Cryptography is "the art of writing in secret characters". Encrypting is the act of translating a 'normal message' to a message written with 'secret characters' (also known as the encrypted message). Decrypting is the act of translating a message written with 'secret characters' into a readable message (the unencrypted message). It is, by far, one of the most important areas in computer security, since modern encryption algorithms can ensure all three pillars of a secure conversation: privacy, integrity, and authentication.
In the previous page we saw a rather simple encryption algorithm which simply substituted each letter in a message by the next one in the alphabet. The decryption algorithm was, of course, substituting each letter in the encrypted message with the previous letter in the alphabet. These kind of algorithms, based on the substitution of letters, are easily broken. Most modern algorithms, however, are key-based.
A key-based algorithm uses an encryption key to encrypt the message. This means that the encrypted message is generated using not only the message, but also using a 'key':
The receiver can then use a decryption key to decrypt the message. Again, this means that the decryption algorithm doesn't rely only on the encrypted message. It also needs a 'key':
Some algorithms use the same key to encrypt and decrypt, and some do not. However, we'll look into this in more detail in the next page.
Let's take a look at a simple example. To make things simpler, let's suppose we're not transmitting alphanumerical characters, only numerical characters. For example, we might be interested in transmitting the following message:
1 2 3 4 5 6 5 4 3 2 1
We will now choose a key which will be used to encrypt the message. Let's suppose the key is "4232". To encrypt the message, we'll repeat the key as many times as necessary to 'cover' the whole message:
1 2 3 4 5 6 5 4 3 2 1 4 2 3 2 4 2 3 2 4 2 3
Now, we arrive at the encrypted message by adding both numbers:
1 2 3 4 5 6 5 4 3 2 1 + 4 2 3 2 4 2 3 2 4 2 3 --------------------- 5 4 6 6 9 8 8 6 7 4 4
The resulting message (54669886744) is the encrypted message. We can decrypt following the inverse process: Repeating the key as many time as necessary to cover the message, and then subtract the key character by character:
5 4 6 6 9 8 8 6 7 4 4 - 4 2 3 2 4 2 3 2 4 2 3 --------------------- 1 2 3 4 5 6 5 4 3 2 1
Voilà! We're back at the unencrypted message! Notice how it is absolutely necessary to have the decryption key (in this case, the same as the encryption key) to be able to decrypt the message. This means that a malicious user would need both the message and the key to eavesdrop on our conversation.
Please note that this is a very trivial example. Current key-based algorithms are much more sophisticated (for starters, keys are much longer, and the encryption process is not as simple as 'adding the message and the key'). However, these complex algorithms are based on the same basic principle shown in our example: a key is needed to encrypt/decrypt message.
The example algorithm we've just seen falls into the category of symmetric algorithms. These type of algorithm uses the same key for encryption and decryption:
Although this type of algorithms are generally very fast and simple to implement, they also have several drawbacks. The main drawback is that they only guarantee privacy (integrity and authentication would have the be done some other way). Another drawback is that both the sender and the receiver need to agree on the key they will use throughout the secure conversation (this is not a trivial problem).
Secure systems nowadays tend to use asymmetric algorithms, where a different key is used to encrypt and decrypt the message. Public-key algorithms, which are introduced in the next section, are the most commonly used type of asymmetric algorithms.