Today, Im writing about something that was first used by the Ancient Mesopotamians. It used to be illegal to export under weapons trafficking treaties, and it is frequently bemoaned by law enforcement. Its also a critical component of almost every electronic device, and without it, the global economy would come to a screeching halt. Im talking, of course, about encryption algorithms.
Encryption is technically a subset of cryptography, which is the study of how to communicate securely in the presence of an adversary (who might try to eavesdrop, edit, or disrupt said communication). To encrypt something is to take some information, like my password is 1234, and combine it with a key (a chunk of hopefully random data) via some encryption algorithm such that it becomes unreadable gibberish. Said gibberish is only decipherable by providing an identical key, or a key thats mathematically related to the original key in a complicated way.
The kind of encryption youre most likely familiar with is symmetric encryption: encrypt a message with one key, and decrypt it with the same key. Symmetric encryption dates back to ancient times; Julius Caesar invented (or popularized) a cipher where the letters of the alphabet were simply shifted some number of places down (e.g. A becomes C, B becomes D, and so on). But cryptography didnt really take off until the early 20th century, with the advent of technologies like radio, which enabled longer-range communication at the cost of being trivially easy to eavesdrop on. World War II saw use of the Enigma Machine, a fascinatingly complicated electromechanical device that was only decoded by the Allies after a Herculean effort. These days, though, encryption generally refers to modern computerized algorithms like AES.
AES is short for Advanced Encryption Standard and has been the standardized encryption method for the U.S. governments classified information since 2002. Its also used for most web traffic, disk encryption on iOS and macOS, password managers, end-to-end encrypted chat applications, and a zillion other things. In fact, most modern processors have specific hardware components just to encrypt and decrypt AES data. But symmetric encryption still has a flaw: you need both parties to have the same key for them to talk to each other. How does that happen when theres no secure communication channel, like when accessing a website over the Internet? It would obviously be impractical for every computer to come pre-programmed with what would be millions or billions of different encryption keys for everything. So, we need a way for two parties, communicating solely over an insecure communication channel, to have a conversation thats impervious to eavesdropping. It sounds impossible, but as it turns out, its perfectly achievable with a bit of sorcery known broadly as asymmetric-key encryption.
Its not particularly an exaggeration to say that without asymmetric-key encryption, the Internet wouldnt exist anywhere near its current form. It would be impossible to transmit any sensitive information like credit cards, passwords, or private email, unless you obtained an encryption key offline (which kind of obviates the entire point). Its hard to speculate on exactly what an Internet in this world would look like, or whether it would exist at all, but I can safely say that it would be a lot worse than it is now.
So how does asymmetric-key encryption work? The first hint is in a more common name for it: public-key cryptography. Instead of one key that encrypts and decrypts (symmetric encryption), asymmetric encryption uses a pair of keys: a public key and a private key. If you encrypt a message with the public key, it can only be decrypted with the corresponding private key, and theres no way you can figure out the private key from just the public key. So, you can make the public key as public as you want: transmit it over a public WiFi network, give it to your friends, even post it on social media. Meanwhile, the private key is private only to you. If someone wants to send you a message, all they have to do is encrypt it with your freely available public key and transmit it to you through any channel, even an insecure one. You can think of public-key cryptography as like a safe with two separate keys one key can only lock, and the other one can only unlock. You can duplicate the locking key as much as you want, and anyone can use it to put stuff in the safe and then lock it. But to access whats inside after the safe has been locked, youd need your secret unlocking key.
But the lock analogy breaks down at a certain point, because theres no difference in principle between the public and private key. If I encrypt something with my private key, it can only be decrypted with the corresponding public key. This is useful for identity verification through something called a digital signature. If I take a message, encrypt it (or sign it) with my private key, and publish the encrypted and original messages together, then you can verify the encrypted message decrypts successfully to the original. If they match, then you know I am who I say I am. (This concept, by the way, is key to the security of blockchain-based cryptocurrency: transfers out of a specific account are only accepted by the rest of the network if they have a valid digital signature proving that whoever submitted the transfer possesses the private key for said account.)
The specific mathematical underpinning behind public-key cryptography is sort of complicated and varies based on the specific algorithm. For many algorithms, we rely on the fact that multiplying very large numbers together is relatively easy, while finding the factors of a very large number is very, very hard. (For performance reasons, some modern algorithms use things that are kind of similar to large numbers like elliptic curves, but we can safely ignore that.) Either way, though, the mathematical details of public-key cryptography are somewhat less interesting than the fact that it exists and you can do things with it.
