Symmetric and asymmetric encryption. What is HTTP

To exchange messages and hide content from third parties, encryption is used. It is used where an increased level of protection is required. There are two encryption schemes: symmetric and asymmetric.

What is encryption

Encryption will be useful when you need to hide some information from unauthorized persons and provide sensitive data to authorized users.

A feature of this type of data transfer is the use of a key.

There are three security states:

hiding information from strangers;
preventing change;
maintaining the integrity of information;
sender identification.

To read information other than the key, a decoder is required. This is what ensures that it is impossible for attackers to obtain data, because if they intercept the data but do not have the key, it is impossible to read it.

There are two types of encryption: symmetric and asymmetric.

The main purpose of encryption is to store information. This allows you to work with some data from unreliable sources and transmit messages over unsecured channels. Sending information goes like this:

the sender encrypts the data;
the recipient decrypts.

Each transformation is implemented using algorithms that use keys to solve them. Symmetric and asymmetric encryption methods are distinguished by their cryptographic strength.

Cryptographic strength

Symmetric and asymmetric encryption systems have a characteristic that makes it difficult to gain unauthorized access.

There are 2 main types of cryptographic strength of an encryption system.

A completely resistant system cannot be compromised, even with infinitely large computing resources. It is characterized by the fact that for each message its own separate key is generated. Its length is equal to or greater than the message length.

Sufficiently strong systems are used in civil cryptographic systems. Such an algorithm is difficult to decipher, but with the appropriate resources it becomes possible.

Comparison of the cryptographic strength of some encryption systems

The maximum RSA key size is 4096 bits.

It is used for encryption and signing. The cryptographic strength can be described as 2.7.1028 for a 1300 Bit key. The scheme is used in many standards; the RSA encryption principle is one of the first asymmetric algorithms.

The key size of the ElGamal scheme is equal to RSA - 4096 Bits. It is used for both encryption and digital signature. The cryptographic strength of this system is no different from RSA with the same key size.

The DSA method uses a much smaller key - 1024 bits. It is used exclusively for digital signatures.

Symmetric and asymmetric encryption

These two types of encryption differ in the number of keys and the level of resistance to hacking.

If one key is used for encoding and decoding, then the encryption is symmetric. Asymmetric encryption involves using one key for each algorithm.

A public key encrypts a certain code that represents a specific message. The key is known to both parties, it is transmitted over an unsecured channel, and can be intercepted. The most important task of storing information is to protect the key from interception.

The private one is used for decryption. Known only to one side. It cannot be intercepted, since it is always with one interlocutor.

The purpose of encryption determines the method for maintaining confidentiality. One of the first was symmetric encryption; asymmetric encryption was invented later to provide greater security.

Features of symmetric encryption

The symmetrical protection system has the following advantages.

High speed and ease of implementation.

To ensure the strength of the cipher, a short key length is used.

The disadvantages include the following:

complexity of key management in a large network;
complexity of key exchange;
the need to find a reliable channel for transmitting the key to the parties;
impossibility of using digital signatures and certificates.

To compensate for the shortcomings, a combined scheme is used, in which the key used for decryption is transmitted using asymmetric encryption. It is transmitted using symmetric encryption.

Features of asymmetric encryption

Using a public-private key pair can be used as:

independent means of information security;
key distribution facility;
user authentication means.

Has the following advantages:

storing the secret key in a safe place, instead of which open channel transmitted open;
the decryption key is known only to one party;
in a large asymmetric system, use fewer keys than in a symmetric system.

It is difficult to make any changes in such algorithms. Such a system has long keys. If the symmetric key is 128 Bits, then the RSA key is 2304 Bits. Because of this, the decryption speed suffers - it is 2-3 times slower. Decryption requires large computing resources.

There are many examples of symmetric and asymmetric encryption systems.

Symmetric encryption - what does it look like?

An example of symmetric encryption and implementation diagram is below.

There are two interlocutors who plan to exchange confidential information.

The first interlocutor generates a key d, encryption algorithms E and decryption D. Then he sends this information to the second interlocutor.

The message is decrypted with key d.

The main disadvantage is the inability to establish the authenticity of the text. If the key is intercepted, the attacker will decrypt the secret information.

There are classical methods.

Simple and double permutation.

Magic square.

Single permutation.

The first method is one of the simplest, the scheme of which does not use a key. The sender and receiver agree on some key, represented as a table size. The transmitted message is written to the columns of the table, but is read row by row. Knowing the size of the table, the recipient decrypts the message.

To ensure greater secrecy, a double rearrangement is used. This way the previously encrypted text is encrypted. To do this, the tables must differ in the number of rows and columns. They are filled vertically, horizontally, in a snake, in a spiral. This method does not strengthen the encryption, but the hacking process becomes longer.

“Magic square” is a more complex structure that is a matrix. Natural numbers are entered into the cells in such a way that the sum of the numbers in each column, row, and diagonal is the same. Each number corresponds to a letter of the message. The resulting text is written into a line, matching numbers and symbols.

Examples of asymmetric encryption

IN in this case The public key is sent over a public channel and could theoretically be intercepted by attackers.

Unlike symmetric ones, asymmetric encryption keys are different. A public key is used for encryption, and a private key is used to decrypt the message. Using two keys solves the problem of eavesdropping that was present in the symmetric method. It is implemented like this.

The first interlocutor selects encryption and decryption algorithms and a pair of keys. The public key is sent to the second interlocutor.

The second interlocutor encrypts the information using the received key. Sends information to the first interlocutor, who decrypts the message using the private key.

There are such basic methods of asynchronous encryption.

ElGamal code.

RSA

RSA is the first cryptographic algorithm used for both encryption and digital signature.

It is described like this.

