Cryptography

Cryptography

Cryptography is the study of codes and ciphers and their use to protect  information. These are characterized by

- types of encryption operations used

- number of keys used

-ways in which plain text is processed

Encryption is the scrambling of text-based messages into unrecognizable code via a complex mathematical algorithm

Private Key Cryptography

Private key or symmetric, encryption systems employ a single common key, possessed by those on both sides of the transactions, to both lock and unlock a message. Private keys are generally smaller, meaning they contains less bits of information, and as a result compute more quickly than do public  keys. However, that also means they are more vulnerable to attack than are public keys.

Because private-key cryptography involves a series of one-to-one transactions,  the concern over secrecy is paramount. For example, if a firm maintained a private-key infrastructure with several thousand clients, the company would need to ensure the secrecy of several thousand separate keys, and the opportunity for compromised security escalates. Thus private-key encryption can pose difficulties especially over large network of individuals, simply because key management can become a headache that costs a good deal of time and effort to manage.

These can be summarized as:

§  traditional private/secret/single key cryptography uses one key.

§  shared by both sender and receiver

§  if this key is disclosed, communications are compromised.

§  also is symmetric, parties are equal

§  hence does not protect sender form receiver forging a message and claiming is sent by sender

§  problem of key distribution

§  DES, IDEA (Internation DES), AES, Blowfish

Public Key Cryptography

Public key or asymmetric, cryptography involves two separate keys: both a private key maintained by a single entity and a public key available to any user over a network. A central authority such as an online bank, broadcasts its public key, enabling any client to send encrypted messages to that destination. Only that original authority, however can decrypt the communications using its private key, thereby securing the information from hackers and other unauthorized onlookers. Because the usage of these keys is spread over such a wide network of people, they typically contain a greater number of information bits to make the code more difficult to crack.

Because of its simple availability to large number of people, public-key encryption was considered the favored infrastructure for e-commerce in the early 2000s. Digital signature technology for instance, relies on the public key infrastructure. The leading public key encryption scheme used in e-commerce was secure sockets layer (ssl) developed by Netscape.

The primary vehicle by which transactions and message are encrypted using public key cryptography is the digital certificate.

The complexity of the public-key infrastructure stems from the management of a hierarchy of different certificate authorities and central servers, along with the level of individual customization involved in using a digital certificate on a personal computer or smart card.

The above can be summarized as :

§  public key/two key/asymmetric cryptography involves the use of two keys: private key – which may be known by anybody, and can be used to encrypt messages and verify signature; private key – known only to the receipient used to decrypt message and sign (create) signatures

§  is asymmetric because those who encrypt messages or verify signatures cannot decrypt messages or create signatures.

§  helps address key distribution problems.

§  RSA