On Information Security — Privacy

  1. Political reasons: Before the standard was released for the public use, there were a series of debate whether cryptography should be allowed to the public. On the one hand, it was obvious that the booming technology required the public to protect the privacy. On the other hand, public use of cryptography could jeopardize the government’s ability for criminal investigation. For national security purpose, cryptography was considered as munition. Along with these concerns, there are allegations that NSA inserted backdoor to the published algorithm. Moreover, many mathematicians and cryptographers pointed out the obvious shortness of the key length of DES. Nevertheless, in the midst of all the shenanigans, DES was released in 1977. Shortly afterwards, personal computation greatly increased individual ability to break the cipher codes.
  2. Technical reasons: DES was a based on symmetric key cryptographic technology. The biggest problem of symmetric key cryptography in general is key distribution method. In order for two parties to share the same key, there must be a established private channel where they can exchange the keys. Perhaps this can be achieved if one party, say government, establish the private channel of all individual. This way would need an operator, like telephone operator and modem operator during the early days of each technology. However, it would be very far from direct communication between individual. For direct communication, symmetric cryptography was simply impossible.
  1. Open publication of algorithm: After Diffie and Hellman published their work, there were surges of movement that published the new technology to the public. For instance, shortly after the publication, Ron Rivest, Adi Shamir, and Leonard Adleman published a practical implementation of the public key cryptography. It was generic description of algorithm. Later, they filed patent with their algorithm and opened business. Then invented chips for secure phone conversation and produced software that could generate keys. It is not hard to imagine that NSA was weary of Renaissance of cryptography. Controversy and argument continued on whether people should be in control of cryptography. However, it seems that the new era was inevitable. Cryptology went public.
  2. Individual Key: The idea of public key cryptography is rather simple. Individuals are each given two keys: public key and private key. When A would like to send message M to B, A would encrypt M with B’s public key. B would receive the message and decrypt M using its private key. Then, B safely receives the message. From its design, it is computationally infeasible to trace private key from the public key. The message exchange is safe. The consequence of this simple structure is rather surprising. In this case, A and B may be a total stranger. Without the need to establish a common secret key in advance, like in the symmetric key cryptography system, A and B are able to safely exchange message as long as they hold on to their individual key. That is to say, if A and B use the same algorithm that is open to public, they are no longer in need to rely on a separate entity to ensure the security.
  3. Authentication: Of course, there is another stranger-danger concern. If A and B are really strangers to one another, it would be difficult for A to be assured that the receiver is in fact B. Public key cryptography has second part to its story that solve this problem from its design. Coming back to the conversation between A and B, when A would like to authenticate B’s identity, it may request its digital signature. Digital signature is mixed message between the original message M and its private key. B would send its digital signature generated from M and B, which A would authenticate that it was from B by decrypting M using B’s public key. Of course, digital signature should be algorithmically secure so that it should be impossible to guess B’s private key from its digital signature.

--

--

--

커뮤니티를 만들고 운영합니다

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

My Startup Was Hacked: What I Did Right (and Wrong) — Bplans Blog

Avatars of the future trend of NFT

My Email Account Was Hacked And This Is What I Learned From It.

@snowlightt check this out @sunjiyeong1 @FarmFolkNFT @JuliaSn54787655 @weihenizongshi2 @mikedtoons…

Key Numbers for the July 20th JST Airdrop

Deblox Discord Community Open

Encrypting disks on Ubuntu 19.04

Cyber Security in Supply Chain. Is it that important?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
아곤

아곤

커뮤니티를 만들고 운영합니다

More from Medium

Update or Malware? How to Solve Your Identity Problem.

Avoiding Security Alert Hell: Introducing Squyre

Deepfence on the Kubernetes Podcast

What is Identity and Access Management?