• Articles
• Tutorials
• Interview Questions

# What is Cryptography?

The idea of cryptography is not new to mankind, even the greatest of the great battles have been won because of how secretly the messages were passed during the wars. One such great example is the Turing machine, and how cryptic the messages were during the world war 2 era that helped Britain during the time. It is safe to say that – cryptography is the foundation of security. In the modern times, with the increasing frequency of data breaches, it has become even more critical. In this blog, we will take a fresh look at what cryptography is and how digital signatures can be used in cryptography to protect personal data.

With increasing concern about data privacy, consumer safety is at an all-time high risk. Technology has made our lives easier, but it is essential to learn how to protect our data and stay up-to-date with emerging technologies.

Before We Begin, We have curated a few Fundamental concepts in cryptography for better understanding the blog while reading, let’s take a look these fundamental concepts:

Before going any further, have a look at this video, in which our Cybersecurity specialists go over every detail of the technology.

## What is Cryptography?

The term “cryptography,” derived from “crypt” meaning “hidden” and “graphy” meaning “writing,” is the study of encrypting and decrypting data to prevent unauthorized access to the data. Codes are used to protect the information so that only the intended people can access it and communicate.

In cryptography, a plaintext message is converted to ciphertext using a combination of numerical computations that appear incomprehensible to the untrained eye. Techniques like mathematical concepts and algorithms are used to make the transferred data difficult for others to decode. In other words, these cryptography algorithms help generate cryptographic keys, which can encrypt or decrypt a message. These keys can also be used for digital signing or for authentication purposes.
Cryptography mainly involves two processes: encryption and decryption. The process flow of encryption and decryption is depicted in the diagram below:

Have a look at this Best Cyber Security course and sign up today!

## History of Cryptography

The history of cryptography finds its roots in Egypt around 4000 years ago. The Egyptians used hieroglyphics, the oldest cryptography technique, to communicate with each other. Later, in 500 BC, the technique was modified by replacing the characters with alphabets based on some secret rule known to only a few. This rule came to be known as the key to deciphering hidden codes or messages.

Later, in the 16th century, more sophisticated techniques, such as the Vigenere cipher and coding machines like the Enigma rotor machine, appeared. Years later, cryptography was born!

## How Does Cryptography Work?

Cryptography works by scrambling plain text or data into indecipherable cipher text that only authorized parties can decipher back into readable form with decryption keys. Let’s have a look at the normal steps involved in cryptography:

Step 1: The first step involves selecting an encryption algorithm like AES or RSA.

Step 2: Using these algorithms, transform readable data into an unreadable format of bit sequences (cipher text).

Step 3: In the last step, using decryption keys, convert the cipher text back into the original plain text format.

The mathematical foundations of encryption, keys and algorithms, are what empower cryptography to provide data security. Key access control will only allow intended recipients to decrypt the information. Only those with the decryption key can decipher the ciphertext. In this way, cryptography prevents transmission of sensitive information falling into wrong hands.

## Example of Cryptography

Let’s look at an instance of cryptography to see what it is:

Samuel wishes to communicate with his colleague Yary, who is currently residing in another country. The message contains trade secrets that should not be accessed or seen by any third party. He sends the message via a public platform such as Skype or WhatsApp. The foremost aim is to create a secure connection.

Assume Evy, a hacker, has obtained access to the message. Evy can now change or corrupt the message before it reaches Yary. Evy alters the message that Yary receives. Neither Samuel nor Yary are aware of the underground work. The outcomes are dreadful.

Cryptography can save you in this dreadful situation. It can help you with the security of the connection between Samuel and Yary.

Let us find out how cryptography can aid in the security of messages between them.

Samuel first converts a readable message, or plain text, into a series of digits using various cryptographic algorithms. He then encrypts the message with a key. Samuel uses the internet to send an encrypted message to Yary.

Now, even if Evy intercepts and attempts to modify the message, it would be in the form of encrypted ciphertext. Without the proper decryption key, Evy cannot convert the message back to its original plain text form. In essence, Samuel’s use of encryption acts as a protective layer.If, hypothetically, Evy alters the ciphertext, the decryption process at Yary’s end would yield an error instead of the original plain text. This error serves as an indication that the message has been tampered with, ensuring the integrity and security of the communication. This proves that encryption is critical for secure communication.

