Page134
Elliptic Curve Cryptography
ECC leverages a one-way function that uses discrete logarithms as applied to elliptic curves. Solving this problem is harder than solving discrete logarithms, so algorithms based on Elliptic Curve Cryptography (ECC) are much stronger per bit than systems using discrete logarithms (and stronger than factoring prime numbers). ECC requires less computational resources because shorter keys can be used compared to other asymmetric methods. ECC is often used in lower power devices for this reason.
Asymmetric and Symmetric Tradeoffs
Asymmetric encryption is far slower than symmetric encryption, and is also weaker per bit of key length. The strength of asymmetric encryption is the ability to securely communicate without pre-sharing a key.
Table 4.11 compares symmetric and asymmetric algorithms based on key length. Note that systems based on discrete logarithms and factoring prime numbers are far weaker per bit of key length than symmetric systems such as Triple DES and AES. Elliptic Curve fares much better in comparison but is still twice as weak per bit compared to AES.
Table 4.11 Symmetric vs. Asymmetric Strength [36].
| Symmetric Key Length | Symmetric Algorithm | Discrete Logarithm Equivalent Key Length | Factoring Prime Numbers Equivalent Key Length | Elliptic Curve Equivalent Key Length |
|---|---|---|---|---|
| 112 | 3TDES | 2048 | 2048 | 224–255 |
| 128 | AES | 3072 | 3072 | 256–283 |
| 192 | AES | 7860 | 7860 | 384–511 |
| 256 | AES | 15360 | 15360 | 512+ |
Asymmetric and symmetric encryptions are typically used together: use an asymmetric algorithm such as RSA to securely send someone an AES (symmetric) key. The symmetric key is called the session key; a new session key may be retransmitted periodically via RSA.
This approach leverages the strengths of both cryptosystems. Use the slower and weaker asymmetric system for the part that symmetric encryption cannot do: securely pre-share keys. Once shared, leverage the fast and strong symmetric encryption to encrypt all further traffic.
Quantum Encryption
Quantum encryption leverages quantum mechanics to determine whether something has been observed. The process is built on the observer effect: “The observer effect is the fact that observing a situation or phenomenon necessarily changes it. Observer effects are especially prominent in physics where observation and uncertainty are fundamental aspects of modern quantum mechanics” [37].
Since observing something changes “perturbs” (changes) it, we can send an encryption key to a recipient, and the recipient can determine if it had been previously observed. While anything may be sent, a strong symmetric key is often used in this case: this is called Quantum Key Distribution (QKD). An eavesdropper who sees the key will also change it in a detectable manner. If the key was observed, send a new key. Once an unobserved key has been received, it may be safely used for encryption and sent back to the key’s sender (who also possesses the same key) for decryption.
IDQ describes quantum encryption:
- Quantum cryptography is a technology that uses quantum physics to secure the distribution of symmetric encryption keys. A more accurate name for it is quantum key distribution (QKD). It works by sending photons, which are “quantum particles” of light, across an optical link.
- The principles of quantum physics stipulate that observation of a quantum state causes perturbation. The various QKD protocols are designed to ensure that any attempt by an eavesdropper to observe the transmitted photons will indeed perturb the transmission. Row 2 is shifted 2 to the left.
- This perturbation will lead to transmission errors, which can be detected by the legitimate users.
- This is used to verify the security of the distributed keys [38].