Menu

Menu

a

*Today’s article is about Cryptography, a mathematics based science that, simply put, is all about how to transform data in a way that only authorized parties can understand it. A very relevant topic, considering the growing amount of sensitive data we transmit and exchange every day.*

Broadly speaking, cryptography is a method that converts information into non-understandable form using a code with a possibility of reverse action. The main purpose is that only authorized parties are able to convert data into understandable form, read it and process it.

In modern computer science cryptography is used to secure communication and data with different techniques. We call those series of calculations and rules cryptographic algorithms. Such algorithms allow us to encrypt and decrypt data, generate cryptographic keys, provide data integrity verification, perform digital signing, and many more operations that we use in web browsing, emails, online transactions and computer applications without noticing.

Cryptography as a term originates from two Greek words. “Crypt”, which means hidden and “graph” that means writing. The first known use of cryptography is connected to the Roman Empire. Julius Caeser, who lived in the first century B.C., used ciphers in his correspondence, as he did not trust his messengers who delivered his orders to officers and governors. The cryptographic algorithm was simple: each symbol was replaced by the character which came three positions later in the Roman alphabet.

Over time, the use of cryptography has evolved significantly from its original form, meant only for a selected few. With a rising growth of information technology, the volume of information that needs to be protected from third parties is constantly increasing. Cryptography has become widely applied in government structures, as well as in business. Thanks to the evolution and rise of computing capabilities, cryptography has become more complicated. In modern cryptographic algorithms, we use advanced mathematical concepts and computer science fundamentals.

It is important to clearly define the meaning of some terms related to this article. Cryptography is the science of writing covertly. Cryptology means uncovering secret information. Whereas encryption is the process of transforming information to be impossible to read or understand. In terms of cryptography, the encryption process turns plaintext into ciphertext. The opposite process is called decryption.

Another important thing in cryptography is a cryptographic key. Usually, it’s a string of symbols or numbers that is used by a cryptographic algorithm to encrypt the plaintext. Different keys used in the same algorithm give completely different ciphertext. In modern cryptography, encryption methods are considered secure if there is no way (or at least almost none) to extract the plaintext from the ciphertext without the key. Therefore, it makes the key parameters (such as the key length and randomization) as well as processes like cryptographic key generation, storage, and transmission very important.

There are many techniques that are used in cryptography. Some of the most common are:

**Symmetric Cryptography**– also called private key cryptography. Encryption and decryption of plaintext performed with the same key. It’s usually used to encrypt data stored on or transmitted between computer systems.**Asymmetric Cryptography**– encryption and decryption of plaintext performed with two different keys: a public key and a private key. Such methods are used in Public Key Infostructure PKI systems, digital signing and blockchain.**Tokenezation**– a process similar to encryption. The main difference between the two is that tokenization keeps the data format unchanged. It is very useful in application layer encryption.**Hashing Functions**– transform different plaintext into the fixed length hash value. It is mainly used to check the data integrity and verify that it wasn’t changed during transmission or storage.**Steganography**– a method inspired by the inconspicuous placement of one object into another. Historically, it could be something like invisible ink, now it is often a secret image or a text hidden in another image.

As we noted previously the main purpose of cryptography is to secure the information from different types of threats. It could be a cardholder’s information in online banking or sensitive data transmitted from a remotely working employee to the organization headquarters. The same applies to the authorization process on a web site to enter the personal account.

Another way of defining the main goals of cryptography would be through a CIA Triade – a model of information security guidelines – formed by Gary Kessler:

- Keep data
**confidential** - Ensure data
**integrity**(data has not been altered or changed) **Authenticate**the identity of the sender and the receiver of the message

Most digital services today are based on client-server architecture. In other words, users connect to their services through a client system and those services are running on servers. There are many users and a lot of connections between them and a server.

But how is it linked with cryptography?

Connections have their routes through different types of networks. But often enough many of them can’t be defined as secure by default. Cryptography helps us secure the data we transmit and receive through public and private networks, as well as protect data privacy.

Attackers and malicious users can take both passive or active actions when it comes to sensitive data. In the first case, they just listen to, or “sniff”, the traffic in public networks with the aim to intercept critical data. In the second case, they could attack computer networks or systems using special software with the goal of obtaining valuable confidential information.

In both cases, cryptography substantially lowers the chances of data loss. Cryptographic protocols developed for secure connections – such as TLS/SSL – aid us with data protection during transmission. Authentication systems based on asymmetric cryptography help us prevent unauthorized access to data storages and digital services.

Some cryptographic algorithms can be used only with the cryptographic keys. For example, symmetric and asymmetric cryptographic algorithms. In this case, a cryptographic system consists of two parts – the algorithm and the key – and relies on both of them.

In the 19th century, Dutch cryptographer Auguste Kerckhoff noticed that “a cryptographic system should be secure even if everything about the system, except the key, is public knowledge”. In other words, his experience showed that sooner or later cryptographic algorithms always become clear to those who study them. However, the knowledge of the algorithm alone doesn’t undermine the security of a cryptographic system if the cryptographic key remains secret.

This idea was picked up again in the 20th century by Claude Shannon. He believed in “The enemy knows the system”. As a cryptographer who worked during World War II, he noticed that the design of a cryptographic system should be elaborated without the need of hiding the algorithm itself.

As noted earlier, the three most common types of cryptography are: asymmetric cryptography (also called public key cryptography), symmetric cryptography (or secret key cryptography) and hash functions. Let’s take a closer look at them.

Symmetric encryption algorithms (or symmetric key cryptography algorithms) encrypt plaintext and decrypt ciphertext using the same secret key. These single key algorithms imply that the key must be known to both sender and receiver. Such algorithms are less demanding on computing resources. On the other hand, the need to send the secret key creates the risk of a third-party intercepting it. The attackers would be able to decrypt and access all the data that the sender transmits. In symmetric cryptography, ciphertext consists of fixed-length blocks. These blocks are known as block-ciphers.

The most known symmetric cryptographic protocol is Advanced Encryption Standard AES. It was published in 2001 and until this day is still used by the US government for classified information. AES was developed because the previously used protocol – DES (Data Encryption Standard) – became insufficiently secure. Specifications of AES protocol are open and free to the public, and are applied in many industries as a reliable data protection protocol.

Asymmetric encryption algorithms use two keys to encrypt and decrypt data. These keys are paired with each other mathematically. The sender of a message needs to know only the public key of the receiving party, which they encrypt the message with. To decrypt the message, the intended recipient uses their private key. It’s impossible to decrypt ciphertext without the private key. Not only is there no need to share the key between both parties, it’s actually mandatory for the receiver to keep their private key secret. This type of cryptography is very useful and significantly less risky if transmission is taking place through an untrusted network. However, asymmetric algorithms require much more computing capacities compared to symmetric encryption.

The scope of the application for asymmetric algorithms is very large. They are used in digital signatures and public key cryptography standards as well as authentication systems and blockchain.

Sometimes it’s best to combine symmetric and asymmetric cryptography to create a hybrid solution that benefits from both approaches – less computing capacity without compromising security of data encryption keys. The TLS protocol is based on this principle. The protocol uses a symmetric key for data protection and to protect a symmetric key exchange, an asymmetric cryptography algorithm is used.

Cryptographic algorithm that transforms data to the single fixed-sized string of symbols could be defined as a hash function. The result of a hash function is called the hash. Different data produces different hash results. These algorithms have two defining quality parameters: the probability of restoring the original data from the hash and the probability of receiving the same hash from the different data. The lower the odds, the more secure and reliable the hash-function.

Cryptographic hash functions are widely used for data integrity confirmation. If the receiver knows the hash of the data, it is easy to check whether there have been any changes made to the data. The result of a hash function must be the same for the same input. The most common hash-function cryptographic algorithm is Secure Hash Algorithm SHA-3, which replaced the older versions SHA-1 and SHA-2.

Cryptographic algorithm is a set of mathematical procedures used in cryptographic systems. The three main categories of cryptographic protocols are symmetric cryptographic algorithms, asymmetric cryptographic algorithms and hash functions.

Cryptographic algorithms are used to encrypt and decrypt data. These processes are involved in most of the data security protocols. Some common examples would be hard drive encryption, digital signatures, and authentication. The most used modern cryptographic algorithms are:

**Asymmetric cryptographic protocols**

**Elliptic curve cryptography ECC**– applicable for digital signatures, key agreement and pseudo-random generators.**Rivest, Shamir and Adleman RSA**– algorithm for encrypting and signing messages.**Diffie-Hellman****key exchange**– method that allows two parties to jointly agree on a shared secret using an insecure channel.

**Symmetric cryptographic protocols**

**Advanced Encryption Standard****AES**– secure and the most widely used algorithm in the modern IT industry.**Salsa20**– stream encryption protocol, produces an output of encrypted data with the same length as the input stream**RC5**– symmetric-key block cipher used for its simplicity, designed in 1994,*RC*stands for “Rivest Cipher” after the name of the creator**DES**– defined as insecure protocol since 1990s, can be brute-forced

**Hash functions**

**Secure Hash Function SHA**– new version (SHA-3) has efficient performance and good cryptographical strength**Whirlpool**– a 512-bit hash function based on a modified version of Advanced Encryption Standard AES**Message Digest (MD)**– used to be the most popular hash function, since 2004 defined as insecure

Secret key cryptography implies using one cryptographic key for both encryption and decryption. Therefore, the symmetric cryptographic key must be shared. Asymmetric cryptography algorithms are based on two cryptographic keys. Both encryption keys are paired and defined as public keys and private keys. There is no need to correspond private key to anybody: it’s used solely to decrypt data by the owner of the key. On the contrary, a public key can be shared freely.

When we use symmetric cryptography, the interception of a key can break the cryptographic system and let the third-party decrypt sent electronic data. Asymmetric cryptography carries no such risk since it uses public keys for encryption. With a private key, an attacker can only encrypt the messages or confirm the digital signatures. There is no way to decrypt messages or impersonate the signer without the private key.

To break security systems based on cryptographic techniques, attackers often use the vulnerabilities of specific implementations. It could be a defect of a software cryptographic library, or an exploit of an operating system.

But what other dangers are there?

In cryptography it’s generally accepted that a cryptographic algorithm is secure if it cannot be cracked without spending an enormous amount of time or computing power. However, the computing capabilities of modern computers are constantly evolving. Quantum computing is still something inaccessible to ordinary users and doesn’t go beyond laboratories. Nevertheless, scientists have already agreed that the computing power that quantum computers will have in upcoming decades is of major modern cryptography concern. This will force the cryptographic strength criteria for many existing algorithms to be reconsidered. Since 2016, scientists have been paying close attention to this potential security problem.

A sure way to improve your cryptographic security system is to follow the best practices. One of them is to focus on cryptographic key management and ensuring its security. As stressed many times in this article, cryptography is all about the keys. The best way to protect the keys is with a hardware security module – HSM. This tamper resistant device stores and manages your keys in a highly secure hardware environment. Moreover, the keys are stored in an encrypted form and cannot be extracted in cleartext without proper authorization even if someone has physical access to the module, making them practically impossible to steal. Besides storage, HSM takes care of the whole key lifecycle management, from secure key generation with a true random number generator, to key rotations and even the final disposal.

Cryptography enables millions of users to have digital services every day. Online security as we know it, is possible only thanks to cryptography. Compliance with data protection standards often requires the implementation of cryptographic technologies in the organization’s digital systems. Helenix has many years of experience in cryptographic systems and their implementation. You can view our cryptographic solutions in the Solutions section.

Cryptography enables protection of data during transmission and guaranties its integrity. All types of cryptographic algorithms are involved in data protection and are widely used in different network security systems.

Wherever it is important to ensure the protection of digital data. Especially in those industries where there is a lot of confidential information: banking, government, healthcare, etc.

The most secure method is called one-time pad encryption with a pre-shared key that is not smaller than the message being sent. It is important to have a true random generated key that is never reused for different messages.

In blockchain, cryptography is used to secure all transactions that take place between different nodes. Hashing is used to secure the block information and to link the blocks in the blockchain. In other words, all operations in blockchain are always cryptographically protected.