Cryptographic Algorithms And Security

Cryptographic algorithms and security

Introduction

Privacy is an issue that gives little relevance in the media. Companies such as Google or Microsoft have been subject to many accusations and even, led to trial, for violating certain privacy rights. These cases have been normalized to such excess, that we no longer scandalize and continue using their services equally. Many of these companies, promise a privacy level that is usually a much lower one, according to studies made by experts. For example, the online messaging or end messaging company WhatsApp, added end -to -end encryption (E2EE) in 2016 (this type of encryption and many more will be explained throughout this trial). According to Micah Lee, what did not "forgot" to mention that they could check the identity of the sender and recipient of any message without any problem. Something that according to this journalist and cybersecurity expert, "would be available to governments". For these types of problems, cryptography is something that limits the possibilities, both for attackers and for these large multinationals.

Cryptography

Cryptography is useful when we want. If I had to pass through a server to reach the recipient, the encrypted information will be impossible (or very difficult) to decipher for said server. It will also be useful, if it turns out that we are subject to an attack "Man in the Middle" information that is being transferred by this communication route).

The hacker who tries to read the information, will not be able to understand it when encrypted.

There are two types of encryption:

Code

This type of encryption is understood, putting an example: if we wanted.

To encrypt through a code, the resulting chain will be the same size as the original, and the conditions or rules that have been followed to encrypt said chain, will be collected in a code book or dictionary.

For an attacker, this encryption is very easy to solve, since even without knowing the algorithm used to transform characters, they are simple to foresee.

Cryptographic algorithms

Cryptographic algorithms work thanks to keys. Messages are encrypted, and deciphered by using these keys. Depending on the messaging system, new keys will be generated for the exchange of messages each messages. Depending on how many two parts of a two band communication have, there are two types of cryptographic algorithms: symmetric cryptography and asymmetric cryptography. For both types, the sending of the message to be sent must encrypt the message with a key before sending it, so that the recipient deciphe it after receiving it. These algorithms result from greater complexity than code encryption. The keys are generated pseudo-alienating. Later it will reason why this is a problem and as quantum cryptography poses an infallible solution.

Symmetric cryptography

So that symmetric cryptography works, a single key will be created that will share the sending and recipient of the message. This key will be used both, to encode the message and to decode it. This key is private, which will mean that it can only be known by the sender and the recipient, being private for both. In the event that another device was done with this key, it would cease to be private and communication between devices would cease to be sure. This type of cryptography is very fast. The private key that creates the algorithm in a pseudo -allegation way is very difficult to break (find its value), having to try a large amount of possibilities.

Asymmetric cryptography

Asymmetric cryptography is somewhat more complex and much more novel than symmetric cryptography. Sender and recipient will have to have a public and another private key. The public key of each can be known by the other and even by another device that wants to intercept communication. On the other hand, each private key cannot be exposed to any device other than to the key. The messages can be encoded with the public key and decoded with the private key of the recipient of the message in question and vice versa. A message encoded with a public key cannot be decoded with another (or that same) public key in any way, if not the exchange of messages would cease to be safe.

Therefore, if we want to send us encoded messages with another device, we will have four keys in total that we will have to use: one private and another public for each device.

The exchange of messages still could be sabotaged by any other person. Someone could send messages by passing through the sender, knowing the public key of the recipient. To make sure we do not have this problem and make the recipient know who the sender is, we must make a double codification: first we will encode the message with our private key and we will codify it again with the public key of the recipient. In this way, when the recipient decodes the message with his private pass.

Key exchange

In the case of example of the symmetric cryptographic algorithm, we have assumed that there is a safe channel so that both the sender and recipient can share the private key they will use to send messages. But this safe channel does not exist. We are posed by a problem. How can we let the other device know the key that we are going to use to encode/decode the messages? The solution turned out to be asymmetric cryptography. Whitfield Diffie and Martin Hellman created the DIFFIE-HELLMAN KEY EXCHANGE SYSTEM. It consisted of using a variant of asymmetric cryptography to share the private key they would use sender and recipient to exchange messages. In order not to extend the essay, an image is attached that explains the DIFFIE-Hellman system through the mythical analogy of colors with Alice and Bob:

Alice and Bob will be the devices that want to exchange messages. The common color they both know will be the public key. And the secret colors will be the private key of each of them. When combining the colors, a secret color is created, which can only be known by Alice and Bob.

Following this key exchange, Alice and Bob can use symmetric cryptography, which will cause messing and decoding messages to be much faster, than if asymmetric cryptography be used.

Quantum cryptography

After becoming familiar with the concepts of cryptography we can deal with quantum cryptography. This type of cryptography has been implemented, and experts say that, in a few years, it can be marketed, together with quantum computers. The difficulty of this cryptography is that it cannot be remotely implemented, when working via fiber optic.

Quantum cryptography raises a solution to the problem of the exchange of keys so that the key they use sender and recipient is impossible to have been for an agent that is ageno to these, unless it is shared with him. It is a concept that is not yet marketed and on which great advances are being made. This type of cryptography will be explained very basically not to extend the essay more than what is needed.

