Conventional Cryptography

 Conventional Cryptography Caesar's Cipher Key Management and Conventional Encryption Some Examples of Conventional Cryptosystems

 Conventional Cryptography In conventional cryptography, also called secret-key or symmetric-key encryption, one key is used both for encryption and decryption. Figure 1-2 is an illustration of the conventional encryption process. Figure 1-2. Conventional encryption

Caesar's Cipher

A substitution cipher is an extremely simple example of conventional cryptography. A substitution cipher substitutes one piece of information for another. This is most frequently done by offsetting letters of the alphabet. In Julius Caesar's cipher, the algorithm is to offset the alphabet and the key is the number of characters to offset it.

For example, if we encode the word "SECRET" using Caesar's key value of 3, we offset the alphabet so that the 3rd letter down (D) begins the alphabet.

 Plaintext ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext DEFGHIJKLMNOPQRSTUVWXYZABC

where A=D (A encrypts as D) , B=E, C=F, and so on.

Using this scheme, the plaintext, "SECRET" encrypts as "VHFUHW." To allow someone else to read the ciphertext, you tell them that the key is 3.

Obviously, it had two weaknesses. The first was that the algorithm was not particularly strong. If trial and error couldn't crack the algorithm, then some simple analysis would. If English text was being encrypted, then it would be relatively simple to compare the frequency of letters in the cipher text against the frequency of letters in standard English. Statistics would soon reveal patterns that pointed out the probable plain text letter associated with each cipher text letter. Once a single association was found the entire algorithm could be cracked. No message would be secure.

But, it worked for Caesar, and it illustrates how conventional cryptography works.

 Key Management and Conventional Encryption Conventional encryption has benefits. It is very fast. It is especially useful for encrypting data that is not going anywhere. However, conventional encryption alone as a means for transmitting secure data can be quite expensive simply due to the difficulty of secure key distribution. The expense of secure channels and key distribution relegated its use only to those who could afford it, such as governments and large banks (or small children with secret decoder rings). Recall a character from your favorite spy movie: the person with a locked briefcase handcuffed to his or her wrist. What is in the briefcase, anyway? It's probably not the missile launch code/ biotoxin formula/ invasion plan itself. It's the key that will decrypt the secret data. For a sender and recipient to communicate securely using conventional encryption, they must agree upon a key and keep it secret between themselves. If they are in different physical locations, they must trust a courier, the Bat Phone, or some other secure communication medium to prevent the disclosure of the secret key during transmission. Anyone who overhears or intercepts the key in transit can later read, modify, and forge all information encrypted or authenticated with that key. The persistent problem with conventional encryption is key distribution: how do you get the key to the recipient without someone intercepting it? And the minor problem with it is the storage of keys: when you want to communicate with a lot of people and you have one key for each partner, how do you manage so many keys?

 Some Examples of Conventional Cryptosystems Captain Midnight's Secret Decoder Ring (which you may have owned when you were a kid) Julius Caesar's cipher DES, Data Encryption Standard