Transmitting the Key
Suppose you want to send messages to a friend who will be traveling to a hostile location, and you want your communication to be protected against eavesdropping. You could pick a passphrase and give it to your friend before she departs on her trip. But, what happens if the passphrase leaks out after your friend has left? Your communication will no longer be secure, and you will have no way to get a new passphrase to her without it being intercepted. Another problem is that if you stick with the same passphrase for too long, an eavesdropper might be able to crack your code by statistical analysis of the encrypted messages.
It is safer to choose a new key for each message. But, you will need a way of securely transmitting that key to your friend. One solution to this problem that has been used over the centuries is to pick a line in a book to use as a passphrase, assuming that both you and your friend have copies of the book. Instead of transmitting the actual key, you just indicate the line number to look up to find the passphrase. For instance, H.II.ii.24 might refer to Hamlet Act II, Scene ii, Line 24. Even if an eavesdropper realized that this was a reference to Shakespeare's play, the eavesdropper would need to know the edition that was used in order to get an accurate key. A classical edition will use older spellings, while a modern version will use conventional spellings, and an abbreviated modern version will omit some passages. In the example below, the plaintext is encoded using a line from Hamlet taken from an edition called the First Folio, which uses older spellings.
|
Plaintext |
NEW RADAR ANTENNA SPOTTED ON NORTHERN BORDER |
|
Key Designation |
H.II.ii.24 |
|
Key |
YOUR VISITATION SHALL RECEIUE SUCH THANKES |
|
Key Converted to Numbers
Plaintext |
25 15 21 18 22 9 19 9 20 1 20 9 15 14 20 8 1 12 12 18 5 3 5 9 21 5 19 21 3 8 20 8 1 14 11 5 19 25
N E W R A D A R A N T E N N A S P O T T E D O N N O R T H E R N B O R D E R |
|
Ciphertext |
M T R J W M T A U O N N C B U A Q A F L J G T W I T K O K M L V C C C I X Q |
Table 4 Passphrase key transmission and encryption
Private Key Encryption Scheme
In a private key encryption scheme, the same key that was used to encrypt a message can also be used to decrypt it. This is also known as the symmetric encryption. In this scheme, the sender and receiver must keep the key to themselves, hence the term, "private" key encryption scheme. If anyone else discovers the private key, the message would not be secure. Figure 1 below illustrates how private key encryption works.
Figure 1 Private key encryption
Private key encryption schemes are used by modern encryption algorithms such as DES and RC4.
Public Key Encryption Scheme
Public key encryption, uses one key is to encrypt a message and another key to decrypt it. It is also known as asymmetric encryption scheme. In this encryption scheme, only the decryption key need be kept secret, and the encryption key can be freely published. For example, if you were to send a secret message to someone, you could encrypt the message with the recipient's public key. The recipient then uses his/her private key to decrypt the data. Since it is assumed that only the recipient has his private key, the message cannot be decrypted by anyone else. Figure 2 below illustrates how public key encryption works.
Figure 2 Public Key encryption
In a public key encryption scheme, each public key has a corresponding private key. An eavesdropper cannot decrypt a message even if he knows the public key that was used to encrypt it. Only the person holding the private key can decrypt the message.
Public key encryption is based on a branch of mathematics called number theory, which says that certain types of problems, such as factoring large numbers, appear to be intractably hard. In other words, if a number is many digits long, it can take an extremely long time to find a smaller number (other than 1) by which it divides evenly. Because intractable problems are so hard, a code based on these types of problems should be safe from brute force attack. The calculations required to break such a code would take way too long—perhaps trillions of years, even on a very fast computer.
One common way for people to communicate via public key encryption is a software package called PGP, which stands for Pretty Good Privacy. PGP was developed by an American programmer, Phil Zimmermann, because he wanted to ensure that private citizens, not just governments, would be able to communicate without fear of eavesdropping. You can learn more about it at the International PGP Home Page.
To arrange for secure email communication via public key encryption, the first thing you need to do after installing encryption software on your computer is ask the software to generate a key pair for you. The software will generate some large random numbers, and use these to calculate a private and a public key. Your private key must be kept in a secure place that only you have access to. Your public key can be given out to anyone. Some people publish their public key on their personal Web page. Others register their public key in online directories set up for that purpose. And, some people configure their email software to append their public key to each outgoing message, to make it easy for a reader who wishes to encrypt a reply to them.
Now suppose your friend wants to send you a secret message. She encrypts the message using your public key, and sends the encrypted text via email. An eavesdropper may intercept the email, but the eavesdropper will not be able to read the message. When you receive the message, you use your private key to decrypt it. If you want to send a reply, you can encrypt it with your friend's public key. Your friend will decrypt it using her private key. Some email programs now include built-in support for PGP, so that encryption and decryption take place automatically.
Public key encryption can be used to ensure that the person receiving the message is the intended receiver; it can also be used to ensure that the sender of the message is the genuine originator of the message. Using private key and public key pairs, a digital signature can be generated to ensure that the sender of the message is genuine. This will be discussed in more detail in section 6.2.3 Authentication.