A gentile introduction to cryptography
It is a well-known fact that security is one of the most debated and studied areas in computer science nowadays. Nowadays electronic devices carry so much important information, from our private messages to official documents and banking transactions through the control of surveillance devices and our smart homes.
To try to understand what cryptography is, I wanted to quote an example from Bruce Schneier’s book, Applied Cryptography: Protocols, Algorithms and Source Code in C ,Wiley; 20th Anniversary edition from 2015, which states:
“If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world’s best safecrackers can study the locking mechanism-and you still can’t open the safe and read the letter, that’s security.”
Codes vs. Ciphers
In order to delve into the world of cryptography, it is important to make an initial distinction, namely that between code and cipher.
Codes
A code (or encoding system) is made to be understandable and known or otherwise easily available so that the message can be decoded. But then what is the point of codes to exist? Generally they are practical motivations, an important example might be the morse code.
When the telegraph was first invented it was only capable of sending electrical impulses, so a way was needed to convert these electrical impulses into words, it was then decided that a short impulse would be a dot and a long impulse would be a line, having arrived at this point we would associate each letter or digit to a unique combination of dots and lines, thus we get the morse code and communication became possible. We have actually seen another example in the article “What’s hex colors?”, the fact that the code 007BA7 corresponds to cerulean is something easily found online, however, this code is used to make information clear to a computer, in a compact way.
In conclusion, we understand that, contrary to what is often believed, when we talk about codes we are NOT talking about security.
Ciphers
A cipher is a set of rules useful for the conversion of a ciphertext into a readable one (plain text). Generally a secret key is used to do this so that, even knowing the cipher, conversion is not possible unless you have the key.
One of the most ancient and famous examples in history is Caesar’s cipher, which takes its sound name from its inventor: the Roman military commander Julius Caesar, whose use of it enabled him to send ciphered messages to his allies more than 2,000 years ago.
Its functioning is very simple; the idea is to traslate the whole alphabet by a certain amount, this amount is the key we need to read the ciphertext. Simply put, suppose the key is 3, then when we encounter the letter A which is the letter number 1 we are going to replace it with the letter number 1 + 3 = 4 that is E, similarly if we encounter the letter G which is the letter number 6, we are going to replace it with the letter number 6 + 3 = 9 that is J, on the other hand if we go to read the letter Z which is the letter number 25 we are going to replace it with the letter number 25 + 3 = 28 but there is no letter number 28, we therefore start over, starting over means seeing the remainder of the division by the length of the alphabet , in this case 28/25 makes 1 with remainder of 3, we therefore take the letter number 3, that is D. To avoid doing all this math each time one usually constructs a cipher disk like the following.
To make the message even more secure, one can encrypt the same message multiple times, eventually with different keys each time. Although Caesar’s cipher is a largely outdated system, this is a simple example to make the point about how a cipher works, plus with this example we really begin to talk about security.
Symmetric and asymmetric ciphers
Caesar’s cipher is a symmetric cipher because there is a need for the same key to do both one-way and the other-way conversion.
Asymmetric ciphers in contrast use a two different functions for encryption and decryption; the key for encryption is generally public, which is why these ciphers are generally called public-key ciphers.
But how can a cipher be secure if the key is public? As we said, only the key for encryption is public; the key for decryption is not. Someone might then say, “well however, if you know the rules for encryption and decryption and you know the encryption key, then there will only exist one possible decryption key and you can compute it!” this statement is correct, and that is precisely why an asymmetric cipher makes sense only if you find combinations such that the decryption key is computationally infeasible to find. Nowadays we have the idea that a computer is capable of performing complex computations in a very short time, and this idea is not entirely wrong; however, there are such complex computations that even a computer would take forever to complete. We thus call a task computationally infeasible if its cost as measured by either the amount of memory used or the runtime is finite but so large to be infeasible.
In a symmetric cipher the key is usually sent along a “protected” channel, which is by no means trivial; if it were easy to obtain protected channels, one would have the message go directly through that channel, which is why it makes even more sense to use an asymmetric cipher, in which no protected channel is necessary.
Conclusions
Cryptography is a truly fascinating field, it does, however, require a good background in mathematics. As always I have tried to make this introduction readable for anyone, I will certainly write more articles about this topic, if the subject interests you I invite you to read them, and if you should have any doubts about mathematical concepts that I will inevitably find myself using I invite you to respond and I will be glad to help.
