Encryption Methods

H446 · 1.3 Exchanging Data · A-Level Computer Science

Component 01

Caesar Cipher (Substitution Cipher)

Each letter is shifted by a fixed key value. With key=3: A→D, B→E, C→F, etc. Only 25 possible keys — trivial to brute-force. Educational/historical only.

Try It

Key (shift): 3

Ciphertext:

—

Why It's Insecure

Only 25 possible keys — an attacker can try all of them in seconds
Preserves letter frequency patterns — frequency analysis easily cracks it
e.g. 'E' is the most common letter in English; if 'H' is most common in ciphertext, key is probably 3

Vernam Cipher (One-Time Pad)

XOR each bit of the plaintext with the corresponding bit of a truly random key. If conditions are met, it is mathematically proven unbreakable.

Conditions for Perfect Security

Key must be as long as the plaintext
Key must be truly random (not pseudo-random)
Key must be used only once (hence "one-time")
Key must be kept completely secret

Why unbreakable: every possible plaintext is equally likely — even unlimited computation cannot determine the original message.

Practical Limitation

The key distribution problem: how do two parties securely share a key as long as their entire communication, before communicating?

If the same key is reused, XOR-ing two ciphertexts reveals information about both plaintexts. Used in practice by spies (cipher pads) and some military systems.

XOR Example

Plaintext:   A = 01000001
Key:             01101100
                 ─────────
Ciphertext:      00101101  (XOR)

Decryption:  00101101
Key (same):  01101100
             ─────────
Plaintext:   01000001 = A  ✓

Public Key Cryptography (Asymmetric)

Each party has a key pair: a public key (shared freely) and a private key (never shared). Data encrypted with the public key can only be decrypted with the corresponding private key.

Symmetric (same key)

Same key encrypts and decrypts. Fast. Problem: how to share the key securely?

✓ Fast for bulk data encryption

✗ Key distribution problem

Asymmetric (key pair)

Public key encrypts, private key decrypts. Solves key distribution. Slower.

✓ Solves key distribution

✗ Much slower than symmetric

HTTPS / TLS Hybrid Approach

Server sends its public key (in a certificate signed by a Certificate Authority).

Browser verifies the certificate. Generates a random symmetric session key.

Browser encrypts the session key with the server's public key and sends it.

Server decrypts with its private key — both now share the same symmetric session key.

All further communication uses fast symmetric encryption with the session key.

Hashing & Password Storage

A hash function maps data to a fixed-length output. It is a one-way function — you cannot reverse a hash to get the original. Same input always produces same output.

"password" → 5f4dcc3b5aa...

"Password" → 8cbf2b2e6d8...

"password1" → 7c6a180b36c...

Algorithms: MD5 (broken — do not use), SHA-256 (current standard), bcrypt (password-specific)

Rainbow Table Attack

Precomputed table of password→hash pairs. Attacker hashes all common passwords in advance. If database is breached, look up hashes to find plaintext passwords.

Salting (Defence)

Add a random value (salt) to each password before hashing. Hash("password" + "xK9p!3") is unique per user. Invalidates precomputed rainbow tables.

Brute Force Caesar Cipher

Enter ciphertext and see all 25 possible decryptions — showing why Caesar is trivially breakable.

Public Key Exchange Simulator

Step through Alice sending an encrypted message to Bob using asymmetric cryptography.

Past Paper Questions

OCR H446 Style

1. Explain why the Vernam cipher is considered to be theoretically unbreakable, and identify one practical limitation of using it. [4 marks]

2. Describe how public key cryptography is used to establish a secure HTTPS connection between a browser and a web server. [5 marks]

3. Explain why passwords are typically stored as hashed values rather than in plaintext, and describe one attack against hashed passwords and how to mitigate it. [5 marks]