Cryptography

Introduction of Cryptography

• Cryptography has been used for centuries, from ancient civilizations that used secret codes and ciphers to protect their messages, to modern-day applications that rely on advanced mathematical algorithms and techniques.
• With the increasing reliance on digital communication and the rapid growth of the internet, cryptography has become more important than ever.

Definition of Cryptography

• Cryptography is a fundamental tool in information security that provides a powerful means of protecting sensitive information, securing communication, and ensuring the authenticity and integrity of data in the digital age.
• Cryptography is the branch of computer science to makes secure communication between two bodies by converting plain text message or information into a human unreadable/coded format (called cipher text, which is a form of encrypted text) using various algorithmic techniques, protocols, and methods for hiding information from unauthorized access or modification.
• Cryptography is an essential tool in the field of information security and plays a critical role in securing communication, protecting sensitive data, and ensuring the privacy and confidentiality of information.

Features of Cryptography

• Cryptography involves the use of encryption and decryption techniques to convert plain text into a coded message that can only be accessed and understood by authorized parties who possess the appropriate decryption key or password.
• The security of the encrypted data depends heavily on the strength of the encryption algorithm and the security of the encryption keys.

Terminology of Cryptography

Plain Text

• • The original message/text before it is encrypted.

Cipher

• • A mathematical algorithm is used for encryption and decryption.

Cipher Text:

• • The coded message that is produced after encryption.

Key

• • A piece of information used in encryption and decryption algorithms to transform plain text into coded messages and vice-versa.

Steganography

• • The way of hiding secret information within a non-secret message or file or objects to prevent detection. 

Encryption

• • Encryption is the process of converting plain or readable data into a coded format/secret code or cipher text, that is unreadable without the correct decryption key
  • Encryption algorithms use mathematical functions to transform the data in such a way that only authorized parties with the decryption key can read it.
  • The purpose of encryption is to protect the confidentiality and privacy of the data being transmitted or stored.
  • It is an important tool for encryption i.e. protecting sensitive/confidential information and maintaining the privacy and security of data from unauthorized access or use.
  • There are many different types of encryption, but they can generally be divided into two categories: symmetric encryption and asymmetric encryption, which work similarly to cryptography.
  • Encryption is widely used in many different areas, including online communications, data storage, online banking, and e-commerce transactions.

Decryption

• • Decryption is the process of converting encrypted data back into its original form using a secret key or password. 
  • To decrypt ciphertext, the same key or password that was used to encrypt the data must be used.
  • The decryption process reverses the encryption process by using the key to transform the ciphertext back into plain text or original data.
  • There are several types of encryption algorithms used for encryption and decryption, including symmetric-key encryption and asymmetric-key encryption.
  • Decryption plays a critical role in protecting data from unauthorized access and ensuring the confidentiality and integrity of sensitive information. 

CryptoSystem

• • A collection of cryptographic algorithms and protocols used to secure communications.

Cryptanalysis/Cryptology

• • Cryptanalysis has a long history, dating back to ancient times when people used simple substitution ciphers to encode messages.
  • Cryptanalysis is the study of analyzing and deciphering codes, ciphers, and other encryption methods to break their security and understand their hidden messages without the intended key.
  • It involves techniques and methods for deciphering encrypted messages or codes without having access to the key used to encrypt the message.
  • Cryptanalysis can be performed on various types of cryptographic systems, including classical ciphers, modern cryptographic algorithms, and cryptographic protocols.
  • The goal of cryptanalysis is to discover weaknesses in the cryptographic system that can be exploited to decrypt messages without the key. In other words, it is often used in the field of cryptography to test the strength of encryption algorithms and to develop new methods for securing sensitive information.
  • Some common techniques used in cryptanalysis include frequency analysis, brute force attacks, differential cryptanalysis, linear cryptanalysis, and known-plaintext attacks. In frequency analysis, the frequency distribution of letters or other symbols in the ciphertext is analyzed to gain information about the key used to encrypt the message. In a brute-force attack, every possible key is tried until the correct one is found. In a known plaintext attack, the attacker has access to some known plaintext and ciphertext pairs and uses them to deduce information about the key.
  • Cryptanalysis plays an important role in modern cryptography as it helps to identify weaknesses in cryptographic systems and improve their security. It is also used by intelligence agencies and law enforcement to decrypt messages and gather intelligence.

Types of Cryptography

There are various types of cryptography techniques, such as symmetric key cryptography, asymmetric key cryptography, hash functions, and digital signatures. Each type of cryptography technique has its strengths and weaknesses, and they are used based on the specific security requirements of a system. These are as follows: –

• Symmetric Cryptography: [Symmetric Encryption]

  • In symmetric cryptography, the same key is used for both encryption and decryption purposes i.e., both the sender and the receiver/recipient of the message have the same key in order to access the encrypted information.
  • The public key is shared between the sender and receiver in advance of communication.
  • The most common symmetric encryption algorithms include Advanced Encryption Standard (AES), Data Encryption Standard (DES), and Triple Data Encryption Standard (3DES).

