Private-Key Cryptography
In private-key cryptography, the sender and recipient agree beforehand on a secret private key. The plaintext is somehow combined with the key to create the ciphertext. The method of combination is such that, it is hoped, an adversary could not determine the meaning of the message without decrypting the message, for which he needs the key. The following diagram illustrates the encryption process:
And, here is decryption illustrated:
Click to see examples of real plaintext and ciphertext. In this case, the ciphertext was encrypted with an eight-character private key using the Data Encryption Standard (DES).
To break a message encrypted with private-key cryptography, an adversary must either exploit a weakness in the encryption algorithm itself, or else try an exhaustive search of all possible keys. If the key is large enough (e.g., 128 bits), such a search would take a very long time, even with very powerful computers.
Private-key methods are efficient and difficult to break. However, one major drawback is that the key must be exchanged between the sender and recipient beforehand, raising the issue of how to protect the secrecy of the key. When the President of the United States exchanges launch codes with a nuclear weapons site under his command, the key is accompanied by a team of armed couriers. Banks likewise use high security in transferring their keys between branches. These types of key exchanges are not practical, however, for e-commerce between, say, amazon.com and a casual web surfer.
In private-key cryptography, the sender and recipient agree beforehand on a secret private key. The plaintext is somehow combined with the key to create the ciphertext. The method of combination is such that, it is hoped, an adversary could not determine the meaning of the message without decrypting the message, for which he needs the key. The following diagram illustrates the encryption process:
And, here is decryption illustrated:
Click to see examples of real plaintext and ciphertext. In this case, the ciphertext was encrypted with an eight-character private key using the Data Encryption Standard (DES).
To break a message encrypted with private-key cryptography, an adversary must either exploit a weakness in the encryption algorithm itself, or else try an exhaustive search of all possible keys. If the key is large enough (e.g., 128 bits), such a search would take a very long time, even with very powerful computers.
Private-key methods are efficient and difficult to break. However, one major drawback is that the key must be exchanged between the sender and recipient beforehand, raising the issue of how to protect the secrecy of the key. When the President of the United States exchanges launch codes with a nuclear weapons site under his command, the key is accompanied by a team of armed couriers. Banks likewise use high security in transferring their keys between branches. These types of key exchanges are not practical, however, for e-commerce between, say, amazon.com and a casual web surfer.
There also is a private key in public-key cryptography, and, as in private-key cryptography, the key is used to decrypt the ciphertext. However, in public-key cryptography, only the recipient has the private key. The sender, and indeed the general public, has a public key. Anyone who wants to send an encrypted message to the recipient can use the public key. The following illustrates the process of encryption:
And, this is how messages are decrypted:
Public-key cryptography depends upon the notion of one-way functions: a one-way function is a function that is easy to apply, but extremely difficult to invert. The most common one-way function used in public-key cryptography involves factoring very large numbers. The idea is that it is relatively easy to multiply numbers, even large ones, with a computer; however, it is very difficult to factor large numbers. The only known algorithms basically have to do a sort of exhaustive search (Does 2 go in to? Does 3? 4? 5? 6? and so on). With numbers 128 bits long, such a search requires performing as many tests as there are particles in the universe.
The public-key algorithm uses a one-way function to translate plaintext to ciphertext. Then, without the private key, it is very difficult for anyone (including the sender) to reverse the process (i.e., translate the ciphertext back to plaintext).
For instance, someone wishing to receive encrypted messages can multiply two very large numbers together. She keeps the two original numbers a secret, but sends the product to anyone who wishes to send her a message. The encryption/decryption algorithm is based upon combining the public number with the plaintext. Because it is a one-way function, the only way to reverse the process is to use one of the two original numbers. However, assuming the two original numbers are very large, their product is even bigger; it would be impractical for an adversary to try every possibility to determine what the two original numbers were.