Almost everything you do on the Internet nowadays relies on public-key cryptography. If youre reading this on a computer, the webpage was transmitted via the HTTPS protocol, which (to simplify things) means your computer transmitted an encrypted request using The Phoenix websites public key, which lets your computer talk to the server through a private channel. If youre reading this in the print edition, then public-key cryptography was still involved I send in these articles via email, which involves my computer making a secure connection to my mail server using its public key via the same method. (Technically, asymmetric encryption is generally used just to secretly transmit a key for symmetric encryption, since symmetric encryption is considerably faster.)
But why does any of this matter, aside from it being really cool and interesting? Well, Ive previously written about why HTTPS makes paying for a VPN somewhat unhelpful for a lot of people. Today, though, Im going to cover end-to-end encryption, which is a fascinating application of cryptography and an interesting thing to be aware of in your own life.
When you send an email, its (usually) encrypted in transit via the methods I talked about above: if someone is eavesdropping on your Internet traffic, they cant read your mail. But once it reaches your mail server, its decrypted and is readable by your mail provider (e.g. Gmail). Its important to note that readable doesnt mean someone at Google is regularly snooping through your mail to learn all your secrets, it just means that Googles systems can process the plain contents of messages. This can be for innocuous reasons: checking whether messages are spam, for instance, or automatically adding a booking to your calendar based on a confirmation email. But theres nothing technically stopping Google from scanning your email to target advertisements. (Google explicitly says that they dont do this. Sometimes it might seem like they do, but those are often cases where, e.g., you search for winter coats, spend an hour browsing winter-coat-related websites, and then see an ad for winter coats next to an email you sent to a friend asking about coat recommendations.)
But the fact that Google could read your email if they wanted to is more important in a different way: if Google can theoretically do it, then the government can too. If youre worried about government surveillance (from any government), then you dont care what a company says they will or wont look at, you want a cryptographic guarantee that they cant provide data to anyone even if they were made to by a court order, subpoena, or police raid. This is where end-to-end encryption comes in.
End-to-end encryption is when your data stays encrypted all the way from you to the person or people youre talking to. Most commonly, this is in the context of chat applications like WhatsApp or iMessage. To secure your messages, instead of the server publishing its public key, everyone on the service publishes a public key. The private keys never leave each persons device. If you want to send a message to your friend, you ask the server for your friends public key and use it to encrypt the message. The server here just passes encrypted messages back and forth, so all it can possibly know is when you send messages and who you send them to. (Through a little bit more cryptography, its actually also possible to also obscure the fact that youre sending the messages kind of like dropping a letter in a mailbox without writing a return address.) Actual end-to-end encryption as implemented also uses a bit more stuff on top of the public/private key business, via something called a double ratchet: the two parties constantly change their public and private keys via an agreed-upon method. This means that if a private key is compromised, an attacker can only view a few messages before the keys are regenerated.
Full end-to-end encryption (or at least, end-to-end encryption that didnt suck) was pioneered in 2013 by what would eventually become Signal. Signal was the first end-to-end encrypted messaging app that tried to be usable by non-computer-nerds while still being secure, and as a result has seen extensive use among whistleblowers, journalists, and any social movement you care to name. But whats had an even bigger impact is the Signal Protocol that the Signal app was built on. The protocol defines a standardized and secure method for sending text and other communication completely securely between two or more parties. In 2016, WhatsApp, the most popular messaging application in the world, switched over to the Signal Protocol for all of its messages and data. This means that every text sent on WhatsApp is unreadable to WhatsApp, its parent company Facebook, or anyone else, except the intended recipients. (Unlike Signal, however, WhatsApp does collect and use data about when and to whom messages were sent, and might use that information to target advertisements.)
So, if end-to-end encryption is so easy to use, why isnt it used for everything? Mostly because it turns out that not having a usable copy of your data stored on a companys servers is annoying from a usability standpoint for anything more complicated than simple text chat. You may have experienced this yourself if youve ever been added to a WhatsApp group chat in progress: since previous messages were only encrypted with the previous participants keys, you cant read them and miss any context that happened before you got there. End-to-end encryption also means that mirroring messages or conversations between multiple devices is difficult: since only your phone holds the keys to decrypt the messages, keeping chat records consistent between your laptop and phone requires awkward relay setups. Finally, its sort of pointless for public-facing things like social media where everyone is supposed to be able to read it anyway.Notice that in this article I havent really talked about any possibility of breaking a key. Thats because modern encryption algorithms are, for all intents and purposes, unbreakable: cracking a single 256-bit AES key with every computer on the planet would take about 14 thousand trillion trillion trillion trillion, or 14,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000, years.
