A cryptographic primitive is a low-level algorithm used to build cryptographic protocols for a security system. It’s used by cryptographic designers as their most basic building blocks. These building blocks are a part of a cryptosystem, which is a suite of cryptographic algorithms needed to implement a particular security service, such as encryption functions or one-way hash functions.
Because these primitives are building blocks, they are designed to do one precisely-defined and highly-reliable task. Creating and testing a primitive to be reliable takes a long time and is very hard, so designing a new cryptographic primitive to suit the needs of a new cryptographic system is very rare. In this way, cryptographic primitives are similar to programming languages. It’s rare that a programmer will invent a new programming language while writing a new program. Instead, they will use an existing language, just as a cryptographic designer will use an existing primitive to avoid the time-consuming and error-prone work of creating a new primitive.
Common cryptographic primitives
- One-way hash function: A mathematical function that takes a variable-length input string and converts it into a fixed-length binary sequence.
- Symmetric key cryptography: An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message.
- Public-key cryptography: Also known as asymmetric cryptography, a system that uses a pair of keys a public key and private key. Any person can encrypt a message using the receiver’s public key, but the encrypted message can only be decrypted with the receiver’s private key.
- Mix network: A routing protocol that creates hard-to-trace communications. A chain of proxy servers encrypted using public-key cryptography are used to take in messages from multiple senders, shuffle them, then send them back in random order to the next destination.
- Private information retrieval: A protocol that allows a client to retrieve database information without the owner of the database knowing what specific information was retrieved.