• Asymmetric Cryptography/Public Key Cryptography: [Asymmetric Encryption]

  • In asymmetric cryptography, there are two separate keys, called a public key and a private key, the public key is used to encrypt the data(encryption), while the private key is used to decrypt it(decryption). In other words, anyone can encrypt data using the public key, but only the authorized person with the private key can decrypt it.
  • In this, the public key can be shared with anyone, while the private key must be kept secret. Here, key exchange protocols are used to securely exchange keys between two parties.
  • Here, the sender encrypts the message with the recipient’s public key, and the recipient decrypts the message with their private key.
  • This concept is used in digital signatures, secure email, and secure web browsing.
  • The most common asymmetric encryption algorithm is RSA and ECC (Elliptic Curve Cryptography).

• Hash Function:

  • A hash function is a mathematical function that takes in data of arbitrary size and produces a fixed-size output, typically a sequence of bytes or a hash value.
  • The output generated by the hash function is often referred to as a hash code, digest, or checksum.
  • Hash functions are used in cryptography, data integrity checks, digital signatures, and many other applications.
  • The main characteristics of a good hash function are:
    1. Deterministic: For the same input, the hash function should always produce the same output.
    2. Uniformity: The output should be uniformly distributed across the output space.
    3. Collision resistance: It should be difficult to find two different inputs that produce the same hash value.
    4. Avalanche effect: A small change in the input should produce a significant change in the output.
    5. Efficiency: It should be computationally efficient to compute the hash value for any given input.
    6. Non-invertibility: It should be computationally infeasible to derive the original input data from its hash value.
  • Examples of popular hash functions include MD5, SHA-1, SHA-2, SHA-3, SHA-256 etc. However, some of these functions are vulnerable to attacks, and newer, more secure hash functions are now recommended.

• Digital Signature:

  • A digital signature is a mathematical technique used to verify the authenticity and integrity of digital documents, messages, or software.
  • A digital signature is a cryptographic mechanism used to verify the authenticity, integrity, and non-repudiation of digital messages or documents.
  • It is a mathematical scheme for demonstrating the authenticity of a digital message or document and verifying that it has not been tampered with.
  • It is a type of electronic signature that is based on public key cryptography and provides a way to ensure that a message or document has not been tampered with and that it was indeed sent by the claimed sender.
  • To create a digital signature, the sender uses a private key to encrypt a hash or summary of the message. The recipient can then use the sender’s public key to decrypt the hash and verify that it matches the original message. If the hash values match, it proves that the message has not been altered in transit and that it was indeed sent by the claimed sender.
  • Digital signatures are commonly used in electronic transactions, such as online banking, e-commerce, and secure email communication. They are also used in software distribution to ensure that the software has not been modified or infected with malware.

  • Benefits of Digital signatures :

    1. Authenticity: Digital signatures verify the identity of the sender and ensure that the message has not been tampered with. 
    2. Digital signatures are used to ensure the authenticity of messages.
    3. Integrity: Digital signatures assure that the message has not been altered in transit.
    4. Non-repudiation: Digital signatures prevent the sender from denying that they sent the message, as the signature provides proof of the sender’s identity and intent.
    5. Security: Digital signatures are difficult to forge, making them a secure way to authenticate digital documents and messages.

    Working Mechanism :

Digital signatures are created using a combination of a hash function and a private key. The message or document is first hashed, resulting in a fixed-length string of characters that represents the message in a unique and compact form. The private key is then used to encrypt the hash value, resulting in a signature. The signature is appended to the message or document and sent to the recipient along with the signer’s public key.

To verify the signature, the recipient uses the signer’s public key to decrypt the signature and obtain the original hash value. The recipient then computes the hash value of the received message or document and compares it with the decrypted hash value. If the two values match, the recipient can be confident that the message or document has not been altered since it was signed and that it originated from the signer.

Advantages of Cryptography

• Cryptography makes communication secure through the use of mathematical algorithms and techniques to convert plain text into a coded message, which can only be accessed and understood by authorized parties who possess the appropriate decryption key or password.
• The primary goal of cryptography is to ensure confidentiality, integrity, and authenticity of data (authentication), and non-repudiation of data and to prevent unauthorized access, modification, or disclosure of sensitive information. Confidentiality refers to the protection of data from unauthorized access, while integrity is about maintaining the accuracy and consistency of data. Authentication is the process of verifying the identity of the sender, while non-repudiation means that the sender cannot deny sending the message.

Disadvantages/Drawbacks/Limitations of Cryptography

1. Complexity: Cryptography algorithms can be complex and difficult to implement correctly, which can lead to vulnerabilities if they are not properly configured or used.
2. Key Management: Cryptography relies heavily on key management, which can be challenging to maintain and protect, particularly when dealing with large-scale systems or long-term data storage.
3. Performance Impact: Cryptography algorithms can add significant overhead to computing systems, leading to performance degradation and increased processing time.
4. Dependence on algorithms: Cryptography algorithms are vulnerable to advances in technology and computing power, which can weaken the security of the encryption and decryption processes.
5. Malicious use: Cryptography can also be used for malicious purposes, such as hiding illegal activities or communicating secretly within criminal organizations.

Use/Applications of Cryptography

Cryptography has many real-world applications, such as –

• Securing communication channels
• Protecting confidential information
• Ensuring secure transactions over the internet.
• Used to protect sensitive information such as credit card numbers, passwords, and personal data in online transactions, secure communications in emails and instant messaging.
• Ensure the authenticity and integrity of digital signatures

DES(Data Encryption Standard) Encryption