 EMAIL ENCRYPTION |
specializes in email encryption i.e. using software to
encode or encrypt one's email message body into what's known as a
ciphertext, that cannot be read by anyone until decoded or decrypted by
the person (this will always be the person to whom you are sending the
email to) that also has the software.
There are about 569,171,660 electronic mailboxes in the World at
present [Statistics compiled by
Messaging Online show, as reported on March 14, 2000]. The same
study reveals that about 89 million Americans, or two-thirds of the US
workforce, use email at work. In the US, there are more than 100 million
users online (300 million including Europe and Asia) sending email
back-and-forth to each other. That's a lot of potential
eavesdropping for a Criminal Hacker or an Authority Figure or an IT
Administrator to view or intercept your personal information, while
communicating with loved ones, friends, workmates, and relatives; not to
mention conversations with business partners. If you have made the
investment to buy a computer, it makes good sense to invest a little
further to protect your privacy. Creditcard numbers, your opinions, your
secret love emails, can all be kept private for a tiny investment that
will last you for the rest of your online life - that's decades of
security and privacy. You'll never send another unprotected email again,
once you feel the comfort of email encryption privacy. Protect your emails
from prying eyes, while in transit and upon arrival with either QuickCrypt or SpeakFreely
Email Security - The Facts!
Cyber Crime Bleeds U.S. Corporations
's Unbreakable Encryption
| Encryption Algorithms Available |
*** built into all encryption software ***
| Algorithm |
Max Key Length Bits |
Crypt Speed
Mb/Sec |
Comment |
| 3Way |
96 |
1.847 |
|
| Blowfish |
448 |
5.454 |
recommended |
| Gost |
256 |
2.513 |
|
| IDEA |
128 |
2.153 |
recommended |
| Q128 |
128 |
5.113 |
|
| SAFER-K40 |
40 |
1.982 |
|
| SAFER-SK40 |
40 |
1.756 |
|
| SAFER-K64 |
64 |
1.699 |
|
| SAFER-SK64 |
64 |
1.685 |
|
| SAFER-K128 |
128 |
1.039 |
|
| SAFER-SK128 |
128 |
1.073 |
|
| SCOP |
384 |
16.902 |
|
| Shark |
128 |
2.013 |
|
| Square |
128 |
3.948 |
|
| TEA |
128 |
4.065 |
|
| TEA extended |
128 |
3.445 |
|
| Twofish |
256 |
3.839 |
recommended, AES finalist |
| Cast 128 |
128 |
3.45 |
|
| Cast 256 |
256 |
2.667 |
recommended, AES Candidate |
| DES single 8byte |
56 |
1.969 |
Cracked |
| DES double 8byte |
112 |
0.719 |
|
| DES double 16byte |
112 |
0.719 |
|
| DES triple 8byte |
168 |
0.711 |
|
| DES triple 16byte |
168 |
0.723 |
|
| DES triple 24byte |
168 |
0.718 |
recommended |
| DESX |
128 |
1.961 |
|
| Diamond II |
2048 |
0.554 |
|
| Diamond II Lite |
2048 |
0.721 |
|
| FROG |
1000 |
1.349 |
AES candidate |
| Mars |
1248 |
2.882 |
recommended, AES finalist |
| Misty |
128 |
1.306 |
|
| NewDES |
120 |
2.356 |
|
| RC2 |
1024 |
1.14 |
|
| RC4 |
2048 |
4.301 |
|
| RC5 |
2048 |
4.326 |
|
| RC6 |
2048 |
3.065 |
recommended, AES finalist |
| Rijndael |
256 |
3.328 |
recommended, AES Winner |
| Sapphire II |
8192 |
2.265 |
|
| Skipjack |
80 |
1.225 |
|
Note as a comparison, Microsoft Internet Explorer
browser version 6.0 uses a 128 bit cipher encryption algorithm key, secure
enough for banks to transmit sensitive commercial data and information
online using a browser. The security of an algorithm is dependent on the
length of the key used. The longer the length the more possible
combinations there are and the longer it takes to "crack" the code. Since
1992 the speed and availability of computers has increased dramatically
and although a 40 bit key would still take a considerable amount of time
and computer power to crack, it is now feasible to do so. It is still much
easier and more productive though, for a thief to scan Internet traffic or
email messages for un-encrypted creditcard numbers, than it is to try to
find and crack encrypted ones. However as computers continue to grow in
power, the time to decrypt 40 bit codes will continue to drop and 40 bit
keys may no longer be deemed secure enough for e-commerce transactions.
