A Complete Guide to Cryptography
Let’s say you need to send a secret message to someone and don’t want that message to get into the wrong hands. How can you keep your information and communication secure?
By using cryptography.
What is cryptography?
When you hear the word “cryptography”, you’re probably thinking of making regular, or plaintext unreadable without using a special key.
This, however, is just one part (although an important one) of cryptography, called encryption. While cryptography and encryption were all but synonymous, today cryptography is much more than encrypting and decrypting messages.
It also includes:
Authentication ensures that you are sending the message or data to the right person and not someone eavesdropping. This is accomplished with the help of certificates and digital signatures.
Non-repudiation makes sure that the sender can’t deny that they sent something.
Integrity ensures that the data hasn’t been changed after it was sent and before it reached the recipient by a third-party.
Knowing all of this, we can define cryptography as “the study and practice of communication techniques and their protection against third-party adversaries”.
History of Cryptography
Okay, let’s talk a little about the history of cryptography.
The word “cryptography” comes from two Ancient Greek words, “crypto”, meaning “hidden”, or “secret” and “graphein”, meaning “to write”.
The practice of making secret messages is as old as human civilization and cryptography can be traced back to the ancient world.
We get the first mention of a cipher tool from a Greek poet Archilochus around 680 - 645 BC, called Scytale, and around 700 years later, Plutarch gives a description of it in “Lysander”
One such is the Caesar Cipher named by Julius Caesar, who has supposedly used it himself. This is a substitution cipher, where, for example, the letters are moved several spaces to the right.
For instance, if we move the alphabet three spaces to the right, “Cryptography” becomes “Fubswrjudskb”.
Again, once you know the pattern, it would become quite easy to decipher it.
The earliest work on cryptography and cryptanalysis comes from the 9th century Arab Philosopher Abu Yusuf Yaqub ibn Ishaq Al-Kindi and is called “A Manuscript on Deciphering Cryptographic Messages”
Another Arab mathematician and polymath, Ahmad Al-Qalqashandi also mentions cryptology in his “Subh al-Asha” encyclopedia, where he introduces a list of substitution and transposition ciphers, including the first homophonic substitution cipher.
Europe wasn’t far behind in cryptology either, as it was a very popular way of communicating among courts in secret’
In 1837, Samuel Morse invented the electric telegraph and long-distance message transmission using coded signals, which later became the standard for international communication.
In the 20th century, cryptography saw use in both WW1 (Zimmerman Telegram) and WW2 (Enigma Machine) and in both cases, cracking it proved invaluable for the Entente and the Allies to win the respective wars.
As you can see, cryptography was throughout history mainly used for military purposes, but over time, it has found its way into business and even personal communication, largely thanks to the Internet.
For instance, Phil Zimmerman released the PGP (Pretty Good Privacy) in 1991, along with the source code, which later led to OpenPGP and Netscape released the Secure Sockets Layer (SSL) protocol in 1994.
Okay, enough about the history of cryptography. Let’s talk a bit about the cryptography types.
In general, there are three types of cryptography:
- Symmetric Cryptography
Symmetric cryptography uses one key to encrypt and decrypt when sending and receiving data. This makes it faster, but the downside lies in the insecure exchange of the key.
Symmetric cryptography is also known as “secret key” or “private key cryptography”.
- Asymmetric Cryptography
With asymmetric cryptography, two keys are used to encrypt and decrypt the message. First, the public-key encrypts the message and then the private key decrypts it. Only the recipient has the private key.
This cryptography type is also known as “public-key cryptography”.
Asymmetric cryptography includes:
- RSA cryptography
- Elliptic Curve Cryptography
- Hash Function Cryptography
No keys are used in hash functions. Instead, a unique hash value is calculated for plain text and without it, the original text can’t be recovered.
Hash functions include:
- SHA (Secure Hash Algorithm)
- MD5 (Message Digest 5)
You can read more about symmetric vs asymmetric encryption in this article.
There are several cryptography techniques used today (and thorough history). We’ll briefly name a few of them:
- Simple Codes
This is basically writing the message in another script. For instance, in WW2, the Allies used the Navajo language as code, which the Germans were unable to crack.
Another way would be to, for example, write the message in Nordic runes:
- Substitution ciphers
In this case, each letter is replaced by another, for example, 3 steps removed from it. To decode the message, one would just need to reverse the process.
We already explained how Caesar Cipher works, so we’re not going to get into that again.
Another type of this is the Morse code, which uses beeps of varying lengths instead of letters.
Stenography is based on hiding messages (either using something like invisible ink, or placing it in an unexpected place.
If the message can’t be found in the first place, the logic is, it can’t be cracked.
