Public-Key

對稱和非對稱的區別。根據筆試,這個答案是否正確?

  • December 10, 2014

我在期末考試中問了以下問題:

對稱密碼(例如 AES、DES、Blowfish)在最好的情況下最多使用 256 位,這被認為對暴力攻擊具有很強的抵抗力。另一方面,非對稱加密(例如 RSA、DSA、Elgamal)使用更多的比特(~2048)。解釋對稱密碼和非對稱密碼之間比特差異的原因。

他的回答是:

非對稱密碼使用更多位,因為通常它使用功率,這會產生位增加。此外,非對稱加密比對稱加密需要更多的處理時間,這導致比特級別的成本更高。

他所說的“權力”是指“數學權力”。他引用網際網路上的以下內容來支持他的回答:

“該算法很慢,因為它使用的數學運算成本很高,而且密鑰大小很大。部分問題在於指數的選擇”

最後:

“雖然在數學上並不精確,但第一個操作可以被接受為線性的,因為操作的數量與兩個操作數的大小成正比。另一方面,第二個操作是指數類型,因為輸入大小加倍,數字要進行的操作不會翻倍,它會隨著時間呈指數增長。”

雖然答案在這裡,但我看到他的部分陳述是正確的,但他是否正確回答了這個問題?

I don’t believe he is answering the right question. You essentially asked “why are public keys so much larger than symmetric keys”, and after his first sentence (which started to address the question, but was a bit vague), he tried to answer the distinct question “why are public key operations so much slower” (not that he got the details of that correct; his last sentence appeared to imply that public key operations take an exponential amount of time).

I don’t think it is right. The reason why RSA in particular uses such a high bit count, is that RSA’s security is based on factorization of integers and integers with up to 100 digits (roughly 300 bits) can be “easily” factorized with the Quadratic Sieve.

In general, there are asymmetric ciphers like those based on elliptic curve cryptography that also use low bit counts of about 160 bits.

The reason, why most asymmetric algorithms use high bit counts is the following: Most of them are based on algebraic calculations and hence there are ways (or at least the probability is high) to find a shortcut around the algorithm and crack it (like factorizing the RSA public key).

Symmetric algorithms on the other hand often are intentionally “unalgebraic”. For example AES does lots of bit XORing, shifting, mixing etc to prevent easily exploitable mathematical relations between cleartext and ciphertext.

Summary: A keyspace of 256-bits is more than large enough to be considered safe. But while most symmetric algorithms leave (almost) no other attack vector but bruteforcing the key, most asymmetric algorithms have well known attack vectors, that make cracking the algorithm way easier then just bruteforcing the key. Hence the keyspace must be much bigger to gain the same security.

引用自:https://crypto.stackexchange.com/questions/20755