One of the most difficult problems with regard to cryptographic protocols is exchanging and managing the secrets (e.g. keys). In fact, key management is one of the most challenging and common areas where implementation of cryptographic systems fail. Fortunately, today cryptographic systems have been created to efficiently exchange keys over a public medium, such as the Internet, to create a secure channel. These work by creating VERY large factorization of prime numbers which are easily calculated but very difficult to de-factor for computing systems. With these algorithms, the two systems which need to exchange keys will both generate a value, send a portion of their calculation to one another, as well as another value used in the calculation, and then are able to come up with identical really large prime numbers used as a shared secret key. Garcia explains the math and algorithm in more details about how RSA works in his blog posting (Garcia, 2017).
In either case, it serves they purpose of exchanging keys for block ciphers and message authentication codes. Ferguson et all remind us, in order “[t]o encrypt with a block cipher, we need a secret key. Without a secret key, there is no way to hide the message” (2010, p. 43). When a cryptographic system must choose how to securely send secret keys to be used by both the message authentication code (MAC) algorithms and the symmetric block ciphers developers typically choose one of two options rather than trying to create their own system which we have previously discussed is a bad idea.
The two most common classic methods, referred to as public-key cryptography or asymmetric cryptography, are known as the Diffie-Hellman key exchange protocol (e.g. DH) and the Rivest-Shamir-Adleman (RSA) algorithm. Between the two, RSA had found wider commercial support and includes a trapdoor one-way function allowing it to be used to as a digital signature as well as a secure asymmetric key exchange protocol (Ferguson, Kohno, & Schneier, 2010, p. 195). However, today, there are additional options or variations of these two, DH in particular. The fact of the matter is that weaker keys for both DH and RSA algorithms are smaller. Figure 1 shows a handy chart developed by security consulting firm BlueKrypt which distills algorithms and the security level requirements from the vast NIST documentation.
Dr. Thomas Pornin provides a succinct answer to a question posed on the social site, stackexchange.com where he answers the question “Is there any particular reason to use Diffie-Hellman over RSA for key exchange” (Pornin, 2013). The answer is dependent on the application as the choice is context specific. In either case, based on Dr. Pornin’s response that Diffie-Hellman is faster when generating keys for web-based applications, and knowing that the bulk of our usage involves TLS 1.1/1.2 security protocols. So when you need to quickly generate keys for web-based applications then you may likely chose the key distribution algorithms Elliptic Curve Diffie Hellman 256-bit to enforce a 128-bit security level, or Elliptic Curve Diffie Hellman 512-bit to enforce a 256-bit security level. The usage of these bit strengths provides ample crypto periods (2016-2030 and beyond), and in cases where Elliptic Curve options may not be available, utilizing RSA Signatures and Diffie-Hellman at the appropriate bit-strengths of 3072-bit and 15360-bit can maintain a higher security level. RSA remains one of the most commonly used asymmetric key exchange protocols, and it likely will continue to flourish in the future as one of the de facto standards for web site encryption key exchanges, VPN key exchanges, and other cryptographic system key exchanges.
References
In either case, it serves they purpose of exchanging keys for block ciphers and message authentication codes. Ferguson et all remind us, in order “[t]o encrypt with a block cipher, we need a secret key. Without a secret key, there is no way to hide the message” (2010, p. 43). When a cryptographic system must choose how to securely send secret keys to be used by both the message authentication code (MAC) algorithms and the symmetric block ciphers developers typically choose one of two options rather than trying to create their own system which we have previously discussed is a bad idea.
The two most common classic methods, referred to as public-key cryptography or asymmetric cryptography, are known as the Diffie-Hellman key exchange protocol (e.g. DH) and the Rivest-Shamir-Adleman (RSA) algorithm. Between the two, RSA had found wider commercial support and includes a trapdoor one-way function allowing it to be used to as a digital signature as well as a secure asymmetric key exchange protocol (Ferguson, Kohno, & Schneier, 2010, p. 195). However, today, there are additional options or variations of these two, DH in particular. The fact of the matter is that weaker keys for both DH and RSA algorithms are smaller. Figure 1 shows a handy chart developed by security consulting firm BlueKrypt which distills algorithms and the security level requirements from the vast NIST documentation.
Dr. Thomas Pornin provides a succinct answer to a question posed on the social site, stackexchange.com where he answers the question “Is there any particular reason to use Diffie-Hellman over RSA for key exchange” (Pornin, 2013). The answer is dependent on the application as the choice is context specific. In either case, based on Dr. Pornin’s response that Diffie-Hellman is faster when generating keys for web-based applications, and knowing that the bulk of our usage involves TLS 1.1/1.2 security protocols. So when you need to quickly generate keys for web-based applications then you may likely chose the key distribution algorithms Elliptic Curve Diffie Hellman 256-bit to enforce a 128-bit security level, or Elliptic Curve Diffie Hellman 512-bit to enforce a 256-bit security level. The usage of these bit strengths provides ample crypto periods (2016-2030 and beyond), and in cases where Elliptic Curve options may not be available, utilizing RSA Signatures and Diffie-Hellman at the appropriate bit-strengths of 3072-bit and 15360-bit can maintain a higher security level. RSA remains one of the most commonly used asymmetric key exchange protocols, and it likely will continue to flourish in the future as one of the de facto standards for web site encryption key exchanges, VPN key exchanges, and other cryptographic system key exchanges.
References
- Ferguson, N., Kohno, T., & Schneier, B. (2010). Cryptography engineering: design principles and practical applications. Indianapolis, IN: Wiley Pub., Inc.
- Garcia, J. (2017, July 20). How does RSA work? - Hacker Noon. Retrieved June 28, 2019, from https://hackernoon.com/how-does-rsa-work-f44918df914b
- National Institute of Standards and Technologies. (2018, April). Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography. (E. Barker, L. Chen, A. Roginsky, & A. Vassilev, Eds.) doi:NIST SP 800-56Ar3
- National Institute of Standards and Technology. (2007, November). NIST SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. (M. Dworkin, Ed.) doi:SP 800-38D
- National Institute of Standards and Technology. (2016, January). Recommendation for Key Management, Part 1: General. (E. Barker, Ed.) doi:SP 800-57 Part 1 Revision 4
- National Institute of Standards and Technology. (2019, March). Recommendation for Pair-Wise Key Establishment Using Integer Factorization Cryptography. (E. Barker, L. Chen, A. Roginsky, & A. Vassilev, Eds.) doi:SP 800-56B Revision 2
- Pornin, D. T. (2013, May 8). Is there any particular reason to use Diffie-Hellman over RSA for key exchange? Retrieved April 5, 2019, from stackexchange.com: https://security.stackexchange.com/questions/35471/is-there-any-particular-reason-to-use-diffie-hellman-over-rsa-for-key-exchange