Widely used encryption standards

• In case it hasn't become clear yet, what I really like about the subject of encryption is how much you can say without actually discussing how the encryption is done.

  So far, the only properties of the encryption functions we have been discussing that have been relevant are:

  • The distinction between public and secret key systems.

  • The claim that in some public key systems either key can be used for encryption as long as the other key is used for decryption.
  If you think about it, we've gone quite a distance without asking much about how the encryption is done. I think this is very good.

• Alas, I think I owe you some discussion of actual encryption functions used in the real world. So, here goes. Needless to say, I will keep it short.

• Secret Key Encryption Systems.

  • The two most common systems for secret key encryption are

    DES

    which stands for data encryption standard. This is an algorithm developed by IBM in the early 70's and then mysteriously weakened before becoming a US government standard. (There are those who suspect it was weakened just enough to make sure certain intelligence agencies could crack DES codes when necessary.)

    IDEA

    is a more recent (1991) standard of European roots.

  • Both DES and IDEA encrypt blocks of data 64-bits in length.

    If (as is likely) a message that is not 64-bits long is to be encrypted it must be broken up into 64-bit chunks (and padded with extra bits if necessary). In this case, it is not considered safe to simply apply the encryption process independently to each block. A more complex procedure is used so that each block is encrypted somewhat differently from the proceeding blocks. We will discuss this if time permits.

  • DES uses a 64-bit key 8 bits of which are parity bits for a "real" length of 56-bits. IDEA uses a 128-bit key. All other things being equal, it should be clear that it is harder to break IDEA than DES by brute force. In fact, while 2⁵6 may seem like a lot of keys to us normal people, it is not considered enough for highly secure encryption given current hardware speeds.

  • When one looks at the guts of these encryption methods one comes to understand why I don't like to talk about the details much. They basically both involve phase after phase of highly unpredictable bit shifting and substring substitutions controlled in peculiar ways by the bits of the keys.

• Public Key Encryption

  • The BIG public key system is RSA (Rivest-Shamir-Adelman) encryption.

  • Unlike the secret key algorithms, RSA encryption is based on something a bit more subtle than lots of permutations and substitutions.

    • RSA encyption depends on the amazing fact that if r is the number of number less than n that are relatively prime to n, then for any number t such that t mod r = 1, x^t mod n = x.

    • To take advantage of this, one first picks two large prime numbers p and q and chooses n = pq. By large we mean hundreds of binary digits.

    • Luckily, in this case one can conclude that the number of numbers less than n that are relatively prime to n equals (p-1)(q-1).

    • So, all we need is some t such that t mod (p-1)(q-1) is one.

    • Rather than being straightforward about this, we will look for a pair of numbers e and d such that t = ed.

    • If we first find some e such that e is relatively prime to (p-1)(q-1) then we can be sure e has a multiplicative inverse mod (p-1)(q-1). We will call this value d.

    • Given these values, we can conclude that for any x less than n, x = x^ed mod n.

    • Now, we will use these facts by using cipher = x^e mod n as our encryption function and x = cipher^d mod n as the decryption function. In other words, (e,n) will be the public key and (d,n) will be the private key.

    • If n were easy to factor, it would be simple to determine d from e. However, since n is a VERY LARGE number, factoring it is very difficult. The security of the scheme rests on this fact.

  • Notice, this explains the fact that e and d are interchangeable as encryption/decryption keys.