“I by water to Westminster-hall and there did see Mrs. Lane, and de la, elle and I to a cabaret at the Cloche in the street du roy; and there, after some caresses, je l’ay foutee sous de la chaise deux times.”
So wrote Samuel Pepys in his diary of 1660. Little did he know how widely read his diaries would become 400 years later. However, he did take some precautions, he wrote his diary in shorthand and the more racey parts were written in a cryptic doggerel of English with French, Italian, Spanish and Latin.
People have been trying to stop others reading stuff for centuries. Not just personal diaries but also messages to others that have to remain secret.
One early code used in Roman times by Caesar was what we now call the Caesar Cipher. Take a word then take a number, 3 say, and replace each letter in the word with the letter 3 places down the alphabet. So A would become D, G would become J and so on. The cryptic looking result would be sent to someone else by messenger and the recipient would know to shift all the letters the other way by 3 to decode the message.
The shifting method together with the number 3 form the ‘key’ to unlocking or decoding the message. With Pepys diary the key is a basic knowledge of the languages he used.
The Caesar Cipher seems like a school-kid type of code, the sort of thing you’d pass to your friends during a dull English lesson, but in Roman times it was a top-notch code. And even as recently as 1915 it was used by the Russian army instead of more complicated codes which had proved too difficult for their troops to get the hang of. It still crops up from time to time, in 2011 the use of a ropey Caesar Cipher set up in an Excel spreadsheet led to a terrorism conviction in 2011 where the security services were easily able to crack the code and expose plans to bring down a passenger plane.
The Caesar Cipher is a simple example of something called symmetric encryption. The symmetric part means that the same key is applied both at the creation of the coded message and at the decoding of the message. As long as both parties know that the key is to shift it 3 places then it works.
The problem with this is that somehow I have to get the message about decrypting things to the other party. I have to tell them that the key is shifting stuff by 3. If I send this in a message then all the messengers will be able to read it (or someone hacking my emails) and any message I send in the future using that code could be compromised. If this is a problem with symmetric codes then is there such a thing as asymmetric codes, and would such a thing be useful?
Since the 70s and 80s there is such a thing as asymmetric encryption. When we talk about the Caesar Cipher you can picture it as the alphabet laid out in a long line. Encrypting a letter means shifting 3 places to the right, decrypting is shifting it 3 places to the left.
Now imagine the alphabet laid out in a ring, like a clock face, but with letters. Encryption means shifting it 3 places clockwise. Decryption could be done by shifting it back or, as it’s connected round in a circle, decryption could be done by shifting clockwise another 23 places, going right round the circle to the start point rather than shifting backwards.
This means there are two keys. If I use one to encrypt something then it can be decrypted by using the other key. The key to encoding is a number and the key to decoding is a different number, thus the encryption is asymmetric.
Clearly the above is a Mickey-Mouse example. If someone knows that shifting it clockwise 23 places decodes it then they can easily work out how the encryption part works. But using industrial strength maths and huge prime numbers, it is possible to come up with a mathematical scheme involving a massive circle where if someone knows the key you give them it would be almost impossible to work out the other key.
Why two keys are better than one key
But so what? What’s the big deal in having seperate keys to encrypt and then decrypt things? Doesn’t that just mean a more complex process and more numbers to loose or forget, what’s the point? There are two keys to the encryption. If I use one to encrypt a message then I have to use the other to decrypt it.
It all gets useful when I keep one of these keys safe and secret (let’s call it the ‘Lon Barfield PRIVATE key’) and then the other key I can send out to people that want to send messages to me (the ‘Lon Barfield PUBLIC key’). People sending me messages can easily get this ‘Lon Barfield PUBLIC key’ and they can use this to encode messages to me and I can decode them when they arrive with my ‘Lon Barfield PRIVATE key’ which only I have.
Even if the people messaging me are sloppy and let other people copy the ‘Lon Barfield PUBLIC key’ they are using, it just doesn’t matter, all that matters is that I keep my ‘Lon Barfield PRIVATE key’ secret and anybody can send me encrypted messages that no one else can read.
So that’s encoding with the ‘Lon Barfield PUBLIC key’ and decoding with the ‘Lon Barfield PRIVATE key’.
Everyone can have a PRIVATE and PUBLIC key
Now, imagine my friend Bob sends me a message in this way. I know that no-one could have decoded it except for me, only I hold the ‘Lon Barfield PRIVATE key’. But what if I want to reply to him? If I encoded it with my ‘Lon Barfield PRIVATE key’ and let Bob decode it with the ‘Lon Barfield PUBLIC key’ that’s stupid as loads of other people could have the ‘Lon Barfield PUBLIC key’ and they could all decode my message to Bob.
So encoding in this direction with the ‘Lon Barfield PRIVATE key’ and decoding with the ‘Lon Barfield PUBLIC key’ isn’t a good way to keep things secret.
The answer is that Bob sets up a system exactly like mine: He has a ‘Bob PRIVATE key’ that he keeps secret and a ‘Bob PUBLIC key’ that he sends to me so that I can use it to send him messages. So he sends me messages using the ‘Lon Barfield PUBLIC key’ and I send him messages back using the ‘Bob PUBLIC key’.
For maximum security you always send someone a message encrypted with their PUBLIC key and they decrypt it with their PRIVATE key.
Encrypting things the opposite way
Above I said that encoding with the ‘Lon Barfield PRIVATE key’ and decoding with the ‘Lon Barfield PUBLIC key’ isn’t a good way to keep things secret. So it’s not a good encryption process that way around. But although it doesn’t keep things secret it does have a different advantage. If I encrypt a message with my ‘Lon Barfield PRIVATE key’ and Bob decodes it with the ‘Lon Barfield PUBLIC key’ then Bob knows that the message could only have been encrypted with the ‘Lon Barfield PRIVATE key’ and, as I am the only one in the universe with that key, Bob knows without a doubt that the encrypted message is from me. In effect I have signed the message with a ‘digital signature’.
So encoding in this direction with the ‘Lon Barfield PRIVATE key’ and decoding with the ‘Lon Barfield PUBLIC key’ isn’t a good way to keep things secret BUT it does prove that it’s from me.
Encrypting things twice
It is possible to encrypt a message and then encrypt it again (any number of times in fact). So you can combine the two techniques described above. I can write a message to Bob, encrypt it using the ‘Bob PUBLIC key’. I know that as he is the only person in the universe with the ‘Bob PRIVATE key’, so only he can decode it. Now I encrypt it a second time, this time with my ‘Lon Barfield PRIVATE key’.
When Bob gets the message he uses the ‘Lon Barfield PUBLIC key’ to unwrap this outer layer of encryption, so he knows it’s definitely from me. Then he decrypts the next layer with his ‘Bob PRIVATE key’ and reads the message.
In this way I have sent him a message that only he can read and that he knows has definitely come from me.
This use case has led to further developments in digital signatures and as the technology has matured there are now a number of countries (including America, the EU, India and Brazil) where a digital signature carries the same legal weight as a written signature. However this two key system is watertight apart from one tiny detail; you have to keep your ‘PRIVATE key’ safe. You have to keep it as well hidden as your saucy diary entries.
[Image credit: Robert Huffstutter]
If you’d like to discuss your startup or project, get in touch with Simpleweb today.