Wolfram Blog
Christopher Wolfram

New in the Wolfram Language: Cryptography

May 15, 2015 — Christopher Wolfram, Connectivity Group

Cryptography has existed for thousands of years, but before serious computers came around, only specific kinds of messages were worth encrypting. Now that computers routinely manage a huge amount of communication, there is little downside to invisibly applying cryptography to almost everything, from verifying where information comes from to exchanging information securely. Because of cryptography’s widespread use, we added the basic building blocks of modern cryptography to the Wolfram Language with functions using OpenSSL for key generation, symmetric encryption/decryption, and asymmetric encryption/decryption.

The notion of a key in cryptography is similar to the way we use keys in everyday life, in that only someone with a certain key can perform a certain action. One very simple way of arranging this is to have a single key that is used to encrypt as well as decrypt, much like the locking and unlocking of a door:

Making one key to encrypt and decrypt

This is called symmetric cryptography because both the party encrypting and the party decrypting share a single key. Symmetric cryptography is great for encrypting large amounts of information very securely and very efficiently, but there needs to be a preexisting relationship between both parties to be able to share a key in the first place. Asymmetric cryptography does not require a preexisting relationship—both parties have different keys, typically a public key and a private key. Something encrypted with the public key can only be decrypted with the private one:

Decrypting with a private key versus a public key

Asymmetric cryptography is usually used for exchanging small amounts of information, for instance, a symmetric key that can then be used for transferring a larger message.

These functions have been designed to be usable by those without a technical understanding of cryptography, but still retain enough flexibility to satisfy those who do. For example, to generate a secure symmetric key, you could simply run this:

Creating a secure symmetric key

But if you wanted to generate a more specific kind of key, you could do this:

Generating a specific secure symmetric key

This flexibility is carried over to encryption and decryption, as those functions can use any generated key:

Flexibility with encryption and decryption functions

In the Wolfram Language, encryption isn’t limited to text. You can actually encrypt any expression:

Encrypting an expression

One of the main motivations for adding cryptographic functionality to the Wolfram Language was the arrival of the Wolfram Cloud. The cloud is inherently communication based. Both in the internal workings of the cloud and in almost anything utilizing it, cryptography has the potential to play an important role in ensuring those communications are secure. Hopefully our combination of ease of use and power, as well as the broad user base of the Wolfram Language, will result in lots of interesting new protocols as well as a more secure cloud.

The (new) cryptographic functionality is supported in Version 10.1 of the Wolfram Language and Mathematica, and is rolling out soon in all other Wolfram products.

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. This product includes cryptographic software written by Eric Young.

Download this post as a Computable Document Format (CDF) file.

Posted in: Developer Insights
Leave a Comment

7 Comments


PFonseca

Great addition!

Does this also mean that we are one step closer of having DRM tools, for documents, code and package publishing and distribution, like an extension of the Encode[ ] capabilities?

Posted by PFonseca    May 15, 2015 at 11:09 am
    The Wolfram Team

    It could! With this addition we’re looking into adding more DRM-related features, although a complete DRM system is a pretty big undertaking.

    Posted by The Wolfram Team    May 28, 2015 at 2:35 pm
Vitaliy Kaurov

Great useful information, Christopher, thank you!

Posted by Vitaliy Kaurov    May 15, 2015 at 2:20 pm
Paul

Nice functionality, looks easy to use.

The encryption secures communication with the cloud but going further I understand there are ways of running computations in an encrypted way. So, not even the cloud will know what it is computing. Is this possible using the Wolfram Cloud?

Thanks,
Paul.

Posted by Paul    May 17, 2015 at 9:34 pm
    The Wolfram Team

    Thanks for your comment! This is something we’re looking into. The difficulty is running a program without ever decrypting it as a whole, or (as is the case with the Cloud) running a program without being given a key which can unlock source code.

    Posted by The Wolfram Team    May 21, 2015 at 12:47 pm
Barrie Stokes

When I run the code above, I get the error message “Decrypt::ivlen: Initialization vector is not of suitable length. >>” after the line “Decrypt[key, %]“. Key then turns out to be SymmetricKey[
Association[
"Cipher" -> "AES256", "BlockMode" -> "CBC",
"Key" -> {131, 128, 187, 225, 153, 112, 190, 9, 70, 184, 39, 97, 75,
31, 182, 175, 109, 255, 124, 48, 113, 241, 1, 131, 194, 82, 112,
11, 172, 19, 37, 198}, "InitializationVector" -> None]]
rather than
SymmetricKey[
Association[
"Cipher" -> "Blowfish", "BlockMode" -> "CFB",
"Key" -> {107, 130, 78, 245, 180, 193, 159, 102, 101, 74, 106, 143,
158, 87, 151, 19, 27, 85, 35, 94, 221, 20, 166, 251},
"InitializationVector" -> None]]
used in the line
“Encrypt[%, "One if by land, and two if by sea"]“.
Ifixed this with
“keyGAK = GenerateSymmetricKey[
Method -> "Blowfish", "KeySize" -> 192,
"BlockMode" -> "CFB"|>]”
and then
“Decrypt[keyGAK, %]“,
which works.

Lovely functionality!

Barrie

Posted by Barrie Stokes    May 26, 2015 at 6:46 pm
Michael Sollami

Great post Chris, keep them coming!

Posted by Michael Sollami    June 11, 2015 at 9:46 am


Leave a comment

Loading...

Or continue as a guest (your comment will be held for moderation):