Symmetry isn’t just the key to a beautiful painting or a pretty face – it’s also a key concept in cryptography. Cryptoloc chief executive Melissa Crossman explains how the mathematics of symmetry are used in cryptography.
When Cheryl Praeger, Emeritus Professor of Mathematics at the University of Western Australia, won the Australian Prime Minister’s Prize for Science in 2019 for her contributions to pure mathematics, it wasn’t just a great victory for women in STEM. It was also an important recognition of the role that symmetry has come to play in cryptography.
Professor Praeger specialises in the mathematics of symmetry, and developed algorithms that have since been built into computer systems and used by scientists and mathematicians around the world.
“I was very lucky that early in my career an immensely powerful mega-theorem was born, identifying all the mathematical atoms or building blocks of symmetry – the so-called finite simple groups,” Professor Praeger says.
“I was one of the first to exploit this watershed result to build new fundamental theory and new methods to study groups and symmetrical structures like networks and designs.”
One area where symmetry has been instrumental is in the development of cryptographic keys. Essentially, a cryptographic key is a long word that looks like random letters and numbers. It encrypts confidential data using a complex mathematical equation that is only solvable with the appropriate cryptographic key.
When the person encrypting and sending the data and the person receiving and decrypting the data have the exact same key, it’s called a symmetric key. Because both parties have access to the key, the process is referred to as symmetric key cryptography.
The most commonly used symmetric key algorithm is the Advanced Encryption Standard (AES), a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology in 2001.
Other popular symmetric key algorithms include Twofish, Serpent, Camellia, Salsa20, ChaCha20, Blowfish, CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer and IDEA.
Symmetric key cryptography is useful for exchanging private information between known parties – but it’s not without weaknesses.
The symmetric key must be transported between parties, and is at risk of interception in what is known as a middle-man attack. A third party can intercept a copy of the symmetric key when it is first shared, and can decrypt any of the confidential data it protects.
Asymmetric key encryption – also known as public key cryptography – was created to solve this vulnerability by creating a unique key for each user, while also offering the benefits of being able to identify individual users.
Both the sender and the receiver have their private key that they keep secret. A one-way mathematical equation is then used to create a public key for each user. The public keys by themselves cannot be used to decrypt the information and can, therefore, be easily shared without creating a vulnerability.
The sender of the information then encrypts the data using a combination of their private key and the intended recipients’ public key. From then on, only their private key can decrypt the data, ensuring security.
When different keys are used to encrypt and decrypt that same data, the keys are said to be asymmetric. Whenever you access a secure website – in other words, a site with a URL that starts with https – your browser communicates with that site using both a symmetric key and an asymmetric key.
Today’s secure data cloud storage and sharing systems, such as Cryptoloc, tend to use a combination of several types of encryption keys and mechanisms, including symmetric, asymmetric and private-public cryptography, in order to avoid falling prey to the security weaknesses of any one particular mechanism.
“Mathematics underpins every part of our digital technology,” Professor Praeger says.
“In particular, secure communication of our private data depends on novel protocols founded on the mathematics of symmetry, like those used by Cryptoloc.
“I am excited to think that my research in group theory may lead to future breakthroughs and innovations in cybersecurity and encryption solutions.”