Two prime numbers are selected, for example, 3 and 7.

The modulus n is calculated - the product of two numbers. That turns out to be 21.

The Euler function φ=(p-1)×(q-1)=2×6=12 is calculated.

Any prime number e less than φ and prime with φ are calculated. Available options: 5, 7, 11.

A pair of numbers e, n (5, 21) is a public key. Now the numbers d and n of the private key are calculated. The number d satisfies the condition (d×е) mod φ=1 and is equal to 17. As a result, the second pair of numbers 17 and 21 is the private key. Encryption is performed as follows: the message is raised to the power of e, the remainder of division by n is taken, and the result must be less than the number n. It turns out 10 - this will be encoded data. To decode, e is raised to the power d, and the remainder of division by n is calculated.

DSA

DSA (unlike RSA) is used only for digital signing, not encryption. A given signature can be publicly verified. There are two algorithms for signature creation and verification. It is the hash message that represents the text in digital form. Therefore, a complex hash function is chosen to avoid collisions. Building a digital signature consists of the following steps.

Selecting a cryptographic hash function H(x).

The bit size of the prime number q must be equal to the hash function value H(x).

Selecting a prime number p such that p-1 is divisible by q without a remainder.

Calculation of the number g = h (p-1)/q mod p. h must be an arbitrary number in the range from 1 to p-1.

Selected random number k from 0 to q.

Calculate r = (gk mod p) mod q.

Then s = k-1(H(m) + xr)) mod q.

If r=0 or s=0, another number k is chosen.

El Gamal scheme

ElGamal encryption is used for digital signatures. It is a continuation of the Diffie-Hellman algorithm.

When working according to this scheme, it is important to take into account the following feature. ElGamal encryption is not a digital signature algorithm based on the scheme of the same name. When encrypting, the text is converted into a cipher that is 2 times longer than the original message.

Key generation occurs as follows.

A random prime number p is selected.

The number g must be the primitive root of p.

The number x must be greater than 1 and less than p-1. This will be the private key.

Then the public key y is calculated using the formula g^x mod p.

When encrypting text M, the system key K is selected. It is greater than one and less than p-1. Then the numbers a and b are calculated, which are the ciphertext, a = g^k mod p and b = y^k M mod p.

Hello!
Let's look at what symmetric and asymmetric cryptography are - why they are called that, what they are used for, and how they differ.

To be precise, it is more correct to say symmetric and asymmetric encryption algorithms.

Cryptography (crypto - hide, hide), as the science of hiding what is written, the science of hiding information.

Most of the encryption algorithms used are open, that is, the description of the algorithm is available to everyone. The encryption key is secret, without which it is impossible to encrypt, much less decrypt, information.

Symmetric encryption algorithms are algorithms that use the same key for encryption and decryption. That is, if we want to exchange encrypted messages with a friend, we must first agree on what encryption key we will use. That is, we will have one encryption key for two.

In symmetric algorithms, the encryption key is a weak point and more care must be taken to given key others didn't recognize it.

Asymmetric encryption algorithms are algorithms in which different but mathematically related keys are used for encryption and decryption. Such related keys are called a cryptopair. One of them is closed (private), the second is open (public). At the same time, information encrypted with a public key can only be decrypted using a private key, and vice versa, what is encrypted with a private key can only be decrypted using public key.
You store the private key in a safe place, and no one knows it except you, and you distribute a copy of the public key to everyone. Thus, if someone wants to exchange encrypted messages with you, they will encrypt the message using your public key, which is available to everyone, and this message can only be decrypted using your private key.

Now about why and why symmetric and asymmetric algorithms are used:
The table shows that to encrypt a large amount of information, for stream encryption (for example, VPN with encryption), fast and undemanding symmetric algorithms are used.

But if we need to maximally secure a small amount of information, while we are not constrained by time and computing resources, then we can use asymmetric cryptography.

In life, of course, everything is a little different than in theory.
In life, a combination of symmetric and asymmetric algorithms is used.

For example, VPN with encryption:

The first step uses asymmetric key algorithms to obtain a symmetric encryption key (). At the second step, the streaming data is encrypted using symmetric algorithms with the key generated in the first step.

Thus, it is common practice to use a symmetric key to quickly encrypt large amounts of data. In this case, to exchange and transmit a symmetric key, asymmetric encryption algorithms are used.

Few people know exactly how it works asymmetric encryption. For example, there are people who do not consider https protocol any adequate protection of transmitted data. And as a rule, when trying to convince them otherwise, they respond with something along the lines of “if we transmit encrypted data, then we must say how to decrypt it, and this information can be intercepted and, therefore, the data can be decrypted.” And to the arguments that this is not so and that asymmetric encryption is the basis, the answer is “So what?”

Okay, I understand that not everyone needs to know all the intricacies of implementing asymmetric encryption. But general principle work, I believe, should be known to everyone who is in any way connected with computers.

I would like to summarize the essence of this post in this annotation: Remember, asymmetric encryption is secure, of course, if all conditions are met. And to prove this I will try to describe the algorithm in clear language so that everyone can understand that it is safe. Meet Alice, Bob and Eve and the transmission of their secret message under the cut.

By the way, why Alice and Bob? There is a short article about this on Wikipedia: Alice, Bob and Eve. To make it clearer, Alice and Bob want to exchange messages, and Eve is trying to intercept and read these messages.

A little history

Cryptography of past centuries had one huge problem - the problem of key transfer. At that time, there were only so-called “symmetric” ciphers - ciphers in which data is encrypted and decrypted with the same key.

