Editing Cryptanalysis (section)

==Asymmetric ciphers==
[[Asymmetric cryptography]] (or [[public-key cryptography]]) is cryptography that relies on using two (mathematically related) keys; one private, and one public. Such ciphers invariably rely on "hard" [[mathematical problem]]s as the basis of their security, so an obvious point of attack is to develop methods for solving the problem. The security of two-key cryptography depends on mathematical questions in a way that single-key cryptography generally does not, and conversely links cryptanalysis to wider mathematical research in a new way.<ref>{{Cite web |date=2025-03-21 |title=Cryptology - Cryptanalysis, Encryption, Decryption {{!}} Britannica |url=https://www.britannica.com/topic/cryptology/Cryptanalysis |access-date=2025-04-28 |website=www.britannica.com |language=en}}</ref>

Asymmetric schemes are designed around the (conjectured) difficulty of solving various mathematical problems. If an improved algorithm can be found to solve the problem, then the system is weakened. For example, the security of the [[Diffie–Hellman key exchange]] scheme depends on the difficulty of calculating the [[discrete logarithm]]. In 1983, [[Don Coppersmith]] found a faster way to find discrete logarithms (in certain groups), and thereby requiring cryptographers to use larger groups (or different types of groups). [[RSA (cryptosystem)|RSA]]'s security depends (in part) upon the difficulty of [[integer factorization]] – a breakthrough in factoring would impact the security of RSA.<ref>{{Cite journal |last=Coppersmith |first=Don |date=4 July 1984 |title=Fast Evaluation of Logarithms in Fields of Characteristic Two |url=https://pages.cs.wisc.edu/~cs812-1/coppersmith.pdf |journal=IEEE Transactions on Information Theory |volume=IT-30 |issue=4 |pages=587–594|doi=10.1109/TIT.1984.1056941 }}</ref>

In 1980, one could factor a difficult 50-digit number at an expense of 10<sup>12</sup> elementary computer operations. By 1984 the state of the art in factoring algorithms had advanced to a point where a 75-digit number could be factored in 10<sup>12</sup> operations. Advances in computing technology also meant that the operations could be performed much faster. [[Moore's law]] predicts that computer speeds will continue to increase. Factoring techniques may continue to do so as well, but will most likely depend on mathematical insight and creativity, neither of which has ever been successfully predictable. 150-digit numbers of the kind once used in RSA have been factored. The effort was greater than above, but was not unreasonable on fast modern computers. By the start of the 21st century, 150-digit numbers were no longer considered a large enough [[key size]] for RSA. Numbers with several hundred digits were still considered too hard to factor in 2005, though methods will probably continue to improve over time, requiring key size to keep pace or other methods such as [[elliptic curve cryptography]] to be used.{{Citation needed|date=April 2012}}

Another distinguishing feature of asymmetric schemes is that, unlike attacks on symmetric cryptosystems, any cryptanalysis has the opportunity to make use of knowledge gained from the [[public key]].<ref>{{cite book|last=Stallings|first=William|title=Cryptography and Network Security: Principles and Practice|year=2010|publisher=Prentice Hall|isbn=978-0136097044}}</ref>