http://www.freedom.net/resources/features/crypto/index.html Demystifying Cryptography - Part 1 Freedom staff Throughout history, cryptographers have carried an aura of mystery. Early cipherers were akin to sorcerers trying to communicate with the spirit world, and kings and queens relied on the "Black Chambers" of code makers and breakers to handle covert communications. Today, cryptography is rapidly becoming a part of everyday life, although still somewhat shrouded in geek mystique. You don't have to be a mathematical genius, an elite hacker, or an American three-letter agency to understand the basics of crypto. Over the next weeks, we'll introduce you to the world of cryptography and how it works. Why Learn About Crypto? From the end of the Second World War until the early 1970s, cryptography was dominated by the military and government agencies. There has since been an explosion in cryptography research, and with the advent of digital communications and PCs, cryptography has become an increasingly important part of everyday life. Cellular phones encrypt voice conversations before they're sent over the airwaves, most companies useencryption to communicate securely with remote offices, and increasingly, Internet users rely on it to surf the web and communicate privately. The future will bring even more uses for cryptography, such as "digital cash", which will allow people to purchase items securely online without leaving long audit trails, unlike today's credit-card transactions. Cryptography will also play a pivotal role in secure online elections. And understanding crypto will help you come to an informed opinion about how this technology should fit into society. Basic Terms Before we get into the basics, let's clear up some terminology. The "sender" and "receiver" are pretty self-explanatory. The sender's original message is called the "plaintext". The process used to make the message unreadable to all but the receiver is called "encryption". The mechanism used to encrypt or decrypt the message is called the "cipher". The particular method within the cipher system to encrypt and decrypt the message is called the "key". The resulting encrypted message is called "ciphertext". Finally, the process of making ciphertext readable once more is called "decryption". The whole point of cryptography is to keep the content of messages between a sender and receiver secret from the enemy (also known as the "eavesdropper"). A Little History Cryptography has been in use for thousands of years in various forms. It's played pivotal roles in sending messages between military units, government offices and even star-crossed lovers. The earliest record of cryptography involves the use of non-standard hieroglyphs found in an Egyptian tomb dating back some 4,000 years. In India, a spoken code language, similar to ig-pay atin-lay (pig Latin), was used. The Bible records the Hebrew use of the Atbash cipher, where the letters of the alphabet were exchanged in reverse order. A became Z, B became Y, and so on, so that BLACK CAT became YOZXP XZG. Early cryptography consisted mostly of substitution ciphers like these in which each character of plaintext is substituted for a character of ciphertext. Julius Caesar used a system like this, shifting each letter of the alphabet ahead two letters. Cereal-box "secret spy wheels" use the same principle. Modern Systems Most substitution ciphers are easy to break because they don't hide the frequency of the underlying letters in the plaintext. Modern cryptography is based on the principle that some mathematical functions are easy to compute in one direction but very difficult and time-consuming to reverse. It's like mixing two different colored liquids together; it's very easy to mix them, but it's much more difficult to separate them again. One-way functions like these form the basic building blocks of key cryptography. The two most widely used crypto systems are symmetric-key cryptography and public-key cryptography. Symmetric-key systems use the same key for encryption and decryption. To send a private message, the sender first has to deliver the key to the receiver. She then encrypts her message with the key and sends it to the receiver. The receiver then uses the same key to decrypt the ciphertext, revealing the original message. Symmetric-key crypto is faster and is less complex than public-key crypto but it has some drawbacks. The main problem is that it's difficult to distribute the keys securely, especially over insecure channels such as the Internet. Eavesdroppers could easily intercept the key, and then intercept the ciphertext and decrypt the message. Public key crypto addresses the key distribution problem. To use a public-key system, the sender of a message must first create a key pair which is made up of a mathematically related public-key and a private-key. Using the public key, messages can be encrypted such that only someone with the private key can read them. With the private key, messages can be signed so that anyone can check them using the public key. The main advantage of public-key cryptography is that there is no need to distribute keys to the recipient before sending them an encrypted message. Unfortunately, the complete system is more complex to implement and is significantly slower than symmetric-key cryptography. Next Up We'll explore the processes of encyption, and see how cryptography is applied in real-world scenarios.