For example, Alice encrypted some message and wants to send it to Bob. Naturally, for Bob to read it, he needs the key with which it was encrypted this message. And then the problem arises of how to transfer the key so that no one can intercept it. Inquisitive minds will make an offer - let them pass it on in person, and then communicate as much as they want. Yes, I don’t argue, it’s a way out. Now imagine for a second that your Internet mail, before you log in to it, will require you to travel to the physical location of the mail server. Comfortable? Perhaps not very much.

Of course, the key can be transmitted over another communication channel. But cryptography considers all unsecured communication channels as insecure. That is, transferring the key to Bob over the phone, for example, is considered unsafe, just as nothing prevents Eve from listening to the phone as well.

Until the 70s, this problem became so commonplace that it was considered an axiom that in order to transmit a message you need to transmit the key with which the message is encrypted (and some people still think this way). But in 1976, Diffie and Hellman proposed their “exponential key exchange method.” Since these years, the development of asymmetric cryptosystems began.

A little bit of real life

Before studying any algorithm, you need to imagine how it works. And the easiest way is to compare it with how something works in reality.

Let's imagine that Alice and Bob live in a country in which the entire postal system is completely immoral and postal employees read all unsecured mail. Alice, a not stupid girl, before sending a message to Bob, took an iron box and, putting the letter inside and closing it with her lock, sent this box to Bob.

Naturally, the post office cannot read this letter, but Bob himself cannot read it, since he does not have the key with which the lock is closed. Alice, of course, can take another iron box, put the key from the previous one in it, and send it to Bob, but Bob will not be able to open it either...

The only way is to make a duplicate of the key and give it to Bob in person...

And so it begins to seem that key exchange is an inevitable part of encryption - or is it not?

Let's imagine a different picture. I'll write it down step by step:

Alice puts her letter in an iron box and, locking it, sends it to Bob.

Bob, upon receiving the box, (attention!) takes his lock and, having additionally locked the box with it, sends it back.

Alice already receives the box with two locks (let me remind you, Alice’s first lock, for which she has the key, and Bob’s second, for which only Bob has the key).

Alice removes her lock and sends the box back to Bob

Bob receives a box with one of his locks for which he has a key

Bob unlocks his remaining lock with his key and reads the message

The significance of this short story is enormous. It shows that two people can transmit a secret message without exchanging keys. Think about it! This story actually destroys all the axioms on which the cryptography of that time was built. Yes, we get some complication of the process (the box had to be sent three times), but the result...

Let's get back to cryptography

It would seem that a solution has been found. The sender and receiver encrypt their message, and then the interlocutors take turns deciphering theirs.

But the point is that there are no ciphers that would allow one to remove a cipher from another cipher. That is, the stage where Alice removes her cipher is impossible:

Unfortunately, all available algorithms still require the removal of ciphers in the queue in which they were applied. I’m afraid to call this an axiom (since history already knows cases when such axioms were smashed to smithereens), but this is still the case.

Let's get back to math

The box idea I described above inspired Diffie and Hellman to look for a way to convey a message. Eventually they ended up using one-way functions.

What is a one-way function? For example, there is a doubling function, i.e. double(4)=8, it is two-sided, because from result 8 it is easy to obtain the initial value 4. A one-way function is a function after applying which it is almost impossible to obtain the initial value. For example, mixing yellow and blue paint is an example of a one-way function. Mix them up easily, but to get the original components back - impossible. One such function in mathematics is modulo calculation.

As a basis for the algorithm, Hellman proposed the function Y x (mod P). The inverse transformation for such a function is very difficult, and we can say that, in essence, it consists of a complete enumeration of the original values.

For example, you were told that 5 x (mod 7) = 2, try to find x, A? Found it? Now imagine that numbers on the order of 10,300 are taken as Y and P.

By the way, to increase durability, the number P must be a prime number, and Y- be a primitive root modulo P. But since we are still trying to understand the theory, I don’t see the point in bothering with this.

Diffie-Hellman algorithm

And then one day it dawned on Hellman and he was able to develop a working key exchange algorithm. This algorithm requires steps on both sides to work, so I'll put it in a table:

	Alice	Bean
Stage 1	Both participants agree on meanings Y And P for a general one-way function. This information is not secret. Let's say the values were selected 7 And 11 . The general function would look like this: 7 x (mod 11)
Stage 2	Alice chooses a random number, for example 3 A	Bob chooses a random number, for example 6 , keeps it secret, let's denote it as a number B
Stage 3	Alice substitutes the number A 7 3 (mod 11)= 343 (mod 11) = 2 a	Bob plugs in the number B V general function and calculates the result 7 6 (mod 11)= 117649 (mod 11) = 4 , denotes the result of this calculation as a number b
Stage 4	Alice passes the number a Bob	Bob passes the number b Alice
Stage 5	Alice gets b from Bob, and calculates the value b A (mod 11)= 4 3 (mod 11) = 64 (mod 11) = 9	Bob gets a from Alice, and calculates the value a B (mod 11)= 2 6 (mod 11) = 64 (mod 11) = 9
Stage 6	Both participants ended up with a number 9 . This will be the key.

Magic? I don’t argue, it’s not clear at first glance. But after reading and thinking about this table, it becomes clear how it works. However, if it is not clear, then scroll to the end of the chapter, where I posted an explanatory video.

Moreover, please note that to obtain the key in the final formula, any person needs to have three values:

Values a And P, and Bob's secret number B
or meanings b And P, and Alice's secret number A

But secret numbers are not transmitted over the channel! Eve won't be able to recover the key without someone's secret number. Why - I wrote above, this function is one-sided. Try solving the equation 4 x (mod 11) = 2 y (mod 11) having found x And y.

To make it clearer how the Hellman scheme works, imagine a cipher that somehow uses color as a key:

Let's first assume that everyone, including Alice, Bob and Eve, has a three-liter jar into which one liter of yellow paint is poured. If Alice and Bob want to agree on a secret key, they each add one liter of their own secret paint to their jars.

