Algorithms - Encryption/Cryptography

Wiki defines the encryption - "Encryption is the process of transforming information (referred to as plaintext) using an algorithm (called a cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key".

As long as both sides of communication have the correct cipher/algorithm, they can decode/decipher any message the other sent.

Encryption systems belong in one of two groups:

1. Symmetric-key encryption or Private-key encryption
   
   
   1. The encryption and decryption keys are the same.
   
   
   2. Thus communicating parties must agree on a secret key before they wish to communicate.
   
   
   3. secret-key cryptography operates about 1000 times faster than public-key cryptography.
   
   
   4. Data Encryption Standard (DES): The most common Symmetric-key encryption scheme used today.
   
   
   5. Advanced Encryption Standard (AES): The official successor to DES in December 2001.
   
   
   
   
2. Asymmetric-key encryption or Public-key encryption
   
   
   1. It was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
   
   
   2. Simple description:
      Suppose I tell you that I have two prime numbers, 3 and 7, and that I want to calculate the product; it should take almost no time to calculate that value, which is 21. Now suppose, instead, that I tell you that I have a number, 21, and I need you tell me which pair of prime numbers I multiplied together to obtain that number. You will eventually come up with the solution but whereas calculating the product took milliseconds, factoring will take longer. The problem becomes much harder if I start with primes that have 400 digits or so, because the product will have ~800 digits. - from An Overview of Cryptography
   
   
   3. Public-key cryptography uses asymmetric key algorithms (such as RSA) where the key used to encrypt a message is not the same as the key used to decrypt it.
   
   
   4. This uses two different keys at once - a combination of a private key and a public key.
   
   
   5. Each user has a pair of cryptographic keys - a public encryption key and a private decryption key.
   
   
   6. The encryption key is public: that is, anyone (friend or foe) has access to the encryption key, and can encrypt messages.
   
   
   7. However, only the receiving party has access to the decryption key and thus is the only one capable of reading the encrypted messages.
   
   
   8. In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret only known to recipient.
   
   
   9. Messages are encrypted with the recipient's public key, and can be decrypted only with the corresponding private key.
   10. The two keys are different but mathematically related although knowledge of one key does not allow someone to easily determine the other key. In other words, the parameters are chosen so that determining the private key from the public key is either impossible or prohibitively expensive.
   
   
   11. A very popular public-key encryption programs are Pretty Good Privacy (PGP), GNU Privacy Guard (GnuPG or GPG), and Transport Layer Security (TLS).
   
   
   12. RSA: The first, and still most common named for the three MIT mathematicians who developed it - Ronald Rivest, Adi Shamir, and Leonard Adleman.
   
   

The key in public-key encryption is based on a hash value which is a value that is computed from a base input number using a hashing algorithm. Actually, the hash value is a summary of the original value, and it is nearly impossible to derive the original input number without knowing the data used to create the hash value.

The example above is just to give the basic idea. However, actually the public-key encryption is much more complicated.

Hash functions

More info on hash.

Though encoding and encryption are different, they share the similarities:

1. Both transform data into another format.
2. Both of them are reversible

In terms of the purpose they are different:

1. Encoding
   The primary purpose of encoding is to transform data so that it can be consumed properly by a different type of system, e.g. binary data being sent over email, or viewing special characters on a web page (URL Encoding, Base64 for example). The goal is not to keep information secret, but rather to ensure that it's able to be properly consumed.
   Encoding transforms data into another format using a scheme that is publicly available so that it can easily be reversed. It does not require a key as the only thing required to decode it is the algorithm that was used to encode it.
   
2. Encryption
   The purpose of encryption is to transform data in order to keep it secret from others, e.g. sending a secret letter that only the targeted receiver should be able to read, or sending a password over the Internet securely. Rather than focusing on usability, the goal is to ensure the data cannot be consumed by anyone other than the intended recipient(s).
   Encryption transforms data into another format in such a way that only specific individual(s) can reverse the transformation. It uses a key, which is kept secret, in conjunction with the plaintext and the algorithm, in order to perform the encryption operation. As such, the ciphertext, algorithm, and key are all required to return to the plaintext.
   

No single algorithm is ideal for all situations but the following general principles apply (from http://technet.microsoft.com/en-us/library/ms345262.aspx)

1. Strong encryption generally consumes more CPU resources than weak encryption.
2. Long keys generally yield stronger encryption than short keys.
3. Asymmetric encryption is stronger than symmetric encryption using the same key length, but it is relatively slow.
4. Block ciphers with long keys are stronger than stream ciphers.
5. Long, complex passwords are stronger than short passwords.
6. If we need to encrypt lots of data, we should encrypt the data using a symmetric key, and encrypt the symmetric key with an asymmetric key.
7. Encrypted data cannot be compressed, but compressed data can be encrypted. If we use compression, you we compress data before encrypting it.

Here is the list of encryption algorithms.

The most simplest one is an encryption using symmetric key, and the following example shows how to encrypt/decrypt using gpg on linux. Almost all linux flavor have gpg installed by default.

First we have a file, myfile which has simple text "My File", and want it to be encrypted.

$ gpg -c myfile
Enter passphrase:
Repeat passphrase:

Then, we will have addition file, myfile.gpg
To decrypt the file:

$ gpg -d myfile.gpg
gpg: CAST5 encrypted data
Enter passphrase:
My File
gpg: WARNING: message was not integrity protected

It prints out the file content to the screen, but if we want to save it to another file, then

$ gpg --output myfile.decrypted -d myfile.gpg
gpg: CAST5 encrypted data
gpg: encrypted with 1 passphrease
gpg: WARNING: message was not integrity protected

Note that this encryption is using a symmetric cryptographic algorithm, one that uses the same key on both sides. In other words, we decrypt the file using the same passphrase that we encrypt with.

SNSD Taeyeon - Beethoven_Virus.mp3