This is a very basic overview of some common cryptographic terms and techniques employed not just in videogame consoles but universally. I will make generalisations in order to simplify the explanations, so I urge you to read more elsewhere to get a fuller understanding. Bruce Schneier’s Applied Cryptography is widely regarded as the best introduction and reference book on cryptography.
Algorithm: A mathematical process.
Key: The data used by an algorithm to control its operation.
Message: The data to which an algorithm is applied.
Encrypt: The use of an algorithm and key to scramble a message in order to make it unreadable.
Decrypt: The use of an algorithm and key to unscramble a message in order to make it readable.
Symmetric refers to the fact that the same key is used to both encrypt and decrypt data. In this situation the sender and receiver of a message must share the same key. The sender encrypts a message with the key and then sends the encrypted message to the receiver who decrypts the message with the same key. The key must be kept secret in order for the messages to be secure. Due to the above conditions some other names for this type of crypto are shared-key and secret-key cryptography.
Symmetric algorithms are usually a lot faster than asymmetric algorithms. This makes them preferable when lots of data needs to be processed in less time and requiring less computational power. Some examples of symmetric algorithms are AES, DES, RC4 and even the good old XOR.
An example of a real world usage of a symmetric algorithm is the Xbox360 DVD drive authentication. It uses the AES algorithm and the shared secret key is stored in both the DVD drive firmware and in the Xbox360 keyvault.
Asymmetric refers to the fact that different keys are used to encrypt and decrypt data. These keys come in pairs where one key is known as the public key and the other as the private key. The public key can be computed from the private key, however the private key cannot be computed from the public key. This means the public key can be safely given out to anyone (ie the public) without compromising the private key. The ways this system can be used are:
1) Any sender can encrypt a message with the public key then only the receiver can decrypt it by using the private key. This is used to allow anyone to send messages that only the receiver can read.
2) A sender can encrypt a message with the private key then any receiver can decrypt it using the public key. This can be used to ensure the message received came from a particular sender, since only the sender with the private key could have encrypted it.
Asymmetric algorithms are slower than symmetric algorithms, so they tend to be used when security is more important than speed. Some examples of popular asymmetric algorithms are RSA and ECC.
A hash is a small, fixed size, representation of a variable length message. An algorithm is used to calculate a hash over a given message. The algorithm used should not allow calculation or alteration of a message in order to produce a specific hash. The most common hash algorithms are SHA and MD5. A hash may also be referred to as a digest, checksum or digital fingerprint.
Hashes can be used to determine is a message has been altered or corrupted since the hash was initially calculated over the message.
A real world use of hashes is for storing passwords. If the passwords themselves were stored there is a risk that someone could gain access to them and read them. Instead, a hash of the password is stored, which is then compared against a hash generated over a password that a user enters. If the hashes match then the password is correct. It does not matter if someone reads the stored hashes since they would be unable to calculate the passwords that the hashes were generated from.
While individually the above techniques are powerful, combining them can produce even more useful results.
A combination of asymmetric cryptography and hashes are often used for message authentication. A sender generates a hash over their message and then encrypts the hash with a private key. The receiver then decrypts the hash with the public key and compares the decrypted hash against a newly generated hash over the message. If the hashes match, then they can be sure that the message is authentic and did indeed come from the sender.
A real world example of the above is the signing of Xbox360 executable files (xex files). A variant of the SHA algorithm is used to generate a hash over the xex file. This hash then gets RSA encrypted with the private key that only MS has and the result is stored in the xex file. When an Xbox360 console attempts to run an xex file it will decrypt the encrypted hash that is stored inside the xex file and then verify that hash over the xex file. If the hash matches then the xex file is verified as authentic, meaning that it came from MS and has not been altered.
Symmetric Cryptography can be referred to as Private Key Cryptography since the key needs to be kept private in order for the system to be secure. This should not be confused with the private key from an asymmetric key pair.
Asymmetric Cryptography can be referred to as Public Key Cryptography since the public key from the key pair can be publicly shared while still retaining a secure system.