5 Cryptography Concepts You Should Know

Even though not everyone must be a cyber-security expert, everyone should know at least these 5 concepts.

Photo by FLY:D on Unsplash

Introduction

Cryptography is used to convert an input (plaintext) into an encrypted output (ciphertext). Therefore different algorithms are used that transform the input into the output, most of the times using keys, which are needed to encrypt and decrypt the values. A key in cryptography is a character sequence that is used by algorithms. The ciphertext can then be used to securely store and transmit data around the world in a way that only the sender and the receiver are able to decrypt and read the plaintext.

Encryption is broken down into three distinct methods:

• Symmetric Encryption
• Asymmetric Encryption
• Hashing

Symmetric Encryption

Caesar cipher

Encryption and decryption of the word FILM:

Caesar cipher example

The main-advantages of symmetric encryption is the speed. In use-cases where the speed is important (VPN, data-streaming, …) mostly symmetric encryption is used. Therefore 2 algorithms are mainly used nowadays:

• AES
• DES

Symmetric Encryption

Key Exchange

The concept of symmetric encrypt has one main problem that had to be solved to be used like it is used nowadays: How to get the key of the counterpart?

Diffie Hellman

In 1976 the first solution for this problem was offered by an algorithm named after Whitfield Diffie and Martin Hellmann and is called Diffie Hellmann. The result of Diffie Hellmann is a key that is the same for both members of the communication without the need of a pre-shared key or any secret. The steps for this process are:

1. Agreement of public values
2. Selection of a personal secret value
3. Exchange of a value that is calculated from the public value and the secret value
4. Calculation of they key from the value from step 3 and the own secret value results in a common value for both members of the communication

This process is visualized in the following illustration with colors instead of numbers to be easier understandable:

Diffie Hellman key exchange

Hybrid Systems

Hybrid systems are cryptography systems the use both symmetric and asymmetric encryption. Mostly the asymmetric encryption systems is used to agree on a key that is then used for the symmetric system as it is much faster.

Asymmetric Encryption

In asymmetric encryption a key-pair is needed to do the encryption and the decryption. The key-pair consists of a public key and a private key. The public key is used to encrypt the data, which can then only be decrypted with the private key. The public key can be shared publicly, but the private key must be kept secret in order to have a secure cryptography system. The transmission-process consists of the following steps:

1. The receiver shares his public key
2. The Sender encrypts the data with the public key
3. The ciphertext is transmitted to the receiver
4. The receiver decrypts the ciphertext with the private key

The advantage of this system is, that the public key can be shared without any security measures and without a key-exchange system. The disadvantage is the speed of asymmetric encryption. The most common asymmetric algorithms are:

• RSA
• ECC

Hashing

Hashing-algorithms are used to generate unique and fixed-length strings, called hashes. Requirements for hashing-algorithms are the following ones:

• Fixed-Length-Output: the length of the output is always the same
• One-Way-Function: it is easy to calculate the hash from the input but not to invert the calculation
• Collision resistance: it should not be easy to find two inputs that generate the same output

The most spread hashing-algorithms nowadays:

• Secure Hash Algorithm 2 (SHA-2)
• Secure Hash Algorithm 3 (SHA-3)
• Message-Digest Algorithm 5 (MD5) →should not be used any more
• bcrypt (mainly for password-hashing)

Examples for hash-values for the input Foo:

• SHA-3:

195e5c2ddf90d08e0c12357a75fd11180c85b989a9d3b6bc3327aa23a98f278a

• bcrypt:

$2a$12$.LJ6zlZXAZ2iRIyzRMcvpeQsPJ6pJ0/zb0daxnhxeGXNqN4KmJ9ny

• MD5:

1356c67d7ad1638d816bfb822dd2c25d

Digital Signature

Digital signatures are a use-case of different cryptography concepts and are used to verify the authenticity of data and documents. Therefore asymmetric cryptography and hashing-functions are used. The steps of the signing process are the following ones:

1. Calculation of the hash-value of the document that should be signed
2. Encryption of the hash with the private key of a asymmetric crypto-system
3. Creation of the signed document which consists of the document and the encrypted hash

This process is visualized in the following illustration:

Signing process

To verify a signed document, the following steps have to be done:

1. Decryption of the hash that was attached to the file with the public key
2. Calculation of the hash of the document
3. Comparison of the hash that was transmitted and decrypted and the hash value that was calculated from the delivered document

A signature is valid, if these two values match, else the signature is invalid.

Signature validation process