2.5 Asymmetric Keys and Authentication
Asymmetric authentication algorithms also change the security model for signatures compared with message authentication codes. A program originating data that it wants to authenticate can send, along with that data, the same data transformed under a private key and make known the corresponding public key. (Note: Which key is public and which is private is the reverse of the confidentiality case mentioned earlier.) Then, anyone with access to the sender's public key can verify the message using the plain text and transformed text, and determine that it comes from the senderonly the sender should have the necessary private key. This technique solves the two problems mentioned in Section 2.2 for MAC symmetric key distribution, but brings the same two new problems listed in Section 2.4, efficiency and public key trust, for public key confidentiality.
Section 2.6 on digital signatures discusses ways to handle the issue of asymmetric cipher algorithm efficiency. Section 2.7 describes the use of certificates to address the critical problem of determining which public key to use.
N-bit asymmetric keys for asymmetric algorithms are usually much weaker than the corresponding-size keys for symmetric algorithms. For example, a 2400-bit asymmetric RSA key is generally considered to only be as strong as a 112-bit triple DES symmetric cipher key [Orman] while a 112-bit asymmetric key would, for many asymmetric algorithms, be quite weak. This issue does not create a problem as long as you use large enough asymmetric keys to compensate.