Asymmetric Encryption

Stohrer, Christian; Lugrin, Thomas

doi:10.1007/978-3-031-33386-6_3

Christian Stohrer⁵ &
Thomas Lugrin⁵

5080 Accesses
3 Citations
3 Altmetric

Abstract

An asymmetric encryption scheme uses two different keys, a private one and a public one. While the public key is used for encryption and may be known by others, the private key is used for decryption and must be kept secret. The widespread public critical systems are based on the integer factorization problem or the discrete logarithm problem over finite fields and elliptic curve. The minimal key length and the required size of the involved parameters should be chosen according to the current regulation or best practice advice. Current public cryptosystems are considered secure against classical computers, but most of those commonly used today will be broken by attacks from not yet existing powerful quantum computers.

You have full access to this open access chapter, Download chapter PDF

1 Introduction

While symmetric encryption uses the same key to encrypt and decrypt data, public key cryptography uses a pair of keys. One of these keys is used for encryption and the other one for decryption. For the security of the public key cryptosystem, only the decryption key must be kept secret. For this reason, it is often referred to as the private key. On the other hand, the encryption key, or public key, can be made publicly available without harming the security of the cryptosystem.

2 Analysis

For a public key cryptosystem to be secure, it must be computationally infeasible to compute the private key from the public key [1]. As the processes for encryption and decryption differ from each other and rely on different keys, another name for public key encryption is asymmetric encryption.

Generally, one does not use public key cryptography to encrypt large amounts of data directly, as this is generally computationally more expensive than symmetric encryption. However, it is common to use public key cryptography to encrypt and securely exchange keys of symmetric encryption schemes (see Chap. 2). The symmetric keys are then used for bulk data encryption [1, 2]. This combination of public key cryptography and symmetric encryption is called hybrid encryption.

To ensure that only the intended recipient can decrypt a cipher text, the public key must be authenticated through other means, e.g., a Public Key Infrastructure (PKI) [3]. For more information on key management, see Chap. 4.

Asymmetric encryption is not the only application for public key cryptography. Digital signatures, see Chap. 15, used to verify the authenticity of a document, are another important example. Another application is homomorphic encryption, see Chap. 8.

2.1 Definition

An asymmetric encryption scheme uses two different keys, a private one and a public one. While the public key is used for encryption and may be known by others, the private key is used for decryption and must be kept secret. Like most public cryptosystems, asymmetric encryption relies on one-way mathematical functions. This means that while it is easy to compute the result from given input data, it is hard to recover the input data from the result. Moreover, the corresponding mathematical problems are conjectured to be hard, such that it is computationally infeasible to decrypt a message without knowing the private key.

2.2 Trends

The widespread public critical systems are based on the integer factorization problem or the discrete logarithm problem over finite fields and elliptic curves. In a seminal paper, Peter W. Shor showed that it is possible to solve these problems efficiently using a sufficiently powerful quantum computer [4]. This triggered the search for replacement schemes. Several standardization agencies are now evaluating new proposals for this. In 2022, NIST announced the winners of their corresponding competition. For further details, we refer to Chap. 10 dedicated to post-quantum cryptography.

3 Consequences for Switzerland

The advent of the quantum computer threatens public key cryptosystems considered secure today. A strategy should therefore be developed that considers the implications of this threat on the security of current systems and proposes appropriate measures to ensure the preservation of security.

3.1 Implementation Possibilities: Make or Buy

Generally, one should not develop proprietary public cryptosystems, as the standardized algorithms have been thoroughly tested and deeply analyzed. Furthermore, any proprietary design will likely fail and expose weaknesses that may corrupt the entire system’s security. Therefore, when procuring products involving public key cryptography, only those that have been standardized and verified for correctness by an appropriate specialized authority should be considered.

3.2 Variation and Recommendation

We recommend to continue using well-established public cryptosystems, e.g., RSA (Rivest-Shamir-Adleman cryptosystem [5]) with OAEP (Optimal Asymmetric Encryption Padding), Elgamal over a finite field, and Elgamal over appropriate elliptic curves. The minimal key length and the required size of the involved parameters should be chosen according to the current regulation or best practice advice. With today’s knowledge, these algorithms are considered secure, although they are known to be vulnerable to future powerful quantum computers. Cryptosystems based on elliptic curves (ECC) can use shorter keys and are thus more efficient to achieve the same security level against attacks with classical, i.e., non-quantum computers. They should therefore be preferred over RSA and classical Elgamal. However, the above reasoning does not hold when considering attacks against a future large-scale quantum computer. In this scenario, one should not try to enhance security by using larger keys; one should instead use alternative quantum-safe cryptosystems, see Chap. 10.

In addition, one should follow the various standardization initiatives for new quantum-safe alternative public vital algorithms and integrate them accordingly to mitigate the threat posed by quantum computers. For this, a deep understanding of algorithms and a close inspection of possible solutions are necessary.

4 Conclusion

Asymmetric cryptography is a core part of many cryptographic applications. For example, it allows for encrypting messages, exchanging secret keys over an insecure channel, and establishing authenticity using digital signatures.

Current public cryptosystems are considered secure against classical computers (operating with bits), but the large majority of those commonly used today will be broken by attacks from not yet existing powerful quantum computers. Therefore, a corresponding strategy should be developed and implemented to counter this risk.

References

Alfred J. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, Boca Raton, October 1996.
MATH Google Scholar
Wikipedia, Public-key cryptography. https://en.wikipedia.org/w/index.php?title=Public-key_cryptography&oldid=1099221204, July 2022.
Carlisle Adams and Steve Lloyd. Understanding Public-Key Infrastructure. Addison–Wesley Professional, Boston, 2nd edition, 2003.
Google Scholar
Peter W. Shor. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM Journal on Computing, 26(5):1484–1509, October 1997. arXiv:quant-ph/9508027.
Google Scholar
R. L. Rivest, A. Shamir, and L. Adleman. a method for obtaining digital signatures and public-key cryptosystems. 21(2):120–126, feb 1978.
Google Scholar

Download references

Author information

Authors and Affiliations

Federal Administration, Bern, Switzerland
Christian Stohrer & Thomas Lugrin

Authors

Christian Stohrer
View author publications
You can also search for this author in PubMed Google Scholar
Thomas Lugrin
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Lugrin .

Editor information

Editors and Affiliations

Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland
Valentin Mulder
Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland
Alain Mermoud
Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland
Vincent Lenders
Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland
Bernhard Tellenbach

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Stohrer, C., Lugrin, T. (2023). Asymmetric Encryption. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_3

Download citation

DOI: https://doi.org/10.1007/978-3-031-33386-6_3
Published: 27 April 2023
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics