+---+ +---+
plaintext --->| E |---> ciphertext --->| D |---> plaintext
+---+ +---+
^ ^
| |
Ke Kd
ciphertext = E(p, Ke) plaintext = D(ciphertext, Kd)
= D( E(plaintext, Ke), Kd)
The process starts with the plaintext that is to be protected. The plaintext was limited to very simple text for most of the history of cryptography. With the creation of electrical machine cryptography, the plaintext was often limited to being expressed in a very constrained alphabet — no digits, just letters, sometimes with relatively unneeded characters left out (Q, or J in some languages), and with no distinction of upper versus lower case. The plaintext alphabet was usually more constrained than the Morse code or other telegraphy used to transmit the ciphertext.
With the cultural shift in the use of computer network communication, the plaintext these days is often non-text data — multimedia such as image, sound, and video files; complex and bulky non-ASCII file formats such as those used by Open Office and Microsoft Office; or even an archive containing an entire directory structure of multiple files of various data types.
However, we do not care about the internal format, if any, and the intended use. It's all simply plaintext to be protected.
The encryption operation uses some cipher algorithm E that always functions with the same general principles. However, its operation in this case is modified by the encryption key, Ke.
The resulting ciphertext is then transmitted across a network or stored on some media, in both cases with the possibility that an attacker will be able to get a copy of the ciphertext.
At the far end of the communication channel, or in the future when we want to recover the plaintext from the stored ciphertext, a corresponding decryption operation D applies the appropriate reverse algorithm, as directed by the decryption key, Kd.
Auguste Kerckhoffs mathematically proved that the security of a cryptosystem must not depend on keeping its algorithm secret [See his article "La cryptographie militaire", in Journal des sciences militaries, vol IX, pp 5-38, Jan 1883]. That means that an attacker will know the details of all the useful ciphers, and will be able to guess which one we are using. If we chose a good cipher algorithm E, we can feel comfortable about the security as long as:
Joseph Rochefort, USN cryptanalyst during WWII.
Let's say that you encrypt some plaintext using today's key. Maybe this is routine report sent on a fixed schedule: ALL QUIET ON THE WESTERN FRONT. Later in the day, therefore using the same key, you need to encrypt the same plaintext message. The problem is that the two ciphertexts will be identical.
An attacker could use traffic analysis to spot the identical ciphertexts and correlate that with observations. This was used by the U.S. Navy cryptanalysis effort during World War II in the Pacific Theater to derive information about planned Japanese ship movements when the cipher or code itself could not yet be broken.
The fix to this is to add an initialization vector or IV to the plaintext to randomize the input to the encryption operation. Ciphers can be used in various chaining modes, where the operation applied to some block of input depends not only on the key but also on the preceding block of input (plaintext) or output (ciphertext). The IV therefore primes the cipher, getting it into some random state before encrypting that identical plaintext with today's fixed key.
The IV needs to be different for every message sent, but it does not need to be kept secret in a well-designed cryptosystem. So, if messages need to be sent no more often than once per second, a useful IV might be the number of seconds elapsed since some epoch, perhaps 00:00:00 UTC 1 January 1970 (as time is reckoned in Unix), or 00:00:00 UTC 1 January 2000. Or, if the messages to be protected are rapidly streamed network packets, the number of microseconds elapsed since midnight today.
Symmetric means "the same on both sides", while asymmetric means, well, the opposite.
For symmetric cryptographic algorithms, Ke = Kd. You are free to pick any appropriately long string of bits to function as the single key for an encryption and the following decryption.
However, beware: some keys might be obvious guesses, and some algorithms have "weak keys", certain types of key patterns that allow enough information to leak into the ciphertext to make it easier to guess the key. Weak keys are often those with regular patterns — lots of consecutives 1s or 0s, or a repeated pattern like 0101010101. The keys need to be hard to guess, and so they should look very random.
For asymmetric cryptographic algorithms, when you encrypt with some Ke you must decrypt with a completely different Kd You must use the correct math trick to generate a key pair: Ke,Kd.
