What is Cryptography?
Tech-savvy individuals talk about encrypted data and its importance all the time. Data encryption is the practical application of cryptography, a method of taking plaintext, scrambling it, and sending it to a receiver.
Cryptography is incredibly complex and requires advanced knowledge of mathematics. Social media platforms, banks, digital wallets, and text messaging apps all rely on cryptography. But how does it work?
To clarify how it works, we’ll tell you about its history, the different types, a few examples, and some challenges that come with cryptography.
- Cryptography is a method of protecting information and communications by employing codes, so that only those for whom the information is intended can read and process it. This complex science combines elements of mathematics, computer science, and electrical engineering to secure digital transactions, control the creation of new coins, and verify the transfer of assets.
- The process works by using algorithms and cryptographic keys to encrypt and decrypt data. Two common types of cryptography are symmetric (private key cryptography) and asymmetric (public key cryptography). The first uses a single key for encryption and decryption, while the latter utilizes a pair of keys, one public for encryption and a private one for decryption.
- Cryptography plays a pivotal role in securing sensitive information, especially in the fields of online banking, computer passwords, and e-commerce transactions. It also provides the backbone for cryptocurrencies, such as Bitcoin, that rely on blockchain technology, which uses cryptographic methods to ensure the immutability and security of transactions.
What is Cryptography?
Unless you’re an expert in computer science, the broadness of the term “cryptography” can be challenging to explain.
Perhaps the best answer to the question, “What is cryptography?” is that it’s an entire art form of keeping specific information secure by making it cryptic and impossible to understand by anyone other than the intended recipient.
Let’s take a simple message readable by humans, also known as plaintext, and apply mathematical operations and algorithms.
The result will be unintelligible nonsense, otherwise referred to as a cipher. However, cryptography would be pointless if the intended recipient of an encrypted message wouldn’t know how to read it. Therefore, the algorithm and mathematical processes also apply to cryptographic key generation, digital signatures, or a single key for verification that protects data privacy.
They are also necessary to ensure safe web browsing and secure and confidential communication via email and banking systems.
A Brief History of Cryptography
We’ve touched on the issue of what is cryptography, but it’s also essential to examine its origin and how it became a huge part of computer science. The term “cryptography” comes from the Greek language and the word “kryptos,” which means hidden.
That explains the first part of the word. The second part of this compound, “-graphy” means writing. So, in unambiguous terms, cryptography translates to “hidden writing.”
The study of cryptography dates back to ancient Egypt, some 4,000 years ago, and is evident in their very complex pictograms, or hieroglyphics. The very first use of modern cryptography and ciphers still used today is attributed to Julius Caesar, a Roman general and politician.
He distrusted messengers and went to great lengths to conceal the communications with his officers and governors. The fear of important secrets leaking to the wrong people led to the development of a system where every character in his message was replaced by a letter three places ahead in the Roman alphabet.
This system is also known as a Caesar cipher or substitution cipher. It was medieval Arab mathematicians that realized that some letters in any language are more used than others; thus, patterns become easier to recognize.
Their main contribution was to the art of decryption. By today’s standards, both the cryptography and decryption were relatively basic, and with the introduction of computers, both are now revolutionized. It’s fair to say that the development of computer science, computer technology, and cryptography go hand in hand.
Understanding Cryptography, Cryptology, and Encryption
Before exploring cryptography types, examples, and everyday application, it’s vital to distinguish between cryptography, cryptology, and encryption.
Naturally, they are all related, but have important differences we want to highlight. We’ve established that cryptography in the literal sense means “hidden writing,” but cryptology represents “knowledge of secrecy” because the suffix “-logy” means “study.”
Basically, cryptography is a field of study of cryptology, though the two terms are often used interchangeably. But where does encryption fit it? It represents the actual process of turning plain text into ciphers.
The encryption process facilitates moving sensitive information by creating encrypted messages. Freely distributed secure communication is at the core of privacy protection, and many industries rely on encryption and decryption.
Secure cryptographic systems involve an algorithm and a key that is nearly always a number. It allows a sender and receiver to read the message.
The Kerckhoffs Principle
Cryptography has several principles, but none is more important than the Kerckhoffs principle, created by the renowned Dutch cryptographer Auguste Kerckhoffs.
