Cryptography

This post will have no discussion about cryptographic currencies. You are welcome.

Why Cryptography

The purpose of cryptography is to allow one party (commonly referred to as Alice) to send a message to another party (commonly referred to as Bob) without a third party understanding the message.

Simpliest Example

The oldest forms of encryption simply involved shifting the letters of alphabet over by one or more letters. This is obviously an insufficient level of obfuscation to be valuable for any modern usecases.

Example from Roman Caesar’s era of shifting the letters of the alphabet by seven to simply obscuscate the meaning of a sentence:

If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out.

Pm ol ohk hufaopun jvumpkluaphs av zhf, ol dyval pa pu jpwoly, aoha pz, if zv johunpun aol vykly vm aol slaalyz vm aol hswohila, aoha uva h dvyk jvbsk il thkl vba.

Basics of Public-Private Key Encryption

We typically use public-private key encryption in modern computerized usecases. It involves Alice and Bob to each generate a public/private key value pair and exchanging with one another only the public key (the private key should never be shared with anyone under any circumstances).

Through some clever mathmatical calculations, any message encoded with Alice’s public key can only be decoded with Alice’s private key and vice versa. By signing a message with her private key, she ensures that it can only be decoded with her public key.

How do Alice and Bob utilize this to privately communicate? Alice and Bob first share their public keys freely (this is an intentionally public key so no worries if others capture it; having it wide-spread is normal and encouraged). When Alice sends a message to Bob, she will first sign it with Bob’s public key, ensuring that only Bob will be able to decrypt it with his own private key.

Regarding the mention of “clever mathmatical calculations”. There are several such algorithms available; the most popular of which is RSA. The detailed understanding of the mathmatics behind the algorithm(s) themselves is only useful to a small subset of mathmaticians, computer scientists, and developers. There is a very high level of mathmatical and scientific rigor in place before these algorithms are utilized for production use cases.

Potential security concerns

Part of the exchange requires Alice and Bob to first safely share their public keys with one another (and the rest of the world). If an attacker tried to impersonate both Alice and Bob with their own public key to both parties, they could read the messages sent between both parties before re-encrypting and forwarding onwards to the other party. This is known as a “man-in-the-middle” attack.

One potential solution to that is both Alice and Bob otherwise publish their keys to a trusted third party registry (i.e. certificate authority) that can be consulted to verify that the received public keys really do belong to Alice and Bob. That does itself have a similar challenge though in being able to similarly trust the identity and public keys of that trusted third party registry. Also, there is a high concern of the negative implications of a popular certificate authority ever being hacked with keys modified and/or root private signing keys stolen.

Encryption and security in inherently based on some level of trust somewhere in the system.

Future considerations

There is a growing interest in utilizing blockchain technology to decentralize the public-key infrastructure such that we don’t rely on the security of Certificate Authorities as a critical piece of the global security infrascructure. This has not yet seen any wide-spread adoption.