Skip to main content

Cryptography

Cryptography: Unlocking the Secrets of Secure Communication

Cryptography is widely defined as the science and art of keeping messages secure. It is the practice and study of techniques for secure communication in the presence of third parties, referred to as adversaries. The fundamental purpose of cryptography is to ensure secure communication and data protection where adversaries are expected to be present. These techniques involve using codes to ensure confidentiality, integrity, and authentication. Cryptography deals with developing and analyzing protocols that prevent malicious third parties from retrieving information shared between two entities.

Several key terms are essential to understanding cryptography:

  • Plaintext (sometimes called cleartext) is the original, readable message or data before it is encrypted. This can include documents, images, multimedia files, or any other binary data.
  • Encryption is the process of disguising a message to hide its substance. It is the process of converting plaintext into ciphertext using a cipher and a key. The encryption function takes the plaintext and a key as input and returns the ciphertext as output.
  • Ciphertext is an encrypted message. It is the scrambled, unreadable version of the message after encryption. Ideally, no information about the original plaintext can be obtained from the ciphertext, except perhaps its approximate size.
  • Decryption is the process of turning ciphertext back into plaintext. It is the reverse process of encryption, converting ciphertext back into plaintext using a cipher and a key. The decryption function takes the ciphertext and the key as input and returns the plaintext as output.
  • A cipher (or cypher) is an algorithm for performing encryption or decryption. It is a series of well-defined steps that can be followed as a procedure. A cipher is an algorithm or method used to convert plaintext into ciphertext and vice versa.
  • A key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm or cipher. It is a string of bits the cipher uses to encrypt or decrypt data. While the cipher used is generally public knowledge, the key must remain secret, except for the public key in asymmetric encryption.
  • A cryptosystem is an implementation of cryptographic techniques and their accompanying infrastructure to provide information security services. It is also referred to as a cipher system. The basic components of a cryptosystem include Plaintext, Encryption Algorithm, Ciphertext, Decryption Algorithm, Encryption Key, and Decryption Key.
  • Cryptanalysis is the science of analyzing and breaking secure communication. Classical cryptanalysis involves analytical reasoning, mathematical tools, pattern finding, patience, determination, and luck. Cryptanalysts are also called attackers.
  • Cryptology embraces both cryptography and cryptanalysis.

The goal of cryptography is primarily to secure important data, whether it's stored on a hard disk or transmitted through potentially insecure mediums like a computer network. Cryptography can provide several key services:

  • Confidentiality (secrecy): Ensures that only the intended receiver can read the message. Data is kept secret from those without proper credentials.
  • Integrity (anti-tampering): Assures the receiver that the received message has not been altered in any way from the original.
  • Authentication: Helps establish and prove identity for authentication purposes. It confirms the identities of the sender and receiver and the origin/destination of the information.
  • Non-repudiation: Provides a mechanism to prove that the sender really sent a message. This prevents the creator or sender of information from denying their intention to send it later.

Cryptography has a long history, dating back to ancient Egyptian and Roman civilizations.

  • The first known evidence of cryptography can be traced to the use of hieroglyphs some 4000 years ago in Egypt.
  • The Caesar Shift Cipher, named after Julius Caesar, relies on shifting the letters of a message by an agreed number (often three). The recipient shifts the letters back by the same number. By modern standards, where the cipher is publicly known, the Caesar Cipher is considered insecure and susceptible to brute force attacks due to the limited number of possible keys (25 for the English alphabet).
  • The Kamasutra Cipher, described around 400 BC, is one of the earliest known substitution methods. It involves randomly pairing letters of the alphabet and substituting each letter with its partner based on the key (the permutation of the alphabet).
  • More recent historical ciphers include the Vigenère cipher, the Enigma machine, and the one-time pad.

There are three main types of cryptography:

  1. Symmetric Key Cryptography: Also known as Secret Key Cryptography or Conventional Cryptography. It uses a single, common key for both encryption and decryption. This shared key must be kept secret to maintain security. Symmetric-key systems are simpler and faster than asymmetric systems. However, their main drawback is the challenge of securely exchanging the key between parties and keeping it secure afterwards, a problem known as Key Management. This difficulty in securely distributing keys led to the development of Public Key Cryptography.

    • Examples include Data Encryption Standard (DES), published in 1977, which uses a 56-bit key. Due to advancements in computing, a DES key could be broken in less than 24 hours by 1999, prompting a shift.
    • Triple DES (3DES) was developed as an answer to DES shortcomings, applying DES three times with an effective key size of 112 or 168 bits. While based on DES, it has proven reliability and a longer key length. It was deprecated in 2019 but might still be found in legacy systems.
    • Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government in 2001. It comprises three block ciphers (AES-128, AES-192, AES-256) with 128-bit block sizes and key sizes of 128, 192, and 256 bits respectively. AES is widely used worldwide and replaced DES.
    • Other examples include IDEA, Lucifer, Madryga, FEAL, REDOC, LOKI, GOST, CAST, Blowfish, Safer, Crab, and RC5.

