Originally Published: Tuesday, 26 October 1999 Author: Quentin Cregan
Published to: enchance_articles_security/Advanced Security Articles Page: 1/1 - [Printable]

# Basic Cryptography By Joel PobarOctober 27 - November 2

Even in its most common form, encryption is regarded as complicated, Encryption requires two common things an encryption method and a key. Put simply an encryption method is a mathematical routine to convert the plaintext to the ciphertext. The routine can be as easy as taking the ASCII value of the characters and joining them together with a period. A key is perhaps a variable on that period...

 Page 1 of 1 Basic Cryptography This article will cover the general topic of cryptography and the basic concepts behind encryption. Commonly used terminology during this article: Plaintext: The original message. Ciphertext: The message after the encryption process. Exhaustive search: A method of brute force, where every possible combination is tried. Single key encryption: A single key that both parties are aware of, that encrypts and decrypts messages. Alice: Party A Bob: Party B Even in its most common form, encryption is regarded as complicated, Encryption requires two common things an encryption method and a key. Put simply an encryption method is a mathematical routine to convert the plaintext to the ciphertext. The routine can be as easy as taking the ASCII value of the characters and joining them together with a period. A key is perhaps a variable on that period. For example: Method: ASCII value of character Key: +5 Plaintext: hello ASCII value of plaintext: 101 104 102 105 107 Value after key: 106 109 107 110 112 Looking at this simple method, a party could not decrypt the ciphertext without firstly, the mathematical method and the key. Many encryption methods are made public; therefore the security is attached with the key. Unfortunately with this method, the key is an integer value, and using an exhaustive search the ciphertext could be decrypted. Encryption methods The simple method you’ve seen before is of no logical use because the cipher is so easily broken by brute force. Delving a little deeper will require knowledge on Boolean logic and general mathematical concepts. If you are familiar with Boolean logic please skip the next section. Logic symbols ```0 = FALSE 1 = TRUE AND = ^ OR = v NOT = ~ XOR = + ``` Examples of logic symbols ```P ^ Q Statement is true if P is true AND Q is true, else FALSE P v Q Statement is true if P is true OR Q is true or both are true ~P If P=TRUE then statement equals FALSE P XOR Q Statement is TRUE if either P or Q is true but not both ``` Most encryption methods use XOR to gain ciphertext from the plaintext and the key. A quick and easy routing using XOR is as follows. ``` Plaintext: hello Key: 010101010 ASCII representation of first letter h: 011011011 011011011 XOR h 010101010 key ------------- 001110001 ciphertext of value ‘h’ ``` This is of course continued until all values of ‘hello’ have been XOR’ed with the respective key. To decrypt the ciphertext, the other party must know the key combination. Then using XOR, the cipher can be converted to plaintext again. ``` 001110001 XOR ciphertext (unknown value) 010101010 key (known only to receiving party) ------------- 011011011 original message value ‘h’ ``` The method described above is a basic understanding of how single key encryption works. Public key encryption Single key encryption is flawed because of the reliance of both parties knowing the key. If Alice were to send Bob and encrypted message using the single key encryption method, she would also have let Bob know the key to decrypt the message. The transfer of the key could jeopardise the security of the message because another party could intercept the key and decrypt the message. Public key encryption consists of a public and private key. Each individual must have both of these and usually the public key is made accessible to everyone. In its simplest form, if Alice wants to send Bob a message, she encrypts the message using Bobs public key. She then sends the ciphertext to Bob and Bob then decrypts the message using his private key. Once Alice encrypts the message, she cannot decrypt it using Bob’s public key, nor can she use her public or private key to decrypt it. PGP, Pretty Good Privacy is perhaps the most popular form of public key encryption. Check it out at http://web.mit.edu/network/pgp.html Public key authentication Using this system, it is possible to masquerade as someone else and that is where public key authentication comes into play. Alice sends an encrypted message to Bob using his public key, but he wants to know if whom he received the message from is actually Alice. To prove this, Alice encrypts a message with her private key and sends it to Bob. Bob can then decrypt the message using Alices public key. If the decryption works, Bob can definitely prove that the sending party holds the private key. More to come… The next section will cover DES Block ciphers and the latest in Quantum encryption. Page 1 of 1