Cryptosystems
Cryptosystems
Cryptosystems
Let us discuss a simple model of a cryptosystem that provides confidentiality to the information
being transmitted. This basic model is depicted in the illustration below −
The illustration shows a sender who wants to transfer some sensitive data to a receiver in such a
way that any party intercepting or eavesdropping on the communication channel cannot extract
the data.
The objective of this simple cryptosystem is that at the end of the process, only the sender and the
receiver will know the plaintext.
Components of a Cryptosystem
The various components of a basic cryptosystem are as follows −
Decryption Key. It is a value that is known to the receiver. The decryption key is related to
the encryption key, but is not always identical to it. The receiver inputs the decryption key
into the decryption algorithm along with the ciphertext in order to compute the plaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a key space.
An interceptor anattacker is an unauthorized entity who attempts to determine the plaintext. He can
see the ciphertext and may know the decryption algorithm. He, however, must never know the
decryption key.
Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which encryption-
decryption is carried out in the system −
The main difference between these cryptosystems is the relationship between the encryption and
the decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is
practically impossible to decrypt the ciphertext with the key that is unrelated to the encryption key.
A few well-known examples of symmetric key encryption methods are − Digital Encryption
Standard DES, Triple-DES 3DES, IDEA, and BLOWFISH.
Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its relevance is
very high and it is being used extensively in many cryptosystems. It is very unlikely that this
encryption will fade away, as it has certain advantages over asymmetric key encryption.
Persons using symmetric key encryption must share a common key prior to exchange of
information.
Keys are recommended to be changed regularly to prevent any attack on the system.
A robust mechanism needs to exist to exchange the key between the communicating parties.
As keys are required to be changed regularly, this mechanism becomes expensive and
cumbersome.
In a group of n people, to enable two-party communication between any two persons, the
number of keys required for group is n × n– 1/2.
Length of Key numberofbits in this encryption is smaller and hence, process of encryption-
decryption is faster than asymmetric key encryption.
Key establishment − Before any communication, both the sender and the receiver need to
agree on a secret symmetric key. It requires a secure key establishment mechanism in
place.
Trust Issue − Since the sender and the receiver use the same symmetric key, there is an
implicit requirement that the sender and the receiver ‘trust’ each other. For example, it may
happen that the receiver has lost the key to an attacker and the sender is not informed.
These two challenges are highly restraining for modern day communication. Today, people need
to exchange information with non-familiar and non-trusted parties. For example, a communication
between online seller and customer. These limitations of symmetric key encryption gave rise to
asymmetric key encryption schemes.
Asymmetric Key Encryption was invented in the 20th century to come over the necessity of pre-
shared secret key between communicating persons. The salient features of this encryption
scheme are as follows −
Every user in this system needs to have a pair of dissimilar keys, private key and public
key. These keys are mathematically related − when one key is used for encryption, the other
can decrypt the ciphertext back to the original plaintext.
It requires to put the public key in public repository and the private key as a well-guarded
secret. Hence, this scheme of encryption is also called Public Key Encryption.
Though public and private keys of the user are related, it is computationally not feasible to
find one from another. This is a strength of this scheme.
When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository,
encrypts the data, and transmits.
Length of Keys numberofbits in this encryption is large and hence, the process of encryption-
decryption is slower than symmetric key encryption.
Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are quite
difficult to comprehend.
You may think, how can the encryption key and the decryption key are ‘related’, and yet it is
impossible to determine the decryption key from the encryption key? The answer lies in the
mathematical concepts. It is possible to design a cryptosystem whose keys have this property. The
concept of public-key cryptography is relatively new. There are fewer public-key algorithms known
than symmetric algorithms.
This is usually accomplished through a Public Key Infrastructure PKI consisting a trusted third
party. The third party securely manages and attests to the authenticity of public keys. When the
third party is requested to provide the public key for any communicating person X, they are trusted
to provide the correct public key.
The third party satisfies itself about user identity by the process of attestation, notarization, or
some other process − that X is the one and only, or globally unique, X. The most common method
of making the verified public keys available is to embed them in a certificate which is digitally
signed by the trusted third party.
Due to the advantages and disadvantage of both the systems, symmetric key and public-key
cryptosystems are often used together in the practical information security systems.
Falling of the cryptosystem in the hands of an intruder should not lead to any compromise of
the system, preventing any inconvenience to the user.
The encryption apparatus and documents should be portable and operable by a single
person.
Finally, it is necessary that the system be easy to use, requiring neither mental strain nor the
knowledge of a long series of rules to observe.
The second rule is currently known as Kerckhoff principle. It is applied in virtually all the
contemporary encryption algorithms such as DES, AES, etc. These public algorithms are
considered to be thoroughly secure. The security of the encrypted message depends solely on the
security of the secret encryption key.
Keeping the algorithms secret may act as a significant barrier to cryptanalysis. However, keeping
the algorithms secret is possible only when they are used in a strictly limited circle.
In modern era, cryptography needs to cater to users who are connected to the Internet. In such
cases, using a secret algorithm is not feasible, hence Kerckhoff principles became essential
guidelines for designing algorithms in modern cryptography.
Loading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js