Cryptography

Cryptography is the practice and study of hiding information. Modern cryptography intersects the disciplines
of mathematics, computer science, and engineering. The most general term is cryptology and not
cryptography.

Cryptology

Cryptography Cryptanalysis

Symmetric Ciphers Asymmetric Ciphers Protocols

Figure 1: Overview of fields of Cryptology

Cryptology splits into two main branches:

Cryptography is the science of secret writing with the goal of hiding the meaning of a message.
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to
the secret information that is normally required to do so. Typically, this involves knowing how the system
works and finding a secret key. In non-technical language, this is the practice of code-breaking or cracking the
code. Cryptanalysis is the study of taking encrypted data, and trying to decrypt it without use of the key. The
other side of cryptography, cryptanalysis is used to break codes by finding weaknesses within it.
Cryptology prior to the modern age was almost synonymous with encryption, the conversion of information
from a readable state to nonsense. The sender retained the ability to decrypt the information and therefore
avoid unwanted persons being able to read it.

Classic cryptography
The earliest forms of secret writing required little more than local pen and paper analogs, as most people
could not read. More literacy, or literate opponents, required actual cryptography. The main classical cipher
types are transposition ciphers, which rearrange the order of letters in a message (e.g., 'hello world' becomes
'ehlol owrdl' in a trivially simple rearrangement scheme), and substitution ciphers, which systematically
replace letters or groups of letters with other letters or groups of letters. Cipher-texts produced by a classical
cipher (and some modern ciphers) always reveal statistical information about the plaintext, which can often
be used to break them. After the discovery of frequency analysis perhaps by the Arab
mathematician and polymath, Al-Kindi (also known as Alkindus), in the 9th century, nearly all such ciphers
became more or less readily breakable by any informed attacker. Such classical ciphers still enjoy popularity
today, though mostly as puzzles.

Modern cryptography
Modern cryptography is a remarkable discipline. It is a cornerstone of computer and communications security,
with end products that are imminently practical. The modern field of cryptography can be divided into several
areas of study: symmetric cryptography and asymmetric cryptography.

Symmetric Cryptography
Symmetric Algorithms are what many people assume cryptography is about: two parties have an encryption
and decryption method for which they share a secret key. All cryptography from ancient times until 1976 was
exclusively based on symmetric methods. Symmetric ciphers are still in widespread use, especially for data
encryption and integrity check of messages.
Symmetric cryptographic schemes are also referred to as symmetric-key, secret-key, and single-key schemes or
algorithms. Symmetric cryptography is best introduced with an easy to understand problem: There are two
users, Alice and Bob, who want to communicate over an insecure channel (Figure 2). The term channel might
sound a bit abstract but it is just a general term for the communication link: This can be the Internet, a stretch
of air in the case of mobile phones or wireless LAN communication, or any other communication media you
can think of. The actual problem starts with the bad guy, Oscar, who has access to the channel, for instance,
by hacking into an Internet router or by listening to the radio signals of a Wi-Fi communication. This type of
unauthorized listening is called eavesdropping. Obviously, this situation can be more problematic for Alice and
Bob if instead of simple communication they are exchanging some important document of business.

Oscar
(Bad)

Alice X Insecure channel X Bob

(good) (e.g. internet) (good)

Figure 2: Communication over insecure channel

In this situation, symmetric cryptography offers a powerful solution: Alice encrypts her message x using a
symmetric algorithm, yielding the ciphertext y. Bob receives the ciphertext and decrypts the message.
Decryption is, thus, the inverse process of encryption (Figure 3).What is the advantage? If we have a strong
encryption algorithm, the ciphertext will look like random bits to Oscar and will contain no information
whatsoever that is useful to him.
 Oscar
(Bad)

Alice X encryption Y Insecure channel Y decryption X Bob

(good) e() (e.g. internet) e() (good)

K K

Secure Channel

Figure 3: Symmetric-Key Cryptosystem

The variables x, y and k in Figure 3 are important in cryptography and have special names:
• x is called plaintext or clear-text,
• y is called ciphertext,
• k is called the key,
• the set of all possible keys is called the key space.
The system needs a secure channel for distribution of the key between Alice and Bob. The secure channel
shown in Figure 3 can, for instance, be a human who is transporting the key in a wallet between Alice and Bob.
This is, of course, a somewhat cumbersome method. An example where this method works nicely is the pre-
shared keys used in Wi-Fi Protected Access (WPA) encryption in wireless LANs.
Types of symmetric-key algorithms

