Home Page | About Me | Home Entertainment | Home Entertainment Blog | Politics | Australian Libertarian Society Blog | Disclosures

Know It All: Encryption -- Safety through scrambling

Published in Geare magazine, Issue #25, 2004

It was once the province only of soldiers and spys and would-be Queens. Yet the ultimate nerds of all -- mathematicians -- have brought it into all our lives, even though half the time we don't notice. The evidence that it's there is normally just a padlock icon that appears at the bottom of your Web browser. But that is just the tip of an iceberg peeking through, ensuring your online security.

That geeky subject is encryption. And it is encryption that keeps your credit card details safe when you buy something from -- let us be kind here -- Amazon.com.

Encryption is the occult art of transforming information into a form that cannot be read by those other than for whom a message is intended. Ancient, actually, with one of the simpler forms named the Caeser Cypher after Julius, of Ides of March fame. But while 2,000 years brought mighty improvements to the art, it was not until 1977 that a form capable of being used for Web (then still 14 years away) security was invented. Less than thirty years ago those mathemeticians fundamentally changed the way that encryption was done and overcome a huge problem that had always beset it.

All encryption or coding consists of three steps. Some kind of process is applied to the information rendering it, in technical terms, gobbledegook. This unreadable mess is sent. The receiver applies a reverse process and turns it back into sensible information. Until 1974, though, the 'Key' to all this was the same for both ends of the process. This is called symmetrical processing. Whether it was the code that Mary Queen of Scots used to hide the plot to overthrow Queen Elizabeth, the breaking of which ultimately led to the departure of her head from her shoulders, or the famous Enigma coding machines used by the Germans during World War II, the same Key was required on both ends.

But that's no good for the Internet. If you want to encrypt information to keep it from prying eyes along its journey, you are assuming that it may be intercepted. So if you send the Key the same way, it also may be intercepted. That's a problem: how do you get the Key to the recipient?

It was here that our geeks came to the rescue. Through obscure techniques in pure number theory, particularly those related to prime numbers (remember, these are numbers which are divisible only by 1 and themselves), they came up with an asymmetric coding system. The trick is a system that uses two keys: one to encrypt, one to decrypt. The two keys are related and can, in theory, be derived from each other. But it's very hard to do. So hard that if you just make the numbers involved long enough then it'll take thousands of years for the fastest computers in the world to solve the problem.

Two keys. One's called the 'public key', the other the 'private key'. And the names mean what they say. A message encrypted with the public key can only be decrypted with the private key and vice versa.

So how does this allow secure communication between Web browsers, and your credit card number to remain invisible to potential electronic thieves? Let's follow it through: you point your browser at Amazon.com and choose an erudite book that you've simply been dying to read. You add it to your shopping basket and go the the checkout. This starts a ball rolling behind the electronic scenes. Amazon's computer sets up the security by creating two encryption keys. It keeps the private key to itself, telling nobody. It sends the public key to your computer.

Your computer gets the key and decides that things are indeed secure, so it puts that padlock icon on your browser's status bar. Now, when you type in your credit card number and press the 'Order' button on the page, your computer encrypts its with Amazon's public key and sends it. The only way it can be decrypted is with Amazon's private key.

In the meantime, your computer has generated its own public/private key pair. It tells Amazon its public key so Amazon can send information back securely to you, and only you can read it.

Who would have thought that something as arcane as number theory could prove to be so useful?

© 2002-2009, Stephen Dawson