Therefore, if you chose to use "Blowfish" from the list
above for example, you would be 3.5 times (448/128) more secure than the
128 bit algorithm used in Microsoft Internet Explorer browser version 6.0.
All 39 cipher encryption algorithms above are made available with all encryption software.
Back to Top
When you think of encryption, you probably think of some
sort of secret code that prevents others from reading your messages.
Whilst this privacy aspect of cryptography is important, it is only one of
four aspects that are of particular importance in electronic commerce:
| Authentication
allows customers to be sure that the merchant they are sending their
credit card details to is who they say they are. It can also allow
merchant's to verify that the customer is the real owner of the credit
card being used. |
| Integrity
ensures that the messages have not been tampered with by a third party
during transmission. |
| Non-repudiation
prevents customers or merchants denying they ever received or sent a
particular message |
| Privacy
prevents third parties from reading intercepted messages |
Elements of an encryption system
The main elements of an encryption system are the plaintext, the
cryptographic algorithm, the key and the ciphertext:
| The plaintext is the raw message or
data that is to be encrypted. |
| A cryptographic algorithm or cipher
is a mathematical set of rules that defines how the plain text is to be
combined with a key. |
| The key is a string of digits.
|
| The ciphertext is the encrypted
message. |
These terms are probably best illustrated through a very
simple example.
If we take the phrase "Web store" and add 2 characters
to each letter the phrase becomes "ygd uvqtg". Here:
"Web store" is the plaintext
"add x characters to each letter" is the cryptographic algorithm
"2" is the key
"ygd uvqtg" is the ciphertext.
There are two main types of encryption in common use today:
secret-key and public-key
Back to Top
Secret-key encryption, also known as single-key or
symmetric encryption, involves the use of a single key that is shared by
both the sender and the receiver of the message.
After creating the message, the sender encrypts it with
their key and passes it to the recipient who then decrypts it by using a
copy of the same key used to encrypt it.
A widely used method of secret-key encryption is the
data encryption standard or DES
Secret-key encryption does have some limitations,
particularly with regard to key distribution. For privacy to be
maintained, every transmitter of messages would need to provide a
different key to everyone they intended to communicate with, otherwise
every potential recipient would be able to read all messages whether it
was intended for them or not.
Whilst this is manageable where a small number of
parties are involved (for example, sending a private e-mail to a friend)
it is not practical for Web commerce which can involve communicating with
thousands of customers.
Another limitation with secret-key encryption is its
inability to support non-repudiation. As both parties share the same key
it is possible for one party to create a message with the shared secret
key and falsely claim it had been sent by the other party.
Secret-key encryption on its own is therefore not
suitable for Web commerce - instead a system known as public-key
encryption is used.
Back to Top
Public-key encryption, or asymmetric encryption involves
the use of two keys, one that can be used to encrypt messages (the public
key) and one that can be used to either encrypt them or decrypt them (the
private key).
These key pairs can be used in two different ways, to
provide privacy or authentication.
Privacy is ensured by encoding a
message with the public key as it can only be decoded by the holder of the
private key.
Authentication is achieved by encoding
a message with the private key. Once the recipient has successfully
decrypted it with the public key they can be assured it was sent by the
holder of the private key.
As the public key can be made widely available (for
example from a server or third party), public-key cryptography does not
suffer from the same key distribution and management problems as the
secret-key system.
