4.5 Digital envelopes

4.5    Digital envelopes

There are advantages and disadvantages related to both secret and public key cryptography. For example, the use of secret key cryptography is efficient but does not scale well beyond a certain number of participants . Furthermore, secret key cryptography does not provide the possibility to digitally sign data. Conversely, public key cryptography solves the scalability and digital signature problems but is highly inefficient in terms of computational resources.

In an attempt to combine the advantages of secret and public key cryptography, a hybrid scheme may be used. In short, a hybrid scheme combines secret and public key cryptography to produce a scheme that is as efficient and effective as possible. For example, the digital envelope is a hybrid scheme that is heavily used in many applications. The aim of a digital envelope is similar to a letter envelope: It must protect the confidentiality of a message. As such, the digital envelope provides a digital analog for the letter envelope in the physical world (hopefully with better security properties).

When A wants to send a confidential message M to B, she can generate a digital envelope for M and send the envelope to B. On the sender s side the procedure is as follows : ^[9]

1. A retrieves B s public key k _B from a directory service or from a local repository.

2. A randomly generates a transaction key K from a secret key cryptosystem.

3. A encrypts M with K (the result is { M } K ).

4. A encrypts K with k _B (the result is { K } k _B ).

5. A concatenates { M } K with { K } k _B , and sends the result to B.

Upon receipt of { M } K and { K } k _B , B uses his private key k _B ^-1 to decrypt the message. The two-step procedure is as follows:

1. B decrypts { K } k _B with k _B ^-1 B (the result is K ).

2. B decrypts { M } K with K (the result is M ).

Obviously, an alternative procedure would be to directly encrypt the message M with B s public key k _B , and to send the result, { M } kB , to B. However, the use of a digital envelope has at least two advantages compared with this simple scheme:

w First, the use of a digital envelope is more efficient. Remember from our previous discussions that public key cryptography is computationally expensive compared with secret key cryptography. Consequently, encrypting a message with a public key requires more computational resources than encrypting a message with a secret key. The longer the message, the more efficient and advantageous the use of secret key cryptography.

w Second, the use of a digital envelope is more appropriate for messages sent to multiple recipients. If A wanted to send a message M to recipients B ₁ ; B ₂ ; . . . ; B _n ( n > 1), she would have to build { M } k _Bi for each recipient B _i ( i = 1; . . . ; n ) individually. The resulting message would grow in proportion to the number of recipients. For example, if A wanted to send a 1-MB file to n = 4 recipients (B ₁ ; . . . ; B ₄ ), the resulting messages would fill 4 MB of data. Contrary to that, the use of digital envelopes considerably reduces this amount of data. If the public keys of the n = 4 recipients are 1,024 bits long each, the digitally enveloped message would sum up to 1 MB + 4 — 1 KB = 1.004 MB of data.

Consequently, the use of digital envelopes is almost always advantageous, as compared with public key cryptography used for bulk data encryption.