The Birth of Asymmetric Encryption

Click the blue text

The Birth of Asymmetric Encryption

Tree Brother: Cryptography can be simply divided into classical cryptography and modern cryptography. We have already introduced substitution ciphers and the Enigma machine in classical cryptography, and now we will begin to discuss symmetric and asymmetric encryption methods in modern cryptography.

I’m sure you are familiar with asymmetric encryption, as I mentioned the DES symmetric encryption method and RSA asymmetric encryption in the story of “The Cryptography Wars.” Now let’s explore these two encryption methods from a technical perspective, as these cryptographic techniques will be widely used in blockchain. However, we first need to understand an important concept—key.

What is a Key

Ren Xiaoxiao: I used to think that passwords and keys were the same thing. But after listening to the previous story, I learned that they are not the same: an encryption method has multiple encryption schemes. If there are 10 schemes, then the key “528” is used to encrypt information by alternating between the 5th, 2nd, and 8th schemes.

At this time, the receiving party also uses the key “528” (5th, 2nd, and 8th schemes) to decrypt the information. The longer the key, the more secure it is; however, a longer key means longer encryption time, so an appropriate length was used in the Enigma machine. But I still don’t quite understand the significance of a key.

Tree Brother: The biggest advantage of having a key is that the algorithm can be public. What does this mean? For example, Queen Mary I used a triangle to substitute for the letter A and a circle for the letter B. The core of this story is actually this encryption scheme; if this scheme is leaked, then the information is also leaked.

This is the hidden danger of having no key. When there is a key, if this encryption method has 10 encryption schemes, these 10 schemes can be public. Since no one knows what the key is, they cannot decrypt the encrypted information. The information receiver knows the key used, so it is easy to decrypt the information.

Ren Xiaoxiao: I finally understand. The development of cryptography has reached a point where even the encryption methods do not need to be kept secret, as long as both the sender and the receiver protect the shared key.

Tree Brother: The trend of cryptography development is that the information that needs to be hidden is becoming less and less, while the information that can be public is becoming more and more. For example, in hidden encryption methods, we need to hide the entire encryption scheme, writing an acrostic poem. When others know that the encryption scheme is “acrostic,” the information is cracked.

In the era of symmetric encryption, all encryption schemes are public, and the only thing that needs to be kept secret is the key. In the era of asymmetric encryption, not only can the encryption scheme be public, but the public key part of the key can also be public; only the private key needs to be kept secret.

The Birth of RSA Asymmetric Encryption

Ren Xiaoxiao: The DES data encryption standard you introduced in “The Cryptography Wars” is a symmetric encryption standard; it is also a public encryption scheme that retains its own key. However, this scheme was greatly questioned after it was proposed because people suspected that there were security vulnerabilities in it, which led to the emergence of the RSA asymmetric encryption method.

Tree Brother: Traditional encryption has only one key, while asymmetric encryption has two keys: one is the public key and the other is the private key. The public key is public, used by others to encrypt, while the private key is kept by oneself.

Ren Xiaoxiao: This is just like your initial summary. RSA is an asymmetric encryption technology that divides the key into two parts, keeping only the private key. As cryptography advances, the things that need to be kept secret are becoming less. In symmetric encryption, the keys for encryption and decryption are the same and must be kept safe; while in asymmetric encryption, the public key for encryption can be made public, while the private key is kept by oneself.

Suddenly, I thought of two cases to compare these two encryption schemes. The first is symmetric encryption: I send an encrypted document to a friend and then tell her the key over the phone; we use the same key. The second is asymmetric encryption: When friends send me money, I can withdraw it using my ID card. My account is the public key, and my ID card is the private key.

Tree Brother: This understanding is also fine. The birth process of RSA asymmetric encryption is as shown in the figure below.

Characteristics of Asymmetric Encryption

Tree Brother: As encryption technology develops, more information can be made public. Asymmetric encryption has very important characteristics: the public key and private key are inherently a pair; after the public key encrypts, the private key can decrypt; after the private key encrypts, the public key can decrypt. The private key and public key can be generated together by software, and their mutual decryption is guaranteed by mathematical operations.

Ren Xiaoxiao: I don’t quite understand this sentence. Can it be understood that they are like colorants with the same DNA, and if they detect the same DNA, they can fade away their color?

If we consider the encryption process as a coloring process, using the public key to encrypt information is like coloring the information, making its content invisible; while decrypting with the private key is like the dye detecting the same DNA and disappearing automatically, revealing the information. Of course, encrypting with the private key is also coloring the information, while decrypting with the public key can make the dye disappear.

In summary, there are two points: information encrypted with the public key can be decrypted with the private key; information encrypted with the private key can be decrypted with the public key.

