Computers got popular mostly as a mode of storage and communication. And as the relevance of computers grew in everyday life there arose the need to secure stored data.
Encryption is not the creation or function of the internet or of computers. Encryption has existed since humans invented communication. A text written in Mandarin is analogous to an encrypted English text with the same information. People speaking foreign languages may appear cryptic to us as we are unable to make sense of what they say.
While encryption is the method of securing data, Cryptography is the science of encryption methods.
We will deal with electronic encryption as the scope of this article. We will draw analogies from the real world and keep this article simple enough to understand the fundamentals of cryptography in under ten minutes.
Origins of encryption
Encryption has been going for long since the Greeks and Romans invented secret messages by substituting letters with numbers and further decipherable with a secret key.
The Greeks used a device called a scytale. It uses a long piece of paper wound like a ribbon around a cylindrical object. The message could be written on it and on unwinding the paper would not make sense.
Julius Caesar tried using an encryption technique known as Caesar’s cipher. In this method encryption could be done by shifting each letter of the alphabet to the right or left by a number of positions—. For instance, you’d write “GEEK” as “JHHN”.
During the world wars it became very necessary to have much more difficult encryption standards. The Germans created the Enigma machine to pass encrypted transmissions which the Polish eventually cracked. Consider the fact that the cracking of the Enigma was a key advantage for victory of the allied forces.
Information in digital world exist as binary numbers.
For e.g. ‘India’ is ‘01001001 01001110 01000100 01001001 01000001’.
For more clarity on how information can exist as ‘only’ numbers please read this short and simple article: What is digital information and how does the computer work? For a lawyer.
Security is thus accorded to online communication by rearranging the binary numbers through highly complex mathematical functions. This process of rearrangement of data is called encryption. The resultant encrypted text is called “ciphertext” or “cipher”.
In this article we would explore Symmetric Cryptography or Secret Key Cryptography in depth.
Symmetric/Secret Key Cryptography (“SKC”)
Imagine a locker containing lots of confidential files. All the files inside are protected through the application of a lock and key mechanism required to open and close the locker. Thus security to the locker is accorded by the security of the key.
If Bimal wants to send a message safely to Narendra, he would put the message in a bank locker, lock it, go away, deliver the key to Narendra, and ask him to access the locker.
Symmetric cryptography is akin to such bank lockers. In SKC the same key is used to encrypt and decrypt a message. The sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the cipher and recover the plain text. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
Simple Mathematics behind encryption
In SKC a key is selected randomly, multiplied with the numbers of the secret message, and the product is publicly broadcasted.
For e.g. if I were asked to securely broadcast the message:
‘Bomb Xanadu at 0930’.
I would first change it to ASCII:
’66 111 109 98 32 88 97 110 97 100 117 32 97 116 32 48 57 51 48′
and multiply all the numbers with 777743 (key) to get the ciphertext:
‘51331038 86329473 84773987 76218814 24887776 68441384 75441071 85551730 75441071 77774300 90995931 24887776 75441071 90218188 24887776 37331664 44331351 39664893 37331664’
Therefore, the key would be the prime number 777743. While, your knowledge of the the key can help you divide the values and get the original message out of the encrypted message, lengthier keys accord better protection.
This oversimplified encryption algorithm may be named the Ashok Division Algorithm (“ADA”), published in a journal, and globally used. However, much has already been done on the intricacies of encryption algorithms. There are a lot of much better SC algorithms you can choose from—the popular ones include Twofish, Serpent, AES (Rijndael) (for more information read this article on AES), Blowfish, CAST5, RC4, TDES, and IDEA.
Transfer of encryption key
The transfer of the encryption keys (777743 in the example above) takes effect in physical world, due to which agents and spies are often tasked with exchanging envelopes in a style akin to spy movies.
Section 84A of the Information Technology (Amendment) Act, 2008 permits the Central Government to prescribe encryption standards and methods to secure electronic communications, and promote e-governance & e-commerce. There is no dedicated law on encryption methods or standards. The sectoral regulations in the banking, finance and telecom industries define minimum standards to be used in transactions.
In the next post we head towards Understanding Asymmetric Cryptography, Public Key, Private Key and the RSA Algorithm where I show you how secure communication can take place without any key exchange. If you have doubts or questions about the technology or the law please feel free to post it here: Questions.