Cryptography Reference
In-Depth Information
and—more importantly—the IKE protocol mentioned earlier. In these protocols, the
public exponents used in the Diffie-Hellman key exchange are authenticated using
RSA signatures. Consequently, digital certificates and PKIs must be used to securely
deploy authenticated key exchange protocols.
As mentioned earlier, the Diffie-Hellman key exchange protocol can be used
in any group (other than
Z
p
) in which the DLP is intractable. There are basically two
reasons for using other groups.
Performance:
There may be groups in which the Diffie-Hellman key exchange
protocol (or the modular exponentiation function) can be implemented more
efficiently in hardware or software.
Security:
There may be groups in which the DLP is more difficult to solve.
The two reasons are not independent from each other. If, for example, one has
a group in which the DLP is more difficult to solve, then one can work with much
smaller keys (for a similar level of security). This is the major advantage of ECC
as addressed in Section 7.6. The ECDLP is more difficult to solve (than the DLP in
Z
p
), and hence one can work with smaller keys.
16.4
QUANTUM CRYPTOGRAPHY
In this section, we provide a brief overview about quantum cryptography. We
introduce the basic principles and elaborate on the quantum key exchange protocol
that may provide an alternative for the establishment of secret keys.
16.4.1
Basic Principles
In cryptography, it is usually taken for granted that a communication channel can be
eavesdropped and that data transmitted on this channel can be attacked passively.
In Section 10.4, we saw that unconditional security (in an information-theoretic
sense) can only be achieved if the entropy of the secret key is greater than or equal
to the entropy of the plaintext message (i.e., if the key is at least as long as the
plaintext message). This is usually too expensive for all practical purposes, and
hence essentially all practically relevant symmetric encryption systems are “only”
computationally secure.
Against this background, it is sometimes argued that
quantum cryptography
yields an alternative way to provide unconditional security. In short, quantum cryp-
tography uses the basic laws of quantum physics to make sure that eavesdropping
cannot go undetected. Consequently, quantum cryptography takes its security from
