Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can read and process it. The pre-fix “crypt” means “hidden” or “vault” and the suffix “graphy” stands for “writing.”
Information security uses cryptography on several levels. The information cannot be read without a key to decrypt it. The information maintains its integrity during transit and while being stored. Cryptography also aids in non-repudiation. This means that the sender and the delivery of a message can be verified.
Cryptography is also known as cryptology.
An early example of cryptography was the Caesar cypher, used by Julius Caesar to protect Roman military secrets. Each letter in a message was substituted with the letter 3 spaces to the left in the alphabet, this knowledge was essentially the key that encrypted the message. Caesar’s generals knew that to decode the letters they only had to shift each to the right by three, whilst the information remained safe if intercepted by Caesar’s enemies.
Modern cryptography works on the same level, albeit with far greater levels of complexity.
In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms to transform messages in ways that are hard to decipher. These deterministic algorithms are used for cryptographic key generation and digital signing and verification to protect data privacy, web browsing on the internet and confidential communications such as credit card transactions and email.
Cryptography is closely related to the disciplines of cryptology and cryptanalysis. It includes techniques such as microdots, merging words with images, and other ways to hide information in storage or transit. However, in today’s computer-centric world, cryptography is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption). Individuals who practice this field are known as cryptographers.
Modern cryptography concerns itself with the following four objectives:
- Confidentiality: the information cannot be understood by anyone for whom it was unintended
- Integrity: the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected
- Non-repudiation: the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information
- Authentication: the sender and receiver can confirm each other’s identity and the origin/destination of the information
Procedures and protocols that meet some or all of the above criteria are known as cryptosystems. Cryptosystems are often thought to refer only to mathematical procedures and computer programs; however, they also include the regulation of human behaviours, such as choosing hard-to-guess passwords, logging off unused systems, and not discussing sensitive procedures with outsiders.
Cryptosystems use a set of procedures known as cryptographic algorithms, or cyphers, to encrypt and decrypt messages to secure communications among computer systems, devices such as smartphones, and applications. A cypher suite uses one algorithm for encryption, another algorithm for message authentication and another for key exchange. This process, embedded in protocols and written in software that runs on operating systems and networked computer systems, involves public and private key generation for data encryption/decryption, digital signing and verification for message authentication, and key exchange.
Types of cryptography
Single-key or symmetric-key encryption algorithms create a fixed length of bits known as a block cypher with a secret key that the creator/sender uses to encipher data (encryption) and the receiver uses to decipher it. Types of symmetric-key cryptography include the Advanced Encryption Standard (AES), a specification established in November 2001 by the National Institute of Standards and Technology as a Federal Information Processing Standard (FIPS 197), to protect sensitive information. The standard is mandated by the U.S. government and widely used in the private sector.
In June 2003, AES was approved by the U.S. government for classified information. It is a royalty-free specification implemented in software and hardware worldwide. AES is the successor to the Data Encryption Standard (DES) and DES3. It uses longer key lengths (128-bit, 192-bit, 256-bit) to prevent brute force and other attacks.
Public-key or asymmetric-key encryption algorithms use a pair of keys, a public key associated with the creator/sender for encrypting messages and a private key that only the originator knows (unless it is exposed or they decide to share it) for decrypting that information.
The types of public-key cryptography include RSA, used widely on the internet; Elliptic Curve Digital Signature Algorithm (ECDSA) used by Bitcoin; Digital Signature Algorithm (DSA) adopted as a Federal Information Processing Standard for digital signatures by NIST in FIPS 186-4, and Diffie-Hellman key exchange.
To maintain data integrity in cryptography, hash functions, which return a deterministic output from an input value, are used to map data to a fixed data size. Types of cryptographic hash functions include SHA-1 (Secure Hash Algorithm 1), SHA-2 and SHA-3.
In blockchain, cryptography is primarily used for two purposes:
1. Securing the identity of the sender of transactions.
2. Ensuring the past records cannot be tampered with.
Despite being founded upon a similar framework, the type of cryptography used in blockchain, namely public-key cryptography, is considerably better suited to the functions associated with the technology than symmetric-key cryptography.
What is Public-Key Cryptography?
Public-key cryptography, also known as asymmetric cryptography, represents an improvement on standard symmetric-key cryptography as it allows information to be transferred through a public key that can be shared with anyone.
Rather than using a single key for encryption and decryption, as is the case with symmetric key cryptography, separate keys (a public key and a private key) are used.
A combination of a user’s public key and private encrypt the information, whereas the recipients private key and sender’s public key decrypt it. It is impossible to work out what the private key is based on the public key. Therefore, a user can send their public key to anyone without worrying that someone will gain access to their private key. The sender can encrypt files that they can be sure will only be decrypted by the intended party.
Furthermore, through public-key cryptography, a digital signature is produced, securing the integrity of the data that is being shown. This is done by combining a user’s’ private key with the data that they wish to sign, through a mathematical algorithm.
Since the actual data itself is part of the digital signature, the network will not recognize it as valid if any part of it is tampered with. Editing even the slightest aspect of the data reshapes the whole signature, making it false and obsolete. Through this, blockchain technology is capable of guaranteeing that any data being recorded onto it is true, accurate and untampered with. Digital signatures are what give the data recorded on a blockchain its immutability.
Attackers can circumvent cryptography, hack into computers that are responsible for data encryption and decryption, and exploit weak implementations, such as the use of default keys. However, cryptography makes it harder for attackers to access messages and data protected by encryption algorithms.