In a symmetric cipher, the same key is used for encryption and decryption. What are some disadvantages of using the same key?
Asked
Active
Viewed 1.1k times
0
-
3As you say, all symmetric encryption algorithms use the same key for encryption and decryption. Therefore, are you asking for disadvantages of symmetric encryption in general? – A. Darwin May 26 '16 at 06:17
-
1"symmetric" means same key for encryption and decryption – paj28 May 26 '16 at 08:12
-
Can you clarify what you are asking? Sometimes unclear questions get closed on stackexchange. Don't fuss about it. Just update the question and it will get reopened – Neil Smithline May 30 '16 at 03:47
3 Answers
3
The disadvantage of symmetric encryption
Symmetric encryption always use the same key for encryption and decryption - that is the very definition of it. That has one major downside.
If the person doing the encryption and the decryption are not the same, they have to somehow securely share the key. If A generates a random key and encrypts a message for B with it, how does he get the key to B? To do this securely, he has to transmit the key out of bound, or encrypt it with B's public key using asymmetric encryption.
Obviously asymmetric encryption does not suffer from this disadvantage, since B can freely share his public key with anybody without loosing any confidentiality.
The disadvantage of asymmetric encryption
One word: Performance. It is slower than symmetric encryption. Therefore it is in general just used to encrypt a symmetric key that is used to encrypt the rest of the message.
1
The main disadvantage of using a shared key in encryption is that you cannot use it to ensure non-repudiation. If you got a message and you are able to decipher it, there is no proof that the sender did encrypt it, because one can still argue you encrypted it yourself.
M'vy
- 13,033
- 3
- 47
- 69
0
This is fairly easy to understand. Simply symmetric encryption use single key for encryption and decryption while asymmetric use different keys (4 different keys).
Main disadvantage of symmetric key is the damage, if someone get your key. He can read your messages(sent/receive). Because you use the same “compromised key” for encryption and decryption.(Read both sent and receive)
But in asymmetric key sender(X) and receiver(Y) has two different private keys for decryption. Let’s assume someone take the ‘X’ private key. So he can read the messages sent by ‘Y’. But still key can’t read messages send by ‘X’. Because for that he needs to know the ‘Y’ private key.(Read only sent or receive)
Summary: damage is massive when you lost your symmetric key. In Asymmetric, you need to know the both private keys to do the same damage.
Other point is there is no way to safely share the secret key with both parties
Dilan
- 181
- 6
-
I disagree. This disadvantage is not inherent in the use of symmetric keys and can be mitigated, with the following key usage protocol: Alice always encrypts with symmetric key Key1, and Bob always encrypts with a distinct symmetric key Key2. Then in the event of compromise of Key1, only messages sent from Alice are revealed. To reveal all messages would entail both Key1 and Key2 to be compromised. – D.H. May 26 '16 at 12:14
-
You misunderstood the concept here.I don't say all messages. Compromise of Key 1, attacker can read messages sent from Alice as well as messages received by Alice. Because Alice use Key 1 for both encryption and decryption. If they user shared secret key(Key3), then reveal all the messages. – Dilan May 27 '16 at 01:35
-
I do understand very well actually. The compromise argument applies (I agree with that) because the same key is used for both encryption and decryption. My point is that this disadvantage is not inherent to the use of symmetric keys - which your answer implies - because it can be avoided easily. – D.H. May 27 '16 at 06:23