The Pillars of Cryptography

As long as there has been information, there has also been a need to obscure it. Law enforcement and intelligence agencies depend on the secrecy of what they know to operate. When we go shopping on the Internet, our bank and car details need to be hidden from eavesdroppers who seek to empty our accounts. Even children in schools hide information on notes in rudimentary cyphers so that the teacher cannot find out the details of their next scheme. For whatever the purpose, since the dawn of writing human kind has needed to keep certain parts of its knowledge secret, and to do so has developed incredible encryption techniques with push mathematics and computer science to their limits.

Before proceeding to encrypt information, and for the encryption to be of use, at least three key concepts must be clear: how the information is to be encrypted, what tools the receiver needs to decrypt the cyphertext, and how the receiver will receive these tools. In modern cryptography this translates essentially into defining the encryption algorithm, the encryption keys and the key distribution method.

The encryption algorithm is the set of rules followed to scramble the message into cyphertext. In more rigorous terminology, it is a mapping which takes each character in the message and associates a different one to it. A very simplistic (and not very useful) example of this is taking every letter and changing it for its position in the alphabet. With this, “hello” would read 8–5–12–12–15. It certainly doesn’t look like the original word, but it is an easy code to crack. Over the years more and more complicated cyphers were developed. Eventually the aid of machines was required, first of mechanical or electro-mechanical nature (like Enigma) and then electronic devices like computers, to perform the necessary calculations to encrypt messages. Modern algorithms are usually designed so that the output depends not only on the message, but also on additional variables, known as keys, which can be used to make the cyphertext even more obscure. Ideally, the encryption key will be different from the decryption one. This makes inverting the mapping significantly more difficult.

Once an algorithm is chosen, it is necessary to ensure that the sender and receiver are in agreement on which is used, and the keys necessary to encrypt and decrypt the information. This usually involves a dangerous step, especially when both processes have the same input: the exchange of keys. This can be made safer by using asymmetric cyphers, which by design demand different encryption and decryption keys. Invoking RSA once more as an example, when Alice wants to communicate with Bob, she asks for his public key. She uses it to encrypt the message, and when Bob receives it he uses the private key, which is never shared, to decipher the encrypted information. A common problem with these techniques is the possibility of obtaining the private key from the public one. Usually though, this is a very hard task, too hard for all practical purposes. In any case, the ideal distribution system would have enough countermeasures to make key interception impossible.

We cannot forget the keys themselves. These are usually sequences of numbers which have certain mathematical properties characterizing them in a very special way. For example, the RSA public and private keys are made up using the product of two large prime numbers. As mentioned above, the keys are given as input to the encryption and decryption algorithms. The keys can, in principle, be as large and elaborate as needed. The generation of keys usually involves the use of a random number generators, to add an additional, stochastic layer of protection to the system. An important factor to consider is how much computational effort is necessary to generate the keys. Depending on the algorithm and size of the key, it may be such that a particular public plus private key set is assigned to a user for the foreseeable future. This constitutes, at least theoretically, a weakness in the encryption. In most cases though, even if the public key is intercepted, obtaining the private key is extremely difficult.

There are other important characteristics of encryption systems which must be taken into account. However, the algorithm, the keys and the key distribution are the cornerstones of cryptography. They are the method and the tools behind keeping information hidden from unintended parties, and are present in all of the manifestations of this task. Almost all other aspects and characteristics of cryptography build on the foundation laid down by these three fundamental concepts. Without them, no encryption is possible.