Cryptography definition
Cryptography is the art of keeping information secure by transforming it into form that unintended recipients cannot understand. In cryptography, an original human readable message, referred to as plaintext, is changed by means of an algorithm, or series of mathematical operations, into something that to an uninformed observer would look like gibberish; this gibberish is called ciphertext.
Cryptographic systems require some method for the intended recipient to be able to make use of the encrypted messageusually, though not always, by transforming the ciphertext back into plaintext.
Before we move into the meat of this article, let's define a couple terms related to cryptography. The syllable crypt may make you think of tombs, but it comes from a Greek word that means "hidden" or "secret." Cryptography literally means "secret writing." Cryptology, meanwhile, means something like "knowledge of secrecy"; if cryptography is the practice of writing secret messages, then cryptology is the theory, although the two words are often used interchangeably. Encryption"making secret"is what we call the process of turning plaintext into ciphertext Encryption is an important part of cryptography, but doesn't encompass the entire science. Its opposite is decryption.
One important aspect of the encryption process is that it almost always involves both an algorithm and a key. A key is just another piece of information, almost always a number, that specifies how the algorithm is applied to the plaintext in order to encrypt it. In a secure cryptographic system, even if you know the method by which some message is encrypted, it should be difficult or impossible to decrypt without that key. Keep algorithms and keys in your mind, because they'll be important as we move on.
This is all very abstract, and a good way to understand the specifics of what we're talking about is to look at one of the earliest known forms of cryptography. It's known as the Caesar cipher, because Julius Caesar used it for his confidential correspondence; as his biographer Suetonius described it, "if he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet ... If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others."
Suetonius's description can be broken down into the two cryptographic elements we've discussed, the algorithm and the key. The algorithm here is simple: each letter is replaced by another letter from later in the alphabet. The key is how many letters later in the alphabet you need to go to create your ciphertext. It's three in the version of the cipher Suetonius describes, but obviously other variations are possiblewith a key of four, A would become E, for instance.
A few things should be clear from this example. Encryption like this offers a fairly simple way to secretly send any message you like. Contrast that with a system of code phrases where, say, "Let's order pizza" means "I'm going to invade Gaul." To translate that sort of code, people at both ends of the communication chain would need a book of code phrases, and you'd have no way to encode new phrases you hadn't thought of in advance. With the Caesar cipher, you can encrypt any message you can think of. The tricky part is that everyone communicating needs to know the algorithm and the key in advance, though it's much easier to safely pass on and keep that information than it would be with a complex code book.
The Caesar cipher is what's known as a substitution cipher, because each letter is substituted with another one; other variations on this, then, would substitute letter blocks or whole words. For most of history, cryptography consisted of various substitution ciphers deployed to keep government and military communications secure. Medieval Arab mathematicians pushed the science forward, particularly the art of decryptiononce researchers realized that certain letters in a given language are more common than others, it becomes easier to recognize patterns, for instance. But most pre-modern encryption is incredibly simple by modern standards, for the obvious reason that, before the advent of computers, it was difficult to perform mathematical transformations quickly enough to make encryption or decryption worthwhile.
In fact, the development of computers and advances in cryptography went hand in hand. Charles Babbage, whose idea for the Difference Engine presaged modern computers, was also interested in cryptography. During World War II, the Germans used the electromechanical Enigma machine to encrypt messagesand, famously, Alan Turing led a team in Britain that developed a similar machine to break the code, in the process laying some of the groundwork for the first modern computers. Cryptography got radically more complex as computers became available, but it remained the province of spies and generals for several more decades.
Before we move on here to modern cryptography, let's pause to discuss two important principles that underlie it. The first is what's come to be known as Kerckhoffss principle, named after the 19th century Dutch cryptographer Auguste Kerckhoffs. Remember, as we said, any cryptographic system involves both an algorithm and a key. Kerckhoffs believed that "a cryptographic system should be secure even if everything about the system, except the key, is public knowledge."
Now, these were the days when cryptography had almost entirely military applications. The idea here is that, while it would be nice to keep your cryptographic system a secret, your opponent will almost certainly eventually figure it out. Claude Shannon, a World War II cryptographer who would go on to be a pioneer in information theory, put it more succinctly: "The enemy knows the system." What Kerckhoffs and Shannon are getting at is that you want to design an algorithm that doesn't need to be a secret in order to successfully conceal information.
That said, in today's world, the public nature of cryptographic algorithms is seen as something good in and of itself, rather than an unavoidable evil. Standard cryptographic algorithms have been widely studied and stress-tested, and trying to come up with your own private algorithms is doomed to failure as security through obscurity usually is.
