The
voice encryption products that do key exchange cryptography use
two different encryption inside them to protect your calls.
-
The first encryption is called "Key exchange" and
have the purpose of sharing a common key known only by the two
SecVoice Secure Phone users and not by outsiders.
- After
the two users have a common shared key, the system will use
this common key and another encryption technology called "Symmetric
Encryption" to secure your voice communication.
When using two encryption technologies inside one product, we
must deal with this important question: What is the less secure
technology i am using inside? Because any attacker will choose
your weakness to defeat your security.
For
example:
-
If your system uses a weak key exchange and a strong symmetric
encryption, the attacker will choose the key exchange to defeat
you.
- If
your system uses a strong key exchange cryptography but have
a weaker symmetric encryption, you will be defeated by the
symmetric encryption weakness.
Your
less secure encryption will be your final security, because you
will be defeated more easily by your weakness.
The bellow table compares the symmetric encryption security with
two key exchange technologies used in the market today. One of
them is the Diffie-Hellman / RSA technology, and the other is
the Elliptic Curve Cryptography.
In the first column you will have the symmetric encryption key
lengths, and will be used as a reference. You will have more security
if you use bigger keys.
For each symmetric key length, you have the equivalent key sizes
that must be used by the key exchange technology to achieve the
same level of security of the symmetric encryption.
Symmetric
Encryption
key length |
RSA/Diffie
Hellman
key length |
Elliptic
Curve
key length |
| 80 |
1024 |
163 |
| 112 |
2048 |
224 |
| 128 |
3072 |
283 |
| 192 |
7680 |
409 |
| 256 |
15360 |
571 |
Taking
a look at this table, you will see in the last line that a 15.360
bits Diffie-Hellman has the same 571 bits Elliptic Curve security,
and both will have the same 256 bits symmetric key security.
Now we will compare our product with other products specifications
in the market.
| Key
Exchange |
Symmetric
encryption |
| 2048
bits Diffie-Hellman |
256
bits |
| Coments |
| The
Product-A has a 256 bits symmetric key length , but its 2048
bits Diffie-Hellman key exchange length brings the product
final security to only 112 bits. |
| Final
security |
|
112 bits of symmetric encryption security |
| Key
Exchange |
Symmetric
encryption |
| 4096
bits Diffie-Hellman |
256
bits |
| Coments |
| The
Product-B has a 256 bits symmetric key length , but its 4096
bits Diffie-Hellman Key exchange lenght will bring the final
product security below 160 bits. |
| Final
security |
| 160
bits of symmetric encryption security |
| Key
Exchange |
Symmetric
encryption |
| 571
bits Elliptic curve |
256
bits |
| Coments |
| SecVoice
Secure Phone has its key exchange and symmetric encryption
key length with the same final security, equivalent to a 256
bits symmetric encryption. |
| Final
security |
| 256
bits of symmetric encryption security |
We carefully choose the best of the key exchange
and symmetric encryption, using some of the best encryption technologies
available today.
|
|
Cryptography