One disadvantage of the public-key system is that it is
relatively slow, so when it is being used only for authentication it is
not desirable to encrypt the whole message particularly if it is a long
one. To get round this a digital signature
is used.
Back to Top
Cryptography, to most people, is concerned with keeping
communications private. Indeed, the protection of sensitive communications
has been the emphasis of cryptography throughout much of its history. As
we will see, however, this is only one part of today’s cryptography.
Encryption is the transformation of data into
some unreadable form. Its purpose is to ensure privacy by keeping the
information hidden from anyone for whom it is not intended, even those who
can see the encrypted data. Decryption is the reverse of encryption
; it is the transformation of encrypted data back into some intelligible
form.
Encryption and decryption require the use of some secret
information, usually referred to as a key. Depending on the
encryption mechanism used, the same key might be used for both encryption
and decryption, while for other mechanisms, the keys used for encryption
and decryption might be different.
But today’s cryptography is more than secret writing,
more than encryption and decryption. Authentication is as
fundamental a part of our lives as privacy. We use authentication though
out our everyday life, for instance when we sign our name to some
document. As we move to a world where our decisions and agreements are
communicated electronically, we need to replicate these procedures.
Cryptography provides mechanisms for such procedures. A
digital signature binds a document to the possessor of a particular
key, while a digital timestamp binds a document to its creation at
a particular time. These cryptographic mechanisms can be used to control
access to a shared disk drive, a high security installation or to a
pay-per-view TV channel.
But the field of cryptography contains even more when we
include some of the things cryptography enables us to do. With just a few
basic tools it is possible to build elaborate schemes and protocols which
allow us to pay using electronic money, to prove we know certain
information without revealing the information itself, and to share a
secret quantity in such a way that no fewer than three from a pool of five
people (for instance) can reconstruct the secret.
While modern cryptography is growing increasingly
diverse, cryptography is fundamentally based on problems that are
difficult to solve. A problem may be difficult because its solution
requires some secret knowledge, such as decrypting an encrypted message or
signing some digital document, or the problem may be hard because it is
intrinsically difficult to complete, such as finding a message which
produces a given hash value.
So as the field of cryptography has advanced, the
dividing lines for what is and what is not cryptography have become
blurred. Cryptography today might be summed up as the study of techniques
and applications that depend on the existence of difficult problems. A
cryptanalyst attempts to compromise cryptographic mechanisms, and
cryptology (from the Greek êñõðôüò ëüãïò, meaning “hidden
word”) is the discipline of cryptography and cryptanalysis combined.
Back to Top
The concept of securing messages through cryptography
has a long history. Indeed, Julius Caesar is credited with creating one of
the earliest cryptographic systems to send military messages to his
generals. (When Julius Caesar sent messages to his trusted acquaintances,
he didn't trust the messengers. So he replaced every A by a D, every B by
a E, and so on through the alphabet. Only someone who knew the shift by
3 rule could decipher his messages.)
Throughout history, however, there has been one central
problem limiting widespread use of cryptography. That problem is key
management. In cryptographic systems, the term key refers to a
numerical value used by an algorithm to alter information, making that
information secure and visible only to individuals who have the
corresponding key to recover the information. Consequently, the term key
management refers to the secure administration of keys to provide them to
users where and when they are required.
Historically, encryption systems used what is known as
symmetric cryptography. Symmetric cryptography uses the same key for both
encryption and decryption. Using symmetric cryptography, it is safe to
send encrypted messages without fear of interception (because an
interceptor is unlikely to be able to decipher the message); however,
there always remains the difficult problem of how to securely transfer the
key to the recipients of a message so that they can decrypt the message.
A major advance in cryptography occurred with the
invention of public-key cryptography. The
primary feature of public-key cryptography is that it removes the need to
use the same key for encryption and decryption. With public-key
cryptography, keys come in pairs of matched “public” and “private” keys.
The public portion of the key pair can be distributed in a public manner
without compromising the private portion, which must be kept secret by its
owner. An operation (for example, encryption) done with the public key can
only be undone with the corresponding private key.
