Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the performance difference of pki to symmetric encryption?

We are looking to do some heavy security requirements on our project, and we need to do a lot of encryption that is highly performant.

I think that I know that PKI is much slower and more complex than symmetric encryption, but I can't find the numbers to back up my feelings.

like image 201
stevemac Avatar asked Sep 23 '08 00:09

stevemac


People also ask

Is public key faster than symmetric encryption?

Symmetric cryptography is faster to run (in terms of both encryption and decryption) because the keys used are much shorter than they are in asymmetric cryptography.

How much faster is symmetric encryption?

Symmetric encryption is faster than asymmetric encryption because it only uses one encryption key. With every added layer of encrypted security, the speed of the data transmission inevitably decreases. That's because it takes more processing time to encrypt and decrypt the messages.

Is symmetric key cryptography faster than asymmetric?

So, in a nutshell, symmetric encryption is faster than asymmetric encryption. Asymmetric encryption sacrifices speed for security, while symmetric encryption sacrifices security for speed.

Does PKI use symmetric encryption?

PKI merges the use of both asymmetric and symmetric encryption. Both symmetric and asymmetric encryption have their own strengths and best use case scenarios, which is what makes the combination of both so powerful in Public Key Infrastructure.


1 Answers

On a Macbook running OS X 10.5.5 and a stock build of OpenSSL, "openssl speed" clocks AES-128-CBC at 46,000 1024 bit blocks per second. That same box clocks 1024 bit RSA at 169 signatures per second. AES-128-CBC is the "textbook" block encryption algorithm, and RSA 1024 is the "textbook" public key algorithm. It's apples-to-oranges, but the answer is: RSA is much, much slower.

That's not why you shouldn't be using public key encryption, however. Here's the real reasons:

  1. Public key crypto operations aren't intended for raw data encryption. Algorithms like Diffie-Hellman and RSA were devised as a way of exchanging keys for block crypto algorithms. So, for instance, you'd use a secure random number generator to generate a 128 bit random key for AES, and encrypt those 16 bytes with RSA.

  2. Algorithms like RSA are much less "user-friendly" than AES. With a random key, a plaintext block you feed to AES is going to come out random to anyone without the key. That is actually not the case with RSA, which is --- more so than AES --- just a math equation. So in addition to storing and managing keys properly, you have to be extremely careful with the way you format your RSA plaintext blocks, or you end up with vulnerabilities.

  3. Public key doesn't work without a key management infrastructure. If you don't have a scheme to verify public keys, attackers can substitute their own keypairs for the real ones to launch "man in the middle" attacks. This is why SSL forces you to go through the rigamarole of certificates. Block crypto algorithms like AES do suffer from this problem too, but without a PKI, AES is no less safe than RSA.

  4. Public key crypto operations are susceptible to more implementation vulnerabilities than AES. For example, both sides of an RSA transaction have to agree on parameters, which are numbers fed to the RSA equation. There are evil values attackers can substitute in to silently disable encryption. The same goes for Diffie Hellman and even more so for Elliptic Curve. Another example is the RSA Signature Forgery vulnerability that occurred 2 years ago in multiple high-end SSL implementations.

  5. Using public key is evidence that you're doing something "out of the ordinary". Out of the ordinary is exactly what you never want to be with cryptography; beyond just the algorithms, crypto designs are audited and tested for years before they're considered safe.

To our clients who want to use cryptography in their applications, we make two recommendations:

  • For "data at rest", use PGP. Really! PGP has been beat up for more than a decade and is considered safe from dumb implementation mistakes. There are open source and commercial variants of it.

  • For "data in flight", use TLS/SSL. No security protocol in the world is better understood and better tested than TLS; financial institutions everywhere accept it as a secure method to move the most sensitive data.

Here's a decent writeup [matasano.com] me and Nate Lawson, a professional cryptographer, wrote up a few years back. It covers these points in more detail.

like image 157
tqbf Avatar answered Nov 27 '22 21:11

tqbf