The Art of Secret Keeping – Cryptography and its Basics!
Cryptography is derived from the Latin words “Kryptos” meaning hidden and “Graphien” meaning to write.
Being a wide and constantly discussed topic in the wild, we’ll be trying to explain the basic premise of this topic in simple terms which an average reader can understand and grasp without much difficulty.
In this internet era, data is of paramount importance as we all might know.
As useful as the internet is, there are hidden dangers constantly lurking around such as unsafe websites, spam emails, hackers etc trying to expose ourselves and our sensitive data to the outside world, which might end up creating more harm than good.
That’s where the topic cryptography takes a centre stage.
What is cryptography?
Cryptography, in general, is defined as a set of techniques employed for enabling a safe and secure communication between a host and a receiver.
Cryptography employs a set of rules called algorithms to transform a message in a way that they become hard to decipher for an unauthorized third party.
These algorithms can be as simple as jumbled words and as complex as involving mathematical models to scramble the input.
History of Cryptography
People have been keeping secrets from one another as early as the dawn of human civilizations.
First records of cryptography date back to 1900 BC, where Egyptians used hieroglyphics to depict messages on the walls of caves.
Hieroglyphics are stylized pictures of an object representing a word, syllable, or sound, first invented by Egyptians.
Earlier, people used jumbled words in a message as a form of primitive obfuscation, so that an unauthorized third party finds it difficult to decipher the meaning.
During world wars, cryptography attained major importance.
As the military was in dire need of sending secret messages into the war zone, encrypting the contents in the letter became quintessential, as the enemy soldiers always tried to spy on each other.
From simple ciphers to giant enigma machines, the field of cryptography saw a meteorite advancement during those days.
Primary Functions of Cryptography
According to Garry Kesler, a pioneer in the cryptography industry, the five primary functions of cryptography are as follows :
- Key exchange
The primary function of a cryptographic function is the safety and security of the message.
The confidentiality of the message that a sender transmits to a receiver should not be known or revealed to a third party adversary is what form the basis of cryptography.
Cryptography not only revolves around the secrecy aspect of messages and texts.
It also has a huge scope in the authentication process.
If the sender has a secret key for decoding his message, pre-shared to the receiver before creating the message itself, this forms a token of authentication.
Only the right person with the right set of key will be able to read and access the contents, which in theory proves the identity of the receiver.
Even if the message has been leaked somehow during the transit, the sender can safely assume that no one other than the actual receiver with the pre-shared key will be able to access it.
Cryptography helps to maintain the integrity of the message transmitted between the sender and the receiver.
Modern-day ciphers are created using high-level mathematical functions.
These ciphers create ciphertext data with a unique footprint that will change if we tamper with the message.
If a situation arises when, someone was able to get hold of your message, and alters the content somehow, you would right away know that as the decryption key won’t work anymore as the content inside has changed.
Non-repudiation is a way to ensure that the sender has the responsibility for the data he has just transmitted.
The unique decryption key he had at the time of sending the data makes him the master of his actions and no one else.
The decryption keys exchanged between the sender and the receiver will be always encrypted or hashed.
These keys are never repeated more than once and are virtually of no use once the single message which it is intended to decrypt is done.
Encryption and Decryption
Encryption and Decryption are the two stages of a cryptographic process.
Encryption is a method by which the input text or message is converted into an intelligible form, of which a normal person would make no sense, seeing it in open.
The text that a user wants to encrypt is generally referred to as plaintext, and the encryption algorithm is called a cipher.
The plaintext that passes through a cipher treatment returns what is called a ciphertext, which is then transmitted to the receiver.
Decryption works as the reverse of encryption. The receiver is supposed to have a secret key, that helps him decode the ciphertext back to the plaintext.
Just think of it like two persons sharing a room, having a single key. The one leaving the house leaves the door locked and hand over the key to the other person,the other person can unlock the door now with the key but no one else can do so.
If we take a more realistic example, the Wi-Fi Router in our home or office encrypts the data traffic it sends over the air and it’s the device at the receiving end that decrypt the signal with the help of a key that you had set while connecting to the wireless network beforehand.
Types of Cryptographic Algorithms
There are a plethora of cipher algorithms in use around the globe and there isn’t a common standard yet.
Since we want to make this article as precise as it can be, let’s discuss the 3 most common type of algorithms in use.
- Secret Key Cryptography
- Public Key Cryptography
- Hash functions
Secret Key Cryptography (SKC)
Secret key cryptography uses the same key for both encryption and decryption of a plaintext message.
The common key used for both the functions also lends the name symmetric cryptography to this algorithm.
The key to encrypt and decrypt the data should be present on both the sender and receiver beforehand and they have finalised on which algorithm to use for ciphering the message.
The disadvantage of this type of cryptography is that, since the key and the ciphering algorithm has to be decided and shared beforehand, anyone who intercepts the same can easily crack the encryption.
On the other hand, SKC is relatively secure when it comes to end-to-end messaging and the encryption works really well.
SKC is generally used in areas like data transmission in an SSL session. Well-known SKC algorithms include AES (Advanced Encryption Standard) and RC2 (Rivest Cipher 2).
Public Key Cryptography (PKC)
Public key cryptography is a relatively new development in the field of cryptography and cryptanalysis. This algorithm uses a different set of keys for each encryption and decryption and is aptly referred to as asymmetric cryptography algorithm.
The existence of PKC is the mathematical notion that some of the functions are easily computable in seconds where the inverse functions are excruciatingly hard to find.
The basic premise of PKC algorithm is to find a loophole in the inverse function that makes it easy to reverse engineer the same and reach a conclusion how the two separate keys are mathematically related.
The advantage of this technique is that by choosing an algorithm beforehand, the sender can have a public encryption key and the receiver have his private decryption key without essentially both the parties knowing about the key they have in hand.
The chance of sensitive key leakage is very minimal or we can say non-existent in PKC.
Popular algorithms based on PKC include RSA (Rivest Shamir Adleman) and DSA (Digital Signature Algorithm).
Hash Functions are one-way encryption functions that calculate a hash value depending upon the content inside the message.
These Hash functions are generally used to verify the integrity of a message or a file, where the hash value provided by the sender for a particular message/file can be rechecked by the receiver to verify that there is no alteration done.
Popular hash function algorithms include MD5 (Message Digest 5) and SHA-1 (Secure Hash Algorithm).
Public Key Certificates
Public key certificates are issued by organisations known as certificate authorities, which can be Governmental organisations, large trusted private companies etc.
These certificates are provided not for individuals but for websites to makes sure the security of the website is intact and not compromised in any way and if compromised, can be traced back to the issuer.
The main functions of a security certificate include:
- Establish identity – each certificate is unique to a particular website and the web server.
- Assign authority – each certificate has its own set of legal actions that the site can take up and nothing more. This draws a fine line between what is legal and what is not.
- Secure confidential information – These certificates ensure the data traffic between the user and a website is properly encrypted and is not bound to any threats from malicious actors.
The next time you see a green lock icon, preceding the domain name on the address bar, be relaxed to know that the site you’re visiting is somewhat safe.
Even with the cryptography being so advanced, hackers always catch up with the trend, finding loopholes in the system to exploit any vulnerability.
As it is popularly said, security is a deception and having technologies such as cryptography makes it hard for hackers to retrieve sensitive information, even if they are able to get hold of the data.
We know we’ve only touched the tip of the subject in this article as our aim was to make you understand the basics of cryptography. We hope you had some insights on this topic reading this article.
If you did, please feel free to subscribe to our weekly newsletter for more such explainer articles, tech tips, buying guides and more to stay ahead of the pack. Have a great day!