A Simple Guide to Encryption

Basic Encryption Theory
We have already defined a couple of key terms concerning encryption. A cipher is the specific set of steps that need to be followed to obtain ciphertext from plaintext. There are many different ciphers, and ciphers can be used more than once. A key is a small piece of data that the cipher uses to customize its actions on the data. Some ciphers take two keys, one to encrypt the data and one to decrypt it. The next step is to be able to make use of these terms.

In the example of a simple alphabetic substitution cipher, each letter stands for exactly one other letter. All letters have exactly one encrypted version. The most basic type of alphabetic cipher is one in which the alphabets are simply offset from one another by a specific amount. For instance, if an author offset his alphabets by five, E stands for A, F stands for B, and G stands for C, and he continues until all letters have a matching encrypted letter. He takes the message that that he wants to encrypt and applies the cipher to it. He turns all the As into Es, all the Bs into Fs and keeps going until he has encrypted the entire message. However, when he delivers the message to its intended recipient, he must also tell the recipient how to decrypt the message. He'll tell the recipient that the alphabets are offset by five. In this case, the cipher is a simple alphabetic cipher and the key is an offset of five. When the recipient receives the message and the key, he will be able to decrypt the message into plaintext and read it.

The main problem behind this particular type of cipher is the ease with which it can be broken. If the encrypted message fell into the hands of someone who didn't have the key but wanted to read the message, he would only have to try a maximum of 25 different keys before he found one that would decrypt this message.

This type of decryption attempt is called a brute force attack, and it occurs when a party with no knowledge of the key tries to decrypt the message by trying every possible key. In theory, every brute force attack will be successful given unlimited time. Another key assumption that is necessary for encryption to be effective is the assumption that it would take so long to decrypt a message using a brute force attack that the interested party would either not attempt such an attack or that he would be unsuccessful for so long that he would be forced to give up. One method of combating brute force attacks is the use of very long keys. The average desktop computer can crack a 5 digit password (a very short key) in a mere 12.6 minutes. A 6 digit password takes 20 hours to crack, and a 7 digit one takes 79 days. For each single digit we add to the length of our password, we increase the time required to crack it exponentially. If we use a 128 bit key, like most encrypted websites use, we find that it would take the average computer eleven duooctogintillion years (that's eleven followed by 246 zeros) to find the key using a brute force attack.

With the invention and regular use of computers, encrypting messages has become much easier and more commonplace. What once took hours to encrypt by hand, today takes a few seconds or less. Computers have also given us tools to create much more complex and secure ciphers, some of which have yet to be broken. One of the ciphers commonly used by computers works by using a random number generator and the XOR operation. A random number generator is a computer program that can generate a seemingly endless stream of almost perfectly random numbers. The random number generator must be given a piece of data called a seed which it uses to create the stream of random numbers. Given the same seed every time, the random number generator produces same sequence of random numbers. The seed used to generate the number sequence is the key to the cipher. The cipher is a simple one. The sequence of random numbers that the generator creates is converted into its binary form, one number at a time. For instance, if the random number generator produces the number 117, the computer converts it into the binary number 01110101. That one number is one byte of data, and the computer compares this number to one byte of the data it wants to encrypt. For this example, that byte could be 10011010. When the computer has two bytes of binary data, it uses the XOR operator on these two bytes. The XOR operator is a simple rule that includes comparing each bit in a byte (the 1 or 0). If the two bits are the same, the output is a 0. If the two bits are different, the output is a 1. The first bit of the random number is a 0, and the first bit of our plaintext us a 1. They are different, so the first byte of the ciphertext is 1. The computer repeats this process over all of the eight bits in each byte and produces the byte 11101111. This is the first byte of the ciphertext. The computer repeats the process again on every other byte in the plaintext, using the next random number in the sequence. When this process is complete, it sends the message to the recipient, who already has the key. The recipient's computer takes the key and feeds it to the random number generator, which outputs the same sequence of random numbers we used to encrypt the message. The computer uses the XOR operator again to turn the encrypted data back into the original, readable plaintext. This is a description of one particular cipher. Many other ciphers exist which have much more complex steps.

Back - Why Encryption is Important Next - Symmetric Key Encryption