Not all information is meant to be shared. In fact, many types of interaction need privacy in order to take place. For example, would you want a third party intercepting your emails? Or a stranger seeing your bank details when you make an online purchase?
If the answer is no, keep reading. In this article we’ll discuss cryptography. This essential technology is employed across thousands of use-cases to protect your browsing data, credit card information and corporate information.
What is cryptography?
Cryptography is the use of ciphers (codes) to encrypt information, ensuring it can only be read by the person it was intended for. It is a cornerstone of digital security, found in a multitude of digital industries including banking, telecoms, cybersecurity and the trustless blockchain ecosystem.
Cryptography, sometimes called cryptology, uses complex algorithms and ciphers to encrypt and decrypt data. Modern examples, such as AES, are considered unbreakable. They would take even a sophisticated computer thousands of years to crack.
Cryptography systems can be broadly classified into symmetric-key systems that use a single key that both the sender and recipient have, and public-key systems that use two keys, a public key known to everyone and a private key that only the recipient of messages uses.
Origins of cryptography
While modern cryptology is firmly rooted in computer science, mathematics and engineering principles, the practice of encoding information is ancient.
Ancient Greeks used scytale devices
As far back as 600BC, Greek leaders used scytale devices (early encryption tools) to send private messages during battle.
The Roman Empire used ciphers
Around 50 BC, Julius Caesar developed his own cipher, in which each letter of the Alphabet advanced by three places. In other words, A became D, B became E and so on. This proved to be an effective method of encryption for the times.
WW11 saw the first secure electronic communication
During WW11, actress Hedy Lamarr co-developed a type of radio communication that evaded enemy detection, technology that became the precursor for Wifi and Bluetooth.
1970s saw mass adoption of cryptography
By the 1970’s, the digital sector was booming and businesses had started to take cryptography seriously. IBM formed a “crypto group” tasked with developing a block cipher to protect IBM customer data. The solution, the Data Encryption Standard (DES) was adopted as a national data security standard.
Meanwhile, researchers Whitfield Diffie and Martin Hellman developed a secure method for cryptographic key exchange. This would allow the key for decrypting encoded messages to be shared safely between parties, without being intercepted.
Present day encryption standards
Today, the prevailing standard of encryption is AES, or asymmetric encryption standard. This relies on each party having both a public and private key, which are linked. This enables data to be decoded without either party sharing their own encryption key, preventing man in the middle attacks. To date, this is considered the gold standard of encryption.
How does cryptography work exactly?
Encryption uses ciphers and algorithms to “scramble” sensitive information until it can no longer be read. The scrambled data is known as ciphertext. Different levels of sophistication lead to different degrees of encryption.
For example, AES-256 bit encryption (considered to be unbreakable) takes a plaintext message and breaks it into 128 bits of data. In this 128 bit ciphertext, some elements are substituted, and some are permutated (or moved around), introducing enough confusion and randomness to the text that it becomes unrecognizable.
After these processes have taken place, only the unique key used to encrypt the original text can be used to decrypt it.
Why is cryptography important?
Privacy has always been important to human beings. But with more communications than ever happening online, finding ways to keep digital exchanges private is essential.
How could you make a purchase online, send a message on WhatsApp or access your internet banking if there was a possibility you were being monitored?
And of course, the entire cryptocurrency industry is based on public and private key technology. This is what facilitates trustless transactions between users.
Here are a few reasons why cryptography is so important.
Privacy and confidentiality
An encrypted message carries the assurance that it can only be read by the intended recipient. Without the related key, nobody else can access the information.
For example, every time you enter data into a secure webpage, encryption ensures that third parties can’t intercept that data.
Cybersecurity
More or less any company that uses digital processes needs to secure its data against hackers. For example, encryption is used to shield companies from brute force and ransomware attacks.
Attribution and accountability
Once a message has been encrypted and sent, it carries the sender’s digital signature. This means the sender cannot deny it later on, or claim it to be fraudulent – it is attributed immutably to them.
Different types of cryptography
Under the banner of cryptography there are two main subcategories, each with a different approach to encryption keys.
Symmetric encryption
The first type is symmetric encryption, sometimes known as secret key encryption. This approach uses just one cipher key for both encrypting and decrypting messages between parties.
The key is shared securely by the parties in advance of the conversation, generally using the Diffie Hellman algorithmic key exchange method. This enables both sides to encrypt outgoing messages and decrypt incoming ones. The advantage of asymmetric encryption is that it doesn’t require excessive computing power, making it a good option for messaging apps like WhatsApp.
