Sunday, December 4, 2016

Symmetric Key Encryption vs Public Key Encryption

If we want to safeguard our data from theft or protect our privacy, encryption is the most feasible option. It converts our sensitive data to something that can be read only by authorized people. 

Nowadays, there are many encryption solutions available and we get many options while encrypting our data. Some of them use symmetric key encryption and some use public key encryption. But, what are symmetric key encryption and public key encryption actually? How do they work and how are they different from each other? In this article we would discuss about that.

What is Encryption ?

Encryption is a process which takes as input a plaintext message and converts it into an encoded message called ciphertext, such that only authorized people can read it. And, decryption is the opposite process. It takes as input a ciphertext message and converts it back into the original plaintext message. These encryption and decryption processes take help of secret keys to perform these actions. The secret key used in encryption process is called an encryption key and the secret key used in the decryption process is called the decryption key.

What is Symmetric Key Encryption ?

As said above, encryption and decryption processes take help of encryption key and decryption key respectively to encrypt or decrypt data. symmetric key encryption is an encryption process in which the same secret key is used during both encryption and decryption. We call the secret key symmetric key. So, if we encrypt a file using a symmetric key encryption using a secret key, we would have to use the same secret key at the time of decryption also.

This symmetric key encryption can use either stream ciphers or block ciphers.

Stream Ciphers

In stream ciphers, each plaintext digits is taken one by one from the plaintext message and encrypted using a keystream. A keystream is basically a stream of pseudo random characters used as keys. At the time of encryption, each plaintext digit is taken one by one and is encrypted with corresponding digit of the keystream.

This stream cipher can be of two types:

  • Synchronous Stream Cipher
  • Asynchronous Stream Cipher

In synchronous stream cipher, the keystream does not depend on the plaintext or the ciphertext message. It is generated independently. 

In case of synchronous stream ciphers, the sender and the receiver of the encrypted message must be in the same step for the decryption to be successful. If a digit is added or removed at the time of transmission, the synchronization will be lost. In practical implementation though various methods are used to restore the synchronization, if it gets lost.

In asynchronous stream cipher, N number of previous ciphertext digits are used to compute the keystream. This N can vary with the implementation. In asynchronous stream cipher, the receiver of the ciphertext message can automatically synchronize with the keystream generator after receiving N ciphertext digits, which makes it easier to recover if digits are added or lost at the time of transmission.

Because of their speed and simplicity of implementation in hardware, stream ciphers are often used. RC4, A5/1, A5/2, FISH, Helix, ISAAC etc are a few stream ciphers that are commonly used in many software.

Block Ciphers

In block ciphers, the input plaintext message is divided into a number of blocks of some fixed length and each block is then encrypted with the help of symmetric key.

If a message produces the same ciphertext message each time it is encrypted with a symmetric key, then the encryption process is supposed to be weak. Because in that case, the attacker can observe the bit patterns in the ciphertext message and guess the plaintext message. So, an Initialization Vector is often used for that purpose. An Initialization Vector is basically a pseudorandom value which is used along with the symmetric key at the time of encryption. It can randomize the plaintext message, so that the same plaintext message produces different ciphertext messages each time it is encrypted even with the same symmetric key.

Block ciphers are widely used in many software. Data Encryption Standard or DES, RC5, Advanced Encryption Standard or AES, Blowfish are some examples of block ciphers.

What is Public Key Encryption ?

As discussed already, symmetric key encryption uses the same secret key at the time of encryption and decryption of data. But, this may be inconvenient at times. For example, if two users want to transfer some encrypted message between them over the internet using symmetric key encryption, they would need to share the secret key with each other. And, this may not be possible all the time. And, to address that public key encryption is used.

Public key encryption is an encryption process in which two different keys are used at the time of encryption and decryption. Typically, one key is used at the time of encryption and the other one is used at the time of decryption. These are called private key and public key.

Each user who wants to use public key encryption has to create a keypair consisting of a public key and a private key. The private key must be kept secret with the user and the public key can be distributed with others who want encrypted communication with the user.

If a plaintext message is encrypted with the private key, it can be decrypted with the public key. And, if it is encrypted with the public key, it can be decrypted with the private key. And, this makes public key encryption much convenient to be used in encryption, decryption and in making digital signatures.

If Alice wants to send an encrypted message to Bob, she would need to encrypt the message using Bob’s public key. Bob can decrypt the message using his private key and read. As the private key is kept secret to Bob, only Bob would be able to decrypt the message and read.

But, at the same time, Bob may need to make sure the encrypted message is sent by Alice only and not by anyone else using Bob’s distributed public key. Digital Signatures are used for that purpose. Alice can make a digital signature of the message using her private key and send it to Bob along with the original encrypted message. Bob can verify the digital signature using Alice’s public key. As no one else knows Alice’s private key, Bob can be sure that Alice only has sent the encrypted message.

Thus, public key encryption can be used conveniently for encryption, decryption and digital signatures. DSA, RSA, PGP use public key encryption. PGP though can use both symmetric key encryption and public key encryption depending on the application.

No comments:

Post a Comment