Cryptography Reference
In-Depth Information
solved with what is called
certificates
. Roughly speaking, certificates bind a public
key to a certain identity. This is a major issue in many security application, e.g.,
when doing e-commerce transactions on the Internet. We discuss this topic in more
detail in Sect. 13.3.2.
Another problem, which is not as fundamental, is that public-key algorithms re-
quire very long keys, resulting in slow execution times. The issue of key lengths and
security is discussed below.
6.2.3 Important Public-Key Algorithms
In the previous chapters, we learned about some block ciphers, DES and AES. How-
ever, there exist many other symmetric algorithms. Several hundred algorithms have
been proposed over the years and even though a lot were found not to be secure,
there exist many cryptographically strong ones as discussed in Sect. 3.7. The situa-
tion is quite different for asymmetric algorithms. There are only three major fami-
lies of public-key algorithms which are of practical relevance. They can be classified
based on their underlying computational problem.
Public-Key Algorithm Families of Practical Relevance
Integer-Factorization Schemes
Several public-key schemes are based on
the fact that it is difficult to factor large integers. The most prominent rep-
resentative of this algorithm family is RSA.
Discrete Logarithm Schemes
There are several algorithms which are
based on what is known as the discrete logarithm problem in finite fields.
The most prominent examples include the Diffie-Hellman key exchange,
Elgamal encryption or the Digital Signature Algorithm (DSA).
Elliptic Curve (EC) Schemes
A generalization of the discrete logarithm
algorithm are elliptic curve public-key schemes. The most popular exam-
ples include Elliptic Curve Diffie-Hellman key exchange (ECDH) and the
Elliptic Curve Digital Signature Algorithm (ECDSA).
The first two families were proposed in the mid-1970s, and elliptic curves were
proposed in the mid-1980s. There are no known attacks against any of the schemes
if the parameters, especially the operand and key lengths, are chosen carefully. Al-
gorithms belonging to each of the families will be introduced in Chaps. 7, 8 and
9. It is important to note that each of the three families can be used to provide the
main public-key mechanisms of key establishment, nonrepudiation through digital
signatures and encryption of data.
In addition to the three families above, there have been proposals for several
other public-key schemes. They often lack cryptographic maturity, i.e., it is not
known how robust they are against mathematical attacks. Multivariate quadratic
