Cryptography is the practice and study of methods that convert data into an unintelligible form and vice-versa. It is the science, and associated technologies, of storing, or transmitting, data in a form that only those for whom it is intended can read or process it. This process is called encryption while the process of recovering the original data is called decryption.

Cryptography has a long and colourful history. The earliest known use of cryptography to obfuscate data is thought to have occurred around 4,000 years ago in Egypt. Until the early 20th century the cryptographic techniques that were in use are today considered to be weak in the sense that these techniques could easily be broken by a first year undergraduate student in mathematics or IT.

The advent of strong encryption techniques in the early part of the 20th century changed everything. The most famous of the early strong encryption methods is the German Enigma machine that was developed just after World War I and which was later broken by a team of British cryptanalysts led by the brilliant British mathematician and computer scientist Alan Turing.

There are basically two main techniques for encrypting data – symmetric and asymmetric.

Symmetric encryption is the simplest type of encryption. The data, together with a user-chosen secret password (a number, word, or a string of letters and numbers) is inputted into a symmetric encryption algorithm. The algorithm then produces the cipher, which is the obfuscated data. The only way to recover the original data is to input the cipher and the same password to the symmetric encryption algorithm. This technique is called symmetric because the same password, or key, is used to encrypt and decrypt the data.

Asymmetric encryption technique would revolutionise cryptography and solve the key distribution problem

There are many good symmetric encryption techniques (algorithms), including Blowfish, Rijndael (AES), and RC6. The main disadvantage of symmetric encryption is that all the parties involved must share the password to encrypt and decrypt the data. The sender and the recipient must share the password that is used to encrypt and decrypt the messages. This is a major problem and is referred to as the key distribution problem. Suppose Bob, who lives in Malta, wants to send a secret letter to his lover Alice who is in Japan. How does Bob send the password to Alice? Using telephone, e-mail, or the post is not secure. The problem gets worse when there are many parties who want to communicate securely with each other. For many years it seemed that there was not answer to this problem. Various methods were proposed to overcome the key distribution problem but each had its technical or operational flaws.

It seemed that there was no solution until two American mathematics proposed an encryption technique that solved the problem once and for all. In 1976, Whitfield Diffie and Martin Hellman published their now famous paper in which they described a cryptographic technique now known as asymmetric encryption. Asymmetric encryption, also known as public key encryption, uses two passwords. Suppose these passwords are A and B. If you encrypt the data with password A then you can only decrypt the data with password B and vice versa. You cannot encrypt and decrypt using the same password.

This seemed counter intuitive to most people at the time. Surely if you use a password to encrypt data then you must use the same password to decrypt it? Diffie and Hellman persisted in their search for an asymmetric encryption technique because they knew it would revolutionise cryptography and solve the key distribution problem. Let’s go back to Bob and Alice and see how this solves the key distribution problem. Suppose Bob and Alice agree to use an asymmetric encryption algorithm. Once they decide on which algorithm to use Bob generates two passwords, A and B, for himself (called a key pair). Likewise Alice generates a key pair, X and Y, for herself. Key pairs can be generated using a special software tool. Bob must then decide which of his two keys is his public key and which is his private key. Suppose that Bob arbitrarily chooses A to be his public key and B to be his private key. Once Bob decides on his choice of public and private key then he cannot change his mind.

Likewise, Alice decides on X as her public key and Y as her private key. The public key is so called because it should be shared with everyone. The private key should never be shared and always stored somewhere secure. Alice and Bob share their public keys. Alice, therefore, knows that Bob’s public key is A and Bob knows that Alice’s public key is X. Bob writes his love letter on his PC. He then encrypts the letter using his private key. He then encrypts it again using Alice’s public key. He sends the cipher to Alice. Alice first decrypts the received cipher using her private key and then again using Bob’s public key.

The beauty of this technique is that the communication is completely secure and Bob and Alice only shared their public keys. Security of the public key is not required because it is publicly available and can be passed over the internet. Public key encryption (PKE) made e-commerce as we know today possible. It also is the basis of cyptocurrencies such as bitcoin and distributed ledgers such as blockchain. PKE is the reason why you can make secure online payments using providers such as Paypal without having to bother with sharing secret passwords. PKE also has numerous other uses. All this is thanks to Diffie and Hellman who persisted in their research when many fellow academics told them it could not be done.

Dr John Abela is senior lecturer in the Faculty of ICT at the University of Malta and a director and CTO/COO at Ascent Software Limited.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.