Digital security

The new digital world is a territory of unsuspected economic opportunities and possibilities, as well as a threat to the private lives of individuals and the security of society. Combining both aspects creates a cyber security industry and a complementary need and opportunity for the development of all other digitalised activities.

Cryptography was born with the aim of ensuring confidential communication between two subjects, without third parties being able to know the content of the message. Even if they had access to it, they could mask it by means of secret keys known only to the two legitimate interlocutors.

Primitive forms of cryptography have been identified that are 25 centuries old, used in warfare to send messages that, even if the bearer was captured, could not be deciphered by the enemy. The basic encryption procedure consists of replacing the characters that make up a message with other codes that make it unintelligible without knowing the substitution key.

The old cryptography, also used in politics and commercial transactions since ancient times, could rely on pre-established encodings, or on unique artefacts, shared by both sender and receiver of the message and used to encrypt and decrypt it. Evolution has led to a modern cryptography that uses digital technologies and is fully underpinned by the mathematics.

In an interconnected world dominated by the internet, private communications via email and instant messaging applications, commercial transactions and citizens' communication with administrations are based on the confidence that the digital vehicle that carries them preserves the privacy of the message. Or that, if intercepted, as could happen in the case of the old messenger, the content will remain safe from prying eyes.

For this purpose, passwords are used for identification that we believe to be secure, although from time to time they prove not to be so, due to the ability of hackers to unravel them, to a lack of security in the custody of entities with which communication is maintained, or even to fraudulent sales.

Number theory has been proposing more secure methods of establishing security keys than individual improvisation for at least 40 years. In 1979, three professors from the MITRon Rivest, Adi Shamir and Leonard Adleman, created the RSA public key algorithm. The acronyms are the initials of their surnames.

The RSA algorithm is based on the decomposition of a number into its prime factors. Since then, cryptography has moved on to more sophisticated methods such as elliptic curves, before moving on to ElGamal's discrete logarithm system.

The security of the RSA mechanism, as in the examples of ancient cryptography cited above, is based on the fact that only the ends of the communication must have access to the prime numbers on which the message encryption is based. In fact, only the receiver of the message manages the two keys used in the operation, one private and one public. With the public key, shared with the sender, the message is encrypted for transport, which can then only be decrypted with the receiver's private key. Not even the sender can do this. The prime numbers used are chosen randomly and the keys tend to be extremely long. Difficult to handle.

The ElGamal system, published by Taher ElGamal in 1984, is based on the mathematical problem of calculating the discrete logarithm of a randomly chosen prime number from which the encryption key is generated.

Elliptic Curve Asymmetric Cryptography (ECC), proposed in 1985 by two mathematicians working separately (Neal Koblitz and Victor Miller), applies a similar mode of operation to RSA, with a public key for exchanging the message and a private key for decrypting it. But in this case, encryption is based on a mathematical procedure to define by means of an equation three points, which are coordinates in integers, of a curve defined on a finite body (the third point is the sum of the first two). The key is established by the discrete logarithm in elliptic curves of the third point. It is shorter than those produced by the previous methods, but also extremely difficult to disentangle.

Spain's role

The new digital world is a territory of unsuspected economic opportunities and possibilities, as well as a threat to the private lives of individuals and the security of society. Combining both aspects creates a cyber security industry and a complementary need and opportunity for the development of all other digitalised activities.

Security, based on knowledge and technology, is a continuously evolving element, for which quantum computing appears to be both a threat and a hope for the future.

The technologies present in security are based on mathematics, sometimes referred to as a 'public club good': a theorem, once proved, can be used by anyone. To do so, however, requires preparation.

Therein lies the opportunity: to develop technology in security and cryptography. There is scope for public investment and for private corporate and entrepreneurial initiatives. Spain, with young people well trained in mathematics, can achieve significant technological development in an activity that fundamentally requires grey matter.

Downloads:

Experts: