Privacy Enhancing Computation
I once read a story about two kids who wanted to pretend they’d found a secret message from a spy. They wrote down this message using a code or a ‘cipher’. They replaced each letter with the one next to it in the alphabet. ‘A’ was replaced with ‘B’, ‘B’ was replaced with ‘C’ and so on. And the result? A secret message that could only be read if you knew the key to the cipher.
In this article, I wanted to look at one part of Privacy Enhancing computation, Cryptography.
Cryptography has been in use for centuries. The example used above is a version of the Caesar Cipher, which is said to have been used by Julius Caesar. Say, you wanted to send “Hello World” and encrypted it using the Caesar Cipher by shifting the alphabet by three places. That is ‘A,B,C…’ will be replaced by ‘D,E,F…..’ Then the enciphered text would be “khoor zruog”. Sounds exciting but totally unrecognizable. This can be converted back if you knew the cipher and the key used.
Now the alphabet can be shifted by 25 places therefore there are 25 keys. Not a lot. Therefore this could be broken using a brute force attack, that is by checking every single key. But say you mixed it up and used different letters for different letters, a monoalphabetic substitution cipher, this would drastically increase the strength of the cipher generating upto 10^25 possible keys.
You might think that it would be nearly impossible for a person to decipher. But the Arabs came up with a really cool way of decoding the message and they didn't even have to care about the number of keys. That method is frequency analysis.
Every language has its own characteristics. There are certain letters that occur much more frequently. For example, in English the letter 'e' is the most frequently occurring letter, then ‘t’ and so on. Using this, the cryptanalysts (Codebreakers) could guess certain letters in the text.
There were also other clues. In the “Hello world” example, the cipher text “khoor” has the letter 'o' occurring twice consecutively. Ah ha. A clue… these can be then used to decipher the text. And the number of keys didn't even bother them. Even Sherlock Holmes used this method in the famous “The Adventure of the Dancing Men”.
With time people used machines to create more secure ciphers. A famous example is the Enigma Machine used in the 2nd World War. The Enigma machine had scramblers and plugboards which were mechanical devices that could be used to generate ciphers with highly secure keys. And here from the “khoor” above we would not get the double 'o' because enigma settings change for every letter therefore even if the same letter is typed again it would generate a different letter, rendering frequency analysis useless.
When computers came into the game it made the generation of complex ciphers even easier without the hassle of mechanical devices and they were extremely efficient.
As digital communication became widespread, the need for privacy was now not only for the military but common people felt the need as well.
With the widespread use of communication there was one big problem, namely key distribution. Say you had the most secure cipher in the world. You would encipher your message using your key and send it to whomever you wanted to send. They'll get it and decipher it according to the same key and get the message. You both used the same key for encryption and decryption which are called ‘symmetric keys’. But how do you securely exchange the keys before starting the communication?
In the Enigma days, there would be codebooks containing the keys that would be distributed to the relevant military personnel once a month. But such a system would be nearly impossible on a global scale of communication.
And that's what brought us the Public Key Encryption. What if you could encipher a message using one key and decipher it using a second key? An Asymmetric key?
This method was first suggested by the cryptographers, Diffie and Hellman. A practical way of accomplishing this was introduced by three researchers Rivest, Shamir and Adleman.
You first created two keys, a public key and a private key. You publish your public key and anyone wanting to send you a secure message will encrypt it using this key. But this same key cannot be used for decrypting. This can only be decrypted using your private key.
How this is done is by utilizing the power of a beautiful concept in mathematics called “one way functions”. Though you can do an operation one way, it is extremely difficult to be reversed. Just like it's easy to crack an egg but it’s near impossible to reverse it.
But Public Key Encryption is computationally costly. Today we use both the symmetric key and the public key approach. Symmetric ciphers are secure but have the problem of exchanging keys. Therefore the Public Key Encryption is used to exchange these keys and thereafter the encryption is done using the symmetric keys. Neat… isn't it?
This whole system is now used in a protocol called TLS or Transport Layer Security.
If you see a padlock sign next to the URL in your browser, that is a “https” URL, this indicates that TLS is being used to send data from your computer to the server that is serving you that particular website.
So with cryptography in place, you may rest assured that computation has definitely ensured your privacy online.
0 Comments