©2003 IDC
#3577
9
nature of computer operating environments, DES slows down data flow considerably
when executed in software, and Triple DES slows down the system three times more.
Thus, in the late 1990s, the National Institute of Standards Technology (NIST),
formerly the National Bureau of Standards, put out a call for new algorithms, and a
competition ensued. The specification for the new standard, called Advanced
Encryption Standard (AES), required that it be easily implemented in software, that
the key length be bumped up from 56 to 128 or 256 bits, and that the block size be
increased to 128 bits. With these specifications, AES would be far too large for
anyone using any method to search the key space. After several years, the
competition was narrowed to a few finalists. IBM championed an algorithm called
MARS; cryptographers in Cambridge, England, put forth Serpent; and Schneier
produced a viable competitor, as did RSA Labs. All the finalists' algorithms were
considered more than secure enough, but one written by a couple of cryptographers
in Belgium, Joan Daemen and Vincent Rijmen, called Rijndael (a euphonious, if not
cryptographic, mixing of their names) was chosen partly because it was both fast,
even in software environments, and small.
P U B L I C K E Y — S T I L L B E T T E R
Despite the speed issue, symmetric key methods are relatively fast because they are
computationally less intensive than other more secure methods. Because they have
relatively less impact on the data rate, they are desirable for encrypting bulk data for
storage and transmission. However, the problem of the shared secret is left unsolved,
even with AES. And so, the best encryption techniques involve doing three things,
which are a combination of technology and procedures: wrapping the shared AES
secret in a much more robustly encrypted envelope, encoding the main message with
AES, and throwing the whole thing away after a single use. One-time usage makes
the value of decryption low to an interceptor, even as the cost is high. As a matter of
jargon, a one-time key is called "ephemeral."
The more robust method used to encode the AES keys is called asymmetric or public
key cryptography. The asymmetry refers to the fact that mathematically related but
different keys are used for encoding and decoding. When the private key is used to
encrypt a message, only the associated public key can be used to decrypt it. When
the public key is used to encrypt a message, only the associated private key can be
used to decrypt it.
The public key can be shared with anyone, but the private key
must be kept secret and should only be available to the owner of the key. Knowledge
of the public key does not disclose any information about the private key. The first
asymmetric encryption method to reach commercial usage was brought to market in
the late 1970s by three MIT professors, Ron Rivest, Adi Shamir, and Leonard
Adleman, whose initials just happened to combine to make the name RSA, which is
now the moniker for the de facto standard in public key encryption.
Here are two illustrations of how this type of encryption can be useful. Let's say that
sometime in the near future, you'll be able to vote over the Internet. If every voter has
a pair of private keys safely tucked away in his or her computer, and for every voter a
pair of public keys resides at the statehouse, the courthouse, and the White House,
then when an encrypted vote from you comes in, only the public key associated with
you and only you will be able to decrypt it. Thus, if a vote purports to come from you,
and the vote counter pops it open with your key, then that vote can be guaranteed to
have come from you — assuming your client node is inviolate, which underscores the
need to secure the network at the client end. Going the other way, if I want to send
you a secret note that only you can open, I can encrypt it with your public key, which I
can get because it is public, and only you can open the message. These examples
illustrate two important aspects of security: authentication and privacy.
Rijndael was
chosen partly
because it was both
fast, even in software
environments,
and small.
When the private key
is used to encrypt a
message, only the
associated public key
can be used to
decrypt it.