ASK AN EXPERT

You are here

Soumyadipta Majumder asked: What are the different modes of encryption?

  • Share
  • Tweet
  • Email
  • Whatsapp
  • Linkedin
  • Print
  • Arul R. replies: Encryption is a way of scrambling the data or message thereby securing the data from unintended recipients. Decryption is the way of retrieving the data that is encrypted.

    There are two basic modes of encryption:

    • Symmetric Encryption or Secret Key Encryption: In this method, the same key called the secret key is used to encrypt and decrypt the data or message. It is a very simple method of encryption but the challenge is to preserve the secret key from unintended recipients. If A wants to send a message to B, A encrypts the data using a secret key and shares the key with B to decrypt and read the message.
    • Asymmetric Encryption or Public Key Encryption: In this method, different keys are used to encrypt and decrypt the data or message. It is a complex but an efficient method of encryption. A public key known to all is used to encrypt the message and a private key only available with the recipient is used to decrypt the message. Public key is like finding a telephone number in a directory where each person has its own public key.

      If A wants to send a message to B, A encrypts the message with B’s public key which is available in public domain. The recipient of the message, that is B, uses his/her private key to decrypt the message. Similarly, B uses A’s public key to encrypt and send a message to A, who then decrypts using his/her private key. In this case A and B have different public and private keys.

    The recent end-to-end encryption implemented by WhatsApp for its users is a more complex version of asymmetric encryption where the private key varies for each message that is sent. Though the encryption happens without any need for intervention from the user, a lot of activity is undertaken to ensure messages are encrypted.

    WhatsApp uses three public keys, namely, Identity Key, Signed Pre Key and a bunch of One-Time Pre Keys. During the registration of the user, all these keys are generated by the app and sent to the WhatsApp server where they are stored in a directory. When A wants to communicate with B, the app requests the public keys of B from the server. A receives three public keys of B. Since there are a bunch of One-Time Pre Keys, a single One-Time Pre Key is allocated to A and then gets deleted from the server.

    In case C wants to communicate with A, then he/she will receive a different One-Time Pre Key. Using the three public keys of B, and A’s Identity Key, a Master Secret Key is generated. A Root Key and a bunch of Chain Keys are further generated using the Master Secret Key. A specific Message Key is also generated based on the Chain Key. The receiver B in this example decrypts the message using his/her private key and public key. The private key is generated at the user end and is not stored even on the server of WhatsApp. In a similar manner, B generates a Master Secret Key using A’s three public key and his/her Identity Key, Root Key, Chain Keys and the Message Key and uses it for encrypting data.

    Posted on April 12, 2016

    Top