Introduction to Cryptography

Foundations of Cryptography What Is Cryptography? Cryptography is the science and art of protecting information from unauthorized access while still allowing legitimate users to read and use it. The word itself comes from the Greek words "crypto" (hidden) and "graphia" (writing). At its core, cryptography transforms readable information into an unreadable form that can only be revealed with the correct secret information. Think of cryptography as a lock: without the right key, a locked box appears to contain meaningless gibberish. With the right key, the contents become perfectly clear. Key Concepts: Plaintext, Ciphertext, and Keys To understand how cryptography works, you need to know three fundamental concepts: Plaintext is the original, readable message that you want to protect. If you wrote an email saying "Hello Alice!", that message in its original form is plaintext. Ciphertext is what plaintext becomes after encryption—it appears to be random gibberish to anyone who doesn't know the secret. An encrypted version might look like "6E869570 08E03CE4". Without knowing how to decrypt it, this string is meaningless. A key is the secret information that makes encryption and decryption possible. It's like the physical key to a lock. Only someone with the correct key can transform ciphertext back into plaintext. The key might be a number, a string of characters, or some other form of data. How Cryptography Works Cryptographic systems use mathematical transformations to convert plaintext into ciphertext using a key, and later reverse that transformation to recover the original message. This two-way process is fundamental to all cryptography: Encryption takes plaintext + key → ciphertext Decryption takes ciphertext + key → plaintext The mathematical algorithms used for these transformations are called ciphers. A strong cipher makes it computationally infeasible to recover plaintext without the correct key, even if you can see the ciphertext. Security Goals of Cryptography Cryptography protects information in multiple ways. The four main security goals are: Confidentiality ensures that only authorized recipients can read a message. If you send an encrypted email, only the intended recipient—not eavesdroppers on the network—can read its contents. Integrity verifies that a message hasn't been altered during transmission or storage. If someone changes even one character of an encrypted message, integrity checks will detect this tampering. Authentication confirms the identity of who sent a message. With proper authentication, you can be certain that a message came from the person who claims to have sent it, not from an imposter. Non-repudiation prevents a sender from denying they created or sent a message. Once you've signed a digital document with your cryptographic key, you cannot credibly claim you didn't sign it. A strong cryptographic system addresses all four of these goals, though different techniques (encryption, hashing, digital signatures) handle different ones. Symmetric Key Cryptography The Basic Concept In symmetric key cryptography, the same secret key is used for both encryption and decryption. If Alice wants to send a secure message to Bob, both of them must somehow possess the identical secret key. Alice uses this key to encrypt her message, and Bob uses the same key to decrypt it. Symmetric encryption is like having two people with identical copies of the same physical key—both can lock and unlock the same box. The Caesar Shift: A Historic Example <extrainfo> The Caesar shift (also called Caesar cipher) is one of the oldest known encryption methods, allegedly used by Julius Caesar in ancient Rome. It works by replacing each letter with another letter a fixed number of positions down the alphabet. For example, with a shift of 3, the letter "A" becomes "D," "B" becomes "E," and so on. The message "HELLO" would become "KHOOR." While simple and easy to understand, the Caesar shift is not secure by modern standards because there are only 25 possible shifts, making it trivial to break by trying all possibilities. </extrainfo> Modern Symmetric Encryption: AES The Advanced Encryption Standard (AES) is the modern standard for symmetric encryption used worldwide. It processes data in fixed-size blocks and uses a shared secret key to encrypt and decrypt information. AES is approved by the U.S. National Security Agency and is widely used in government, military, and commercial applications. Performance and the Key Distribution Problem Symmetric encryption has a major advantage: it's extremely fast and efficient, making it ideal for encrypting large amounts of data. A single computer can encrypt gigabytes of information quickly using symmetric keys. However, symmetric cryptography has a critical weakness: the key distribution problem. Before Alice and Bob can securely communicate, they must somehow exchange their secret key without anyone else learning it. If they transmit the key over an insecure network, eavesdroppers might intercept it. If they meet in person to exchange the key, that's inconvenient and doesn't scale well for many users. This challenge—securely sharing secret keys—motivated the development of asymmetric cryptography. Asymmetric Key Cryptography The Breakthrough: Two Keys Instead of One Asymmetric key cryptography solves the key distribution problem by using not one secret key, but a pair of mathematically linked keys. These are: A public key that may be freely shared with anyone (it's public) A private key that is kept secret by its owner The mathematical relationship between them ensures that data encrypted with one key can only be decrypted with the other key in the pair. How Public Key Encryption Works Here's why this is revolutionary: Alice generates a public-private key pair. She shares her public key with everyone—it can be posted online, included in her email signature, or published in a directory. But she keeps her private key completely secret, known only to herself. Now, when Bob wants to send Alice a confidential message, he encrypts it using Alice's public key. This encrypted message can only be decrypted using Alice's private key. Even though Bob is using a public key available to everyone, only Alice can read the result. An eavesdropper who intercepts the ciphertext cannot decrypt it without Alice's private key. This elegantly solves the key distribution problem: there's no secret key to distribute! The public key can be shared openly. Common Asymmetric Algorithms Rivest-Shamir-Adleman (RSA) was one of the first public-key encryption algorithms and remains widely used. It's based on the mathematical difficulty of factoring very large numbers. Elliptic Curve Cryptosystem (ECC) is a more modern approach that provides equivalent security with smaller key sizes, making it more efficient for many applications. Digital Signatures: Authentication and Non-Repudiation Asymmetric cryptography enables digital signatures, which provide both authentication and non-repudiation. Here's how they work: Alice creates a digital signature by applying a mathematical operation using her private key to a message. This creates a signature that proves Alice created or approved that message. Anyone can verify this signature using Alice's public key. If the verification succeeds, it proves that: The message came from Alice (authentication) Alice cannot deny having created it (non-repudiation) The message hasn't been altered This is much more powerful than a handwritten signature—the mathematics makes forgery essentially impossible. Cryptographic Hash Functions What Is a Hash Function? A cryptographic hash function is an algorithm that takes any amount of input data and produces a fixed-size output called a hash or fingerprint. Think of it like a fingerprint for data: just as each person has a unique fingerprint, each unique message produces a unique hash. Hash functions have a crucial property: they are one-way functions. It's easy to compute the hash of a message, but it's computationally infeasible to reverse the process—that is, to find a message that produces a given hash. You cannot recover the original message from its hash. Why Fixed-Size Output Matters Regardless of whether you hash a single character or an entire movie file, the output size is always identical. For example, SHA-256 (Secure Hash Algorithm 256-bit) always produces a 256-bit (32-byte) output, no matter the input size. This consistency is useful for security protocols and makes hashes easy to store and compare. Using Hashes to Verify Integrity Hash functions protect integrity. Here's the process: Alice hashes her original message, producing a hash value Alice sends both the message and its hash to Bob Bob receives the message and independently computes its hash If Bob's computed hash matches the hash Alice sent, the message hasn't been altered If the hashes don't match, Bob knows the message was tampered with Even a single-bit change in the message produces a completely different hash, so this method reliably detects any tampering. Common Hash Functions SHA-256 is the most widely used cryptographic hash function today. It's used in blockchain technology, digital signatures, password storage, and countless security protocols. Its 256-bit output (64 hexadecimal characters) provides strong security. <extrainfo> Other hash functions in the SHA family include SHA-1 (now considered weak), SHA-384, and SHA-512. There are also other hash families like MD5 (deprecated due to security vulnerabilities) and BLAKE2. </extrainfo> Hashes as Building Blocks Hash functions are fundamental components in more complex cryptographic systems. They're used in: Digital signatures: Hash the message, then sign the hash (faster than signing the entire message) Key derivation: Generate cryptographic keys from passwords Blockchain: Link blocks together using hashes Password storage: Hash passwords instead of storing them in plain text Real-World Applications of Cryptography Cryptography isn't just theoretical—it protects your data every day. Secure Web Browsing (HTTPS) When you visit a website using HTTPS (Secure HyperText Transfer Protocol), your browser and the server use cryptographic techniques to: Authenticate that you're talking to the real website, not an imposter Encrypt all data exchanged so eavesdroppers can't read your information Ensure data integrity so you know it hasn't been altered HTTPS uses a combination of asymmetric cryptography (for secure key exchange) and symmetric cryptography (for fast encryption of large amounts of data). Email Encryption Email encryption uses cryptographic algorithms to ensure that only the intended recipient can read an email's contents. The sender encrypts the message with the recipient's public key, and only the recipient—with their private key—can decrypt and read it. Virtual Private Networks (VPN) A Virtual Private Network (VPN) creates an encrypted tunnel for your internet traffic as it travels across public networks like the internet. All data passing through this tunnel is encrypted, protecting it from eavesdropping by ISPs, network administrators, or anyone else monitoring the network. Other Applications <extrainfo> Cryptography also protects: Secure file storage: Files encrypted on disk so they're unreadable if the device is stolen Authentication tokens: Digital credentials that prove your identity Secure messaging applications: End-to-end encrypted chat and messaging Cryptocurrency and blockchain: Hash functions and digital signatures secure transactions Secure remote access: SSH and other protocols for secure server access </extrainfo> Summary Cryptography provides the mathematical foundation for digital security. It transforms readable data into ciphertext using keys, ensuring confidentiality, integrity, authentication, and non-repudiation. Symmetric encryption is fast but requires shared secrets; asymmetric encryption solves the key distribution problem with public-private key pairs. Hash functions provide one-way fingerprints for data verification. Together, these techniques protect everything from web browsing to email to financial transactions in the modern digital world.