Alice can add purple paint, and Bob can add crimson. After that, each of them sends his jar with the mixed contents to the other.

Finally, Alice takes Bob's mixture and adds one liter of her secret paint to it, and Bob takes Alice's mixture and adds one liter of his secret paint to it. The paint in both cans will now be the same color, since each can contains one liter of yellow, purple and crimson paint.

It is this color, obtained by adding twice to the paint jars, that will be used as a key. Alice has no idea what kind of paint Bob added, and Bob also has no idea what kind of paint Alice poured, but they both achieved the same result.

Meanwhile, Eve is furious. Even if she were able to intercept the jars containing the intermediate product, she would not be able to determine the final color, which would be the agreed upon key. Eve can see the color of the paint obtained by mixing the yellow paint and Alice's secret paint in the jar sent to Bob, and she can see the color of the paint obtained by mixing the yellow paint and Bob's secret paint in the jar sent to Alice, but to find the key, she, in fact, it is necessary to know the colors of Alice and Bob's original secret paints. However, by looking at the jars of mixed paints, Eve will not be able to identify Alice and Bob's secret colors. Even if she takes a sample of one of the mixed paints, she will not be able to separate it into the original paints to find the secret one, since mixing paint is a one-way function.

Still not clear? Then watch the video:

Well, I hope you understand that there is quite real way secure key exchange. But please note that it is not yet possible to call this algorithm an asymmetric cipher, since in essence it is just a key exchange algorithm.

Asymmetric encryption

an asymmetric algorithm assumes the presence of two keys - public and private. That is, the message is encrypted with a public key and decrypted with a private key and nothing else. Actually, it was this concept that Diffie formulated.

IN general essence of this algorithm lies in the fact that the receiving side, before receiving the message, generates a pair of keys based on the modular arithmetic algorithm (the principle is the same as in the Diffie-Hellman algorithm), the actual private and public key. Before sending, the sender receives a public key and encrypts the message with this key, after which this message can only be decrypted with a private key, which is kept secret by the receiving party.

If we return to the analogy with locks, then public key encryption can be thought of as follows:

Anyone can lock a lock by simply clicking it until it closes, but only someone who has the key can unlock it. Locking a lock (encryption) is easy, almost everyone can do it, but only the owner of the key can open it (decryption). Understanding how to latch a lock so it closes won't tell you how to unlock it.

A deeper analogy can be drawn.

Imagine that Alice is designing a lock and key. She vigilantly guards the key, but at the same time makes thousands of duplicate locks and sends them around post offices all over the world. If Bob wants to send a message, he puts it in a box, goes to the local post office, asks for an "Alice lock" and locks the box with it. Now he will no longer be able to open the box, but when Alice receives the box, she will be able to open it with her only key.

Putting a lock and clicking it to close is equivalent to a shared key for encryption, since everyone has access to the locks and everyone can use the lock to lock the message in the box. The key to the lock is equivalent to the secret decryption key because only Alice has it, only she can open the lock, and only she can access the message in the box.

There are several algorithms that implement asymmetric encryption. The most famous of them is RSA. I don’t see the point in describing it, since I still won’t be able to understand how it works right away, and I still won’t be able to write it better than what’s written on Wikipedia.

Conclusion

Well, I hope that once you understand how asymmetric encryption works from the inside, you will begin to trust it more and, accordingly, use SSL more often =)

Materials were used from the book Singh Simon - Book of Codes. By the way, the most best book for those who want to understand at least a little about cryptography. I advise everyone to read it.

tv
Selecting such a key will take you a lot of time. Little more than the universe exists. Even on very powerful computers.
Igor
What is this nonsense with public keys for? Symmetrical ones are more reliable.
Good afternoon
Good site, the material is clearly presented, many thanks to the author. I came here by accident in September, when I was looking for information on practical encryption.
I am writing because I want to ask: Anyone want to know how to find numbers for symmetric encryption? I can teach you how to quickly check the number P for primality (without searching for the number g) - but this is unlikely to be interesting. The most interesting:
Find the number P of any length and the number g to it. I don’t use any 2 to the power of n plus one (or minus one). Naturally, it's free. There is even a website where I posted my work.

Uasya Petrovich

I understand that a lot of time has passed, but I will still answer for new readers like me.

This won't work because... after actions 2 and 3 we see the difference by which the number of each of the blocks has changed, therefore Bob’s secret number becomes obvious to us and we can only intercept the message after the 4th action (i.e. without Alice’s cipher) and use what is already known to us Bob's number.

Evgeniy

Thank you so much for the article!
After reading, almost everything fell into place on its own shelves and acquired a structure that was easy to expand upon.
Having such a structure, it is easy to generate the right questions (MiTM attack shelf, special thanks to Mikhail :)).

From a pedagogical point of view, you did everything perfectly. I think you are right that you did not add MiTM attacks to this article, otherwise there would have been information overload.

The video is adorable, especially considering its age.

PS: the use of metaphors to explain “complex” systems is frankly difficult to overestimate. Thanks again!

dbzix

From this article I did not catch the moment of transition from the Diffie-Hellman algorithm, where two subscribers exchange public data and intermediate results of calculations to obtain a secret key (in the example there were as many as 6 stages) to the stage where a certain public key is used for encryption, which is then decrypted using a private key (I am counting here only 2 stages of data transfer - sending a public key and sending a message encrypted with this key).
Those. I understand that somewhere between these two explanations there is probably a lot of mathematics hidden, and in the end the explanation boils down to “this is how it works, just trust me.” But it would probably be easier to understand this sudden transition if the analogy with paints were extended to explain the essence of encryption with a public key followed by decryption with a private one. In the meantime, the result is some kind of “B works because A,” while there is no clear connection between A and B. At least for me.
Dear author, would you be so kind as to explain to me this mystical jump from A to B? :) Thank you!

