Encryption and Decryption

This section describes the technology used to provide security for data and communications.

Describe how encryption is used and the forms it takes, to include symmetric-key encryption, public-key encryption and the roles of key length and encryption strength.

Try This:

Think of a real-world situation in which encryption would be directly relevant to you.

Ciphers

A cryptographic algorithm, also called a cipher, is a mathematical function used for encryption or decryption. In most cases, two related functions are employed, one for encryption and the other for decryption.

Figure 2.4

Modern Cryptography

Today, the ability to keep encrypted information secret is based not on a cryptographic algorithm (which is widely known), but on a number called a key that is used with the algorithm to produce the encrypted result or to decrypt previously encrypted information. 
  • Decryption with the correct key is simple.
  • Decryption without the correct key is very difficult if not impossible.
There are two basic varieties of encryption techniques available. These are:
  • Symmetric-Key Encryption
  • Public-Key Encryption
Each of these has strengths and weaknesses and each is appropriate for particular circumstances. We will discuss these in some detail in the following section.


Symmetric-Key Encryption

Symmetric-key encryption can be implemented very efficiently, so that users do not experience any significant delay due to encryption and decryption. It also provides a degree of authentication, since information encrypted with one symmetric-key cannot be decrypted with any other symmetric key.

As long as the symmetric key is kept secret by the two parties using it, each party can safely assume that each communication is bona fide as long as the decrypted messages continue to make sense.

Figure 2.5

Naturally, symmetric-key encryption is effective only if the symmetric key is kept secret by the parties involved. If anyone else discovers the key, it affects both confidentiality and authentication. 

Symmetric-key encryption plays an important role in the SSL protocol, which is widely used for authentication, tamper detection, and encryption over TCP/IP networks. SSL also uses techniques of public-key encryption, which is described in the next section.


Public-Key Encryption

The most commonly used implementations of public-key encryption are based on algorithms patented by RSA Data Security. Therefore, this section describes the RSA approach to public-key encryption.

Public-key encryption (also called asymmetric encryption) involves a pair of keys: a public key and a private key. Each public key is published, and the corresponding private key is kept secret. Data encrypted with a public key can be decrypted only with a private key. The animation below shows a simplified view of the way public-key encryption works.


Figure 2.6
This technique lets you freely distribute a public key, and only you will be able to read data encrypted using this key. In general, to send encrypted data to someone, you encrypt the data with that person's public key, and the person receiving the encrypted data decrypts it with the corresponding private key.

As it happens, the reverse of this scheme also works: data encrypted with your private key can be decrypted only with your public key. While this would not be desirable for encrypting sensitive data, it can be used to guarantee that the origin of a message is bona fide since only the holder of the private key could encrypt the message that is decoded with the public key. This is very useful because you can use your private key to sign data with a digital signature an important requirement for electronic commerce and other commercial applications of cryptography.

Client software such as Communicator can then use a public key to confirm that a message was signed with a private key and that it hasn't been tampered with since being signed. Subsequent sections describe how this confirmation process works.


Key Length and Encryption Strength

In general, the strength of encryption is related to the difficulty of discovering the key, which in turn depends on both the cipher used and the length of the key.  For example, the difficulty of discovering the key for the RSA cipher most commonly used for public-key encryption depends on the difficulty of factoring large numbers, a well-known mathematical problem.


Figure 2.7

Different ciphers may require different key lengths to achieve the same level of encryption strength. The RSA cipher used for public-key encryption, for example, can use only a subset of all possible values for a key of a given length, due to the nature of the mathematical problem on which it is based. Other ciphers, such as those used for symmetric key encryption, can use all possible values for a key of a given length, rather than a subset of those values. Thus a 128-bit key for use with a symmetric-key encryption cipher would provide stronger encryption than a 128-bit key for use with the RSA public-key encryption cipher. 

This difference explains why the RSA public-key encryption cipher must use a 512-bit key (or longer) to be considered cryptographically strong, whereas symmetric key ciphers can achieve approximately the same level of strength with a 64-bit key. Even this level of strength may be vulnerable to attacks in the near future. 

Because the ability to surreptitiously intercept and decrypt encrypted information has historically been a significant  military asset, the U.S. Government restricts export of cryptographic software, including most software that permits use of symmetric encryption keys longer than 40 bits.


Top of Page
Copyright © 1999 Sun-Netscape Alliance.
All Rights Reserved.