#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    3
    Rep Power
    0

    Basic question about relationship between Encryption Algorithm and Encryption Key


    Hello All, can someone please help me with the following question.

    I am new to understanding this subject.

    I understand the very basics (or at least I think I do ) but I am trying to see how the above fit together.

    In a very simply format. (apologies the following seems extremely simple, as I am trying to get a solid understanding of the fundamentals)

    I understand an "Encryption Algorithm" is simply "a set of defined steps"

    Therefore if we take the plain text "House" and the Encryption Algorithm steps are "substitute each letter in the plain text for the next letter to the right (Z would become A) in the alphabet we end up with "IPVTF" so now we have encrypted message so as long the intended recipient knows the "Encryption Algorithm" (in case he want to send a message back) he/she can easy deduce the "Decryption Algorithm" e.g. substitute each letter in the cypher text with the on to its left in the alphabet.

    In the old days I understand that is basically how they used to do it (e.g. the Romans) and the main ideas was not to let a third party get hold of the "Algorithm" used.

    I understand in the modern world no one tries to hide the Algorithm used any more, but rather they try to keep the "Encryption Key" secret (Private key in case of PKI)

    So what I am thinking we now have three things

    1: "plain text"
    2: "Encryption Algorithm"
    3: "Encryption Key"

    Lets assume everyone knows the "Encryption Algorithm" used. And lets say the Encryption Key is a Symmetric key known only to sender and intended recipient

    Now I assume the plain text is first sent through the "Encryption Algorithm" (move each letter one to the right in my first example).

    Now my question is where does the Encryption Key come in? is it used to encrypt the message for a second time before sending?

    Or is the encryption key derived from the encryption algorithm e.g. and if so how (in simple terms) and then this key is some how used to encrypt the message?

    But if you know the key was generate from a given algorithm then surely it is easier to crack the key as you already know the steps taken to put it together in the first place.

    Does anyone know if a good set of videos for beginners on this subject.

    Thanks all
    JoB333x1!
  2. #2
  3. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,749
    Rep Power
    9397
    Originally Posted by JoB333x1!
    as long the intended recipient knows the "Encryption Algorithm" (in case he want to send a message back) he/she can easy deduce the "Decryption Algorithm" e.g. substitute each letter in the cypher text with the on to its left in the alphabet.
    ...
    But if you know the key was generate from a given algorithm then surely it is easier to crack the key as you already know the steps taken to put it together in the first place.
    The encryption algorithm could be completely different from the decryption algorithm. In your example yes, they knowing one means they can know the other, but that is not true in the general case. Your algorithm needs to be kept secret and that's one reason why it is not good.

    Originally Posted by JoB333x1!
    Now my question is where does the Encryption Key come in? is it used to encrypt the message for a second time before sending?
    Your algorithm does not need a key at all. It does not factor in anywhere.

    Let's pick a new algorithm: the Vigenere cipher.
    If your plaintext is "vigenere" and the key is "house" then
    Code:
    plain  | vigenere
    key    | househou
    cipher | cwawrlfy
    Knowing the algorithm does make it easier to decrypt without the key as it has weaknesses, but it still takes a bit of effort and analysis. And for a short message like "vigenere" it can be impossible.
    Last edited by requinix; September 16th, 2013 at 03:23 PM. Reason: new ciphertext, less vinegar
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    3
    Rep Power
    0
    Thanks very much for taking the time to reply.

    That was every helpful especially the link with the example (although I could not reverse the encryption)

    I now understand how the "Key" and "Algorithm" work together.

    What I am not sure about is where do you get the key in the first place which is suitable for use with the chosen Algorithm (well I kind of do)

    Now I understand (lets take a pair of Symmetric Keys) I believe it is the encryption engine on the computer (CryptoAPI or NGE engine on Windows depending on the OS version) which creates you a pair of Symmetric keys, and you would typically get the decryption key to the intended recipient over a public network by using PKI (e.g. encrypt the symmetric decryption key with the recipients public PKI key).

    So my question is please,

    Before the encryption engine generates you a pair of symmetric keys to use for encryption, does it have to know which algorithm you intend to use the keys with?

    I guess it does otherwise it may create you a pair of keys that are not suitable for the algorithm you intend to use.

    For example the algorithm only works with key containing letters and the key in question contains numbers

    Thanks very much again

    JoB333x1!
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    191
    Rep Power
    50
    @requinix,

    I know a very good programmer who is not so strong on spelling -- surely, you meant Vigenere (or Vigenère with the accent included)?
  8. #5
  9. Come play with me!
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    13,749
    Rep Power
    9397
    Originally Posted by JoB333x1!
    (although I could not reverse the encryption)
    I got the first letter wrong: should be 'c'. Edited.