Prior to the invention of public-key cryptography, it
was essentially impossible to provide key management for large-scale
networks. With symmetric cryptography, as the number of users increases on
a network, the number of keys required to provide secure communications
among those users increases rapidly. For example, a network of 100 users
would require almost 5000 keys if it used only symmetric cryptography.
Doubling such a network to 200 users increases the number of keys to
almost 20,000. Thus, when only using symmetric cryptography, key
management quickly becomes unwieldy even for relatively small-scale
networks.
The invention of public-key cryptography was of central
importance to the field of cryptography and provided answers to many key
management problems for large-scale networks. For all its benefits,
however, public-key cryptography did not provide a comprehensive solution
to the key management problem. Indeed, the possibilities brought forth by
public-key cryptography heightened the need for sophisticated key
management systems to answer questions such as the following:
| "How can I easily encrypt a file once for a number of
different people using public-key cryptography?" |
| "If I lose my keys, how can I decrypt all of my files
that were encrypted with those keys?" |
| "How do I know that I really have Alice's public key
and not the public key of someone pretending to be Alice?" |
| "How can I know that a public key is still
trustworthy?" |
Back to Top
As late as 1918, one of the most influential
cryptanalytic papers of the 20th century, William F. Friedman's monograph
The Index of Coincidence and Its Applications in Cryptography,
appeared as a research report of the private Riverbank Laboratories; and
this, despite the fact that the work had been done as part of the war
effort. In the same year, Edward H. Hebern of Oakland, California filed
the first patent for a rotor machine, the device destined to be a mainstay
of military cryptography for nearly 50 years.
After the First World War, however, things began to
change. U.S. Army and Navy organizations, working entirely in secret,
began to make fundamental advantages in cryptography. During the 30s and
40s, a few basic papers did appear in the open literature and several
treatises on the subject were published, but the latter were farther and
farther beyond the state of the art. By the end of the war the transition
was complete. With one notable exception, the public literature had died.
That exception was Claude Shannon's paper The Communication Theory of
Secrecy Systems, which appeared in the Bell System Technical
Journal in 1949. It was similar to Friedman's 1918 paper, in that it
grew out of wartime work of Shannon's. After the Second World War ended,
it was declassified, possibly by mistake.
From 1949 until 1967 the cryptographic literature was
barren. In that year a different sort of contribution appeared: David
Kahn's history, The Codebreakers. It didn't contain any new
technical ideas, but it did contain a remarkably complete history of what
had gone before, including mention of some things that the U.S. government
still considered secret. The significance of The Codebreakers lay
not just in its remarkable scope, but also in the fact that it enjoyed
good sales and made tens of thousands of people, who had never given the
matter a moment's thought, aware of cryptography. A trickle of new
cryptographic papers began to be written.
[The invention of radio gave a tremendous impetus to
cryptography, since an adversary can eavesdrop easily over great
distances. The course of World War II was significantly affected by the
use, misuse and breaking of cryptographic systems used for radio traffic.
It is intriguing that the computational engines designed and built by the
British to crack the German Enigma cipher are deemed by some to be
the first real "computers"; one could argue that cryptography is the
mother (or at least the midwife) of computer science).]
At about the same time, Horst Feistel, who had earlier
worked on identification friend or foe devices for the Air Force, took his
lifelong passion for cryptography to IBM Watson Laboratory in Yorktown
Heights, New York. There he began development of what was to become the
U.S. Data Encryption Standard; by the early 1970s several technical
reports on this subject by Feistel and his colleagues had been made public
by IBM.
When Whitfield Diffie and Martin Hellman proposed
public-key cryptography in 1975, one of the indirect aspects of our
contribution was to introduce a problem that does not even appear easy to
solve. Now an aspiring cryptosystem designer could produce something that
would be recognized as clever - something that did more than just turn
meaningful text into nonsense. The result has been a spectacular increase
in the number of people working in cryptography, the number of meetings
held, and the number of books and papers published.