There are two types of cipher used in symmetric encryption:
Stream ciphers
Stream cipher models use their key to encrypt messages bit by bit. In other words, if the plaintext is 50 bits long, the final ciphertext will also be 50 bits long, with each individual bit encrypted by the key. RC4 and Salsa20 are both examples of stream ciphers.
Block ciphers
Conversely, block ciphers start by breaking the original plaintext into information “blocks” of a set size. The cipher then encrypts each full block of information. This type of encryption is slower than stream ciphers, but more secure because they can add greater levels of confusion and diffusion to the encrypted text. This makes it more complicated for an attacker to link the encrypted text back to the original plaintext. AES is a good example of encryption using the block ciphers method
Risks of symmetric encryption
But of course, it comes with some risk too.
By relying on one single key, secret key encryption has a single point of failure. If the key is stored insecurely, anyone who intercepts it can read the private exchange. They can also insert encrypted messages of their own into the conversation, undetected.
Key exchange protocol
In symmetric encryption, both parties have the secret key in advance. So ensuring the key is exchanged securely is incredibly important.
Researchers Diffie Hellman developed a protocol for key sharing in symmetric encryption. This algorithm ensures the key itself remains inaccessable to third parties, even as it’s being shared.
Asymmetric encryption
As the name suggests, asymmetric encryption (sometimes called public key encryption) is different on either side. The sender and receiver use two different keys for their respective parts of the transaction; one public, the other private.
The sender uses a public key to locate the receiver and direct the message to them. Meanwhile, the receiver uses a mathematically linked private key to decipher the message once it arrives.
In this system, the public key serves as the “address”, while the private key (held only by the receiver) serves as the key to the mailbox. This ensures anyone can send messages over an insecure network, and only the true recipient can read them. The asymmetric system uses the Rivest-Shamis-Adlemen (RSA) algorithm.
Is asymmetric encryption secure?
There is a security advantage to an asymmetric system, because it never requires an individual to share their private key. This minimises the risk of a third party being able to intercept the cipher.
Blockchain is a great demonstration of asymmetric encryption in action. Owners receive funds to their blockchain address via their public key. However, they can only access the funds via the private key, which they store securely in a crypto wallet.
This system enables value to be sent over an internet connection in complete security.
Hash functions explained
Hash functions are employed in cryptography as a stamp of assurance, garanteeing the integrity of transmitted data.
A hash function can be thought off as a digital signature. Each one is completely unique, and is the product of the data set it represents. If one single detail in the data set changes, so does the hash. However, the data set cannot be worked out from the hash.
So when a message and its hash are sent, the receiver can generate the hash for themselves to check the data hasn’t been tampered with. In this way, the has function can be used to check the integrity of received information.
What is cryptanalysis?
Cryptanalysis describes the analysis and decryption codes, ciphers and encrypted information without using the cipher key. The objective of cryptanalysis is to reveal the underlying plaintext of an encryption by applying advanced mathematics and coding knowledge.
Types of cryptographic risks
The security of cryptography relies on the security of the cryptographic keys being used.
Weak keys
A cryptographic key determines the relationship between the plaintext and the final ciphertext. The more remote the relationship – the more diffusion and confusion it contains – the more secure the encryption is. This is because it’s more difficult to calculate the original text from the ciphertext.
Insecure transfer of keys
Any time you move your key between different systems, the key itself needs to be encrypted, or split into shards. Exposing it would allow an attacker to access any data it had encrypted.
Insecurely stored keys
No matter what type of cryptography you’re using, a cryptographic key is what enables information to be encoded and decoded. Keeping this key private is therefore essential to the encryption.
An insecurely stored key enables third parties to access encrypted data. For example, an insecurely stored crypto private key would enable an attacker to access a blockchain address and the data stored there.
Your cryptographic key is a single point of failure, so storage needs to be completely secure.
How to manage the risks of cryptography
Since cryptography relies on keys, any organization using this technology needs to implement a failsafe key management system. This means utilizing a hardware security module (HSM). A HSM system generates cryptographic keys in a secure environment, and enables only authorized users to access them. This prevents any third party from accessing them, and compromising the security of the whole system.
Cryptography FAQs
What different types of cryptography are there?
The two main categories of cryptography are symmetric and asymmetric encryption. These are alternatively known as secret key and public key encryption.
What’s an example of cryptography in use?
Banking applications use AES and RSA encryption to convert transaction data into a scrambled format. This means even if the information is intercepted by a hacker, it will be unreadable.
What is cryptology?
Cryptography and cryptology are sometimes used interchangeably. Cryptology is the professional field in which cryptography principles are applied for research and development.
What is a cryptographer?
A cryptographer works in the professional field of cryptology. A cryptographer has advanced mathematical, engineering and computer coding knowledge. They apply these disciplines to create new cryptographic ciphers, and crack existing ones.