What you do need to keep secret is your cryptographic key. We'll get to the mathematics of how that works in a moment, but for now, we'll touch on another cryptographic principle that makes that math possible: a reliance on one-way functions, mathematical operations that are very difficult to reverse. The classic example of a one-way function is the multiplication of two very large prime numbers together. While that calculation is simple to do, if you only had the end result, it would be very difficult, verging on impossible, to figure out the original two prime numbers. The question of whether any function can truly be one-way is debated by mathematicians, but many are irreversible in practice at the limits of our current computing power, so we'll leave that question aside as we move on.
It was the formation of the first computer networks that started civilians thinking about the importance of cryptography. Computers were talking to each other over the open network, not just via direct connections to one another; that sort of networking was transformative in many great ways, but also made it trivially easy to snoop on data traveling across the network. And with financial services being an early use case for computer communication, it was necessary to find a way to keep information secret.
IBM led the way in the late 1960s with an encryption method known as "Lucifer", which was eventually codified by the US National Bureau of Standards as the first Data Encryption Standard (DES). As the internet began to grow in importance, more and better encryption was needed, and today a significant portion of data flying around the world is encrypted using varying techniques that we'll discuss in more detail in a moment.
We've already discussed some of the specific applications of cryptography, from keeping military secrets to transmitting financial data safely across the internet. In the bigger picture, though, there are some broad cybersecurity goals that we use cryptography to help us achieve, as cybersecurity consultant Gary Kessler explains. Using cryptographic techniques, security pros can:
You may recognize some of these principles from variations of the CIA triad. The first of these uses is the obvious oneyou can keep data secret by encrypting it. The others take a bit of explanation, which we'll get into as we describe the different types of cryptography.
There are numerous cryptographic algorithms in use, but in general they can be broken into three categories: symmetric cryptography, asymmetric cryptography, and hash functions. Each has its own role to play within the cryptographic landscape.
Symmetric cryptography. The Caesar cipher we discussed above is a great example of symmetric cryptography. In the example we used, if encrypted messages were being exchanged between Caesar and one of his centurions, both parties would have to know the keyin this case, how many letters forward or backwards in the alphabet you need to move to transform plaintext to ciphertext or vice versa. That's what makes it symmetrical. But the key needs to stay a secret between the two of them, which is why this is sometimes also called secret key cryptography. You couldn't send the key along with the message, for instance, because if both fell into enemy hands the message would be easy for them to decipher, defeating the whole purpose of encrypting it in the first place. Caesar and his centurion would presumably have to discuss the key when they saw each other in person, though obviously this is less than ideal when wars are being fought over long distances.
Symmetric cryptography is widely used to keep data confidential. It can be very useful for keeping a local hard drive private, for instance; since the same user is generally encrypting and decrypting the protected data, sharing the secret key is not an issue. Symmetric cryptography can also be used to keep messages transmitted across the internet confidential; however, to successfully make this happen, you need to deploy our next form of cryptography in tandem with it.
Asymmetric cryptography. Caesar may have been able to confer with his centurions in person, but you don't want to go into your bank and talk to the teller just to learn what the private key is for encrypting your electronic communication with the bankthat would defeat the purpose of online banking. In general, in order to function securely, the internet needs a way for communicating parties to establish a secure communications channel while only talking to each other across an inherently insecure network. The way this works is via asymmetric cryptography, which is sometimes called public key cryptography.
In asymmetric cryptography, each participant has two keys. One is public and is sent to anyone the party wishes to communicate with. That's the key used to encrypt messages. But the other key is private, shared with nobody, and it's necessary to decrypt those messages. To use a metaphor: think of the public key as opening a slot on a mailbox just wide enough to drop a letter in. You give that key to anyone who you think might send you a letter so they can open the slot and deliver the envelope. The private key is what you use to open the mailbox so you can get the letters out.
The mathematics of how you can use one key to encrypt a message and another to decrypt it are where the idea of one-way functions that we discussed above come into play: the two keys should be related to each other mathematically such that it's easy to derive the public key from the private key but not vice versa. For instance, the private key might be those two very large prime numbers, which you'd multiply together to get the public key. The Infosec Institute has a deep dive if you're interested.
The computations needed for asymmetric cryptography are much more complex and resource intensive that those behind symmetric infrastructure. Fortunately, you don't need to use it to protect every message you send online. Instead, what usually happens is that one party will use symmetric cryptography to encrypt a message containing yet another cryptographic key. This key, having been safely transmitted across the insecure internet, will then become the private key that encodes a much longer communications session encrypted via symmetric encryption.