This principle was designed long before computers, at the end of the 19th century, and has one basic premise, which says that any cryptographic system must be secure even if every part of the system, other than the key, is a matter of public knowledge.
His work mostly focused on military cryptography, as that was the primary purpose of science before the invention of computers.
The Kerckhoffs principle has been thoroughly studied and is a part of most modern encryption algorithms, including Data Encryption Standard (DES) and Advanced Encryption Standard (AES). How secure an encrypted communication is depends solely on the encryption key and quality.
The Four Standards of Cryptography
Contemporary cryptography has many procedures and cryptographic protocols that make up complex cryptosystems. Usually, this term stands for computer programs and mathematical procedures, but it is also used to explain certain human behaviors. For example, opting for complex passwords, not discussing sensitive data with individuals outside a set system, or choosing to log off every time you leave your computer.
All of these protocols rely on four standards or cryptographic techniques: confidentiality, integrity, non-repudiation, and authentication.
This standard describes a fundamental rule that only the intended receiver of an encrypted message can read the information. And they can do so only with a private key.
No one has the authority to change the message information while in storage or in transit between sender and receiver without this change being detected.
Both the sender and receiver are in a position of not being able to deny their intent of the information’s existence or transmission.
The senders and receivers must be able to confirm each other’s identity, as well as the origin of the encrypted message.
While there are many cryptographic algorithms found in computer science practice and cybersecurity, they are generally broken down into three categories.
The most prominent types of cryptography include symmetric key cryptography, asymmetric cryptography, and cryptographic hash functions.
Symmetric Key Cryptography
Perhaps one of the best examples of symmetric encryption is the substitute, as in the Caesar cipher mentioned above. When creating a symmetric encryption, both parties must know the same key or the private key required to decrypt it.
That’s what signifies the symmetrical process. It’s also imperative for the private key to stay fully secret between the two parties, which is why symmetric cryptography is sometimes referred to as secret key cryptography.
If the sender chose to send the private key via messenger, it would mean a third party was involved and they could be compromised. The key exchange can only occur between the sender and the intended recipient.
One of the most relevant uses of symmetric cryptography is to keep data confidential. This type of cryptography allows an efficient way to keep a local hard drive private.
Often, one user is both encrypting and decrypting protected data, meaning that a private key is not required. But it can also be used for network security and safely sending private messages online. However, it’s asymmetric cryptography that usually deals with these processes.
Asymmetric Key Cryptography
If symmetric cryptography is known as private key cryptography, then the asymmetric type is better known as public key cryptography. For two parties to practice secure communication over an inherently insecure network, they need to create a special, secure communication channel.
To establish this channel successfully, the parties need to apply public key cryptography. Every participant in this system has two keys. One is a public key and can be sent to anyone with whom you want to establish communication. Essentially, these types of public keys are encryption keys.
But there’s also the private key, designed to not be shared with anyone and used to decrypt messages.
A simple yet effective metaphor is to imagine a public key as a discreet slot on the mailbox, designed for dropping letters, and the private key as the actual physical key used to open the mailbox.
It’s vital to understand that mathematical concepts that suggest using one key for encryption and another for decryption create a one-way functionality. This means that the two keys must be related to each other in a way that a public key can be derived from a private key, but not the other way around.
In terms of complexity, asymmetric cryptography requires more resources and stronger infrastructure than symmetric cryptography.
Public and private key cryptographic algorithms both transform messages from plaintext to secret messages, and then back to plaintext again.
On the other hand, a hash function relies on one-way algorithms. Once a plaintext has been encrypted, it remains a ciphertext, also known as hash.
Logically, one might wonder what the purpose of hash functions are then. Are they only a pointless exercise? One of the most interesting aspects of hash functions is that a single plaintext cannot produce the same hash, or ciphertext. Therefore, in terms of data integrity, hashing algorithms are an efficient tool.
So, how would a hash function be applied in practice? A sender could encrypt a message with a hash value and when the receiver gets the message, they can use the same hashing algorithm for the text.
If the resulting hash is different from the received message, it means the content of the message has been altered in transit.
