# Posts Tagged ‘public key

### Limitations of Modern Cryptosystems

Before exploring quantum key distribution, it is important to understand the state of modern cryptography and how quantum cryptography may address current digital cryptography limitations. Since public key cryptography involves complex calculations that are relatively slow, they are employed to exchange keys rather than for the encryption of voluminous amounts of date. For example, widely deployed solutions, such as the RSA and the Diffie-Hellman key negotiation schemes, are typically used to distribute symmetric keys among remote parties. However, because asymmetric encryption is significantly slower than symmetric encryption, a hybrid approach is preferred by many institutions to take advantage of the speed of a shared key system and the security of a public key system for the initial exchange of the symmetric key. Thus, this approach exploits the speed and performance of a symmetric key system while leveraging the scalability of a public key infrastructure.

However, public key cryptosystems such as RSA and Diffie-Hellman are not based on concrete mathematical proofs. Rather, these algorithms are considered to be reasonably secure based on years of public scrutiny over the fundamental process of factoring large integers into their primes, which is said to be “intractable”. In other words, by the time the encryption algorithm could be defeated, the information being protected would have already lost all of its value. Thus, the power of these algorithms is based on the fact that there is no known mathematical operation for quickly factoring very large numbers given today’s computer processing power.

Secondly, there is uncertainty whether a theorem may be developed in the future or perhaps already available that can factor large numbers into their primes in a timely manner. At present, there is no existing proof stating that it is impossible to develop such a factoring theorem. As a result, public key systems are thus vulnerable to the uncertainty regarding the future creation of such a theorem, which would have a significant affect on the algorithm being mathematical intractable. This uncertainty provides potential risk to areas of national security and intellectual property which require perfect security.

In sum, modern cryptography is vulnerable to both technological progress of computing power and evolution in mathematics to quickly reverse one way functions such as that of factoring large integers. If a factoring theorem were publicized or computing became powerful enough to defeat public cryptography, then business, governments, militaries and other affected institutions would have to spend significant resources to research the risk of damage and potentially deploy a new and costly cryptography system quickly.

### Encrypting XML Messages

The following instructions describe how to encrypt outgoing responses for a handler or basic virtual service object. You can also configure encryption for service descriptors, in which case the outgoing request is encrypted. The procedure is similar to that described here.

To set up encryption of outgoing responses:

**Step 1**

While logged on to the console as an Administrator user or as a Privileged user with the Routing role, click Virtual Services link in the navigation menu.

**Step 2**

Click the name of the virtual service object for which you want to configure XML encryption.

As mentioned, for XML encryption controls to be enabled for the service definition, its message specification must indicate that it is XML data. It cannot be raw byte data, for example, which is the default for non-SOAP HTTP service definitions. The Response Message Specification pane indicates how the message content is treated, whether as XML or as raw byte. If necessary, change message-body handling settings by:

- Clicking the Edit link in the heading of the Response Message Specification subsection of the Outgoing Response section of the page.
- Use the editor’s controls to specify that the handler treat the bodies of outgoing response messages as XML.
- Click
**Save Changes**.

**Step 3**

In the service definition settings page, specify content encryption by clicking the Add Encryption Listor the Enable link in the XML Encryption pane of the message processing section.

**Step 4**

In the XML Encryption configuration page, use the following controls to specify how encryption occurs:

- For SOAP Role. The SOAP role of the intended consumer of the encrypted data, if any.
- Transport with Public Key. The public key to use to encrypt the outgoing response, from these options:

- The public key attribute of the consumer that sent the original request message
- The public key used to sign the original request message.
- A public key set by an extension created with the ACE XML Gateway SDK. This is onlyavailable if any extensions are on the ACE XML Manager. This ability is useful if an extension performs client authentication and it has access to the user’s public key, which can then be used in message processing.
- Any public key that a Consumer Certificate Resource provides to the ACE XML Manager. The Upload button allows you to add as a named Consumer Certificate Resource an XML certificate or keypair from the local file system or by URL.

**Encryption Algorithm**. The algorithm to use to encrypt the message: 3DES, AES-256, AES-192, AES-128**Transport Cipher**. The cipher used to encrypt transported packets: RSA-PKCS#1 or RSA-OAEP.**Encryption Type**. Whether to encrypt the entire elements specified (including XML tag) or onlythe contents of elements.**XML Argument (for HTTP messages)**. Whether to extract elements from a message body or from an argument.**Encrypt Elements**. An XPath expression that selects elements to encrypt. To encrypt multiple elements, click Add New XPath Row.

You can create as many XPath expressions as necessary to select elements to encrypt. For SOAP services, if the expression matches multiple elements in the message, all are encrypted. For HTTP post body, only the first element is matched.

### Future Benefits of Quantum Computers

**1. Cryptography and Peter Shor’s Algorithm**

In 1994 Peter Shor (Bell Laboratories) found out the first quantum algorithm that, in principle, can perform an efficient factorization. This became a complex application that only a quantum computer could do. Factoring is one of the most important problems in cryptography. For instance, the security of RSA (electronic banking security system) – public key cryptography – depends on factoring and it is a big problem. Because of many useful features of quantum computer, scientists put more efforts to build it. However, breaking any kind of current encryption that takes almost centuries on existing computers, may just take a few years on quantum computer.

**2. Artificial Intelligence**

It has been mentioned that quantum computers will be much faster and consequently will perform a large amount of operations in a very short period of time. On the other side, increasing the speed of operation will help computers to learn faster even using the one of the simplest methods – mistake bound model for learning.

**3. Other Benefits**

High performance will allow us in development of complex compression algorithms, voice and image recognition, molecular simulations, true randomness and quantum communication. Randomness is important in simulations. Molecular simulations are important for developing simulation applications for chemistry and biology. With the help of quantum communication both receiver and sender are alerted when an eavesdropper tries to catch the signal. Quantum bits also allow more information to be communicated per bit. Quantum computers make communication more secure.