Data encryption is one of the core tenants of modern computing, and is the key to allowing for the technologies of our digital age to safely connect people and services to one another, so it is no surprise that there is a beautiful science behind it.
Encryption is underpinned by what is known as cryptography. Cryptography has a rich history that vastly predates modern technology, from the hieroglyphics of ancient Egypt, to the secret messages encoded by the cipher of Julius Caesar and his generals, all the way to the encoding of Nazi messages via the enigma machine, and the subsequent breaking of this scheme, during World War II.
Fast forward to the 1970s, where commercial usage of encryption began to flourish in the wave of business and personal computing, and with it, the growth as well in the computing power being used to attempt to break encryption schemes, and we found ourself at the divide of historical vs. modern cryptography, where historically, cryptography has been more of an art than a science, and not yet driven by the rich mathematical theory known to cryptography researchers today.
For the purposes of what I want to talk about, we’re concerned with modern cryptography, which I would define briefly as the following:
Modern cryptography is the study of mechanisms for securing the transport and access of data in a distributed, networked computing environment, in the face of malicious actors.
What are keys?
I mean, surely you’ve used a key before!? We all lock our doors when we leave our house or car, and we sure don’t leave our mailbox open all the time, so why would we treat our data any different?
Keys in the sense of modern cryptography are not a whole lot different than those we use in our physical world. They simply are a mechanism for allowing us to transmit data to some other party, or receive some data, with the confidence that only the proper recipients of the data being transmitted have access to it, and not any other third party that maybe listening to our communication channel.
Keys are the cornerstone of cryptography, and are the only element of an encryption scheme which should need be kept private for an encryption scheme to succeed. While it may be thought that keeping the internal details of an encryption algorithm would help make it easier to avoid being broken, this creates some other problems:
- Without publicizing encryption schemes, it is much harder to form standardized mechanisms for encryption atop existing protocols.
- Publicizing encryption schemes leads to significantly more peer-reviewing of the algorithms, and in turn, increased robustness.
- If exposed, it is much easier to replace a key, than an entire encryption scheme.
- Even with best efforts, it is difficult to keep an entire encryption scheme secret, compared to just a key.
These problems are what lead to the well known Kerckhoffs’s principle, which states:
Secureness of an encryption scheme shouldn’t rely on the encryption function being secret, only the key.
What is a cryptographic key?
We can drill down the definition of a key in modern cryptography as follows:
Keys are values which allow for the sender of a message to encrypt a plaintext message, or for the receiver of a message to decrypt a cipher text message.
It’s not that simple, right?
Ok, I have left this definition intentionally vague, after all how else am I going to entice you to read the follow up post!? There are a lot of open-ended questions at this point from my definition of a key, and some of the ones you may be having are:
- Is the same key used for encrypting and decrypting a message?
- How do we initially share the keys that we use to encrypt the messages on a channel, over that very same channel? Is this even possible?
- Do we use the same keys for encryption of channels with many different parties?
The answer to all of these is…it depends. In my follow up, I’ll be starting to make some headway on answering these though, introducing the two most well known schools of thought in modern cryptography, public, and private key encryption.