-
Rijndael
-
Diffie-Hellman
-
RC6
-
AES
EXPLANATION
What is an asymmetric algorithm?
Asymmetric algorithms (public key algorithms) use different keys for
encryption and decryption, and the decryption key cannot (practically)
be derived from the encryption key. Asymmetric algorithms are important
because they can be used for transmitting encryption keys or other data
securely even when the parties have no opportunity to agree on a secret
key in private.
Types of Asymmetric algorithms
Types of Asymmetric algorithms (public key algorithms):
– RSA
– Diffie-Hellman
– Digital Signature Algorithm
– ElGamal
– ECDSA
– XTR
Asymmetric algorithms examples:
RSA Asymmetric algorithm
Rivest-Shamir-Adleman is the most commonly used asymmetric algorithm
(public key algorithm). It can be used both for encryption and for
digital signatures. The security of RSA is generally considered
equivalent to factoring, although this has not been proved.
RSA computation occurs with integers modulo n = p * q, for two large
secret primes p, q. To encrypt a message m, it is exponentiated with a
small public exponent e. For decryption, the recipient of the ciphertext
c = me (mod n) computes the multiplicative reverse d = e-1 (mod
(p-1)*(q-1)) (we require that e is selected suitably for it to exist)
and obtains cd = m e * d = m (mod n). The private key consists of n, p,
q, e, d (where p and q can be omitted); the public key contains only n
and e. The problem for the attacker is that computing the reverse d of e
is assumed to be no easier than factorizing n.
The key size should be greater than 1024 bits for a reasonable level of
security. Keys of size, say, 2048 bits should allow security for
decades. There are actually multiple incarnations of this algorithm; RC5
is one of the most common in use, and RC6 was a finalist algorithm for
AES.
Diffie-Hellman
Diffie-Hellman is the first asymmetric encryption algorithm, invented
in 1976, using discrete logarithms in a finite field. Allows two users
to exchange a secret key over an insecure medium without any prior
secrets.
Diffie-Hellman (DH) is a widely used key exchange algorithm. In many
cryptographical protocols, two parties wish to begin communicating.
However, let’s assume they do not initially possess any common secret
and thus cannot use secret key cryptosystems. The key exchange by
Diffie-Hellman protocol remedies this situation by allowing the
construction of a common secret key over an insecure communication
channel. It is based on a problem related to discrete logarithms, namely
the Diffie-Hellman problem. This problem is considered hard, and it is
in some instances as hard as the discrete logarithm problem.
The Diffie-Hellman protocol is generally considered to be secure when an
appropriate mathematical group is used. In particular, the generator
element used in the exponentiations should have a large period (i.e.
order). Usually, Diffie-Hellman is not implemented on hardware.
Digital Signature Algorithm
Digital Signature Algorithm (DSA) is a United States Federal
Government standard or FIPS for digital signatures. It was proposed by
the National Institute of Standards and Technology (NIST) in August 1991
for use in their Digital Signature Algorithm (DSA), specified in FIPS
186 [1], adopted in 1993. A minor revision was issued in 1996 as FIPS
186-1 [2], and the standard was expanded further in 2000 as FIPS 186-2
[3]. Digital Signature Algorithm (DSA) is similar to the one used by
ElGamal signature algorithm. It is fairly efficient though not as
efficient as RSA for signature verification. The standard defines DSS to
use the SHA-1 hash function exclusively to compute message digests.
The main problem with DSA is the fixed subgroup size (the order of the
generator element), which limits the security to around only 80 bits.
Hardware attacks can be menacing to some implementations of DSS.
However, it is widely used and accepted as a good algorithm.
ElGamal
The ElGamal is a public key cipher – an asymmetric key encryption
algorithm for public-key cryptography which is based on the
Diffie-Hellman key agreement. ElGamal is the predecessor of DSA.
ECDSA
Elliptic Curve DSA (ECDSA) is a variant of the Digital Signature
Algorithm (DSA) which operates on elliptic curve groups. As with
Elliptic Curve Cryptography in general, the bit size of the public key
believed to be needed for ECDSA is about twice the size of the security
level, in bits.
XTR
XTR is an algorithm for asymmetric encryption (public-key
encryption). XTR is a novel method that makes use of traces to represent
and calculate powers of elements of a subgroup of a finite field. It is
based on the primitive underlying the very first public key
cryptosystem, the Diffie-Hellman key agreement protocol.
From a security point of view, XTR security relies on the difficulty of
solving discrete logarithm related problems in the multiplicative group
of a finite field. Some advantages of XTR are its fast key generation
(much faster than RSA), small key sizes (much smaller than RSA,
comparable with ECC for current security settings), and speed (overall
comparable with ECC for current security settings).
Symmetric and asymmetric algorithms
Symmetric algorithms encrypt and decrypt with the same key. Main
advantages of symmetric algorithms are their security and high speed.
Asymmetric algorithms encrypt and decrypt with different keys. Data is
encrypted with a public key, and decrypted with a private key.
Asymmetric algorithms (also known as public-key algorithms) need at
least a 3,000-bit key to achieve the same level of security of a 128-bit
symmetric algorithm. Asymmetric algorithms are incredibly slow and it
is impractical to use them to encrypt large amounts of data. Generally,
symmetric algorithms are much faster to execute on a computer than
asymmetric ones. In practice they are often used together, so that a
public-key algorithm is used to encrypt a randomly generated encryption
key, and the random key is used to encrypt the actual message using a
symmetric algorithm. This is sometimes called hybrid encryption.