Cryptography and Network Security in a Nutshell: Part 01

by Shaikat Majumder

This article will probably be one of the best and most concise pieces for you to understand the cryptography and cryptology field properly. Cryptography is the most interesting thing in security and computer science provided you have an eye for mathematical details and algorithms that make mathematics the foundational pillar of their workings.

What is Cryptography?

Let me tell you a story. In ancient times when messages needed to be passed from one kingdom to another. When the message carrier used to travel between the kingdoms, due to having a confidential message in their custody, the carrier used to be attacked by intruders who wanted to intercept and read the contents of the message. In such a situation, sending the message successfully from one side to another was very difficult. So people came up with a solution to this problem. The idea was to shave off the head of the messenger and write the message on the scalp. Later on, once the hair grew back on the head of the messenger, essentially covering the message, the messenger was sent to travel to the other kingdom where the message was to be delivered. If the messenger was intercepted and captured by intruders then they would not be able to find the message that is covered by the messenger’s hair. This is an excellent example of cryptography, a way to hide our sensitive information from unwanted parties.

Problems with the Ancient Techniques:

Several of these types of techniques were invented throughout human history in order to keep our data safe. However, throughout ancient times, it has been noticed that these techniques fell short in some key areas, namely:

1. It took a long time to hide the data, the techniques were slow
2. The processes for hiding the data were cumbersome,
3. It was not automatic, every time the data needed to be hidden manually
4. Security was not high, there were several weaknesses in these techniques,

The First Cryptographic Machine

As times advanced, we need our cryptographic mechanisms to be fast, more efficient, and more secure than previously possible. One such excellent example was the invention of the enigma machine invented by the German side in the world war. This is what the machine looks like:

Enigma Machine; Picture taken from The Alan Turing Institute

This machine was used to hide the coordinates of the attack so that the ally forces could not send armies to prevent the attacks. The attack coordinates used to be encrypted( the process of hiding the data) and the message was decrypted (unhiding the data) on the other side. This was an electro-mechanical rotor machine using a polyalphabetic substitution cipher. Don’t worry about going into absolute in depth of understanding them for the time being.

Bletchley Park Bombe; Picture taken from Wikipedia

As a response to the enigma, Alan Turing’s team invented the Bombe, the machine that could decrypt the enigma-encrypted messages. Hence it was a fight between one machine and another. Enigma was responsible for encrypting the messages(hiding the messages) while the Bombe was responsible for revealing them. By this time mathematics was already involved in cryptographic processes and it was well known that mathematics will be a crucial factor in the world of cryptography and data security eventually. Cryptography was all that stood between hackers and malice getting unwanted access to our information and making harm to us.

Fast forward, the computer was invented and so was the internet. There was a need to hide the information on the internet and hence newer algorithms came in place for hiding the information. The mechanism was simple, data would be hidden using a secret piece of information known as the key which only the sender and the receiver would know. Hence only these two parties will be able to hide and read the data respectively and prevent unwanted parties from seeing it. Below is a summary of the process.

Symmetric Key Cryptography; Image from Geekflare website

The data is the plaintext. The hidden format of the data is called cyphertext or encrypted text. The process that converts the plaintext to cyphertext is called Encryption, the key is the Encryption Key which is a Secret Key. The same secret key is used to unhide the message once it reaches the receiving side and this process is called Decryption. Since the key for both the processes of encryption and decryption is the same hence it is called private key cryptography or symmetric key cryptography.

Much of the field of cryptography that you will read will be involved with the fundamental processes of encryption and decryption alongside the use of keys. From a fundamental point of view, ideally, we would want only the key to be kept secret from the hacker and the hacker not being able to hack the system even if the algorithm and cyphertext are known by him/her. This is known as Kerckhoff’s Principle which is the following:

taken from: https://cybersophia.net/articles/what-is/what-is-kerckhoffs-principle/

This is somewhat the basics of all modern cryptographic mechanisms and algorithms. The principles take into account security at the heart of the design and also the computational ease in consideration. The principles also dictate that the system need not be the most secret component as that function is served by the key.

The system must not be required to be secret, and it must be able to fall into the hands of an enemy without inconvenience.

- Auguste Kerckhoffs

One ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.

- Claude Shannon

We will slowly try to see how these cryptographic systems are built or developed mathematically. However, let us see another type of cryptographic system that uses multiple keys instead of 1 as in the case of private key or symmetric key cryptography.

This new type of cryptographic system is called Asymmetric Key Cryptography or Public Key Cryptography. Let’s look into the diagram to understand it at a single glance.

Image taken from : https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.rapidsslonline.com%2Fssl%2Fdifference-between-public-and-private-key%2F&psig=AOvVaw3mcMjYIRHGOQOS6g6Qcf5m&ust=1691222209518000&source=images&cd=vfe&opi=89978449&ved=0CBEQjRxqFwoTCKC1k-rDwoADFQAAAAAdAAAAABAR

The Encryption and Decryption process here is done via 2 different keys. The encrypting key is not the same as the decryption key. As a simplification:

if in the Symmetric Key Cryptographic System:

Encrypting Key == Decrypting Key, then,

in the Asymmetric Key Cryptographic System:

Encrypting Key != Decrypting Key

Another really crucial difference between Symmetric and Asymmetric is that in symmetric key cryptography there is only a single key in the whole system while in symmetric key cryptosystem, there are 2*n keys, where n means the number of parties in the system. This means that if there are 5 parties in the system then there will be a public and a private key for each party in the system. Therefore there will be a total of 5*2 = 10 keys in the system that are unique. This is shown in the diagram below.

Image by Author

Please read Part 02 for further information where we will look into more details and algorithms.