Part I Overview:

Secret Key Cryptography

Unfortunately, most of us understand that our computer, identity even livelihood is vulnerable. What most of us don’t quite ‘get’ yet is how cryptography helps.

Cryptography is, by nature, designed to be confusing, so start by looking at one of computer cryptography’s simpler essential components – secret keys.

The Basics

Cryptography is both the lock and combination (or 'key'). There are a variety of cryptographic methods and keys. If the cryptographic method (algorithm) is secure and there are great quantities of potential secret keys, the method is said to be strong.

Strong methods are made more secure by being published since they can be scrutinized by cryptanalysts, mathematical and linguistic analysts.

The Digital Encryption Standard (DES), the published cryptographic standard from 1977 - 2000 withstood attack over the years. Since DES was strong, cryptanalysts attacked the keys. This means trying (with normal luck), on average, half of all possible keys — some number of trillion keys.

Since trying many trillion keys was much quicker in 2000 than 1977, cryptanalysts succeeded. Rijndael (pronounced “rain doll”) was selected by the National Institute of Standards and Technology (NIST) to replace DES in 2000 and is known as the Advanced Encryption Standard (AES).

Assurances We Need

We want digital communications to provide us with all the security assurances we have historically enjoyed from our face-to-face communications.

We want to know that:

  • » only those intended can understand the meaning of our communications (confidentiality)
  • » we know who we are talking to (authentication)
  • » our message hasn’t been changed during transmission (integrity)
  • » the receiver can’t deny having received our message (non-repudiation)

The Big Problem: Key Distribution

Secret keys imply only trusted parties should have copies of the secret key. That also means key distribution must assure only trusted parties have copies of the keys. Obviously, key distribution is a very big problem.

Traditional methods of key distribution use trusted couriers to place the initial secret key. If the key is shared with a trusted third party (TTP), the TTP can act as an intermediary and the TTP is known as a Key Distribution Center (KDC).

The more users the more keys, the more key management and the bigger the potential bottleneck at the KDC. Additionally, if the KDC also acts as a key escrow agent, the KDC, itself, is an attractive target.

Although secret keys get close to all the digital security we want, it literally took thousands of years to figure out how to securely distribute secret keys → public key encryption or PKI (Public Key Infrastructure).

Part II: Public Key


Back to "Free Chapters"


© H. X. Mel & Doris Baker all rights reserved