Sep 18, 2018 By Team YoungWonks *
What is Cryptography?
Cryptography, also known as cryptology, is, simply put, the art of writing and solving codes. It involves the practice and study of techniques used for secure communication in the presence of third parties. So it is centred around making and analyzing protocols that prevent these third parties (also called adversaries or eavesdroppers) or the public from reading private messages. This in turn, is why it has an important role to play in information security today.
Indeed, in today’s age when there is so much information available, we all need systems in place that will help keep certain information confidential.
Origin and History of Cryptography
The practice of writing messages in codes and then decoding it may have taken on modern forms but its origin can be traced all the way back to the use of codes and ciphers to protect secrets, began thousands of years ago.
One of the earliest forms of cryptography is classic cryptography. This rudimentary form of cryptography is where pen and paper or other simple mechanical aids were used. The earliest known use of cryptography is found in non-standard hieroglyphs carved into the wall of a tomb from the Old Kingdom of Egypt circa 1900 BCE. Greeks too are known to have relied on it to pass on messages that couldn’t be read by everyone. The Arab connection is evidenced by proof indicating that Arab mathematician Al-Kindi was among the first to systematically document decoding methods.
It’s not surprising that cryptography has been and continues to be used to protect sensitive information such as military information and conversely, to further espionage. The early 20th century saw not one but two World Wars; maintaining secrecy of information was crucial at such times. No wonder then, cryptography became more sophisticated during this period. Complex mechanical and electromechanical machines, such as the Enigma rotor machine, were now being built. From the beginning of the 1920s, early models were used commercially by military and government services of several countries, most notably, Nazi Germany, both before and during World War II. There were different Enigma models - including Japanese and Italian ones - but the German military models, having a plugboard, were the most complex. Despite this in December 1932, mathematician Marian Rejewski, who worked at Poland’s Cipher Bureau, deduced the detailed structure of the German Army Enigma, using mathematics and limited documentation.
The Allies too relied on cryptography during World War II; Allied cipher machines used in World War II included the British TypeX and the American SIGABA; both were electromechanical rotor designs similar in spirit to the Enigma, albeit with major improvements. Neither is known to have been broken by anyone during the war.
Cryptography: Encryption and Decryption
Cryptography then consists of two parts: encryption and decryption. For the longest time, cryptography mainly referred to encryption, which is the process of converting ordinary information (the information that needs to be passed on securely) into unintelligible text, also called ciphertext. But in modern times, cryptography is also about the second half of decryption, which is basically the reverse, in that it entails converting the unintelligible ciphertext back to into ordinary text or plaintext.
With the advent of electronics and computing, cryptography has moved way beyond pen and paper; it is a lot more complex today. Security breaches have kept pace too; today, there are different ways in which data/ information can be intercepted.
The simplest and most time-consuming technique is the brute-force search or exhaustive search; it’s a trial and error method. Also known as generate and test, it is a very general problem-solving technique that mandates systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement. In other words, the person wanting to intercept the data tries to do so by testing out all possible data options that he / she has before him / her.
Then there’s keystroke logging, often referred to as keylogging or keyboard capturing. It is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that the person using the keyboard is unaware that their actions are being monitored. Data can then be accessed by the person operating the logging program. A keylogger can be either software or hardware. In addition to this, there are several more complex methods that can be used today to access confidential information.
Modern cryptography, which draws heavily from the disciplines of mathematics, computer science, electrical engineering, communication science, and physics, aims to defend our data against these attacks on privacy. This brings us to the question: How is encryption usually achieved today? The answer is: algorithms. In modern times, encryption has been made possible by using algorithms that have a key to encrypt and decrypt information. These keys convert the messages and data into “digital gibberish” through encryption and then return them to the original form through decryption.
To understand how this encryption and decryption works, we will have to break down the two processes with the help of a few examples.
Example 1: Cryptography in a school setting
A lot of cryptography techniques rely on information known to both parties, the sender and the recipient. This information is called as the key. Suppose a girl, say Alice and a boy, say Bob, have an understanding between them that dog shall be denoted by the word horse, that is dog = horse.
Now no other kids in the class are aware of this, so knowing that dog is equal to horse is the key here between the sender and the recipient. The sender encrypts the message using this key and the recipient decrypts it using the same key.
So when Bob has to pass on a message about his dog without it being known by the others, he can pass on a message with the word Horse in the message instead. For instance, instead of saying, “I took my dog to the vet today”, he will say, “I took my horse to the vet today”.
And only Alice will know what it actually means: that Bob took his dog to the vet today.
