Data and information have been the essential entities from the early ages to this modern digital era. For these entities to remain useful and uncompromised, they must be stored and transmitted securely. In this digital era, security and privacy of information are of utmost importance since almost every task relies on it and is doneon the internet.
Cryptography is a mathematical science technique of ensuring that information and data are secure either during storage or transmission, especially across insecure networks. It involves encryption and decryption of the messages via a cipher/key. Cryptography is part of a broader category known as cryptology which a combination of cryptography and cryptoanalysis. Cryptoanalysis is a method used to analyze and break encryption used in cryptography. Usually used by cyber attackers.
Encryption is the algorithm that uses a cipher to convert readable information (plaintext) to its unreadable/understandable form (gibberish). On the other hand, Decryption involves the algorithm that converts the unreadable gibberish to its readable form via the cipher. Decryption cannot happen without a cipher.
Main types of cryptography
Cryptography is a broader field, but in the modern era,it can be classified into three main types based on the algorithm used, application and the number of keys used.
- Secret Key Cryptography (SKC)
This type of cryptography is also known as conventional cryptography and is widely referred to as symmetric key cryptography/symmetric encryption. SKC uses a single or same key for both encryption and decryption of messages. The most common known implementation of the symmetric key cryptography is the Advanced Encryption Standard (AES) and the Blowfish cipher. SKC is primarily used for ensuring the privacy and confidentiality of the associated information. The biggest challenge with secret Key Cryptography is how to distribute the key as it must be known only by the sender and the receiver.
- Public-key cryptography (PKC)
PKC is also known as asymmetric cryptography/ asymmetric encryption. Unlike SKC which uses a single key, PKC uses two pairs of keys, one for encryption and the other one for decryption. That’s, a public key is used to encrypt the message, and its known widely by the involved a group of individuals. For decryption, a private key is used and its only known by the receiver. PKC relies on mathematical functions which are easier to compute, but their inverses are harder to compute for the pairs of keys. One cannot deduce the private key from the public key even if their mathematical functions are related. Due to this pairing of keys, PKC is useful for ensuring authentication as well as confidentiality. It’s also useful for key exchanges and non-repudiation. The most common implementation of PKC includes; Rivest–Shamir–Adleman (RSA) encryption algorithm, Diffie–Hellman key exchange (DH) and elliptic curve techniques among others. Public key cryptography has fewer challenges as long as there’s trust.
- Hash Functions
Also known as one-way cryptography, is a type of cryptography that computes a digital fingerprint into a fixed length hash value based on the message involved. Since there are no keys for decryption, the resulting hash value cannot be decrypted. The hash value is used to verify whether the plaintext has been modified or not. For this reason, Hash Functions are used for integrity purposes. Hash Functions can often be used with other encryption systems and yield a hash value for more security and verification. When used together, modification of the encrypted information will yield a different hash value which can’t be verified.Common implementation of Hash Functions includes; Message Digest (MD), Secure Hash Algorithm (SHA) among others.
Components involved in cryptography
As mentioned earlier, cryptography is a wider field, and apart from cryptographic types and algorithms, there are other entities involved. They ensure cryptography is done effectively and information or data has the required level of security. Some of the entities include:
Ciphers are essential as they aid encryption and decryption. They are mathematical algorithms with defined steps on how encryption and decryption are done. Ciphers depend on keys to determine how strong the encryption of a certain piece of information will be. They are two categories of ciphers; Block ciphers and stream ciphers. Block ciphers perform encryption on one block of data at a time. Usually, the same key is used. On the other hand, depending on the synchronization mechanisms used, Stream ciphers may encrypt a single bit or a continuous stream of data but with a changing keystream.
Protocols are standards that govern how communication is done especially on networks. Cryptographic protocols are used to enable a secure communication through the network by determining how algorithms will be used. Example of a cryptographic protocol is the Secure Sockets Layer (SSL) protocol.
Key and key length
A key is a value that determines how a cipher encrypts information. Keys vary in sizes as they are different in both symmetric and asymmetric cryptography. The rule of thumb is that; the longer the key length, the stronger the encryption will be especially in PSK. This is because attackers will take a long time to brute force and break the encryption. But it should also be known that key length alone does not define how strong the encryption is, a strong cipher must also be used. Keys are also stored in an encrypted form.
Despite the implementation of a strong cryptographic system, if the keys are not managed properly, they may fall into wrong individuals who may modify the information or even delete it. Sometimes malicious individuals may masquerade as the original owners of the keys. Key management involves how the keys are generated, transmitted/exchanged, stored, how they are used, and when they are supposed to be deleted or replaced. Challenges are usually in how the keys will be exchanged, used and stored. To solve these challenges, cryptographic systems implement a number ofways such as Certification, Pretty Good Privacy (PGP) and Trust models.
Distribution of public keys
Cryptographic systems such as PSK involves the use of public keys, and for involved individuals to get them, key exchange must take place. Below are ways in which distribution is done:
- Public announcement
PSK involves the use of public keys, which are intended to be public. Due to the rise of PGP, individuals have maintained a web of trust in that they can send their public keys via emails. PGP is secure, andindividuals can verify the authenticity of the sender.
- Publicly available directory and authority
This is a distribution method which may involve a secure client-server architecture such as Kerberos used for authenticating and distributing keys to users. It consists ofan authentication server which hosts a directory of where participants register via a secure authentication scheme and obtain keys. Registered individuals may replace the key anytime. As long as the host key is secure, the whole system is secure.
- Public-key certificates
Another common key exchange method is through the use of certificates. Certificates contain the key owner identifier, a public key, and a third-party signature. In this digital era, certificates are digital, and hence they can be verified via the Hash Function to determine their integrity. Due to this verification, certificates can also be used in the above method such that they are available via a public directory or authority. Certificatesare usually stored and managed by a Public Key Infrastructure (PKI) or a certificate server.
Some of the requirements for certification include: anyone can determine the public key and name of the owner, and individuals can verify the certificate and its currency.
Trust models are important entities in any cryptographic system since they establish how validation and authenticity can be done. Common trust models include:
- Direct trust
This is a trust model where entities trust that a key is valid because they know the source. It’s the most fundamental trust model and its used in some way by all cryptosystems.
- Computational trust
In this trust, the model involves the use of trusted authorities and authenticated parties such as PKI for validation of certificates and involved keys.
- Web of trust
This trust model is commonly used by PGP where the owner of a certain key maintains a local keyring of the public key that is sent to individuals. Individuals then use a recipient’s key to encrypt the intended information. Since digital signatures are involved, recipients can then verify the public key and decrypt the informationvia their private key.
Uses of cryptography
Besides security, below are other uses cryptography provides:
- Privacy and confidentiality:Cryptography ensures that the encrypted information is only read or received by the intended party. And even if its intercepted by prying eyes and Man-In-The-middle (MITM) attacks, cryptography ensures the informationis still confidential as it is unreadable.
- Authentication: Cryptography also provides a way in which individual can verify the identity of the encrypted information and even the owner.
- Integrity: Through hashing and certification, the receiver can be assured that the information has not been modified when it was stored or in transit.
- Non-repudiation: Besides authentication, cryptography also provides the integrity needed to prove that the encrypted info or message was from the sender(owner).
- Key exchange: Apart from encrypting the information, cryptography also provides a way in which keys are distributed.