Modern Cryptography: Techniques, Algorithms & Unsolvable Problems. Part II

In Part I, Introduction to Cryptography. Why It Was Useful to Us Even 4000 Years, we discussed what cryptography is, why it is valuable, and how it evolved over time to the point of being the foundation of our modern world. We now look at what this field has achieved today and what potential challenges it may face in the coming decades.

Modern Cryptography Techniques

There are three main methods of cryptography. All of them are widely used today, and it is important to know about them.

1. Symmetric Encryption

An encryption is symmetric if it uses the same key to both encrypt and decrypt a message. On the plus side, you only need to take care of passing the key, so there is just one point of failure. Of the minuses — if the key is compromised, then all previous and subsequent messages will be easily read.

How it works in practice:

1. Let’s say you have a key according to which the messages are encoded: ourkey.
2. You encrypt messages and as a result get a set of bits in which it is impossible to understand anything.
3. You transmit these bits over an open communication channel.
4. If someone was able to intercept this message, he will need to calculate (or steal from you) the key. The length of our key is only 6 characters. But each character is 8 bits. Therefore, guessing the password will take (2^8) ^6 = 2^48 operations.

Modern desktop computer that has a CPU with a clock speed of 8 GHz is capable of doing around 8 billion operations per second. That means that it would take 35184 seconds to find our key through sheer brute force. Less than 10 hours! And truly powerful computers can do it in mere minutes. This is why each extra letter in the password is crucial. For example, if our key contained 8 letters, it would now take a regular PC 640 hours to break it. More than 26 days!

As we can see, the weak part of symmetric encryption is the key. Its loss becomes the end of everything. You also need to find a way to safely deliver it to the addressee (of course, when the addressee is yourself, you just need to remember it). But there are also advantages to symmetric encryption that keep it ubiquitous today: its speed, clarity, and simplicity. It is well suited to transport or store large amounts of data more securely. For example, it is popular in cloud computing or when encrypting audio and video streams.

 2. Asymmetric Encryption

Asymmetric encryption is a relatively new invention, it’s less than 50 years old. Two keys are used here, public and private. They are connected to each other in a special way, and the secret is known only to the person or organization that created those keys (they are always created in pairs).

In practice it works like this:

1. The recipient (that is, the party who wants to receive information) independently creates two keys — private and public. The private key remains with the creator, while the public key is sent to the sender.
2. The sender uses this public key to encrypt the message. It then sends this encrypted message to the destination.
3. Upon receiving the message, the addressee decrypts it using his private key.

The secret here is that the message can only be decoded with the private key. Even the sender himself will not be able to decrypt it. Although, of course, it will be much easier for him to find a solution, given that he has a clue — the message itself.

Because the private key is never shared, information can only be compromised if all three of these conditions are met:

• the public key is intercepted
• somehow the method by which it is associated with the private key is unraveled
• thieves are able to reverse engineer the private key.

In general, an asymmetric encryption is much more secure than a symmetrical one (which is broken just by intercepting the key). It was first developed by Berkeley scientists in 1976. Today, it is ubiquitous on the Internet — for example, in HTTPS. It is used by most Web2 organizations and all Web3 platforms. Cryptocurrencies are all built on this method: only the owner of the corresponding private key can access a Bitcoin or Ethereum wallet.

By the way, with asymmetric encryption, it is quite easy to establish a secure communication channel in both directions. Each of the interlocutors can create their own pair of public and private keys, and then send the public key to their friend. Easy!

3. Hash Functions

The third type of encryption, one in which the original data can no longer be restored. With the help of hash functions, for example, transaction numbers and addresses of crypto wallets are created. The peculiarity of these functions is that they can take a long array of data, break it into individual bits and bytes, and convert it into a string of any desired length.

This text string, although it will consist of regular letters and numbers, will usually be many times shorter than the original data array. But if you change at least one character in the original data, the hash string will also change.

No key is used in this data transformation. And it is impossible to restore the original data from the hash. But hashing is very useful because:

• hashed data is much shorter, so it’s easier to check and process;
• you can quickly check the authenticity of files and messages: if their hash code differs from the hash code of the original, it means that they have been changed;
• it is a convenient way to search for duplicates, confirm an electronic signature or generate a unique data string.

Competent organizations also store all your passwords in the form of hashes. It will be impossible to decrypt your password from the hash code, but by doing the same transformation every time user enters their data, they can compare the resulting hash with the original hash and understand whether you entered the same password or not. Actually, it is for this reason that Internet services cannot recover your passwords, instead each time offering you to come up with a new one. They don’t store and don’t know your exact password either.

Popular Cryptographic Algorithms

Encryption algorithms are mathematical methods that allow data to be transformed in such a way that it remains valuable to owners, but becomes useless to thieves. There are, without exaggeration, hundreds of thousands of data conversion methods, some of them — secrets of states or large organizations. Here we will describe only a few public algorithms without any patent and intellectual property rights.

Popular Standards for Symmetric Encryption Algorithms

• DES — Data Encryption Standard, one of the earliest known computer crypto algorithms. It was invented in 1975 at IBM. DES uses a key of length 56 bits, which should be transferred via secure channels. This length is too short by today’s standards and makes DES vulnerable against modern powerful machines.
• 3DES — developed in 1981, it uses three 56-bit keys, which makes it a lot more secure. However, over the years a few vulnerabilities were found, which is why from 2023 onward 3DES will be completely phased out. No new service or app will use it. If there is a need for synchronous encryption, AES will be used instead.
• AES — Advanced ES, first proposed in 1998. It has standards with 128, 192, or 256-bit keys. It’s still very popular and widely used — for example, by the U.S. government.

Popular Asymmetric Encryption Algorithms

• RSA — invented in 1977, this algorithm is still used for secure data transfer. The public key generated is based on two large prime numbers, but these numbers are kept a secret (they are the private key). The security of this algorithm is based on the mathematical fact that the product of two large prime numbers turns out to be incredibly difficult to factor.
• ECC — developed in 1985, Elliptic Curve Cryptography involves generating public and private keys based on the algebraic structure of elliptic curves. This encryption is quite fast, and the generated keys can be small, which reduces the required storage and data link requirements. ECC is very popular in crypto: it is already used in many projects including Bitcoin and should be the basis for Ethereum 2.0.

Popular Hash Functions

• MD5 is a 128-bit hash function, designed in 1991. Was widely used in Windows, Mac OS and server software to confirm the integrity of a downloaded or transferred file. In 2004, a vulnerability was found, and MD5 is now barely used. The MD6 standard was developed in 2010’s with keys of up to 512 bits, but it hasn’t caught on yet.
• SHA — Secure Hashing Algorithm, developed in 1990. Currently the SHA3 standard is used, released in 2015. It is considered to be very flexible and safe, but not very fast. In 2016, scientists found that SHA3 is protected even from attacks using quantum computers, since it will take billions of years to enumerate all the options (although SHA2 can be cracked quite quickly, in minutes). SHA3 is used in various blockchain networks, Ethereum being the prime example.
• Whirlpool — a 512-bit hash function, created in 2000. Is derived from the modified version of AES, and in fact one of its designers was a co-creator of AES. Can return a 512-bit (64 characters) code from any message that is less than 282 characters long. This limit is its only significant drawback. Otherwise it is believed to be very secure, despite its old age.

Problems With Cryptography

Cryptography as a science field is relatively new, but it already has some unsolved issues. To date, experts identify at least 4 of them. These include:

1. Limited working schemes with a public key. Each cryptographic scheme is based on a so-called “unsolvable” problem. Humanity knows not too many of those. Thus, the number of good potential cryptographic schemes is extremely limited.
2. Lack of prospects. Developing new algorithms is an extremely complex undertaking that today requires the cooperation of many scientists and takes years, if not decades. At the same time, the development of quantum computers is expected to happen in the near future. They will make most current algorithms unusable and potentially endanger the entire industry.
3. Increasing the size of keys and encrypted data blocks. The rapid pace of development of computer technology leads to an increase in the size of data blocks and their keys. The technology is becoming more and more expensive, and requires the allocation of more and more memory. Initially, 512 bits were enough to create the RSA cryptosystem, but now the recommended amount is at least 4096 bits. Even without the advent of quantum computers, things are slowly spiraling out of control.

The unreliability of the encryption foundation. Within the framework of the theory of computational complexity, the connection between different computationally complex problems and their analogues has been proven. This means that if a method of breaking one cryptosystem is found, many others are also at risk, since their background has the same or very similar basis.

Some problems of existing cryptography methods can be solved by the so-called quantum cryptography. It is a relatively new area of ​​research that uses the effects of quantum physics to create even more secure data transmission channels. Quantum cryptography uses a fundamental feature of quantum systems: the fundamental impossibility of accurately determining their state (after all, a cat can be both dead and alive at the same time, remember).

So far, a number of technical difficulties have arisen on the way to the practical implementation of quantum communication systems. But if quantum computers do become more available, perhaps we will have a new round of cryptography evolution, which will bring this science to an even more advanced level. Already, several firms are offering first commercial systems for quantum cryptography, and it could soon prove very relevant for securing critical communication channels or multi-billion dollar transactions.

—-Polkapad is a launchpad for crypto startups that helps connect founders and investors. We are your key to the hottest IDO projects. Join our community if you want to invest in crypto projects for awesome returns or if you want to successfully launch your own crypto product through a crowdsale.