|
|
<!DOCTYPE html>
|
|
|
<html lang="en">
|
|
|
<head>
|
|
|
<meta charset="UTF-8">
|
|
|
<title>How Asymetric Encryption Works | tait.tech</title>
|
|
|
<link rel="stylesheet" href="/assets/css/style.css">
|
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
</head>
|
|
|
<body>
|
|
|
<div id="wrapper">
|
|
|
<nav>
|
|
|
<input type="checkbox" id="menu">
|
|
|
<label for="menu">☰</label>
|
|
|
<div class="menu-content">
|
|
|
|
|
|
<a href="/" class="nav-link" >Home</a>
|
|
|
|
|
|
<a href="/blog/" class="nav-link" >Blog</a>
|
|
|
|
|
|
<a href="/links/" class="nav-link" >Links</a>
|
|
|
|
|
|
<a href="/ideas/" class="nav-link" >Ideas</a>
|
|
|
|
|
|
<a href="https://github.com/TTWNO/" class="nav-link" target="_blank" rel="noopener noreferrer" >Code</a>
|
|
|
|
|
|
</div>
|
|
|
</nav>
|
|
|
|
|
|
<h1>How Asymetric Encryption Works</h1>
|
|
|
<h4 class="post-date line-under">Thursday, April 02 2020</h4>
|
|
|
|
|
|
<div class="article">
|
|
|
<p>In a few previous articles I have explained <a href="/2020/01/26/rsa1.html">why encryption may be important to you</a> and <a href="/2020/02/19/rsa2.html">how the theory behind encryption works</a>. I did not yet explain the system of asymetric cryptography, however. That is what this article is for.</p>
|
|
|
|
|
|
<p>Previously, we talked about how <em>symetric</em> encryption works. This is by having a shared key that both parties use to simultaniously encrypt, and decrypt the data. (See Ceasar Cipher for example).</p>
|
|
|
|
|
|
<h2 id="public-key-or-asymetric-encryption">Public-key, or Asymetric Encryption</h2>
|
|
|
|
|
|
<p>Asymetric encryption is based on the idea of having multiple keys instead of only one shared key.
|
|
|
For example: instead of encrypting with one key, and decrypting with that same key (like our ROT ciphers we talked about previously), we can use one key to <em>encrypt</em> the information, and a different key to <em>decrypt</em> the information.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/alice-to-bob.png" alt="Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key." />
|
|
|
<figcaption>
|
|
|
Alice sending her message to Bob using Bob's public key. Bob decrypts the message with his private key.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>In the picture above, see how Alice uses Bob’s public key to encrypt some data,
|
|
|
then sends it to Bob for him to decrypt with his private key?
|
|
|
That is the essense of public-key encryption.</p>
|
|
|
|
|
|
<p>The great thing about public-key encryption is that your public key is <em>public</em>! There is no need to be afraid of sending this everywhere!
|
|
|
You can attach it at the end of all your emails, the end of your forum posts, <a href="/public-key.asc">a link to it on your low-power webserver</a> (wink).
|
|
|
There are even things called <a href="http://keys.gnupg.net/">keyservers</a> that will save your public key on them for retrival in case somebody wants to verify your public key.</p>
|
|
|
|
|
|
<p>Anything encrypted with your public key can only be decrypted with your private key.
|
|
|
Provided you never, <em>NEVER</em> share your private key with anyone ever, we can assume that all messages sent to you encrypted with your public key will never be read by anyone else.</p>
|
|
|
|
|
|
<p>Asymetric encryption, however, often contains four keys instead of two. Why is this?</p>
|
|
|
|
|
|
<h4 id="verification-of-author">Verification of Author</h4>
|
|
|
|
|
|
<p>One interesting thing about keys pairs is that not only can the private key decrypt anything the public key encrypts,
|
|
|
but the public key can decrypt anything the private key encrypts.</p>
|
|
|
|
|
|
<p>Now why would one want to encrypt a message that can be decrypted by anyone?</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/alice-sign-to-bob.png" alt="Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!" />
|
|
|
<figcaption>
|
|
|
Alice sending a message to bob which is 'signed' with her private key. This allows Bob to know only Alice could have sent it!
|
|
|
<br />
|
|
|
<br />
|
|
|
Note: Although the picture shows otherwise, the text is not sent in the plain. It is encrypted with Alice's private key.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>This is how you can verify that the person who says they wrote the message really did indeed write the message!
|
|
|
If their private key was never shared with anyone else, then the message must have come from them!</p>
|
|
|
|
|
|
<p>For maximum security, these methods are often layered.
|
|
|
First, signing with the sender’s private key,
|
|
|
ensuring only they could have sent it—
|
|
|
then encrypted with the recipient’s pulbic key,
|
|
|
making sure only the reciever can read it.</p>
|
|
|
|
|
|
<p>Note that both sides must first have eachother’s public keys to do this.
|
|
|
This is easy if they communicate often, but when first contacting somebody,
|
|
|
people will generally send their encrypted message along with the their own pulbic key attached in a seperate file.</p>
|
|
|
|
|
|
<h3 id="what-this-means">What This Means</h3>
|
|
|
|
|
|
<p>Notice neither Alice nor Bob had to share any comprimsing information over the network?
|
|
|
This is why public-key encryption is so powerful!</p>
|
|
|
|
|
|
<p>Alice and Bob can both safely send their public keys in the open.
|
|
|
They can even send them over the insecure HTTP, or FTP protocols.</p>
|
|
|
|
|
|
<p>Whilst not sending any encryption-breaking messages,
|
|
|
Alice and Bob now have a way to communicate securely.
