Encryption is the process of encoding data or information in such a way that only trusted or authorized recipients can read it. It does not prevent interception, but is effective in preventing its readability by unintended recipients. In the encryption process, plaintext information is encrypted using an algorithm which creates a ciphertext. This ciphertext looks like gibberish, but can be returned to the original plaintext through the process of decryption.
There are two main types of encryption: symmetric and asymmetric. Symmetric encryption is also known as “private-key” encryption. Asymmetric encryption is also known as “public-key” encryption.
This was the first type of encryption used, dating back to ancient times. The same key is used to encrypt and decrypt the data. It is fast and secure, but hard to share. The problem with symmetric key encryption is both parties have to share the same key without it being intercepted or lost to maintain integrity of the data or message. Examples of symmetric encryption include “ROT13” and the “Caeser Cypher”
Asymmetric, or “Public-Key”
Asymmetric encryption first appeared during the 1970s, although the principle of using mathematical “one-way” functions was first described in a book in 1874 by William Stanley Jevons. Its introduction made it much easier to share information between complete strangers, because the process actually involves two keys, a “public” and a “private key” – hence the term “Public Key encryption”. It relies on the principle that if data is encrypted with the “Public” key, it can only be decrypted with the “Private” key. These two keys form a key-pair, and they are mathematically linked together in such a way that it is computationally impractical to deduce the “Private” key if you obtain the “Public” key. It works on the mathematical principle that some types of problems are easier to solve in one direction than the other – a “one-way” function, as first described by Jevons in 1874. If one were to be asked to solve the problem 6*6*6=?, one could derive that the answer is 216 without having to resort to a calculator. If one were to be asked to solve the cube root of 216 without a calculator, many would baulk at the prospect, and it would take much longer than the original problem which generated the result. When these numbers are much, much larger it becomes very impractical to derive the answers, even for computers.
There are two well-known uses for public-key cryptography:
Public-Key Encryption – Data or information is encrypted with a person’s public key, which can then only be decrypted with that same person’s private key. This allows an outside party to encrypt information that only the recipient can decrypt without having to exchange keys before hand.Analogy:Let us say Chris owns a lightweight, metal box that he can send to anyone that wants to send him a private message. Chris mails the box to Kelly with an open padlock inside, but Chris keeps the key to the padlock on himself. Kelly receives the box, puts her letter inside, and then locks the box with the padlock. Kelly mails the box back and Chris is able to open the padlock and box with his key, allowing him to retrieve the private letter.
Digital Signatures – A message, often an email, can be signed with a sender’s private key, which can then be verified by the recipient with the sender’s public key.Analogy: If Chris were to send a letter to Kelly, but first put a wax seal, Kelly could then verify that Chris was the original sender.
With public-key encryption comes certificate authorities. Certificate authorities are third-party entities by which strangers can verify the authenticity of a person’s public key. Certificate authorities issue private and public keys to those requesting them, verify their identity, and act as a repository for created keys. We feel it should also be mentioned here that there is an alternative to trusting a central organization. There are “Webs Of Trust” in which people verify the physical identity and association of another individual to their public key.
These are the basics of encryption, both symmetric and asymmetric. It has to be said that almost all forms of encryption, given enough time and computing power, can be broken. What makes any particular type of encryption stronger than another is how impractical it is to make such an attempt. Given this, it is important that any implementation of a cryptographic implementation is able to change the underlying mathematical models used to generate and verify these keys if needed. This flexibility ensures that data security and integrity can be maintained in light of things such as the recent revelations from the leaked records of the NSA, plus further leaked details of groups such as “Hacking Team”. There is a true need for privacy among common citizens, so the use of encryption and a basic understanding of how it works, will become all the more important as time passes.
This article was co-authored by D.J. Moore (Twitter) and Jon Jeffels (Twitter). If you want to learn more feel free to reach out to either of them.