16

This is a soft question. I don't know a lot about cryptography or its history, but it seems like a common use for RSA is to do key exchange by encrypting a symmetric key to send a longer message (e.g., the description of iMessage here). Isn't this exactly the thing that Diffie-Hellman key exchange, which is older (and to me seems simpler) is for? Looking at Wikipedia, they were also both patented, so this wouldn't have been responsible for the choice.

To be clear, I'm not asking whether it's theoretically important that public key cryptography is possible. I'm asking why it became a standard method in practice for doing key exchange. (To a non-cryptographer, DH looks easier to implement, and also isn't tied to the details of the group used.)

Louis
  • 2,946
  • 17
  • 25

4 Answers4

14

There is no strong technical reason. We could have used Diffie-Hellman (with appropriate signatures) just as well as RSA.

So why RSA? As far as I can tell, non-technical historical reasons dominated. RSA was patented and there was a company behind it, marketing and advocating for RSA. Also, there were good libraries, and RSA was easy to understand and familiar to developers. For these reasons, RSA was chosen, and once it was the popular choice, it stayed that way due to inertia.

These days, the main driver that has caused an increase of usage of Diffie-Hellman is the desire for perfect forward secrecy, something that is easy to achieve by using Diffie-Hellman but is slower with RSA.

Incidentally: It's Diffie-Hellman key exchange, not Diffie-Hellman secret sharing. Secret sharing is something else entirely.

D.W.
  • 167,959
  • 22
  • 232
  • 500
10

Diffie–Hellman lacks a crucial feature: authentication. You know you are sharing a secret with someone, but you can't know if it's the recipient or a man in the middle. With RSA, you may have a few trusted parties who store public keys. If you want to connect to your bank, you can ask the trusted party (let's say Verisign) for the bank's public key, as you already have the public key of the trusted party on your computer. You know therefore that you are sharing a secret with your bank.

With Diffie–Hellman, when you create a secret with your bank, you may in fact create a secret with a man in the middle (MITM), who also create one with your bank, and he just has to translate from one encryption key to the other to remain invisible (while being able to read the whole communication).

David Richerby
  • 82,470
  • 26
  • 145
  • 239
Jacen
  • 1,050
  • 8
  • 14
-2

The RSA Algorithm as previously mentioned is not that much better than Diffie–Hellman, the latter just lacks authentication also both the algorithms depend on the difficulty in finding discrete logarithms so security wise they are both pretty similar.

Ronak Khandelwal
  • 1
-3

There is a dark side to this which cannot be overlooked.
The fact that the RSA was co-opted by the NSA.
The NSA planted a backdoor in the Eliptic Curve cyhper which it supplied to the RSA.
http://www.intelligence-world.org/nsa-infiltrated-rsa-security-more-deeply-than-thought-study/

John Hoffmann
  • 1