How do we secure our belongings in the real world? We immediately think of some form of lock and key. A key is used for locking and unlocking. It is the same person who locks and unlocks as the holder of the key. In the digital world, it is not the case. We need two keys for securing digital matter. These are the Public Key and Private Key and are nothing but a concise code.
A message or document gets transmitted from Person A to Person B over the Internet as in figure 7.1. A Person could be an individual or an organization. So in the Digital world, two people are involved in handling a message and are geographically apart. Similar to the physical world solution, we require keys, key management, and encryption.
In the digital world, there are more issues to be addressed during the exchange of the message/document to guarantee a smooth and purposeful transfer of information and as below:
Authenticity of Identification - The Receiver should be able to identify the sender of the document.
Non-repudiation - Having sent the document, the sender, at a later stage cannot refute that he had not sent the document.
Integrity - The document has not got altered on the way, from sender to receiver, after the sender had sent it i.e. not tampered in any form.
Confidentiality - The document has not been eve dropped or seen by anyone else on the way except the recipient i.e. eliminating the possibility of misuse by the third party.
A Digital Signature can deal with Authenticity, Non-Repudiation and Integrity to a large extent. Encryption of information by the sender further meets the additional requirements of Integrity, and Confidentiality using Public Key Infrastructure.
Encryption
Encryption is a codification of input. Encrypted information demands that only when the appropriate key is used, the content can be decrypted. Encryption happens at the sender end while decryption is done at the receiver end. The encrypted information traverses over the internet, thus providing a kind of security and secrecy to some extent against attacks. There are two kinds of encryption in practice namely Symmetric Key Encryption and Asymmetric Key Encryption.
Symmetric Key Encryption (Symmetric Cryptography) - One single key is used for encrypting and decrypting. The key used in encryption is also used for decryption. Hence it is also called Symmetric. The key is generated by a random function. The key has to be shared between the sender and recipient in a secured manner. Once the Key is known, all communications using this key is decipherable. The encryption algorithm has to be strong enough that none other than the two parties involved should be able to guess and decipher the content. Figure 7.2. explains the process of Symmetric Key Encryption.
Asymmetric Key Encryption (Asymmetric Cryptography) - Uses two interrelated keys. One key is known as Public Key and the other is known as Private Key. One of them is used for encryption and the other for decryption.
Public Key - Public Key is one that the sender and the receiver have access to. It is shared amongst the stakeholders.
Private Key - Private Key is one that is kept confidential by the owner. It is computationally almost infeasible to find the pairing private key using the public key.
However, figure 7.3 will clear the doubt as to what extent is the public key public. As you see, Bob has in his contact list few members namely, Alice, Mike, Joy and Ted. Bob has the public key of all of these people in his key ring.
- When Bob wants to send a text to Alice, he will use Alice’s Public Key to encrypt and the encrypted content is sent to Alice. Alice will use his private key to decrypt and obtain the original text.
- Similarly, if Bob decides to send another text to Joy, he will use Joy’s Public Key to encrypt and send to Joy. Joy will decrypt using his Private key to obtain the original text.
- If Bob requires sending a text to both Joy and Alice, he will have to encrypt with each of their public keys before sending it. Thus the key is selected based on the recipient and has nothing to do with the text.
Two applications of Asymmetric cryptography are Public Key Encryption and Digital Signatures.
Public Key Encryption is the process of encrypting content with the receiver's public key. The encrypted electronic document is sent over the internet. The receiver decrypts with his private key.
Public Key Infrastructure (PKI) - It is important that there regulations for the key generation and key exchange. PKI is a set of roles, policies, and procedures needed to create, manage, distribute, store, use, and revoke digital certificates for Public Key Encryption. PKI includes Certification Authority, Registration Authority and Validation Authority who are registered with and authorized by the Government for managing PKI. Anyone requiring Digital certificates/Key has to approach these PKI Authorities.
Digital Signature - Digital Signature is an electronic document that you hold a digital key. Digital signatures are used for electronically signing a document using the sender’s private key, as we use our exclusive sign in the paper documents. Anyone having the pairing public key of the sender can decrypt. A digital signature is used for authentication. So an encrypted content is digitally signed for authentication while adding other characteristics like non-repudiation and Integrity. This authentication process is shown in figure 7.4.
From the above discussions, it is understandable that either of the keys can be used for encryption and the other pairing key is required for decryption. It is the purpose that decides which key is used for encryption/decryption. The Procedural Difference between PKE and Digital signature is detailed in the table below.
Purpose | Sender uses | Recipient uses |
---|---|---|
Digital Signature | Sender’s Private Key | Sender’s Public Key |
Encryption of Content | Receiver’s Public key | Receiver’s Private Key |
Cryptography algorithms
Cryptography is required for securing communications and data over the Internet from adversaries. Cryptography is nothing but encryption and decryption i.e. converting content into ciphertext (Encryption) and deciphering (Decryption) to get back plain text.
The popular algorithms for Symmetric Cryptography are Data Encryption Standard (DES), International Data Encryption Algorithm (IDEA), BLOWFISH, Advanced Encryption Standard (AES) Secured Hash Algorithms (SHA) and Message Digest (MD). RSA, Diffie-Hellman, and El-Gamal, Elliptic Curve Cryptography (ECC) are few of the Asymmetric Cryptography algorithms. Most of these algorithms have variants and versions. The key lengths used by these algorithms vary from 8 bit to 512 bits. The strength of the algorithm is in the inability of the hacker to decrypt, in spite of having one key. The larger the length of the key, the stronger the encryption is, and hence less vulnerable to hackers attack. Larger key also demands higher computational power for encryption. The algorithmic details are beyond the scope here.
Blockchain and Hashing
Blockchain uses hashing for providing Data Integrity.
In Blockchain Network, Public Key Cryptography is useful in creating a secured Digital reference about the identity of users. Secured digital reference includes "who owns what" and "who is who" in the P2P network. This identity is more important in Public Blockchain.
Hashing in Cryptocurrency network is used for the following purposes:
- Encoding the Wallet address
- Encoding the Wallet transactions
- Verifying the wallet balances
- Proof of Work
Hashing is used in creating blocks. It uses Secure Hashing Algorithm (SHA) with 256-bit key length. SHA produces a fixed-length hash code corresponding to variable length input. The strength of the hash function is that it is unidirectional i.e. you can produce hash output h but cannot reconstruct the input for h. This powerful feature makes it a choice SHA-256 for use in Blockchain Technology.
New algorithms like Zero-Knowledge Proof and Ring Signatures, ECC are also being tried for Privacy-preserving functionality in Blockchain.