(Disclaimer: some links on this page are affiliate links)
Encryption obscures the message – Secret decoder ring
Anyone who’s watched the Christmas Story movie might remember the secret decoder ring Ralphie was waiting for in the mail. Once he got it, he was able to decrypt the secret message told over the radio. He was more than disappointed with the resulting information, but that message was a simple form of encryption. It was simple kind of encryption that took the letters of a message and replaced them with a different letter. The decoder ring had the alphabet on an outer disc with an inner disc that spun, containing the alphabet as well. Lining up the two discs with the predetermined setting would allow you to know which letter to substitute in place of the coded message. This type of encryption isn’t very useful for privacy in today’s world because it’s so easy to crack.
Modern day encryption
More advanced encryption has been developed through the years to keep prying eyes from gaining access to the secret messages. Advanced encryption secures your phone, communication between you and websites asking for usernames and passwords, your healthcare information, company’s trade secrets, and government classified information. If you want to read history around it you could start here with a couple books. They’re not technical and are short reads. One is a history of encryption, and the other relates to a recently solved mathematical puzzle that relates to encryption of today.
The Code Book
Fermat’s Enigma
Types of advanced encryption
Symmetric
A door with a lock makes a good example to reference here. It uses a form of symmetric encryption. Symmetric encryption is like a key to open your front door. If someone has the key they can get in. This works great until the wrong person has your key. Then you have to change your locks. If the key is easy to guess the shape of, it also doesn’t work very well. More complex key shapes help keep someone from making a copy and breaking in.
Why password complexity matters
Let’s apply how symmetric encryption works on your phone. There’s a digital key used to access your phone’s data. But wait… who’s protecting the key? When it comes to door keys, you keep them on a key chain. For a phone it needs something to secure the digital key: a password. Passwords are the bane of our digital existence. Yet this right here is why they need to be better than setting their password to 1111. Regarding the house key analogy, if all you need to get in is a toothpick vs a more complex key and lock…you get the idea.
Asymmetric
I’ll say it right up front: This type of encryption is an amazing development of math and technology. Where symmetric has some limitations, asymmetric brings a new feature to the encryption game. Symmetric works well if you want to make a copy of your house key and give it to someone else for shared access. Let’s think about how this works. You make a copy of the key, meet up privately with the person and give them the copy. What if you had to give them the key, yet had to pass it through 100 other people first? Let’s say you were in a large gymnasium and the person needing the key was across the room that’s filled with people?
What if you were in NYC at Times Square? Do you feel good taking the key to your brand new BMW and passing that through the crowd? Would you pass a key around to get it over to your friend across the street?
The Internet is wide open
If passing the keys to your brand new car through a bunch of strangers at Times Square gives you some hesitation, that’s exactly the problem with symmetric keys as it relates to encryption and the Internet. Symmetric is great if the two people involved can privately exchange keys. The Internet is a Times Square sort of environment. Between your computer at home, and that bank’s website you go to and send your login information, is a whole bunch of other systems that hand your information along, like a big bucket brigade.
How Asymmetric encryption works
Better understanding the problem of Symmetric keys let’s talk about how Asymmetric solves this dilemma. In Asymmetric encryption there are two keys, one to encrypt the message and one to decrypt the message. Using an analogy let’s take the modern day mailbox.
You drop the letters in the top, someone else has a key to get the letters out. Anyone can put a message into the box, but once it’s in there, only the person with the right key can get it out.
Let’s try one more analogy – how about these new neighborhood mailbox kiosks:
A large package arrives and is placed in a shared mailbox, the door is locked and a key is placed in your mailbox. Only you can open your mailbox with your key, which gives you the key to open the other mailbox securely and retrieve the package.
Asymmetric works in a similar way. With two keys a message gets encrypted with one key and can only be decrypted with the other key. This illustration gives another perspective on how this is working:
Why isn’t everything Asymmetric?
Why didn’t symmetric just go away you ask? One big reason is Asymmetric is slower than Symmetric computationally speaking. How it gets used in a lot of scenarios is by bundling the Symmetric keys up securely, sending them over a public channel, and the other side can unbundle the Symmetric keys and start using those for conversations back and forth.
Future of Encryption
The two modern wonders of encryption today are symmetric key and asymmetric key technology. It is an enormous field that can become a study in an of itself. It continues to advance. We haven’t arrived at an ultimate solution.
Breaking encryption has a long history that follows right along with encryption methods. As one type of encryption becomes breakable, a new type of encryption develops to parry the attack. Quantum computing poses a threat to certain types of our current encryption technology. Suffice it to say, the specific math behind asymmetric encryption is susceptible to quantum computing’s raw computational power. As in the past, researching strives to find new methods to counter this threat.
Quantum encryption approaches just around the corner, already offered to some commercially in small markets, will continue to expand into the public domain. This kind of encryption and a few others under development in parallel will stave off the quantum computing threat. Bruce Schneier is a cryptography expert who’s a great follow on security and encryption. He’s written an article further elaborating on quantum encryption.
Post Script: Analogies
As an aside I’m a fan of analogies. They are a big part of understanding a concept. They are used in multiple learning disciplines: Feynman Learning Technique, ADEPT method, Ultralearning
If you want to learn more efficiently and understand something more fully these are some great methods to put into your daily routine.
Thanks for reading.