Introduction to Cryptography
Last Updated: 24 February 2001
Why is Encryption important?
Do you know who may be reading your E-Mail? It is transmitted in plain text over unknown pathways and resides for various periods of time on computer files over which you have no control. Whether you're planning a political campaign, discussing your finances, having an affair, completing a business deal, or engaging in some totally innocuous activity, your messages have less privacy than if you sent all of your written correspondence on postcards.
Why? Because of the nature of the Internet and the electronic medium. It allows effective scanning of message contents using sophisticated filtering software. Electronic mail is gradually replacing conventional paper mail and messages can be easily and automatically intercepted and scanned for interesting keywords.
Another problem with E-Mail is that it is very easy to forge the identity of the sender.
The solution to these problems is to use cryptography. However, there are restrictions on the export and use of strong cryptography, particularly in the USA, but now gaining momentum in other countries. Furthermore, some governments, and again the USA is the most prominant, want decryption keys lodged with escrow agents, so that law enforcement agencies can, with appropriate authorisation, intercept and decrypt private messages. It is often claimed that this facility is no different from powers that the government has always possessed to wiretap telephones. There is however, a vital difference. Citizens are now being asked to take action to make themselves available for surveillance.
Why should Encryption be used?
Cryptography today involves more than encryption and decryption of messages. It also provides mechanisms for authenticating documents using a digital signature, which binds a document to the possessor of a particular key, while a digital timestamp binds a document to its creation at a particular time. These are important functions which must take the place of equivalent manual authentication procedures as we move into the digital age. Cryptography also plays an important part in the developing field of digital cash and electronic funds transfer.
The major applications for encryption may then be summarised as:
- To protect privacy and confidentiality.
- To transmit secure information (e.g. credit card details)
- To provide authentication of the sender of a message.
- To provide authentication of the time a message was sent.
How does it work?
Up until the mid 1970's cryptography was an arcane science practised largely by government and military security experts. That situation changed dramatically following the development of public key cryptography by Hellman and Diffie in 1975. This development solved a major problem with most cryptographic systems - that of exchanging keys, and preceded a rapid escalation in civil involvement in this field of endeavour.
Public key cryptography systems work with public and secret (or private) keys. You generate these yourself as a once-only task. You distribute your public key to anyone who may need to send you encrypted information, or you can place it on one of the many public-key repositories around the globe. Your public key is then used by others to encrypt messages sent to you. Only you can decrypt such a message since the secret key is needed to perform this task. In practice, because public key encryption is a time-consuming process, many cryptosystems only use the public key to encrypt a random session key, which is then used to encrypt the actual message.
As an example, to exchange secure communications with someone the procedure would be as follows. Here we will introduce Alice and Bob, the renowned "first couple" of cryptography.
- Alice and Bob exchange their respective public keys or obtained them from a public key repository.
- Alice transmits the message encrypted with the Bob's public key.
- Bob decrypts it with his secret key.
- Only Bob can decipher the message. Even Alice will be unable to decipher the message once encrypted, unless she has included herself as a recipient (using multiple keys to encrypt the message).
- Cryptography can also be used to produce a digital signature which proves that the transmission is unchanged and can authenticate the sender. In this case the Bob would use Alice's public key to read the signature created by Alice's secret key.
More detailed information about cryptography can be obtained from the references page.