[Cryptography] WhatsApp: Why asymmetric key instead of symmetric keys?

[Ismail Kizir]

> I don't plan to use Curve25519 for stored data encryption or long term authentication credentials. I will use Curve 448.

I haven't tested Curve 448 yet.

>At this point it seems most likely that someone will find a way to build a sufficiently large quantum computer to break RSA before they manage the next breakthrough in number theory to break >public key systems algorithmically or the computers get fast enough to break RSA2048.

This is one the things I am concerned about.
And NSA itself, proves it. From 128, 256, 512s bits to 2048 ... Now,
they say below 2048 bit is not considered secure. I am using 4096 bits
on my system for asymmetric encryption. But it is really very slow,
and, as you've told, breaking 2048 is just a matter of time.   Above
4096 is not feasible.
I think we all agree RSA served well in its lifetime and it's time to
migrate to another algorithm.
For the moment, I am going to enjoy "abusing" processor power of
client phones and keep using RSA 4096 for asymmetric key operations,
and use 2048 bits PSKs whenever possible.
I don't want to lie to my clients. I am going to tell them all the
risks of using my software without PSKs, and that, even with PSKs
nothing is sure.

Personal privacy is a constitutional right. My goal is just to avoid
mass surveillance and protection of the communication channel. About
the concerns of terrorism or any other illegal activities, I've found
a moderate way: I don't make any encryption and or any special data
wiping on clients phone. If any legal entity has doubts about one of
the users, they can confiscate the phone with an official court order
and access all the data.


On Thu, Apr 28, 2016 at 6:08 PM, Phillip Hallam-Baker
<phill at hallambaker.com> wrote:
>
>
> On Wed, Apr 27, 2016 at 11:18 PM, Ismail Kizir <ikizir at gmail.com> wrote:
>>
>> >>What problem would that solve?  The asymmetric keys work fine.
>>
>> I also thought about using curve25519.
>> I downloaded it. Tested it. It is really simple to use.
>> But only 256 bits key space??
>> You are developing a "new" algorithm in 2016; and you are using a
>> fixed 256 bit key space.
>> It's surely enough for %99 percent of attackers. But, I am not sure
>> about resourceful attackers in long term.
>
>
> The work factor is well over 2^128 which is the baseline for security these
> days. The IETF is currently adding support for Curve25519 and Curve448 to
> all their active security protocols.
>
> Curve 448 offers a workfactor believed to be greater than 2^256 which is the
> highest we bother with. that being of the order of the number of atoms in
> the universe.
>
>
>>
>> Personal privacy is a very important subject.
>> A lot of people think about criminal cases.
>> I think about mass surveillance, storage and future decryption.
>> One day, one of our children will be the president and other one's
>> will be prime minister. It will be be in 20-30 years later.
>> I don't want when that day comes, someone resourceful who stored all
>> "most private" information about our children deciphers all those
>> information and use it against our children.
>> Every detail; from the first innocent love declaration to most
>> intimate secrets are transmitted via messaging  applications nowadays.
>> Maybe, I am ignorant, or paranoid. Maybe.
>> But I always prefer using strong symmetrical algorithms with enough
>> large key space whenever possible.
>
>
> I don't plan to use Curve25519 for stored data encryption or long term
> authentication credentials. I will use Curve 448.
>
> That said, we have a much bigger problem with public key systems in general
> and quantum computing. We have to start planning a fallback in case they
> fail.
>
> At this point it seems most likely that someone will find a way to build a
> sufficiently large quantum computer to break RSA before they manage the next
> breakthrough in number theory to break public key systems algorithmically or
> the computers get fast enough to break RSA2048.
>