Evgeniy

Good afternoon,

Given: there is a formula Y^x (mod P).
the example in the article is based on the formula 7^x (mod 11)

I took 4^x (mod 7) for my example
and I couldn’t come up with a common key.
Question: why does the algorithm in the example work for 7^x (mod 11) and not for 4^x (mod 7)?

Jessi-jane

Andrey

Thank you, great article!
Only now I almost figured out the algorithm, how to calculate through the module.
Could you tell me how to calculate the number B if the number A is less than the modulus?
Well for example:
3(mod 13) = ?

I know that if, for example, you need to calculate 625(mod 13), you need 625/13, and then multiply the largest possible integer divisor (48) by the modulus (which here will be equal to 624), and finally 625-624 = 1
The numbers 625 and 1 are comparable modulo 13, since 624 is divisible by 13.
This is what I understand. But what if the module more number A?

Yellow Horror

1. Man-in-the-middle attack is a serious problem. As far as I can tell, within the framework of cryptography alone, this problem cannot be solved in principle: if we accept that Eve is capable of intercepting and imperceptibly replacing ALL data coming to Alice or emanating from her via ANY communication channels, no encryption will help. At least one certificate must be obtained by Alice from a completely reliable source. But if an attacker can only listen to the communication channel and not change the data in it, asymmetric encryption is quite reliable.
2. As for the ability to remove one “cipher layer” from under another, the banal XOR function, widely used in cryptography from ancient times to this day, has this property. I don't think it can be patented :(

Dmitry Amirov Author
Yes, you are right, the mitm attack today cannot be solved in any way if you are absolutely paranoid. If they are not, then fiddling with certificates and signatures will provide “necessary and sufficient” protection.

As for the XOR function, it can hardly be called a cipher, because it is not one in its essence.
1. Yellow Horror
  Come on? Google the Vernam Cipher. This is a messaging system with absolute crypto-resistant. And it is based precisely on XOR. Leaving aside some organizational difficulties (creating truly random keys with uniform distribution, maintaining the secrecy of the encryption pad in an unfriendly environment, and securely destroying used keys), humanity has not yet come up with anything simpler and more reliable.
2. Yellow Horror
  Although, upon reasonable reflection, I realized that the double reversible encryption method does not work if the attacker knows the encryption algorithm. Let's look at Mikhail's ideas as an example:
  
  1. We break the encrypted information into blocks. Each block is represented by a number. The block size (number of bits) determines the number of possible block values and (accordingly?) the strength of the encryption.
  2. To encrypt the message, Alice selects a secret number (which she does not send to anyone), which she adds to each of the numbers in the blocks and sends the message encrypted in this way to Bob.
  
  So far so good: Eve can't read Alice's message because... does not know the key number. If the blocks are large enough, it is difficult to recover Alice’s message, but if the block is longer than the message and the key does not have vulnerabilities, it is impossible. But Eve can and does copy Alice's ciphergram.
  
  3. Bob receives the encrypted message, chooses his secret number (which he also does not send to anyone), adds this number to each of the numbers in the blocks of the message encrypted by Alice, and sends this double-encrypted message to Alice.
  
  And here the problems begin: Eve still cannot read Alice’s message, but, having a copy of the ciphergram received by Bob and the double encryption sent by him, she can easily restore key Boba.
  
  4. Alice subtracts her secret number from each number in the blocks of this double-encrypted message and sends the resulting message to Bob.
  
  Alice has removed her “layer” of cipher and now sends Bob her letter, encrypted only with Bob’s key. Which Eva already has! Eve decrypts the letter and reads it, and, just in case, can recover Alice’s key using the decrypted text of the letter and the first ciphergram she intercepted.

Dmitriy

Hello. Good article, but I also did not understand some of the points described above.
It is the transition from the algorithm for obtaining a secret key by both interlocutors (Alice and Bob) (without posting them in public access) to asymmetric encryption.
You write that the message is encrypted on Alice's side with the public key received from Bob. But if we encrypt with a public key, then Eve can easily get it and decrypt it herself, right?
It still remains unclear to me how you can encrypt with a public key and decrypt only secret on Bob's side. That is, they encrypted it with the word “Home”, and deciphered it with the word “World”. For me this is some kind of nonsense.
Based on these obvious gaps (either yours or mine), I concluded that the circuit here must be more complicated than in the picture. Most likely, the arrow from Bob’s public key to Alice means something else, namely the entire sequence of actions to obtain “Y” and “P”, obtain intermediate results, etc. In other words, I think that when the original message is encrypted with a supposedly public key, it is actually encrypted not with a public key, but with a secret one, which is calculated on each side separately.

I also had a question about decrypting a double-encrypted message. If we take, say, the Caesar cipher, where each letter is encrypted with another letter, standing, say, 3 positions further. If Alice encrypts the letter A in the message with the letter B, and then Bob encrypts this letter B with the letter G, then it will be easy to obtain the letter A from G, and in any order. True, this will most likely work only in cases where both know the encryption type of the interlocutor and with fairly simple encryption types (monoalphabetic/polyalphabetic). I'm also new to cryptography, so this is my opinion ;)

Dmitriy
I forgot to ask.
What is the difference between symmetrical and asymmetrical methods?
1. Dmitriy
  I read it, more or less somehow grouped everything in my mind.
  I will answer the questions I wrote, perhaps thereby helping other readers.
  1. About
  
  You write that the message is encrypted on Alice's side with the public key received from Bob. But if we encrypt with a public key, then Eve can easily get it and decrypt it herself, right?
  It also remains unclear to me how it is possible to encrypt with a public key and decrypt only with a secret one on Bob’s side. That is, they encrypted it with the word “Home”, and deciphered it with the word “World”. For me this is some kind of nonsense.
  