One great example of this is Cicada 3301. This was a puzzle circulating the Internet forums like 4chan since 2012, for the stated purpose of “recruiting highly intelligent individuals”, though by whom is still unknown.
- Different base
The number system that we use every day is base 10 (1-10), but there are also binary (base 2), hexadecimal (base 16) and so on.
For example, if we use 100 (base 10), in binary, this would be 1100100 and in hex, it’s 64.
Cryptography algorithms can be divided into symmetric key and asymmetric key algorithms.
You can also check our “What is the Best Encryption Algorithm article.
Symmetric Key Algorithms
Symmetric key algorithms include:
- Advanced Encryption Standard, (AES)
AES uses the Substitution Permutation Network (SPN) to apply multiple rounds and encrypt data. This encryption uses 128-bit, 192-bit and 256-bit keys and 128-bit blocks.
- Data Encryption Standard (DES)
DES is no longer in use today. This is because its 56-bit key can be cracked easily with modern computers (in about 362 seconds).
A variation of DES, 3-DES, or “triple DES” is still used in electronic payment systems.
- International Data Encryption Algorithm (IDEA)
IDEA is a free-to-use algorithm that uses 128-bit keys and 64-bit blocks, under OpenPGP standard. Today it’s not widely used, but has some applications as it is patent-free.
RC-2 was developed by Ron Rivest in 1987 and used 64-block ciphers with variable key length in 18 rounds in an unbalanced Feistel network. Not in use anymore since it is susceptible to related-key attacks.
RC-4 was a successor of RC-2 also developed by Ron Rivest posted on a sci-crypt newsgroup in 1994 and was quickly cracked. It was never officially released by RSA security. It’s not in use today.
RC-5 uses 0-2949-bit keys, 0-255 rounds and block sizes of 32, 64 and 128-bit block sizes.
RC-6 was one of the five finalists of the Advanced Encryption Standard competition, which was won by “Rijndael”, today known as AES. RC-6 uses data-dependent rotations, XOR operations and modular addition and it supports 128, 192 and 256-bit keys, with 128-bit block sizes.
Blowfish was designed by Bruce Schneier to replace DES and IDEA. It uses 64-bit block sizes, with 32 to 448-bit keys and takes 16 rounds. It’s not in use because of its vulnerability to birthday attacks, plaintext attacks and Sweet32 attacks.
Twofish replaced Blowfish in 1998 and uses 128-bit blocks, 256-bit keys and 16 rounds. It was one of the five Advanced Encryption Standard competition finalists, but didn’t “make the cut” because it lacked standardization.
As Twofish was cracked in 1999 (see the paper An Observation of the Key Schedule of Twofish by Fauzan Mirza and Sean Murphy for more detail), Schneier introduced Threefish in 2008.
Threefish uses 256, 512 and 1024-bit blocks, with corresponding key sizes and up to 80 rounds.
A published attack from October 2010 was able to break 53 of 72 rounds in 256-bit and 57 of 72 rounds in 512-bit versions.
Serpent algorithm narrowly lost the Advanced Encryption Standard competition to Rijndael (now AES) and is still in use today.
This algorithm, developed by Ros Anderson, Eli Buham and Lars Knudsen uses 128-bit blocks and 128. 192 and 256-bit keys and 32 rounds.
Several published attacks were able to break the first 12 of 32 rounds, but couldn’t get further and the amount of time and energy it took them suggests that this is still a safe algorithm to use,
Asymmetric Key Algorithms
Asymmetric, or public-key cryptography algorithms, include:
- Rivest-Shammir-Adleman (RSA)
RSA cryptography is today the most widely used public-key algorithm, but because it is slow it is primarily used to encrypt/decrypt the symmetric key, which is then used to encrypt/decrypt the data.
RSA is based on “prime number factorization”.
- Elliptic Curve Cryptography (ECC)
ECC uses elliptic curves over finite fields.
Compared to RSA, ECC uses smaller key sizes and offers the same cryptographic strength, making it less taxing on the system.
It is still in use today and NIST has recommended 15 elliptic curves as a standard.
Finally, Diffie-Hellman by Whitfield Diffie and Martin Hellman (using a concept by Ralph Merkle) was the very first example of asymmetric cryptography.
Diffie-Hellman is vulnerable to several types of attacks, so it’s no longer a standard, but it is still used in digital signing and PKI.
How many keys are used in symmetric cryptography?
Symmetric cryptography is done with the same key for both encrypting and decrypting data.
Since ancient times, man has looked for ways to hide messages he wanted to send to others. Today, as our communication has moved to the Internet, the importance of cryptography is even greater as you can never know who wants to read your message.
CTemplar uses 4096-bit RSA encryption to encrypt your email messages, subjects and attachments. Sign up to CTemplar to bring your privacy to a new level.