[Cryptography] Why prefer symmetric crypto over public key crypto?

ianG iang at iang.org
Sat Sep 7 03:57:07 EDT 2013

On 7/09/13 09:05 AM, Jaap-Henk Hoepman wrote:
>> Public-key cryptography is less well-understood than symmetric-key cryptography. It is also tetchier than symmetric-key crypto, and if you pay attention to us talking about issues with nonces, counters, IVs, chaining modes, and all that, you see that saying that it's tetchier than that is a warning indeed.
> You have the same issues with nonces, counters, etc. with symmetric crypto so I don't see how that makes it preferable over public key crypto.

It's a big picture thing.  At the end of the day, symmetric crypto is 
something that good software engineers can master, and relatively well, 
in a black box sense.  Public key crypto not so easily, that requires 
real learning.  I for one am terrified of it.

Therefore, what Bruce is saying is that the architecture should 
recognise this disparity, and try and reduce the part played by public 
key crypto.  Wherever & whenever you can get part of the design over to 
symmetric crypto, do it.  Wherever & whenever you can use the natural 
business relationships to reduce the need for public key crypto, do that 


ps; http://iang.org/ssl/h2_divide_and_conquer.html#h2.4

More information about the cryptography mailing list