0

We all hear often about the reused key issue in block cipher.

For example, for a picture being encrypted by the electronic codebook mode, we will still see the shape of the picture. https://images.app.goo.gl/Hw8c9xDHcmi7nCNg6

So that is why we need initialization vector to increase the randomization. That is why CBC, OFB, CFB, CTR come to the world. Session key, block cipher key should not be repeatedly used. Repeated use will create the hints to sniffer as they might find some pattern.

So here is my question, why we seldom hear about the reused key issue in RSA or Asymmetric encryption, it has no action about Initialization vector. If i have a same plaintext, everytime i used the same public key to encrypt, i will still get the same cipher.

My answer is that Asymmetric encryption is always used in exchange key, key is always a random number so it will be hard for sniffer to get the same cipher. But in case Asymmetri encryption one day be used in the session key, some further mechanism has to be added.

Can someone help to comment my thought?

Alex Tse
  • 3
  • 2
  • I think you are confusing terminology. PKI is public key **infrastructure**, i.e. the hierarchy of CA, sub-CA, leaf certificates etc. And asymmetric encryption simply should not be used for the use case you envision, so no need to care how it can be used there. Instead of defining how to use it in this use case simple define it as "don't do it". – Steffen Ullrich Aug 06 '20 at 18:35
  • And, nonce/IVs enable to reuse of the key again and again. The number of usage is different per mode. The IV is needed for Semantic security or in this case Ind-CPA security. – kelalaka Aug 06 '20 at 22:44
  • @SteffenUllrich right PKI is not correct, what i mean is Asymmetric encryption or RSA or ECC. We all know it is not used in the use case because of time consuming, but i would like to foresee one day computer power become much more strong, maybe one day we can use RSA/ECC/Asymmetric encryption for the session key, then the reused key will be the problem. We all know now it(RSA/ECC/Asymmetric encryption) don't have it(IV) but i would like to know the reason why and see whether my explaination is correct. – Alex Tse Aug 07 '20 at 01:58
  • RSA encryption as actually used includes random padding; see https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Padding_schemes . 'Asymmetric encryption' is an infinite category and cannot possibly be addressed on a website like Stack; if you have some specific other scheme(s) in mind, ask about it(them) clearly. – dave_thompson_085 Aug 07 '20 at 02:28
  • @AlexTse: *"...but i would like to foresee one day computer power become much more strong..."* - If computers get faster not only asymmetric encryption will be faster but symmetric encryption too and it will still be much faster than asymmetric encryption. So it still makes no sense to use asymmetric encryption to encrypt large amount of data like you envision. Apart from that there are other problems, see for example [When should I use symmetric encryption instead of RSA?](https://security.stackexchange.com/questions/54360/when-should-i-use-symmetric-encryption-instead-of-rsa). – Steffen Ullrich Aug 07 '20 at 05:02

0 Answers0