29 IDEA, the International Data Encryption Standard, was originally developed by Xuejia Lai and James Massey of ETH Zuria. Contrary to DES, IDEA was designed to be much more efficient when implemented as a software application. Instead of operating on a 64-bit message block size, with a corresponding 64-bit key size, the IDEA code uses a 128-bit key to transform a 64-bit message block into a 64-bit result. Although the algorithm is very new compared with DES and even other secret key systems, it has proven to be quite secure, and probably superior to DES in the long run. Both DES and IDEA are similar in that they operate on data one chunk at a time, performing mathematical transforms based on substitutions and permutations.

2.2.4.3 Public key cryptosystems

Public key systems, on the other hand, are a collection of ciphers that do many different things. Some do digital signatures, some do key exchange, some do authentication but no encryption, and some do everything. However, they all have one general concept in common: there are always two components that are used for operation on the input data. One of the components is the private piece and one is dubbed the public piece. An interesting nugget of trivia is that it is irrelevant which actual piece is which mathematically, since the two are inverse operations of one another. The thing that separates the two is that the private piece is the part that is secreted away, while the other is distributed. Distributing both pieces would be like giving away your secret key with each bit of encrypted data you send.

2.2.4.4 Diffie-Hellman

The Diffie-Hellman algorithm, generally regarded as the oldest public key system, was based on the problem of how two entities could agree on a secret by using only public channels. It was the genesis of RSA, which we will discuss next, but it provides only a bare skeleton of secret exchange. Diffie-Hellman supports neither encryption nor digital signatures. You might be wondering, without those features, what value could it have? The Diffie-Hellman algorithm is typically used for quick key exchange. When software is programmed to change its key values every once in a while, or even with every transaction, having a quick way of producing a secret key that both parties know, even by using only a public channel, is required. This is where Diffie- Hellman excels. Imagine two famous people at either end of a restaurant, passing notes to each other that anyone can read along the way. These notes contain the information necessary for the two parties to agree upon a secret key, but its done so that no one looking at the slips of paper could know what that secret was. Nifty trick, eh? The Diffie-Hellman algorithm is based on a principle involving the concept of a strong prime number. Diffie-Hellmans weakness is that even though two parties can establish a secret key in a public arena, there could be a masquerader who effectively middlemans between the two parties, completely unobserved. By placing himself in the path, and by catching the right messages, the middleman doesnt need to actually know the secrets, but he can masquerade as the other by misdirection. Suppose an interloping party lets call him M could listen to party As initial request to B, and respond with Ms code pretending to be B. Further, M could copy the message, replace his code for As, and forward the message on to B to establish a faked conversation that way as well. In this manner, M would have successfully exchanged two secrets one with both A and B but without the knowledge of either. A and B think they are talking to each other, but they are really talking indirectly through M. 30

2.2.4.5 RSA

RSA gets its name from its inventors: Rivest, Shamir, and Adleman. It is a public key system supporting both encryption and decryption with a variable length key. Using a long key increases security, but at the cost of performance; likewise, a short key is quick to compute, but is less secure. The RSA algorithm, as implemented, typically uses a 512-bit key, with an upper range of about 4K bits. Larger keys than that become unwieldy to use given todays computing power. Its nice to know that as long as the underlying principles of the algorithm are safe, meaning that no one has been able to break the fundamental problem of factoring quickly, then as computing power increases, both attacker and protector enjoy an equal gain in performance. Unlike private key encryption, the message block length i.e., the size of the chunk of message to be operated on is also variable. Unlike DES and IDEA, RSAs message block length can be almost anything. However, it must be equal to or smaller than the size of the key to prevent an easy security breach via a brute force search of the possible ciphered alphabet. Regardless of message block size, the ciphertext block size will always equal the size of the key. Because RSA uses the principles of gigantic prime numbers to base its equations on, as well as modulo exponentiation arithmetic, the RSA algorithm is much slower than almost any of the popular secret key systems including the ones discussed previously, DES and IDEA. To use the RSA algorithm, one generates what is commonly referred to as a key pair. The first step in doing this is to choose two large prime numbers. Numbers in the 50 to 100 digit range are typical. Call these p and q. Multiply them together to get the result n. From there, using mathematical magic, you would choose a number e that is relatively prime with respect to the totient function of n. [1] We wont bore you with the mechanical intricacies of how exactly this is done. Suffice to say that a pair of numbers is produced, e and d, with the odd property that one is the multiplicative inverse of the other with respect to an equation where mod n is used. From here the combination of {d,n} is referred to as the private key, and the set {e,n} is the public key. In actuality, since one is the exact inverse of the other given the equation de = 1 mod totientn, it doesnt matter at all which is the public one and which is the private one. The one that you keep hidden is the private one. The RSA algorithm used for encryption and decryption is essentially the same. Given that e and d are inverses, encryption is the process of running the message with the public key forward through the algorithm, while the act of decryption is also running the ciphertext through the algorithm with the other key. Specifically, the encryption routine consists of taking the clear text chunk and raising it to the power of e mod n, and decryption is essentially taking the ciphertext and raising it to the power of d mod n. 2.2.5 How Secure Is It Really? Given the explosive increase in computing resource power every year, data stored in encrypted form gets less and less secure. As we discussed earlier, the life of a particular piece of encrypted data or even the life of an encryption algorithm itself is governed by the raw 1 When n is a positive integer, Eulers totient function is defined to be the number of positive integers not greater than n and relatively prime to n.