Cryptography >  One-Key versus Two-Key Cryptography (15 min.)    
Objectives:

1) Distinguish between 1- Key and 2-Key Cryptography and their different uses.

2) Understand their lacks/benefits and usage.


"T
here are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments
from reading your files
."

--Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C.


1) One-Key Cryptography 

In a "One-Key-Encryption" or "Conventional Encryption", the sender and the recipient share the same key as their common secret as displayed in figure 2 below. 

Figure 2 (source: www.PGPi.com):  Conventional Encryption Scheme. The same key is used to encode and decode.


At some earlier point in time the two correspondents, the sender and the recipient, must have agreed on that key. If they are in different locations, they must trust a courier or a phone system to transmit the secret key in a secure manner. Surely, this is not very practical, particularly when many (new) parties are involved. 

However, the major problem is the total number of keys involved. 2 correspondents use 1 key, 3 use 3 keys, 4 use 6 keys, 5 use 10 keys, 100 use 4950 keys, 1000 use 499500 keys, etc. And each key must be stored in a secure manner. And what if a key was accidentally revealed to a third party? Key management is enough of a difficult task that a name was invented for it: The Key Distribution Problem. It is the reason why One-Key-Cryptography is not appropriate for today's secure electronic data transfers between many parties involved. Another way of encrypting data was needed: Two-Key Cryptography solves the key distribution problem.  

Caesar's way of having to deal with many different recipients was to simply use the same key for everybody. This allowed any of his recipients to decrypt any Caesar-encoded message. Let's assume that he hand-delivered his letters to Cleopatra... 


 

The Importance of Keys 

Every Cipher is made up of two ingredients: an encryption method (the "algorithm") and the set of all possible keys (the "key space"). The sender may now choose from the number of possible keys to encode his secret message. What is the security of the encoded message based on? Is it the algorithm or the variety of keys? The Dutch Cryptographer Auguste Kerckhoff von Nieuwenhof answered this in 1883:

Kerckhoff's Principle:

"The security of a cryptosystem shall not be based on keeping the algorithm secret but solely on keeping the key secret."

Kerckhoff formulated what every sender should have in mind when encoding a message: he shall not be naive and hope that his way of encrypting (his algorithm) has not been invented yet. How would he know? Nobody knows today how much cryptographic knowledge the  NSA possesses. The National Security Agency employs more Mathematicians and other knowledgeable people than any other organization in the world. NSA is jokingly abbreviated as No Such Agency since nobody knows their advances and current knowledge on cryptography. The history of cryptography is filled with examples where the senders based their confidence fully on the assumption that their way of encoding was not known. A faux pas.

If the algorithm can not guarantee any security, then it must be the keys. (Recall that Special Agent 007 - James Bond - carries a secret key in his well-protected suitcase and not an algorithm. And the submarine officers in "Crimson Tide" requires the secret key to launch the nuclear weapons.) How do keys ensure the security of a cipher? The answer is simple: It is the huge number of possible keys to choose from. Correct, not big but huge. Why that? Well, if a cipher consists of only 25 keys - as for the Caesar Cipher - an eavesdropper simply has to test those keys and the cipher is cracked. However, if the number of keys is 26! = 403291461126605635584000000 - as it is for the Monoalphabetic Cipher - the eavesdropper's job is much more difficult. Testing each possible key would take too long. I.e. If he tests one key per second it would take him about a billion times the existence of our universe to crack a Monoalphabetic Cipher. No eavesdropper would take that route. 

 

6 Key - Facts:

1) One-Key Cryptography means that the knowledge of the encoding key yields the decoding key. (We will learn below that this implication is not true for Two-Key Cryptography.) 

2) Such Ciphers are therefore also called "Symmetric Ciphers". (Correspondingly, the Two-Key Cryptography Ciphers are also called "Asymmetric Ciphers".) 

3) If a Cipher only offers a small number of keys (i.e. the Caesar Cipher) it can be broken by simply testing the possible keys.

4) A huge number of keys assures the security of a cipher (i.e. The One Time Pad.)

5) One-Key-Cryptography provides "high-security" ciphers, however, their usage is not practical because of the key distribution problem. It describes the difficulty of exchanging and handling a large number of keys. I.e. 1000 correspondents have to handle a total of 499500 keys. The number of keys increases with the square of the number of correspondents.

6) With the increased need for secure electronic communication in the 1970's, more practical encryption methods were needed. Below, I will explain how "Two-Key Cryptography" fulfilled this need.

 



2) Two-Key Cryptography 

The "Two-Key Cryptography" or "Public-Key Cryptography" was a major breakthrough in 1976. It makes the inconceivable reality: A Public Key is used to encode the plain text, its corresponding Private Key is used to decode the cipher text. The clue: Although the encoding key available to the whole world, nobody is capable of figuring out the decoding key. The figure below shows the how "Two-Key Cryptography" is performed.

 

Figure 3 (source: www.PGPi.com):    Public-Key Encryption Scheme. The encoding key is used to encode the plaintext, the decoding is used to decode the ciphertext.

The primary benefit of public key cryptography is that it allows people who have no preexisting security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.

Because conventional cryptography was once the only available means for relaying secret information, the expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings). Public Key encryption is the technological revolution that provides strong cryptography to the adult masses. However, it is not meant to replace secret Key encryption, but rather to supplement it.  Many encryption systems combine both as follows: The actual encryption is performed with a fast and secure secret key method and the used secret key is encrypted with a public key method and transmitted to the recipient together with the encrypted message.      

In this tutorial you will study the RSA-Cipher as the most popular example of such public-key encryption systems. The other ciphers in this tutorial are secret key encryption systems.   

 

Related web sources:

Yahoo's Encryption & Security

Britannica.com

Dictionary.com

Glossary

PBS Online

Introduction to Cryptography

Enigma and the Codebreakers

Enigma History

Enigma Emulator

 

 

 

   

Figure 3:   An overview of the Science of Secret Communications.  

 

  top

back  next