Cryptography Techniques

Encryption - What is it and how does it work?

Encryption is esentially the transformation of meaningful data into non-meaningful data for the purposes of transportation so that anyone without a secret decryption key can not read the original meaningful data unless they are the intended recipient of the data.

Privacy is ensured by keeping the information hidden from anyone for whom it is not intended, even those who can see the encrypted (meaningless) data. As a simple example it is possible to encrypt files on a hard disk to prevent intruders from reading them.

However, when the environment, where data is exchanged, has many people transferring data within it, the risks of intruders, be they passive (attempting to read the data) or active (attempting to corrupt the data), increases to the point of justifying that all data packets leaving a particular node need to be encrypted.

Encryption allows secure communication over an insecure data comunications channel. It works as follows:

A secure Cryptosystem is one where the plaintext cannot be recovered from the ciphertext without using the decryption key.

Symmetric Cryptosystem

Here, the same single key is used as both the encryption key and the decryption key.

Secret-key cryptography

Secret-key cryptography is a very straightforward agreement between sender and receiver a message. Each party knows and uses the same secret key.

It works very simply:

This form of cryptography has one hugely insecure factor. How to keep the 'secret' key as a secret! The sender and receiver must agree on the secret key (usually text of some form, similiar to a login password) without any other party finding out.

If they are in separate physical locations, communication is required to agree on the key. They must trust a courier, the phone system, or some other transmission system to ensure that the secret key being communicated is not disclosed to anyone else but the two parties.Anyone who overhears or intercepts the key while in transit is capable of decrypting and thus reading all messages encrypted using that key.

Key management

This is the generation, transmission and storage of keys. All cryptosystems have to deal with key management issues. Secret-key cryptography often has difficulty providing secure key management due to the insecurity of agreeing on a secret key in the first place.

Public-key cryptography

Diffie and Hellman solved the key management problem in 1976 by inventing Public-key cryptography. This cryptosystem is based on the idea that each person gets a pair of keys, called a public key and a private key. Every user gets their public key published but the private key is kept secret. So the sender and receiver need not have to agree on, and communicate secret information (ie a key).

All communication involves public keys only. No private key is ever transmitted or shared. So trusting some communications channel to be secure against eavesdropping or betrayal is no longer an issue. The most important requirement is that no party can figure out the private key from the corresponding public key.

Any sender can send a confidential message just using the intended recipient's public key, but it can only be decrypted with the private key solely in the possession of the receiver.

Furthermore, public-key cryptography aswell as being used for privacy (encryption), can also be used for authentication (digital signatures - discussed below).

How Public-key cryptography functions:

RSA - An example of a public-key cryptosystem

RSA was invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. It is a public-key cryptosystem used for the purposes of both encryption and authentication.

The RSA Algorithm

It is presumed to be too difficult to obtain the private key d from the public key (n,e). This is the fundamental irony of RSA. We could call this both a flaw and an adequately good enough security measure. If an intruder could factor n into p and q, then he could obtain the private key d.

So the entire security of RSA is predicated on the assumption that factoring (of two very large primes) is difficult. In theory an easy factoring method would ``break'' RSA.

RSA privacy (encryption)

Authentication and Digital signatures

While encryption dates back to the times of Caesar, digital signatures are more recent. This is due to the proliferation of digital communications and in this context the exponential growth of the Web.

Authentication is the use of digital signatures and holds the same function and meaning for digital documents as handwritten signatures do for printed documents. In paper and ink terms, a signature is an unforgeable piece of information unique to a particular person who has written or has agreed with the contents of the document where their signature is attached.

The recipient (as well as a third party) can verify that the document did originate from the person whose signature is attached and also that the document has not been tampered with since it was signed and dispatched.

The same concepts hold for electronic messages. Authentication in the context of Web Security is where the receiver of a digital data message can be confident of the identity of the sender and of the validity of the message.

Popular examples of authentication protocols in use today are: secret-key cryptosystem: DES, public-key system: RSA (detailed below) Authentication in public-key systems uses digital signatures.

All secure cryptosystems consist of two parts: The method of signing the document at the senders end, making forgery an impossibility, and the method of verifying that the signature was actually generated by the real sender, at the receivers end.

Public-key cryptography for the purposes of authentication works as follows

So it would seem that there is no way secure digital signatures can be the cause of conflict. The signer of a document would never be able to disown it by later claiming it was forged.

RSA authentication (digital signature writing)

So in keeping with public-key principles, encryption and authentication take place without any sharing of private keys. Each person uses only other people's public keys and his or her own well guarded private key.

Again anyone can send an encrypted message or verify a signed message, using only public keys, but only someone in possession of the correct private key can decrypt or sign a message.

Public-key cryptography versus Secret-key cryptography
The advantages and disadvantages: Encryption combining public keys and secret keys

In order to utilise both the security advantages of public-key systems, and the speed advantages of secret-key systems, the solution is to combine public- and secret-key systems.

Initially the public-key system can be used to encrypt a secret key. The secret is probably small in size, so speed of encryption is not important. Once such a key has been securely communicated between patries, it is then used to encrypt a complete file or message. This may be large in size, but the sender and receiver have the assurance that it is being encrypted as quickly as possibly and that the secret-key has been shared using a sound secure method. This is indeed the case in RSA.

Conclusion

Public-key cryptography is not meant to replace secret-key cryptography, but rather to supplement it, to make it more secure. The first use of public- key techniques is for secure key exchange in an (otherwise) speedy secret-key system. Hence secret-key cryptography is still extremely important.