Encryption and confidentiality of user keys
Encryption is being used every day even without us being aware of it. Examples of encryption being used in our daily lives are for instance when connecting to a website which needs a username and password or when using a password protected ZIP file.
History of encryption
The roots of cryptology go back deep into human history. Cuneiform developed by the Sumerians or hieroglyphic writing developed by the Egyptians, both formed approximately in the half of the 4th millennium BC, are considered as first attempts of cryptography. In the 5th century BC, the Spartans were using a scytalae for military campaigns. One of the simplest and widely known encryption techniques is undoubtedly Caesar cipher which is based on replacing each letter in the alphabet with alphabetical letters shifted in several positions to the right or left. In real life this type of encrypting can be easily broken thus it does not provide any high-level security. In the 9th century AD, an Arabian mathematician Al-Kindi wrote a Manuscript on Deciphering Cryptographic Messages, a pioneering cryptanalysis work in which he paved the way of breaking the encrypted message by means of frequency analysis (via calculating the percentages of letters of a particular language in plain text as well as letters in the cipher). Vigenère cipher, which is the best-known example of polyalphabetic cipher, was created in the 16th century. A well-known, and perhaps the last non-digital electro-mechanical rotor cipher example of encryption method in the 20th century was Enigma machine used by Nazies during the World War II. It was invented by the German engineer Arthur Scherbius at the end of WW I and it is the last significant mechanical (or electro-mechanical) encryption device.
Security
People use sensitive data like personal passwords, personal information or information concerning their bank account daily. Companies use sensitive data as well. Hence, security of data is the crucial attribute of state-of-the-art information systems. For information security a CIA triad model is being used. It consists of three crucial security elements: confidentiality, integrity, and availability. Confidentiality or privacy means rules limiting the accessibility of information; integrity guarantees accurateness of information as well as their trustworthiness over its entire life cycle and availability ensures access to such information whenever it is needed.
Probably the best way to achieve confidentiality is to encrypt sensitive data. Encryption is a process of translating plaintext (unencrypted) data into encrypted information called ciphertext. Decryption is the reverse process of converting ciphertext into the former plaintext. For both processes, encryption and decryption, a key and well-known algorithm are needed. Encryption process may be used on all data — be it at rest or during transmission over the Internet.
We can categorise encryption algorithms into historical and modern ones, according to methods they employ. Historical cryptography is less sophisticated and uses naïve algorithms in comparison with modern cryptography which is more resistant to statistic methods of cryptanalysis based on repeated patterns. Mechanical encryption is limited by its construction which is again limited (Enigma is the best example). Moreover, historical cryptography often used to ensure security by “obscurity” — the encryption algorithm was kept secret and only the sender and recipient of the communication knew about it. Modern cryptography, on the other hand, uses mostly well-known mathematical algorithms for encrypting the information and security is achieved by means of a secret key, which is the source for algorithms.
Historical or classical ciphers include substitution and transposition ciphers. Substitution cipher is a method of encrypting, where the parts of the plaintext called units are replaced with ciphertext. The user needs inverse substitution for deciphering a cipher-text. Ceasar cipher is an easy to understand example how the substitution of letters work. However, it can be easily broken with statistical analysis.
Transposition cipher is a method of encryption, which does not use a replacement as substitution cipher, but changes the order of units in plaintext according to a regular system. Ciphertext is then a permutation of the former plaintext.
Modern encryption algorithms based on computers are much faster using binary digits instead of alphabet signs, however they employ the same two basic principles — substitution and transposition. Contemporary encryption is divided into two basic categories: symmetric and asymmetric. Both use a key for the encryption and decryption of data. Hence the key is the crucial differentiator from any other encryption methods. Symmetric methods, also referred to as a shared-key encryption, use the same key for encryption and decryption. An example of symmetric cipher is Advanced Encryption Standard (AES) adopted by the US administration and approved by US National Security Agency for top secret information. It is based on substitution as well as permutation methods using 128, 192 or 256-bit long key size.
Translated into non-technical context, when Alice wants to encrypt some confidential information and send it to Bob, she needs a key to “lock” that information. In order for Bob to be able to read that information, he needs the same key Alice used for encryption. Hence symmetric encryption methods need one and the same key for encryption and its reverse process — decryption.
Asymmetric cryptography
It can be stated that the most significant progress in cryptography of the last centuries was marked by the invention of the key distribution solution. It may look trivial; however, the post-war cryptography successfully solved the distribution of key without a third party being involved. Asymmetric cryptography — a break-through invention from the 1970s, when the distribution of key to a recipient was made much easier — also referred to as a public key cryptography — uses two different keys. Public key is freely available to everyone via a public repository or directory and is used for encryption, whereas private key is used to decrypt the message.
Note: Private as well as public key is owned by the same holder, however the public key is visible and hence available for other users to identify the owner and communicate with him or her.
A good example of asymmetric cryptography is the RSA encryption algorithm. RSA uses both the public and the private key for encrypting and decrypting a message. The whole process employs a so-called one-way function from modular arithmetic (until the asymmetric keys was invented only two-way functions were used which means the same function was used for encryption as well as for decryption). For the asymmetric encryption two large prime numbers are needed. By multiplying them one will get the so-called number N (private key number). Under some circumstances, this number allows to invert the one-way function and hence read the encrypted message. If the both prime numbers are large enough, the RSA encryption is almost unbreakable.
Private key from its very name is private and only its holder knows how to decrypt any encrypted messages (including transactions) and as such it needs to remain secure. Hence it is usually saved in an encrypted state. If it is stored on a computer, it can be protected by a key management software (often pre-installed in the user’s operating system) and locked under a password or a passphrase. It is accessible via the so-called passphrase, which is the most convenient way to represent the key in a way which is understandable to humans. Passphrase is a secret sequence of words which may not form a grammatically valid sentence but words which are easy to remember and hard enough for an attacker to guess. However, the most secure way is to hold it outside a personal computer on some safe storage like USB flash drive or other hardware devices.
Both private and public keys consist of randomly generated numbers. A public key may look like this:
5522 0S14 7H68 912O 0919 FD42 HG7F 9023 PK0L 665W 3214 6574 2E32 RS22 8067 23H7 0909 WE32 5721 6729 87DR 7D9O 9980 5E6T SD33 4F5G 6HH7 8W4R 208B GB67 91BF 77W3 PR72 S94N 37J8 5F67
Private key may look similarly, depending on its bit size and encoding used.
How asymmetric encryption works
If Alice wants to send a confidential piece ofinformation to Bob and wants to assure that only Bob will receive it, she will encrypt the information with his public key. Once she has done it, she is not able to decrypt it. Only Bob has access to his corresponding private key and hence can decrypt the information.
Benefits of encryption
Data, especially when sensitive, i.e. secret or private, is most vulnerable when it is being moved from one location to another. Encryption method enables secure transfer of data including credit card information, passwords, account access etc. by encrypting them. Moreover, this method used to protect data at rest, hence it is an ideal method for keeping all data safe. Authenticated encryption combining two separate security layers into one helps to keep the integrity of data from unwilling manipulation like its alteration.
All in all, encryption helps to keep data confidential. This feature is essential in modern cryptocurrency industry.
Richard Cedzo and Lubomira Safkova, 01CryptoHouse