Hash functions are also used for confidentiality of computer passwords, as storing pass codes in plaintext is considered a great vulnerability.
All three cryptography types are implemented in different algorithms and techniques, and they are generally complex and broad in scope. Still, it’s important to cover several important cryptography examples and discuss whether they use secret key, public key, or hash value.
Data Encryption Standard (DES)
When Data Encryption Standard (DES) was established in 1971, it was a major breakthrough in cybersecurity. It relies on symmetric encryption. While it’s one of the oldest and most widely used cybersecurity tools, it’s no longer the only one available.
It’s important to understand this type of algorithm and what it means for cryptography. The DES uses a 56-bit size key to take a block of 64-bit plaintext and generate it into 64-bit ciphertext.
Each step in the DES process is called a round, and the number of rounds depends on several factors, including the size of a public key used for encryption.
The implementation of DES requires a security provider, but which one to choose depends on the programming language one uses, like Phyton, Java, or MATLAB. The DES algorithm is used for random number generation, but it doesn’t have the best track record for producing strong encryption.
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is the successor of DES and is considered the most secure encryption algorithm today. It’s even the federal standard, used by the U.S. government, but also by major social media platforms and corporations.
The AES falls under the category of symmetric encryption, meaning it requires the same key encryption to protect communications. This encryption standard is incredibly robust, especially when talking about the AES-256, which uses 14 rounds of encryption.
The steps of the process include splitting data into blocks, adding different bytes, mixing columns, and shifting rows, all to ensure the data is scrambled entirely. The end result is a random set of characters that have zero meaning to anyone other than a person with a corresponding private key.
It’s also important to point out that AES-256 is the standard for reliable virtual private network providers and that it works with popular programming languages such as Java, C, C++, and Python.
Also, modern Intel and AMD processors have a built-in AES, allowing them to scramble data.
Diffie-Hellman Key Exchange
One example of an asymmetric encryption is the Diffie-Hellman, or exponential key exchange. This is a digital encryption method that relies on numbers raised to specific powers in order to create decryption keys that were never sent directly.
This approach makes the job of a code-breaker incredibly difficult, and likely impossible. This method was created in 1976 and is used today to secure different online services.
The patent for the Diffie-Hellman key exchange expired a year after it was published and has since been a public-domain algorithm.
Rivest-Sharmir-Adleman (RSA) is another public key, or asymmetric, cryptosystem used for secure data exchange, and also one of the oldest.
It was created by a group of cryptographers in 1977, though the same system was secretly developed in 1973 by Government Communications Headquarters, a British intelligence agency.
In this system, the public key differs from the secret key, but the public key is based on two large prime numbers, with an added value. Anyone can encrypt the message, but only those with knowledge of the prime numbers can read it.
Hash values and algorithms offer a wide range of functions and are used for specific purposes. Password verification, proof-of-work in blockchain technology, and file or data identification are just some of the many ways hash algorithms are used.
Everyday Application of Cryptography
We’ve covered the standard, types, and examples of cryptography, but it’s also crucial to understand how the cryptographic algorithms and cryptographic keys are used in everyday life, whether we’re discussing symmetric or asymmetric encryption.
When it comes to public key cryptography, digital signature authentication is essential. Authentication refers to any process that verifies specific information.
If you want to verify the identity of a sender or the origin of a document, or when it was signed, cryptography uses a digital signature as a means to check the information.
A single document’s digital signature uses the secret key and the document’s content for authentication.
Because private keys in the context of digital signatures often come from a trusted directory and others may learn them, they can be vulnerable. But this problem can be solved with a certificate with the document issuer’s name and time stamps.
It may seem a somewhat irrelevant application, but time stamping can be incredibly important in certain situations. A digital time stamp tells us that a certain digital document was created or delivered at a specific time.
The cryptographic system used for time stamping is called a blind signature scheme, which allows senders to transmit a message to a recipient via a third party without revealing any part of the message to them.
In some ways, time stamping is quite similar to sending registered post via the U.S. mail, though it contains an additional verification level. A practical application of time stamping includes copyright archives, contracts, and patent registration.
Digital money, or electronic cash, is a constantly evolving concept. Essentially, it involves financial transactions done electronically from one party to another.
