 28, No. 2, April 1984, pp. 270-299.