Symmetric-key algorithms can be divided into stream ciphers and block ciphers. Stream ciphers encrypt the
bits of the message one at a time, and block ciphers take a number of bits and encrypt them as a single unit.
Blocks of 64 bits have been commonly used. The Advanced Encryption Standard (AES) algorithm approved
by NrIST in December 2001 uses 128-bit blocks. Some examples of popular and well-respected symmetric
algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

Asymmetric (or Public-Key) Algorithms

In 1976 an entirely different type of cipher was introduced by Whitfield Diffie, Martin Hellman and Ralph
Merkle. In public-key cryptography, a user possesses a secret key as in symmetric cryptography but also a
public key. Asymmetric algorithms can be used for applications such as digital signatures and key
establishment, and also for classical data encryption.
Unlike symmetric key algorithms, it does not require a secure initial exchange of one or more secret keys to
both sender and receiver. The asymmetric key algorithms are used to create a mathematically related key
pair: a secret private key, this key must be known only by its owner; and a published public key, this key is
known to everyone (it is public). What one key encrypts, the other one decrypts, and vice versa. That means that if
you encrypt something with my public key (which you would know, because it's public :-), I would need my private key
to decrypt the message.
Use of these keys allows protection of the authenticity of a message by creating a digital signature of a
message using the private key, which can be verified using the public key. It also allows protection of
the confidentiality and integrity of a message, by public key encryption, encrypting the message using the
public key, which can only be decrypted using the private key.

Figure 4: Public-key Cryptography.

The two main branches of public key cryptography are:

Public key encryption: a message encrypted with a recipient's public key cannot be decrypted by anyone
except a possessor of the matching private key—presumably, this will be the owner of that key and the
person associated with the public key used. This is used for confidentiality.

Digital signatures: A message signed with a sender's private key can be verified by anyone who has access
to the sender's public key, thereby proving that the sender had access to the private key (and therefore is
likely to be the person associated with the public key used), and the part of the message that has not been
tampered with.
A central problem for use of public-key cryptography is confidence (ideally proof) that a public key is correct,
belongs to the person or entity claimed (i.e., is 'authentic'), and has not been tampered with or replaced by a
malicious third party. The usual approach to this problem is to use a public-key infrastructure (PKI), in which
one or more third parties, known as certificate authorities, certify ownership of key pairs.

Digital Signature
A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.)
is authentic. Authentic means that you know who created the document and you know that it has not been
altered in any way since that person created it. Digital signatures employ a type of asymmetric cryptography.
For messages sent through an insecure channel, a properly implemented digital signature gives the receiver
reason to believe the message was sent by the claimed sender.

A digital signature scheme typically consists of three algorithms:

A key generation algorithm that selects a private key uniformly at random from a set of possible private keys.
The algorithm outputs the private key and a corresponding public key.

A signing algorithm that, given a message and a private key, produces a signature (or a digest).

A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects
the message's claim to authenticity.
The digital signature for a message is generated in two steps:
1. A message digest is generated. A message digest is a 'summary' of the message we are going to
transmit, and has two important properties: (1) It is always smaller than the message itself and (2)
Even the slightest change in the message produces a different digest. The message digest is generated
using a set of hashing algorithms.
2. The message digest is encrypted using the sender's private key. The resulting encrypted message digest
is the digital signature.
The digital signature is attached to the message, and sent to the receiver. The receiver then does the
following:
1. Using the sender's public key, decrypts the digital signature to obtain the message digest generated by
the sender.
2. Uses the same message digest algorithm used by the sender to generate a message digest of the
received message.
3. Compares both message digests (the one sent by the sender as a digital signature, and the one
generated by the receiver). If they are not exactly the same, the message has been tampered with by a
third party.
Figure 5: How a simple digital signature
gnature is applied and then verified.

The Digital Signature Standard (DSS) is based on a type of public key encryption method that uses the Digital
Signature Algorithm (DSA).. DSS is the format for digital signatures that has been endorsed by the US
government. The DSA algorithm consists of a private key that only the originator of the document (signer)
knows and a public key.