Jurnal

Catatan kisah, perjalanan, riset, pdkt ke pasangan dll.

by omdik

Sumber: blog.emsisoft.com

Penulis: Sarah

Encryption methods: Symmetric v asymmetric

Encryption methods have become incredibly complex compared to the earliest substitution ciphers used by Julius Caesar, where the plaintext letters are simply replaced by shifting it back or forth a fixed amount of positions along the alphabet.

alt text

Since the structure of the plaintext is the same as the encrypted message, it’s easy to spot patterns using frequency analysis to identify how often and in which sequence the characters appear.

Symmetric encryption: Fast but vulnerable

Yet the above cipher is a simple example of how symmetric encryption works: both the sender and the receiver shift the letter the same fixed number of positions. This number of positions is what is referred to as the “key”. It is therefore imperative that the key is kept secret, which is why symmetric encryption is often referred to as “secret key encryption”.

alt text

There are two major types of symmetric encryption: Block ciphers and stream ciphers.

As the name implies, block ciphers operate by encrypting in byte-sized blocks using the same key. The message itself is split across multiple blocks depending on the length, and predictable data is appended to extend it to a full block in a process known in cryptography as padding. The most common block ciphers you’ll come across are AES and Blowfish, the former of which is often used in ransomware encryption (more on that further down in the article).

Stream ciphers, on the other hand, encrypt each digit of the plaintext at a time (usually in the form of a bit), with the help of a pseudo-random key stream. This means a different key from the stream is used for each of the bits. A mathematical operator “exclusive or” (XOR, for short) then combines the the two to create the ciphertext. Common stream ciphers in use today include RC4 and Salsa20.

What characterizes each of these symmetric encryption methods is that they have low computational requirements to function, and use only one key for both encryption and decryption of the message.

The latter raises an important question however: how do you secretly communicate the key without someone listening in on the exchange?

Asymmetric encryption: Secure but slow

Asymmetric encryption, also known as public key encryption, has the answer: it uses a pair of keys, consisting of a public and a private one.

The public key is intended to be distributed widely, while the private key is only in the possession of the key pair owner. Messages encrypted with the public key can only be decrypted using the private key, while messages encrypted with the private key can only be decrypted using the public key.

alt text

As a result, asymmetric encryption algorithms not only allow you to encrypt and decrypt messages, but also allow for authentication of that message, as only the private key owner can create a message decryptable by the public key.

At the base of most asymmetric cryptography systems is usually an algorithm that requires computationally heavy operations. The most common in use today are Diffie-Hellman-Merkle, RSA and Elliptic Curve Cryptography. While explaining each of these would be beyond the scope of this article, there’s a fairly in-depth article on ArsTechnica if you’re brave enough to dive into the maths behind them.

The bottom line is that asymmetric encryption allows for relatively secure encryption without the need of a shared secret key, yet the complex computational nature makes it unfeasible for large sets of data.

Given that both encryption types have their unique advantages and disadvantages, most implementations (including ransomware authors) will use a combination of both: symmetric encryption with a randomly generated key, usually referred to as the session key, to encrypt the actual message or files, then an asymmetric algorithm to encrypt the session key used.