What is Cryptography?

Cryptography deals with a set of methods which enable us to store and transmit information while safeguarding it from intruders. That is, we can use cryptography methods to keep information private (say documents, passwords, etc on your computer), and to communicate in a way such that only the intended recipient can read the message.

Cryptography achieves this by converting data into a different form which is incomprehensible (often called ciphertext or code). The process of converting data to ciphertext is called encryption, and the process of converting retrieving data from ciphertext is known as decryption. Performing encryption and decryption requires secret information such as passwords (or keys).

In this article, we’ll discuss various applications of cryptography, especially those relevant to our modern digital lives. Then, we’ll move on to a description of the various branches of cryptography, goals of cryptosystems, and the central design criteria for modern cryptosystems.

Why Cryptography? Applications of Cryptography

Cryptography has had many applications over thousands of years of history. In this section, we’ll touch on a few of the major applications as motivation for why one should study cryptography.

Government and Military

The oldest application of cryptography is the protection of military secrets. One of the oldest known ciphers is the Caesar Cipher, attributed to Julius Caesar and was used to send confidential information to his commanders and soldiers in the field. Since then, the use of cryptography in government and the military has only increased to protect information that is sensitive for reasons of tactics, politics, etc.

The Internet

A massive use of cryptography in the modern world is on the Internet. The HyperText Transfer Protocol Secure (HTTPS) is the method by which sensitive information is communicated to and from the Internet. Each time a website with a “green lock” icon is visited, modern cryptographic ciphers are in use to protect the information flowing between the site and the visiting computer.

Password Security

Many people use password managers to handle their collection of passwords for different sites. These passwords are stored in an encrypted format to protect them against attackers. The password manager takes a master password and uses it to decrypt the other stored passwords.

Secure Email

The general email standard is defined to transmit text data from place to place, so all email is sent unencrypted. Web-based email (Gmail, Yahoo, etc.) use HTTPS to encrypt email, but it is also possible to encrypt other email with tools like PGP (Pretty Good Privacy) so that only the sender and recipient have access.

Business Data

Most businesses have information that they wish remains secret: intellectual property, customer data, etc. In some cases, it is required by law to encrypt sensitive information about customers, and any breach of data must be disclosed to the public.

Branches of Cryptography

The word cryptography means different things to different people. In this section, we’ll provide formal definitions and explanations for cryptography related terms and subfields.

Cryptology

Cryptology (literally “the hidden word”) is an umbrella term for the fields of cryptography and cryptanalysis. Researchers who both develop new ciphers and attempt to break others are most properly called cryptologists as they practice both cryptography and cryptanalysis.

Cryptography

Cryptography (“hidden writing”) is the area of cryptology related to the creation of new codes and ciphers. Cryptographers use mathematical properties to develop cryptographic algorithms. The intent of these algorithms is to encode a message in such a way that the author and intended recipient can easily communicate while it is impossible or computationally infeasible for an unauthorized party to learn any secret information.

Cryptanalysis

Cryptanalysis (“the investigation of the hidden”) is the art and science of breaking ciphers. Cryptanalysts perform a variety of different analyses on a cipher to attempt to learn secret information. Among these are mathematical analysis (searching for loopholes or flaws in the mathematical basis of the cipher), logical analysis (confirming that the cipher was designed correctly), and side-channel analysis (testing if the execution time, power consumption, etc. of a system is dependent on-and reveals information about the plaintext or secret key.)

A well-known example of cryptanalysis is the breaking of the Enigma cipher by Polish cryptographers in World War II. Similar Enigma machines were used by the Germans, Italians, and Japanese for sending confidential military communications. Polish cryptanalyst Marian Rejewski exploited permutation theory and machine flaws to break the cipher which, combined with information about the machine configuration used by the Germans, allowed ciphertexts to be decoded.

Steganography

Steganography (“covered writing”) is the science of hiding information “in plain sight”. Unlike cryptography, the goal of steganography is to completely obscure the existence of information rather than conceal its content. For example, interception of an encrypted message obviously indicates the existence of a secret since it typically looks like gibberish.

In contrast, a steganographic message may consist of transmission of a picture from a recent vacation. The secret information in this case will likely be encoded as variations in pixel color too subtle for the human eye to detect. Someone who knows to look for the hidden message can use software to determine the variations used and reconstruct the original message, but anyone who doesn’t know to look or the algorithm used may never suspect that such a message exists.

