Disadvantages of Public-Key Encryptionby G.S. Jackson
Sharing encrypted messages is not a foolproof method of communication, and as such different encryption methods exist. A common one is public-key encryption, which requires both parties to have public and private keys to communicate. While this offers more in the way of security for users, it also means that the encryption and decryption processes are more complex and thus slower. Also, this encryption method does not address some problems with message tampering and authentication, both of which are serious security concerns as well.
Basics of Public-Key Encryption
Public-key encryption addresses the weaknesses of private-key -- or secret-key -- encryption by offering a more secure way to share data with others. Secret key encryption uses a single encryption key -- basically a map that explains how to scramble the information -- to encrypt and decrypt data, and both parties require this key to communicate securely. If this key is compromised, anyone with the key can read any message using that key. In public key encryption, a communicator has two keys: a public key and a private key. Both keys are related: the public key encrypts data, the private decrypts. A user can take someone's public key and use it to encrypt a message. Then, only that person's private key can decrypt that message.
One disadvantage of public-key encryption is that is is slower than other methods, such as secret-key encryption. In secret-key encryption, a single key provides that only way to encrypt and decrypt, simplifying and speeding up the process. In public-key encryption, the encryption and decryption processes have to work with two different keys, each related to each other by a complex mathematical process involving prime number factorization. Thus, encryption and decryption take more time and computer resources.
Public-key encryption also does not have a built-in method for authentication. For example, a user that uses your public key to encrypt a message can still pose as someone else. Furthermore, a message may be intercepted or modified without the users' knowledge. While public-key encryption can guarantee that a file is encrypted and decrypted, it cannot guarantee who the file is from or if it is authentic without additional safeguards in place.
How to Address Disadvantages of Public-Key Encryption
One way to address the speed of public key encryption is to combine public-key and secret-key encryption methods. By using a secret-key system in conjunction with public-key encryption, you can get the benefit of superior security while using single, secret keys when possible to increase the speed and efficiency of encryption. To authenticate messages, you can use a certificate generated by a certificate authority to verify a user. Furthermore, you can ask that users generate checksums of their messages via hash functions: these functions generate a unique number from a message that you can compare with your own generated number using the same hash function. If both numbers do not match, then you know the message has been damaged or tampered with.
- RSA Labs: What are the Advantages and DIsadvantages of Public-Key Encryption Compared to Private-Key Encryption?
- Stanford Computer Science: Encryption F.A.Q.
- The Linux Documentation Project: Encryption
- International Journal of Network Security & Its Application: Combinging Private and Public Key Encryption Techniques for Providing Extreme Secure Environment for an Academic Institution Application
- Jupiterimages/Polka Dot/Getty Images