Parties often wish to communicate privately. This privacy can be obtained through the use of various cryptographic methods. These cryptographic communication methods rely on exchanging the necessary information to perform encryption in a trusted manner.
A basic knowledge of the terms used in cryptology is useful. A class of puzzles is called a “cryptographic system” or “cryptosystem.” The process of making puzzles is called “encryption”, and the process of solving those puzzles to recover the contents is called “decryption.” The puzzle is called “ciphertext” and the contents of the puzzle is called “plaintext.” The members participating in a cryptosystem are identified by one or more cryptographic keys or keys. Cryptosystems describe the scheme by which a key is used to transform plaintext into ciphertext; further, cryptosystems describe the scheme by which a key is used to reverse the previous transformation in order to recover the plaintext. Cryptosystems can be grouped into two distinct classifications, symmetric cryptosystems and asymmetric cryptosystems. In symmetric cryptosystems, the key used to transform the plaintext into ciphertext and the key used to transform the ciphertext into plaintext are identical. In asymmetric cryptosystems, a public key is used to transform the plaintext into ciphertext, and a distinct, but related, private key is used to transform the ciphertext into plaintext. A brute force attack is a computational method that attempts to discover a cryptographic key through repeatedly making guesses in order to decrypt a message. Forward Secrecy is the concept that the ability to decrypt one message does not give one the ability to decrypt any other messages.
Returning to the discussion of the exchange of cryptographic keys, in modern cryptography, an asymmetric cryptosystem is often used to secure the key of a symmetric cryptosystem for transport. The most common example of this kind of encryption scheme is Transport Layer Security (TLS). When a sender desires to communicate securely with a recipient, the sender requests the public key of the recipient from an Authoritative Third Party (e.g., a Certificate Authority). The sender then uses this public key to perform a TLS handshake with the intended recipient. Within this handshake, a limited use symmetric key is exchanged.
This kind of exchange is performed for three reasons. First, it helps protect the asymmetric key pair from brute force attacks. Second, asymmetric encryption is often computationally slower than symmetric encryption. Third, these messages exhibit Forward Secrecy. For unsolicited communications networks, however, this kind of key exchange can have serious disadvantages, because it requires the public keys of all capable recipients to be listed in a public repository. This listing can be misused by a malicious user to generate unwanted, possibly dangerous, messages. As a result, the adoption of this kind of key exchange for some messaging systems has been, to date, limited.
Encrypted communications also suffer from the classic “chicken-and-egg” problem. All parties to a communication must agree on a method to perform encrypted communication before such communication can begin. This problem is compounded by the fact that, in many cases, users are incapable of completing the steps necessary to perform encrypted communications reliably. Additionally, users often misplace their keys or forget the passwords to access their keys, which causes the encrypted messages to be lost forever. Finally, users now often use multiple devices to read electronic messages, and they are frustrated when they cannot read encrypted communications at a place and time of their choosing because the chosen device either does not support the encryption method or the device does not contain the required keys.