## Types of Cryptography

Cryptography is classified into three categories based on the types of keys and encryption algorithms:

1. Symmetric Key Cryptography (Secret Key)
2. Asymmetric Key Cryptography (Public Key)
3. Hash Functions

### Symmetric Key Cryptography (Secret Key)

Also known as Secret Key Cryptography, private key encryption is where the same key is used by both the sender and the recipient, ensuring secure communication. In this mechanism, the shared key is used to encode the plaintext into ciphertext during transmission. This ciphertext can only be deciphered by the recipient who has the matching key.

For instance, Ankit sends a message to Poorva that he does not want anyone else to see. He’d like to encrypt his message, and he will encrypt the message using a key that they both will share. The same key will be used for encrypting and decrypting.

Here’s how it works: First, Ankit encrypts his signal with his key. His message has now been encrypted and scrambled. It can’t be read by anyone. When Poorva receives the encrypted message, she decrypts it with the same key so she can read it in plaintext.

Enroll in our Cyber Security course in Bangalore and get certified.

### Asymmetric Key Cryptography (Public Key)

Asymmetric key cryptography, also known as public-key cryptography, is an approach in which all individuals possess a key that is openly shared and a private key that remains confidential. The public key is employed to secure or encode information, while the private key, exclusively held by the individual, is required to unlock or decode it. Hence, anyone can transmit encoded messages to you using the public key. Only you possess the ability to decrypt and comprehend them using your private key.

For example, Bob wants to send an encrypted message to Alice, and they agree to encrypt the message using public-key encryption. Bob (the sender) initiates public key encryption to encrypt his message. Everyone has access to the public key. However, Alice (the receiver) is the only one who has access to the private key. Now, using this private key, she can decrypt the message and read it.

The following steps are implemented in the process:

• Step 1: Alice generates two keys: one public and one private. Alice stores the public key on a public key server that anyone can access.
• Step 2: Alice informs Bob of the location of her public key.
• Step 3: Bob obtains Alice’s public key by following Alice’s instructions.
• Step 4: Bob composes a message and encrypts it with Alice’s public key. Bob sends Alice the encrypted message via the network.
• Step 5: Alice decrypts Bob’s message using her private key.

Although Alice’s private key can confirm that no one read or changed the document while it was in transit, it cannot confirm the sender. Because Alice’s public key is available to the public, anyone can use the public key to encrypt  their document and send it to Alice while posing as Bob. The digital signature is another technique that is required to prove the sender.

### Hash Functions

Cryptographic hash functions are formulas that process input data, like documents or messages, of any size. It generates a unique fixed-length string known as a hash value. These one-way encryption functions aim to prevent collisions (collision of two hash values), making it challenging to find two inputs that produce the same hash value. Hash functions play a role in ensuring information security by verifying data integrity, enabling signatures, and securely storing passwords through the creation of small yet reliable hash authenticators.

Get to know more about public keys and private keys through our detailed guide.

## Features of Cryptography

The key features that make cryptography a vital data security tool are the following:

### 1.Encryption Using Mathematical Algorithms

The core function of cryptography is encryption. It applies complex mathematical algorithms to scramble plain text into cipher text. Common algorithms used in cryptography include AES, RSA, and SHA. Powerful encryption protocols can effectively prevent unauthorized access.

### 2.Decryption Through Keys

While encryption turns readable data into indecipherable code, decryption reverses the process. Decryption requires the use of digital keys or passwords to unscramble cipher text. The ability to encrypt and decrypt data provides a closed information system that keeps data secure. Only holders of decryption keys can access and read encrypted data.

### 3.Verification of Identities

Digital signatures, certificates, and hashed functions are used in cryptography for identity and message verification. They allow participants to validate each other’s identities over networks and ensure information is from legitimate sources. These cryptographic features help prevent man-in-the-middle attacks and data interception.

