Cryptography #1: The What And Why

A brief introduction to cryptography and why we need it.

Hey! Demi here.

I’m currently revising for my cryptography exam. Writing about it here kills two birds with one stone. Great revision strategy. I hope you enjoy today’s post! I’m planning to write more for this series, so stay tuned.

Ok, back to the show.

Display Photo by Markus Spiske on Unsplash

---

Here’s the situation.

Suppose you want to send a message to someone.

But you only want them to receive it.

There are ways to achieve that, such as booking a private room or whispering to the person. However, someone else could stand nearby and listen. This attempt is fairly visible, so handling it isn’t too hard.

What happens when those methods are invisible?

For example, if someone plants a microphone in that private room, how would you know? I don’t know of any simple way to verify that. You could grab a metal detector around the room but that isn’t efficient at all. And if you do find out someone’s listening in, what can you do?

You can never truly know if someone else is listening in on your conversations.

There’s no 100% guarantee that your conversations are private, whether online or offline. So, how could we send a message to someone so that only they can receive it?

Cryptography solves this.

Cryptography is the art and science of secret writing to hide the meaning of a message. It makes use of a wide range of techniques to obscure messages so that even if an attempt is made to intercept it, the interceptor can’t make sense of the message.

Cryptography isn’t strictly digital. Examples of it date back to 2000 BC when hieroglyphics were used in ancient Egypt. The famous Caeser Cipher leveraged cryptography in Rome.

Discussions around it now focus on modern cryptography, which focuses more on digital solutions. With the rise of people using technology for malicious means, the importance of cryptography in the tech world is significant

What does cryptography consist of?

There are 2 main algorithmic approaches used in cryptography

• Symmetric algorithms

• Asymmetric algorithms

Symmetric algorithms

Let’s go back to our original example.

• You use a secret code word (key) that transforms the original message (plaintext) into a bunch of gibberish (ciphertext).

• You can give your friend the ciphertext and they can use the same code word to transform it back into plaintext.

This is the foundation of symmetric algorithms. Symmetry is the same key used for both encryption (hiding the message) and decryption (revealing the message).

Asymmetric algorithms

Let’s change it up:

• Both you and your friend create a pair of keys.

• Each pair of keys works together: one key encrypts, and the other key decrypts. These are known as public and private keys.

• You transform your message using your friend’s public key (their encryption key) and you share the ciphertext with them.

• They get the ciphertext and use their private key (their decryption key) to transform it back to plaintext.

This seems reasonable.

Two distinct approaches to hiding and revealing a message. Surely the field of cryptography can end here, right?

Wrong.

There are a few things we haven’t accounted for:

• How do you share the key with your friend in the first place?

• How can your friend be sure it’s you sending that message? (sender authentication)

• How can we know that no changes were made to the original message? (message integrity)

These are situations that cryptography helps to solve too. In practice, both symmetric and asymmetric algorithms are used in a hybrid scheme. They have their pros and cons in different scenarios.

Where’s the application?

Right now, we have focused on the theoretical elements of cryptography. Online, these elements aren’t just used as they are. We need implementations of these algorithms to be able to use them digitally.

That’s what cryptographic protocols are for. These are systems that leverage both symmetric and asymmetric encryption for specific purposes. Examples of these include:

• Transport Layer Security (TLS) for websites

• Advanced Encryption Standard (AES) is used fairly widely in hardware and software

• Internet Protocol Security (IPsec) for establishing VPNs (virtual private networks)

A quick wrap-up

Today, we learnt:

• What cryptography is

• Why we need it

• An overview of symmetric and asymmetric algorithms

• A brief introduction to cryptographic protocols

Next time, I’ll do a breakdown of each algorithm genre, with some deep dives on specific cryptographic protocols.

P.S. I used Understanding Cryptography to write this post. Great textbook for learning cryptography, highly recommend it.