为什么公钥算法很慢?
我正在学习测试,但我仍然不明白为什么公钥算法比对称算法慢得多。
I'm studying for a test and I'm still didn't get it why public key algorithms are way slower than symetric algorithms.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
公钥加密是非对称加密,其中的区别在于使用了额外的加密密钥。
对称算法使用“共享秘密”,其中两个系统各自使用单个加密货币加密和解密通信的密钥。
公钥加密不使用单个共享密钥,而是使用数学密钥对:公钥和私钥。在该系统中,通信使用公钥加密并使用私钥解密。这是维基百科上更好的解释:
计算开销非常明显:公钥可用于其暴露的任何系统(例如,互联网上的公钥系统将公钥暴露给整个互联网)。作为补偿,公钥和私钥都必须很大,才能确保更强的加密级别。然而,结果是更强的加密级别,因为私有解密密钥(到目前为止)无法从公共加密密钥进行逆向工程。
还有更多因素可以影响公钥基础设施的“速度”(公钥基础设施)。由于该系统的问题之一是信任,因此大多数实现都涉及证书颁发机构 (CA),它们是受信任的实体,可以委托密钥对并验证密钥的“身份”。
总结一下:更大的加密密钥大小、两个加密密钥而不是一个,以及引入证书颁发机构:额外的 DNS 查找和服务器响应时间。
正是由于这种额外的开销,大多数实现都受益于混合算法,其中公钥和私钥用于生成会话密钥(很像对称算法中的共享秘密),以获得两全其美的效果。
Public-key cryptography is a form of asymmetric cryptography, in which the difference is the use of an extra cryptographic key.
Symmetric algorithms use a "shared secret" in which two systems each use a single cryptographic key to encrypt and decrypt communications.
Public-key cryptography does not use a single shared key, instead it uses mathematical key-pairs: a public and private key. In this system the communications are encrypted with the public key and is decrypted with the private key. Here is a better explanation from Wikipedia:
The computational overhead is then quite obvious: the public key is available to any system it's exposed to (a public-key system on the internet, for example exposes the public-key to the entire internet). To compensate, both public and private keys will have to be quite large to ensure a stronger level of encryption. The result, however, is a much stronger level of encryption, as the private decryption key (so far) cannot be reverse-engineered from the public encryption key.
There is more that can affect the "speed" of a public-key infrastructure (PKI). Since one of the issues with this system is trust, most implementations involve a certificate authority (CA), which are entities that are trusted to delegate key pairs and validate the keys' "identity".
So to summarize: larger cryptographic key sizes, two cryptographic keys instead of one, and with the introduction of a certificate authority: extra DNS look-ups, and server response times.
It's because of this extra overhead that most implementations benefit from a hybrid algorithm, where the public and private keys are used to generate a session key (much like a shared secret in symmetrical algorithms) to gain the best of both worlds.
公钥算法依赖于“陷门”计算,这种算法的加密计算成本很高,而使用密钥解密则计算困难。如果第一步太简单(与速度相关),第二步就会变得不那么困难(更容易破碎)。因此,公钥算法往往是资源密集型的。
私钥算法在加密阶段就已经拥有秘密,因此它们不必像具有公共秘密的算法那样做那么多工作。
上述内容过于笼统,但应该能让您了解相对速度差异背后的原因。话虽这么说,私钥算法可能很慢,而公钥算法可能具有高效的实现。细节决定成败:-)
Public key algorithms rely on "trapdoor" calculations, ones that are computationally expensive to encrypt and computationally intractable to decrypt with the secret key. If the first step is too easy (which correlates with speed), the second step becomes less hard (more breakable). Consequently, public key algorithms tend to be resource intensive.
Private key algorithms already have the secret during the encryption phase, so they don't have to do as much work as an algorithm with a public secret.
The above is an over-generalization but should give you a feel for the reasons behind the relative speed differences. That being said, a private key algorithm can be slow and a public key algorithm may have an efficient implementation. The devil is in the details :-)
加密和密钥方法是一个非常深刻和复杂的话题,只有世界上最聪明的数学头脑才能完全理解,但也有大多数人可以理解的顶级观点。
主要区别在于,对称算法需要比非对称 (PKI) 方法小得多的密钥。因为对称算法工作在“共享秘密”(例如
abcd1234)上,该秘密在可信通信方法内传输(例如,我将给您打电话并要求您提供共享秘密)秘密)那么他们不需要,只要他们依赖其他安全方法(即我相信你不会告诉任何人)。PK 基础设施涉及通过互联网、不可信空间发送“密钥”,并涉及使用巨大的素数和大量密钥(例如 1024 位或 2048 位,而不是 128 或 256 位)。
一般经验法则是 PKI 方法比对称密钥慢大约 1,000 倍。
Encryption and keying methods are a very deep and complex topic that only the smartest mathematical minds in the world can fully understand, but there are top-level views that most people can understand.
The primary difference is that symmetric algorithms require a much, much smaller key than asymmetric (PKI) methods. Because symmetric algorithms work on a "shared secret" (such as
abcd1234) which is transferred inside a trusted communication method (for example, I'm going to call you on the telephone and ask you for the shared secret) then they don't need to be as long as they rely on other methods of security (i.e. I trust you not to tell that to anyone).PK infrastructure involves sending that "key" over the internet, over un-trusted space, and involves using huge prime numbers and massive keys (1024-bit or 2048-bit rather than 128 or 256-bit for example).
A general rule of thumb is that PKI methods are approximately 1,000 times slower than a symmetric key.