Asymmetric encryption

With asymmetric encryption, unlike symmetric encryption, there are always two complementary keys. One key,

1. the public key, is used to encrypt a message.
2. Another, the private key, is used to decrypt the message.

Together, the two keys form a key pair.

The associated second key cannot be easily guessed or calculated from the other key. This means that one key of the key pair can be made publicly accessible to anyone. This is why it is referred to as the public key.

The process of asymmetric encryption is easy to understand if you think of it like a safe with a snap lock. Anyone can lock something in the safe, because it automatically locks when the door closes. However, a key is needed to open it. Thus, anyone can use the public key, similarly to how anyone can lock something in a safe with a snap lock. However, because only the recipient has access to the private key, sometimes also known as the secret key, only they can decipher the message or take something out of the safe.

A bit of maths

Asymmetric encryption is based on mathematical processes that are easy to perform in one direction but difficult to reverse. Multiplication is one such example:
3 121 163 * 4 811 953 = 15 018 889 661 339

Breaking numbers down into their factors, however, is very laborious. If you only have the product, it is very difficult to find the original factors of the number. In simple terms, the public key corresponds to the product of the calculation. This is needed in order to encrypt information for the recipient. The recipient's private key contains both of the numbers that the product is made up of. The decryption program needs these in order to decrypt the encrypted message.

This therefore provides an elegant solution to the problem of how to exchange keys. The public part can be made accessible to everyone, without the security being compromised. However, the private key is always needed as well. Another advantage of the process is that far fewer keys are necessary than for symmetric processes, which would require 66 keys just for 12 people to communicate with each other. For asymmetric encryption, everyone needs only one key pair.

However, there are also downsides to asymmetric encryption processes:

• High processing demand
  Asymmetric processes have very high processing requirements compared to symmetric processes. The computer requires a lot of time to encrypt short messages. This is why we use a trick: The slow asymmetric process is only used to securely and simply exchange the keys that will be used for a quick symmetric process. Further communication then takes place through the more rapid symmetric encryption. If asymmetric processes are used to encrypt the keys for a symmetric process, this is referred to as hybrid, i.e. combined, encryption.

• Lack of authenticity
  Anyone who wants to encrypt something using the public key of a recipient (in other words, to put something in the safe) needs to be able to ensure that it really belongs to that person. It is easy for an individual to pretend to be someone else online, and someone could falsely claim that they are the authorised recipient. Key pairs could easily be generated for the false identity and public keys put into circulation. The fraudster could then read the confidential messages because the sender has used their key instead of the actual intended recipient's. If the message is then also maybe manipulated and forwarded on to the correct recipient, the entire process could probably go unnoticed.

PKI and digital signature

A particular characteristic of the Public Key Infrastructure (PKI) is the certification body. This is the generally recognised body tasked with definitively allocating the relevant one-time key pairs (private and public keys, see asymmetric encryption) to natural persons and confirming this to users through "certificates".

Basics of digital signatures

Similarly as with asymmetric encryption processes, there also exist signature processes that use a public key. In asymmetric encryption processes, anyone who has the corresponding public key can send the holder of a private key messages that only they can decrypt. Signature processes generally aim to replicate the functionality of conventional signatures for digital documents. They therefore aim to ensure:

• That anyone is able to verify a signature,
• That only the signer is able to sign using a signature that is valid for them.

Unlike with normal signatures, using digital signatures also protects the signed document from subsequent alteration. Whereas with a contract signed on paper it is at least conceivable that a fraudster could, for example, add text after it is signed in order to amend the meaning of the contract in a manner that would be very difficult to prove, the verification of a digital signature should fail if the signed file has been altered after it is issued.

Modern signature processes achieve this as follows:

• Anyone who knows the public signature key of the signer can check digital signatures with relatively little effort,
• For anyone who does not known the private signature key of the signer, it is practically impossible to sign documents in their name, and
• For anyone who does not know the private signature key of the person who signed a file, it is practically impossible to alter the file without the signature becoming invalid.

It must be said here that, as with cryptography generally, all statements are based on the current state of the art. It is entirely possible that a way will be found of breaching the current standard signature processes. No statements can be made about this, however.

In part, digital signature processes can be derived relatively directly from asymmetric encryption processes, for example in the case of the widely used RSA encryption system. There are, however, signature processes that have no analogue in asymmetric encryption processes, and vice versa.

