Introduction to Encryption
What is Encryption?
Plain text is encrypted using an encryption algorithm and an encryption key. This generates an unreadable text which is called as ciphertext(encrypted data). Decryption is the inverse of encryption, original form of data can only be viewed by decrypting encrypted data with the correct key.
There are two main types of data encryption methods,
- Symmetric Encryption (private-key encryption)
- Asymmetric Encryption (public-key encryption)
Cryptographically strength is similar in both of these methods but asymmetric encryption requires heavier mathematics and more computational power compared to symmetric encryption. So, asymmetric encryption is less efficient than symmetric encryption.
Symmetric Encryption
There is a single key, use the same key for both encryption and decryption and must share the key with entity intends to communicate with. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption algorithms.
Imagine Jane has an important message that wants to send to John(over a network), So Jane generates a symmetric key(K1) and shares it with John prior to the communication. Both of them will come to an agreement that they will use K1 key for both encryption and decryption for the messages they pass between them. So Jane encrypts the message and sends it to John over the network. John will decrypt the message in the receiving end and will get the original message. Since only Jane and John has the key, others cannot read the message they share even they have access to it.
There are two major challenges we face with symmetric encryption,
1. Key distribution — key exchange is not secure
Since we have to share the symmetric key prior to the communication what if an attacker stole the symmetric key? Then the attacker also will be able to decrypt the messages and read them. So, we always have to pass the symmetric key through a secure channel.
2. Key management
Imagine a symmetric system with n users, each time a new user is added to the system he needs to share a new key with each previous users, so how many keys are needed for the new user for pairwise secure communication? (n-1) number of keys. Given a large number of keys, it’s hard to preserve their safety and make them available as needed.
Asymmetric Encryption
Uses two different keys, public key and private key. The public key can be shared with everyone(publicly available), whereas the private key must be kept secret. If we have the private key, we can generate corresponding public key from it. Symmetric encryption works in both ways, a message that is encrypted using a public key can only be decrypted using the corresponding private key, while also, a message encrypted using a private key can only be decrypted using the corresponding public key. In other words, both the public and the private keys can do encryption; the opposite key from the one used for encryption is used for decryption. Most widely used symmetric key algorithms are RSA and DSA.
In this method, sender encrypts the message from receiver’s public key which can only be decrypted by receivers private key. Asymmetric encryption largely solves the key distribution and key management problem we found in the symmetric encryption. In an asymmetric system of n users, each time when a new user is added to the system he needs only a public key and a private key.
This method assures the authenticity(origin of the message can be verified) and non-repudiation(author cannot dispute its authorship) of electronic communications and data. How to achieve those?
Here the message is encrypted with the sender’s private key before it encrypts with the receiver’s public key. So, in the decryption process first, it has to decrypt from receivers private key and then again decrypt from the senders public key. In this way, the recipient can verify the source of the message and later sender cannot deny the authorship of the message.
Applications of Encryption
Encryption is widely used on the internet to protect user information being sent between a browser and a server, including passwords, payment information and other information that should be considered private. It is also commonly used to protect sensitive data stored on computers, servers and mobile devices like phones or tablets.
- Process of Signing(digital signature)
A Digital signature is a way of signing electronic documents. The purpose of digital signature is to verify the authenticity of a document(not security), it verifies that the sender is the person who claims to be. The author or the sender hash the document and then encrypts it with their private key, this is the digital signature. Then the original document along with its digital signature is sent to the receiver. Receiver then decrypts the signature with the public key of the sender and get the hash value, at the same time original document will pass through the same hashing function and calculate the hash value, if both hash values are equal it verifies the authenticity and document is not tampered.
- SSL/TLS Authentication Process
HTTPS works with both combinations of symmetric and asymmetric encryption. In SSL/TLS handshake process when client says hello, server sends its asymmetric public key along with a certificate that asserts public key belongs to the server. After certificate validation, browser generates a symmetric key and encrypts it with the server’s asymmetric public key and sends it to the server. By using the asymmetric private key, server decrypts and gets the symmetric key. From then every request and response between server and client throughout that session will be encrypted with the shared symmetric key.
Thanks for reading 😊 If you enjoyed it, test how many times you can hit 👏 in 5 seconds.