When public interest in cryptography was just emerging
in the late seventies and the early eighties, the National Security Agency
(NSA), America's official cryptographic organ, made several attempts to
quash it. The first was a letter from a long-time NSA employee allegedly,
avowedly and apparently acting on his own. The letter was sent to the IEEE
and warned that the publication of cryptographic material was a violation
of the International Traffic in Arms Regulation (ITAR). This viewpoint
turned out not even to be supported by the regulations themselves - which
contained an explicit exemption for published material - but gave both the
public practice of cryptography and the 1977 Information Theory Workshop
lots of unexpected publicity.
A more serious attempt occurred in 1980, when the NSA
funded the American Council of Education to examine the issue with a view
to persuading Congress to give it legal control of publications in the
field of cryptography. The results fell far short of NSA's ambitions and
resulted in a program of voluntary review of cryptographic papers;
researchers were requested to ask the NSA's opinion on whether disclosure
of results would adversely affect the national interest before
publication.
As the 80s progressed, pressure focused more on the
practice than the study of cryptography. Existing laws gave the NSA the
power, though the Department of State, to regulate the export of
cryptographic equipment. As business became more and more international
and the American fraction of the world market declined, the pressure to
have a single product in both domestic and offshore markets increased.
Such single products were subject to export control and thus the NSA
acquired substantial influence not only over what was exported, but also
what was sold in the United States.
Back to Top
Cryptography is about communication in the presence
of adversaries. As an example a classic goal of cryptography is
privacy: two parties wish to communicate privately, so that an
adversary knows nothing about what was communicated.
A standard cryptographic solution to the privacy problem
is a secret-key cryptosystem, which consists of the following:
| A message space M: a set of strings (plaintext
messages) over some alphabet. |
| A ciphertext space C: a set of strings (ciphertexts)
over some alphabet. |
| A key space K: a set of strings (keys)
over some alphabet. |
| An encryption algorithm E mapping KxM
into C. |
| A decryption algorithm D mapping KxC
into M. The algorithms E and D must have the
property that D(K,E(K,M))=M for all K, M. |
To use a secret-key cryptosystem, the parties wishing to
communicate privately agree on a key K which they will keep secret
(hence the name secret-key cryptosystem). They communicate a message M
by transmitting the ciphertext to obtain the message M using K,
since M=D(K,C).
The cryptosystem is considered secure if it is
unfeasible in practice for an eavesdropper who learns E(K,M), but
who does not know K, to deduce M or any portion of M.
As cryptography has matured, it has addressed many goals
other than privacy, and considered adversaries considerably more devious
than a mere passive eavesdropper. One significant new goal is that of
authentication, where the recipient of a message wishes to verify that
the message he has received has not been forged or modified by an
adversary and that the alleged sender actually sent the message exactly as
it was received. Digital signatures are a special technique for
achieving authentication; they are to electronic communication what
handwritten signatures are to paper-based communication.
A note on terminology: the term cryptosystem
refers to any scheme designed to work with a communication system in the
presence of adversaries, for the purpose of defeating the adversaries'
intentions. This is rather broad, but then so is the field.
Cryptography refers to the art of designing cryptosystems,
cryptanalysis refers to the art of breaking cryptosystems, and
cryptology is the union of cryptography and cryptanalysis. It is
not uncommon, however, even among professionals working in this area, to
(mis)use the term cryptography to refer to any field of cryptology.
| The Goals and Tools of Cryptology |
As cryptology has developed, the number of goals
addressed has expanded, as has the number of tools available for achieving
these goals. Cryptology provides methods that enable a communicating party
to develop trust that his communications have the desired properties, in
spite of the best efforts of an untrusted party (or adversary).
