[Back| Home| Programs| Documentation| Internet| People]

Encryption



Encryption is a method of hiding data so that it cannot be read by anyone who does not know the key. The key is used to lock and unlock data. To encrypt a data one would perform some mathematical functions on the data and the result of these functions would produce some output that makes the data look like garbage to anyone who doesn't know how to reverse the operations. Encryption can be used to encrypt files that the owner feels are too sensitive for anyone else to read. And now, with the rise of the Internet, encryption is used to encrypt data, like a credit card number, and then send it across the net. This way no one can read intercept and read the data while it is traveling through the web. The recipient of the data does have to know how to decrypt the information or else the data will look like garbage to the recipient too.

There are two categories of encryption, private key and public key. The major difference is who knows the key. Encryption is an entirely mathematical process applied to the world of computers. The only thing an encryption program will do is take in data, perform some predefined mathematical operations on the data, and then output the result. Decryption is the process of taking the encrypted data, that now looks like garbage, and reverse the mathematical functions so that the result is the same data that originally existed before the encryption process. The "key" is the set of mathematical operations and values that are used to encrypt and decrypt the data. Encryption and decryption algorithms describe the mathematical operations while key describes the exact process which includes the algorithms and any other random initial values that are used in the algorithms. Lets first look at private key encryption and how it works.


PRIVATE KEY ENCRYPTION

What private key means is that the same method is used to encrypt and decrypt. If someone knows what method was used to encrypt the message then that person can decrypt the message. Thus, the key must be kept private. Only the person sending the data and the person receiving the data should know the key. Private key cryptography, also known as symmetric cryptography since the encryption and decryption processes are just opposites, is an encryption method where the encryption algorithm is known before hand by the sender and the recipient. Accordingly, the two users must communicate beforehand and agree on the algorithm and the key so that the recipient can decode the message. A very simple example of private key cryptology is to take the text that is to be sent across the Internet and use the next letter in the alphabet in place of the original letter. Then send the scrambled text across the Internet. The person receiving the text would have to know how the message he receives is scrambled so that he can unscramble it. Thus, the "key" being used in this example is, 'use the next letter in the alphabet.'

With this key the text, "hi rob" would become, "ij spc". Since the recipient of the message knows the key, that person will take the message he received and take the previous letter in the alphabet. The person would receive the message, "ij spc," and using the previous letter that person would recover, "hi rob." This example is much simpler than the private key encryption algorithms used today, but it illustrates the fact that in private key encryption the encryption and decryption processes are just the reverse of each other

Private key encryption has the benefits of being very fast in that the computer programs that will perform the encryption and decryption will finish executing in a very short amount of time. The more complex the key the longer the process takes. However, even the most complex private keys algorithms can encrypt and decrypt data faster than that of public key cryptology. A disadvantage to private key cryptography is that the key must be communicated before hand. You would have to tell me exactly how you were going to encrypt the messages that you will send to me so that I could recover the original message later.. You could not encrypt this information as I wouldn't know the key yet. In a large organization or over the Internet it is easy for these keys to become compromised because they have communicated, without using encryption, before the actual encryption takes place.



PUBLIC KEY ENCRYPTION

Public key cryptography (asymmetric) was created to eliminate the shortcomings of private key cryptography. The biggest advantage of public key cryptography is that no prior communication needs to take place between the recipient and the sender.

Public key cryptography works like this, everyone has two keys, a public key, which the entire world has access to, and a private key, which only the owner knows. Note that the private key referred to here is completely different than the private key used in private key cryptography. For lack of a better name the secret key in public key cryptography is called a private key. These two "keys" are much different form the "keys" used in private key cryptography. In fact both keys used in public key cryptography are just very large integers, on the order of 300 digits long. With public key cryptography there is only one algorithm that is in use, that algorithm is know as the RSA algorithm. The RSA algorithm is the only algorithm that will be used to encrypt and decrypt data.

The algorithm works by taking in some data, and then using one of the keys which is a large number, and using the key to perform modulo and exponential functions on the data. The result is a message so scrambled that no amount of statistical analysis could break the code. The beauty of RSA is that a message encrypted with a public key can be decrypted with the corresponding private key and a message encrypted with a private key can be decrypted with the corresponding public key. For this reason RSA is know as asymmetric cryptography, different algorithms are used to decrypt and encrypt data. The algorithm is actually just a very complex mathematical identity. Thus, person X can encrypt a message with person Yís public key and only person Y can decrypt the message using his private key, this is the process used to encrypt e-mail. More importantly, if I had a public and private key, and only I know my public key, I could encrypt a message using my private key and everyone could decrypt the message using my public key. If my public key successfully decrypts the message you can be sure that I sent it because the message could have only been created with my private key. The reason it could have only been created with my private key is that my public key was used to decrypt the message. By decrypting the message with my public key you know only my private key created it. This works as long as only I have access to my private key. The process described here is known as a digital signature because by creating a message that only I could have created I am effectively signing the message.

Like private key cryptography the encryption and decryption process must reverse each others actions, but the difference lies in that there are two different numbers and two different algorithms used. One number is the public key and the other number is the private key. These numbers are used in the two different algorithms one to encrypt a message and one to decrypt a message. The important aspect of RSA and public key cryptography is that no prior communication has to take place before a message is sent. If you receive a message encrypted with RSA and your public key you have all the information you need to decrypt the message. RSA does have some disadvantages however, since the numbers used are so large the amount of time it takes to encrypt or decrypt is a lot longer than private key cryptography.




What you should understand now is that there are two methods of encryption, private key and public key, each with its own advantages and disadvantages. You should also understand the concept of a digital signature as this will be used later to prove identity.



To go back to main page click here or to proceed to the page describing digital certificates, click here 

Send your comments and sugestions to
rrwallac@ucsd.edu




Contact information
URL: http://sdcc10.ucsd.edu/~rrwallac
e-mail: rrwallac@ucsd.edu










 

 



[Back|
Home| Programs|
Documentation| Internet|
People]