The exchange of keys will be made by an optical fiber. The sender (r) will send a series of photons for this fiber. The photons will be defined by their positioning (the positioning is chosen raid). They may be oriented vertically, horizontally, 45 degrees to the right or 45 degrees to the left. The vertical photons will correspond to a 0 and the horizontal to a 1. In turn, the photons oriented 45 degrees to the left will correspond to a 0 and those that are oriented 45 degrees to the right with a 1. The objective is to obtain a key composed of a series of zeros and some, from the photons that are sent by the fiber.

Meanwhile, the recipient (d) will have to filter these photons with two types of filters. He will randomly choose which of the two filters use for each photon. One of the filters (F1) will correctly filter vertical and horizontal photons, and therefore, we can obtain their value (0 or 1). Therefore, the other filter (F2) will filter the oriented photons 45 degrees to the left and right with their respective values.

In the case where D will filter a photon with the incorrect filter, D will obtain an incorrect value. For example, in the case of receiving a 45 -degree oriented photon, if the F1 filter was used, the value we obtain would be a random value (0 or 1) and not the value that we want to obtain.

After filtering all the photons sent R, D will have a series of bits. Next, it will communicate to the filters you have used for each photon that has been sent, in order. R and D will coordinate to rule out the bits that have been obtained with incorrect filters. By discarding these bits, R and D will have the same collection of some and zeros. This will be the key they will use.

When D filters the photons, the status of these changes. Therefore, in the event that someone wanted to obtain the key, putting between R and D and filtering the photons that R sends, the orientation of the photons will change, and will be detected by R and D. In the following diagram, the process can be visualized in a more graphic way:

The advantage that an exchange of keys based on quantum cryptography brings compared to the DIFFIE-Hellman exchange is that the exchange system will be able to detect if someone is trying to intercept the key they share sender and recipient.

Although this type of cryptography increases the security of a symmetric cryptography based on communication, which those previously exposed, still does not avoid a problem: the danger of a private password to have been through a brute force attack (or “bruteforce”). The attacker can try to find out the password that R and D use, testing all possible combinations. The attacker could intercept all the messages that R and D exchange and save them, until he finds the key he needs to decipher them. This could be very lucky and that the first password to prove was correct. But the probabilities are very low (1/2¹²⁸; look down).

Quantum computers and post-quantic cryptography

Most keys used by current cryptographic methods contain 2¹²⁸ possible combinations, being composed of 128 bits. The majority of digital computers that exist (marketed) are considered to be unable to break these keys. In a 2012 article, Mohit Arora calculates the alleged time that the computer would take for the faster so far, in breaking a key generated by the AES (Advanced Encryption Standard). The result he obtained was that, at most, it would take 1.02 x 10¹⁸ years. Being the creation of these random keys, it must be taken into account that the attacker has the same possibilities to face any of the 2¹²⁸ possibilities, which supposes that as average it will take (1.02 x 10¹⁸) / 2 years, which requires a lot of patience and a few lives behind the back.

This ends up being a problem for the attacker with the introduction of quantum computers. The computational capacity of quantum computers is basically greater than that of a digital computer. According to the journalist Linus Chang for Betanews, in his 2017 article, he affirms that “if a digital computer takes to break a 56 -bit password a whole day, a quantum computer would take 0.322 milliseconds ". For this generation of quantum computers, 256 -bit keys are still considered safe. But can we continue to increase the length of the keys, in order to follow the rhythm to the power of computers? The answer is no. A time will come when passwords are of such size, that they will radically affect the computer’s performance that we use. Next, a table that catalogs the different encryption algorithms that we use daily, as will be affected by quantum computers:

Although the marketing of Cuartic Computers seems like a fantasy, they are not as far as they seem. The first quantum computer taken to the market has been launched in January of this year, by the IBM company. Not knowing the possible limits of computational power in the future, it goes into debate if it is possible to find a cryptographic technology that avoids being broken.

The post-quantic cryptography enters the scene. This, tries to implement algorithms based on public keys (as in asymmetric cryptography) that are unwavering in front, up to a (supposed) computer of an infinite power, using very complex concepts of quantum physics. It is a very novel field that is in the development phase. Some experts expect this technology to be prepared for 2023. Although something very abstract is still considered, technology companies are investing a lot of money in this sector. It could be a revolution for the world of cryptography.

conclusion

The different types of cryptographic algorithms that we use today are not as safe as we can believe. The commercialization of quantum computers can be a before and after in this field. With this, the computational power of computers would be so great, that the algorithms that we believe sure today would be obsolete and our privacy could be more vulnerable than ever. Although we can extend that moment until limiting the possibilities of our computers, emerging technologies such as post-substance cryptography pose much more efficient solutions. But, for these technologies to be applicable, it is necessary for much more capital to be inverted and "do not leave for tomorrow what you can do today".