Chapter 3 Cryptography 89
Choosing Algorithms
Digital envelopes are more convenient when the contact between nodes is not
interactive, such as email. One node can send a message to another without waiting
for the other node to respond.
To thwart man-in-the-middle attacks, authentication by digital signatures should be
built into any communication system.
Secret Sharing and Key Escrow
Also known as emergency access, secret sharing and key escrow both allow for
recovery of keys by parties other than the owner. Without some form of emergency
access, data that is encrypted using a session key that is itself protected by password-
based encryption is inaccessible or even lost if the owner forgets the password or is
unavailable.
To enable recovery using key escrow, you can encrypt all session keys with a security
officers RSA public key. Any time access is required, the officer can decrypt the
session key with the appropriate RSA private key. This method is the easiest to
implement and execute. However, it requires trust in the security officer not to abuse
this power, and it requires that a single individual be available.
With secret sharing, access can be split among several individuals, with
reconstruction requiring a threshold number of shares. In this way, if one or more of
the individuals are not available, it is still possible to recover the data. In addition,
secret sharing contains some level of checks and balances: no one can recover data
without at least one other individual knowing about it.
Elliptic Curve Algorithms
Elliptic curve cryptosystems have recently come into strong consideration,
particularly by standards developers, as alternatives to established standard
cryptosystems such as the RSA cryptosystem, Diffie-Hellman, and DSS. Elliptic curve
cryptosystems have a number of interesting properties, which may make them
appropriate tools for meeting security requirements in some cases, and not in others.
From a cryptographic perspective, the primary motivation for development of elliptic
curve cryptosystems is that they are based on a different hard mathematical problem
than established systems, and appear to have a reasonable expectation of security,
without significant additional cost. In particular, in certain applications, elliptic curve
cryptosystems can provide security where other systems currently do not fit.
However, the range of applications where they make a significant difference is