Basics of public key infrastructures

Public key infrastructures solve the problem of how to distribute public keys for public key infrastructure encryption processes and digital signature processes securely. A prerequisite here is that a public signature key from a certification body can be distributed to all participants in the PKI in advance in a manner that cannot be falsified. Another prerequisite is that the certification body is able to reliably verify the identity of all participants and is itself an institution that can be trusted by all participants.

The public keys can then by distributed simply via the PKI:

The certification body issues a text that allocates a key to a person and encrypts this using its private key.
The certification body writes something like "Public Key No. 1234 belongs to peter@bsi.bund.de" and signs it using its own private key.
Because the public key of the certification body is known to everyone, anyone can check that this text has been signed and not altered in the meantime.
If you trust the certification body, you can also trust that this public key belongs to a clearly defined person.

Symmetric encryption

Caesar cipher

As far back as antiquity, we have examples of various symmetric encryption processes being used. The best known of these is probably the scytale used by the Spartans and the process named the Caesar cipher after its most famous user. The Caesar cipher is a very simple letter-replacement system.
The following text is an example of a possible ciphertext: "XQQXZHXQAXTK"

As soon as someone starts to suspect that an encryption key similar to a Caesar cipher has been applied to this ciphertext, they very quickly realise that every letter has been replaced by the third letter in the alphabet after it, following the convention that when the last letter of the alphabet is reached, it starts again at A.
The plain text of the message is therefore: "Attack at dawn".

The Caesar cipher can be generally defined as the following process: given a text consisting of capital letters and a key consisting of one letter (in this case, "D"), replace every letter of the text with the letter of the alphabet that is the same distance from it as between the key and the letter A (in this case, three steps).

A secure process: the one-time pad

There are, however, many other cipher mechanisms that are much harder or even impossible to crack. We will give a short example of an absolutely secure encryption process (one that protects the confidentiality of the information transmitted) that can be used without any technical auxiliary resources.

We will start with the Caesar cipher. One of the obvious weak points of this system is that there is a very small number of possible keys. In an alphabet of 26 letters, there are only 26 possible keys, which an attacker can simply try out one-by-one until they find the plain text. One initial method of improving the Caesar cipher would be to expand the key space. One way of achieving this would be to use a key word rather than a key letter and to "add" this letter-by-letter to the letters in the plain text as we did with the Caesar cipher.

Example

Plain text	BBBBBBB
Key	CIPHER
Ciphertext	DJQIFS

In this example, the D, the first letter of the ciphertext, is arrived at as follows:
The first letter of the key is a "C". This means you can read that at this point an "A" in the plain text should be replaced by a "C", a "B" by a "D", a "C" by an "E" and so on.
If there is a "B" in the plain text, this would be replaced in the ciphertext by a "D".

This process works as described only as long as the key word is of the same or a longer length than the message to be encrypted. This means it is initially very insecure in the form described. If, however, the key is

• also made up of a completely randomly selected sequence of letters of the right length and
• the key is only used to encrypt a single message (or letters of the key used once in an encryption operation are never reused),

then knowing the ciphertext provides an attacker who has no information about the key absolutely no information about the plain text.

This encryption process is then also referred to as the one-time pad.

Some additional limitations must also be taken into consideration, for example:

• After the key has been used once, it must be destroyed (or must never be used again), as using the same key a second time with a different message would make the process insecure. Even part of a previously used key must never be reused or revealed!
• An attacker who knows part of the key can also easily decrypt the corresponding parts of the message,
• The integrity of the transmitted messages is not protected in any way by the process.

So you see, even an encryption process that is supported by a very strong theoretical guarantee of security can have non-optimal cryptographic characteristics that make it impossible to state for certain that it guarantees security. Consequently, the development and scientific assessment of modern cryptographic systems must take a large number of varied security objectives and attack scenarios into account.

Modern symmetric ciphers

Of course, one major disadvantage of one-time pads is that they also require a large amount of key material. For every encrypted connection between two parties, you need a key that is as long as the total length of all of the messages that must exchanged securely. Distributing this key securely is therefore particularly difficult if multiple parties have to communicate with each other.

Despite this, one-time pads are actually used to a significant extent. One modern variation is quantum-cryptographic systems, which solve the problem of securely exchanging keys using physical principles. There are also other important structures in cryptography that are built on the ideas that underpin the one-time pad.

Modern symmetric cryptographic processes, unlike the one-time pad, require only limited amounts of private keys in order to work. Subject at least to the qualification that most security guarantees provided by modern cryptography are not absolute, and that further scientific advances could therefore crack processes currently considered secure, a very high security level has been achieved. The fundamental problem of distributing private key material "in advance" still remains.