The desired properties may include:
| Privacy An adversary
learns nothing useful about the message sent. |
| Authentication The
recipient of a message can convince himself that the message as
received originated with the alleged sender. |
| Signatures The
recipient of a message can convince a third party that the
message as received originated with the alleged signer. |
| Minimalism Nothing is
communicated to other parties except that which is specifically desired
to be communicated. |
| Simultaneous Exchange
Something of value (e.g. a signature on a contract) is not released
until something else of value (e.g. the other party's signature) is
received. |
| Coordination In a
multi-party communication, the parties are able to coordinate their
activities toward a common goal even in the presence of adversaries. |
| Collaboration Threshold
In a multi-party communication, the desired properties hold as long as
the number of adversaries does not exceed a given threshold. |
At a high level, the tools available for the attainment of these goals
include:
| Randomness Each party
may use a private natural source of randomness (such as a noise diode)
to produce "truly random" bits in order to generate his own secret keys
or to perform randomized computations. |
Physical Protection
Each party must physically protect his secrets from the adversary. His
most important secret is usually the key that he has randomly generated
- this key will provide him with unique capabilities.
By contrast, design information, such as equipment blueprints or
cryptographic algorithm details, is usually assumed to be unprotectable,
so security does not require the secrecy of such design information.
(Kerckhoff's second requirement of a cryptosystem was that "compromise
of the system should not inconvenience the correspondents.") |
| Channel Properties
Unusual properties of the communication channel can sometimes be
exploited. |
| Information Theory
Some systems, such as the Vernam one-time pad are secure in an
information-theoretic sense: the adversary is never given enough
information to work with to break the code; no amount of computational
power can help him overcome this. |
| Computational Complexity Theory
The adversary's task is more often computationally infeasible,
rather than information-theoretically impossible. Modern cryptography
uses computational complexity theory to design systems that one has
reason to believe cannot be broken with any amount of computation in
practice, even though they are breakable in principle (with
extraordinary luck - by guessing a secret key - or by using inordinate
amounts of computation). |
| Cryptographic Operators
These computational mappings - such as encryption and decryption
functions, one-way functions, and pseudo-random sequence generators -
are basic building blocks for constructing cryptographic systems. Note
that these need not be functions, since they may use
randomization, so that different computations may yield different
outputs, even for the same input. Complex operators may be created by
composing simpler ones. |
| Cryptographic Protocols
A protocol specifies how each party is to initiate and respond to
messages, including erroneous or illegal messages. The protocol may also
specify initialization requirements, such as setting up a directory of
public keys. A party following the protocol will be protected against
certain specified dangers, even if the other parties do not follow the
protocol. |
The design of protocols and the design of operators are
rather independent, in the same sense that the implementation of an
abstract data type may be independent of its use. The protocol designer
creates protocols assuming the existence of operators with certain
security properties. The operator designer proposes implementations of
those operators, and tries to prove that the proposed operators have the
desired properties.
Back to Top
A message is plaintext (sometimes called
cleartext). The process of disguising a message in such a way as to hide
its substance is encryption. An encrypted message is ciphertext.
The process of turning ciphertext back into plaintext is decryption.
(If you want to follow the ISO 7498-2 standard, use the terms "encipher"
and "decipher". It seems that some cultures find the terms encrypt and
decrypt offensive, as the refer to dead bodies.)
The art of keeping messages secure is cryptography,
and it is practiced by cryptographers. Cryptanalysts are
practitioners of cryptanalysis, the art and science of breaking
ciphertext; that is, seeing through the disguise. The branch of
mathematics encompassing both cryptography and cryptanalysis is
cryptology and its practitioners are cryptologists.
| Authentication, Integrity and Non-Repudiation |
In addition to providing confidentiality, cryptography
is often asked to other jobs:
| Authentication It should be possible for the
receiver of a message to ascertain its origin, an intruder should not be
able to masquerade as someone else. |
| Integrity It should be possible for the
receiver of a message to verify that is has not been modified in
transit; an intruder should not be able to substitute a false message
for a legitimate one. |
Non-Repudiation A sender should not be able
to falsely deny later that he sent a message.
|
These are vital requirements for social interaction on
computers, and are analogous to face-to-face interactions. That someone
is who he says he is ... that someone's credentials -whether a driver's
license, a medical degree, or a passport- are valid ... that a document
purporting to come from a person actually came from that person ...
These are the things that authentication, integrity and non-repudiation
provide.
A cryptographic algorithm, also called a
cipher, is the mathematical function used for encryption and
decryption. (Generally, there are two related functions: one for
encryption and the other for decryption.)
If the security of and algorithm is based on keeping
the way that algorithm works a secret, it is a restricted
algorithm. Restricted algorithms have historical interest, but are
woefully inadequate by today's standards. A large or changing group of
users cannot use them, because every time a user leaves the group
everyone else must switch to a different algorithm. If someone
accidentally reveals the secret, everyone must change their algorithm.
Even more damning, restricted algorithms allow no
quality control or standardization. Every group of users must have their
own unique algorithm. Such a group can't use off-the-shelf hardware or
software products; an eavesdropper can buy the same product and learn
the algorithm. They have to write their own algorithms and
implementations. If no one in the group is a good cryptographer, then
they won't know if they have a secure algorithm.
Despite these major drawbacks, restricted algorithms
are enormously popular for low-security applications. Users either don't
realize or don't care about the security problems inherent in their
system.
Modern cryptography solves this problem with a key.
This might be any one of a large number of values. The range of possible
values of the key is called the keyspace. Both the encryption and
decryption operations use this key.
Some algorithms use a different encryption key and
decryption key. That is, the encryption key is different from the
corresponding decryption key.
All of the security in these algorithms is based in
the key (or keys); none is based in the details of the algorithm. This
means that the algorithm can be published and analyzed. Products using
the algorithm can be mass-produced. It doesn't matter if an eavesdropper
knows your algorithm; if she doesn't know your particular key, she can't
read your messages.
A cryptosystem is an algorithm, plus all
possible plaintexts, ciphertexts and keys.
Back to Top
| Symmetric and Public-Key Algorithms |
There are two general types of key-based algorithms:
symmetric and public-key. Symmetric algorithms, sometimes called
conventional algorithms, are algorithms where the encryption key can be
calculated from the decryption key and vice versa. In most symmetric
algorithms, the encryption key and the decryption key are the same.
These algorithms, else called secret-key algorithms, single-key
algorithms, or one-key algorithms, require that the sender and the
receiver agree on a key before they can communicate securely. The
security of a symmetric algorithm rests in the key; divulging the key
means that anyone could encrypt and decrypt messages. As long as the
communication needs to remain secret, the key must remain secret.
Symmetric algorithms can be divided into two
categories. Some operate on the plaintext a single bit (or sometimes
byte) at a time; these are called stream algorithms or stream
ciphers. Others operate on the plaintext in groups of bits. The
group of bits are called blocks and the algorithms are called
block ciphers. For modern computer algorithms, a typical block size
is 64 bits -large enough to preclude analysis and small enough to be
workable.
Public-Key algorithms
(else called asymmetric algorithms) are designed so that the key used
for encryption is different from the key used for decryption.
Furthermore, the decryption key cannot (at least in any reasonable
amount of time) be calculated from the encryption key. The algorithms
are called "public-key" because the encryption key can be made public. A
complete stranger can use the encryption key to encrypt a message, but
only a specific person with the corresponding decryption key can decrypt
the message. In these systems, the encryption key is often called the
public key and the decryption key is often called the private key.
The whole point of cryptography is to keep the
plaintext (or the key, or both) secret from eavesdroppers (also called
adversaries, attackers, interceptors, interloppers, intruders,
opponents, or simple the enemy). Eavesdroppers are assumed to have
complete access to the communications between the sender and the
receiver.
Cryptanalysis is the
science of recovering the plaintext without access to the key.
Successful cryptanalysis may recover the plaintext or the key. It also
may find weaknesses in a cryptosystem, that eventually lead to the
previous results. (The loss of the key through noncryptanalytic means is
called a compromise.)
