Understanding Encryption

Summary

Understanding encryption

Put simply, encryption is about making a document unreadable to everyone except its intended recipient. To achieve this, an encryption key is used (more on that later).

The document in question can take many forms: a message, an image, any kind of file, or even your entire hard drive. The purpose of encryption is to protect data, particularly when it needs to be transported or transmitted. In the latter case, the carrier (a service provider or internet provider, for example) cannot access the content -- only the intended recipient can.

Terms that always get confused

• Encrypt: making a document unreadable using an encryption key, except for its intended recipient
• Decrypt: making an encrypted document readable again, with knowledge of the encryption key
• Crack: making an encrypted document readable again, without knowledge of the encryption key
• Cryptology: the science of secrecy, from its etymological roots. It encompasses several disciplines:
  • Cryptography: the study of how to protect information through encryption
  • Cryptanalysis: the study of encryption methods in order to break them
• "Crypter" (a common French mistake): this word does not exist in proper usage
• "Chiffrage" (another common confusion): this term exists, but only in accounting or music

Testing your vocabulary

Our cybersecurity reference, ANSSI (the French National Cybersecurity Agency), tells us that: "the only accepted term in French is 'chiffrement' (encryption). However, one often hears 'cryptage' (an anglicism), or even 'chiffrage', but these words are incorrect. The reverse operation of encryption is decryption. 'Decryptage' or 'decryptement' refers to the operation of recovering the plaintext from a ciphertext without knowing the secret key, after finding a flaw in the encryption algorithm."

But I have nothing to hide -- why should I encrypt my data?

I love answering a question with another question.

Do you put your letters in envelopes?

You don't display your credit card number and PIN on a t-shirt, do you?

Do you lock your doors?

Do you chat with your friends in private conversations, rather than in the comments section of a public post?

If you still don't see where I'm going with this -- you do have things to hide, you just don't realize it.

The concept of cryptology

Etymologically, cryptology is the science (logos) of secrecy (kryptos). It brings together cryptography ("secret writing") and cryptanalysis (the study of attacks against cryptographic mechanisms). "Don't worry, Google helped me write the Greek."

Cryptology today extends far beyond simply ensuring the confidentiality of secrets. It has expanded to mathematically guarantee other properties: authenticating a message (who sent this message?) or ensuring its integrity (has it been modified?).

Ensuring message integrity

Guaranteeing that your message remains unchanged

Why use hashing?

Imagine you upload your favorite photos to an online storage space, like the cloud. How can you be sure the download completed without errors? Or how do you know which files have changed when you sync your folders, so you only back up what's necessary? This is where cryptology comes into play. It can detect whether a message or file has been modified, even accidentally. A "hash function" creates a kind of digital fingerprint for each message, file, or folder. This fingerprint is unique, and anyone can compute it to check whether something has changed. It typically appears as a long string of numbers and letters, preceded by the name of the method used, such as "SHA2" or "SHA256".

Proving that the message really comes from you

Just like a signature on a paper document, a digital signature confirms that the message comes from the person who holds a certain "public key". This cryptographic system allows anyone to verify who authored a document and to ensure it has not been tampered with.

When to use a digital signature?

• You want to prove that you are the actual author of an email?
• You want to confirm that the information received comes from a reliable source?

To sign a message, you need two keys:

• A "public key", which everyone can see, including Bob, the recipient of your messages.
• A "private key", which only you know.

In practice, you use your private key to create the signature. Anyone with access to your public key, like Bob, can verify this signature without needing to share a secret.

Keeping your messages confidential

Symmetric encryption uses the same key to encrypt and decrypt messages. This "secret key" must be shared or transmitted securely between the sender and the recipient, because if it falls into the wrong hands, the confidentiality of the message is no longer guaranteed. This type of encryption is fast but requires good coordination for the secret key.

Asymmetric encryption, on the other hand, relies on a pair of keys: a private key and a public key. The recipient shares their public key with people who want to send them messages. The sender uses this public key to encrypt the message, and only the recipient can decrypt it with their private key.

The main encryption systems

Symmetric encryption

AES

AES is a symmetric encryption algorithm. The same key is used to encrypt and decrypt a text. https://www.pandasecurity.com/fr/mediacenter/cryptage-aes-guide/

DES: https://web.maths.unsw.edu.au/~lafaye/CCM/crypto/des.htm

The Padlock: DES takes your treasure (the message you want to protect) and divides it into small pieces. Then, it uses a key, much like a padlock key, to lock (encrypt) these pieces. This key is a secret code that both you and the person you're sending the message to know.