This way, he is sending across message about the dog which is lost on the other kids and only the intended recipient, the girl Alice shall know what exactly Bob is talking about.
Example 2: Cryptography in computing
In the internet era, it is not always possible to share the key like in the previous example, i.e. physically. So how do you send a personal message, one that is secret and only between you, the sender and the recipient? The answer, as mentioned earlier, is encryption, the process of taking a message and scrambling its contents; in other words, encoding this message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
This brings us to the two types of encryption: 1) Symmetric Encryption
2) Asymmetric Encryption
Symmetric encryption is where the same key is used for encryption and decryption. So the message “I won’t be at work today” can read like “xCvI8?lfgh” which reads like gibberish as it is made up of different characters, i.e letters, numbers and symbols, but only the intended recipient, other than the sender, has this private key.
Take for instance, Bob wants to send Alice a secure message, i.e. a message that he doesn’t want anyone else to intercept. So he encrypts the message using a key and then he sends the message across to Alice.
Once she receives the message, Bob sends her the same key he had used to encrypt the message.
Alice now uses this key to decrypt the message and access its contents.
Now, this is a case of symmetric encryption and it’s a faster option, because the same key is being used for both encryption and decryption. But the problem here is that this key has to be stored securely, as it is easy for even hacker to decrypt once he/ she has this key.
This is why there also exists the option of asymmetric encryption where different keys are used for encryption and decryption; both public and private keys come into play. To understand this better, think about how a mailbox works. Everyone knows where it is; the location of mailbox is public knowledge. This knowledge is a public key, but that knowledge alone is not enough to get to the letters in the mailbox. For that, one needs the private key; in this case, it’s the mailbox key that only its owner has. So when a person uses asymmetric key encryption to send a message, both the sender and the recipient begin by generating a key pair (i.e. a public and a private key each) on their respective computers. A popular way of doing this is using the RSA algorithm, which comes up with a set of a public and private key that are mathematically linked to each other. The public key is then used to encrypt data that can be decoded/ decrypted only with the help of the corresponding private key. This means that knowing / having the public key alone won’t get you the private key; it’s why this method is called asymmetric encryption and is known to be the safer option.
Take for instance, Bob (the sender) wishes to send a private message securely to Alice (the recipient). If they are using asymmetric key encryption, this is how the process shall unfold:
Both Alice and Bob begin by generating a set of public and private keys.
They then swap public keys with each other (Alice sends her public key to Bob and vice versa).
Now Bob encrypts the sensitive document using Alice’s public key and sends it to her.
Even though this document has been encrypted (or locked) using a public key that can be easily accessed, the document can now only be opened using Alice’s private key (which only Alice has).
So only Alice can unlock the document and access the information/ message in the doc. Similarly, Alice can encrypt a document using Bob’s public key and send him the encrypted document which then Bob can decrypt only using his corresponding private key. Even Alice cannot decrypt the document she encrypted using Bob’s public key because she doesn’t have his private key. So of course, here too, both parties need to keep their respective private keys safe.
Here's a video explaining the same concepts of encryption and decryption:
New sets of public and private keys are typically not created and transferred each time information needs to be passed on. Each set of public and private keys usually has a validity for a particular period of time. Once the validity expires, a new set of keys is created. Here’s a link to the puTTY key generator:
What then is cryptanalysis? It’s the study of analyzing information systems in order to study/ decode the hidden aspects of the systems. Cryptanalysis is what one resorts to when one wishes to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key (including private key in cases of asymmetric encryption) is not known. Cryptanalytic methods these days usually include solving carefully constructed problems in pure mathematics, the best-known being integer factorization. Used for hacking and often also for military espionage, cryptanalysis is a complex evolving field.
Modern Uses of Cryptography
Historically, cryptography has been used to hide messages from third parties or unintended recipients or interceptors. Today, it is used in its modern form for information security purposes such as data confidentiality, data integrity, identity authentication, credentialing systems, digital signatures, electronic money (for instance, Bitcoin) and secure multi-party computation. Timestamping, for instance, is a cryptographic technique that can certify that a certain electronic document, communication existed or was delivered at a particular time. All of this shows that without cryptography, hackers could get into our e-mail, eavesdrop on our phone conversations, tap into cable companies, acquire free cable service, or even break into our bank accounts.
Indeed, cryptography has made websites safe and electronic transmissions and transactions secure, rendering it quite indispensable today.
Below is a detailed video throwing light on the same subject:
*Contributors: Written by Vidya Prabhu; Photos/ animation by Leonel Cruz