Intro into cryptography
Some of the first accounts of the use of cryptography date back to the 1st century AD in the Roman Empire. Julius Caesar had encrypted his messages to his generals using the now named Ceasar Cipher. Caesar didn’t trust his messengers, so he would shift up each of the characters in the message by three letters — A became D, B became E, etc. And so, it begins.
For as long as we have been sending messages, we have tried to keep them secure from prying eyes. Cryptography offers a necessary means of protection when communicating over any untrusted medium, which in today’s world is the internet in most cases. So, it’s no surprise that new forms of cryptography arose with the advent of computer communications.
The internet provides essential communications between billions of people and is a tool for many applications, like e-commerce, social networking and the exchange of personal information, making security a critical issue for every user to consider.
Basic concepts
There are four primary functions of cryptography:
- Privacy: To ensure that the message can only be read by the intended recipient.
- Authentication: To verify a user’s identity.
- Data Integrity: To check that the message has not been altered after being sent by the sender.
- Non-repudiation: To prove that the sender did actually send the message received.
In order to understand these functions, we need to familiarise ourselves with some of the terminology before moving forward.
When we work with unencrypted data, it is referred to as plaintext. Once the plaintext is encrypted, it becomes ciphertext, which is usually decrypted back into plaintext.
Then, there’s the different types of cryptography that I will cover in this article:
- Symmetric encryption
- Asymmetric encryption
- Key exchange
Let’s get into it!
Symmetric encryption
This type of encryption refers to when a shared key and a common standard are used. What’s important is that the standard being used on both ends are the same. It won’t help having the key if the data is malformed for your standard. The key is agreed upon before the encryption takes place.
The most common symmetric encryption standard is AES (Advanced Encryption Standard). It is so widely used that there is a CPU instruction set just for it. Therefore, it makes the encryption and decryption process much faster than other standards. I’m not going to go into detail about how the inner workings of AES function, but feel free to read the AES article on Wikipedia linked above.
Encryption and decryption are a straightforward process; the sender encrypts the plaintext with the agreed-upon key. This generates the ciphertext that is then sent to the receiver. The receiver then decrypts the ciphertext to produce the plaintext. This process is shown below:
Asymmetric encryption
Unlike symmetric encryption, asymmetric encryption encrypts and decrypts data using two separate yet mathematically connected keys. These keys are generated using large prime numbers or points on a curve. (There is quite a bit of mathematics behind it, which I won’t get into here.) The two keys being generated are referred to as public and private key pair; the name gives it away, but basically, the one key is the private key and the other the public key. The private key is strict — as the title says, private — and should never be shared.
The primary benefit of asymmetric encryption is that it allows people who have no pre-existing security arrangement to exchange messages securely. The need for sender and receiver to share secret keys via some secure channel is eliminated; all communications involve only public keys, and no private key is ever transmitted or shared.
It works as follows: Let’s assume we have two parties, Alice and Bob. Alice would like to send Bob a secure message. So, Alice and Bob exchange public keys. Alice now has Bob’s public key, and vice versa. Alice uses Bob’s public key to encrypt the plaintext she wants to send. She then sends the ciphertext to Bob, who can then use his private key to decrypt the ciphertext and retrieve the plaintext.
It is important to note that, even though Alice encrypted the plaintext with Bob’s public key, only Bob can decrypt it. Anyone else can view the ciphertext being sent, but they will be unable to decrypt it without his private key. Similarly, Bob can do the same with Alice’s public key, and only she will be able to decrypt it.
Here is a graphic that outlines what happens:
Key exchange
So, now that we have looked at the two most prevalent encryption methodologies, we get to one of the trickier aspects of cryptography, and that is the key exchange, namely Diffie–Hellman key exchange. It allows the two parties to communicate over a potentially dangerous connection and still come up with a shared secret that they can use to make encryption keys for their future communications. It is quite effective if one wants to use symmetric encryption without a way to share keys securely.
This uses a lot of math and some extremely large numbers, so the example below will describe it as simply as possible:
I trust that this brought some clarity on the basics of cryptography and encryption.
Images from:
