4

Key exchange algorithms make it possible to establish a shared secret key.

But isn't a shared secret always just as powerful as each party creating a public/private key pair and sending each other their public key, and using that for exchanging data?

I always read this is not secure because of the risk that the private key might leak. However the shared key might also leak.

Why the need for key exchange algorithms?

hgiesel
  • 141
  • 5
  • Why would you ever need public key encryption when you can use key exchange algorithms? – CodesInChaos Feb 21 '18 at 09:45
  • Which is also a good question – hgiesel Feb 21 '18 at 09:46
  • @CodesInChaos You know that the key exchange mechanism needs to be authenticated. The questions aren't analogous. – Melab Feb 21 '18 at 16:28
  • @Melab A key-exchange function paired with symmetric encryption can do everything you can use asymmetric encryption can do. Asymmetric encryption on the other hand is less powerful than a key-exchange function because it can't do non-interactive deniable authentication. – CodesInChaos Feb 21 '18 at 16:32
  • @CodesInChaos What is "non-interactive deniable authentication"? – Melab Feb 21 '18 at 21:08

1 Answers1

3

Why the need for key exchange algorithms?

Most of the time in practice you will probably use a secret key with a symmetric cryptosystem because of efficiency reasons. Especially if you have a large amount of data to send, doing a single key agreement via Diffie-Hellman and then using the resultant key with a symmetric cryptosystem will be take significantly less time than actually packaging the data up and sending it one chunk at a time via RSA. Performing a key exchange and then using the key for a symmetric cryptosystem is referred to as a hybrid cryptosystem.

  • Less time implies fewer CPU cycles
    • Fewer CPU cycles implies lower power consumption
  • Public Key Encryption implies ciphertext expansion
    • This results in slower transfer speeds for data in transit on a network
    • This results in more space consumed for data at rest on a storage medium
  • Key agreement algorithms such as Diffie-Hellman are sometimes simpler to implement than public key encryption schemes such as RSA.

When to use Public Key Encryption

Many PKE schemes offer homomorphic encryption. If you want homomorphic encryption, you probably can't opt for the hybrid cryptosystem and will need to package your message into the PKE ciphertext.

If you are operating in a constrained environment, depending on the nature of the constraints and environment it can possibly be better to simply use PKE directly instead of a hybrid cryptosystem. Such constraints might include:

  • Code size constraints
  • Data size/bandwidth constraints
  • Latency constraints
  • Compatibility constraints

What is most efficient will depend on the exact nature of the environment, constraints, and algorithms in question.

Ella Rose
  • 19,603
  • 6
  • 53
  • 101
  • The list of constraints may not be exhaustive - if there are some missing please leave a comment or a suggested edit. – Ella Rose Feb 21 '18 at 02:30