Its impossible to even begin to give a perspective on how big that number is. If you try to express it in terms of multiples of the age of the universe, another mind-bogglingly big number, you get another number thats still too big to properly express. (About 900 thousand trillion trillion trillion times the age of the universe, if youre wondering.) But the fact that properly implemented AES encryption is effectively impossible to break via computational brute force doesnt mean that your secrets are necessarily safe from, say, regular brute force (as a classic xkcd comic illustrates). One of the fundamental lessons of encryption (and indeed of all computer security) is that the humans that use encryption algorithms are almost always more vulnerable to deception, persuasion, or blunt force trauma than the algorithms themselves. It doesnt matter how big your encryption key is if the password used to generate said key is just the word password.
View original post here:
How To Talk to Strangers Where No One Can See You - The Phoenix - Swarthmore College The Phoenix Online
- Elon Musk weighs in on the encryption wars between Telegram and Signal - Business Insider - May 15th, 2024
- Microsoft to Make BitLocker Encryption the Default in Next Windows 11 Build - ExtremeTech - May 15th, 2024
- Encryption toolkit for media makers: An introduction - Freedom of the Press Foundation - May 15th, 2024
- Which is it, RPD? Shooting, Disorderly, Or Encryption and Lies? - Rockford Scanner - May 15th, 2024
- Windows 11 Will Enable Encryption by Default During Installation - 80.lv - May 15th, 2024
- Apple and encryption services Wire and Proton have provided information on activists at the request of police - GIGAZINE - May 15th, 2024
- End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box - The Register - May 6th, 2024
- Microsoft breaks VPN encryption in Windows 11 and Windows 10 - GB News - May 6th, 2024
- Marriott admits it falsely claimed for five years it was using encryption during 2018 breach - CSO Online - May 6th, 2024
- Marriott admits it wasn't using encryption before major 2018 hack - TechRadar - May 6th, 2024
- WhatsApp could leave India over encryption battle - Rest of World - May 6th, 2024
- Encryption: The Cornerstone Of Cryptocurrencies | MENAFN.COM - MENAFN.COM - May 6th, 2024
- Quantum-proofing passwords and artwork with DNA encryption - Advanced Science News - May 6th, 2024
- News: Encryption and encrypted passwords in the world of blockchain and crypto - Bitfinex - May 6th, 2024
- Banking Encryption Software Market to Reach USD 11.50 Bn by 2029, at a CAGR of 9.2 percent As Revealed In N... - WhaTech - May 6th, 2024
- ETtech Explainer: WhatsApp's standoff with Centre over end-to-end encryption - The Economic Times - May 6th, 2024
- Explained: Why WhatsApp is willing to leave India over encryption - MSN - May 6th, 2024
- The Future of End-to-End Encryption May Get Decided This Week in Nevada | TechPolicy.Press - Tech Policy Press - March 13th, 2024
- What is fully homomorphic encryption and how will it change blockchain? - Blockworks - March 13th, 2024
- Zamas homomorphic encryption tech lands it $73M on a valuation of nearly $400M - TechCrunch - March 13th, 2024
- WhatsApp encryption status might appear at the top of chats - BGR - March 13th, 2024
- TELCLOUD Teams With CyberProtonics to Add Quantum Encryption Security Technology on All POTS Line Phone ... - Business Wire - March 13th, 2024
- WhatsApp Clears Up Confusion Over Encryption With A Handy New Chat Label - Hot Hardware - March 13th, 2024
- WhatsApp Now Offers Encryption Label At The Top Of Your Chat Window: What It Means - News18 - March 13th, 2024
- WhatsApp update: An encryption indicator for chats is in the works, says report - HT Tech - March 13th, 2024
- Navigating an evolving landscape of threats and the rise of the encryption-less data breach - iTWire - March 13th, 2024
- Quantum Cryptography and Encryption Market Size, Growing Demand and Trends 2023 to 2030 - WhaTech - March 13th, 2024
- WhatsApp wants to 'show off' its end-to-end encryption feature to users - The Times of India - March 13th, 2024
- Disk Encryption Software Market Report Probes the Size, Share, Competitive Landscape and Trend Analysis - WhaTech - March 13th, 2024
- Signal President Meredith Whittaker Warns Against Encryption Threats and Tech Accountability Misuse - BNN Breaking - March 5th, 2024
- Shiba Inu Implements State-of-the-Art Encryption to Enhance Privacy & Security for Users and Developers - The Defiant - DeFi News - March 5th, 2024
- NYPD shows no sign of reversing Staten Island police radio encryption, but state legislation could change that - SILive.com - March 5th, 2024
- BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico key can be sniffed when using an ... - Tom's Hardware - February 9th, 2024
- BitLocker's Encryption Is Broken, But It's Still Not Time to Switch - MUO - MakeUseOf - February 9th, 2024
