Skip to main content

The genius of public-key cryptography

Most people have come across cryptography in some way, shape or form. To most people, it's just a way of encrypting a message in such a way that only the intended receiver can decrypt it. In this article, I will be exploring the benefits of public-key cryptography, most notably RSA, as well as explaining the basic concept behind computer cryptography for the uninitiated.


Cryptography (intro)

So, if this is the first time you've heard of cryptography, this section is meant for you!
The basic concept of cryptography is relatively simple: You take a message and, combining it with some type of secret shared between sender and recipient, turn the message into something that cannot be understood without said secret.

If you've ever come up with some sort of secret code in your childhood (or early adult life, no judgement here), you've probably done cryptography, even if you didn't know it. The simplest form of symmetric-key cryptography is the Cesar Cipher. The way it works is by shifting the entire alphabet over by some amount. For example, A becomes B, B becomes C, etc.

Here is a simple message encoded with a Cesar Cipher.

cryptography -> dszquphsbqiz

This message was encrypted with an alphabet shift of one character, the same as the above example.

The Cesar Cipher is an example of what's called symmetric-key cryptography. That means that the secret (key) that is used to encrypt the message, is the same as the one used to decrypt the message. This makes for a very simple algorithm indeed. You just hand your friend a number—the alphabet shift—and they can encode and decode messages to their heart's content.

Some other examples of symmetric ciphers include Rijndael (AES) and Twofish.
You can find a video of Prof. Mike Pound explaining AES here.

Public-key (asymmetric) cryptography

Public key cryptography has mostly the same goals as symmetric-key cryptography, except that it uses two keys, commonly referred to as a key-pair, instead of one. The idea being that any message encrypted using one key, can only be decrypted using the other. This is a very useful concept for several reasons, the first of which is security.

Using traditional symmetric-key cryptography, you need to have a shared key. This key then needs to be given to the recipient of your message in advance, otherwise, they wouldn't be able to decode your message.

To illustrate how this is a problem, let's consider three people: Alice, Bob and Eve.
Alice and Bob would like to communicate and Eve wants to find out what they are saying. In the first scenario, Alice and Bob can very easily communicate using a symmetric cipher. Alice and Bob live next door to one another and Alice (the sender) can simply hand Bob an envelope containing the key and the message. Presumably, this key will be used in all future correspondence.

Now, you might be asking yourself, what happens if Alice and Bob are separated by a vast distance. How would they establish a shared key without Eve getting in on the action? After all, if they used any traditional means of communication such as mail, Eve could just open the letter in transit and snatch the key.

This is where public-key cryptography starts to make a whole lot of sense. Here is what Alice and Bob would need to do.

Alice and Bob both generate a key-pair and pick one of them to be their secret key, the other one then becomes their public key. Bob sends his public key to Alice through the post and Alice does the same. Now, Alice and Bob both have each other's public keys, which they can encrypt messages with, and they have their own secret keys, using which they can decrypt messages. And all the while, poor Eve only has two public keys, neither of which will be able to decrypt any of Alice and Bob's conversations.

This alone would make public-key cryptography a heaven-sent. The only problem is that there is one thing Eve can do to get in on Alice and Bob's conversation. A man-in-the-middle attack. This involves Eve generating her own key-pair and swapping Alice and Bob's public keys for her own when she intercepts their messages. This would enable her to decrypt a message in transit, read it, and re-encrypt it, sending it on to the intended recipient.

In the next article, I will discuss how this issue can be remedied.

Conclusion

I hope you enjoyed this article about public-key cryptography and that it has interested you to do some of your own research. It is no coincidence that I now publish an article on cryptography just as I start a new series of mystery-articles. I will be relying on several cryptographic techniques to make the following puzzles harder to solve. So subscribe if you would like to be notified of my next article!
Labels:

Comments

Post a Comment

Popular posts from this blog

Public Key Cryptography: The Mathematics of RSA

 Initially, when I created this blog, I stated that only opinions would be contained here. However, it has become very clear to me that I am obviously better at explaining things than I am at expressing complex opinions. And beyond that, the articles I enjoyed writing the most were the explanations about topics in computer science. That brings us to now. Moving forward, I'd like to shift my focus toward explaining topics I am interested in as well as continuing to express my concerns and opinions. I am, however, going to try to move more toward opinion articles that require some explanation as to the principles at work. On to the Maths!  Note: If, at this point, you haven't read my article on public-key cryptography, I would highly suggest that you read it before continuing. You can find it here . In this article, I will be explaining the mathematics of RSA. RSA is but one example of public-key cryptography and there are many out there, but today we'll only be looking a...
Post a Comment
Read more

The case for unmanaged programming languages: data management

 Welcome back! This is the second and final part in a series of articles about why unmanaged programming languages are the best. In this article, I will be covering the ways in which unmanaged programming languages, such as C++, are far superior to managed languages when it comes to data management and manipulation. Pointers Pointers are literally the best thing since sliced bread...  They seem like such a simple concept, but oh man are they powerful! Basically, a pointer is a variable that holds a memory address. It's actually a little more simple than that. A pointer, at it's lowest level, just holds an integer. This means you can do integer arithmetic with it. It might not be immediately obvious why this is useful, but I'll get to that in a minute. The first thing pointers allow you to do that is pretty neat is to change the data type of a variable very easily. Now, this isn't strictly speaking converting the data to another ty...
Post a Comment
Read more

Why you (yes, you!) should be using Telegram

 If you've not been living under a rock these past few months, you will have heard about the (now postponed) changes to WhatsApp's privacy policy. There are some problematic things about their privacy policy already, but I'll not be spending your precious time discussing legal and bureaucratic nonsense. Instead, I want to talk about and highlight some things that may or may not allow you to come to the (obviously correct) conclusion that you should be using an open-source messaging app like Telegram or Signal. Disclaimer: I am not sponsored by, nor was this article commissioned by, Telegram, LLC or any other company. I just happen to really like open-source software and think that Telegram is a great app. Now, as for why you shouldn't be using WhatsApp. Proprietary software is hazardous at best. In general, there are two types of software: proprietary and open-source. Proprietary being software where the underlying source code is not available to the end-user. Open-sour...
1 comment
Read more
Creative Commons Licence
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.