    Originally Posted by JoB333x1!
    What I am not sure about is where do you get the key in the first place which is suitable for use with the chosen Algorithm (well I kind of do)
    From anywhere you want. Something random - either random letters or random words - so it's not guessable.

    Originally Posted by JoB333x1!
    Now I understand (lets take a pair of Symmetric Keys) I believe it is the encryption engine on the computer (CryptoAPI or NGE engine on Windows depending on the OS version) which creates you a pair of Symmetric keys, and you would typically get the decryption key to the intended recipient over a public network by using PKI (e.g. encrypt the symmetric decryption key with the recipients public PKI key).

    So my question is please,

    Before the encryption engine generates you a pair of symmetric keys to use for encryption, does it have to know which algorithm you intend to use the keys with?
    Not really. Random is random. I suppose if you picked a flawed algorithm then you'd want to make sure your key doesn't expose the flaw, but then again you're using a flawed algorithm.

    Even with Vigenere, you can take a binary key and transform it into letters for use. If you didn't do that your key generator would have to do it anyways since its random source will be binary as well.

    Originally Posted by mah$us
    I know a very good programmer who is not so strong on spelling -- surely, you meant Vigenere (or Vigenère with the accent included)?
    I'm going to have to blame that one on the lysdexia. Edited.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Feb 2009
    Posts
    191
    Rep Power
    50
    @JoB:

    Think of encryption (and similarly, decryption) as functions of two inputs: one input is the message, and the other is the key.

    In your first example (shifting a character to the right), the number of positions to shift could be thought of as the key, so the algorithm is "shift n characters to the right", and they key is the value used for n when running the algorithm.

    The domain of possible key values would be from 0 to 25 (though in practice 0 would never have been used, because it doesn't alter the message at all!).

    Again using your example, decryption uses a similar but distinct algorithm (shifting n characters to the left) with the same key.
    ___________________________________________________

    All symmetric ciphers work along these lines: the same key is used for encryption and decryption, and the encryption and decryption algorithms are usually different, though very closely related.

    Obviously, such a key must be kept secret: the confidentiality of the message is -- at the very best! -- not better than the confidentiality of the key.
    ___________________________________________________

    Now, to address your second question: first, there is only one key for any particular message with a symmetric cipher. Key pairs belong to public key cryptography, which works VERY DIFFERENTLY from symmetric ciphers.

    Yes, when generating a key, it's necessary to know what kind of cipher is being used, because there is some domain of possible key values (in the case of your example, 0..25). Most modern symmetric ciphers use keys of 128 or 256 bits, so the keys are numbers of these lengths.

    An obvious second requirement for key generation is that it must be done so as to protect the secrecy of the key.

    A third, and very important requirement, is that the key be as random as possible. Randomness is a deep subject that confuses almost everybody learning about cryptography; here's a simple way to think about it. Suppose you create a 128-bit key by making 128 coin tosses, writing down a 1 or 0 depending which side of the coin is up when it lands.

    If the coin is truly symmetrical, and your technique of tossing is very good, then 1 and 0 have (very nearly) equal likelihood in each bit of the key. This means that somebody trying to guess the key has no way to know that one guess is more likely than another, and must try almost every possible key to guess the correct key.

    Now, suppose the coin is unbalanced, so that out of 5 average tosses, the coin lands in the 1-bit side 3 times, and the 0-bit side 2 times. The key would still be very hard to guess, but the person trying to guess could get the right key a lot quicker by trying those keys that have more 1s than 0s.

    Even worse, imagine that the coin tosser gets tired and bored -- or even loses the coin down a drain! -- after 50 tosses, and inserts "1010" in many different parts of the random sequence until there are enough key bits. The key is still PARTLY random, but an attacker who discovers the habits of the lazy coin tosser can guess the right key VERY MUCH FASTER, than if it were truly random.

    So, the key must be a number of "the right size," it must be unguessable because of randomness, and it must be made in secrecy.
    ___________________________________________________

    Now you have the problem, how do I get this secret key to the other person, with whom I exchange secret messages? That's where public key cryptography offers one possible solution.
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2013
    Posts
    3
    Rep Power
    0
    Thank you very much mah$us that is an excellent explanation, really clarifies several points for me very well.

    Thank you and thanks all for helping me out

    JoB333x1!

IMN logo majestic logo threadwatch logo seochat tools logo