Overview of Cryptographic Techniques: Symmetric/Asymmetric Encryption, Hash Functions, MACs, Digital Signatures, and Certificates

Symmetric and Asymmetric Encryption

Encryption algorithms can be divided into symmetric encryption, which uses the same key for encryption and decryption, and asymmetric (public‑key) encryption, which uses a public key to encrypt and a private key to decrypt.

Symmetric encryption requires secure key distribution, while asymmetric encryption is slower.

Key Distribution Problem in Symmetric Encryption

When sender A wants to send an email to receiver B using symmetric encryption, A must deliver the secret key to B without exposing it to eavesdropper C; sending the key together with the ciphertext would allow C to decrypt the message.

Hybrid Cryptosystem

A hybrid system combines the speed of symmetric encryption with the key‑distribution advantages of asymmetric encryption: the message is encrypted with a fast symmetric cipher, and the symmetric key itself is encrypted with the receiver’s public key, solving the key‑distribution problem.

One‑Way Hash Functions

Hash (message‑digest) functions produce a fixed‑size hash value from arbitrary input, allowing integrity verification because any change to the input yields a different hash.

The hash value is also called a message digest or fingerprint; the function essentially “chops” a long message into a fixed‑length value.

Limitations

While hashes can detect tampering, they cannot authenticate the sender; an attacker can forge a message with a valid hash, requiring additional mechanisms such as MACs or digital signatures.

Message Authentication Code (MAC)

A MAC is a keyed hash function that provides integrity and authenticity when the sender and receiver share a secret key.

Usage Steps

(1) A and B share a secret key. (2) A computes the MAC of the message using the key. (3) A sends the message and MAC to B. (4) B recomputes the MAC on the received message. (5) B compares the two MAC values. (6) If they match, B trusts that the message came from A.

Remaining Key‑Distribution Issue

Because the secret key must be shared, an attacker who obtains it can generate valid MACs, so public‑key techniques or a key‑distribution center are needed to solve this problem.

MAC vs. Symmetric Encryption Authentication

MACs cannot be used to prove authenticity to third parties, and they do not prevent denial because both parties hold the same key.

Problems MAC Cannot Solve

Third‑Party Proof

Only the holder of the secret key can compute the MAC, so a verifier cannot be sure which party generated it.

Non‑Repudiation

The sender can deny having sent the message because the receiver also knows the key and could have forged the MAC.

Digital Signature

A digital signature is a piece of data that only the sender can generate (using a private key) and that serves as proof of the sender’s identity.

It combines asymmetric encryption with hash functions.

Signature Generation and Verification

Generation is performed by the sender using their private key; verification is performed by the receiver (or any third party) using the sender’s public key.

In public‑key cryptography, the encryption key and decryption key are separate; digital signatures “reverse” this usage.

Signature Process

1. A creates a key pair (public and private). 2. A hashes the message and encrypts the hash with the private key to produce the signature. 3. A sends the message and signature to B. 4. B uses A’s public key to decrypt the signature, obtaining the hash. 5. B hashes the received message and compares the two hashes; a match means the signature is valid.

Advantages over MAC

Digital signatures provide non‑repudiation and can be verified by third parties because only the private‑key holder can create a valid signature.

Certificates

A public‑key certificate, issued by a Certificate Authority (CA), binds a public key to its owner’s identity.

Use Cases

1. B generates a key pair. 2. B registers its public key with CA D. 3. D signs B’s public key, creating a certificate. 4. A obtains B’s certified public key. 5. A verifies the certificate using D’s public key. 6. A encrypts data with B’s public key and sends it. 7. B decrypts with its private key.

Comparison of Cryptographic Techniques

Symmetric vs. Asymmetric Encryption

Symmetric Encryption

Public‑Key Encryption

Sender

Encrypts with shared key

Encrypts with public key

Receiver

Decrypts with shared key

Decrypts with private key

Key Distribution Problem

Exists

Does not exist

Confidentiality

Guaranteed

Guaranteed

MAC vs. Digital Signature

Message Authentication Code (MAC)

Digital Signature

Sender

Computes MAC with shared key

Generates signature with private key

Receiver

Computes MAC with shared key

Verifies signature with public key

Key Distribution Problem

Exists

Does not exist (but public key must be verified)

Integrity

Ensured

Ensured

Authentication

Ensured (only between the two parties)

Ensured (can involve third parties)

Non‑Repudiation

Not guaranteed

Guaranteed

References

Illustrated Cryptography (《图解密码学》)

Source: https://qiuzhenyuan.github.io/2017/09/24/常用密码学技术/