If we want
to safeguard our data from theft or protect our privacy, encryption
is the most feasible option. It converts our sensitive data to
something that can be read only by authorized people.
Nowadays, there
are many encryption solutions available and we get many options while
encrypting our data. Some of them use symmetric key encryption and
some use public key encryption. But, what are symmetric key
encryption and public key encryption actually? How do they work and
how are they different from each other? In this article we would
discuss about that.
What
is Encryption ?
Encryption
is a process which takes as input a plaintext message and converts it
into an encoded message called ciphertext, such that only authorized
people can read it. And, decryption is the opposite process. It takes
as input a ciphertext message and converts it back into the original
plaintext message. These encryption and decryption processes take
help of secret keys to perform these actions. The secret key used in
encryption process is called an encryption key and the secret key
used in the decryption process is called the decryption key.
What
is Symmetric Key Encryption ?
As said
above, encryption and decryption processes take help of encryption
key and decryption key respectively to encrypt or decrypt data.
symmetric key encryption is an encryption process in which the same
secret key is used during both encryption and decryption. We call the
secret key symmetric key. So, if we encrypt a file using a symmetric
key encryption using a secret key, we would have to use the same
secret key at the time of decryption also.
This
symmetric key encryption can use either stream ciphers or block
ciphers.
Stream
Ciphers
In stream
ciphers, each plaintext digits is taken one by one from the plaintext
message and encrypted using a keystream. A keystream is basically a
stream of pseudo random characters used as keys. At the time of
encryption, each plaintext digit is taken one by one and is encrypted
with corresponding digit of the keystream.
This stream
cipher can be of two types:

Synchronous Stream Cipher

Asynchronous Stream Cipher
In
synchronous stream cipher, the keystream does not depend on
the plaintext or the ciphertext message. It is generated
independently.
In case of synchronous stream ciphers, the sender
and the receiver of the encrypted message must be in the same step
for the decryption to be successful. If a digit is added or removed
at the time of transmission, the synchronization will be lost. In
practical implementation though various methods are used to restore
the synchronization, if it gets lost.
In
asynchronous stream cipher, N number of previous ciphertext
digits are used to compute the keystream. This N can vary with the
implementation. In asynchronous stream cipher, the receiver of the
ciphertext message can automatically synchronize with the keystream
generator after receiving N ciphertext digits, which makes it easier
to recover if digits are added or lost at the time of transmission.
Because of
their speed and simplicity of implementation in hardware, stream
ciphers are often used. RC4, A5/1, A5/2, FISH, Helix, ISAAC etc are a
few stream ciphers that are commonly used in many software.
Block
Ciphers
In block
ciphers, the input plaintext message is divided into a number of
blocks of some fixed length and each block is then encrypted with the
help of symmetric key.
If a
message produces the same ciphertext message each time it is
encrypted with a symmetric key, then the encryption process is
supposed to be weak. Because in that case, the attacker can observe
the bit patterns in the ciphertext message and guess the plaintext
message. So, an Initialization Vector is often used for that purpose. An Initialization Vector is basically a pseudorandom value which is used along with the
symmetric key at the time of encryption. It can randomize the
plaintext message, so that the same plaintext message produces
different ciphertext messages each time it is encrypted even with the
same symmetric key.
Block
ciphers are widely used in many software. Data Encryption Standard or
DES, RC5, Advanced Encryption Standard or AES, Blowfish are some
examples of block ciphers.
What
is Public Key Encryption ?
As
discussed already, symmetric key encryption uses the same secret key
at the time of encryption and decryption of data. But, this may be
inconvenient at times. For example, if two users want to transfer
some encrypted message between them over the internet using symmetric
key encryption, they would need to share the secret key with each
other. And, this may not be possible all the time. And, to address
that public key encryption is used.
Public key
encryption is an encryption process in which two different keys are
used at the time of encryption and decryption. Typically, one key is
used at the time of encryption and the other one is used at the time
of decryption. These are called private key and public key.
Each user
who wants to use public key encryption has to create a keypair
consisting of a public key and a private key. The private key must be
kept secret with the user and the public key can be distributed with
others who want encrypted communication with the user.
If a
plaintext message is encrypted with the private key, it can be
decrypted with the public key. And, if it is encrypted with the
public key, it can be decrypted with the private key. And, this makes
public key encryption much convenient to be used in encryption,
decryption and in making digital signatures.
If Alice
wants to send an encrypted message to Bob, she would need to encrypt
the message using Bob’s public key. Bob can decrypt the message
using his private key and read. As the private key is kept secret to
Bob, only Bob would be able to decrypt the message and read.
But, at the
same time, Bob may need to make sure the encrypted message is sent by
Alice only and not by anyone else using Bob’s distributed public
key. Digital Signatures are used for that purpose. Alice can make a
digital signature of the message using her private key and send it to
Bob along with the original encrypted message. Bob can verify the
digital signature using Alice’s public key. As no one else knows
Alice’s private key, Bob can be sure that Alice only has sent the
encrypted message.
Thus,
public key encryption can be used conveniently for encryption,
decryption and digital signatures. DSA, RSA, PGP use public key
encryption. PGP though can use both symmetric key encryption and
public key encryption depending on the application.
No comments:
Post a Comment