- Breaking Bitlocker: Watch Microsoft's Windows disk encryption being bypassed in just 43 seconds - BetaNews - February 9th, 2024
- Microsoft BitLocker encryption hacked by a cheap off-the-shelf Raspberry Pi Pico - ReadWrite - February 9th, 2024
- Web3 Foundation Announces Grant Funding for Creation of On-Chain Randomness and Timelock Encryption ... - StartupHub.ai - February 9th, 2024
- BitLocker Gets Pi All Over It's Face As A Pico Cracks The Encryption Key - PC Perspective - February 9th, 2024
- The Dawn Of Quantum Computing In Finance: Revolutionizing Data Analysis And Encryption, According To Investor ... - Global Banking And Finance Review - February 9th, 2024
- Cryptographic storage is a secure way to store data using encryption and other security measures. - Medium - February 1st, 2024
- Senator proposes new encryption provision in bill against online child exploitation - The Record from Recorded Future News - February 1st, 2024
- Email Encryption Market is Expected to Reach US$ 20.7 Billion by 2032: IMARC Group - EIN News - February 1st, 2024
- EU: Open letter on security-cloaked threats to encryption - ARTICLE 19 - Article 19 - January 15th, 2024
- Mind Network: Revolutionizing Web3 Security and Privacy with Fully Homomorphic Encryption - BSC NEWS - January 15th, 2024
- What Is Encryption? Definition, How it Works, & Examples - eSecurityPlanet - January 7th, 2024
- What Is Encryption? - Definition, Types & More | Proofpoint US - January 7th, 2024
- Encryption, Its Algorithms And Its Future - GeeksforGeeks - January 7th, 2024
- End-to-end encryption: What it is, how it works, and why you need it - The Indian Express - January 7th, 2024
- What Is Encryption and Why It's Important for Cybersecurity - devmio - January 7th, 2024
- Quantum Quandary: Navigating the Path to Unbreakable Encryption - Security Boulevard - January 7th, 2024
- What is Encryption and how does it work? | OpenText - December 20th, 2023
- The police scanner is fading away due to the move to encryption communication - Kankakee Daily Journal - December 20th, 2023
- EAGLYS, Mitsui, and Quantinuum Partner on Hardened Encryption Keys Using Quantum Computing - Quantum Computing Report - December 20th, 2023
- Meta rolls out default end-to-end encryption for its 1 billion users. Here's what to know - The European Sting - December 20th, 2023
- Messenger finally gets end-to-end encryption by default - The Verge - December 11th, 2023
- Meta Announces End-to-End Encryption by Default in Messenger - EFF - December 11th, 2023
- Why It Took Meta 7 Years to Turn on End-to-End Encryption for All Chats - WIRED - December 11th, 2023
- Meta to expand encryption on Messenger making it similar to WhatsApp - CNBC - December 11th, 2023
- Default end-to-end encryption introduced in Messenger - SC Media - December 11th, 2023
- Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger - The Hacker News - December 11th, 2023
- Encryption: It's Not About Good and Bad Guys, It's About All of Us - Center for European Policy Analysis - December 11th, 2023
- Default end-to-end encryption is finally coming to Messenger and Facebook - Popular Science - December 11th, 2023
- Lack of Encryption the Primary Reason for Sensitive Data Loss - Business Wire - December 11th, 2023
- Facebook Messenger end-to-end encryption is finally here - BGR - December 11th, 2023
- Facebook Messenger Now Uses End-to-End Encryption by Default - How-To Geek - December 11th, 2023
- What does end-to-end encryption on Facebook and Messenger mean for users? - The National - December 11th, 2023
- Meta starts adding controversial encryption to Facebook and Messenger chats - The Independent - December 11th, 2023
- The Quantum Computing Threat to Encryption and Cybersecurity - Medium - December 11th, 2023
- Meta adds end-to-end encryption to Messenger and Facebook. Details here | Mint - Mint - December 11th, 2023
- AI and Quantum Computing Threaten Encryption and Data Security - Security Boulevard - December 11th, 2023
- End-to-end encryption in Facebook Messenger will now work by default - Mezha.Media - December 11th, 2023
- Equiniti Announces Partnership with Beyond Encryption to Strengthen its Secure Digital Communications - Global Banking And Finance Review - November 17th, 2023
- Bluefin, The Payments Fintech Focused On PCI-Validated Encryption And Tokenization Technologies, Partners - Crowdfund Insider - October 27th, 2023
- Cryptography | NIST - National Institute of Standards and Technology - October 16th, 2023
- What Is Encryption? - Internet Society - October 16th, 2023
- How to Encrypt Files, Folders and Drives on Windows | TechSpot - May 3rd, 2023
- What Is Encryption, and How Does It Work? - How-To Geek - May 3rd, 2023
- What Is Encryption? | Definition + How It Works | Norton - January 30th, 2023
- What is PGP Encryption and How Does It Work? - Varonis - January 30th, 2023
- What is Encryption and How Does it Work? - TechTarget - January 22nd, 2023