encryption

How are keys generated to encrypt information on the internet? Key encryption involves a secret numerical code that translates text into cipher code and can unlock the contents of a message on the other end.

Encryption methods include symmetric key encryption and public key encryption.

With symmetric key encryption, both the sender and the receiver establish a single encryption key and pass messages back and forth using that single key. There are several encryption mechanisms. In a common mechanism known as the Data Encryption Standard, or DES, encryption is done in 18 steps using modular arithmetic and exponentiation.

Here’s a simple example. Let’s say we want to send secret messages to each other using symmetric key encryption. I send you the key: it’s the number 1. Now you’ll know how to decrypt the message when you receive it. I write a message: “HELLO”. I then encrypt “HELLO” by shifting each letter by 1, to the next letter in the alphabet, to make “IFMMP”, and send my message to you. You use that key (1) to shift the characters back. This is known as a Caesar key. We have 25 keys to choose from, so the size of our “key space” is 25. This method is not very secure, not only because the encryption key is very short, but more importantly, because someone could have intercepted the key I sent you originally and used it to read our important messages, a “man-in-the-middle attack.” Banks communicating with ATMs use much longer key spaces, such as 2^56: about 72,058,000,000,000,000 keys.

With public key encryption, two keys are used, and one is made publicly known. The keys are mathematically related so that a message encrypted with one key can only be decrypted with the other key. Messages can be encrypted or decrypted in either direction. Each user creates two keys for themselves: a public key and a private key.

For example, I write you a message and look up your public key. I then encrypt my message with your public key to create a ciphertext message. Only your private key can decrypt it. Then I add a “digital signature” by taking this encrypted message and encrypting it once more, but now using my own private key. I send you the encrypted message along with my signature, the double-encrypted message. You look up my public key and use it to decrypt the signature. If the text of the decrypted signature is a match for the ciphertext message I also sent you, then you know that I really did send you the message, because only my private key could be used to create a message that could be decrypted by my public key. You can then decrypt the message with your private key.

In RSA encryption, one of the most common asymmetric mechanisms, each key is actually two prime numbers put together: one very large number or string of bits to be used for exponential powers, along with another random number to be used as a modulus. Random number generators use a seed to generate a sequence of numbers and characters. The seed could be a number grabbed from something like the time clock on the computer, radioactive decay, or atmospheric noise. From this randomly generated key, we derive another key. It doesn’t matter which key is which, but by convention, we generate a private key randomly and then derive the public key from the private key mathematically. The message can be unlocked when it can be proven that the public key is derived from the private key.

There is some interesting math describing this computation at https://www.tatanka.com/bionic_buffalo/original/archive/document/technote/tn0035.pdf


In another mechanism, a public key can be generated using the private key by multiplying on an elliptical curve. The private key is used as a scalar, meaning that a point in space on the elliptical curve is multiplied by itself exponentially a private-key-number of times, creating a result that is very hard to crack. The simplest method of intercepting data encrypted by this key is by using a brute force attack: trying every combination up to the maximum length of the key. By adding additional bits to the encryption, the computations required to crack the key become exponentially more difficult.

Bionic Buffalo Corporation (1999, May 19). How Encryption and Digital Signatures Work. Retrieved from https://www.tatanka.com/bionic_buffalo/original/archive/document/technote/tn0035.pdf

Coverdale, C. (2020, January 22). A Beginner's Guide: Private and Public Key Cryptography Deciphered. Retrieved from https://medium.com/coinmonks/private-and-public-key-cryptography-explained-simply-4c374d371736

Cybersecurity and Infrastructure Security Agency (CISA) (n.d.). Security Tip (ST04-018). Retrieved from https://www.us-cert.gov/ncas/tips/ST04-018

Fraser, D. (2018, July 10). What are encryption keys and how do they work? . Retrieved from https://medium.com/codeclan/what-are-encryption-keys-and-how-do-they-work-cc48c3053bd6

Haahr, M. (n.d.). True Random Number Service. Retrieved from https://www.random.org/randomness/