Cryptography is applied in both debit and credit card transactions and digital wallets. And it is required for anonymous and identified transactions.
Another option is the hybrid approach, which includes anonymous payments with respect to the seller, but not the bank.
It’s essential to understand how cryptography relates to cryptocurrency. Unsurprisingly, the blockchain technology through which digital assets are moved relies on cryptographic mechanisms.
The application of cryptography allows blockchains to maintain security, which is at the core of cryptocurrency systems. In fact, it was the cryptography message board that prompted the creation of Bitcoin in 2009.
Satoshi Nakamoto, the father of Bitcoin, suggested cryptography principles for a double-spend solution that has been an issue with digital currencies from the start.
Modern Cryptography Concerns
A modern cryptographic algorithm is considered unbreakable, for the most part at least. But as the number of entities relying on cryptography for security continues to grow, the demands for higher security levels also increase.
A single compromised key can lead to fines, damage to reputation, and loss of users or customers. The impact of inefficient cryptography implementation can also include a reduction in share price, dismissed executives, and even litigation.
Applications such as WhatsApp, Facebook, and Instagram, for example, have a strong incentive to secure the lines of communication by means of cryptography because they deal with a lot of sensitive data and user information. The same applies for all companies that deal with sensitive data.
They also have a reasonable duty to protect their users especially as there is increasing pressure in this direction as of late.
So, what are some of the cryptography key-based issues that could occur and jeopardize online security, and what are some of the ways they can be prevented?
The longer the key is, the more difficult it is to crack. But we also know that both private and public keys are random, so it’s easy to not concern yourself with how weak or strong it is.
Not all number generators are efficient, so it’s advisable to use one that collects the density of a file in characters from a reliable hardware number generator.
If one encryption key is overused, meaning that it encrypts too much data, it becomes vulnerable and prone to cracking. This is especially the case when older, symmetric cryptography algorithms are used. Ideally, keys should be renewed and updated at previously set and appropriate intervals.
Incorrect or Reused Key
It’s vital to keep in mind that a generated cryptographic key should only be used once and for one decryption purpose. Furthermore, a generated key used incorrectly or encoded improperly is a liability. It makes it easier for cybercriminals to hack the encrypted message.
Inadequate Key Storage
There is a lot of talk about how to properly store an encryption key. A good rule of thumb is to not store it in a large database or server, as these can be breached and compromised.
Inadequate Key Protection
Storing keys properly is essential, and appropriate key protection requires additional encryption. A stored key should only be able to be decrypted when moved to a secure environment, and sometimes even kept offline.
Undeniably, these types of cryptography threats are the most severe. An employee with access to a key can use it for nefarious purposes or sell it for profit to a hacker.
How to Reduce the Risk of Cryptography-Related Issues
A dedicated electronic key management system is essential for both organizations and individuals. Many reputable providers offer effective solutions that rely on hardware security modules designed to protect keys. Other important features of keeping the cryptosystems safe include the following.
- Strong key generation
- Strict policy-based controls
- Secure key destruction
- Strong user authentication
- Secure workflow management
- Audits and usage logging
How to stay safe online:
- Practice Strong Password Hygiene: Use a unique and complex password for each account. A password manager can help generate and store them. In addition, enable two-factor authentication (2FA) whenever available.
- Invest in Your Safety: Buying the best antivirus for Windows 11 is key for your online security. A high-quality antivirus like Norton, McAfee, or Bitdefender will safeguard your PC from various online threats, including malware, ransomware, and spyware.
- Be Wary of Phishing Attempts: Be cautious when receiving suspicious communications that ask for personal information. Legitimate businesses will never ask for sensitive details via email or text. Before clicking on any links, ensure the sender's authenticity.
- Stay Informed. We cover a wide range of cybersecurity topics on our blog. And there are several credible sources offering threat reports and recommendations, such as NIST, CISA, FBI, ENISA, Symantec, Verizon, Cisco, Crowdstrike, and many more.
Frequently Asked Questions
Below are the most frequently asked questions.
What are block ciphers?
What is quantum cryptography?
What does a cryptographer do?
Author: Tibor Moes
Founder & Chief Editor at SoftwareLab