**Alice works for a company where the public key infrastructure is implemented. She sent an encrypted message to Bob. Which of the following is the most likely reason why she employed the AES secret key to encrypt the message instead of her RSA public key? (Source: Wentz QOTD)**

A. The performance of AES is faster if the work factor is the same

B. The requirement for AES key length is shorter if the work factor is the same

C. The encryption by the AES secret key is more effective if key exchange is secured

D. The computational complexity for breaking AES is higher if the key length is the same

**Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.**

My suggested answer is C. The encryption by the AES secret key is more effective if key exchange is secured.

This question is designed as a reminder of the usage effectiveness of asymmetric keys. It’s ineffective that Alice encrypts the message using her **public key** because nobody can acquire her private key to decrypt the cipher text. On the other hand, if she encrypts the message using her **private key**, then everyone can decrypt the cipher text because her public key is publicly available. In summary, it’s ineffective to use any of the RSA keys to encrypt the message.

The effective way is that Alice uses a symmetric key or Bob’s public key to encrypt the message.

# Bob’s Public Key Matters!

According to ISO 21246:2019 (Information and documentation — Key indicators for museums), effectiveness is the “**measure of the degree to which given objectives are achieved**.” In other words, an effective cryptographic solution can achieve security objectives or solve problems.

For Alice to send a message to Bob securely, the cryptographic solution should achieve the following objectives:

- It shall be strong enough to maintain confidentiality.
- It shall decrypt ciphertext correctly so that Bob can read the message.

It’s an ineffective solution for Alice to encrypt the message using **her own public key** because **Alice’s private key** is not available to Bob. Alice should use **Bob’s public key** to encrypt the message or the AES secret key.

In practice, symmetric and asymmetric are unified or implemented to support each other because symmetric ciphers have better performance. The message should be encrypted by the AES secret key, which is encrypted or exchanged by **Bob’s public key**.

In either case, Alice’s public will never be used to encrypt her own messages. It is always **Bob’s public key** that encrypts Alice’s messages.

# Key Length, Performance, and Work Factor

Generally speaking, symmetric ciphers use smaller/shorter keys and hence perform faster than asymmetric ciphers under the same level of work factor. In other words, symmetric ciphers have higher computational complexity if the key length is the same.

# Reference

- Analysis of algorithms
- WHY WORK FACTOR ALGORITHMS SHOULD BE USED
- Differences between Work Factor and Time Complexity
- 8 time complexities that every programmer should know

# A BLUEPRINT FOR YOUR SUCCESS IN CISSP

*The Effective CISSP: Security and Risk Management*, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

Alice正在向Bob發送加密消息。 根據Kerckhoffs的原則，以下哪項必須保密？

A. 加密器的運算模式

B. 用於避免產生重複樣態的唯一隨機值

C. 用於使密文複雜化的輸入

D. 用於加密只能由另一個密鑰解密的數據的密鑰