See the rest here:
What is cryptography? How algorithms keep information secret and ... - CSO
- Nexus Of Mathematics, Cryptography, Blockchain Will Redefine Technological Innovation Expert - New Telegraph Newspaper - May 15th, 2024
- What is the purpose of post-quantum cryptography? - Security Boulevard - March 21st, 2024
- Quantum Computing and Networking Poised to Revolutionize Cryptography - BroadbandBreakfast.com - March 21st, 2024
- TM Technologies and Quantum Resistant Cryptography Team Up to Increase Speed and Security of 5G/6G, Satellite ... - Yahoo Finance UK - March 5th, 2024
- Cryptology | Definition, Examples, History, & Facts | Britannica - February 1st, 2024
- What Is Moore's Law, And How Does It Impact Cryptography? - Blockchain Magazine - January 24th, 2024
- Cryptography 101: Key Principles, Major Types, Use Cases ... - Splunk - December 11th, 2023
- Federal agencies take 'most important' first step with inventorying cryptography ahead of quantum migration, OMB ... - FedScoop - December 11th, 2023
- What is Cryptography? - Cryptography Explained - AWS - January 30th, 2023
- What is Cryptography? Definition, Importance, Types | Fortinet - January 22nd, 2023
- What is Cryptography? Definition from SearchSecurity - January 22nd, 2023
- System.Security.Cryptography.CryptographicException: The payload was ... - December 28th, 2022
- NIST Action Will Heat Up Post-Quantum Cryptography Market: Report - TechNewsWorld - December 12th, 2022
- Global Encryption Day: Why quantum-safe cryptography is the future of cybersecurity - World Economic Forum - October 23rd, 2022
- Post-Quantum Cryptography: Anticipating Threats and Preparing the Future - ENISA - October 23rd, 2022
- Cracking the code of cryptography and life The Irish Times - The Irish Times - October 15th, 2022
- Dutch influence standards for post-quantum cryptography - ComputerWeekly.com - October 15th, 2022
- Castle Shield Holdings, LLC Updates the Post-Quantum Cryptography (PQC) Algorithms for Its Data-in-Motion Aeolus VPN Solution - Business Wire - October 15th, 2022
- Yale increases investment in blockchain research - Yale Daily News - October 15th, 2022
- OPPO joins the FIDO Alliance, accelerating the arrival of a new era of passwordless sign-ins - Yahoo Finance - October 15th, 2022
- It's Time To Trust Crypto. Here's Why. - Entrepreneur - October 15th, 2022
- Algorand (ALGO) on its journey to breach the $0.4 mark! - CryptoNewsZ - October 15th, 2022
- Crypto Hackers Gross Over $3 Billion From 125 Hacks so Far This Year Featured Bitcoin News - Bitcoin News - October 15th, 2022
- Bitt and IDEMIA: Winners of the G20 Central Bank Digital Currency TechSprint 2022 - Yahoo Finance - October 15th, 2022
- White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets - Lexology - October 15th, 2022
- The Web3 Foundation taps edX for free courses on blockchain and Polkadot - Cointelegraph - October 15th, 2022
- CoinGeek Weekly Livestream: Jad Wahab and Marcin Zarakowski discuss honest nodes and their role in Bitcoin - CoinGeek - October 15th, 2022
- What Is Cryptography? Definition & How It Works | Okta - October 7th, 2022
- What Is Cryptography in Cyber Security: Types, Examples & More - October 7th, 2022
- Decentralized Identifiers (DIDs) is Officially an Internet Standard, Says The World Wide Web Consortium (W3C) - bitcoinke.io - October 7th, 2022
- Cloudflares post-quantum cryptography protects almost a fifth of the internet - VentureBeat - October 7th, 2022
- Nobel Prize in Physics goes to scientists who paved the way for quantum computing - Space.com - October 7th, 2022
- The 2nd Annual Encryption Consulting Conference is Back! - PR Newswire - October 7th, 2022
- Quantum Computing And The Threat Posed To Bitcoin - The Dales Report - October 7th, 2022
- Cryptocurrency users with gambling affinity are more involved mentally and financially than non-gambling users - PsyPost - October 7th, 2022
- Cardano (ADA) and Algorand (ALGO) Are Two Blockchains To Watch Next Bull Cycle, Says Coin Bureau Here?... - The Daily Hodl - October 7th, 2022
- The Guardian view on the Rosetta Stone: a monument to code-breaking - The Guardian - October 7th, 2022
- Still think everything is awful? Here are three reasons for hope - Colorado Newsline - October 7th, 2022
- Sleep Disorders And Quantum Cryptography Win Big At The Breakthrough Prizes 2023 - IFLScience - September 29th, 2022
- Lecturer in Cryptography job with KINGS COLLEGE LONDON | 310005 - Times Higher Education - September 29th, 2022
