Re: How reliable is Encryption?

Dear Colleen,

Your question is indeed a very good one and not one that is simple to answer. By reliability of encryption, I am assuming that you are asking about the security since nearly all cryptographic cyphers are based on mathematical algorithms and are therefore deterministic, and hence 100% reliable. However, the thing that they are not, is secure.

When we think about encryption we should think about the difference between not allowing intruders to read information and NEVER allowing intruders to read information. If I want to send a message to my friend about an event that is happening tomorrow then I can use a fairly simple encryption routine as long as I know the probability of cracking it in a short time is very small. However, if I am the British Ministry of Defence, then I usually want to keep my secrets secret for at least 50 years. Now that is a big problem.

Most cryptographic systems rely on mathematical problems which are very hard to solve. The most famous of these is probably the RSA encryption system which works with the prime factors of _very_ large numbers. Have a look at www.rsasecurity.com and specifically at this page where they describe the cryptographic system discovered by Rivest, Shamir and Adleman. I stress that this is a system which is very difficult, but not impossible to break. I have heard that a variant of this was broken by an undergraduate student on a workstation cluster in three days, but this may be an urban (nerd) myth.

Another popular cryptography system is that of the pretty good privacy (PGP) system and they have a good website with information about cryptography: www.pgpi.org. This was a cryptography system developed in the US and caused a lot of controversy when it spread to the rest of the world despite US law forbidding the export of strong cryptography systems. PGP is (probably) a very difficult system to crack since it is made up of four different cypher systems. See this page about breaking into PGP for more details.

The bottom line, however, is that none of these systems have been proved, mathematically, to be hard to break. No one has come up with a good way to break them yet, but that doesn't mean to say that, at some point in the future, they will not. This is why long-term encryption is such a problem. For this governments use thick concrete walls, big locks and guns. All of which have be shown to be very effective against intruders.

This is sort of the end of the story, but what about the future? Certainly for RSA security there is a possible risk. Physicists, mathematicians and computer scientists are currently working around the world to develop something called the quantum computer. This is a computer working with quantum particles rather than the standard transistors that computers use currently. The best known algorithm for a quantum computer is the so-called , "Shor's factorisation algorithm". This would be a threat to RSA. This is the reason why governments, especially the US government, have thrown a lot of money into this kind of research. So far, however, RSA is safe. No one has managed to factorise a number bigger than about 15 and to break RSA you would need to factorise a number with something like 38 digits.

However, the field of quantum information (which contains the study of quantum computers) has come up with a possible solution to the problem of cryptography using a system which has been proved mathematically to be secure (to within our current knowledge of the laws of Physics and with known technology). So-called quantum cryptography may be the solution to the problem of sending secret information, but it does require special equipment to transfer the data from one point to another. It has been demonstrated to work both in free-space (have a look at www.eqcspot.org) with satellite to earth communication in mind and in optical fibre where there is now a commercial product available from ID Quantique. More information about quantum cryptography can be found in the July 18th issue of Nature and Physics World from March 1988

At the end of the day, though, a security system is only as good as the integrity of the sender and receiver. If Alice is sending a message to Bob. How does she know that Bob will not pass on information to a third party. Photons, algorithms, encryption keys and satellites cannot be bribed or threatened. People can.

-- Phil.