🔐 A Level · Chapter 17
Security
Encryption · Symmetric & Asymmetric · SSL/TLS · Digital Certificates · Quantum Cryptography
17.1 Encryption
Key vocabulary
Plaintext — original readable data. Ciphertext — encrypted, unreadable form. Encryption — plaintext → ciphertext using a key. Decryption — ciphertext → plaintext using a key.
📄 Plaintext
original data
+
🔑 Key
encryption key
→
⚙️ Algorithm
cipher function
→
🔒 Ciphertext
encrypted data
Symmetric vs Asymmetric Encryption
🔐 Symmetric Encryption
Same key used to both encrypt and decrypt. Both parties must know the same secret key.
Encrypt: Ciphertext = E(key, plaintext)
Decrypt: Plaintext = D(key, ciphertext)
Examples: AES, DES, 3DES
✅ Fast — suitable for large data
❌ Key distribution problem — how do you securely share the key initially?
🗝️ Asymmetric Encryption
Uses a key pair: a public key (shared openly) and a private key (kept secret). What one key encrypts, only the other can decrypt.
Public key = share with everyone
Private key = never shared
Examples: RSA, ECC
✅ Solves key distribution
❌ Slow — only used for small data / key exchange
Scenario: Alice wants to send Bob a secret message.
1
Bob publishes his public key — anyone can see it2
Alice encrypts her message using Bob’s public key3
Ciphertext is sent — even if intercepted, it’s unreadable4
Bob decrypts using his private key — only he can read itKey insight
Only Bob’s private key can decrypt what was encrypted with Bob’s public key. No one else — not even Alice — can decrypt it after encrypting.
Scenario: Alice wants to prove a message is genuinely from her.
1
Alice creates a hash of her message (a digest)2
Alice encrypts the hash with her private key → this is the digital signature3
Alice sends message + digital signature4
Receiver decrypts the signature using Alice’s public key → recovers the hash5
Receiver hashes the received message independently6
If both hashes match → message is authentic and untampered ✅This proves two things
Authentication — message came from Alice (only she has her private key). Integrity — message wasn’t altered in transit (hashes must match).
SSL/TLS
What is SSL/TLS?
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols that provide a secure, encrypted channel between a client and server over the internet. HTTPS = HTTP + TLS.
TLS Handshake — How a Secure Session is Established
1
Client Hello — browser sends supported cipher suites, TLS version, random number
2
Server Hello + Certificate — server responds with chosen cipher, sends its digital certificate
3
Certificate Verified — client checks certificate is signed by a trusted Certificate Authority (CA)
4
Key Exchange — client generates a session key, encrypts it with server’s public key, sends it
5
Session established — both sides now have the same session key → all further data uses symmetric encryption (fast!)
Why mix both types?
Asymmetric encryption safely exchanges the session key (solves key distribution). Symmetric encryption then handles the bulk data transfer (fast). Best of both worlds!
When to use SSL/TLS?
Any situation where data must be kept confidential or integrity must be assured: online banking, e-commerce checkouts, login pages, email, API calls handling personal data.
Digital Certificates
What is a digital certificate?
A digital certificate is a file issued by a trusted Certificate Authority (CA) that binds a public key to an identity (person, website, organisation). It proves: “this public key really belongs to who they claim to be.”
Certificate Contents
Digital Certificate contains:
– Owner’s name / domain (e.g. www.bank.com)
– Owner’s public key
– CA’s name (e.g. DigiCert, Let’s Encrypt)
– Validity period (issue & expiry dates)
– Certificate serial number
– CA’s digital signature (hash of above, signed with CA’s private key)
Acquiring:
- Organisation generates a public/private key pair
- Submits a Certificate Signing Request (CSR) with public key + identity info to a CA
- CA verifies the identity through various checks (domain ownership, business docs, etc.)
- CA signs the certificate with its own private key → issues certificate
Using:
- Web server presents certificate during TLS handshake
- Browser checks CA’s signature using CA’s (already-trusted) public key
- If valid → browser trusts the server’s public key
- Padlock icon appears in browser 🔒
Quantum Cryptography
Core idea
Quantum cryptography uses the principles of quantum physics to transmit encryption keys. The most well-known protocol is QKD (Quantum Key Distribution).
✅ Benefits
- Theoretically unbreakable — any interception changes the quantum state of the photons, alerting the recipient
- Eavesdropping is detectable — due to quantum no-cloning theorem
- Future-proof against quantum computers which would break RSA
❌ Drawbacks
- Very expensive hardware (requires specialised quantum channels)
- Transmission distance currently limited (signal degrades)
- Not yet practical at internet scale
- Requires a dedicated quantum channel — can’t run over existing internet infrastructure
Analogy
Imagine sending the key written in invisible ink that changes colour permanently if anyone opens the envelope. You’d know immediately if it was intercepted. That’s the quantum principle — observation disrupts the key.
⚡ Exam Essentials
- Define plaintext, ciphertext, symmetric, asymmetric encryption
- Describe how to send a private message (using recipient’s public key)
- Describe how to send a verified message (digital signature using sender’s private key)
- Explain the 5-step TLS handshake including why both symmetric and asymmetric are used
- Describe the contents and purpose of a digital certificate
- Explain quantum cryptography: purpose, benefit (eavesdropping detection), drawbacks