Alice works for a company where the public key infrastructure is implemented. She sent an encrypted message to Bob. Which of the following is the most likely reason why she employed the AES secret key to encrypt the message instead of her RSA public key? (Source: Wentz QOTD)
A. The performance of AES is faster if the work factor is the same
B. The requirement for AES key length is shorter if the work factor is the same
C. The encryption by the AES secret key is more effective if key exchange is secured
D. The computational complexity for breaking AES is higher if the key length is the same
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. The encryption by the AES secret key is more effective if key exchange is secured.
This question is designed as a reminder of the usage effectiveness of asymmetric keys. It’s ineffective that Alice encrypts the message using her public key because nobody can acquire her private key to decrypt the cipher text. On the other hand, if she encrypts the message using her private key, then everyone can decrypt the cipher text because her public key is publicly available. In summary, it’s ineffective to use any of the RSA keys to encrypt the message.
The effective way is that Alice uses a symmetric key or Bob’s public key to encrypt the message.
Bob’s Public Key Matters!
According to ISO 21246:2019 (Information and documentation — Key indicators for museums), effectiveness is the “measure of the degree to which given objectives are achieved.” In other words, an effective cryptographic solution can achieve security objectives or solve problems.
For Alice to send a message to Bob securely, the cryptographic solution should achieve the following objectives:
- It shall be strong enough to maintain confidentiality.
- It shall decrypt ciphertext correctly so that Bob can read the message.
It’s an ineffective solution for Alice to encrypt the message using her own public key because Alice’s private key is not available to Bob. Alice should use Bob’s public key to encrypt the message or the AES secret key.
In practice, symmetric and asymmetric are unified or implemented to support each other because symmetric ciphers have better performance. The message should be encrypted by the AES secret key, which is encrypted or exchanged by Bob’s public key.
In either case, Alice’s public will never be used to encrypt her own messages. It is always Bob’s public key that encrypts Alice’s messages.
Key Length, Performance, and Work Factor
Generally speaking, symmetric ciphers use smaller/shorter keys and hence perform faster than asymmetric ciphers under the same level of work factor. In other words, symmetric ciphers have higher computational complexity if the key length is the same.
- Analysis of algorithms
- WHY WORK FACTOR ALGORITHMS SHOULD BE USED
- Differences between Work Factor and Time Complexity
- 8 time complexities that every programmer should know
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.