You know that the little green padlock in our browser is a good thing and that encrypted messaging helps to keep your information safe, but how much do you truly understand about what encryption is, and how it works?
What does it mean to ‘encrypt’ information?
In the simplest terms, encryption is the process of taking a piece of information - often a message or communication of some kind - and encoding it in such a way that only authorised parties can understand it.
Encryption doesn’t protect information, e.g. emails passing over the internet, from being intercepted, but it does mean that an unauthorised person will not be able to read or understand the information even if they have it in front of them.
The most basic form of encryption is something that most of us will have played around with as children. Swapping letters for numbers using a straightforward alphabet chart is a form of encryption. (And not, as most people call it, a code, which in cryptology is a term with a specific, different, meaning.)
Although easy to use, this form of encryption has one major drawback: both sender and recipient have to possess the same ‘key’ to be able to decrypt (and so read) the information.
If we imagine the situation where I want to securely communicate with someone on the other side of the world, symmetric encryption would mean that I would need to send my recipient not only the encrypted message but also the key to decrypt it. Of course, if anyone intercepts both of those items while they are in transit, my message is no longer secure.
Asymmetric, or public key, encryption
In 1970, a British researcher - James Ellis - conceived the idea of public key encryption, where the sender of a message uses one ‘key’ to encrypt a piece of information which can only then be decrypted by the recipient using a different, but matching, key.
Ellis’ colleagues Clifford Cocks and Malcolm Williamson went on to refine the concept, but as the three worked at the top-secret Government Communications Headquarters (GCHQ), their research was classified, and it was not until some years later that the idea of Public Key Encryption was made widely available.
A one-way lock
The essential concept can be illustrated quite simply. Imagine that you have a friend in another country, and that friend wants to send you a secure message which no other person can read while it is in transit. You could send them a sturdy metal box and a padlock with which they can seal their message inside.
Assuming that you retain the only key, once your friend closes the box and locks the padlock they can send the message to you - inside the box - confident that it cannot be opened, and the information read, until it is in your possession.
Primes and semi-primes
Fortunately, encryption in practice doesn’t involve sending thousands of boxes and padlocks through the post! The reality of modern encryption (like the encryption which secures your connection with this website) is a myriad of ‘one-way’ mathematical functions.
One-way functions are maths problems which are easy to solve in one direction, but (almost) impossible to answer in the other. The most well-known example of this concept involves prime and semi-prime numbers.
A prime number, as you will likely remember from school, is a number which is divisible only by 1 and itself. The lesser-known semi-primes are numbers which are divisible only by 1, themselves, and a pair of prime numbers which can be multiplied to reach them. Any pair of prime numbers multiplied together will create a semi-prime (e.g. 3 x 5 = 15, prime x prime = semi-prime) and that piece of maths is quick and straightforward to do. However, give someone a semi-prime and ask them to work out which two prime numbers were multiplied to make it, and you’ll soon find that the only possible solution is trial and error.
This system is the basis of modern encryption. The sender uses a ‘public key’, essentially consisting of the semi-prime number, to secure the information they would like to send. As long as this is a large enough semi-prime number (the best are in the trillions) to make guessing the ‘secret key’ (the pair of primes) which went into making it impractical, then only the recipient who holds the private key can decrypt and read the message.
This surprisingly simple concept isn’t understood by many outside the worlds of mathematics and information security. However, it is vital to our modern world, securing bank transactions, health records, and everything in between.
It is this lack of understanding which, in many ways, has led to the calls from some quarters to ‘compromise’ encryption in some way to prevent its use by bad actors. Maths, though, is maths, and now that the cat is out of the bag there is no way to put it back in, and stop you, and anyone else who wants to, benefitting from the security that encryption brings.