Incoming links: RSA (cryptosystem)
Complexity: NP-intermediate as of 2020:
- expected not to be NP-complete because it would imply NP != Co-NP: cstheory.stackexchange.com/questions/167/what-are-the-consequences-of-factoring-being-np-complete#comment104849_169
- expected not to be in P because "could we be that dumb that we haven't found a solution after having tried for that long?
The basis of RSA: RSA. But not proved NP-complete, which leads to:
This is natural question because both integer factorization and discrete logarithm are the basis for the most popular public-key cryptography systems as of 2020 (RSA and Diffie-Hellman key exchange respectively), and both are NP-intermediate. Why not use something more provenly hard?
- cs.stackexchange.com/questions/356/why-hasnt-there-been-an-encryption-algorithm-that-is-based-on-the-known-np-hard "Why hasn't there been an encryption algorithm that is based on the known NP-Hard problems?"
Encryption algorithms that run on classical computers that are expected to be resistant to quantum computers.
This is notably not the case of the dominant 2020 algorithms, RSA and elliptic curve cryptography, which are provably broken by Grover's algorithm.
However, as of 2020, we don't have any proof that any symmetric or public key algorithm is quantum resistant.
Post-quantum cryptography is the very first quantum computing thing at which people have to put money into.
The reason is that attackers would be able to store captured ciphertext, and then retroactively break them once and if quantum computing power becomes available in the future.
There isn't a shade of a doubt that intelligence agencies are actively doing this as of 2020. They must have a database of how interesting a given source is, and then store as much as they can given some ammount of storage budget they have available.
A good way to explain this to quantum computing skeptics is to ask them:Post-quantum cryptography is simply not a choice. It must be done now. Even if the risk is low, the cost would be way too great.
If I told you there is a 5% chance that I will be able to decrypt everything you write online starting today in 10 years. Would you give me a dollar to reduce that chance to 0.5%?
RSA vs Diffie-Hellman key exchange are the dominant public-key cryptography systems as of 2020, so it is natural to ask how they compare:
- security.stackexchange.com/questions/35471/is-there-any-particular-reason-to-use-diffie-hellman-over-rsa-for-key-exchange
- crypto.stackexchange.com/questions/2867/whats-the-fundamental-difference-between-diffie-hellman-and-rsa
- crypto.stackexchange.com/questions/797/is-diffie-hellman-mathematically-the-same-as-rsa
As its name indicates, Diffie-Hellman key exchange is a key exchange algorithm. TODO verify: this means that in order to transmit a message, both parties must first send data to one another to reach a shared secret key. For RSA on the other hand, you can just take the public key of the other party and send encrypted data to them, the receiver does not need to send you any data at any point.