Cryptography - The Science of Secrecy

Main Page

Ankit Jain


Types of Cryptosystem


There are two basic types of cryptosystems:

a) Secret-key cryptosystem  b)  Public-key cryptosystem


Secret-key cryptosystem


Secret-key cryptosystem or traditional cryptography is also referred as symmetric cryptography. In this the sender and receiver of a message know and use the same secret key; the sender uses the secret key to encrypt the message, and the receiver uses the same secret key to decrypt the message.

Fig: Symmetric (Secret-Key) Cryptography





The main challenge is getting the sender and receiver to agree on the secret key without anyone else finding out. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all messages encrypted or authenticated using that key. All cryptosystems must deal with key management issues. Because all keys in a secret-key cryptosystem must remain secret, secret-key cryptography often has difficulty providing secure key management. The most popular secret-key cryptosystem in use today is the Data Encryption Standard (DES). Other examples are IDEA, Blowfish, etc.



Public-key cryptosystem


Public-key cryptosystem is also referred as Asymmetric cryptography, in which each user has a pair of keys (1) a public key and (2) a private key. The public key is made public while the private key remains secret. Encryption is performed with the public key while decryption is done with the private key.


The need for the sender and receiver to share secret information is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared. In this system, it is no longer necessary to trust the security of some means of communications. The only requirement is that public keys be associated with their users in a trusted (authenticated) manner (for instance, in a trusted directory). Anyone can send a confidential message by just using public information, but the message can only be decrypted with a private key, which is in the sole possession of the intended recipient.

Fig: Asymmetric (Public Key) Cryptography

Furthermore, public-key cryptography can be used not only for privacy (encryption), but also for authentication (digital signatures) and other various techniques. The implementation of public key cryptography requires several supporting components to handle key creation, distribution and revocation – the components form a Public Key Infrastructure (PKI). The RSA public-key cryptosystem is the most popular form of public-key cryptography.


Which is better?

On one hand the secret-key cryptography is fast and easy to implement in hardware. While on the other hand it can be intercepted if poor algorithm is used, requires secure medium for exchanging secret key and requires added effort for authentication of sender.


The public-key cryptography builds a “trusted” network environment, does not require a trusted (secure) channel, because private key is never transmitted or shared. The primary advantage of public-key cryptography is increased security and convenience because private keys never need to be transmitted. Another major advantage of public-key systems is that they can provide digital signatures that cannot be repudiated.


The only disadvantage of public-key cryptography is speed. There are many secret key encryption methods that are significantly faster than any currently available public-key encryption method. In some situations, public-key cryptography is not necessary and secret-key cryptography alone is sufficient. These include environments where secure secret key distribution can take place, for example, by users meeting in private. Public-key cryptography is usually not necessary in a single-user environment. For example, if you want to keep your personal files encrypted, you can do so with any secret key encryption algorithm using, say, your personal password as the secret key. In general, public-key cryptography is best suited for an open multi-user environment.


A mixture of both

The drawback of the public key system is the slowness of the encryption/decryption process. It makes it almost useless when processing big files. (In software, DES is about 100 times faster than RSA; in hardware 1000 times faster). To avoid this, a combination of public and symmetric keys can be used, as shown below. At encryption time, the plaintext is encrypted with a symmetric key. The symmetric key itself is then encrypted with the public key of the recipient, and then stored at the end of the file. At decryption time, the secret key is used to decrypt the symmetric key, which is then used to decrypt the message.

Fig: Mixture of Asymmetric and Symmetric Cryptography


This technique is used, for example, by PGP (Pretty Good Privacy). PGP uses IDEA for the symmetric part and RSA for the public part. Another Public key system widely used to safely distribute secret keys is the Diffie-Hellman protocol.





One-way hash functions


This is another interesting encryption system. One-way hash is a mathematical function that takes a string and scrambles it to a different (smaller) value without using any key. It takes variable-length input, a message of any length, even thousands or millions of bits and produces a fixed-length output; say, 160-bits. The hash function ensures that, if the information is changed in any way, even by just one bit, an entirely different output value is produced. Its particularity is that it works in only one direction. Given a hash value, it is mathematically (almost) impossible to generate the original value.



The question is, then, “What is the advantage of encrypting something that you cannot decrypt at all?” It is used check the integrity of a message. You transmit the message plus the result of a hash function performed on your data. The recipient performs the same hash function on the message and compares the results. If the two hashed values match, it means that the original data has not been tampered with. Another example of the use of one-way hashing is to handle a password check between a workstation and a server:


a)      At password creation time, the user enters his new password. The password is hashed and the hashed value is sent to the server to be stored in the user database.

b)      At logon time, the user enters his password. The password is hashed and the hashed value is sent to the server, which compares it with the one it has in its database. If they match, it means that the password entered by the user was correct.


The most popular hash functions are MD5 and SHA.




Next Page »

[1] [2] [3] [4] [5] [6]


To send feedback click here

visit me @ or