Question

Demonstrate why is not enough to use an asymmetric crypting scheme such as RSA to allow two parties to securely exchange messages? What is the technology to deal with the problem?

Answer 1

Rivest–Shamir–Adleman (RSA) asymmetric encrypting scheme. It is one of the oldest. RSA is not used because it is relatively a slow algorithm when it comes to the same computer encrypting large data, hence cannot be used for directly encrypting user data. Hence, for this purpose, it makes use of a third party for verifying the reliability of public keys. Also, data or message that is transferred through the RSA algorithm has the potential of being attacked and compromised by middlemen, carrying out a Man-In-The-Middle attack manipulating the public key system. Another concern is its public keys used for encryption are not authenticated. On the other hand, in case the private key is lost, it may not be able to repair it and the message cannot be decrypted by anyone, even by the receiver at the destination node. Additionally, the algorithm requires more computation resources, more than that is requires for single-key encryption.

* The algorithms' key is too large and hence, it consumes a lot of calculation time.
* It takes time for key generation.

* It is not safe to use the same RSA key pair to sign and encrypt i.e., to encrypt/decrypt and to sign/verify. The same key should never be used for more than one scheme.

The technology to deal with this particular problem of "key being too large" is using the faster "Elliptic Curve Cryptography (ECC)" that uses smaller key or message sizes when compared to RSA, to achieve the same security level. ECC can be used as an alternative to RSA to implement public-key cryptography. ECC generates faster, more efficient, and smaller cryptographic keys. It requires the hackers to compute an elliptic curve discrete logarithm, which is difficult than factoring (as compared to RSA), to break ECC. The outcome is ECC key sizes are smaller in comparison with RSA's requirement. Also, ECC provides equivalent security, consuming lower computing, and battery resources.