Cryptosystems

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

CRYPTOSYSTEMS

http://www.tutorialspoint.com/cryptography/cryptosystems.htm Copyright © tutorialspoint.com

A cryptosystem is an implementation of cryptographic techniques and their accompanying


infrastructure to provide information security services. A cryptosystem is also referred to as a
cipher system.

Let us discuss a simple model of a cryptosystem that provides confidentiality to the information
being transmitted. This basic model is depicted in the illustration below −

The illustration shows a sender who wants to transfer some sensitive data to a receiver in such a
way that any party intercepting or eavesdropping on the communication channel cannot extract
the data.

The objective of this simple cryptosystem is that at the end of the process, only the sender and the
receiver will know the plaintext.

Components of a Cryptosystem
The various components of a basic cryptosystem are as follows −

Plaintext. It is the data to be protected during transmission.

Encryption Algorithm. It is a mathematical process that produces a ciphertext for any


given plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and an
encryption key as input and produces a ciphertext.

Ciphertext. It is the scrambled version of the plaintext produced by the encryption


algorithm using a specific the encryption key. The ciphertext is not guarded. It flows on public
channel. It can be intercepted or compromised by anyone who has access to the
communication channel.

Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for


any given ciphertext and decryption key. It is a cryptographic algorithm that takes a
ciphertext and a decryption key as input, and outputs a plaintext. The decryption algorithm
essentially reverses the encryption algorithm and is thus closely related to it.
Encryption Key. It is a value that is known to the sender. The sender inputs the encryption
key into the encryption algorithm along with the plaintext in order to compute the ciphertext.

Decryption Key. It is a value that is known to the receiver. The decryption key is related to
the encryption key, but is not always identical to it. The receiver inputs the decryption key
into the decryption algorithm along with the ciphertext in order to compute the plaintext.

For a given cryptosystem, a collection of all possible decryption keys is called a key space.

An interceptor anattacker is an unauthorized entity who attempts to determine the plaintext. He can
see the ciphertext and may know the decryption algorithm. He, however, must never know the
decryption key.

Types of Cryptosystems
Fundamentally, there are two types of cryptosystems based on the manner in which encryption-
decryption is carried out in the system −

Symmetric Key Encryption


Asymmetric Key Encryption

The main difference between these cryptosystems is the relationship between the encryption and
the decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is
practically impossible to decrypt the ciphertext with the key that is unrelated to the encryption key.

Symmetric Key Encryption


The encryption process where same keys are used for encrypting and decrypting the
information is known as Symmetric Key Encryption.

The study of symmetric cryptosystems is referred to as symmetric cryptography. Symmetric


cryptosystems are also sometimes referred to as secret key cryptosystems.

A few well-known examples of symmetric key encryption methods are − Digital Encryption
Standard DES, Triple-DES 3DES, IDEA, and BLOWFISH.

Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its relevance is
very high and it is being used extensively in many cryptosystems. It is very unlikely that this
encryption will fade away, as it has certain advantages over asymmetric key encryption.

The salient features of cryptosystem based on symmetric key encryption are −

Persons using symmetric key encryption must share a common key prior to exchange of
information.

Keys are recommended to be changed regularly to prevent any attack on the system.
A robust mechanism needs to exist to exchange the key between the communicating parties.
As keys are required to be changed regularly, this mechanism becomes expensive and
cumbersome.

In a group of n people, to enable two-party communication between any two persons, the
number of keys required for group is n × n– 1/2.

Length of Key numberofbits in this encryption is smaller and hence, process of encryption-
decryption is faster than asymmetric key encryption.

Processing power of computer system required to run symmetric algorithm is less.

Challenge of Symmetric Key Cryptosystem


There are two restrictive challenges of employing symmetric key cryptography.

Key establishment − Before any communication, both the sender and the receiver need to
agree on a secret symmetric key. It requires a secure key establishment mechanism in
place.

Trust Issue − Since the sender and the receiver use the same symmetric key, there is an
implicit requirement that the sender and the receiver ‘trust’ each other. For example, it may
happen that the receiver has lost the key to an attacker and the sender is not informed.