### 4.Overall Security Using Cryptography

The blend of encryption, decryption, and verification techniques makes cryptography highly effective for overall security. It provides confidentiality of data, authenticity of identities, data integrity to reveal changes, and non-repudiation to prove events like transactions. Cryptography’s versatile features offer protection across cybersecurity domains.

The math-powered functionality central to cryptography is crucial for keeping sensitive information out of the wrong hands. Both the growing volume of digital data and cyber threats like hacking make cryptographic security essential in the modern world. Its key features will continue to advance to guard data transmission and storage.

Also read our blog on Quantum Cryptography that uses quantum mechanics principle to tranmit and encrypt data!

Get 100% Hike!

Master Most in Demand Skills Now !

## Techniques of Cryptography

With data breaches and hacking threats on the rise, cryptographic techniques have become vital for data protection. Some major techniques of cryptography are listed below:

### 1. Steganography

One of the oldest techniques of cryptography, steganography involves hiding secret information or messages with no confidential status files in order to avoid detection. Decades ago, steganography was not as sophisticated as it is now. Earlier, invisible ink, slight variations, etc., were used to hide messages. However, with the advent of technology, steganography has evolved into one of the most commonly used techniques in cryptography.

### 2. Symmetric-Key Encryption

Symmetric-key encryption uses identical or private keys to encrypt and decrypt data. A widely adopted symmetric algorithm is the Advanced Encryption Standard (AES), used by governments and companies globally. Symmetric techniques enable bulk data encryption at high speeds. However, key distribution can be challenging in symmetric cryptography.

### 3. Asymmetric Encryption

Unlike symmetric encryption, asymmetric cryptos utilize key pairs containing public and private keys for encryption and decryption, respectively. The most common asymmetric algorithm is RSA public-key encryption. It allows broader key distribution while enabling encryption of smaller data loads. However, asymmetric encryption is slower than symmetric techniques.

### 4. Hash Functions

Hashing converts data inputs like passwords into encrypted hash values or digests. Common hashing algorithms are SHA and MD5. Hashing enables secure data storage and integrity checks through fingerprinting data. If input data gets manipulated, the hash output changes, indicating a loss of integrity.

### 5. Digital Signatures

Digital signatures validate identities and ensure authenticity using public-key cryptography. Senders use their private key to digitally sign documents, which recipients can verify using the sender’s public key. This technique certifies document authenticity and prevents the repudiation of signed transactions.

### 6. Key Establishment Protocols

Protocols like Diffie-Hellman enable secure public key exchange over insecure networks. Communicating participants can securely establish shared keys through mathematical operations. This allows effective key management without prior key distribution for enabling cryptography processes like encryption across networks.

The robust mathematical foundations underlying these techniques provide modern cryptography with potent data protection capabilities. Advancements in quantum computing, however, necessitate migrating to quantum-proof cryptographic algorithms in the future.

## Cryptography Algorithms

Cryptography relies on advanced algorithms to secure sensitive information and communications. These mathematical formulas enable the encryption, decryption, signing, and verification processes that safeguard confidential data in transit and storage.

Here are 5 pivotal cryptographic algorithms powering security across sectors.

### 1. Advanced Encryption Standard (AES)

The AES algorithm is a symmetric block cipher standardized by National Institute of Standards and Technology (NIST) that uses shared keys for encrypting and decrypting data. Widely adopted by commercial and government organizations, AES allows secure bulk data encryption at high speeds using keys of 128, 192, or 256-bit strengths.

### 2. RSA (Rivest, Shamir, Adleman) Algorithm

RSA is an asymmetric cryptographic algorithm. The RSA algorithm works on a block cipher concept that converts plain text into ciphertext and vice versa on the receiver side. If the public key of User A is used for encryption, we have to use the private key of the same user for decryption.

• Step 1: Select two prime numbers, p and q, where p is not equal to q.
• Step 2: Calculate n = p*q and z = (p-1)*(q-1)
• Step 3: Choose a number (e) Such that e is less than n, which has no common factor (other than one) with z.
• Step 4: Find number (d) such that (ed-1) is exactly divisible by 2.
• Step 5: Keys are generated using n, d, and e.
• Step 6: Encryption
c = m pow(e) mod n
(where m is plain text, and c is ciphertext)
• Step 7: Decryption
m = c pow(d) mod n
• Step 8: The public key is shared, and the private key is hidden.