The Key: The key used by DES is like a combination on a bicycle lock. It has a specific size of 56 bits, meaning it consists of a series of 56 "0"s and "1"s. This key is what allows your message to be scrambled securely.

Locking and Unlocking: When you lock (encrypt) your message with DES, it becomes a mystery to anyone who doesn't have the key. When the person you're sending it to receives the message, they use the same key to unlock (decrypt) it, making the message readable again.

Blowfish: Blowfish can turn a letter into incomprehensible gibberish for anyone who doesn't have the key to decrypt it.

Here's how it works, simplified:

Locking: Blowfish takes your message and cuts it into small pieces. Then, it uses a secret key, like a special password, to shuffle these pieces in a very complex way. It's as if you had a secret code for each piece of your message.

The Secret Key: This key is the heart of the system. You and the person you want to send the message to know this key, but nobody else does. This key is what allows the message to be shuffled securely and also to be reassembled so it can be read again.

Unlocking: When the person receives your shuffled message, they use the same secret key to run the message through Blowfish in reverse.

Asymmetric encryption

RSA: It's a bit like having a mailbox with a slot where anyone can drop in messages (public key), but only you have the key to open it and read them (private key). RSA is widely used to secure communications over the Internet.

Key Creation: First, you create a set of keys -- a public key and a private key. The public key is like the address of your magic mailbox that you share with your friends so they can send you messages. The private key is secret and only you know it.

Sending a Message: When someone wants to send you a secret message, they use your public key to "lock" or encrypt the message. Once the message is locked with the public key, no one else can read it except you.

Receiving and Reading the Message: The encrypted message arrives in your magic mailbox. To read it, you use your secret private key to "unlock" or decrypt the message. And there you go -- you can read the secret message!

Stream cipher

Encrypts data bit by bit or byte by byte.

RC4: Imagine a river that flows and constantly changes. RC4 works bit by bit or byte by byte, mixing data like flowing water, making it difficult to predict the next movement. It was widely used in the past, particularly in secured Wi-Fi networks. https://lazaarsaiida.files.wordpress.com/2015/11/algorithme-rc4-slazaar2015.pdf

Salsa20: Think of a fast and unpredictable dance. Salsa20 encrypts data in small chunks, making each step unique and hard for intruders to follow. It is known for its speed and security.

Identity-based encryption

Uses public identity information as a public key.

IBE (Identity-Based Encryption): Imagine being able to use your email address as a key to open your secret messages. IBE allows the use of public information, such as your email, as a key to encrypt and decrypt messages. This simplifies cryptographic key management by eliminating the need to exchange secret keys.

Just for fun

The Caesar cipher is a monoalphabetic substitution cipher, where each letter is replaced by another letter located a fixed number of positions further in the alphabet (shifted but always the same for a given message).

The shift distance is chosen based on a number called the offset, which can go to the right (A to B) or to the left (B to A).

For any rightward shift (+N), there is an equivalent leftward shift (26-N) because the alphabet wraps around. This is why the Caesar cipher is sometimes called a rotation cipher.

The Vigenere cipher is a decisive improvement over the Caesar cipher. Its strength lies in using not one, but 26 shifted alphabets to encrypt a message. These shifts can be summarized with a Vigenere square.

The Assyrian technique

The Assyrian encryption technique is arguably the earliest evidence of the use of encryption methods, in Greece around 600 BC, to conceal messages written on strips of papyrus.

The technique involved:

• wrapping a strip of papyrus around a cylinder called a scytale;
• writing the text lengthwise on the strip while it was wound around the cylinder (the message in the example above is "comment ca marche" -- "how it works").

The message, once unwound, becomes incomprehensible ("cecaeonar mt c m mh"). The recipient simply needs a cylinder of the same diameter to decrypt the message. In reality, a codebreaker (they existed back then too!) could decrypt the message by trying cylinders of successively different diameters, which amounts to saying the method can be broken statistically (by taking characters one by one, spaced at a certain distance).

---

Articles in this series "Cybersecurity and Best Practices"

This article is the 3rd in a series of 11.

1. Choosing a strong password and setting up a password manager
2. MFA: how it works, why you need it, and how to enable it
3. Encryption, cryptography: the vocabulary
4. Decrypting BitLocker
5. Viruses: what do they actually do?
6. Antivirus on my computer: why and how?
7. Spam, phishing: understanding and protecting yourself
8. The importance of separating personal and professional use
9. Backing up your databases using the 3-2-1 method
10. Firewalls: do we have a choice?
11. Active Directory: does it align with our values?