Tree Brother: “Public key encrypts, private key decrypts; private key encrypts, public key decrypts” may seem simple, but it has wide applications in the real world.

First Application: Public Key Encrypts, Private Key Decrypts.

This is a relatively common application. When a person needs to receive a lot of information, they only need to send the key responsible for encryption to those who send messages, while keeping the key responsible for decryption to themselves, thus eliminating concerns about the security of information transmission. The key shared with others is called the “public key,” while the key kept is called the “private key.”

Partners keep each other’s public keys and retain their private keys, so there is no need for each file to have a different key. Additionally, since the private key is kept in their own hands, its security is greatly enhanced.

Now, suppose there are three users A, B, and C in a network, if everyone makes their public keys public while keeping their private keys, then any two people can send messages directly to each other by encrypting with the other’s public key, and the other can decrypt with their private key.

However, a new problem may arise: A might impersonate B and send a message to C. For example, in a business environment, if B and C are negotiating a deal and A wants to prevent B and C from reaching an agreement, A might impersonate B and send C an encrypted message stating: B decides to terminate cooperation with C. Since the message is encrypted with public key C, C can decrypt it with their private key, and thus may believe it to be true.

How should this problem be solved? This is where the second function of asymmetric encryption comes into play.

Second Application: Private Key Encrypts, Public Key Decrypts.

At this point, it is necessary to encrypt with the private key and decrypt with the public key. Since the public key information is publicly available, it means that when A encrypts with the private key, everyone on the network can decrypt it with A’s public key to verify whether the message is from A; this process is called “signing.”

Applying this signing mechanism to the public key encrypts, private key decrypts mechanism, the signature acts like an envelope, ensuring the sender is correct, while the content of the letter ensures the recipient is correct. This perfectly solves the problem of impersonating someone else to send information.

For example, normally, if B wants to send a message to C, they first need to sign it with their private key, creating an envelope, and then encrypt it with C’s public key. When C receives the message, they first decrypt it with B’s public key to confirm it is from B, and then decrypt the message with their private key. If A tries to impersonate B to send a message, they will find that without B’s private key, they cannot sign it. So they will sign it with their own private key and then encrypt the message with C’s public key. When C receives the message, they will first decrypt it with B’s public key, find it incorrect, and thus realize the sender is fake and will not trust the content of the message.

Ren Xiaoxiao: In what situations do these two applications generally occur?

Tree Brother: The PGP software developed by Phil Zimmermann adopts the first method, which is public key encrypts, private key decrypts. The blockchain signature uses the second method, which is private key encrypts, public key decrypts.

PGP Software: Public Key Encrypts, Private Key Decrypts

Tree Brother: Asymmetric encryption is much less efficient than symmetric encryption. The recommended key length for RSA asymmetric encryption algorithm is 1024 bits, and such a long key leads to a very large computational load; therefore, its encryption efficiency is only one-thousandth of that of symmetric encryption algorithms of the same level. If the original text is longer, the computation time can be imagined, which is why asymmetric encryption algorithms are not used when the information volume is large.

For example, if it takes half a minute to encrypt a piece of text, you can accept it, but if it takes half an hour, you cannot. Asymmetric encryption is inefficient; the longer the information, the slower the encryption speed.

However, symmetric encryption cannot be used directly either, because the DES data encryption standard itself has been questioned by the cypherpunks and is not very secure. Additionally, symmetric encryption also involves key transmission and storage issues, which are also insecure. For example, if the same key is used for both encryption and decryption, if the key stored on the computer is compromised, or if the key is intercepted during transmission, the security of all original information cannot be guaranteed.

Phil Zimmermann’s PGP software combines symmetric encryption and asymmetric encryption. Symmetric encryption is very efficient, so it is used to encrypt large amounts of text information. Since the key transmission of symmetric encryption is not secure, asymmetric encryption is used to encrypt the symmetric key.

Since the key length is generally limited, it is effortless for asymmetric encryption. During decryption, the process is reversed: first, the receiver’s private key is used to decrypt the symmetric key, and then the key is used to decrypt the text information. This easily solves the problem.

Ren Xiaoxiao: This process is still quite complex. When we send information, we need to encrypt it twice: the first time using symmetric encryption to process the information, and the second time using asymmetric encryption to process the symmetric key.

When the other party receives the information, they also need to decrypt it twice: first using asymmetric encryption to decrypt the symmetric key, and then using this key to decrypt the information.

Can I understand it this way? Suppose I want to send you a book; the book is the information I give you, and I put this book in a locked box. This process is symmetric encryption, and of course, this box can be mailed directly to you.

