We use cryptography to protect information. Crypt means hidden and -graphy stands for writing. We use set of mathematical concepts and some rule-based calculations to secure information. This information can be at rest or at transit. Authentications, Integrity and confidentiality are components of Cryptography. This is not a new concept; it runs back to some centuries. Earliest cryptography method was used by the Spartans in ancient Greece. It is a rod used as an aid for a transposition cipher. The sender and receiver had identical rods (scytale) on which to wrap a transposed messaged. When we need to avoid someone else seeing the information while transmitting or when stored, we convert it into an unreadable message using some algorithms. Those who know how to decrypt (Key or decryption algorithm) can only read it.
To understand about the cryptography, let me take a popular example. Bob and Alice.
Think of an instance where Alice needs to send a secret message to Bob. Alice does not like Eve to read and understand it. Unfortunately Eve is the only person who can send this message to Bob. So how can Alice send it? There comes the cryptography. She can change the order of letters; Ex: alice -> ecila . Or else she can use symbols for letters. This process is known as encryption. Likewise, she can use one of the encrypting methods and tell Bob about the way to read it. Then Bob can decrypt the message because she knows what encryption method Alice used. This is called decryption. The message that is encrypted is known as a cipher.
Cryptology is the science of making and breaking secret codes. It combines cryptography (development and use of codes), and crypt analysis, (breaking of those codes).
Different algorithms are associated wit cryptography. Ancient time the secret was the algorithm. When someone get to know about the algorithm, they can decrypt the cipher. So, they tried their best to hide the encryption algorithm from unauthorized people. Further reverse engineering made it easy to find the decryption algorithm. In modern cryptography key has become the secret rather than the algorithm. Though some know the algorithm cipher cannot be decrypted without the key.
From this blog I will focus on the public key algorithms.
Public Key Algorithms
A public key algorithm or asymmetric encryption algorithm does not use the same key for encryption and decryption. Instead the sender and receiver use their own keys to encrypt/decrypt.
How does asymmetric cryptography work?
Each party involved has a key pair : public key and private key
If a message is encrypted using a public key, the private key of the same pair is needed to decrypt it. Similarly, a message encrypted with a private key needs the public key from the same pair to decrypt it.
So which key should the sender use to encrypt the message?
Let’s consider the following scenarios using an example where A is the sender and B is the receiver. E could be a man-in-the-middle. Each party has a key pair.
1 Using B’s public key to encrypt
This method is called close message format where the recipient’s public key is used to encrypt the message. B receives the encrypted message and it can only be decrypted using B’s private key.
In this method only confidentiality is maintained. As there is nothing unique to A in the message received by B, B cannot prove that it was sent by A. Hence, no data origin authentication. Integrity and non-repudiation are also not preserved.
2 Using A’s public key to encrypt
Only A’s private key can be used decrypt the message .This is not a practical scenario as B will not be able to decrypt.
3 Using A’s private key to encrypt
This method is called open message format where the sender’s private key is used to encrypt the message.
Although B can decrypt the message using A’s public key this method has no confidentiality as E or any third party can also decrypt the message using A’s public key which is available to anyone. Some refer to this method as signing and not as an encryption.
Although any attacker can decrypt the message and alter it, re-encrypting the altered message is impossible.
Some examples of Public Key Algorithms are Deffie Hellman Key Exchange (DH), Elgamal, Elliptic curves, RSA etc.
Deffie Hellman Key Exchange
In Deffie Hellman Key Exchange or DH algorithm, both sender and receiver use the same key for encryption and decryption. This key is mathematically calculated.
DH was introduced as a means of securely exchanging the key to the receiver’s end. The key is not exchanged over the media but rather a parameter is exchanged.
Initially A and B agree on 2 parameters : g — generator (suppose an integer) and p — a prime number. g should be smaller than p.
Both parties have their private keys and based on g and p the respective public keys will be calculated and shared.
Next, both parties will calculate the keys : K1 by A and K2 by B. These keys are equal and that is the symmetric key used for encryption by A and decryption by B.
A message can be sent through a hash function to obtain its hash or digital fingerperint. This hash can be encrypted using A’s private key and sent to B. B can then decrypt the hash using A’s public key and check if the message sent by A has been altered.
The encrypted hash is called as the digital signature.
Encrypting a hash is much more easier than encrypting a message. When the message is too large, it is difficult to be encrypted. Therefore encrypting the hash is the standard way. A digital signature preserves authenticity, integrity and non-repudiation.
In most of the countries, a digital signature is a valid evidence for non-repudiations and considered to have the same effect of a physical signature. Why do we use the same physical signature for all instances but different digital signatures for each different message? i. e. Why is a digital signature message-dependent?
This is because anybody can copy and append the digital signature to anything and send. Using message-dependent digital signatures solves this problem.
Properties of a digital signature
> The signature is not re-usable
> It is not alterable
> The signature cannot be repudiated
> The signature is authentic and is not forgeable
Consider a scenario where A has to send a large message to B. If all security services (Confidentiality, integrity, non-repudiation and data origin authentication) should be preserved, how can A send the message?
The most accurate method is : first obtain the hash or digital fingerprint of the message. Second, encrypt the hash using A’s private key. Third, encrypt the message using B’s public key. Now both the encrypted hash and message can be appended and sent to B.
B can now decrypt the hash using A’s public key and the message using B’s private key.
This way B can prove that the message was sent by A and also the message is securely delivered.