  This article mentions the RSA algorithm. Symmetric encryption algorithm. It actually uses the following algorithm:
  1) Based on a certain one-way encryption function (a function that is easy to calculate in one direction, but very difficult in the other. A) we create a pair on the recipient (public key; private key). This pair is unique, that is, each public key corresponds to a unique private key for this one-way function.
  
  3) The sender encrypts the message
  4) Transfers to the recipient
  
  As you can see, the sender does not know the private key and he is not able to decrypt his own encrypted message. That's why it's called asymmetric, because one has all the keys, and the other only has the part needed for encryption.
  
  What is the difference between symmetrical and asymmetrical methods?
  If I used the Diffie and Hellman algorithm to transmit the secret key, and then was able to securely transmit the encrypted message, would this method be symmetric?
  
  The Daffy-Hellman algorithm, which serves for key exchange and further symmetric encryption. That is, its essence is that first both receive full key for encryption and decryption, and then they begin the most common symmetric encryption.
  
  Asymmetric method - one node has all the information for encryption/decryption, and the other, as a rule, only for encryption
  
  Symmetric - both nodes know all the information for encryption/decryption.
  
  I hope I helped someone;3
  1. Dmitriy
    This article mentions the RSA algorithm. Asymmetric encryption algorithm I sealed it.
  2. Dmitry Amirov Author
    Hmm... just now noticed your comments. My apologies.
    
    Everything seems to be correct. There is one thing about your last paragraph, specifically the terms:
    - Daffy-Hellman algorithm- is an algorithm that allows you to obtain one shared secret key and nothing more
    - Asymmetric/symmetric encryption- in general, everything is correct with you
    - RSA- an algorithm that is a combination of these things. On your fingers: using asymmetric encryption using the Deffie-Helman protocol, a secret key is established with the help of which messages between interlocutors are encrypted using the symmetric encryption method.
  3. Dmitry
    I still didn't understand the statement:
    2) The public key is transferred to the sender.
    3) The sender encrypts the message
    4) Transfers to the recipient
    5) The recipient decrypts using the private key. This message cannot be decrypted using the public key.
    
    It turns out that you had in mind from the very beginning. We encrypt with the word Home, and decrypt with the word World. Does this mean that there is another algorithm connecting the World and the Home with each other?

Robert

Thanks a lot!!!

Novel

Thank you. I finally decided to figure out how it works and learned from this article. Only, I believe, if the accomplices know each other and it is possible to exchange public keys securely, then it is worth doing. To eliminate the detrimental impact of the possible appearance of a person in the middle when exchanging keys, who will pretend to be A as B and B as A, replacing the keys with their own and ultimately viewing all the information.

And in the video, I think it’s in vain that they use this 3^(24*54), because It’s not at all obvious where it came from, or they would explain that it’s conditional.

RinswinD

Thanks for the article. Everything is explained very clearly.

grigory

Well, this illiteracy of spelling irritates everyone - “one-sided”, “applied”, “long”, as if in the 5th grade. And so, not bad for understanding the basics.

grigory

Sometimes the question is simple. Ransomware viruses use a private key. Eat original file, there is an encrypted file. Task: find an algorithm, so to speak, that looks for an algorithm for converting the first file into the second...

Allexys

Thank you for the clear and fun article! Finally I got the hang of the basics :).

Yaroslav

Unfortunately, all available algorithms still require the removal of ciphers in the queue in which they were applied.

This is not entirely true. I'll give you an example:
— suppose that each letter corresponds to digital code A = 1, B = 2, C = 3, etc.;
— suppose that Alice sends Bob a letter consisting of a single letter A (to simplify the example);

Alice: puts her cipher A + 2 = B

Bob: puts his cipher B + 3 = E
Bob: sends a letter to Alice
Alice: removes her cipher E - 2 = G
Alice: sends a letter to Bob
Bob: removes his cipher G - 3 = A

Here the number 2 is Alice's secret key, 3 is Bob's secret key. Moreover, it may not be one-character. In principle, its length is unlimited.

Dmitry

I've been avoiding for a long time theoretical foundations asymmetric encryption. I knew superficially - there is a public key with which the data is encrypted, and there is a private key with which the data is decrypted. But the thought of implementing such encryption has always bothered me.
Your article helped a lot, thank you very much for that!
Only towards the end of it did I see this nonsense again - “encrypted with a public key.” After all, strictly speaking, the message is encrypted not with a public key, but with a key obtained based on the sender’s private key and the recipient’s public key (which, in turn, was generated based on the recipient’s private key). Indeed, in the table about Alice and Bob - they and only they were able to obtain the same key “9” - it is used to encrypt and decrypt the message. But this key can only be obtained based on a pair of keys - secret (Alice/Bob) and public (Bob/Alice).
Figuratively - yes, the message is always encrypted secret key the sender (roughly speaking, it is constant) and the public key of the recipient (it depends on the specific recipient), therefore, in the description, encryption with a “secret” key is omitted - and this omission breaks the whole order of reasoning.

Clarkson

I read the article and didn’t understand it very well, although it was better than on the wiki. But there’s just one thing I don’t understand. If anyone can answer correctly, please help.

if I send everyone the question “how much is 2+2?”, I tell them how to encrypt the answer to me (I tell everyone the public key), and everyone will send me an answer to the question, how do I find out from whom exactly I am waiting for an answer, that is, with whom Did I really want to make a connection?

Dmitry Amirov Author
Here you are asking the question a little wrong.