|
|
|
If you trust nothing and no one, this is your perfered method of security.</p>
|
|
|
|
|
|
<p>Check out this <a href="https://www.youtube.com/watch?v=GSIDS_lvRv4">Computerphile video</a> if you want the simplified explaination.</p>
|
|
|
|
|
|
<h3 id="the-algorithms">The Algorithms</h3>
|
|
|
|
|
|
<p>The two biggest “implementations” of public-key cryptography vary only in the mathamatical equations used to generate the numbers,
|
|
|
and how the numbers are <a href="https://en.wikipedia.org/wiki/Trapdoor_function">“trapdoored”</a> to decrypt if you have the correct key.</p>
|
|
|
|
|
|
<p>I will discuss the differences in approach here.
|
|
|
If you want to skip to the next article where I show you how to encrypt your own documents using RSA, see <a href="/2020/04/06/rsa4.html">this link</a>.</p>
|
|
|
|
|
|
<h3 id="rsa">RSA</h3>
|
|
|
|
|
|
<p>The mathamatic center of the RSA system was developed over the course of a year or so.
|
|
|
Three men were involved. Ron Rivest, Adi Shamir, and Leonard Aldeman.
|
|
|
They worked as a kind of “team”: Each idea by Rivest and Shamir were critisized by the mathamatician on their team: Mr. Aldeman.</p>
|
|
|
|
|
|
<p>One night, after consuming
|
|
|
<a href="https://www.math.uchicago.edu/~may/VIGRE/VIGRE2007/REUPapers/FINALAPP/Calderbank.pdf">“liberal quantities of Manischewitz wine”</a>
|
|
|
Rivest had trouble sleeping.
|
|
|
After taking long gazes into the abyss of his math textbook, he came up with an idea which would change cryptography forever.
|
|
|
By the next morning, an academic mathamatical paper was nearly finished.
|
|
|
He named it after himself and the two others that had been helping him along this whole time. <em>Rivest, Shamir, Aldeman</em>.</p>
|
|
|
|
|
|
<p>Key sizes of RSA range from 1024-bit to 4096-bit.
|
|
|
1024-bit keys are considered somewhat insecure.
|
|
|
However,
|
|
|
it should be noted that every bit doubles the complexity of the key,
|
|
|
so 2048 is <a href="https://www.wolframalpha.com/input/?i=2%5E1024">2^1024</a> times more complex than 1024.</p>
|
|
|
|
|
|
<h3 id="eliptic-curve-ec">Eliptic-Curve (EC)</h3>
|
|
|
|
|
|
<p>Eliptic-Curve (EC) is a family of algorithms that use the <a href="https://en.wikipedia.org/wiki/Elliptic_curve">Eliptic curve</a> mathamatical structure to generate the numbers for the keys.
|
|
|
EC can effectivly provide the security of an RSA key <a href="https://www.youtube.com/watch?v=NF1pwjL9-DE">one order of magnitude larger</a> than an RSA key.</p>
|
|
|
|
|
|
<figure>
|
|
|
<img src="/assets/img/ec.png" alt="A picture of an eliptic curve." class="small-image" />
|
|
|
<figcaption>
|
|
|
An eliptic curve structure.
|
|
|
</figcaption>
|
|
|
</figure>
|
|
|
|
|
|
<p>It’s fast; it’s secure! Perfect right?</p>
|
|
|
|
|
|
<p>Of course not!</p>
|
|
|
|
|
|
<p>One problem is that due to the smaller key size,
|
|
|
it can more easily be broken by brute-force.
|
|
|
This is why EC is mostly used for temporary communication (like HTTPS), not permenant communication (like having an encrypted email conversation with a journalist).</p>
|
|
|
|
|
|
<p>The other problem is that a certain EC algrorithm called P-256 is suspected to be introduced with malice to National Institute of Standards and Technology (NIST)
|
|
|
<a href="https://www.schneier.com/essays/archives/2007/11/did_nsa_put_a_secret.html">by the NSA</a>.
|
|
|
Supposedly, the NSA is able to crack anything encrypted with this algorithm.
|
|
|
I will let the experts argure about that.</p>
|
|
|
|
|
|
<p>Other well-known EC algorithms that are more-or-less trusted as secure do exist though.
|
|
|
The premeire one being Curve25519.
|
|
|
The reference implementation of <a href="https://cr.yp.to/ecdh.html">this algrorithm</a> is also <a href="https://fairuse.stanford.edu/overview/public-domain/welcome/">public-domain</a>,
|
|
|
so it is easy for devlopers to work into their own applications without worrying about copywrite.</p>
|
|
|
|
|
|
<h2 id="conslusion">Conslusion</h2>
|
|
|
|
|
|
<p>In this article we went over some basic points:</p>
|
|
|
|
|
|
<ol>
|
|
|
<li>Public-key encryption enables secure communication over insecure networks.</li>
|
|
|
<li>RSA is considered the standard for extra-seure communication.</li>
|
|
|
<li>EC is a newer, faster, more transient encryption method.</li>
|
|
|
</ol>
|
|
|
|
|
|
<p>To learn how to use RSA keys to encrypt your own communications, check out <a href="/2020/04/06/rsa4.html">this other aritcle I wrote</a>.</p>
|
|
|
|
|
|
|
|
|
</div>
|
|
|
|
|
|
<footer>
|
|
|
This page is mirrored on <a href="https://beta.tait.tech/2020/04/02/rsa3.html">beta.tait.tech</a>, which is also not hosted by Amazon.
|
|
|
</footer>
|
|
|
|
|
|
</div>
|
|
|
</body>
|
|
|
</html>
|