But there is another question: what about the key to this box? If I mail it to you directly, it might get lost. So I found another box with a fingerprint lock that can only be opened with your fingerprint. I put the key in this fingerprint-locked box and also mailed it to you. When you receive these two boxes, you first need to use your fingerprint to open the fingerprint-locked box, take out the key, and then use this key to open the box containing the book. Is that the process?

Tree Brother: This analogy is very vivid. Simply put, it means using asymmetric encryption to encrypt the symmetric encryption key itself. Based on this encryption method, some people refer to this technology as a “digital envelope,” which means using asymmetric encryption to encrypt the envelope and using symmetric encryption to encrypt the content. Next, I will introduce the method of using private key encryption and public key decryption—private key signing.

Blockchain Transfer Signature:

Private Key Encrypts, Public Key Decrypts

Tree Brother: The method of private key encryption and public key decryption is called the signing application, which is widely used in banks and the blockchain industry. The bank account is similar to the public key, while the USB shield in your hand contains the private key. Whenever you initiate a transfer with the USB shield, the software inside the shield will use your private key to encrypt some fixed text.

When the bank can use your account to decrypt the content of the fixed text, it indicates that the private key you hold is paired with the account, thus allowing you to transfer funds.

In the previous use of symmetric encryption, everyone’s keys were stored on the bank’s server; if hackers invaded, they could steal everyone’s keys. Additionally, if a bank employee secretly viewed a customer’s key, it would also be very dangerous. Therefore, after adopting asymmetric encryption, the security of bank information is greatly enhanced.

The blockchain address is the public key, and the electronic wallet manages the private key. When we initiate a transfer, the electronic wallet software will use our private key to encrypt a piece of text that everyone knows (called plaintext, for example, “Hello”). This encryption process is called “signing.” When other computers receive our transfer request, they will use the transfer address (public key) to decrypt the signed information. If they can decrypt the original plaintext, they will consider this address (public key) and this private key to be a pair, thus allowing the other party to transfer blockchain assets from this address.

This is a very clever method; without revealing the private key, as long as it is proven that the private key and public key are a pair, the account ownership can be confirmed. The verification process is also very simple: just use the private key to encrypt the plaintext and the public key to decrypt it. If the plaintext can be decrypted, it proves that the public key and private key are a pair; if it cannot be decrypted, then they are not.

It should be noted that the address is not completely equal to the public key; in fact, blockchain assets are stored on these addresses, and only through the verification method of signing with the private key and decrypting with the public key can the blockchain assets be truly verified.

The first blockchain project was Bitcoin, which was created by cypherpunks. Before Bitcoin, there were dozens of unsuccessful blockchain projects that were also related to cypherpunks. The underlying technology of blockchain is cryptography, so it is essential to first introduce cryptography. Do you remember when the cypherpunks established their goals? When did Bitcoin appear?

Ren Xiaoxiao: The “Cypherpunk Manifesto” was published in 1993, and Bitcoin went online on January 4, 2009, which is a gap of 16 years! The cypherpunks have more than 1,400 members; they couldn’t have been idle during those years, right?

Tree Brother: This is like starting a business. When you find that a good thing has not appeared, there are generally two reasons: the conditions are not yet in place; or you have discovered a false demand.

In the case of cypherpunks, it is primarily the first reason. Why do I say this? Because from 1993 to 2008, there were dozens of anonymous cryptocurrencies that emerged, but none were successful. This means that there was a demand for anonymous cryptocurrency systems, but they failed due to certain conditions.

Ren Xiaoxiao: Dozens of anonymous cryptocurrencies failed? What conditions are needed for the success of an anonymous cryptocurrency system?

Tree Brother: If you want to enter a locked door, the most important thing is to find all the locks on that door; only by finding all the locks can you talk about the key. What problems need to be solved for a successful anonymous cryptocurrency? From the current state, it may involve anonymity systems, the “double spending” problem, peer-to-peer networks, ledger synchronization problems, and the Byzantine general problem. However, determining which are the real locks and which are not critical factors is also very difficult. Moreover, this is only based on the experience derived from Bitcoin, representing only one successful path and not ruling out the possibility of other paths.

Ren Xiaoxiao: Can you tell me about those anonymous cryptocurrencies that once appeared in a storytelling manner?

Author Profile

Tian Jun

Has many years of research experience in computer networking and communication technology, has served as an executive in a publicly listed internet company and as a technical leader in overseas companies.In the blockchain industry, he is known as “Tree Brother,” and has opened courses on “Tree Brother Interprets Ethereum” on the New Life University platform, and “Blockchain from Novice to Proficient” on Qianliao, with a deep understanding of the development and technology of the blockchain industry, and is adept at explaining blockchain technology knowledge in an easy-to-understand manner.

Click “Read the Original” to get the link to purchase the book

If you like this article, please give it a “Like“~~~

Read the original text

Related posts

Leave a Comment Cancel reply