If you need to establish a connection with someone, then you need to go from the opposite direction. You connect to your interlocutor, and already he will tell you provides your public key, not you.

UPD: wrote an article about, I think this will be the correct answer to your question.
1. Clarkson
  I'll have to fight my stupidity. the topic is discussed in the comments and in your article, it seems that everything was explained.
  
  still. Why do I need to publish his key? tell me if I don't understand correctly.
  I am the initiator (I need answers, in the example I am the receiving party), which means I generate a pair. it’s him who responds (the sender in your example) who needs my public
  
  Before sending, the sender receives a public key and encrypts the message with this key, after which this message can only be decrypted with a private key, which is kept secret by the receiving party.

Beshot

I re-read this article and others on the topic several times, but the algorithm for using digital signatures in email is unclear. documents If it’s like this here: https://ru.wikipedia.org/wiki/Electronic_signature, then discrepancies arise. So do we still encrypt using a private key or a public one?

Dmitry Amirov Author
If we sign something, we form the signature based on our private key. And the recipient must have our public key, with the help of it he will be able to decrypt this signature.

If the signature is “decrypted”, then the public key corresponds to the private key, and since a priori, only the sender has the private key, which means it was the sender who signed the document.
1. Beshot
  Dmitry, your article helped me a lot, you have a good style. But there is an incomprehensible point: you claim that the asymmetric algorithm assumes the presence of two keys - public and private. That is, the message is encrypted with a public key and decrypted with a private key and nothing else.
  
  It may be a matter of the original task, for example the recipient needs to authenticate the messenger.
  Then I can’t imagine how this scheme can help?
  1. Dmitry Amirov Author
    That is, the message is encrypted with a public key and decrypted with a private key and nothing else.
    
    Not entirely true. The message is encrypted with one key and decrypted with another. Those. It is quite possible to encrypt it privately and decrypt it publicly.
    
    Let's look at an example. You want to send me a message, I want to make sure that it was you who sent it to me. Step by step:
    1) You encrypt the message with the private key
    2) Send it to me
    3) I contact you and receive your public key from you
    4) I decrypt the received message with your public key
    5) If the message is decrypted, it means you were the one who sent it
    
    No one else can send this message pretending to be you, because only you have the private key.
    1. Beshot
      Ok, but what if you need to hide a message from prying eyes?

Anya

Good afternoon I liked the article, but I still had questions (there were even a couple of similar ones in the comments, but without answers).
If in the second part of the article we move on to the analogy with Alice and Bob, in particular to the numbers A, B, a, b, P and the number 9 obtained in the example, which of them will be the private key and which will be the public key? Thanks in advance for your answer!

Anya
It’s not clear whether my comment was posted or not :(
Dmitry Amirov Author
It would be more correct to say that in the process of exchanging data, Alice and Bob receive a common key 9 , which can later be used to encrypt their messages. In fact, in the article I described not asymmetric encryption itself, but the key exchange protocol, which gave impetus to the development of asymmetric encryption.
The algorithm for generating a private/public key pair is actually a little more complicated, although it is similar to the algorithm outlined above, but still probably deserves a separate article. I won’t write this out right away in the comments, because I might confuse a lot of things.

Gregory

Asymmetric cryptographic systems were developed in the 1970s. The fundamental difference between an asymmetric cryptosystem and a symmetric encryption cryptosystem is that different keys are used to encrypt information and its subsequent decryption:

public key K: used to encrypt information, calculated from private key k;

private key k: used to decrypt information encrypted with its paired public key K.

These keys differ in such a way that the secret key cannot be deduced using calculations k from public key K. Therefore, the public key K can be freely transmitted over communication channels.

Asymmetric systems are also called two-key cryptographic systems or public key cryptosystems.

Generalized asymmetric scheme encryption cryptosystems

For cryptographic closure and subsequent decryption of transmitted information, the recipient's public and secret keys are used IN messages. The recipient's public key should be used as the encryption key, and his private key as the decryption key.

The private and public keys are generated in pairs. The private key must remain with its owner; it must be reliably protected from unauthorized access (similar to the encryption key in symmetric algorithms). Each subscriber of the cryptographic network with whom the owner of the secret key exchanges information must have a copy of the public key.

The process of encrypting and transmitting a message

The process of transmitting encrypted information in an asymmetric cryptosystem is carried out as follows:

1.Preparatory stage.

Subscriber IN generates a key pair: secret key k B and public key TO V. Public key TO V sent to the subscriber A and other subscribers (or is made available, for example, on a shared resource).

2.Use - exchange of information between subscribers A and B.

Subscriber A encrypts a message using a public key TO IN subscriber IN and sends the ciphertext to the subscriber IN. Subscriber B decrypts the message using his secret key k B. No one else (including the subscriber A) cannot decrypt this message because it does not have the subscriber’s secret key IN. Information protection in an asymmetric cryptosystem is based on key secrecy k B message recipient

One-way functions

Asymmetric algorithms are based on the use of one-way functions.

Function F:X→Y is called one-sided if the following two conditions are met:

there is an efficient algorithm that calculates F(x) for anyone x∈ X;

there is no efficient algorithm for inverting a function F, i.e. algorithm that allows you to determine the value of x by the value F(x).

A polynomial algorithm is called “efficient”, i.e. algorithm that to obtain the result for an input of length n spends no more P(n) steps where P- some polynomial.

Not any one-way function can be used for encryption. Indeed, if we transform the plaintext t using a one-way function: c = F(t), then decrypt the received text, that is, recover from c t, no one will be able to, including the legal recipient. To be used in cryptography, it is necessary that the task of inverting the encryption transform (i.e., computing t By F(t)) was solvable in an acceptable time, but only someone who knew the secret key could do it. Such functions are called one-way secret functions.