Original image (top), followed by hiding a message using the least significant bits of the pixel values (1-bit and 2-bit)

In 513 BC, the Greek historian Herodotus wrote about the use of steganography by Histiaeus of Miletus. Histiaeus would shave a slave’s head, tattoo on a secret message and then wait for the hair to grow back to cover the message. Once the message was covered, the messenger was sent to the Greeks, who shaved the head and read the message.

Note that cryptography and steganography have complementary purposes and can be used together. A message can be encrypted to preserve the secrecy of its contents and then hidden using steganography. If steganography is successful, the existence of the message will be unsuspected and encryption unnecessary, but breaking the steganography of an unencrypted message means that the message is completely revealed.

Cast of Characters

To improve understandability and make things more interesting, cryptographers use specific names to describe cryptography algorithms and settings. In cryptography examples, we use the names Alice and Bob, where Alice is the one trying to send a message to Bob. In examples of attacks, we use a character named Eve, who is trying to spy on and / or modify the message.

Goals of Cryptographic Algorithms: The CIA Triad

Cryptography has three main goals, typically referred to as the “CIA triad”. In this section, we will define these goals of confidentiality, integrity, and authentication.

Confidentiality

Confidentiality means that cryptographic algorithms attempt to keep the contents of a message secret. If Alice is sending a message to Bob, it should be impossible or computationally infeasible for Eve to learn the contents of an encrypted message without knowledge of the secret key.

Integrity

Integrity means that a cryptographic algorithm verifies that a message was not modified in transit. Some ciphers provide a means for calculating a Message Authentication Code (MAC), which verifies the integrity of a message. Other ciphers do not intrinsically provide integrity protection.

For example, assume that Alice encrypts a message to Bob by encoding each letter as its position in the alphabet (A=1, B=2, etc.). If Eve can intercept the message, she can modify the message without Bob knowing.

Authentication

The third member of the CIA triad is authentication. If Bob receives a message, he wants to be sure that Alice (and not Eve) sent it.

In general, it’s possible to assume that knowledge of the encryption key means that the message comes from the claimed sender. However, if the encryption key is known to all members of the group (i.e. Alice, Bob, and Charlie), it’s impossible to determine which member actually sent a message (Alice could sent a message and claim it was from Charlie), or, if the key is stolen, the thief can send messages purporting to be from the key’s original owner.

The Fourth Goal: Non-repudiation

Beyond the CIA triad, there is one more important goal of cryptography: non-repudiation. Non-repudiation means that someone cannot deny that they sent a message.

Encryption algorithms with symmetric keys use the same secret key for encryption and decryption, so the “recipient” of a message could create it, claim that the “sender” sent it, and it would be impossible to determine who was telling the truth.

For example, Alice could go to Bob’s car lot and pick out an ugly car. She could then send Bob an encrypted message saying that she wants the car and providing payment. Later, if Alice went to court claiming that she never wanted that car and that Bob faked the message from her, Bob couldn’t prove to the judge that Alice sent the message.

Encryption algorithms with asymmetric keys use different keys for encryption and decryption. Also, it is computationally impossible to determine the encryption (“private”) key from the decryption (“public”) key. This means that a message that decrypts with a public key must have been written by the owner of the private key (or someone who has access to it) and the sender cannot deny sending it (unless they were negligent in protecting their private key).

In our example, if Alice used asymmetric encryption, it would be impossible for Bob to have faked the message about the car. Therefore, the judge can be confident that Alice sent the message and can throw out her complaint.

Design Principle for Cryptography: Kerckhoff’s Principle

Kerckhoff’s Principle is an important rule in cryptography by Auguste Kerckhoff. It states ”A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.” In the very early days of cryptography, cryptosystems often relied on “security by obscurity”, i.e. basing the security of the system on the fact that potential adversaries do not know how it works and therefore have no opportunity to identify weaknesses that could allow it to be broken. However, modern cryptosystems are designed in accordance with Kerckhoff’s Principle.

Conclusion

In this article, we discussed what cryptography is and that it is an integral part of the digital world we live in. We outlined the different branches cryptography, and the goals of cryptographic algorithms and design principles they should follow.