Cryptography

 

What is Cryptography?

Cryptography is the practice of protecting information through the use of coded algorithms, hashes, and signatures. The information can be at rest (such as a file on a hard drive), in transit (such as electronic communication exchanged between two or more parties), or in use (while computing on data). Cryptography has four primary goals:

Confidentiality – Makes information available to only authorized users.

Integrity – Ensures that information has not been manipulated.

Authentication – Confirms the authenticity of information or the identity of a user.

Non-repudiation – Prevents a user from denying prior commitments or actions.

Cryptography uses a number of low-level cryptographic algorithms to achieve one or more of these information security goals. These tools include encryption algorithms, digital signature algorithms, hash algorithms, and other functions. This page will describe a few of the most commonly used low-level cryptographic algorithms.

How does cryptography work?

Cryptography works by taking plaintext (or cleartext) and scrambling it into ciphertext, so that the encoded output can be understood only by the intended recipient. As ciphertext, the information should be unreadable to all except the intended recipient.

In cybersecurity, encryption is most often used to scramble plaintext into ciphertext — while decryption reverses the process. The best encryption software uses complicated cryptographic algorithms that are incredibly difficult to crack.

The exact technique used to scramble plaintext into ciphertext defines how cryptography works. Symmetric encryption, asymmetric encryption, blockchain, and digital signatures are some prominent encryption techniques. Hashing, another cryptographic process, is not technically encryption, since it doesn’t use keys.

Use of cryptography

Cryptography is used to keep communications and information private. Protecting data with cryptography helps minimize threats like ransomware attacks, because if hackers intercept information, they won’t be able to understand it without a decryption key.

Here are some common uses of cryptography:

Financial transactions and online banking: Online banking and ecommerce websites use advanced encryption techniques to keep financial information safe.

SSL-secured websites: A website with an SSL certificate creates a secure, encrypted connection to protect information passing from your browser to the website’s server.

VPNs: A VPN is a security tool that redirects web traffic through a private server and encrypts the connection.

Though you can enable Wi-Fi encryption on your router settings, you need a VPN if privacy and security are truly important to you. VPN encryption methods vary, depending on which VPN protocol is used — for example the WireGuard VPN protocol is one of the most recent, while the OpenVPN protocol is perhaps the most common.

What is encryption?

An encryption algorithm is a procedure that converts a plaintext message into an encrypted ciphertext. Modern algorithms use advanced mathematics and one or more encryption keys. These make it relatively easy to encrypt a message but virtually impossible to decrypt it without knowing the keys.

Encryption techniques fall into two categories, symmetric and asymmetric, based on how their keys function.

What is symmetric-key cryptography?

Symmetric-key cryptographic algorithms use the same cryptographic keys for both the encryption of the plaintext and the decryption of the ciphertext. Symmetric encryption requires that all intended message recipients have access to a shared key.

The following illustrations show how encryption and decryption work with symmetric keys and algorithms, assuming that all parties share the same key.

In the first illustration, a symmetric key and algorithm are used to convert a plaintext message into ciphertext. The second illustration shows the same secret key and symmetric algorithm being used to turn ciphertext back into plaintext.        

What is asymmetric (public-key) cryptography?

Asymmetric (or public-key) cryptography consists of a broad set of algorithms. These are based on mathematical problems that are relatively easy to perform in one direction, but which cannot be easily reversed.

One famous example of this type of problem is the factoring problem: for carefully chosen prime numbers p and q, we can compute the product N=p*q quickly. However, given only N, it is very hard to recover p and q.

A common public-key cryptographic algorithm based on the factoring problem is the Rivest-Shamir-Adleman (RSA) function. When combined with an appropriate padding scheme, RSA can be used for multiple purposes, including asymmetric encryption.

An encryption scheme is called asymmetric if it uses one key—the public key—to encrypt data, and a different but mathematically related key—the private key—to decrypt data.

It must be computationally infeasible to determine the private key if the only thing one knows is the public key. Therefore, the public key can be distributed broadly while the private key is kept secret and secure. Together the keys are referred to as a key pair.        

What is a digital signature?

Digital signature schemes are a type of public-key cryptography that ensures integrity, authenticity, and non-repudiation of data.

The signing process can be thought of much like encrypting the file using the private key. The signer uses their private key to produce a “signature” on a digital document such as a file or a piece of code.

This signature is unique to the document/ private key pair, and can be attached to the document and verified with the signer’s public key. Two common algorithms for digital signatures are RSA with Probabilistic Signature Scheme (RSA-PSS) and Digital Signature Algorithm (DSA).