A one-way function with a secret is a function F k : X→ Y, depending on the parameter k∈ K(this parameter is called a secret), for which the following conditions are met:

at any k∈ K there is an efficient algorithm that calculates F k (x) for anyone x∈ X;

with the unknown k there is no efficient algorithm for inverting a function F k ;

with a known k there is an efficient algorithm for inverting a function F k .

AlgorithmRSA

In a public key cryptographic system, each participant has both a public key and a private key. In the RSA cryptographic system, each key consists of a pair of integers. Each participant creates their own public and private key independently. Each of them keeps the private key secret, and the public keys can be shared with anyone or even published.

Coprime numbers are those numbers that have no common divisor other than 1.

Euler function  (p) from natural p is the number of numbers less than p and mutually prime with n(the number 1 is coprime to any number).

If p is a prime number, then  (p) = p - 1.

If p- simple, a is a natural number, then  (p a ) = p a - p a -1 .

If p And q relatively prime, then  (pq) =  (p)  (q)

Key generation is performed using the following algorithm:

1. Two large prime numbers are selected p, q(today usually choose numbers containing from 200 to 400 characters)

2. their product is calculated n, which cannot be factorized in a reasonable time. This work is called module

3 . The value of the Euler function is calculated

φ(n) = φ(pq) = (p − 1)(q − 1).

4. An integer is selected e (1< e<  (n)) , coprime to the value  (n) . Usually as e take prime numbers, containing a small number of one bits in binary notation, such as the Fermat primes 17, 257 or 65537. Number e called open exponent

5. The number is calculated d, satisfying the condition:

de 1(mod(n))

or in another form:

de=1+k(n)

Number d called the secret exponent

6. Pair P = (e, n) published as the public key of the RSA system.

7. Pair S = (d, n) called an RSA private key and is kept secret.

1. Message encryption

To encrypt data using a known key P = (e,n), it is necessary to split the encrypted text into sides, each of which can be represented as a number M(i) = 0, 1, ... , n-1. Next, the text is encrypted as a sequence of numbers M(i), transformed according to the following formula:

C(i) = M(i)emod(n)

2. Decoding the message

To decrypt a message using the secret key P=(d,n), you need to convert each number from the sequence in the encrypted message using the formula:

M(i) = C(i)dmod(n)

As a result, a set of numbers M(i) will be obtained, which represents the source text.

We released new book“Content Marketing on Social Media: How to Get into Your Followers’ Heads and Make Them Fall in Love with Your Brand.”

HTTP is what allows data to be transferred. Initially, it was created for sending and receiving documents containing links inside to make the transition to third-party resources.

The abbreviation reads “HyperText Transfer Protocol,” which translated means “transfer protocol.” HTTP belongs to the group application level based on the specifics used by OSI.

To better understand what HTTP means, let's look at a simple analogy. Let's imagine that you are communicating with a foreigner on a social network. He sends you a message on English, you get it. But you cannot understand the content because you do not speak the language well. To decipher the message, use a dictionary. Having understood the essence, you answer the foreigner in Russian and send the answer. The foreigner receives the answer and, with the help of a translator, deciphers the message. To simplify the whole mechanism, the Internet protocols HTTP perform the function of a translator. With their help, the browser can translate the encrypted content of web pages and display their content.

What is HTTP for?

The HTTP protocol is used to exchange information using client-server model. The client composes and transmits a request to the server, then the server processes and analyzes it, after which a response is created and sent to the user. Upon completion this process the client makes a new command, and everything repeats.

Thus, the HTTP protocol allows the exchange of information between various applications users and special web servers, as well as connect to web resources (usually browsers). Today, the described protocol ensures the operation of the entire network. The HTTP data transfer protocol is also used to transfer information via other protocols for more than low level eg WebDAV or SOAP. In this case, the protocol is a means of transportation. Many programs also rely on HTTP as the primary tool for exchanging information. Data is presented in various formats, for example, JSON or XML.

HTTP is a protocol for exchanging information over an IP/TCP connection. Typically, the server uses TCP port 80 for this purpose. If the port is not registered, software the client will use TCP port 80 by default. In some cases, other ports may be used.

IN HTTP protocol a symmetric encryption scheme is used; it uses symmetric cryptosystems. Symmetric cryptosystems involve the use of the same key to encrypt and decrypt information.

What is the difference between HTTP and HTTPS

The difference can be detected even from the decoding of abbreviations. HTTPS stands for Hypertext Transfer Protocol Security. Thus, HTTP is an independent protocol, and HTTPS is an extension to protect it. HTTP transmits information unprotected, while HTTPS provides cryptographic protection. This is especially true for resources with responsible authorization. It could be social media or payment system sites.

What are the dangers of transmitting unprotected data? An interceptor program can transfer them to attackers at any time. HTTPS has a complex technical organization, which allows you to reliably protect information and eliminate the possibility of unauthorized access to it. The difference lies in the ports. HTTPS typically works on port 443.

Thus, HTTP is used for data transfer, and HTTPS allows secure data transfer using encryption and authorization on resources with high level security.

Additional functionality

HTTP is rich in functionality and is compatible with various extensions. The 1.1 specification used today allows the Upgrade header to be used to switch and work through other protocols when exchanging data. To do this, the user must send a request to the server with this header. If the server needs to switch to a specific exchange using a different protocol, it returns a request to the client, which displays the status “426 Upgrade Required”.

This feature is especially relevant for exchanging information via WebSocket (has the RFC 6455 specification, allowing you to exchange data at any time, without unnecessary HTTP requests). To migrate to WebSocket, one user sends a request with the Upgrade header and the value “websocket”. Next, the server responds with “101 Switching Protocols.” After this moment, information transfer via WebSocket begins.