## Cryptography

Thursday 11 June 2009

**Cryptography** is the art of rendering information exchanged between two parties unintelligible to any unauthorized person. Although it is an old science, its scope of applications remained mainly restricted to military and diplomatic circles until the development of electronic and optical telecommunications. In the past twenty-five years, cryptography evolved out of its status of "classified" science and offers now solutions to guarantee the secrecy of the ever-expanding civilian telecommunication networks. Although confidentiality is the traditional application of cryptography, it is used nowadays to achieve broader objectives, such as authentication, digital signatures and non-repudiation [1].

The way cryptography works is illustrated in the next figure.

Before transmitting sensitive information, the sender combines the plain text with a secret key using some encryption algorithm to obtain the cipher text. This scrambled message can then be sent to the recipient who reverses the process to recover the plain text by combining the cipher text with the secret key using the decryption algorithm. An eavesdropper cannot deduce the plain message from the scrambled one without knowing the key. To illustrate this principle, imagine that the sender puts his message in a safe and locks it with a key. The recipient uses in turn a copy of the key, which he must have in his possession, to unlock the safe.

Numerous encryption algorithms exist. Their relative strengths essentially depends on the length of the key they use. The more bits the key contains, the better the security. The *Data Encryption Standard (DES)* algorithm played an important role in the security of electronic communications. It was adopted as a standard by the US federal administration in 1976. The length of its keys is however only 56 bits. Since it can nowadays be cracked in a few hours, it is not considered secure any longer. It has been replaced a few years ago by the *Advanced Encryption Standard (AES)* which has a minimum key length of 128 bits. In addition to its length, the amount of information encrypted with a given key also influences the strength of the scheme. The more often a key is changed, the better the security. In the very special case where the key is as long as the plain text and used only once — this scheme is called the “*one-time pad*” — it can be shown that decryption without knowing the key is simply impossible and that the scheme is absolutely secure.

As one usually assumes that the encryption algorithm is disclosed, the secrecy of such a scheme basically depends on the fact that the key is secret. This means:

- The key generation process must be appropriate, in the sense that it must not be possible for a third party to guess or deduce it. Truly random numbers must thus be used for the key. Those true random numbers can be generated using a for example a quantum random number generator (e.g. Quantis QRNG from id Quantique).
- It must not be possible for a third party to intercept the key during its exchange between the sender and the recipient. This so-called “
**Key Distribution problem**” is very central in cryptography.

[1] For a comprehensive discussion of cryptography, refer to “*Applied Cryptography*”, Bruce Schneier, Wiley. Also “*The codebook*”, Simon Singh, Fourth Estate, presents an excellent non-technical introduction and historical perspective on cryptography.