Tuesday, April 23, 2013

Understand most basic concepts of Encryption

When I'm orgnizing my notes, I found this artical. I lost track of origin, but thanks to the author.

1. Traditional encryption(Symmetric): Use the same key to encrypt and decrypt messages.
Problem 0: How to deliver key to the recipients safely?

2. Solution: Asymmetric encryption - A pair of keys, one for encryption(public key), one for decryption(private key). Anybody can have the public key, only the one who has the private key can decrypt the information. The message transformation process becomes the recipient generates a key pair and keeps private key safely, then deliver the public key to the sender(the safety of delivering is not so much concern).
Is it a perfect solution? no.
Problem 1: How could message sender knows the public key is from the recipient wanna be. For example, a spy can capture the carrier and forge a pair of key, and send his or her public key to the sender, then after the encrypted message comes back, decrypt it, do some damages then use the original public key to encrypt it, then send to real recipient.

3. Solution: Need a way to identify the public key is from the real recipient wanna be. Think of money, it is actually just a piece of paper, but why everyone accepts the value that money represents, because it is issued by government. Government has the ultimate power(it supports by police and army), with his authorization, everyone accepts it, otherwise will be punished. The same concept, if a party has this kind of ultimate power can put a signature to prove the owner of the public key. Then message sender can trust the public key is from right person who claims to be. Fortunately, there's this kind of parties, but they are not supported by any kind of police or army, it is supported by conceptually unbreakable security and well respected reputation. This kind of party called CA(Certification Authority). Sound like not that reliable like government.

Then the public key is not the only thing to be delivered to message sender, you deliver a bundle with: Public key to be used to encrypt message, the public key issuer's personal information, issuer's signature, and CA's signature of course. This bundle called Digital Certificate.

Is it perfect now? no.
Problem 2: Asymmetric encryption and decryption is 1000 times slower then symmetric algorithm. Looks how impatient today's people are.

4. Solution: Combination of symmetric and asymmetric to speed up. You can do like, encrypt the original message with traditional way(symmetric) with a random generated key, but encrypt this one time random key with public key, then send encrypted message together with asymmetric encrypted key. Because for asymmetric algorithm, the smaller message, the faster encryption. The symmetric key is most time much smaller than the original message.

Digital digest (Hash functions) - A very short message(digital digest) can be generated from no matter how big the original message is. For example, 160-bits. The magic is that this short message is reproducible with the same algorithm, and even a tiny little bit change in the original message, the digital digest will be completely different.

No comments: