The basics of cryptography

Cryptography has been in existence for over four millennia now. Certainly, the domain has undergone significant evolution in that time. Today, we experience it in various facets of life without even realizing.

The term “cryptography” refers to a method of securing information using codes, or “ciphers.” The essence of the practice is to ensure that only the target of communication can read and process it.

The word has its roots in the Greek language. “Kryptos” means hidden and “graphein” means to write. With this in mind, cryptography hides communication in plain sight. Rather than physically concealing a message, the method transmits it in a form an adversary cannot understand.

At one time, the art and science of such encryption belonged in the realms of academia, government and the military. As a result, many assume that the topic is only relevant to hackers, large conglomerates and national security agencies.

But given the amount of personal data on the internet, it is important for every individual. Understanding how it works is key to protecting yourself from persons with malicious intentions.

Another reason why it is important to learn how it works has to do with government agencies. There have been calls for tech firms to give government intelligence backdoor access to encrypted content. In view of such potential breaches of privacy, it is necessary to arm yourself with information for personal security purposes.

Let us consider the early beginnings of cryptography, its current use and how to apply it to personal digital security.

1. History of cryptography
2. Cryptography in our daily lives
3. What is a cipher and how does it work?
4. Cryptography types
5. The uses of cryptography
6. Is cryptography bulletproof?
7. What can I do to make use of cryptography?
8. Where would we be without cryptography?

History of cryptography

Since the beginning of human civilization, one of the most valuable assets is information. The ability (or lack thereof) to hide information has toppled governments. It has also started and ended wars.

In some early cases, people used encryption not to hide messages, but to create intrigue and mystery. Some attempts would even simply amuse whatever onlookers happened to be literate.

But with time, there was a shift toward information protection. For instance, some cryptic clay tablets from Mesopotamia protected commercially valuable recipes.

Another aspect of its application in the past had to do with religious literature. One example that enthusiasts still debate is the number of the beast in the Book of Revelation.

Here are some other examples of cryptography in history:

The Egyptian hieroglyph

The most ancient text containing elements of cryptography dates back some 4,000 years. In Menet Khufu, an Egyptian town, nobleman Khnumhotep II’s tomb featured hieroglyphic inscriptions. These had the aim of obscuring meaning to everyone but the target readers.

Historians consider this hieroglyph to be the oldest instance of cryptography and the earliest technique. The code they used was only familiar to scribes who would transmit messages from kings.

The Spartans’ Scytale

A cylinder known as a Scytale is a historic example of a cryptographic device. 5 BC was the year and Spartans developed this cylindrical device to send and receive cryptic messages. Both the sender and recipient had one.

A sender would wind a strip of leather on the device and write a message across it. When they would unwind it, it contained a meaningless string of letters. The only way to make sense of it was to wind it on an identical Scytale.

Interestingly, this forms the basis for a majority of modern-day cryptographic approaches.

Mono-alphabetic substitution ciphers

By around 500 to 600 BC, scholars moved to this simple method. It basically involved replacing alphabetic characters with others using secret rules. To illustrate, in Rome, they used a technique known as the Caesar Shift Cipher.

The method involved shifting letters by an agreed number. A recipient would then need to shift them back by the same number to decipher the message.

Cryptanalysis

As cryptography gained popularity so did cryptanalysis, which is the art and science of cracking ciphers. One of the earliest cryptanalysts was an Arab mathematician known as Al-Kindi. Around 800 AD, he came up with a technique called frequency analysis.

This is a method based on the observation that different letters appear in the alphabet at unequal frequencies. For example, the letter “e” is the most frequently used letter in English. Once you know this, mapping letters to ciphertext is not so difficult.

With this development, people could now systematically analyze codes and discover the meaning behind encrypted messages. In turn, this prompted the art and science of cryptography to further develop.

The polyalphabetic cipher

In the year 1465, Leone Alberti found the solution to Al-Kindi’s analytic approach. The polyalphabetic cipher would make use of two distinct alphabets to encode messages.

Users wrote a message in one alphabet and encoded it in a second one. For readers to figure out a message, they had to know the original alphabet.

Other historical cryptographic techniques

During the Renaissance period, more methods of encoding came into existence. Sir Francis Bacon came up with binary encoding in 1623 – masking letters under sequences of As and Bs.

Another technique from the 16th century was the use of moving letters in a message. Instead of moving them using a consistent pattern, they would be moved to varying places.

By the 19th century, the art was more sophisticated, evolving from the ad hoc approaches of previous times.

In the early 20th century, the invention of machines further spurred evolution, providing more advanced models.

Cryptography in the computer era

Currently, computers have taken it to a whole new level. The use of mathematical encryption is now the norm, rather than an exception.

A common example of digital encryption involves fictional characters, Alice and Bob. They have to contend with an eavesdropper known as Eve.

If they happen to be on two different parts of the planet, how can they share a secret code without Eve decoding it? The answer is public-key cryptography.

Alice and Bob can exchange public keys while Eve watches. But each would keep a private key that they can use for deciphering the message.

Cryptography in our daily lives

In spite of its small beginnings, cryptography today is a lot more commonplace than most of us imagine. We constantly encounter it in everyday activities without realizing it.

Take a look at some of the ways we benefit from cryptography in everyday life:

Cash withdrawal from ATMs

Banks make use of what they refer to as the Hardware Security Module (HSM). The purpose is to protect your PIN as well as banking information as you withdraw cash. Remember that during such transactions, your information travels through their network.

In order to ensure that hackers do not access your PIN, the system encrypts it as you use the ATM. It then automatically decrypts it on the bank’s end so as to validate the transaction.

Even if hackers intercept the data in transit, they will not access your PIN thanks to cryptography.

Browsing the internet

Most of us surf the internet daily. On this platform, encryption often takes the form of Transport Layer Security (TLS). TLS certification is a protective feature that website owners can purchase to enhance security.

To check if a site has it, there should be a green padlock and the URL should begin with the letters “HTTPS.” The feature encrypts all communication between your browser and a web server.

On sites where you need to enter sensitive information, it is particularly essential. Sensitive information could include credit card information, phone numbers, ID and shipping details.

For instance, when shopping online, you need to provide payment information and address details. SSL encrypts all such data, rendering it unreadable to secure your shopping experience.

Cellphone communication

People send billions of messages every single day using various cellphone platforms and apps. Messaging platforms such as Whatsapp use end-to-end encryption for all their users’ messages.

It encrypts all text, videos, voice messages, photos and files. Its form of encryption ensures that only the person you are communicating with can read what you send. Thus, the system automates the feature and there is no way to turn it off.

Storing files

Storage platforms like Google Drive and Dropbox have millions of users. Considering the amount of information they store, the platforms take security seriously.

They encrypt all files for user protection. In fact, Dropbox claims to break down every data piece and encrypt the smaller bits of data. Both platforms encrypt data both at rest and in transit.

Email messaging

Services like Gmail use TLS (HTTPS) encryption for user protection. But the use of this model does not encrypt mail content.

Privacy-conscious users opt for end-to-end encryption on platforms like CounterMail and Protonmail.

From the above examples, it is clear that the world as we know it would be impossible without cryptography. Some of the things we take for granted would break and anarchy would reign, with hackers in control.

What is a cipher and how does it work?

Ciphers are the foundational block of all cryptography. To understand the statement, think about how cryptography works. It requires encryption and subsequent decryption.

The role of a cipher is to turn plaintext into ciphertext and from ciphertext into plaintext. Notably, the same cipher can play both the encryption and decryption role.

Every cipher involves either transposing or substituting values, or sometimes both. In transposition, a cipher rearranges elements of plaintext without changing (substituting) them. But in substitution, the cipher replaces elements using other objects, yet retains the sequence.

The Spartan scytale mentioned earlier is a great example of a cipher. Both the person encrypting a message and the recipient needed identical scytales in order to communicate.

Take a look at an example of how it works in real life:

You want to send the message “Find me at the cave” in encrypted form. You can use a transposition cipher to rearrange the text and create ciphertext.

In this case, you should use simple columnar transposition. This means writing the plaintext horizontally, using a predetermined number of letters per line. Then, you need to write out the message vertically instead of horizontally.

Choose “three” as your secret random key – the number or letters per line. Look at how you can use the method to encrypt a message.

When you read the message horizontally it makes sense. But the vertical version sounds like gibberish, and this is the ciphertext.

‘Let us meet at the cave’ translates to “lueahaesetevtmttce.”

To decrypt the message, the recipient needs to prepare a similar table to the cipher. They know the key is “three” which is the number of columns in columnar transposition.

But they do not know the number of rows. All they need to do to get it is to divide the total number of characters on the ciphertext by the key. That would be 18/3 to get 6.

The recipient draws a table of three columns by six rows and writes the ciphertext vertically, from left to right. Then they read it horizontally, again, from left to right.

This would give them the original table and decrypt the message.

Cryptography types

Today, there are three major types of cryptography in use. Each of these comes with its own set of rules as well as benefits and downsides. Let us take a look at the three:

1. Symmetric cryptography

Symmetric cryptography involves encrypting and decrypting data using the same key, which is only known to the sender and receiver of the message. Due to this reason, it is also known as private-key cryptography.

The most important thing in this form of cryptography is the key. The two parties need to hide it because anyone accessing it can decrypt the message.

The secret key used for decryption can take multiple forms. It can be a specific passcode or even a random string of characters.

Prior to 1970, all cryptosystems used this model. It still remains a highly relevant method and has extensive uses in numerous ecosystems. Among the reasons for its popularity is that it is fast and highly efficient.

Applications in computing

Symmetric cryptography is ideal for bulk encryption that involves a big amount of data. Some of its practical applications in computing include:

• Payment applications – in card transactions, for instance, the method comes in handy to prevent fraudulent charges and identity theft.
• Random number generation
• Validation for confirming that a message sender is in fact the person he/she claims to be

Symmetric cryptography ciphers

There are three main ciphers that are in use when it comes to symmetric cryptography:

• AES – Known as the Advanced Encryption Standard (AES), this is the most common form of a symmetric algorithm. Originally, it went by the name Rijndael. It is the standard that the U.S. National Institute of Standards (NIST) set in 2001.

At the time, the algorithm had practical application in encrypting electronic data announced in U.S. FIPS PUB 197. According to NIST, the cipher has a 128-bit block size. But it can have different key lengths – AES-128 (128-bit), AES-192 (192-bit), or AES-256 (256-bit).

• Blowfish – With this cipher, key lengths vary significantly, from 32 bits all the way to 448 bits. The cipher came into existence in 1993. It is the work of designer Bruce Schneier.

The variable key length makes it ideal for both exportable and domestic use. Block sizes are 64-bits and it is a 16-round Feistel cipher.

Being in the public domain, it is available for use in any purpose. But it is rather time-consuming and vulnerable to attack due to the small block size.

• DES – In the modern computing arena, DES was the first standard cipher. Its main variations include 2-key and 3-key DES (3DES). But experts consider it too weak in comparison to modern-day computer processing power. However, it still has widespread use in EMV chip cards.

Differences between block and line (Stream) ciphers

Symmetric cryptography falls into two main categories namely block and line algorithms or ciphers:

• Block ciphers – These ones use a specific secret key to encrypt set bit lengths in electronic data blocks. During the encryption process, the system in use holds data in its memory, awaiting complete blocks.
• Line ciphers – Instead of retaining data in system memory, this method encrypts data as it streams. Many consider this approach safer as it does not retain unencrypted data.

2. Asymmetric cryptography

Under this encryption model, there are two different keys for encryption and decryption. In spite of being different, the two keys bear a mathematical relationship. And this makes it possible to retrieve plaintext from ciphertext.

Invented in the 20th century, this model had the objective of overcoming the pre-sharing of a secret key. Rather, both the sender and receiver need a pair of keys, public and private. The public key lives in a public repository. On the other hand, the private key is a secret.

Though the two keys have a relationship, it is not possible to use one to derive the other. It also has a larger number of bits than symmetric encryption. This makes the encryption and decryption process slower.

Applications in computing

Some of the practical applications of the model include:

• Digital signatures (e.g. digitally signing PDF files)
• TLS
• Key-exchange algorithms (used in conjunction with symmetric cryptography)
• Connecting to servers remotely

Asymmetric cryptography ciphers

These are not as popular in practical applications as symmetric algorithms. Let’s take a look at three of the common asymmetric cryptographic ciphers:

• Diffie-Hellman key exchange – This was one of the earliest implementations of the model. Its most common application is in key exchange, hence the name.

Key exchange is one of the most sensitive parts of cryptography. A sender needs to ensure that recipients get the private keys of symmetric cryptography algorithms securely.

They can use this algorithm to create a secure channel for communication. The systems in question will then exchange a private key safely.

• RSA – Short for Rivest, Shamir, Aldeman, the RSA algorithm has been in existence since 1978. It was the very first cipher designed for use in signing and encryption.

The algorithm supports 768-bit and 1,024-bit key lengths and uses a three-pronged approach. First, it generates keys using mathematical operations that make use of prime numbers. The second and third parts are encryption and decryption.

• Elliptic curve protocols – Functioning more or less like RSA, this model is ideal for small devices such as cellphones. The method involves the use of points along a curve to define the pair of public and private keys.

It makes use of significantly less computing power than RSA.

3. Hashing

Hashing involves the use of a cipher known as a hash function. The function takes the given data and generates a special string known as a “hash.”

When the algorithm uses the same data, it will always get the same hash. This is a crucial part of this model. Additionally, it cannot use the hash alone to generate raw data.

Therefore, a major difference between this and other models is that after data encryption (hashing), decryption is not possible (irreversibility).

Consequently, even if a malicious actor were to get the hash, it would be useless. Furthermore, if someone tampers with the data, it will generate a different hash as proof of the change.

Applications in computing

Hashing has countless applications in modern-day computing. These include:

• Password verification
• Message digest

Main hashing ciphers in use

• SHA-1 – SHA stands for Secure Hashing Algorithm and SHA-1 produces a 160-bit hash. During its existence, between 2011 and 2015, it was the primary hashing algorithm.

The cipher was created by the National Security Agency (NSA). However, it has become outdated and not sufficiently secure for modern use.

• MD5 – Known as the Message Digest algorithm, this cipher produces a 128-bit hash. Though it has had widespread use for a time, it is currently termed as cryptographically broken.

It is not collision resistant and has some flaws, making it unsuitable for ongoing use.

Despite serious vulnerabilities, both SHA-1 and MD5 are still in use, leading to significant issues for privacy.

• SHA-256 – Also known as SHA-2, this hash produces a 256-bit hash, 64 digits long. The transition from SHA-1 to SHA-256 took place in 2015. It almost wiped out the original hashing algorithm.

This is one of the strongest hash algorithms available today and has never been compromised.

The uses of cryptography

So, what are the practical applications of cryptography in today’s world?

In the field of information security, there are a number of implementations. We will consider four key applications or functions:

1. Authentication

Cryptography can be used to authenticate a message – confirm that it came from the stated sender. Using a cryptographic system, it is possible to authenticate the identity of a remote system. It is not about user identity, rather, their cryptographic key.

To illustrate, the sender may encrypt a message using their private key and then send it. If the recipient successfully decrypts it using the sender’s public key, that authenticates the source.

Taking security to the next level, it is possible to encrypt the message using both the sender’s private key and the recipient’s public key. This would mean that only the recipient can read the message. They would also be sure of the source of the message.

2. Non-repudiation

Non-repudiation is a function of cryptography that makes it possible to ensure parties cannot deny (repudiate) the authenticity of their signature. It allows us to know, for example, that a

In developing or using e-commerce or financial software, this function is particularly important. Users in this arena often face challenges when customers transact then refute transactions.

The use of cryptographic tools ensures that transactions are not refutable. These tools basically assign a unique signature to every user to confirm the source of transaction authorization.

3. Confidentiality

Keeping sensitive information confidential is a top concern for both individuals and businesses. Right from the outset, this was the key objective of cryptography.

Today, people in various fields use the tools to lock computers using passwords. Countless others use them for safeguarding sensitive personal and medical records.

4. Integrity

Another crucial area of concern has to do with data integrity. When transmitting a private dataset, it is necessary to ensure that no one views or alters it while in transit. The same applies to data storage.

Companies use cryptographic systems to make sure data integrity is intact. Among the most popular methods currently in use for this purpose is hashing using a secure checksum.

Is cryptography bulletproof?

Unfortunately, even though cryptography is a great feature, it is not bulletproof. While it can enhance security, it does not provide total security.

To illustrate this, there have been numerous accounts of experts discovering vulnerabilities in cryptographic systems. Furthermore, there have been successful cyber-attacks on systems that make use of cryptographic tools.

