Open in app

Sign in

Write

Sign in

What do you know about cryptography Part ||

Karim Baggari
6 min readOct 26, 2023

--

Hi and Welcome Back :)

Today we’re gonna be talking about the asymmetric encryption, in the last article we spoke about the symmetric encryption, today we’ll cover the second class of ciphers called asymmetric or public key ciphers. Remember why symmetric ciphers are reffered to as symmetric? it’s because the same key is used to encrypt as to decrypt.
this is an contrast to asymmetric encryption systems because as the name implies, different keys are used to encrypt and decrypt.

Sounds too technical right ? let’s simplify it a little bit

Well let’s imagine here that there are two people who would like to communicate securely. first is me and second is my friend Ayoub. Since we are using asymmetric encryption in this example, the first thing we should do is to generate a private key, and then a public key is derived. and here we can see the strength of the asymmetric encryption system comes from the computational difficulty of figuring out the corresponding private key given a public key.
we got back to the technical words my bad.

let’s get back to our example to simplify this more

So once ayoub and i have generated private and public key pairs, we exchange public key. So now i have ayoub’s public key and he have my public key. and as you may noticed already the public key can be shared with anyone that’s why we call it public.

Now Ayoub and I are ready to exchanging secure messages. When Ayoub wants to send me an encrypted message, he uses my public key to encrypt the message and then send the cipher text, then i use my private key to decrypt the cipher text and turn it into a plain text. as you may noticed again the encrypted message got encrypted with my public key and got decrypted with my private key because of the relationship between private and public keys ( both are mine ). So the rule here is only my private key can decrypt a message encrypted with my public key that i shared with ayoub and the same is true of ayoub’s key pairs.

key pairs i mean with it the private and public key.

So when i am ready to reply to ayoub’s message, i will use his public key to encrypt the message and send it to him and then he have to use his private key to decrypt it, We just described encryption and decryption operations using an asymmetric crypto system. But there’s one other very useful function the system can perform, public key signatures.

let’s go back to our example let’s say that ayoub wants to send a message to me and he wants to make sure that i know that this message came from him and no one else, and that the message was not modified or tampered with. he could do this by composing the message and combining it with his private key to generate a digital signature. then he will send this message along with the associated digital signature he generated. We’re assuming that ayoub and I have already exhanged public keys previously in this scenario. so i can now verify the message’s origin and authenticity by combining the message, the digital signature and ayoub’s public key. if the message was actually signed using ayoub’s private key and not someone else’s and the message was not modified at all then the digital signature should validate. if the message was modified even by one whitespace character the validation will fait and i should not trust the message. ( in fact i should not trust the message even if the signature got validated ayoub’s messages are usually weird ).

This is an important component of the asymmetric crypto system. Without message verification, anyone could use mypublic key and send mean encrypted message claiming to be from ayoub. as we said before public key is accessible to everyone.

So here we got the three concepts that an asymmetric crypto system grants us.

Confidentiality : It keeps data secret from unauthorized people through encryption.
Authenticity : It allows us to verify that the message hasn’t been tampered with using digital signatures.
Non-repudiation : This means the author of the message can’t deny sending it, enhancing trust.

So now you may realised that Asymmetric encryption allows secure communication over an untrusted channel. so you may say to your self now well Asymmetric seems more secured than symmetric.

Will you are not completely wrong but …

Asymmetric algorithm is computationally more expensive and complex. on the other hand symmetric encryption algorithms are faster and more efficient and encryping large amounts of data.

So what should i do now ???

Well in fact what many secure communication schemes do is take advantage of the relative benefits of both encryption types by using both for different purposes. In asymmetric encryption, algorithm is chosen as a key exhcange mechanism or cipher. What this means is that the symmetric encryption key or shared secret is transmitted securely to the other party using asymmetric encryption to keep the shared secret secure in transit. Once the shared secret is received data can be sent quickly and efficiently and securely using an asymmetric encryption cipher.

In case your head didn’t blow up from the amount of technical words in the last paragraph let me gave you an example this time that would simplify this approach.

Let’s illustrate how two people, Karim and Ayoub, communicate using a combination of asymmetric and symmetric encryption for secure communication:

1. Key Setup:
Karim and Ayoub each generate their own private and public key pairs for asymmetric encryption.
They also agree on using a symmetric encryption key as their shared secret.

2. Secure Key Exchange:
To share their symmetric encryption key securely, they utilize their public keys (asymmetric encryption).
Karim takes Ayoub’s public key and encrypts the shared secret with it.
He then sends the encrypted secret to Ayoub.

3. Receiving the Shared Secret:
Ayoub receives the encrypted shared secret from Karim.

4. Efficient Data Exchange:
With the shared secret in hand, Ayoub can now quickly and efficiently encrypt and decrypt messages using symmetric encryption.
They continue their conversation using this symmetric key to protect their messages.

5. Message Authentication:
To ensure their messages authenticity and integrity, Karim and Ayoub also use Message Authentication Codes (MACs).
Each message they send includes a MAC generated using their shared secret.
Upon receiving a message, the recipient verifies the MAC to make sure the message hasn’t been tampered with.

In this scenario, Karim and Ayoub replace Alice and Bob, and they effectively use the combination of asymmetric and symmetric encryption, along with MACs, for secure and trustworthy communication.
You can think of Macs as a digital signature for the Symmetric Encryption.
And hey, don’t trust a message even if the signature checks out; you never know when your friends might be up to some digital mischief! 😄

Cybersecurity
Cryptography
Algorithms
Software Engineering
Security

--

--

Karim Baggari

Written by Karim Baggari

6 Followers

Greetings! I'm Karim BAGGARI, a Moroccan software engineer participating into shaping the future of tech through my Articles :))).

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams