Cryptography Reference
In-Depth Information
•
PRBGs can be used to stretch a relatively short seed value into a potentially
very long pseudorandom bit sequence. Whenever random bits are needed, it is
usually efficient to use a random bit generator to generate a seed for a PRBG
and to then use the PRBG to generate a sequence of pseudorandom bits. The
PRBG is secure if its output is computationally indistinguishable from the
output of a true random bit generator. In fact, the notion of computational in-
distinguishability has turned out to be very useful in theoretical considerations
(and proofs) of other cryptographic systems.
•
Contrary to PRBGs, PRFs do not generate an output that meets specific (ran-
domness) requirements. Instead, PRFs try to model the input-output behavior
of random functions. PRBGs and (families of) PRFs are closely related to
each other in the sense that a PRF family can be used to construct a PRBG,
and a PRBG can be used to construct a PRF family (see Section 13.2).
20.3
PUBLIC KEY CRYPTOSYSTEMS
Public key cryptosystems have been developed since the late 1970s and are typically
associated with modern cryptography. In fact, DSSs and key establishment protocols
were the two major driving forces behind the invention and development of public
key cryptography in general, and public key cryptosystems in particular. In Part
IV of the topic, we had a closer look at asymmetric encryption systems, DSSs,
and cryptographic protocols for key establishment, entity authentication, and secure
MPC.
•
Asymmetric encryption systems are typically used to protect the secrecy
of only small messages. If, for example, an entity has to transmit a secret
key (i.e., a key from a symmetric encryption system) to another entity, then
the use of an asymmetric encryption system is efficient: the sender simply
encrypts the key with the public key of the recipient. Asymmetric encryption
systems have the inherent problem that chosen-plaintext attacks are trivial to
mount (because the public keys are by definition publicly known), and that
many practical applications require security against chosen-ciphertext attacks.
Furthermore, unless one employs an IBE system (see Section 14.4), the use
of an asymmetric encryption system always requires digital certificates and
PKIs. We briefly touched on this requirement in Section 19.5.
•
Many public key cryptosystems can be used as an asymmetric encryption
system or a DSS. In fact, the possibility to digitally sign electronic documents
and verify digital signatures is very powerful, and it is often argued that it is a
prerequisite for the successful deployment of electronic commerce. This line