For useful asymmetric cipher algorithms, it is extremely difficult to derive one key from the other.
We can quit worrying about the encryption key versus the decryption key, and just think of a pair of keys, K1 and K2. Arbitrarily pick one and encrypt with it. Then the only thing that can be used for decryption is the other key in the pair.
+---+ +---+
plaintext -+--->| E |---> ciphertext1 --+-->| D |---> plaintext = D(ciphertext1, K2)
| +---+ | +---+ = D(E(plaintext, K1), K2)
| ^ | ^
| | | |
| K1 | K2
| |
| | +---+ Meaningless Output
| +-->| D |---> ????
| +---+
| ^
| |
| any key other than K2
|
|
| +---+ +---+
+--->| E |---> ciphertext2 --+-->| D |---> plaintext = D(ciphertext2, K1)
+---+ | +---+ = D(E(plaintext, K2), K1)
^ | ^
| | |
K2 | K1
|
| +---+ Meaningless Output
+-->| D |---> ????
+---+
^
|
any key other than K1
Let's say you have a sender and a receiver, and each has a pair of keys. For each person, they call one the "public key" and they tell the world, and they call the other the "private key" and they keep it a secret. So, each of them knows three keys — their pair, and the public key of the other.
Method 1 — Sender's private key only — Since the sender's public key is the only thing producing a coherent message, the receiver can trust that the sender sent it. Since slight changes in input make big changes in output, this also must have been the same message originally sent. But anyone can read it.
Method 2 — Receiver's public key only — Since the receivers's public key is the only thing producing a coherent message, the receiver can trust that no one else could have read it. But anyone could have sent it.
Method 3 — Sender's private key, and receiver's public key — The receiver can trust that no one else could read it, that the sender must have sent it, and that it wasn't altered in transit.
| I want to: |
Send a message in such a way that I could
prove: "I was the sender, and this is precisely the message that I sent." |
| I must: | Digitally sign the message. |
| I need: | My private key. |
| I want to: | Send a message which only the intended receiver can read. |
| I must: | Encrypt the message. |
| I need: | The receiver's public key. |
| I want to: | Read a message which was sent so that only I can read it. |
| I must: | Decrypt the message. |
| I need: | My private key. |
| I want to: | Verify the identity of the sender and the integrity of the received message. |
| I must: | Verify the digital signature. |
| I need: | The sender's public key. |
Identity-Based Encryption (IBE) is asymmetric cryptography where the public key is based on some unique public information about the user. Perhaps an electronic mail address, or a telephone number including country code.
There is a completely trusted third party called the Private Key Generator (PKG). The PKG has published a master public key and retained the corresponding master private key, also called simply the master key.
Any party can generate any other party's public key using the master public key and the public information about the other party.
Only the PKG can generate the corresponding private keys using the master private key and the public information about parties.
Advantages:
Disadvantages:
For more information:
For an enormous list, see "Applied Cryptography" by Bruce Schneier, in the "Reference Books" section. The book contains source code for many serious cryptographic algorithms.
For something more mathematically rigorous, see the CRC Handbook of Applied Cryptography by A. Menezes, P. van Oorschot and S. Vanstone — a free PDF version can be downloaded for personal use: http://www.cacr.math.uwaterloo.ca/hac/
Jeff Moser has written a great explanation of the history and operation of the Advanced Encryption Standard, A Stick Figure Guide to the Advanced Encryption Standard (AES).
Setting up the keys
e is the public key.
d is the private key.
As a simple example:
| e | d |
| 3 | 7 |
| 7 | 3 |
| 9 | 9 |
| 11 | 11 |
| 13 | 17 |
| 17 | 13 |
| 19 | 19 |
Using the keys for encryption and decryption
As a simple example:
|
|
|
|
|||||||||
|
|||||||||
|
| © Bob Cromwell Feb 2012. Created with /bin/vi and ImageMagick, hosted on OpenBSD with Apache. Root password available here, privacy policy here. |
