Cryptography Part 2 - Types of Algorithms
In one of the earlier article we learned what
Cryptography is, and how it is increasingly used for data transmissions and telecommunication. In terms of cyber security, the Internet is especially vulnerable as it transmits data over an untrusted medium.
In cryptology lingo, the unencrypted data is called as plaintext. This plaintext is encrypted into ciphertext, using some sort of a cryptographic algorithm. In turn, this ciphertext is again converted to plaintext once it reaches the destination. The entire process involves using mathematical algorithms to achieve the desired encryption / decryption, typically using some sort of a key.
While there are numerous ways of implementing an encryption / decryption algorithm, and many are still being developed, for the purpose of this article, we will focus on the three most popular.
1. Symmetric Key Cryptography
Also called as Secret Key Cryptography, this kind of algorithm uses a single key both for encryption and decryption. Since a single key is used, it is called as symmetric key cryptography. There are 5 components in a symmetric key algorithm:
i. Plaintext: This is the original data / message that the algorithm uses as input
ii. Encryption algorithm: The encryption algorithm performs various mathematical operations on this plaintext data to encrypt it.
iii. Ciphertext: This is the scrambled message that is the result of the encryption algorithm. If intercepted by an untrusted user, it is merely seen as garbled data.
iv. Secret Key: The secret key is also input to the encryption algorithm. The encrypted data / message is then sent to the end user, who uses the same secret key to decipher the data
v. Decryption algorithm: It takes the ciphertext, the secret key, and produces the original data / message. In simple words, it runs the encryption algorithm in reverse sequence.
While being simple in principle, one of the weak points of this algorithm is that the secret key too needs to be transmitted in the same data string. If a malicious user figures out what the key is, the integrity of the data is lost.
Secret key cryptography algorithms typically use either block ciphers or stream ciphers.
In block cipher method, the plaintext is divided into relatively large blocks, typically 64 or 128 bits long. Each block is then encoded separately, but the same key is used to decrypt the data.
In the stream cipher method, the plaintext is partitioned into small (e.g. 1 bit) blocks. For each block of data, a different key is then generated. The encoding of each block too depends on previous blocks. Both methods have their pros and cons, but are beyond the scope of this article.
In the field of cyber security, the symmetric key algorithms were the first to be used.
2. Public Key Cryptography
Public key algorithms are considered a notch above the symmetric key algorithm as it uses two different keys based on mathematical functions and are asymmetric in nature (one key for encryption of data / message and one for decryption). The concept of Public key encryption evolved from an attempt to solve two problems, key distribution and the development of digital signatures.
The conceptual framework for Public Key Cryptography was first developed in 1976 by Whitfield Diffie and Martin Hellman. The most important trait of Public Key algorithms is that it is computationally not possible to determine the decryption key given only knowledge of the algorithm and the encryption key. Additionally, some algorithms such as RSA also allow either of the two related keys to be used for encryption, the second key then being used for decryption.
Public Key Cryptography depends upon the existence of ‘one-way’ mathematical functions – functions that maps a domain into a range such that every function value has a unique inverse, with the condition that the calculation of the function is easy whereas the calculation of the inverse is not feasible.
Like Secret Key Cryptography, Public Key Cryptography too has some limitations that are not in the scope of the present article.
3. Hash Functions
A hash function is a function that takes a relatively arbitrary amount of input and produces an output of fixed size. Hash functions are also called as message digests or one-way encryption. Algorithms based on hash functions do not have any key. A hash value of fixed value is computed based on the plaintext. This makes it impossible for either the contents or length of the plaintext to be recovered. Algorithms based on hash functions are typically used to provide a digital fingerprint of a file's contents. Since the probability of two plaintext messages generating the exact same hash value is almost none, hash functions are used to ensure that the file has not been altered by an unauthorized user or by a malicious virus. In addition, they are also commonly employed by many operating systems to encrypt passwords as they provide a good measure of a file’s integrity.
4. Hybrid Cryptographic Scheme
A Hybrid Cryptographic scheme combines all the three cryptograhphic functions to form a secure transmission. Such a scheme comprises a digital signature and a digital envelope.
The digital envelope: A digital envelope consists of an encrypted message and an encrypted session key. The sender uses secret key cryptography to encrypt the message using the session key, which is generated at random with each session. The session key is then encrypted using the recipient’s public key. The encrypted message and encrypted session key together form the digital envelope. Upon receipt, the recipient recovers the session secret key using his / her private key and then decrypts the encrypted message.
The digital signature: The digital signature is formed in two steps. In the first step, the sender computes the hash value of the message to be sent. It is then encrypted with the sender's private key. Once it reaches the intended recipient, the hash value is recovered by decrypting the digital signature used bt the sender's public key. The recipient can then apply the hash function to the sender's original message, which the recipient has already decrypted. If the resultant hash value is not the same as the value supplied by the sender, then the recipent knows that the message has been altered; if the hash values are the same, the recipent can be confident that the message has not been tampered with.
One logical question that a reader will have is: "Out of these four methods of data encryption, which one is the best?"
Well, there is no logical answer to this question. Each algorithm has its advantages and disadvantages. A Secret key algorithm is ideally suited to mask and encrypt messages, providing privacy and confidentiality. Since the sender can generate a session key on a per-message basis, this type of algorithm is most useful for exchange of messages.
Hash functions, on the other hand, are more suited to maintain data integrity. If any change is made to the contents of the encrypted data, it will result in the receiver calculating a different hash value than the one placed in the transmission by the sender. As it is highly unlikely that two different messages will have the same has value, data integrity is assured.
There would be other algorithms developed in the future as well, but the important thing to remember is that for the sake of information security and cyber security, it is essential to use some sort of data encryption.
You may also like to read:
