Cryptography

There are three sub-topics under this topic:

Cryptography involves transforming information from a readable form (plaintext) into a scrambled form (ciphertext) in such a way that the plaintext can be recovered from the ciphertext, ideally only by the intended recipient(s).

The process of transforming plaintext into ciphertext is called encryption, while the recovery of the plaintext content from ciphertext is called decryption. Most viable encryption algorithms involve the use of a key, which is an ordered set of bits (typically 128 to several thousand bits, depending on the algorithm). This concept allows the cryptographer to publish all the details of the algorithm for peer review, by moving the need for secrecy from the algorithm itself to the key.

Any algorithm whose design and details are not published (hence hasn’t been subject to peer review) is usually not very good, and can often be cracked even without knowledge of the design. It is very difficult to design strong encryption algorithms that can resist competent cryptanalysis. Most engineers use widely accepted cryptographic algorithms that have both had extensive peer review and real world implementations. Even then, as computing power and speed relentlessly increase over time, once strong algorithms are deprecated and newer ones (or longer keys) are required.

As an example, at one point DES with 56-bit keys was considered strong, but now it is considered very weak. For symmetric key, 128-bit is now considered minimum, with 256 bit for long term (e.g. protected for 20+ years). For RSA asymmetric key, 1024 used to be considered strong but now 2048-bit is recommended. For U.S. DoD Top Secret, RSA 15360-bit or ECC 384-bit bit is recommended.

Conceptual Representation

You can view encryption and decryption as mathematical functions or transforms, of the following form:

ciphertext = encrypt(plaintext, encryptionkey)

plaintext = decrypt(ciphertext, decryptionkey)

Even with detailed knowledge of the two algorithms, with a good algorithm it is extremely difficult to recover the plaintext from ciphertext without the appropriate decryption key. Not impossible, just extremely difficult, expensive and/or time consuming. One approach (brute force) involves trying every possible key until the plaintext is discovered. Since the number of keys is equal to 2 to the number of bits in the key, for sufficiently long keys (e.g. 128 bits or longer) this is a very, very large number of keys, making it difficult, time consuming and/or expensive to try them all.

Ciphertext can be safely transmitted via insecure channels (Email, chat, file transfer, network protocol) or stored in insecure storage systems (hard disk, optical disk, thumbdrive). Even if someone is able to intercept the ciphertext, the plaintext within it remains safe from discovery by anyone without the decryption key. If a hacker modifies the ciphertext, it will usually result in the decryption failing. If it does happen to work, the result is gibberish.

Key Management

Key management involves communicating the decryption key to the recipient in a secure manner. This can be done in person, via a different channel, or protected via other kinds of cryptography (e.g. asymmetric key).

The ciphertext contains the entire plaintext (just in scrambled form), hence is at least as large as the plaintext and often just a bit larger. In some cases (e.g. asymmetric key cryptography) the ciphertext may be significantly larger than the plaintext. It is possible to reduce the size of the plaintext (and hence ciphertext) via compression before encryption, and decompression of the recovered plaintext after decryption. While in ciphertext form, it is generally not possible to compress the information much at all, since compression depends on finding repeating patterns in the data, which are destroyed by the encryption process.

Matching Key Lengths for Various Algorithms

It doesn’t make sense to use a 256-bit symmetric algorithm and a 512-bit RSA asymmetric algorithm, or a 56-bit symmetric key and a 2048 bit asymmetric key algorithm. The following chart helps you choose key lengths that result in roughly similar cryptographic strengths for the various kinds of cryptographic algorithms:

From here, continue to Symmetric Key Cryptography