- Microsoft venture fund M12 invests millions in advancing cryptography and 'smart contracts' - OnMSFT.com - September 29th, 2022
- Sectigo's Chief Strategy Officer and CISO Advisor David Mahdi Accepted To Fast Company Executive Board - StreetInsider.com - September 29th, 2022
- Fundamental Cryptography in Theory and Python - iProgrammer - September 21st, 2022
- Web Crypto API - Web APIs | MDN - Mozilla - September 21st, 2022
- Cryptomathic appoints Laurent Lafargue as CEO of the pioneer in cryptography - FinanceFeeds - September 21st, 2022
- Blockchain and POW are the leading technology behind Bitcoin. - Deadline News - September 21st, 2022
- NTT Research Names Takashi Goto Head of the Technology Promotion Team - Business Wire - September 21st, 2022
- Investigating the Use of Blockchain to Authenticate Data from the Statistics Canada Website - Statistique Canada - September 21st, 2022
- 6 Technological Innovations in the New York Sports Betting Industry - Qrius - September 21st, 2022
- EMVCo reports on the future of contactless payments - NFC World - September 13th, 2022
- Quantum eMotion to Present at the H.C. Wainwright 24th Annual Global Investment Conference in New York - Digital Journal - September 13th, 2022
- The emerging role of cybersecurity in the automotive sector - The Financial Express - September 13th, 2022
- Jack Dorseys Web5 is a solution to a problem thats already been solved - VentureBeat - September 5th, 2022
- What is Cryptography in security? What are the different types of ... - September 5th, 2022
- RKVST Launches RKVST Free and RKVST Team SaaS Supply Chain Integrity, Transparency and Trust Solution - Business Wire - September 5th, 2022
- The United States Is Behind the Curve on Blockchain - War on the Rocks - September 5th, 2022
- $3.7 Billion Worldwide Blockchain in Retail Industry to 2027 - Featuring Cognizant, Infosys and Oracle Among Others - ResearchAndMarkets.com -... - September 5th, 2022
- Research Fellow in Applied Cryptography And Data Security job with UNIVERSITY OF SURREY | 306274 - Times Higher Education - August 28th, 2022
- ASPG, Inc. Announces Release of CryptoZ, Innovative New z/OS Cryptography Reporting and Administration Sy - Benzinga - August 28th, 2022
- UN: monitoring the use of cryptography can make the Internet safer - The Cryptonomist - August 20th, 2022
- Keyfactor Named to the 2022 Inc. 5000 List for Third Consecutive Year and Recognized as the Fastest Growing PKI and Cryptography Leader in America -... - August 20th, 2022
- Cryptography 101: Giving a framework to the brimming blockchain businesses of India - Times of India - August 20th, 2022
- Godfather of Crypto expresses concerns over current state of blockchain privacy - CryptoSlate - August 20th, 2022
- Nine Benefits of FIDO Authentication | HYPR - Security Boulevard - August 20th, 2022
- Now That Authorities Have Sanctioned Tornado Cash, Is Bitcoin Next? - Bitcoin Magazine - August 20th, 2022
- Meet the world's first carbon-negative blockchain - wknd. - August 20th, 2022
- 'FutureFi': Crypto is transforming the green finance universe | Greenbiz - GreenBiz - August 20th, 2022
- Philippine Regulator Warns the Public of Engaging With Foreign Crypto Service Providers Regulation Bitcoin News - Bitcoin News - August 20th, 2022
- What Is Cryptography: Definition and Common Cryptography Techniques - August 12th, 2022
- What is Cryptography? Types of Algorithms & How Does It Work? - August 12th, 2022
- What is Cryptography? - Kaspersky - August 12th, 2022
- Former Google CEO: Bitcoin is a remarkable achievement of cryptography - The Cryptonomist - August 12th, 2022
- Protect your privacy with cybersecurity and cryptography - Geeky Gadgets - August 12th, 2022
- Saving Private Keys From The Courts - Bitcoin Magazine - August 12th, 2022
- NTT Research and NTT Corporation Engage in Breakthrough Research at Crypto 2022 - Business Wire - August 12th, 2022
- Can WhatsApp messages be secure and encryptedbut traceable at the same time? - EurekAlert - August 12th, 2022
- Why 2023 is the year of passwordless authentication - TechTarget - August 12th, 2022
- Sony unveils a new way to protect images from theft, manipulation - Popular Photography - August 12th, 2022
- Cameron Whitehead wins again, taking top honors in the CyberForce Program's Conquer the Hill Reign Edition Competition - EurekAlert - August 12th, 2022
- Criminals steal $4 million from Solana as theft trend hits its crypto blockchain - SC Media - August 12th, 2022