An attempted cryptanalysis is called an attack.
There are four general types of cryptanalytic attacks. Of course, each
of them assumes that the cryptanalyst has complete knowledge of the
encryption algorithm used:
| Ciphertext-only attack. The
cryptanalyst has the ciphertext of several messages, all of which have
been encrypted using the same encryption algorithm. The cryptanalyst's
job is to recover the plaintext of as many messages as possible, or
better yet to deduce the key(s) used to encrypt the messages in order
to decrypt other messages encrypted with the same keys. |
| Known-plaintext attack. The
cryptanalyst has access not only to the ciphertext of several
messages, but also to the plaintext of those messages. His job is to
deduce the key(s) used to encrypt the messages or an algorithm to
decrypt any new messages encrypted with the same key(s). |
| Chosen-plaintext attack. The
cryptanalyst not only has access to the ciphertext and associated
plaintext for several messages, but he also chooses the plaintext that
gets encrypted. This is more powerful than a known-plaintext attack,
because the cryptanalyst can choose specific plaintext blocks to
encrypt, ones that might yield more information about the key. His job
is to deduce the key(s) used to encrypt the messages or an algorithm
to decrypt any new messages encrypted with the same key(s). |
Adaptive-chosen-plaintext attack.
This is a special case of a chosen-plaintext attack. Not only can the
cryptanalyst choose the plaintext that is encrypted, but he can also
modify his choice based on the results of previous encryption. In a
chosen-plaintext attack, a cryptanalyst might just be able to choose
one large block of plaintext to be encrypted; in an
adaptive-chosen-plaintext attack he can choose a smaller block of
plaintext and then choose another based on the results of the first,
and so forth.
|
There are at least three other types of
cryptanalytic attack:
| Chosen-ciphertext attack. The
cryptanalyst can choose different ciphertexts to be decrypted and
has access to the decrypted plaintext. For example, the cryptanalyst
has access to a tamperproof box that does automatic decryption. His
job is to deduce the key. This attack is primarily applicable to
public-key algorithms and sometimes effective against symmetric
algorithm as well. |
| Chosen-key attack. This attack
doesn't mean that the cryptanalyst can choose the key; it means that
he has some knowledge about the relationship between different keys.
|
Rubber-hose cryptanalysis. The
cryptanalyst threatens, blackmails, or tortures someone until they
give him the key. Bribery is sometimes referred to as a
purchase-key attack. These are all very powerful attacks and
often the best way to break an algorithm.
|
Lars Knudsen classified these different categories
of breaking an algorithm. In decreasing order of security:
| Total break. A cryptanalyst
finds the key, such as DK(C)=P. |
| Global deduction. A
cryptanalyst finds an alternate algorithm equivalent to DK(C) without knowing K. |
| Instance (or local) deduction.
A cryptanalyst finds the plaintext of an intercepted ciphertext.
|
Information deduction. A
cryptanalyst gains some information about the key or plaintext.
This information could be a few bits of the key, some information
about the form of the plaintext, and so forth.
|
An algorithm is unconditionally secure
if, no matter how much ciphertext a cryptanalyst has, there is not
enough information to recover the plaintext. In point of fact,
only a one-time pad is unbreakable given infinite resources. All
other cryptosystems are breakable in a ciphertext-only attack,
simply by trying every possible key one by one and checking
whether the resulting plaintext is meaningful. This is called a
brute-force attack.
Cryptography is more concerned with
cryptosystems that are computationally infeasible to break. An
algorithm is considered computationally secure (sometimes
called strong) if it cannot be broken with available resources,
either current or future.
Back to Top
Steganography
serves to hide secret messages in other messages, such that the
secret's very existence is concealed. Historical tricks include
invisible inks, tiny pin punctures on selected characters, minute
differences between handwritten characters, pencil marks on
typewritten characters, grilles which cover most of the message
except for a few characters, and so on. More recently, people are
hiding secret messages in graphic images.
|