# Symmetric-key vs. public-key cryptography

Symmetric-key and public-key encryption schemes have various advantages and disadvantages, some of which are common to both. This section highlights a number of these and summarizes features pointed out in previous sections.

- (i) Advantages of symmetric-key cryptography
- 1. Symmetric-key ciphers can be designed to have high rates of data throughput. Some hardware implementations achieve encrypt rates of hundreds of megabytes per second, while software implementations may attain throughput rates in the megabytes per second range.
- 2. Keys for symmetric-key ciphers are relatively short.
- 3. Symmetric-key ciphers can be employed as primitives to construct various cryptographic mechanisms including pseudorandom number generators (see Chapter 5), hash functions (see Chapter 9), and computationally efficient digital signature schemes (see Chapter 11), to name just a few.
- 4. Symmetric-key ciphers can be composed to produce stronger ciphers. Simple transformations which are easy to analyze, but on their own weak, can be used to construct strong product ciphers.
- 5. Symmetric-key encryption is perceived to have an extensive history, although it must be acknowledged that, notwithstanding the invention of rotor machines earlier, much of the knowledge in this area has been acquired subsequent to the invention of the digital computer, and, in particular, the design of the Data Encryption Standard (see Chapter 7) in the early 1970s.
- (ii) Disadvantages of symmetric-key cryptography
- 1. In a two-party communication, the key must remain secret at both ends.
- 2. In a large network, there are many key pans to be managed. Consequently, effective key management requires the use of an unconditionally trusted TTP (Definition 1.65).
- 3. In a two-party communication between entities
*A*and*B,*sound cryptographic practice dictates that the key be changed frequently, and perhaps for each communication session. - 4. Digital signature mechanisms arising from symmetric-key encryption typically require either large keys for the public verification function or the use of a TTP (see Chapter 11).
- (iii) Advantages of public-key cryptography
- 1. Only the private key must be kept secret (authenticity of public keys must, however, be guaranteed).
- 2. The administration of keys on a network requires the presence of only a functionally trusted TTP (Definition 1.66) as opposed to an unconditionally trusted TTP. Depending on the mode of usage, the TTP might only be required in an “off-line” manner, as opposed to in real tune.
- 3. Depending on the mode of usage, a private key/public key pan may remain unchanged for considerable periods of time, e.g., many sessions (even several years).
- 4. Many public-key schemes yield relatively efficient digital signature mechanisms. The key used to describe the public verification function is typically much smaller than for the symmetric-key counterpart.

- 5. In a large network, the number of keys necessary may be considerably smaller than in the symmetric-key scenario.
- (iv) Disadvantages of public-key encryption
- 1. Throughput rates for the most popular public-key encryption methods are several orders of magnitude slower than the best known symmetric-key schemes.
- 2. Key sizes are typically much larger than those required for symmetric-key encryption (see Remark 1.53), and the size of public-key signatures is larger than that of tags providing data origin authentication from symmetric-key techniques.
- 3. No public-key scheme has been proven to be secure (the same can be said for block ciphers). The most effective public-key encryption schemes found to date have their security based on the presumed difficulty of a small set of number-theoretic problems.
- 4. Public-key cryptography does not have as extensive a history as symmetric-key encryption, being discovered only in the mid 1970s.
^{[1]}

Summary of comparison

Symmetric-key and public-key encryption have a number of complementary advantages. Current cryptographic systems exploit the strengths of each. An example will serve to illustrate.

Public-key encryption techniques may be used to establish a key for a symmetric-key system being used by communicating entities *A* and *B.* In this scenario *A* and *В* can take advantage of the long term nature of the public/private keys of the public-key scheme and the performance efficiencies of the symmetric-key scheme. Since data encryption is frequently the most tune consuming part of the encryption process, the public-key scheme for key establishment is a small fraction of the total encryption process between *A* and *В.*

To date, the computational performance of public-key encryption is inferior to that of symmetric-key encryption. There is, however, no proof that this must be the case. The important points in practice are:

- 1. public-key cryptography facilitates efficient signatures (particularly non-repudiation) and key mangement; and
- 2. symmetric-key cryptography is efficient for encryption and some data integrity applications.
- 1.53 Remark (
*key sizes: symmetric key*vs.*private key*) Private keys in public-key systems must be larger (e.g., 1024 bits for RSA) than secret keys in symmetric-key systems (e.g., 64 or 128 bits) because whereas (for secure algorithms) the most efficient attack on symmetric- key systems is an exhaustive key search, all known public-key systems are subject to “shortcut” attacks (e.g., factoring) more efficient than exhaustive search. Consequently, for equivalent security, symmetric keys have bitlengths considerably smaller than that of private keys in public-key systems, e.g., by a factor of 10 or more.

- [1] It is, of course, arguable that some public-key schemes which are based on hard mathematical problems havea long history' since these problems have been studied for many years. Although this may be true, one must bewary' that the mathematics was not studied with tins application in mind.