Cryptography – from Greek kryptos (hidden) e graphia (writing) – is that set of techniques used to ensure that no one, other than the legitimate recipient, can understand the message that has been sent to him, thus guaranteeing the confidentiality and confidentiality of the data. When we talk about confidentiality we refer to the ability of two entities to exchange messages on the internet so that no one who intercepts the data is able to understand its meaning.
Every message that travels on the network is divided into encrypted packets, which are information units composed of a sequence of bits that indicate, among other information, who the sender is, who the recipient is (both in the form of IP addresses) and what the message is. So, if the traffic was not encrypted, an attacker could intercept one or more packets (attack known as “Man in the middle“) would be able to understand the entities that are communicating and what they are saying to each other. Different types of encryption, such as symmetric and asymmetric encryption, are used as a security and privacy protection tool, an example is the end-to-end encryption of WhatsApp messages.
What is meant by encryption
There encryption is the process of turning readable information into a illegible format (ciphertext) to protect them from unauthorized access. Simply put, it alters messages, changes their form so that they are illegible, meaningless, except for those who have the right key who can decipher the messages and therefore read them in their original form. The meaning of cryptography is also explained in its name, which comes from Greek kryptos (hidden) e graphia (writing).
This process works using a algorithm (the transformation rule) and one key (secret information) to transform readable data (plain text) into an unreadable format (encrypted text), and vice versa.
How encryption works: symmetric encryption
The need to encrypt the messages sent is anything but a modern necessity, in fact, Julius Caesar already used to encrypt military correspondence messages with the so-called “Caesar Cipher”, a monoalphabetic scrolling encryption algorithm. Thanks to this method, an enemy who intercepted a Roman messenger would not be able to understand the messages he carried.
The algorithm was simple, each letter was associated with the one 3 positions further down the alphabet and this constituted the encrypted message (this is why these algorithms are also called “scrolling” or “substitution”). The key of the algorithm will therefore be the vector that associates each letter with the corresponding one in the ciphertext.
The text “HELLO” will then become the encrypted string “FNDR” and an attacker who intercepts the message without the key vector will not be able to reconstruct the original message.
This method, although very simple, makes us understand what is the purpose of encrypting messages. It should be noted that the Caesar cipher is not a secure encryption algorithm, in fact it is not used in computer science as it presents major vulnerabilities due to the analysis of the ciphertext (for example, the letters, in any language, are not all equally probable within a sentence).
The example we have seen is based on a symmetric key, i.e. the sender who must encrypt the message and the recipient who must decipher it share the same key (i.e. the letter association vector). Algorithms of this type are therefore called symmetric encryption and require the parties to exchange the key in some way before being able to begin encrypting and deciphering the data.
How do our smartphones and PCs agree on a symmetric key to use with a server that is perhaps thousands of kilometers away? The difficulty, at this point, lies in understanding how the sender and recipient can generate the same key locally (operation of “Key Agreement“) to be used as symmetric without exchanging it in the clear in an unencrypted communication. In this case, in fact, an attacker who intercepted the packet containing the key could decipher the data we are sending!
They understood how to do it Difficult And Hellman who founded the cryptographic protocol of the same name based on the use of very large prime numbers. When we talk about “very large prime numbers” we are referring to numbers that have over 600 decimal places.
The difference between the types: asymmetric encryption
When we surf the internet on websites that implement data encryption, therefore, before starting to encrypt the data, we agree on a symmetric key with the server using asymmetric key algorithms in which each entity that participates in the communication has a pair of keys, one to encrypt the messages and one to decipher them.
The key to encrypt messages is called the public key and can be shared with anyone, vice versa, the private key is secret and is used to decipher messages. The server will then send us its key which will be calculated starting from the public one and will be the only one capable of deciphering the message. An example of an asymmetric key encryption protocol is RSA, still used for services such as digital signatures.
Whatsapp end to end encryption and other types
Cryptography therefore represents a security and privacy protection tool widely used in many fields. Let’s think, for example, of sending a WhatsApp message or a banking transaction or, again, purchasing on an e-commerce site and memorizing passwords.
We must all have read the message in a WhatsApp chat informing us that messages and phone calls from that chat are protected by end-to-end encryption; messages which, therefore, can only be read by the sender and recipient and not by other subjects or by WhatsApp itself.
The messages will therefore be encrypted before being actually sent over the network so that anyone who intercepts the message will not be able to understand its content and they will only be decrypted once they have reached the recipient’s phone thanks to a decryption key.
WhatsApp, like Telegram, offers its users the possibility of verifying that the chat is encrypted and secure by comparing a sequence of numbers, or emojis in the case of Telegram, on the devices of the subjects in communication: equal sequences confirm the security of the chat.