Note: (e, n) is the public key used for encryption. (d, n) is the private key used for decryption.

The RSA algorithm has the drawback of being quite inefficient in cases in which large volumes of data must be authenticated by the same virtual machine. A foreign entity must substantiate the dependability of authentication tokens. Data is routed through middlemen, who may corrupt the cryptosystem.

### 3. Secure Hash Algorithm (SHA)

SHA creates unique fixed-length digital fingerprints of input data called hashes. SHA variants like SHA-2 and SHA-3 are widely used for verifying data integrity and authenticity. The slightest change to input data significantly alters the hash output, signaling a loss of integrity.

### 4. Elliptic Curve Cryptography (ECC)

ECC algorithms use elliptic curve mathematical properties to create faster and smaller cryptographic keys. This makes ECC optimal for devices with limited processing capacities, like mobiles and smart cards. ECC is gaining traction in securing blockchain platforms and IoT networks that need lightweight security.

### 5. Quantum Cryptography

Quantum cryptographic algorithms like quantum key distribution leverage quantum physics properties to ensure secure keys. Uncrackable by classical computers, quantum cryptography promises longer security for protecting sensitive data, infrastructure, and national security information.

### 6. DES Algorithm in Cryptography

Data Encryption Standard (DES) is a symmetric cipher algorithm that uses the block cipher method for encryption and decryption. DES is a landmark in cryptographic algorithms. It works based on the Fiesta Cipher Structure, which implements permutation and substitution to convert plain text into cipher text. It not only just converts, it also re-orders the plain text elements in the cipher text.

DES operates on a plaintext block of 64 bits and returns ciphertext of the same size.

• Step 1: Sub-key Generation
• Step 2: Encryption

The robustness and innovation going into these algorithms are crucial for advancing cryptographic security overall. As computing evolves, newer concepts like post-quantum cryptography will likely upgrade future data protections.

Preparing for an Ethical Hacking job interview? Have a look at our blog on ethical hacking interview questions and start preparing!

## Types of Attacks in Cryptography

As cryptography techniques help secure sensitive data and communications, attackers constantly evolve strategies to crack cryptosystems. Understanding common cryptography attacks is key to improving defenses.

### 1. Ciphertext-Only Attacks

These attacks occur when hackers try to unlock secret messages they’ve grabbed. They keep guessing different combinations until they crack the code and reveal what’s inside. Strong encryption complexity safeguards against this.

### 2. Known-Plaintext Attacks

When attackers have matching plaintext and encrypted ciphertext samples, they analyze patterns to deduce encryption keys or algorithms. Random initialization vectors in ciphers resist such observations.

### 3. Chosen-Plaintext Attacks

This gives attackers the ability to choose arbitrary plaintexts to be encrypted for examining corresponding ciphertext outputs for clues to break systems. Padding plaintext variably before encryption counters this.

### 4. Chosen-Ciphertext Attacks

In these attacks, adversaries pick ciphertexts to be decrypted and have access to the resulting plaintexts. This can potentially uncover hidden relationships between plain and cipher flows.  Using robust public key infrastructure prevents this.

### 5. Side-Channel Attacks

By monitoring cryptosystem secondary outputs like computation time, power consumption, or electromagnetic leaks, attackers can infer secrets enabling ciphertext decoding. Randomizing encryption operations impedes side channels.

### 6. Passive Attack

In a passive attack, the intruder can only see the private data but can hardly make any changes to it or alter it. Passive attacks are more dangerous because the intruder only sees the message without altering it. Then no one will ever know that an attack is taking place, and their hidden messages will no longer be hidden.
Snooping: Also known as message content leakage, snooping is a nonaggressive attack where the intruder can only read a message. This jeopardizes the security goal of confidentiality.

### 7. Brute Force Attack

A brute force attack occurs when hackers use computers to feedback loop over each letter in a character set systematically. A character set can consist of letters, numbers, symbols, or anything else that the hackers may desire. In the most general terms, a brute force attack is a method of trial and error that attempts all possible password combinations. This method works well for short passwords, but it takes a long time to try all possible passwords.

### 8. Dictionary Attack

It is a quick and easy password attack. Hackers generate thousands of candidate digests and their pre-matched plaintext passwords using a dictionary attack. These candidate digits are compared to those in a stolen digest file by hackers. If a match is found, they are given the password. Although this method appears to be feasible if done manually, computers are capable of processing millions of words in a matter of hours.

Enroll in the CEH Certification offered by Intellipaat and train under their experts.

## Applications of Cryptography

The robust data protections offered by cryptographic techniques have become indispensable across many security domains and IT systems that handle sensitive information. Let us look into the real-life applications of cryptography.

### 1. Cryptography in E-Commerce

Public key encryption secures customer payment data, identities, and transactions against fraud or financial breaches during online purchases and banking through techniques like SSL/TLS within payment gateways.

### 2. Cryptography in Messaging

Widely used apps like WhatsApp and Signal apply end-to-end encryption using asymmetric and symmetric algorithms to ensure message privacy and authenticity, preventing unauthorized access to communications.

### 3. Cryptography in Document Signing

Digital signatures embedded via public key cryptography verify document authenticity and the validity of sender identities, certifying integrity for legal, corporate, and government record sharing.

### 4.Cryptography in User Authentication

Hashing one-way encrypts login passwords, API keys, and biometric templates for secure identity verification across devices and internet services while resisting plaintext exposure risks from breaches.

### 5. Cryptography in Blockchain

Cryptographic keys and hashing enable participants on decentralized blockchain networks to pseudonymously generate transactions, validate identities, achieve consensus, and immutably record interactions without central brokers.

### 6. Cryptography in Device Encryption

Full disk encryption via AES and RSA algorithms provides last-line defenses for data at rest within endpoint devices and servers should perimeter defenses fail against sophisticated intruders.

### 7. Cryptography in Cybersecurity

Cryptography has become deeply integrated into cybersecurity technologies and best practices for thwarting data breaches, fraud, and adversarial cyber threats. Encryption, hashes, digital signatures, and other cryptographic capabilities provide indispensable protection across key cybersecurity domains.

### 8. Network Security

IPsec and VPN connections secure network traffic by authenticating and encrypting entire data flows confidentially between endpoints. TLS encryption also protects data in transit during web sessions through HTTPS and other services using X.509 public key infrastructure for identities. This guards network communications against man-in-the-middle attacks.

### 9. Data Security

Strong encryption facilitates secure cloud services and storage by enabling data security while at rest on servers. Hashing also fingerprint data for detecting unauthorized changes. These cryptographic data protections curb breaches involving database exposures and stolen files.

### 10. Identity & Access Management

Public key infrastructure authenticates user and device identities via digital certificates for managing access to networks and data. Cryptography also secures login credentials and counters the risks of compromised identities being abused to breach systems.

### 11. Secure Code Signing

Code signing cryptographically verifies software integrity and trustworthiness prior to installation or execution, preventing malware or code tampering. This applies across operating systems, devices, industrial systems, and network gear via embedded signatures.

As organizations digitize rapidly around cloud, mobile, and IoT technologies, cybersecurity hinges greatly on advancing uses of cryptography for securing these emerging digital attack surfaces and workloads.

## Conclusion

Cryptography is necessary for securing digital communication, protecting sensitive information, and ensuring online privacy. Implementing robust encryption safeguards against cyber threats fosters trust in a rapidly evolving digital landscape. We hope this blog helped you gain insights on cryptography.
Looking to start your career or even elevate your skills in the field of cyber security? You can enroll in Intellipaat’s Executive Post Graduate Certification in Ethical Hacking from IIT Roorkee and get certified today.

If you want to deep dive into more cryptography, feel free to join Intellipaat’s Community and get answers to your queries from like-minded enthusiasts.

Course Schedule

Name Date Details
Cyber Security Course 14 Sep 2024(Sat-Sun) Weekend Batch
View Details
Cyber Security Course 21 Sep 2024(Sat-Sun) Weekend Batch
View Details
Cyber Security Course 28 Sep 2024(Sat-Sun) Weekend Batch
View Details