# New in the Wolfram Language: Cryptography

Cryptography has existed for thousands of years, but before serious computers came around, only specific kinds of messages were worth encrypting. Now that computers routinely manage a huge amount of communication, there is little downside to invisibly applying cryptography to almost everything, from verifying where information comes from to exchanging information securely. Because of cryptography’s widespread use, we added the basic building blocks of modern cryptography to the Wolfram Language with functions using OpenSSL for key generation, symmetric encryption/decryption, and asymmetric encryption/decryption.

The notion of a key in cryptography is similar to the way we use keys in everyday life, in that only someone with a certain key can perform a certain action. One very simple way of arranging this is to have a single key that is used to encrypt as well as decrypt, much like the locking and unlocking of a door:

This is called symmetric cryptography because both the party encrypting and the party decrypting share a single key. Symmetric cryptography is great for encrypting large amounts of information very securely and very efficiently, but there needs to be a preexisting relationship between both parties to be able to share a key in the first place. Asymmetric cryptography does not require a preexisting relationship—both parties have different keys, typically a public key and a private key. Something encrypted with the public key can only be decrypted with the private one:

Asymmetric cryptography is usually used for exchanging small amounts of information, for instance, a symmetric key that can then be used for transferring a larger message.

These functions have been designed to be usable by those without a technical understanding of cryptography, but still retain enough flexibility to satisfy those who do. For example, to generate a secure symmetric key, you could simply run this:

But if you wanted to generate a more specific kind of key, you could do this:

This flexibility is carried over to encryption and decryption, as those functions can use any generated key:

In the Wolfram Language, encryption isn’t limited to text. You can actually encrypt any expression:

One of the main motivations for adding cryptographic functionality to the Wolfram Language was the arrival of the Wolfram Cloud. The cloud is inherently communication based. Both in the internal workings of the cloud and in almost anything utilizing it, cryptography has the potential to play an important role in ensuring those communications are secure. Hopefully our combination of ease of use and power, as well as the broad user base of the Wolfram Language, will result in lots of interesting new protocols as well as a more secure cloud.

The (new) cryptographic functionality is supported in Version 10.1 of the Wolfram Language and *Mathematica*, and is rolling out soon in all other Wolfram products.

*This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. This product includes cryptographic software written by Eric Young.*

Download this post as a Computable Document Format (CDF) file.

Great addition!

Does this also mean that we are one step closer of having DRM tools, for documents, code and package publishing and distribution, like an extension of the Encode[ ] capabilities?

It could! With this addition we’re looking into adding more DRM-related features, although a complete DRM system is a pretty big undertaking.

Great useful information, Christopher, thank you!

Nice functionality, looks easy to use.

The encryption secures communication with the cloud but going further I understand there are ways of running computations in an encrypted way. So, not even the cloud will know what it is computing. Is this possible using the Wolfram Cloud?

Thanks,

Paul.

Thanks for your comment! This is something we’re looking into. The difficulty is running a program without ever decrypting it as a whole, or (as is the case with the Cloud) running a program without being given a key which can unlock source code.

When I run the code above, I get the error message “Decrypt::ivlen: Initialization vector is not of suitable length. >>” after the line “Decrypt[key, %]”. Key then turns out to be SymmetricKey[

Association[

“Cipher” -> “AES256”, “BlockMode” -> “CBC”,

“Key” -> {131, 128, 187, 225, 153, 112, 190, 9, 70, 184, 39, 97, 75,

31, 182, 175, 109, 255, 124, 48, 113, 241, 1, 131, 194, 82, 112,

11, 172, 19, 37, 198}, “InitializationVector” -> None]]

rather than

SymmetricKey[

Association[

“Cipher” -> “Blowfish”, “BlockMode” -> “CFB”,

“Key” -> {107, 130, 78, 245, 180, 193, 159, 102, 101, 74, 106, 143,

158, 87, 151, 19, 27, 85, 35, 94, 221, 20, 166, 251},

“InitializationVector” -> None]]

used in the line

“Encrypt[%, “One if by land, and two if by sea”]”.

Ifixed this with

“keyGAK = GenerateSymmetricKey[

Method -> “Blowfish”, “KeySize” -> 192,

“BlockMode” -> “CFB”|>]”

and then

“Decrypt[keyGAK, %]”,

which works.

Lovely functionality!

Barrie

Great post Chris, keep them coming!