Some of the issues that lead to such instances include:

• Weak ciphers – Security experts traced a number of high-profile attacks in the recent past to weak ciphers. These include the Department of Justice breach, the Tesco Bank attack, and the Target hack to name a few.

For instance, an FCA analysis of the Tesco Bank incident revealed that the attack had to do with the algorithm used to create credit card numbers. Debit cards reportedly had sequential numbers making it easy for attackers to find them.

• Increasing computing power – As computing power increases, the criminals’ ability to decipher encryption algorithms also increases. It has happened before, and is, in fact, the reason why the world moved from SHA-1 and MD5.

SHA-2 has been the recommended hashing standard since 2011. But cryptographers say that over time, older hashes get cracked.

In view of this inevitable eventuality, the NIST selected SHA-3 in 2015 to prepare for future attacks on SHA-2.

• System vulnerabilities – A highly infamous vulnerability was the Apple “goto” bug (link should be nofollow) which affected its SSL/TSL implementation. One of the lines on the code bypassed all SSL/TLS security checks.

This rendered subsequent lines dead, making it vulnerable to Man in the Middle attacks.

Other causes of failure could include bad design as well as bugs in cryptographic libraries.

What can I do to make use of cryptography?

As it stands, we all passively benefit from cryptography given its numerous applications in our day-to-day life. But we can experience even more benefits by actively applying it in various facets of life. Let us consider some ways to do this:

1. Use a VPN to encrypt all traffic

Using a VPN you can encrypt your internet connection to prevent anyone from snooping on your traffic. VPNs basically create an encryption tunnel for your internet connection. This way, neither government agencies nor ISPs can tell what you are doing online.

Similarly, it renders Man in the Middle (MITM) attacks futile as the VPN makes intercepted traffic useless.

Check out our Best VPN Services page.

2. Whole disk encryption

You may also protect the information on your hard drive using more than just a password. Disk encryption programs basically use cryptographic algorithms to secure entire volumes.

Full Disk Encryption (FDE) offers a number of noteworthy benefits. Its most critical advantage is better data security. Even if someone were to move the disk to a different PC, the data would remain inaccessible.

Additionally, the process is automated and thus more convenient than folder or file encryption.

Some Windows PCs automatically feature device encryption. But for a more powerful solution, you may consider third-party encryption software. Examples include BitLocker and VeraCrypt.

For Mac laptops and desktops, you can use FileVault, available by default on Mac OS X Lion and later versions.

3. Secure email

Email is a major weak spot as the process of sending and receiving mail involves multiple parties. You might be using a decent, secure device, but if your recipient is not, that poses vulnerability.

In addition, you might want to keep your communication secure from the prying eyes of your provider. For these reasons, there are platforms offering end-to-end email encryption. They include Hushmail, Tutanota and Protonmail.

4. Secure messaging

Messaging is another big weak spot. Just like email, it involves multiple parties. Unfortunately, a majority of messaging apps do not use end-to-end encryption.

Facebook Messenger offers the option but you will need to enable it as it is not a default feature.

On the other hand, WhatsApp, Wire and Wickr all have end-to-end data encryption. They scramble all messages on-device and unscramble them at the other end. Thus, not even the app maker has access to the information you transmit.

While others like Telegram and Confide claim to offer encryption, they both use error-prone cryptography.

5. HTTPS everywhere addon

HTTPS web pages feature Secure Sockets Layer (SSL) or Transport Layer Security (TLS) to enhance browsing safety. They do this by scrambling communication between your PC and the website to reduce susceptibility to hacking.

When transmitting sensitive personal or financial information, this is especially important. Though modern websites should offer HTTPS protection, there are some exceptions.

Fortunately, you can use the free browser extension, HTTPS everywhere, to get full-time HTTPS security. It is compatible with Firefox, Chrome and Opera.

Where would we be without cryptography?

Now that we understand cryptography a lot better, there are lots of lessons to take home. Though it is far from perfect, it makes a world of difference in ensuring personal data security.

Without it, anarchy would rule in every facet of life and the internet would likely be a no-go zone. But life as we know it is so much more secure thanks to advancements in the field.

And as modern computing and data harvesting keep evolving, now more than ever before, we need to become its active users. It is thus important to exercise due diligence, applying it where we can to stay safe.