Learning Center, English Edition
E-mail to a friend
Add to Favorites
IT            
 
Home / IT

Encryption Algorithms

By MIHAI ADAM

When there is the need to secure the data transfer between two persons that intend to communicate over the Internet, at data sending and receiving phases there must be used cryptographic algorithms to encrypt and respectively to decrypt the messages. Because the cryptographic algorithms are public, in the encryption/decryption processes must be used keys which must be known only by the persons that communicate.

A message encrypted with a key K by user A (the emitter), in order to be understood by user B (the receiver), user B must know the key K. User B, having the key and using an algorithm derived from the algorithm that user A used at encryption phase, he can decrypt the received message. This type of encryption where the emitter and the receiver use the same key for both encryption and decryption is called symmetric-key encryption. The usage of symmetric-key algorithm for encryption of text is presented in Image 1.

Examples of symmetric-key encryption algorithms are: DES (Data Encryption Standard), Triple DES, IDEA (International Data Encryption Algorithm), Blowfish.


Image 1

Doing so, the messages are sent over the network in the encrypted form, eliminating the possibility that an unauthorized person that intercept them to understand the messages.

But due to the fact that the algorithms used for encryption/decryption are public (possible to be known by anyone interested about them), if a third person interested in interception would have the key used in encryption phase, he could also do the decryption and reading of the messages. Therefore, the problem about this kind of symmetric-key encryption is the transition of the key from one user to the other, without anybody else to intercept it.

The transition of this key could be done directly among the users of the application (for example using an USB memory stick), but this method would limit a lot the applicability of the application, because each time a change of the key is necessary the users must meet each other. Also the transition of the key over the Internet can’t be done without the risk that the key to be intercepted by a third person.

The solution for this problem (the management of the symmetric keys) is the usage of another type of algorithm called asymmetric-key algorithm. This type of algorithm uses in the encryption/decryption phases two keys: a private one known only by its possessor and a public one (the pair of the private one) which can be known by anybody that is interested. Because of this feature this encryption is also called public key encryption.

The text that is encrypted with the public key of the receiver can be decrypted only with its pair private key – in this case the asymmetric-key algorithm is used for encryption of a text. Vice versa, when the text is encrypted with the private key of the emitter it can be decrypted only with its pair public key – in this case the asymmetric-key algorithm is used for signing of a text.

Because the text encrypted with a public key can be decrypted only with its private pair key, if a third person intercepts the encrypted text, this one can’t decrypt it, because he does not have the private correspondent key, which theoretically is only in the possession of the receiver that is the owner of that key. The usage of asymmetric-key algorithm for encryption of text is presented in Image 2.


Image 2

A question could be raised here: if exists the asymmetric-key encryption where is used a private key that is known only by its owner, why would be necessary the symmetric-key encryption?

The problem with asymmetric-key algorithm is that the necessary time for encryption/decryption is ten or even hundred times bigger than the necessary time for symmetric-key encryption/decryption, if software encryption is used. In case of hardware encryption (there are special processors built for encryption/decryption purposes) the necessary encryption time for RSA asymmetric-key algorithm is 1.000 – 10.000 times bigger than the necessary encryption time for DES symmetric-key algorithm. Hardware encryption is faster than software encryption, but these types of processors are very expensive and are not used for general purpose applications.

In case of an application that is based on real time communication (application for on-line communication – an example could be Yahoo Messenger) the above issue would lead to a big delay of the messages sent by application and also to a very high load of the processor (the encryption/decryption algorithms put a high load on the processor). That is why, generally, in order to communicate an encrypted message among two users there are used the strong features of both types of algorithms.

In case of applications where real time communication is needed the key used in symmetric-key encryption is encrypted with asymmetric-key algorithm and sent over the network to the other user. The receiver decrypts the symmetric key and used it in the communication.

In case of applications where is not needed real time communication, there can be used only asymmetric-key encryption. Such applications are those used to send email.

Examples of asymmetric-key algorithms are: RSA (Rivest, Shamir, Adleman), DSA (Digital Signature Algorithm).
show options »   

Search inside:



  LATEST IT HEADLINES:
  More articles in: