Exploring Asymmetric Encryption Algorithms

Asymmetric algorithms employ a two-key technology: a public key and a private key. Often this is simply called public-key encryption. In this key pair, the "public" key may be distributed freely, whereas the "private" key must be closely guarded. If it is compromised, the system as a whole fails. In fact, calling this just public-key encryption oversimplifies this process, because both keys are required, with the complementary key being used to provide decryption. Figure 14-1 shows the use of asymmetric encryption algorithms.

Figure 14-1 Asymmetric Encryption Algorithms Encryption Key

Decryption Key

Clear

Encryption -Encrypted-Decryption -Clear

■ The typical key length is 512-4096 bits.

• Key lengths greater than or equal to 1024 bits can be trusted.

• Key lengths that are shorter than 1024 bits are considered unreliable for most algorithms.

With public-key encryption, the public key is used to encrypt the data. After it is encrypted, only the private key can decrypt the data. The opposite is also true. If data is encrypted by the private key, the public key may be used to decrypt the data.

A number of public-key encryption algorithms exist. Although each algorithm differs, they all share a common trait in that the mathematics behind them is quite complicated. Here are some of the most popular algorithms:

■ Digital Signature Algorithm (DSA)

■ Elliptic Curve Cryptography (ECC)

The design of asymmetric algorithms is such that the key used for encryption is substantially different from the key used for decryption. This is done so that an attacker cannot, in any reasonable amount of time, calculate the decryption key from the encryption key, and vice versa. These keys come in varying lengths, but the general range for a key built using asymmetric algorithms is from 512 to 4096 bits. As another security feature, the key lengths for asymmetric algorithm keys cannot be directly compared to symmetric algorithm key lengths. This is because these two forms of algorithms differ greatly in the structure of their design.

As mentioned, a number of asymmetric cryptographic algorithms exist, but the most widely known and used are RSA, ElGamal, and elliptic curve algorithms. It is generally true, with regard to key length, that an RSA encryption key of 2048 bits is roughly equivalent to a 128bit key of RC4 in terms of its ability to resist brute-force attacks.

Using Public-Key Encryption to Achieve Confidentiality

To achieve confidentiality, the encryption process begins with the public key. Using the public key to encrypt data ensures that only the private key can decrypt the protected data. Confidentiality is assured in this manner because only one host has the private key necessary for decryption. This process hinges on the integrity of the private key. Should the private key become compromised, this guarantee of confidentiality is lost, and another key pair must be generated to replace the compromised key. It is not possible to re-create the compromised key, so both keys in the pair are replaced.

Let's examine an example in which a public key pair is used, with the goal being to provide confidentiality. This exchange is shown in Figure 14-2 and is detailed in the following steps:

Step 2 Addison uses Matthew's public key to encrypt a message to be sent to Matthew. This process often uses a symmetric key, with an agreed-upon algorithm.

Key Topic

Step 3 Addison sends the encrypted message to Matthew.

Step 4 Matthew uses his private key to decrypt the message and reveal the contents.

Figure 14-2 Asymmetric Confidentiality Process Addison

Matthew

Matthew

Clear Encryption

Encrypted Decryption

Clear

Ife1

Matthew's Public Key

Matthew's Private Key

0 0