  2. Asymmetric Key Cryptography: Also known as Public-key cryptography. This type uses a pair of keys: a private key and a public key. The public key is used to encrypt the message, and the private key is used to decrypt it. The public key can be shared with anyone, while the private key must be kept secret by the owner. Public Key Cryptography was publicly described in 1977 by Rivest, Shamir, and Adleman (RSA), but the basic technique was first discovered secretly by Clifford Cocks in 1973. Asymmetric encryption tends to be slower and uses larger keys than symmetric encryption. It is based on mathematical problems that are easy to compute in one direction but extremely difficult (infeasible) to reverse.

    • Examples include the Digital Signature Standard (DSS), developed by the NSA and published by NIST, which is the U.S. government standard for authentication of electronic documents.
    • The RSA algorithm, developed by Rivest, Shamir, and Adleman, is an algorithm for public-key cryptography, suitable for signing as well as encryption. It is widely used in electronic commerce protocols. RSA uses key sizes like 2048-bit, 3072-bit, and 4096-bit, with 2048-bit being the recommended minimum.
    • ElGamal is a public key method used in both encryption and digital signing. It is similar to the Diffie-Hellman key agreement protocol and uses discrete logarithms.
    • Other examples mentioned are Diffie-Hellman and Elliptic Curve cryptography (ECC). ECC can achieve equivalent security with shorter keys compared to RSA or Diffie-Hellman.

  3. Hash Functions: A cryptographic hash function takes an arbitrary block of data (the message) and returns a fixed-size bit string called the cryptographic hash value or message digest. There is no key required in hash function cryptography. A key property is that any change to the input data will, with very high probability, change the hash value.

    • Ideal cryptographic hash functions have four main properties: easy to compute the hash value for any message, infeasible to generate a message from a given hash, infeasible to modify a message without changing the hash, and infeasible to find two different messages with the same hash.
    • Examples include Snefru, N-Hash, MD2, MD4, MD5, and SHA (Secure Hash Algorithm) family.
    • A collusion (or collision) discovery for MD5 was demonstrated in March 2005, where two different files produced the same MD5 checksum.
    • The SHA functions were designed by the NSA and published by NIST. Because of attacks on MD5, SHA-0, and theoretical attacks on SHA-1, NIST perceived a need for an alternative, which became SHA-3, based on the Keccak algorithm selected in 2012. SHA variations like SHA-2 and SHA-3 are commonly used for data integrity and authenticity. Hash functions are often used to verify the integrity of data and ensure it has not been tampered with.

Basic mathematical operations are fundamental to cryptography.

  • The XOR (exclusive OR) operation, denoted by ⊕ or ^, compares two bits and returns 1 if they are different and 0 if they are the same. Key properties for cryptography include A ⊕ A = 0 and A ⊕ 0 = A. XOR can be used as a simple symmetric encryption algorithm, where Ciphertext C = Plaintext P ⊕ Key K.
  • The Modulo operation, written as % or mod, is the remainder when one number is divided by another. For example, 23 % 6 = 5. A significant aspect of modulo is that it is generally not reversible; knowing the remainder does not uniquely determine the original number. The result of a % n for a positive integer n is always in the range 0 to n−1.

Cryptography has a wide range of applications in the modern world. These include:

  • Securing online transactions, such as online banking and e-commerce.
  • Digital signatures for verifying the authenticity and integrity of digital documents.
  • Password protection, often by hashing and encrypting passwords before storing them.
  • Military and intelligence applications to protect classified information.
  • Secure web browsing using protocols like SSL/TLS to encrypt data transmitted between a server and client.
  • Ensuring the integrity of downloaded files using hash functions.
  • Compliance with regulations like PCI DSS for handling credit card information and HIPAA/GDPR for medical records.
  • Authentication for accessing various systems and resources.
  • Digital currencies and cryptocurrencies like Bitcoin, using complex algorithms and keys to protect transactions and network integrity.
  • End-to-end encryption for communication apps.

Despite its strengths, cryptography faces challenges, including:

  • Key management: The careful management of keys is crucial for security, and it can be challenging, particularly in symmetric key systems or when dealing with many parties.
  • Quantum computing: The development of quantum computing poses a potential future threat to current cryptographic algorithms.
  • Human error: Cryptography's security can be compromised by human error, making it a weak link.