Modern Cryptography

Until the late 20th century, strong cryptography was the preserve of government agencies and the
military. But thanks to the advent of fast modern computers, cryptography with a 'military' level of
security is now available to the masses.
Cryptography is so commonplace nowadays that many people are even unaware that they are using
it in their everyday business. If you have ever used a PIN to obtain cash from a bank's ATM, or a
secure webpage to order goods over the internet with a credit card number, you have used
cryptography.
In modern cryptography the plaintext is represented in a computer file, which is basically a
sequence of bits, each having the value 0 or 1. One often speaks of the plaintext as a 'message', but
in reality it may be any data that can be represented in a computer, such as an image or sound file.
A cipher is an algorithm for converting one sequence of bits into another of equal length, where the
result depends on a key. In a symmetric cipher, the most common type, the same key is used for
encryption and decryption. In other words, if a symmetric cipher is applied twice in succession, the
original message is recovered.
In general, the key for a cipher is simply a large number. Key lengths are conventionally measured
in bits, and most of the well known strong ciphers have key lengths between 128 and 256 bits
(powers of 2 being most common). A cipher is considered 'strong' if extensive analysis by the
world's best cryptographers reveals that it is resistant to all known cryptanalytic attacks. In
particular, there should be no known attack more efficient than 'brute force', i.e. testing all possible
keys to find the one that decrypts a given message.
When brute force is the best known cracking method, it is easy to estimate the strength of a cipher
by calculating the time needed to test all possible keys, using existing technology. Consider, for
example, a cipher that uses 128-bit keys. This allows a colossal number of possible keys. Suppose,
for example, that 10 billion computers are assigned to the task of cracking a particular encrypted
message, each capable of testing 10 billion keys per second. Then, if you have a little mathematical
ability, you can verify that it would take about 100 billion years to test all possible keys. That's
longer than the estimated age of the universe according to modern cosmology, which is about 15
billion years. This is typical of the strength of modern ciphers.
Public-key cryptography
Messages sent over the internet usually pass through several relaying hosts before reaching their
destination. Such messages are analogous to messages sent on a postcard through the postal system
- they can be read by anyone with access to any of the computers through which they pass.
Privacy can be ensured by using encryption. But symmetric ciphers are inadequate for secure
communication over the internet. If two people who cannot meet in person want to communicate
securely, how can they exchange a secret key? If they have a secure channel for doing this, they
may as well exchange the message itself!
Public-key cryptography offers a neat solution to this conundrum. In a public-key cryptosystem,
each user has a pair of keys: a public key and a secret key. On the basis of some rather clever
mathematics, these two keys are constructed in such a way that each reverses the action of the other,
but nevertheless there is no known feasible way for anyone to calculate one from a knowledge of
the other.
The public key can be publicised widely, in the same way that most people publicise their telephone
numbers. In fact, there are 'key servers' on the internet, so that anyone who knows the name and email address of a particular user can look up that user's public key. A message can be encrypted for
a particular user by encrypting it with that user's public key. Only that user can decrypt it, because
nobody else has access to the corresponding secret key.