These two challenges are highly restraining for modern day communication. Today, people need
to exchange information with non-familiar and non-trusted parties. For example, a communication
between online seller and customer. These limitations of symmetric key encryption gave rise to
asymmetric key encryption schemes.

Asymmetric Key Encryption


The encryption process where different keys are used for encrypting and decrypting the
information is known as Asymmetric Key Encryption. Though the keys are different, they are
mathematically related and hence, retrieving the plaintext by decrypting ciphertext is feasible.
The process is depicted in the following illustration −

Asymmetric Key Encryption was invented in the 20th century to come over the necessity of pre-
shared secret key between communicating persons. The salient features of this encryption
scheme are as follows −
Every user in this system needs to have a pair of dissimilar keys, private key and public
key. These keys are mathematically related − when one key is used for encryption, the other
can decrypt the ciphertext back to the original plaintext.

It requires to put the public key in public repository and the private key as a well-guarded
secret. Hence, this scheme of encryption is also called Public Key Encryption.

Though public and private keys of the user are related, it is computationally not feasible to
find one from another. This is a strength of this scheme.

When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository,
encrypts the data, and transmits.

Host2 uses his private key to extract the plaintext.

Length of Keys numberofbits in this encryption is large and hence, the process of encryption-
decryption is slower than symmetric key encryption.

Processing power of computer system required to run asymmetric algorithm is higher.

Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are quite
difficult to comprehend.

You may think, how can the encryption key and the decryption key are ‘related’, and yet it is
impossible to determine the decryption key from the encryption key? The answer lies in the
mathematical concepts. It is possible to design a cryptosystem whose keys have this property. The
concept of public-key cryptography is relatively new. There are fewer public-key algorithms known
than symmetric algorithms.

Challenge of Public Key Cryptosystem


Public-key cryptosystems have one significant challenge − the user needs to trust that the public
key that he is using in communications with a person really is the public key of that person and has
not been spoofed by a malicious third party.

This is usually accomplished through a Public Key Infrastructure PKI consisting a trusted third
party. The third party securely manages and attests to the authenticity of public keys. When the
third party is requested to provide the public key for any communicating person X, they are trusted
to provide the correct public key.

The third party satisfies itself about user identity by the process of attestation, notarization, or
some other process − that X is the one and only, or globally unique, X. The most common method
of making the verified public keys available is to embed them in a certificate which is digitally
signed by the trusted third party.

Relation between Encryption Schemes


A summary of basic key properties of two types of cryptosystems is given below −

Symmetric Cryptosystems Public Key Cryptosystems

Relation between Same Different, but mathematically related


Keys

Encryption Key Symmetric Public

Decryption Key Symmetric Private

Due to the advantages and disadvantage of both the systems, symmetric key and public-key
cryptosystems are often used together in the practical information security systems.

Kerckhoff’s Principle for Cryptosystem


In the 19th century, a Dutch cryptographer A. Kerckhoff furnished the requirements of a good
cryptosystem. Kerckhoff stated that a cryptographic system should be secure even if everything
about the system, except the key, is public knowledge. The six design principles defined by
Kerckhoff for cryptosystem are −

The cryptosystem should be unbreakable practically, if not mathematically.

Falling of the cryptosystem in the hands of an intruder should not lead to any compromise of
the system, preventing any inconvenience to the user.

The key should be easily communicable, memorable, and changeable.

The ciphertext should be transmissible by telegraph, an unsecure channel.

The encryption apparatus and documents should be portable and operable by a single
person.

Finally, it is necessary that the system be easy to use, requiring neither mental strain nor the
knowledge of a long series of rules to observe.

The second rule is currently known as Kerckhoff principle. It is applied in virtually all the
contemporary encryption algorithms such as DES, AES, etc. These public algorithms are
considered to be thoroughly secure. The security of the encrypted message depends solely on the
security of the secret encryption key.

Keeping the algorithms secret may act as a significant barrier to cryptanalysis. However, keeping
the algorithms secret is possible only when they are used in a strictly limited circle.

In modern era, cryptography needs to cater to users who are connected to the Internet. In such
cases, using a secret algorithm is not feasible, hence Kerckhoff principles became essential
guidelines for designing algorithms in modern cryptography.
Loading [MathJax]/jax/output/HTML-CSS/fonts/TeX/fontdata.js

You might also like