|
ACADEMIC COMPUTING and COMMUNICATIONS CENTER | ||||||||
|
|
|
|
|
|
|
|
|
|
Coming Soon to a Code Near You | ||||
|
||||
| Codes and Ciphers | ||||
|
Codes and ciphers go back at least to the Roman Empire and have since been playing an increasingly important role in both peacetime and war. During World War II, the Allies broke the workings of Enigma, the German cipher machine, with luck, cleverness, and hard work. This and Germany's refusal to believe their system could be cracked were a real bonanza for the Allies' intelligence. But technology changes, and as the "arms race" between code makers and code breakers continues, the balance of power seems to be shifting to the code makers. This is good for those of us who use the Internet; there are more people - and more bad guys - on the Internet than ever before. Back in the Wild West, "Some guys are tall, some are small, but Mr. Colt made 'em all equal." Strong encryption is the Colt six-shooter of the '90s. Encryption is more than just pulling down the blinds in front of prying eyes. It can be used it to:
Everything you ever wanted to know about encryption:Answers to Frequently Asked Questions About Today's Cryptography, published by RSA Laboratories, on the World Wide Web at: http://www.rsa.com/rsalabs/LABSFAQ.PDFReturn to Contents. |
||||
| Types of Encryption | ||||
| Encryption schemes typically use a "key" (usually a big number) to encode or decode a message. Encryption schemes are classified by the number of keys they use. | ||||
| Zero-key schemes: | ||||
|
Encrypting without a key may not even seem like encryption at all. Zero-key
encryption schemes turn an original message into a short (commonly 128
bits), non-unique encrypted form called a "message digest" or "fingerprint".
The non-uniqueness means that you can't recover the original message from
the encoded form, but if you also have the original message, you can re-encrypt
it to see whether it could have produced that digest.
Why is this useful? Digests are used to authenticate messages, to tell whether the message was altered after creation or transmission. A well-designed digest algorithm is very sensitive to the input and makes it extremely difficult to guess (or forge) the original message. On the other hand, if you have both the original message and the digest, you can easily verify that the digest must have been (well, probably was) created from that particular message. When your intent is to check for transmission errors, it is enough to transmit the digest along with the original message. But when your intent is to provide a secure digital signature, the digest itself must be securely transmitted, either using another encryption method or a separate transmission channel. Return to Contents. |
||||
| One-key schemes: | ||||
|
Encryption schemes with one key are symmetric because they
use the same key for encryption and decryption, or secret-key
because that one key must be kept secret for the encryption to work. Symmetric
encryption is fast, so it's practical to encode or decode large blocks
of information with it, and/or to use a long key, making the code prohibitively
expensive to crack by brute force. IBM developed DES (Data Encryption
Standard), one of the most widely used symmetric encryption schemes,
in the '60s; DES is endorsed as a national standard by the US government.
Return to Contents. |
||||
| Two-key schemes: | ||||
|
Encryption schemes with two keys are a more recent addition (late '70s)
to the coder's repertoire. These schemes are asymmetric because
they use one key for encryption and a different key for decryption, or
public-key because one of these keys can be public. (The
other key - known as the private key - must still be kept
secret.) Diffie-Hellman (named after its inventors, Whitfield
Diffe and Martin Hellman) was the first two-key encryption scheme; RSA
(also named after its inventors, Ron Rivest, Adi Shamir, and Leonard
Adleman) is another popular two-key scheme.
The security that these schemes provide depends on the use of mathematical functions that are easy to compute but difficult to invert. For example, multiplying several large prime numbers together is easy, but factoring the resulting large number back into its original prime factors is difficult. Asymmetric encryption is not as efficient as symmetric encryption, but the combination of a secret private key (the prime factors) and a published public key (the product of multiplying the prime factors together) provides many intriguing features. If I give my public key to everyone in the world, then anyone can use my public key to encode a message that only I can decode. (A message encoded with my public key must be decoded with my private key, which only I have.) This provides privacy, which is what we normally expect from an encryption scheme. Conversely, if I encode a message with my private key, then anyone who receives the message and successfully decodes it using my public key will know that the message must have come from me, providing a reliable digital signature. Public and private keys can be used together to set up a secure transmission over an insecure network. If I need to send a message to Joe, first I encrypt the message with my private key - proving that only I could have sent it - and then I encrypt it a second time with Joe's public key - ensuring that only Joe can read it. So both Joe and I know that I sent the message and that only Joe can read it. Comments are welcome; send them to:Return to Contents. |
||||
| The ADN Connection, March/April 1997 | Previous: March/April 1997 Contents | Next: Some Practical Encryption Systems |
| 1999-9-9 connect@uic.edu |
|
