Secure Message Delivery: Symmetric & Asymmetric Encryption, Hashes, Signatures

Using the myth of Chang'e and Houyi as a backdrop, this article introduces basic information security concepts and poses three key questions: how to ensure only the intended recipient can decrypt a message, how to guarantee message integrity, and how to verify the sender's identity.

Symmetric Encryption

Common symmetric algorithms include:

DES: substitution + shift, 56‑bit key, 64‑bit block, fast but weak key generation.

<code>3DES (Triple DES): two 64‑bit keys K1, K2
Encryption: K1 encrypt → K2 decrypt → K1 encrypt
Decryption: K1 decrypt → K2 encrypt → K1 decrypt</code>

RC‑5: used by many RSA Data Security products.

IDEA: 128‑bit key, 64‑bit block, stronger than DES, low computational requirements, used in PGP.

AES (Rijndael): the standard block cipher adopted by governments worldwide.

Drawbacks:

Relatively low encryption strength, though very efficient.

Key distribution is difficult.

Feature: the same key is used for both encryption and decryption.

Asymmetric Encryption

Common public‑key algorithms include:

RSA: 2048‑bit (or 1024‑bit) keys, high computational cost, hard to break.

ElGamal: security relies on the difficulty of discrete logarithms in a finite field.

ECC: elliptic curve cryptography.

Drawback: slower encryption speed.

Features:

Public key can be shared openly; private key must remain secret.

Public‑key encryption with private‑key decryption, and vice‑versa.

Message Digest

Message digests are one‑way hash functions that produce a fixed‑length output.

Common hash algorithms include MD5 (128‑bit) and SHA (160‑bit or longer). SHA’s longer output makes it more secure than MD5. For example, when downloading a file, its MD5 hash can be compared with the official hash to verify integrity.

Digital Signature

A digital signature is a piece of data generated by the sender that cannot be forged and serves as proof of authenticity.

Using the Chang'e‑Houyi example, the process is:

Chang'e encrypts the message "9.20 we go to the movies" and sends the ciphertext.

She creates a message digest of the original text.

She encrypts the digest with her private key to produce the digital signature and sends it.

Houyi decrypts the ciphertext, recomputes the digest, decrypts the signature with Chang'e’s public key, and compares the two digests. If they match, the message is verified as authentic and unaltered.

This demonstrates how encryption, hashing, and digital signatures work together to achieve secure transmission.

Comprehensive Practice

Design a secure email system that encrypts messages, supports attachments up to 2 GB, provides non‑repudiation for the sender, and prevents third‑party interception or tampering.