Perfect Encryption I

Posted by Janey Hawkins (Lead Security Architect), 11 Jul 2011

Our current encryption algorithm of choice, AES, is extremely secure: to mount a brute force attack would take so much time that it is not even remotely possible. Even a billion supercomputers running for a billion times the age of the universe would not get anywhere near to cracking it. But mathematically speaking, a brute force attack is possible: there are a finite number of keys to try (2^256 in the case of AES 256-bit), and an algorithm which simply tried every one in turn would be certain to pick the correct one at some point.

So what if there were an encryption scheme for which we could prove any amount of crunching about would never get you any closer to the solution? In other words, one for which there is nothing you can do - literally nothing - if you lose the key. This would be a perfect encryption system.

The most interesting thing about perfect encryption is its existence. There really exists a scheme which is that secure. And it's really simple. AND it's mentioned in the James Bond books.

Imagine an encryption key which was exactly as long as the data. To pick a pretty simple mechanism for demonstration, let's say: give every letter a number: A=0, B=1, C=2, etc. Then letters can be added and if you get to 26, loop back round to 0.
So: B+A=B

Now we have a mechanism for taking plain-text data and encrypting it. Take a key which is as long as the data and just add it to the plain text.

Plain text: AARDVARK
Encrypted: CIAWCULR

Now the clever bit. Given that the key is totally random, there is no way to determine it from the encrypted text. By 'no way', I mean there is literally no way at all: there is no processing that you can do to find either the key or the plain text given the cypher text.

Put it another way: say you have the the encrypted text CIAWCULR. The key could be VEXQYNXL, giving the plain-text HEDGEHOG; or KINTGMJK, giving the plain-text SANDWICH. In fact it could be literally any 8 letter combination, and there is no way of figuring out which one.

This forms the basis of what is known as a one-time pad. A one-time pad is essentially just a long list of random digits shared between two parties. For one party to send a message to the other, they encrypt the message using some of the random digits, which are then discarded. The receiver uses his copy of the random pad to decrypt the data.

So why don't we use this principle of genuinely unbreakable encryption to secure all our data? Answer next time.


Post a Comment