Geeq’s Introduction to Encryption

By: Geeq  on Jan 14, 2021

Two ideas from cryptography, encryption and hash algorithms, are used together in order to provide basic security for many applications across the internet, including blockchains. We thought we’d write up a few entry-level explainers for these concepts.

Today, let’s take a look at the basics of encryption and what it has to do with public and private keys.

Encryption

Encryption is meant to keep private files private.

Data can be encrypted at rest, or in transit, and both are important. If you encrypt your home directory on your computer, then hackers will find it difficult or impossible to access your private files. However, if you take a file off your disk, decrypt it, and send it to a friend as an attachment via email, then the file can be read if it is intercepted. Similarly, if you download a file over an encrypted connection but then store it on your disk in plaintext, anyone with access to your hard drive can read it.

An encrypted file is referred to as ciphertext, while the unencrypted file is referred to as plaintext.

An encrypted file might be publicly available, but without a key of some sort, the encryption cannot be reversed and the file is useless. Examples of encryption algorithms include AES, DES, Blowfish, and RSA.

The bottom line is that encryption transforms data into a form that cannot be read unless it is decrypted correctly.

A Simple Example

At the most basic level, encryption transforms a message or data file using an openly available algorithm. The classic Shift Cypher is the simplest example. The idea is that each letter in the alphabet is mapped to a different letter. For example, the alphabet could be transposed one position so that a becomes b, b becomes c, and so on. Thus, the plaintext “Be a Geeq” becomes the ciphertext “Cd b Hffr”. The shift cypher is also called the Caesar Cypher, after Julius Caesar (b. 100BC, d. 44BC) who apparently used it in his private correspondence.

Symmetric Encryption

To understand symmetric encryption, let’s visit a slightly more sophisticated version of the shift cypher described above. This method will seem familiar to anyone who has seen a spy movie where the enemy ransacks a room, looking in vain for the key to decoding the cypher.

Symmetric encryption requires the sender and receiver to share a secret about how to encrypt and decrypt messages. For example, a spy and their handler might meet to agree on a specific shift cypher based on a rare print edition of a specific book. Then, they have what they need to devise a code that signals each other, even in public, which page to use. For example, either one might place a personal ad in a newspaper (or on a website) to sell a specific color car, where the description might contain numbers like 148 miles per gallon. The recipient would know to refer to their copy of the book’s page 8, paragraph 4, and the first letters printed on each line to translate the code.

Unless the key is known by others (hence the pulling down of bookcases in the movies), the page number is useless information. To recap, when the sender and receiver both know the common key, they are able to generate a new key to the encryption code each time they communicate.

Security of Symmetric Key Encryption

Modern day symmetric encryptions use AES 256 (Advanced Encryption Standard 256), a symmetric encryption method based on a 256 bit key. While the method of encrypting data by AES 256 is public information, protecting the encrypted files depends on keeping the key or password secret, not the encryption algorithm itself.

Protecting the encrypted files depends on keeping the key or password secret, not the encryption algorithm itself.

For AES 256, there are 1.2 x 1077 different ways that the substitutions and permutations might be executed on plaintext to produce ciphertext. AES-256 is seen as a completely secure encryption system given current computer technology.

You might wonder why a file cannot be decrypted by simply inverting the publicly known encryption function. The reason is that the these algorithms use something called a “trapdoor function” which cannot be inverted. Therefore, although the method of symmetric encryption using AES 256 is publicly known, symmetric encryption means the only way to decrypt a file is to know the right key. Breaking encryption therefore requires the key to be discovered by brute-force guessing.

Advantages and Disadvantages of Symmetric Encryption

The advantage of using AES-256 is that decrypting ciphertext is computationally efficient, IF the key is known, meaning relatively few computer clock cycles are needed to decrypt each byte of the ciphertext.

The disadvantage of using symmetric encryption when communicating from one user to another is that the trick to decryption depends on the shared knowledge of the common key, which is also called a “shared secret” or private key encryption. And here is the problem: how can users agree on a key between them on the internet, while keeping it secret from everyone else? Obviously, sending the key in an unencrypted form exposes it to interception. On the other hand, the sender cannot send the key to the receiver in an encrypted form unless the receiver has the key needed to decrypt the encrypted key.

Ultimately, symmetric encryption depends on the users’ ability to have at least one completely secure, unencrypted, exchange of information. This is impractical if users do not know in advance that they may wish to communicate securely. For example, I may wish to send a secure email to someone I have never met or give a credit card number to a merchant I have never used before. The solution to that problem is to use asymmetric encryption.

Asymmetric Encryption

When it is impractical for users to meet securely and agree upon a shared secret, public key encryption, which is a form of asymmetric key cryptography, is used instead.

Public Private Key Pairs (PPK)

The real magic of public key encryption is that public and private keys are generated with a special mathematical relationship. Not only is the private key the one and only way to decrypt a message encrypted with the complementary public key, but the public key is the one and only way to decrypt a message encrypted with the complementary private key.

The private key of a PPK is the one and only way to decrypt a message encrypted with the complementary public key, and the public key is the one and only way to decrypt a message encrypted with the complementary private key.

At the highest level, public key encryption works like this:

  • The receiver generates two mathematically entangled numbers. One is called a Public Key, and is made openly available. The other is called a Private Key and is kept secret by the receiver.
  • The sender can see the receiver’s Public Key and use the receiver’s Public Key to encrypt a message intended for the receiver.
  • The message travels as ciphertext through the system. Others may be able to see the encrypted message but, without access to the receiver’s Private Key, they have no way of decrypting it.
  • When the message finally arrives at its destination, the receiver simply uses his secret Private Key to decrypt and read the message that the sender had created and encrypted with the receiver’s Public Key.
  • As long as the receiver keeps the Private Key secret, only the receiver can read the decrypted message once it leaves the sender.

Message Size and File Size

Symmetric keys can be used with low computational cost to encrypt files of any size, including streaming content. Decrypting messages with such shared keys take much less computational effort than decrypting the same message that has been encrypted with a Public Private Key (PPK).

As a result, public key encryption (asymmetric encryption) is often used only to begin a secure communication session, in order to send the more computationally efficient symmetric encryption key that both sides may use for the remainder of the session.

Messages sent via asymmetric encryption (PPK) are also limited by the key size. A 256 bit public key can encrypt a bit less than 256 bits of plaintext. Again, this limitation reinforces the practice of using PPK only in order to establish a connection that then uses symmetric key encryption.

Summary

Data can be encrypted at rest, in transit, or both.

A symmetric key can encrypt messages or documents such that anyone who has the key can decrypt them at low computational cost. Without the key, decryption is computationally impractical.

Public private key pairs (PPKs) are mathematically entangled numbers which can mutually decrypt ciphertext created by the other. It takes more computational effort to decrypt ciphertext created this way, which is why public key encryption is generally used only to agree on a shared symmetric key.