Based in Denver, CO, Agile Ideation collects the thoughts and experiences of Ed Schaefer. His posts explore agile and devops related topics as he works to maximize team effectiveness and minimize waste through continuous learning, coaching and empowering teams.

Public Key Cryptography

One of the most complicated aspects of cryptography is the key. A one-time pad is certainly the most secure, but plagued with issues because the pad can only be used once. If needing to guarantee the security of a crate one could attach a lock, send it to the recipient who attaches their own lock and sends it back. The sender (who just received the package) removes the original lock sending it back to its final destination. The original recipient removes their padlock and opens the box. Unfortunately this is impossible with cryptography as decryption must be performed in exactly the opposite as the encryption.

The first public-key invented, Diffie-Hellman, was created in 1976 and uses a very simple mathematic principal. Using exponentiation Diffie-Hellman allows two people to create a key, but does not provide any method to encrypt or decrypt messages. First the involved parties, Alice and Bob, must designate a large prime. This prime must be n and g where g is primitive mod n. Selecting the agreed upon figure does not need to be done securely and can be transmitted over a public channel. Next Alice and Bob each select a unique large integer (x and y, respectively). Alice uses x such that X=gx mod n, sending the result to Bob, and Bob uses y such that Y = gy mod n. Alice is able to compute k = Yx mod n and Bob is able to compute k’ = Xy mod n, due to the law of exponents.

This leads to more modern assymetric ciphers. With an asymmetric cipher there is one key to encrypt and one key to decrypt. More importantly it does not matter which key you use, so anything encrypted with key 1 can be decrypted with key 2 and vice versa. This can be used as a method of authentication by publishing one key on a website or other public database and signing all legitimate documents with the opposite key. More interestingly, this provides an excellent method to ensure that no one but the intended recipient can access the encrypted file. If anyone wanted to send something and ensure only the intended recipient could read it, encrypt it using the recipients public key, and only this person will be able to decrypt using the private key. Now the question arises, how does one authenticate it was sent by the anticipated sender? This can be done by using double encryption. First the sender encrypts with her private key (thus the recipient will need to decrypt using her public key) then encrypts it again with the recipients public key (thus the recipient will need to unlock using his private key). This method provides both authentication and verification of sender and recipient.

Public key encryption is one of the most substantial additions to cryptography in the last 30 plus years. Now used at almost every level, including simple things such as email, this method of cryptography creates a very high level of security with a very low level of computing power requirements. This makes it trivial to securely transmit the key to encrypted information allowing the process of encryption and decryption to be much simpler than encrypting and decrypting all of the data, and therefore more feasible for everyday use.

Security Policy

Intellectual Property